Merge remote-tracking branch 'origin/fix/1062-allow_special_chars' into staging/fixes

Kristan Kenney · Kristan Kenney · commit dbfa4e93f903 · 2020-08-11T17:09:37.000-03:00
diff --git a/README.md b/README.md
@@ -2,7 +2,7 @@
 
 [Hestia Control Panel](https://www.hestiacp.com/)
 ==================================================
-**Latest stable release:** Version 1.2.1 | [View Changelog](https://github.com/hestiacp/hestiacp/blob/release/CHANGELOG.md)<br>
+**Latest stable release:** Version 1.2.2 | [View Changelog](https://github.com/hestiacp/hestiacp/blob/release/CHANGELOG.md)<br>
 
 **Web:** [www.hestiacp.com](https://www.hestiacp.com/)<br>
 **Documentation:** [docs.hestiacp.com](https://docs.hestiacp.com/)<br>
diff --git a/web/add/db/index.php b/web/add/db/index.php
@@ -42,7 +42,7 @@
 
     // Check password length
     if (empty($_SESSION['error_msg'])) {
-        if (!preg_match('/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[a-zA-Z\d]{8,}$/', $_POST['v_password'])) { $_SESSION['error_msg'] = __('Password does not match the minimum requirements'); }
+         if (!validate_password($_POST['v_password'])) { $_SESSION['error_msg'] = __('Password does not match the minimum requirements');}
     }
 
     // Protect input
diff --git a/web/add/mail/index.php b/web/add/mail/index.php
@@ -123,7 +123,7 @@
     
     // Check password length
     if (empty($_SESSION['error_msg']) && !empty($_POST['v_fwd_only']) ) {
-        if (!preg_match('/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[a-zA-Z\d]{8,}$/', $_POST['v_password'])) { $_SESSION['error_msg'] = __('Password does not match the minimum requirements'); }
+        if (!validate_password($_POST['v_password'])) { $_SESSION['error_msg'] = __('Password does not match the minimum requirements');}
     }
 
     // Protect input
diff --git a/web/add/user/index.php b/web/add/user/index.php
@@ -45,7 +45,7 @@
 
     // Check password length
     if (empty($_SESSION['error_msg'])) {
-        if (!preg_match('/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[a-zA-Z\d]{8,}$/', $_POST['v_password'])) { $_SESSION['error_msg'] = __('Password does not match the minimum requirements'); }
+        if (!validate_password($_POST['v_password'])) { $_SESSION['error_msg'] = __('Password does not match the minimum requirements'); }
     }
 
     // Protect input
diff --git a/web/edit/db/index.php b/web/edit/db/index.php
@@ -63,8 +63,8 @@
 
     // Change database password
     if ((!empty($_POST['v_password'])) && (empty($_SESSION['error_msg']))) {
-        if (!preg_match('/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[a-zA-Z\d]{8,}$/', $_POST['v_password'])) { 
-            $_SESSION['error_msg'] = __('Password does not match the minimum requirements'); 
+        if (!validate_password($_POST['v_password'])) { 
+             $_SESSION['error_msg'] = __('Password does not match the minimum requirements');
         }else{ 
             $v_password = tempnam("/tmp","vst");
             $fp = fopen($v_password, "w");
diff --git a/web/edit/mail/index.php b/web/edit/mail/index.php
@@ -398,8 +398,8 @@
 
     // Change password
     if ((!empty($_POST['v_password'])) && (empty($_SESSION['error_msg']))) {
-        if (!preg_match('/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[a-zA-Z\d]{8,}$/', $_POST['v_password'])) { 
-            $_SESSION['error_msg'] = __('Password does not match the minimum requirements'); 
+        if (!validate_password($_POST['v_password'])) { 
+            $_SESSION['error_msg'] = __('Password does not match the minimum requirements');
         }else{         
             $v_password = tempnam("/tmp","vst");
             $fp = fopen($v_password, "w");
diff --git a/web/edit/user/index.php b/web/edit/user/index.php
@@ -100,7 +100,9 @@
     if ((!empty($_POST['v_password'])) && (empty($_SESSION['error_msg']))) {
         // Check password length
         $pw_len = strlen($_POST['v_password']);
-        if (!preg_match('/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[a-zA-Z\d]{8,}$/', $_POST['v_password'])) { $_SESSION['error_msg'] = __('Password does not match the minimum requirements'); }
+        if (!validate_password($_POST['v_password'])) { 
+            $_SESSION['error_msg'] = __('Password does not match the minimum requirements');
+        } 
         if (empty($_SESSION['error_msg'])) {
             $v_password = tempnam("/tmp","vst");
             $fp = fopen($v_password, "w");
diff --git a/web/inc/main.php b/web/inc/main.php
@@ -385,3 +385,11 @@ function backendtpl_with_webdomains() {
     }
     return $backend_list;
 }
+/**
+ * Check if password is valid
+ *
+ * @return int; 1 / 0
+ */
+function validate_password($password){
+    return preg_match('/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(.){8,}$/', $password);
+}

Original file line number	Diff line number	Diff line change
`@@ -42,7 +42,7 @@`
`42`	`42`
`43`	`43`	`// Check password length`
`44`	`44`	`if (empty($_SESSION['error_msg'])) {`
`45`		`- if (!preg_match('/^(?=.[a-z])(?=.[A-Z])(?=.*\d)[a-zA-Z\d]{8,}$/', $_POST['v_password'])) { $_SESSION['error_msg'] = __('Password does not match the minimum requirements'); }`
	`45`	`+ if (!validate_password($_POST['v_password'])) { $_SESSION['error_msg'] = __('Password does not match the minimum requirements');}`
`46`	`46`	`}`
`47`	`47`
`48`	`48`	`// Protect input`
Original file line number	Diff line number	Diff line change
`@@ -123,7 +123,7 @@`
`123`	`123`
`124`	`124`	`// Check password length`
`125`	`125`	`if (empty($_SESSION['error_msg']) && !empty($_POST['v_fwd_only']) ) {`
`126`		`- if (!preg_match('/^(?=.[a-z])(?=.[A-Z])(?=.*\d)[a-zA-Z\d]{8,}$/', $_POST['v_password'])) { $_SESSION['error_msg'] = __('Password does not match the minimum requirements'); }`
	`126`	`+ if (!validate_password($_POST['v_password'])) { $_SESSION['error_msg'] = __('Password does not match the minimum requirements');}`
`127`	`127`	`}`
`128`	`128`
`129`	`129`	`// Protect input`
Original file line number	Diff line number	Diff line change
`@@ -45,7 +45,7 @@`
`45`	`45`
`46`	`46`	`// Check password length`
`47`	`47`	`if (empty($_SESSION['error_msg'])) {`
`48`		`- if (!preg_match('/^(?=.[a-z])(?=.[A-Z])(?=.*\d)[a-zA-Z\d]{8,}$/', $_POST['v_password'])) { $_SESSION['error_msg'] = __('Password does not match the minimum requirements'); }`
	`48`	`+ if (!validate_password($_POST['v_password'])) { $_SESSION['error_msg'] = __('Password does not match the minimum requirements'); }`
`49`	`49`	`}`
`50`	`50`
`51`	`51`	`// Protect input`
Original file line number	Diff line number	Diff line change
`@@ -385,3 +385,11 @@ function backendtpl_with_webdomains() {`
`385`	`385`	`}`
`386`	`386`	`return $backend_list;`
`387`	`387`	`}`
	`388`	`+/**`
	`389`	`+ * Check if password is valid`
	`390`	`+ *`
	`391`	`+ * @return int; 1 / 0`
	`392`	`+ */`
	`393`	`+function validate_password($password){`
	`394`	`+ return preg_match('/^(?=.[a-z])(?=.[A-Z])(?=.*\d)(.){8,}$/', $password);`
	`395`	`+}`