summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjim-p <jimp@pfsense.org>2010-08-13 09:32:19 -0400
committerjim-p <jimp@pfsense.org>2010-08-13 09:33:36 -0400
commit5f25bfea6de50b8b0ebb03e41eb343d61940303b (patch)
treea02ea52143acfb86986aaa4711f68a9ab41876c7
parent7e2ca7b5db8acc92ba875b36fdf38cfe61743351 (diff)
downloadpfsense-5f25bfea6de50b8b0ebb03e41eb343d61940303b.zip
pfsense-5f25bfea6de50b8b0ebb03e41eb343d61940303b.tar.gz
Don't allow a user-entered PPTP password to start with !, this will cause mpd to attempt an external auth program.
-rwxr-xr-xusr/local/www/vpn_pptp_users_edit.php3
1 files changed, 3 insertions, 0 deletions
diff --git a/usr/local/www/vpn_pptp_users_edit.php b/usr/local/www/vpn_pptp_users_edit.php
index 9494c76..f159931 100755
--- a/usr/local/www/vpn_pptp_users_edit.php
+++ b/usr/local/www/vpn_pptp_users_edit.php
@@ -87,6 +87,9 @@ if ($_POST) {
if (preg_match("/[[:cntrl:]\"]/", $_POST['password']))
$input_errors[] = gettext("The password contains invalid characters.");
+ if (preg_match("/^!/", $_POST['password']))
+ $input_errors[] = gettext("The password cannot start with '!'.");
+
if (($_POST['password']) && ($_POST['password'] != $_POST['password2'])) {
$input_errors[] = gettext("The passwords do not match.");
}
OpenPOWER on IntegriCloud