Allow upload of password blacklist - Githubissues

ulsdevteam / pkp-betterPassword

Plugin to implement password requirements for PKP OJS/OMP

GNU General Public License v2.0

7 stars 6 forks source link

Allow upload of password blacklist #5

Closed ctgraham closed 3 years ago

ctgraham commented 5 years ago

In plugin settings, allow for upload of a password blacklist file, store in files_dir and reference in betterPasswordPlugin::getBlacklists().

ctgraham commented 4 years ago

Resolved.

ctgraham commented 4 years ago

array_merge() requires two arrays. This may not be the case here: https://github.com/ulsdevteam/pkp-betterPassword/blob/59220f680b06625c1f11d3f1132924dbfc75682c/BetterPasswordPlugin.inc.php#L291

$userBlacklists may be initially unset, causing the subsequent array_keys() to fail: https://github.com/ulsdevteam/pkp-betterPassword/blob/59220f680b06625c1f11d3f1132924dbfc75682c/BetterPasswordPlugin.inc.php#L285

$userBlacklistsFilepath is not guaranteed to be defined if $userBlacklistsFilenames is not an array of 1 or more elements. https://github.com/ulsdevteam/pkp-betterPassword/blob/59220f680b06625c1f11d3f1132924dbfc75682c/BetterPasswordPlugin.inc.php#L287-L289

If $userBlacklistsFilepath is not defined, array_merge() fails.

ctgraham commented 3 years ago

Resolved in refactor: https://github.com/ulsdevteam/pkp-betterPassword/blob/master/features/Blocklist.inc.php