Authenticator.verifyPasswordStrength does not count special characters

[GoogleCodeExporter]

When I enter as new password <strong>b!gbr0ther</strong>
Authenticator.verifyPasswordStrength throws AuthenticationCredentialsException

Based on the algorythm it should be a strong password. The problem relies
on binarySearch of special characters as it always fails for special
character !

The problem is that EncoderConstants.CHAR_SPECIALS array is not sorted.
After sorting the array it works fine

char[] CHAR_SPECIALS = { 
    '!', //33
    '$', //36
    '*', //42
    '+', //43
    '-', //45
    '.', //46
    '=', //61
    '?', //63
    '@', //64
    '^', //94
    '_', //95
    '|', //124
    '~'  //126
    };

I use ESAPI 2.0-rc4, java 1.6.0_16

Original issue reported on code.google.com by johnkoutros on 30 Nov 2009 at 10:02

[GoogleCodeExporter]

Original comment by chrisisbeef on 2 Dec 2009 at 5:37

• Changed state: Accepted
• Added labels: Milestone-Release2.0

[GoogleCodeExporter]

This issue was closed by revision r843.

Original comment by chrisisbeef on 2 Dec 2009 at 5:39

• Changed state: Fixed