Révision 4cf82d52
Ajouté par jim-p il y a presque 13 ans
| etc/inc/vpn.inc | ||
|---|---|---|
| 1189 | 1189 |
$mpdsecret = ""; |
| 1190 | 1190 |
|
| 1191 | 1191 |
if (is_array($pptpdcfg['user'])) {
|
| 1192 |
foreach ($pptpdcfg['user'] as $user) |
|
| 1193 |
$mpdsecret .= "{$user['name']} \"{$user['password']}\" {$user['ip']}\n";
|
|
| 1192 |
foreach ($pptpdcfg['user'] as $user) {
|
|
| 1193 |
$pass = str_replace('"', '\"', $user['password']);
|
|
| 1194 |
$mpdsecret .= "{$user['name']} \"{$pass}\" {$user['ip']}\n";
|
|
| 1195 |
} |
|
| 1194 | 1196 |
} |
| 1195 | 1197 |
|
| 1196 | 1198 |
fwrite($fd, $mpdsecret); |
| usr/local/www/vpn_pptp_users_edit.php | ||
|---|---|---|
| 84 | 84 |
if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['username']))
|
| 85 | 85 |
$input_errors[] = gettext("The username contains invalid characters.");
|
| 86 | 86 |
|
| 87 |
if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['password']))
|
|
| 88 |
$input_errors[] = gettext("The password contains invalid characters.");
|
|
| 89 |
|
|
| 90 | 87 |
if (preg_match("/^!/", $_POST['password']))
|
| 91 | 88 |
$input_errors[] = gettext("The password cannot start with '!'.");
|
| 92 | 89 |
|
| 90 |
if (!preg_match("/^[\x20-\x7E]*$/", $_POST['password']))
|
|
| 91 |
$input_errors[] = gettext("The password contains invalid characters.");
|
|
| 92 |
|
|
| 93 | 93 |
if (($_POST['password']) && ($_POST['password'] != $_POST['password2'])) {
|
| 94 | 94 |
$input_errors[] = gettext("The passwords do not match.");
|
| 95 | 95 |
} |
Formats disponibles : Unified diff
Relax PPTP password restrictions, just prevent starting with a !, and limit to common printable/keyboard characters so it doesn't result in invalid xml. Fixes #1720