Closed
Bug 897264
Opened 11 years ago
Closed 11 years ago
letters_numbers_specialchars password restriction is incorrect
Categories
(Bugzilla :: User Accounts, defect)
Tracking
()
RESOLVED
FIXED
Bugzilla 4.2
People
(Reporter: mail, Assigned: mail)
References
Details
Attachments
(1 file, 2 obsolete files)
2.14 KB,
patch
|
LpSolit
:
review+
|
Details | Diff | Splinter Review |
The regular expression used for the letters_numbers_specialchars password is incorrect, as a letter does not need to be used. For example, '1234567!' is would be considered to be a valid password.
Updated•11 years ago
|
OS: Linux → All
Hardware: x86_64 → All
Target Milestone: --- → Bugzilla 4.4
Assignee | ||
Comment 1•11 years ago
|
||
Also fixed up the alignment of the error message since I was in that area anyway.
Attachment #780721 -
Flags: review?(dkl)
Comment 2•11 years ago
|
||
Why do you replace \d by [[:digit:]]?
Assignee | ||
Comment 3•11 years ago
|
||
(In reply to Frédéric Buclin from comment #2) > Why do you replace \d by [[:digit:]]? For consistency. AFAIK, they are the same (whereas [:alpha:] and \w are different). Plain English '[:digit:]' is also easier to read than the more cryptic '\d' -- simon
Comment 4•11 years ago
|
||
Comment on attachment 780721 [details] [diff] [review] bug897264-v1.patch I don't care about readability. \d is used everywhere in our codebase and is well understood. We don't use [[:digit:]] anywhere else. I don't call that consistency. Please revert this change.
Attachment #780721 -
Flags: review?(dkl) → review-
Assignee | ||
Comment 5•11 years ago
|
||
Attachment #780721 -
Attachment is obsolete: true
Attachment #782426 -
Flags: review?(LpSolit)
Comment 6•11 years ago
|
||
Comment on attachment 782426 [details] [diff] [review] v2 patch >=== modified file 'template/en/default/global/user-error.html.tmpl' >+ [% IF passregex.search('letters') %] >+ [% IF passregex.search('specialchars') %] >+ <li>letter</li> >+ [% ELSE %] >+ <li>UPPERCASE letter</li> >+ <li>lowercase letter</li> >+ [% END %] >+ [% END %] >+ [% IF passregex.search('numbers') %] >+ <li>digit</li> >+ [% END %] >+ [% IF passregex.search('specialchars') %] >+ <li>special character</li> >+ [% END %] As you are now looking twice for 'specialchars', please combine them together: [% IF passregex == 'letters_numbers_specialchars' %] <li>letter</li> <li>special character</li> [% ELSIF passregex.search('letters') %] <li>UPPERCASE letter</li> <li>lowercase letter</li> [% END %] [% IF passregex.search('numbers') %] <li>digit</li> [% END %]
Attachment #782426 -
Flags: review?(LpSolit) → review-
Assignee | ||
Comment 7•11 years ago
|
||
Attachment #782426 -
Attachment is obsolete: true
Attachment #784690 -
Flags: review?(LpSolit)
Comment 8•11 years ago
|
||
Comment on attachment 784690 [details] [diff] [review] bug897264-v3.patch r=LpSolit
Attachment #784690 -
Flags: review?(LpSolit) → review+
Updated•11 years ago
|
Flags: approval?
Flags: approval4.4?
Assignee | ||
Comment 9•11 years ago
|
||
09:20 <@LpSolit> pfff, I reviewed it, you can approve it
Flags: approval?
Flags: approval4.4?
Flags: approval4.4+
Flags: approval+
Assignee | ||
Comment 10•11 years ago
|
||
Committing to: bzr+ssh://bzr.mozilla.org/bugzilla/trunk/ modified Bugzilla/User.pm modified template/en/default/global/user-error.html.tmpl Committed revision 8688. Committing to: bzr+ssh://bzr.mozilla.org/bugzilla/4.4/ modified Bugzilla/User.pm modified template/en/default/global/user-error.html.tmpl Committed revision 8588.
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Comment 11•11 years ago
|
||
Actually, this parameter has been implemented in Bugzilla 4.2, see bug 558803. As it affects the security-level of your passwords, it may be important to fix this bug there too.
Updated•11 years ago
|
Flags: approval4.2? → approval4.2+
Assignee | ||
Comment 12•11 years ago
|
||
Committing to: bzr+ssh://bzr.mozilla.org/bugzilla/4.2/ modified Bugzilla/User.pm modified template/en/default/global/user-error.html.tmpl Committed revision 8221.
You need to log in
before you can comment on or make changes to this bug.
Description
•