search

bludit / bludit

Simple, Fast, Secure, Flat-File CMS
https://www.bludit.com
MIT License
1.29k stars 291 forks source link

Password length check is variable but also fix coded in \bl-kernel\functions.php #1558

Open BeJoNe opened 10 months ago

BeJoNe commented 10 months ago

for development reason i changed the password length in \bl-kernel\boot\variables.php to:

// Password length
define('PASSWORD_LENGTH', 3);

in \bl-kernel\functions.php line 548 in createUser as expected:

 // Password length
  if (Text::length($args['new_password']) < PASSWORD_LENGTH) {
    Alert::set($L->g('Password must be at least ' . PASSWORD_LENGTH . ' characters long'), ALERT_STATUS_FAIL);

but in line 679 its hardcoded;

  // Password length
  if (Text::length($newPassword) < 6) {
    Alert::set($L->g('Password must be at least 6 characters long'), ALERT_STATUS_FAIL);

shouldn't it be equal?

Bludit version

3.15

PHP version

8.3.2

dignajar commented 5 months ago

fixed, https://github.com/bludit/bludit/commit/e770d6a9728c8ab6d39e8ce78ecc118f9c50c1f1