#3445 "Perl regexp to check password" possible bug

All
closed-works-for-me
5
2009-07-13
2009-07-12
No

in "/useradmin/user-lib.pl", sub check_password_restrictions, line 1516:

...
local $re = $config{'passwd_re'};
return &text('usave_epasswd_re', $re)
if ($re && !eval { $_[0] =~ /^$re$/ });
...

but I think it should be:

...
local $re = $config{'passwd_re'};
return &text('usave_epasswd_re', $re)
if ($re && !eval { $_[0] =~ /$re/ }); <---- I delete de ^ (string start with) and the last $ (string finish)
...

Because the expression $_[0] =~ /^$re$/ force the password to be exactly the same as the perl regexp

Discussion

  • Jamie Cameron

    Jamie Cameron - 2009-07-13

    Actually, that is intentional .. it lets you create regexps that match the whole string. If you want to match a sub-string, you should enter the regexp like :

    .*foo.*

     
  • Jamie Cameron

    Jamie Cameron - 2009-07-13
    • status: open --> closed-works-for-me
     
  • Christian Pradelli

    But this is not documented and is very confuse for users, because the only example I found, says to use [0-9] for require a number in the password, but if you put that in the regexpr it doesn't work.

     
  • Jamie Cameron

    Jamie Cameron - 2009-07-13

    I will add documentation to that config option to make it clearer..

     

Log in to post a comment.