Adding some password validation rules. refs #1256

Marty Penner
Showing 1 changed file with 8 additions and 2 deletions
com/Auth/Auth.php
--- a/com/Auth/Auth.php
View file @23cdc36
+++ b/com/Auth/Auth.php
View file @23cdc36
@@ -22,6 +22,8 @@ const ACTION_ACTIVATE = 'wpmu_activate_user';

 const OPTION_NAME = 'tz_auth'; // Database lookup key (`wp_options`.`option_name`)

+const PASS_MAX_LEN = 15; // Maximum length of password
+
    call_user_func(function() {
        global $wpdb;
        if (empty($wpdb->signups)) {
@@ -263,8 +265,12 @@ class Validation extends Common\Validation {
            throw new Exception('<li>Password can not be blank</li>');
        }

-        if (false !== strpos($val, ' ')) {
-            throw new Exception('<li>Password can not contain spaces</li>');
+        if (isset($val[PASS_MAX_LEN + 1])) {
+            throw new Exception('<li>Password can not be longer than ' . PASS_MAX_LEN . ' characters.</li>');
+        }
+
+        if (preg_match('/(\\\\|\\\'|"| )+/i', $val)) {
+            throw new Exception('<li>Password can not contain spaces, backslashes (\) or quotes</li>');
        }
    }