Skip to content
This repository has been archived by the owner on Nov 3, 2023. It is now read-only.

Ungültiges Passwort in ModuleCloseAccount #8455

Closed
malitze opened this issue Sep 2, 2016 · 3 comments
Closed

Ungültiges Passwort in ModuleCloseAccount #8455

malitze opened this issue Sep 2, 2016 · 3 comments
Assignees
@leofeyer
Labels
defect
Milestone
3.5.17

Comments

@malitze
Copy link

malitze commented Sep 2, 2016

Es können Passwörter gewählt bzw. mittels ModuleChangePassword vergeben werden, welche von ModuleCloseAccount als ungültig erachtet werden und somit Accounts nicht geschlossen werden können. Nach ein paar Tests scheint dies vor allem bei Passwörtern die eine Raute enthalten der Fall zu sein (z.B. "#passwort").

Ursächlich scheint mir, dass das Input Widget in ModuleCloseAccount (Zeile 73) im Gegensatz zu den anderen Stellen ohne eval 'preserveTags'=>true konfiguriert wird.
@leofeyer leofeyer added this to the 3.5.16 milestone Sep 4, 2016
@leofeyer leofeyer removed this from the 3.5.16 milestone Sep 5, 2016
@leofeyer
Copy link
Member

leofeyer commented Sep 5, 2016

Wie lässt sich das in der Onlinedemo reproduzieren?

@leofeyer leofeyer removed the defect label Sep 5, 2016
@malitze
Copy link
Author

malitze commented Sep 5, 2016

  1. Im Backend Close Account Modul erstellen und anschließend bspw. in die User Seite einbinden.
  2. Im Frontend anmelden und auf der User Seite das Passwort zu "#passwort" ändern.
  3. Zum neu eingebundenen Close Account Modul navigieren, Passwort eingeben und Formular bestätigen => "Invalid password!"

@leofeyer leofeyer added this to the 3.5.17 milestone Sep 20, 2016
@leofeyer leofeyer self-assigned this Sep 20, 2016
leofeyer added a commit that referenced this issue Sep 20, 2016
@leofeyer
Handle special character passwords in the "close account" module (see #…
e9260b0 
…8455).
@leofeyer
Copy link
Member

Behoben in e9260b0.

leofeyer added a commit that referenced this issue Sep 21, 2016
@leofeyer
Handle special character passwords in the "close account" module (see #…
27833dc 
…8455).
jsonn pushed a commit to jsonn/pkgsrc that referenced this issue Sep 24, 2016
Update contao42 to 4.2.4. This is a leaf package.
872b72d 
### 4.2.4 (2016-09-21)

 * Handle special character passwords in the "close account" module (see contao/core#8455).
 * Handle broken SVG files in the Image and File class (see contao/core#8470).
 * Reduce the maximum field length by the file extension length (see contao/core#8472).
 * Fall back to the field name if there is no label (see contao/core#8461).
 * Do not assume NULL by default for binary fields (see contao/core#8477).
 * Correctly render the diff view if not the latest version is active (see contao/core#8481).
 * Update the list of countries and languages (see contao/core#8453).
 * Correctly set up the MooTools CDN URL (see contao/core#8458).
 * Also check the URL length when determining the search URL (see contao/core#8460).
 * Only regenerate the session ID upon login.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@leofeyer leofeyer

Labels
defect
Projects
None yet
Milestone
3.5.17
Development

No branches or pull requests
2 participants
@leofeyer @malitze