Various inconsistencies related to passwords #6219
Comments
|
@Butterflysaway Thanks for all the recent help. If you are going to submit a PR, you don't need to open a separate issue on it. The PR can describe the issue and contain the fix all in one. |
|
some projects actually require every PR to have its own issue
…On Wed, Aug 5, 2020 at 5:32 PM Jeremy D ***@***.***> wrote:
@Butterflysaway <https://github.com/Butterflysaway> Thanks for all the
recent help. If you are going to submit a PR, you don't need to open a
separate issue on it. The PR can describe the issue and contain the fix all
in one.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#6219 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AADJNN4E5GIXIMRNEAVU74LR7H225ANCNFSM4PU2UZ4A>
.
|
|
@jdarwood007 Np. Sounds good. Just trying to fix all the problems I find before using this on my live site. Hopefully it helps others that are using SMF as well. I've used it on my site for 10+ years. Can someone answer a question about modifications I have I've been wanting to update the modifications I used on SMF 1.1.21 which are no longer supported for SMF 2.1. Is it possible to just send an email to admins or w/e with the modification fixed and you can update it on the SMF website or how does that work? Mods in particular: What I would like to do is just modify the existing packages and make them compatible. I don't want any credits/etc. Just would like it to be available to everyone once I do so since they are great mods that should be continued on 2.1. |
|
You can get in touch with the Customization Team over https://simplemachines.org (contact SychO or Gary), and they'll guide you on how you can do that. |
…blems Fixes various password/activate related issues. Fixes #6219
Description
A few inconsistencies that relate to just password resetting, validation handling & hashing that I've found while looking through the files.
Bugfix 1: Fixes a problem which prevented the user from changing e-mail address on the activate action if they entered a non-valid e-mail on sign up and your board requires activation.
Bugfix 2: Added proper titles to some of the message pages the user sees when requesting a new verification code.
Bugfix 3: No longer gives 404 html header when user requests a new verification code.
Bugfix 4: Added un_htmlspecialchars to missing password post from verifyPassword calls where needed.
Bugfix 5: Removed strip_slashes on password which will prevent any user from having a backslash in their password from saving their profile. Also removed the extra un_htmlspecialchars which was already handled when setting $password.
Bugfix 6: Removed unneeded un_htmlspecialchars from upgrade hash password which will prevent an error if your password contains html special chars by random chance.
Environment (complete as necessary)
Additional information/references
The text was updated successfully, but these errors were encountered: