From 1e54e8a32f1ecde44a617e3278cb622a54054fdb Mon Sep 17 00:00:00 2001 From: webpwnized Date: Fri, 20 Oct 2023 18:49:06 -0400 Subject: [PATCH] 2.11.7: Remove JavaScript validation on password fields --- edit-account-profile.php | 6 ++---- includes/constants.php | 2 +- login.php | 10 ++++------ user-info-xpath.php | 6 ++---- user-info.php | 6 ++---- 5 files changed, 11 insertions(+), 19 deletions(-) diff --git a/edit-account-profile.php b/edit-account-profile.php index 93ca88de..d72cd7be 100755 --- a/edit-account-profile.php +++ b/edit-account-profile.php @@ -181,14 +181,12 @@ function onSubmitOfForm(/*HTMLFormElement*/ theForm){ try{ if(lValidateInput == "TRUE"){ var lUnsafeCharacters = /[`~!@#$%^&*()-_=+\[\]{}\\|;':",./<>?]/; - if (theForm.username.value.length > 15 || - theForm.password.value.length > 15){ + if (theForm.username.value.length > 15){ alert('Username too long. We dont want to allow too many characters.\n\nSomeone might have enough room to enter a hack attempt.'); return false; };// end if - if (theForm.username.value.search(lUnsafeCharacters) > -1 || - theForm.password.value.search(lUnsafeCharacters) > -1){ + if (theForm.username.value.search(lUnsafeCharacters) > -1){ alert('Dangerous characters detected. We can\'t allow these. This all powerful blacklist will stop such attempts.\n\nMuch like padlocks, filtering cannot be defeated.\n\nBlacklisting is l33t like l33tspeak.'); return false; };// end if diff --git a/includes/constants.php b/includes/constants.php index deb43a82..90c9ac34 100755 --- a/includes/constants.php +++ b/includes/constants.php @@ -2,7 +2,7 @@ /* ------------------------------------------ * @VERSION * ------------------------------------------*/ - $C_VERSION = "2.11.6"; + $C_VERSION = "2.11.7"; $C_VERSION_STRING = "Version: " . $C_VERSION; $C_MAX_HINT_LEVEL = 1; diff --git a/login.php b/login.php index 4b03b0c5..1bf21ad2 100755 --- a/login.php +++ b/login.php @@ -21,7 +21,7 @@ }// end try ?> -
Login
diff --git a/user-info-xpath.php b/user-info-xpath.php index 45252938..a06e237d 100755 --- a/user-info-xpath.php +++ b/user-info-xpath.php @@ -79,14 +79,12 @@ function onSubmitOfForm(/*HTMLFormElement*/ theForm){ var lUnsafeCharacters = /[`~!@#$%^&*()-_=+\[\]{}\\|;':",./<>?]/; if(lValidateInput == "TRUE"){ - if (theForm.username.value.length > 15 || - theForm.password.value.length > 15){ + if (theForm.username.value.length > 15){ alert('Username too long. We dont want to allow too many characters.\n\nSomeone might have enough room to enter a hack attempt.'); return false; }// end if - if (theForm.username.value.search(lUnsafeCharacters) > -1 || - theForm.password.value.search(lUnsafeCharacters) > -1){ + if (theForm.username.value.search(lUnsafeCharacters) > -1){ alert('Dangerous characters detected. We can\'t allow these. This all powerful blacklist will stop such attempts.\n\nMuch like padlocks, filtering cannot be defeated.\n\nBlacklisting is l33t like l33tspeak.'); return false; }// end if diff --git a/user-info.php b/user-info.php index 81346f4e..0eb7ac8d 100755 --- a/user-info.php +++ b/user-info.php @@ -65,14 +65,12 @@ function onSubmitOfForm(/*HTMLFormElement*/ theForm){ var lUnsafeCharacters = /[`~!@#$%^&*()-_=+\[\]{}\\|;':",./<>?]/; if(lValidateInput == "TRUE"){ - if (theForm.username.value.length > 15 || - theForm.password.value.length > 15){ + if (theForm.username.value.length > 15){ alert('Username too long. We dont want to allow too many characters.\n\nSomeone might have enough room to enter a hack attempt.'); return false; }// end if - if (theForm.username.value.search(lUnsafeCharacters) > -1 || - theForm.password.value.search(lUnsafeCharacters) > -1){ + if (theForm.username.value.search(lUnsafeCharacters) > -1){ alert('Dangerous characters detected. We can\'t allow these. This all powerful blacklist will stop such attempts.\n\nMuch like padlocks, filtering cannot be defeated.\n\nBlacklisting is l33t like l33tspeak.'); return false; }// end if