The following warnings occurred:
Warning [2] Undefined variable $unreadreports - Line: 26 - File: global.php(961) : eval()'d code PHP 8.2.25 (Linux)
File Line Function
/global.php(961) : eval()'d code 26 errorHandler->error
/global.php 961 eval
/showthread.php 28 require_once





× This forum is read only. As of July 23, 2019, the UserSpice forums have been closed. To receive support, please join our Discord by clicking here. Thank you!

  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
< in Passwords
#1
Hello!

I have found out that
Code:
<
special character in the password fields on the registration form does not work...thoughts? I haven't tried
Code:
>
but need this fixed ASAP for a user.

Thank you!
  Reply
#2
Hey Brandin, I think I have the answer (I've been unable to post for several days, sorry for a late reply!). The password that is sent to the validation script in login.php has been sanitized by Input::get(), which in turn calls Input:Confusedanitize and calls htmlentities. The < has been converted to < in the password string.

This is the offending line in login.php:
Code:
$login = $user->loginEmail(Input::get('username'), trim(Input::get('password')), $remember);

To get around this with minimal code changes, you could modify the Input class call to this:
Code:
public static function get($item, $bypassSanitize = false) {

and later in the function when sanitizing the get/post arrays or single items, run an if ($bypassSanitize === true) before the sanitizing code. Then, in login.php you'd simply change the line to this:
Code:
$login = $user->loginEmail(Input::get('username'), trim(Input::get('password', true)), $remember);
  Reply
#3
Thank you @Karen, I will play with this and let you know the result!
  Reply
#4
Yep. I totally forgot about that.
  Reply
#5
@Karsen / @Mudmin

Where should I be running the
Code:
if ($bypassSanitize === true)
and should I be putting anything in the if statement or no? Sorry trying to catch this but I'm not.

Thank you!
  Reply
#6
Sorry, I knew I should have pasted all the code! I also saw a flaw in the logic I gave you. I've modified my own class though so I've gone back to the original US version; it'll be untested but should hopefully work without errors:

Code:
public static function get($item, $bypassSanitize = false){
Code:
if (isset($_POST[$item])) {
Code:
/*
Code:
If the $_POST item is an array, process each item independently, and return array of sanitized items.
Code:
*/
Code:
if (is_array($_POST[$item])){
Code:
$postItems=array();
Code:
foreach ($_POST[$item] as $postItem){
Code:
if (!$bypassSanitize) $postItem = self::sanitize($postItem);
Code:
$postItems[] = $postItem;
Code:
}
Code:
return $postItems;
Code:
}else{
Code:
if (!$bypassSanitize) $postItem = self::sanitize($_POST[$item]);
Code:
return $postItem;
Code:
}
Code:
} elseif(isset($_GET[$item])){
Code:
/*
Code:
If the $_GET item is an array, process each item independently, and return array of sanitized items.
Code:
*/
Code:
if (is_array($_GET[$item])){
Code:
$getItems=array();
Code:
foreach ($_GET[$item] as $getItem){
Code:
if (!$bypassSanitize) $getItem = self::sanitize($getItem);
Code:
$getItems[] = $getItem;
Code:
}
Code:
return $getItems;
Code:
}else{
Code:
if (!$bypassSanitize) $getItem = self::sanitize($_GET[$item]);
Code:
return $getItem;
Code:
}
Code:
}
Code:
return '';
Code:
}
  Reply
#7
Hey guys,

So I went ahead and got into the process of deploying this and I left out one big thing: I noticed this on join.php - not login.php.

Although I am sure this will work with login.php - I can't even get my users registered if they want to put a < in their password because it fails on the registration form.

Where do I modify the code on this? I'm not finding any trim sadly Sad

It's saying the two passwords are not matching - so I am really not sure where the offense is coming.

Thank you!
  Reply
#8
Ah, I see in your original post that you said registration, not login! Apologies for that, I lost you some time.

The reason the passwords don't match is because in the "matches" validation rule, the ingoing value ($_POST['confirm']) is sanitized while the value it matches ($_POST['password']) is not. Change this line in 'classes/Validation/php' (at or around line 54):

Code:
case 'matches':
Code:
if ($value != $source[$rule_value]) {
to:
Code:
case 'matches':
Code:
if ($value != sanitize($source[$rule_value])) {

Also, don't forget to bypass sanitizing of the password you send to the User->create() method on join.php line 182, using the modification we made to the Input class before:
Code:
password_hash(Input::get('password'), PASSWORD_BCRYPT, array('cost' => 12)),
to
Code:
password_hash(Input::get('password', true), PASSWORD_BCRYPT, array('cost' => 12)),

Let me know if this works, I can't test it myself right now unfortunately.
  Reply
#9
YOU ARE AH-MAZING.

This is perfect!

Plug and play!

For your reference @mudmin, ~line 77 is the change on login.php.

I cannot thank you enough Karsen!
  Reply
#10
Well - almost there lol!

I broke all my other logins now lmao:

Notice: Undefined variable: postItem in /home/aircentralized/public_html/mydash/users/classes/Input.php on line 50

Looks like its an issue with this line:
Code:
if (!$bypassSanitize) $postItem = self::sanitize($_POST[$item]);
Code:
return $postItem;

In the first if in the Input class. Thoughts?
  Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)