Permalink
Browse files

admin MDL-20980 Touched up regex that determines weak password salts

  • Loading branch information...
1 parent 9cf8507 commit f334afe662b2f81b17f0e77a578af9de82d8c4ca Sam Hemelryk committed Nov 26, 2009
Showing with 2 additions and 2 deletions.
  1. +2 −2 admin/report/security/lib.php
@@ -501,8 +501,8 @@ function report_security_check_passwordsaltmain($detailed=false) {
if (empty($CFG->passwordsaltmain)) {
$result->status = REPORT_SECURITY_WARNING;
$result->info = get_string('check_passwordsaltmain_warning', 'report_security');
- } else if ($CFG->passwordsaltmain === 'a_very_long_random_string_of_characters#@6&*1'
- || trim($CFG->passwordsaltmain) === '' || preg_match('/^([\w]+|[\d]+)$/i', $CFG->passwordsaltmain)) {
+ } else if ($CFG->passwordsaltmain === 'some long random string here with lots of characters'
+ || trim($CFG->passwordsaltmain) === '' || preg_match('/^([a-z0-9]{0,10})$/i', $CFG->passwordsaltmain)) {
$result->status = REPORT_SECURITY_WARNING;
$result->info = get_string('check_passwordsaltmain_weak', 'report_security');
} else {

0 comments on commit f334afe

Please sign in to comment.