MDL-36056 form: Do not allow passwords with wrapping whitespace

This is to avoid accidental misconfiguration while copy/pasting the password value.
moodle · Nov 30, 2017 · 0c6554e · 0c6554e
1 parent 5bde2c2
commit 0c6554e
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 0 deletions.
diff --git a/lang/en/form.php b/lang/en/form.php
@@ -41,6 +41,7 @@
 $string['err_numeric'] = 'You must enter a number here.';
 $string['err_rangelength'] = 'You must enter between {$a->format[0]} and {$a->format[1]} characters here.';
 $string['err_required'] = 'You must supply a value here.';
+$string['err_wrappingwhitespace'] = 'The value must not start or end with whitespace.';
 $string['err_wrongfileextension'] = 'Some files ({$a->wrongfiles}) cannot be uploaded. Only file types {$a->whitelist} are allowed.';
 $string['filesofthesetypes'] = 'Accepted file types:';
 $string['filetypesany'] = 'All file types';

diff --git a/lib/form/passwordunmask.php b/lib/form/passwordunmask.php
@@ -90,4 +90,22 @@ public function export_for_template(renderer_base $output) {
 
         return $context;
     }
+
+    /**
+     * Check that there is no whitespace at the beginning and end of the password.
+     *
+     * It turned out that wrapping whitespace can easily be pasted by accident when copying the text from elsewhere.
+     * Such a mistake is very hard to debug as the whitespace is not displayed.
+     *
+     * @param array $value Submitted value.
+     * @return string|null Validation error message or null.
+     */
+    public function validateSubmitValue($value) {
+
+        if ($value !== trim($value)) {
+            return get_string('err_wrappingwhitespace', 'core_form');
+        }
+
+        return;
+    }
 }