diff options
| author | jim-p <jimp@pfsense.org> | 2011-07-27 12:49:55 -0400 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2011-07-27 12:54:12 -0400 |
| commit | 4cf82d52943b00c2710b7867387230a0e58225be (patch) | |
| tree | 08cecd622da877cd153f160eb17f29fa832cc605 /usr | |
| parent | 9140006bc3cc940ce1280b41d2919151335aa2d3 (diff) | |
| download | pfsense-4cf82d52943b00c2710b7867387230a0e58225be.zip pfsense-4cf82d52943b00c2710b7867387230a0e58225be.tar.gz | |
Relax PPTP password restrictions, just prevent starting with a !, and limit to common printable/keyboard characters so it doesn't result in invalid xml. Fixes #1720
Diffstat (limited to 'usr')
| -rwxr-xr-x | usr/local/www/vpn_pptp_users_edit.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/usr/local/www/vpn_pptp_users_edit.php b/usr/local/www/vpn_pptp_users_edit.php index b1b4811..7ddf348 100755 --- a/usr/local/www/vpn_pptp_users_edit.php +++ b/usr/local/www/vpn_pptp_users_edit.php @@ -84,12 +84,12 @@ if ($_POST) { if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['username'])) $input_errors[] = gettext("The username contains invalid characters."); - if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['password'])) - $input_errors[] = gettext("The password contains invalid characters."); - if (preg_match("/^!/", $_POST['password'])) $input_errors[] = gettext("The password cannot start with '!'."); + if (!preg_match("/^[\x20-\x7E]*$/", $_POST['password'])) + $input_errors[] = gettext("The password contains invalid characters."); + if (($_POST['password']) && ($_POST['password'] != $_POST['password2'])) { $input_errors[] = gettext("The passwords do not match."); } |
