search

jberger / Galileo

A Simple Modern Perl CMS
http://galileo-cms.herokuapp.com
166 stars 38 forks source link

non-latin chars in password on logon break application #42

Open OpossumPetya opened 9 years ago

OpossumPetya commented 9 years ago

Steps:

  1. Go to http://galileo-cms.herokuapp.com
  2. Username = user ; password = зфыы ("pass" -- accidentally switched keyboard layout)

Result:

input must contain only octets at /app/vendor/perl-deps/lib/perl5/x86_64-linux/Crypt/Eksblowfish/Bcrypt.pm line 84.

Parameters:
{
  'from' => '/page/home',
  'password' => "\x{437}\x{444}\x{44b}\x{44b}",
  'username' => 'user'
}
erik-ontarget commented 9 years ago

I guess galileo-cms.herokuapp.com has old version. Tried locally with new version -- no error, just doesn't let me in.

jberger commented 9 years ago

hmmmm, I wonder which version galileo is it running? I will try to update soon. The introduction text is slightly different which perhaps I should correct as well!