Skip to content

Commit

Permalink
2.11.7: Remove JavaScript validation on password fields
Browse files Browse the repository at this point in the history
  • Loading branch information
webpwnized committed Oct 20, 2023
1 parent ea220fc commit 1e54e8a
Show file tree
Hide file tree
Showing 5 changed files with 11 additions and 19 deletions.
6 changes: 2 additions & 4 deletions edit-account-profile.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -181,14 +181,12 @@ function onSubmitOfForm(/*HTMLFormElement*/ theForm){
try{
if(lValidateInput == "TRUE"){
var lUnsafeCharacters = /[`~!@#$%^&*()-_=+\[\]{}\\|;':",./<>?]/;
if (theForm.username.value.length > 15 ||
theForm.password.value.length > 15){
if (theForm.username.value.length > 15){
alert('Username too long. We dont want to allow too many characters.\n\nSomeone might have enough room to enter a hack attempt.');
return false;
};// end if

if (theForm.username.value.search(lUnsafeCharacters) > -1 ||
theForm.password.value.search(lUnsafeCharacters) > -1){
if (theForm.username.value.search(lUnsafeCharacters) > -1){
alert('Dangerous characters detected. We can\'t allow these. This all powerful blacklist will stop such attempts.\n\nMuch like padlocks, filtering cannot be defeated.\n\nBlacklisting is l33t like l33tspeak.');
return false;
};// end if
Expand Down
2 changes: 1 addition & 1 deletion includes/constants.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
/* ------------------------------------------
* @VERSION
* ------------------------------------------*/
$C_VERSION = "2.11.6";
$C_VERSION = "2.11.7";
$C_VERSION_STRING = "Version: " . $C_VERSION;
$C_MAX_HINT_LEVEL = 1;

Expand Down
10 changes: 4 additions & 6 deletions login.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@
}// end try
?>

<script type="text/javascript">
<script type="text/javascript">
<!--
<?php
if ($_SESSION["loggedin"]=="True") {
Expand All @@ -47,14 +47,12 @@ function onSubmitOfLoginForm(/*HTMLFormElement*/ theForm){
try{
if(lValidateInput == "TRUE"){
var lUnsafeCharacters = /[`~!@#$%^&*()-_=+\[\]{}\\|;':",./<>?]/;
if (theForm.username.value.length > 15 ||
theForm.password.value.length > 15){
if (theForm.username.value.length > 15){
alert('Username too long. We dont want to allow too many characters.\n\nSomeone might have enough room to enter a hack attempt.');
return false;
};// end if

if (theForm.username.value.search(lUnsafeCharacters) > -1 ||
theForm.password.value.search(lUnsafeCharacters) > -1){
if (theForm.username.value.search(lUnsafeCharacters) > -1){
alert('Dangerous characters detected. We can\'t allow these. This all powerful blacklist will stop such attempts.\n\nMuch like padlocks, filtering cannot be defeated.\n\nBlacklisting is l33t like l33tspeak.');
return false;
};// end if
Expand All @@ -65,7 +63,7 @@ function onSubmitOfLoginForm(/*HTMLFormElement*/ theForm){
alert("Error: " + e.message);
};// end catch
};// end function onSubmitOfLoginForm(/*HTMLFormElement*/ theForm)
//-->
//-->
</script>

<div class="page-title">Login</div>
Expand Down
6 changes: 2 additions & 4 deletions user-info-xpath.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,14 +79,12 @@ function onSubmitOfForm(/*HTMLFormElement*/ theForm){
var lUnsafeCharacters = /[`~!@#$%^&*()-_=+\[\]{}\\|;':",./<>?]/;

if(lValidateInput == "TRUE"){
if (theForm.username.value.length > 15 ||
theForm.password.value.length > 15){
if (theForm.username.value.length > 15){
alert('Username too long. We dont want to allow too many characters.\n\nSomeone might have enough room to enter a hack attempt.');
return false;
}// end if

if (theForm.username.value.search(lUnsafeCharacters) > -1 ||
theForm.password.value.search(lUnsafeCharacters) > -1){
if (theForm.username.value.search(lUnsafeCharacters) > -1){
alert('Dangerous characters detected. We can\'t allow these. This all powerful blacklist will stop such attempts.\n\nMuch like padlocks, filtering cannot be defeated.\n\nBlacklisting is l33t like l33tspeak.');
return false;
}// end if
Expand Down
6 changes: 2 additions & 4 deletions user-info.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,14 +65,12 @@ function onSubmitOfForm(/*HTMLFormElement*/ theForm){
var lUnsafeCharacters = /[`~!@#$%^&*()-_=+\[\]{}\\|;':",./<>?]/;

if(lValidateInput == "TRUE"){
if (theForm.username.value.length > 15 ||
theForm.password.value.length > 15){
if (theForm.username.value.length > 15){
alert('Username too long. We dont want to allow too many characters.\n\nSomeone might have enough room to enter a hack attempt.');
return false;
}// end if

if (theForm.username.value.search(lUnsafeCharacters) > -1 ||
theForm.password.value.search(lUnsafeCharacters) > -1){
if (theForm.username.value.search(lUnsafeCharacters) > -1){
alert('Dangerous characters detected. We can\'t allow these. This all powerful blacklist will stop such attempts.\n\nMuch like padlocks, filtering cannot be defeated.\n\nBlacklisting is l33t like l33tspeak.');
return false;
}// end if
Expand Down

0 comments on commit 1e54e8a

Please sign in to comment.