Item11501: Don't check the password

No need to make sure passwords don't contain html markup - they are never displayed. git-svn-id: http://svn.foswiki.org/branches/Release01x01@13907 0b4bb1d4-4e5a-0410-9cc4-b2b747904278
foswiki · Feb 4, 2012 · 79ebf98 · 79ebf98
1 parent 4b44aca
commit 79ebf98
Showing 1 changed file with 7 additions and 5 deletions.
diff --git a/core/lib/Foswiki/UserMapping.pm b/core/lib/Foswiki/UserMapping.pm
@@ -556,16 +556,18 @@ sub validateRegistrationField {
 
     #my ($this, $field, $value) = @_;
 
-    if ( $_[1] eq 'username'
+    # Filter username per the login validation rules.
+    if ( lc( $_[1] ) eq 'username'
         && !( $_[2] =~ m/$Foswiki::cfg{LoginNameFilterIn}/ ) )
     {
         throw Error::Simple("Invalid username");
     }
 
-    unless ( $_[1] eq 'password' ) {
-        throw Error::Simple("Invalid $_[1]")
-          if ( $_[2] =~ m/[<>]+/ );
-    }
+    # Don't check contents of password - it's never displayed.
+    return $_[2] if ( lc( $_[1] ) eq 'password' || lc( $_[1] ) eq 'confirm' );
+
+    # Don't allow html markup in any other fields.
+    throw Error::Simple("Invalid $_[1]") if ( $_[2] =~ m/[<>]+/ );
 
     return $_[2];
 }