Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[fix] Reject app password if they contains { or } #671

merged 1 commit into from Mar 13, 2019


None yet
2 participants
Copy link

commented Mar 7, 2019

The problem

c.f. YunoHost/issues#1319


Reject app passwords that contain { or } ...

PR Status

Tested and working

How to test

Try to install for example lstu_ynh and put { or } in password


  • Principle agreement 0/2 :
  • Quick review 0/1 :
  • Simple test 0/1 :
  • Deep review 0/1 :

This comment has been minimized.

Copy link
Member Author

commented Mar 13, 2019


@alexAubin alexAubin merged commit d058133 into stretch-unstable Mar 13, 2019

2 checks passed

continuous-integration/travis-ci/pr The Travis CI build passed
continuous-integration/travis-ci/push The Travis CI build passed

@alexAubin alexAubin deleted the forbidden-chars-for-app-password branch Mar 13, 2019


This comment has been minimized.

Copy link

commented Mar 14, 2019

As discussed in the bug entry, I'd day the proper way to fix this is to avoid shell command injections altogether.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.