[isf-wifidog] Install.php doesn't validate initial wifidog password properly

Wad -M- golden_rock at hotmail.com
Lun 21 Mai 00:59:42 EDT 2007

The problem is simple: when I installed wifidog with install.php, I set a 
password with lots of special characters including *, &, ! and more. The 
installation allowed me to go on, and wifidog worked well.

But then came the time I tried to change the password, it wouldn't allow me 
because the client side validation wouldn't pass (change_password.php). The 
javascript isValidPassword() function fails because it matches the password 
to the regular expression /^[0-9a-zA-Z]{6,}$/ which doesn't cover the 
special characters I input initially. Actually it forces the user to use 
only alphanumeric passwords...

I went over this bug by modifying the formutils.js file, making the 
isValidPassword() function return true all the times, change my password and 
then restore the old formutils.js file. It worked. Wifidog shouldn't have 
let me use special characters initially if change_password.php doesn't allow 
them. And should change_password validate the old password field? Perhaps.

My wifidog auth server version dates from 2006-12-12. If the bug hasn't been 
discovered yet, then here's an occasion to fix it.


Plus d'informations sur la liste de diffusion WiFiDog