From: Tim Düsterhus Date: Sun, 15 Jan 2012 14:15:52 +0000 (+0100) Subject: MasterPasswordInitForm: Check whether password equals username X-Git-Tag: 2.0.0_Beta_1~1425^2~9^2 X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=b22d0679602ae5ad26a5471527c68dc51bdb635e;p=GitHub%2FWoltLab%2FWCF.git MasterPasswordInitForm: Check whether password equals username --- diff --git a/wcfsetup/install/files/lib/acp/form/MasterPasswordInitForm.class.php b/wcfsetup/install/files/lib/acp/form/MasterPasswordInitForm.class.php index 9f1445420b..04d9186fe6 100755 --- a/wcfsetup/install/files/lib/acp/form/MasterPasswordInitForm.class.php +++ b/wcfsetup/install/files/lib/acp/form/MasterPasswordInitForm.class.php @@ -1,5 +1,6 @@ masterPassword)) { + if (!Regex::compile('\d')->match($this->masterPassword)) { throw new UserInputException('masterPassword', 'notSecure'); } // latin characters (lower-case) - if (!preg_match('![a-z]+!', $this->masterPassword)) { + if (!Regex::compile('[a-z]')->match($this->masterPassword)) { throw new UserInputException('masterPassword', 'notSecure'); } // latin characters (upper-case) - if (!preg_match('![A-Z]+!', $this->masterPassword)) { + if (!Regex::compile('[A-Z]')->match($this->masterPassword)) { throw new UserInputException('masterPassword', 'notSecure'); } // special characters - if (!preg_match('![^A-Za-z0-9]+!', $this->masterPassword)) { + if (!Regex::compile('[^0-9a-zA-Z]')->match($this->masterPassword)) { + throw new UserInputException('masterPassword', 'notSecure'); + } + + // password equals username + if ($this->masterPassword == WCF::getUser()->username) { throw new UserInputException('masterPassword', 'notSecure'); }