Closed Bug 1214492 Opened 9 years ago Closed 9 years ago

New PW containing the special character "§" is rejected

Categories

(Bugzilla :: User Accounts, defect)

Product:
Bugzilla
Component:
User Accounts
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: jfearn, Assigned: jfearn)

References

Details

Attachments

(1 file, 1 obsolete file)

Make complex password check UTF8 aware
750 bytes, patch
LpSolit
: review-
Details | Diff | Splinter Review
Attached patch switch from punct to Punct (obsolete) — Splinter Review
For sites using letters_numbers_specialchars complexity for passwords, UTF8 punctuation is not matched. Switching to a UTF8 punctuation handles this and increases complexity.
Attachment #8673474 - Flags: review?(gerv)
Jeff: do we want to do the same for "alpha" and the digits check also, i.e. require use of Unicode letters and Unicode digits? Gerv
(In reply to Gervase Markham [:gerv] from comment #1) > Jeff: do we want to do the same for "alpha" and the digits check also, i.e. > require use of Unicode letters and Unicode digits? > > Gerv Yeah that makes sense.
Attachment #8673474 - Attachment is obsolete: true
Attachment #8673474 - Flags: review?(gerv)
Attachment #8673999 - Flags: review?(gerv)
Comment on attachment 8673999 [details] [diff] [review] Make complex password check UTF8 aware >- if ($password !~ /[[:alpha:]]/ || $password !~ /\d/ || $password !~ /[[:punct:]]/); >+ if ($password !~ /\p{XPosixAlpha}/ || $password !~ /\p{XPosixDigit}/ || $password !~ /\p{XPosixPunct}/); In Unicode, [[:punct:]] and \p{XPosixPunct} are equivalent, see http://perldoc.perl.org/perlrecharclass.html#[5]. Also, \d understands Unicode digits correctly, so it doesn't need to be replaced by any \p{} construct, see http://perldoc.perl.org/perlrecharclass.html#Digits.
Attachment #8673999 - Flags: review?(gerv) → review-
I typed "foobar7§" together with the letters_numbers_specialchars complexity and it has been correctly accepted. I wonder if that's a bug in Perl < 5.12 (assuming RH still runs 5.10.1).
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WORKSFORME
(In reply to Frédéric Buclin from comment #5) > I typed "foobar7§" together with the letters_numbers_specialchars complexity > and it has been correctly accepted. I wonder if that's a bug in Perl < 5.12 > (assuming RH still runs 5.10.1). This could be it. On perl 5.10.1: $ perl -le 'use utf8; if(q{§} =~ /[[:punct:]]/){ print "match\n"; } else { print "no match\n"; }' no match On perl 5.20.3 $ perl -le 'use utf8; if(q{§} =~ /[[:punct:]]/){ print "match\n"; } else { print "no match\n"; }' match The 5.10 pod [1] makes no reference to this and I can't find any bugs mentioning it specifically, but there appears to have been some major reworking to unicode support in 5.12 so maybe it's a side affect of another change. 1: http://search.cpan.org/~dapm/perl-5.10.1/pod/perlrecharclass.pod And it turns out that the patch doesn't fix it on 5.10.1 anyway :/ # perl -le 'use utf8; if(q{§} =~ /\p{PosixPunct}/){ print "match\n";}else{print "no match\n";}' no match $ perl -le 'use utf8; if(q{§} =~ /\p{XPosixPunct}/){ print "match\n";}else{print "no match\n";}' Can't find Unicode property definition "XPosixPunct" at -e line 1. Bump min perl to 5.12?
(In reply to Jeff Fearn from comment #6) > Bump min perl to 5.12? Yes, we plan to upgrade to 5.14 directly due to a much better Unicode support, see bug 1136137.
Depends on: 1136137
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: