From b3cd5a649be62f175de651a16ae02c5f709ca2f4 Mon Sep 17 00:00:00 2001 From: Nathaniel Guse Date: Mon, 3 Sep 2012 13:32:33 -0500 Subject: [ticket/8713] Do not trim login inputs Create a function to request variables which are not trimmed. All requests for passwords (except forum passwords) now use the untrimmed request function. PHPBB3-8713 --- phpBB/includes/acp/acp_users.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'phpBB/includes/acp/acp_users.php') diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index b54257b04a..b9958ed0f1 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -32,7 +32,7 @@ class acp_users { global $config, $db, $user, $auth, $template, $cache; global $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix, $file_uploads; - global $phpbb_dispatcher; + global $phpbb_dispatcher, $request; $user->add_lang(array('posting', 'ucp', 'acp/users')); $this->tpl_name = 'acp_users'; @@ -770,8 +770,8 @@ class acp_users 'username' => utf8_normalize_nfc(request_var('user', $user_row['username'], true)), 'user_founder' => request_var('user_founder', ($user_row['user_type'] == USER_FOUNDER) ? 1 : 0), 'email' => strtolower(request_var('user_email', $user_row['user_email'])), - 'new_password' => request_var('new_password', '', true), - 'password_confirm' => request_var('password_confirm', '', true), + 'new_password' => $request->untrimed_variable('new_password', '', true), + 'password_confirm' => $request->untrimed_variable('password_confirm', '', true), ); // Validation data - we do not check the password complexity setting here -- cgit v1.2.1 From f2607fc9e80c6f9ad7543b7be5ea6f294aa6c40a Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Sat, 8 Sep 2012 14:15:56 +0200 Subject: [ticket/8713] Rename untrimed_variable() to untrimmed_variable(). PHPBB3-8713 --- phpBB/includes/acp/acp_users.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'phpBB/includes/acp/acp_users.php') diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index b9958ed0f1..2905b84d57 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -770,8 +770,8 @@ class acp_users 'username' => utf8_normalize_nfc(request_var('user', $user_row['username'], true)), 'user_founder' => request_var('user_founder', ($user_row['user_type'] == USER_FOUNDER) ? 1 : 0), 'email' => strtolower(request_var('user_email', $user_row['user_email'])), - 'new_password' => $request->untrimed_variable('new_password', '', true), - 'password_confirm' => $request->untrimed_variable('password_confirm', '', true), + 'new_password' => $request->untrimmed_variable('new_password', '', true), + 'password_confirm' => $request->untrimmed_variable('password_confirm', '', true), ); // Validation data - we do not check the password complexity setting here -- cgit v1.2.1 From 73a75fc3d387f8d923186c5c04b1ca7bc6cda4ef Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Sat, 8 Sep 2012 15:02:06 +0200 Subject: [ticket/8713] Revert changes to ucp_profile, ucp_register and acp_users. Currently only auth_db is supported there and the password needs to be trimmed for compatibility because user_password stores phpbb_hash(htmlspecialchars(trim($password))) Setting passwords for other auth modules is currently not supported. Once setting/changing passwords is supported by auth plugins, the untrimmed_variable() should be used here and the result should be passed to the auth plugin. PHPBB3-8713 --- phpBB/includes/acp/acp_users.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'phpBB/includes/acp/acp_users.php') diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index 2905b84d57..985a12d9ce 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -770,8 +770,8 @@ class acp_users 'username' => utf8_normalize_nfc(request_var('user', $user_row['username'], true)), 'user_founder' => request_var('user_founder', ($user_row['user_type'] == USER_FOUNDER) ? 1 : 0), 'email' => strtolower(request_var('user_email', $user_row['user_email'])), - 'new_password' => $request->untrimmed_variable('new_password', '', true), - 'password_confirm' => $request->untrimmed_variable('password_confirm', '', true), + 'new_password' => $request->variable('new_password', '', true), + 'password_confirm' => $request->variable('password_confirm', '', true), ); // Validation data - we do not check the password complexity setting here -- cgit v1.2.1 From ceb5a40eecbc60577ce0735254a4a189d719302e Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Sat, 25 Aug 2012 14:53:21 +0200 Subject: [ticket/11023] Fix additional whitespaces that were added by PHPBB3-10968 PHPBB3-11023 --- phpBB/includes/acp/acp_users.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'phpBB/includes/acp/acp_users.php') diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index 985a12d9ce..82d8ef5cbb 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -1159,7 +1159,7 @@ class acp_users $base_url = $this->u_action . "&u=$user_id&$u_sort_param"; phpbb_generate_template_pagination($template, $base_url, 'pagination', 'start', $log_count, $config['topics_per_page'], $start); - + $template->assign_vars(array( 'S_FEEDBACK' => true, 'S_ON_PAGE' => phpbb_on_page($template, $user, $base_url, $log_count, $config['topics_per_page'], $start), @@ -2075,7 +2075,7 @@ class acp_users $base_url = $this->u_action . "&u=$user_id&sk=$sort_key&sd=$sort_dir"; phpbb_generate_template_pagination($template, $base_url, 'pagination', 'start', $num_attachments, $config['topics_per_page'], $start); - + $template->assign_vars(array( 'S_ATTACHMENTS' => true, 'S_ON_PAGE' => phpbb_on_page($template, $user, $base_url, $num_attachments, $config['topics_per_page'], $start), -- cgit v1.2.1