News:

You may pay someone to create your store, or you visit our seminar and become a professional yourself with the silver certification

Main Menu

Spaces in password accepted ie: "1 " accepted

Started by salsero72, May 11, 2009, 08:11:07 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

salsero72

May 11, 2009, 08:11:07 AM Last Edit: May 11, 2009, 10:12:07 AM by salsero72
Hello,
I found something that could be a sort of a bug.


If you "register" in page "shop.registration" or page "checkout.index"
the regexp check  is executed but passed even if you use spaces in password.

I could register with the pass "1     "  ( ie: "1[space][space][space][space][space][space]")


index.php?option=com_virtuemart&page=checkout.index
index.php?option=com_virtuemart&page=shop.registration (link seen in a module named "mod_vituemart_login.php")

You can try it yourself. I made the test in a new installation.



Furthermore:
if you use:
mod_vituemart_login.php and click on "register now"
index.php?option=com_virtuemart&page=shop.registration

The JS check is different from the
index.php?option=com_virtuemart&page=checkout.index  page.

That's because in ps_usefield.php I see:

// line 714
Code Select


echo '
if ((r.exec(form.username.value) || form.username.value.length < 3)'.$optional_check.') {
alert( "'. sprintf($VM_LANG->_('VALID_AZ09',false), $VM_LANG->_('USERNAME',false), 2) .'" );
return false;
            }';
        }
        if( isset($required_fields['password']) ) {
      if( $page == 'checkout.index') {

                echo '
                if (form.password.value.length < 6 '.$optional_check.') {
                    alert( "'.$VM_LANG->_('REGWARN_PASS',false) .'" );
return false;
                } else if (form.password2.value == ""'.$optional_check.') {
                    alert( "'. $VM_LANG->_('REGWARN_VPASS1',false) .'" );
                    return false;
                } else if (r.exec(form.password.value)'.$optional_check.') {
                    alert( "'. sprintf( $VM_LANG->_('VALID_AZ09',false), $VM_LANG->_('PASSWORD',false), 6 ) .'" );
                    return false;
                }';
        }



/*
See it? You normally get the  "minimum 3" password check and
only if page is checkout.index you get the "6 minimum lenght"
*/




database:       4.1.10-standard
Collation Database:    utf8_general_ci
Version PHP:    4.4.9
Server Web:    Apache/1.3.41 (Unix) PHP/4.4.9 mod_ssl/2.8.31 OpenSSL/0.9.7e
Server web for PHP:    apache
Joomla! Version:    Joomla! 1.5.10 Production/Stable [ Wohmamni ] 27-March-2009 23:00 GMT
User Agent:    Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)
Print
Go Up Pages1
User actions