diff options
| author | Dave Arter <davea@mysociety.org> | 2018-04-27 10:14:40 +0100 |
|---|---|---|
| committer | Dave Arter <davea@mysociety.org> | 2018-04-27 10:18:41 +0100 |
| commit | 4aa61d32043a419081d0a15721e24243978ab674 (patch) | |
| tree | efd4c9a18b3854e02a07bf0dc42e0cb06ca890d3 | |
| parent | 86677908feec287449467b565f63fa2f8db7e560 (diff) | |
Don’t strip whitespace from user passwords during registration
If a new user registers during the report/update process
and their password starts or ends with whitespace or has
consecutive whitespace chars then those would be stripped
and the entered password wouldn’t work for subsequent logins.
| -rw-r--r-- | CHANGELOG.md | 1 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Alert.pm | 2 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Report/New.pm | 2 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Report/Update.pm | 2 |
4 files changed, 4 insertions, 3 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index ae4eafc96..31129d394 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -36,6 +36,7 @@ - Fix SQL error on update edit admin page in cobrands. #2049 - Improve chart display in old IE versions. #2005 - Improve handling of Open311 state changes. #2069 + - Don't strip whitespace from user passwords. #2111 - Admin improvements: - Inspectors can set non_public status of reports. #1992 - Default start date is shown on the dashboard. diff --git a/perllib/FixMyStreet/App/Controller/Alert.pm b/perllib/FixMyStreet/App/Controller/Alert.pm index 9d522dbc9..1060c080b 100644 --- a/perllib/FixMyStreet/App/Controller/Alert.pm +++ b/perllib/FixMyStreet/App/Controller/Alert.pm @@ -369,7 +369,7 @@ sub process_user : Private { # return 1; # } # -# $alert_user->password( Utils::trim_text( $params{password_register} ) ); +# $alert_user->password( $params{password_register} ); } =head2 setup_coordinate_rss_feeds diff --git a/perllib/FixMyStreet/App/Controller/Report/New.pm b/perllib/FixMyStreet/App/Controller/Report/New.pm index 8c6c1b244..3a8362b5b 100644 --- a/perllib/FixMyStreet/App/Controller/Report/New.pm +++ b/perllib/FixMyStreet/App/Controller/Report/New.pm @@ -829,7 +829,7 @@ sub process_user : Private { $c->forward('update_user', [ \%params ]); if ($params{password_register}) { $c->forward('/auth/test_password', [ $params{password_register} ]); - $report->user->password(Utils::trim_text($params{password_register})); + $report->user->password($params{password_register}); } return 1; diff --git a/perllib/FixMyStreet/App/Controller/Report/Update.pm b/perllib/FixMyStreet/App/Controller/Report/Update.pm index 9d97688c5..13eceadb0 100644 --- a/perllib/FixMyStreet/App/Controller/Report/Update.pm +++ b/perllib/FixMyStreet/App/Controller/Report/Update.pm @@ -156,7 +156,7 @@ sub process_user : Private { if ($params{password_register}) { $c->forward('/auth/test_password', [ $params{password_register} ]); - $update->user->password(Utils::trim_text($params{password_register})); + $update->user->password($params{password_register}); } return 1; |