-
Notifications
You must be signed in to change notification settings - Fork 253
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Various inconsistencies related to passwords #6219
Comments
@Butterflysaway Thanks for all the recent help. If you are going to submit a PR, you don't need to open a separate issue on it. The PR can describe the issue and contain the fix all in one. |
some projects actually require every PR to have its own issue
…On Wed, Aug 5, 2020 at 5:32 PM Jeremy D ***@***.***> wrote:
@Butterflysaway <https://github.com/Butterflysaway> Thanks for all the
recent help. If you are going to submit a PR, you don't need to open a
separate issue on it. The PR can describe the issue and contain the fix all
in one.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#6219 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AADJNN4E5GIXIMRNEAVU74LR7H225ANCNFSM4PU2UZ4A>
.
|
@jdarwood007 Np. Sounds good. Just trying to fix all the problems I find before using this on my live site. Hopefully it helps others that are using SMF as well. I've used it on my site for 10+ years. Can someone answer a question about modifications I have I've been wanting to update the modifications I used on SMF 1.1.21 which are no longer supported for SMF 2.1. Is it possible to just send an email to admins or w/e with the modification fixed and you can update it on the SMF website or how does that work? Mods in particular: What I would like to do is just modify the existing packages and make them compatible. I don't want any credits/etc. Just would like it to be available to everyone once I do so since they are great mods that should be continued on 2.1. |
You can get in touch with the Customization Team over https://simplemachines.org (contact SychO or Gary), and they'll guide you on how you can do that. |
…blems Fixes various password/activate related issues. Fixes #6219
Description
A few inconsistencies that relate to just password resetting, validation handling & hashing that I've found while looking through the files.
Bugfix 1: Fixes a problem which prevented the user from changing e-mail address on the activate action if they entered a non-valid e-mail on sign up and your board requires activation.
Bugfix 2: Added proper titles to some of the message pages the user sees when requesting a new verification code.
Bugfix 3: No longer gives 404 html header when user requests a new verification code.
Bugfix 4: Added un_htmlspecialchars to missing password post from verifyPassword calls where needed.
Bugfix 5: Removed strip_slashes on password which will prevent any user from having a backslash in their password from saving their profile. Also removed the extra un_htmlspecialchars which was already handled when setting $password.
Bugfix 6: Removed unneeded un_htmlspecialchars from upgrade hash password which will prevent an error if your password contains html special chars by random chance.
Environment (complete as necessary)
Additional information/references
The text was updated successfully, but these errors were encountered: