lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix #12041 - Generate password

Browse Source 
Secure the generate password method "perso".
Now the system checks the minimum possible value. If the value entered
is lower then the system will never trigger the update.

Since the update is done through GET parameters, I also added a check
backend wise. This checks should never be triggered nor in error.

[see: #12041]
This commit is contained in:
Laurent De Coninck 2019-10-04 18:13:00 +02:00
parent 0b9d27423d
commit c8fb81710f
1 changed files with 25 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
htdocs/admin/security.php
View File

@ -170,9 +170,23 @@ elseif ($action == 'disable_MAIN_SECURITY_DISABLEFORGETPASSLINK')
if ($action == 'maj_pattern')
{
dolibarr_set_const($db, "USER_PASSWORD_PATTERN", GETPOST("pattern"), 'chaine', 0, '', $conf->entity);
header("Location: security.php");
exit;
$pattern = GETPOST("pattern");
$explodePattern = explode(';',$pattern);
$patternInError = false;
if($explodePattern[0] < 1 || $explodePattern[4] < 1){
$patternInError = true;
}
if($explodePattern[0] < $explodePattern[1] + $explodePattern[2] + $explodePattern[3]){
$patternInError = true;
}
if(!$patternInError){
dolibarr_set_const($db, "USER_PASSWORD_PATTERN", $pattern, 'chaine', 0, '', $conf->entity);
header("Location: security.php");
exit;
}
}
@ -278,13 +292,6 @@ if ($conf->global->USER_PASSWORD_GENERATED == "Perso"){
$tabConf = explode(";", $conf->global->USER_PASSWORD_PATTERN);
/*$this->length2 = $tabConf[0];
$this->NbMaj = $tabConf[1];
$this->NbNum = $tabConf[2];
$this->NbSpe = $tabConf[3];
$this->NbRepeat = $tabConf[4];
$this->WithoutAmbi = $tabConf[5];
*/
print '<br>';
print '<table class="noborder" width="100%">';
print '<tr class="liste_titre">';
@ -318,7 +325,7 @@ if ($conf->global->USER_PASSWORD_GENERATED == "Perso"){
print '<tr class="oddeven">';
print '<td>' . $langs->trans("NbIteConsecutive")."</td>";
print '<td colspan="2"><input type="number" value="'.$tabConf[4].'" id="NbIteConsecutive" min="0"></td>';
print '<td colspan="2"><input type="number" value="'.$tabConf[4].'" id="NbIteConsecutive" min="1"></td>';
print '</tr>';
@ -350,6 +357,13 @@ if ($conf->global->USER_PASSWORD_GENERATED == "Perso"){
print ' }';
print ' function valuePossible(){';
print ' var fields = ["#minlenght", "#NbMajMin", "#NbNumMin", "#NbSpeMin", "#NbIteConsecutive"];';
print ' for(var i = 0 ; i < fields.length ; i++){';
print ' if($(fields[i]).val() < $(fields[i]).attr("min")){';
print ' return false;';
print ' }';
print ' }';
print ' ';
print ' var length = parseInt($("#minlenght").val());';
print ' var length_mini = parseInt($("#NbMajMin").val()) + parseInt($("#NbNumMin").val()) + parseInt($("#NbSpeMin").val());';
print ' return length >= length_mini;';