Headline
CVE-2023-0307: fix: added missing check on password length · thorsten/phpMyFAQ@8beed2f
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
@@ -776,14 +776,17 @@
break;
}
$userData = [
‘display_name’ => $userName,
‘email’ => $email,
‘is_visible’ => $isVisible === ‘on’ ? 1 : 0
];
$success = $user->setUserData($userData);
if (0 !== strlen($password) && 0 !== strlen($confirm)) {
if (strlen($password) <= 7 || strlen($confirm) <= 7) {
$message = [‘error’ => $PMF_LANG[‘ad_passwd_fail’]];
break;
} else {
$userData = [
‘display_name’ => $userName,
‘email’ => $email,
‘is_visible’ => $isVisible === ‘on’ ? 1 : 0
];
$success = $user->setUserData($userData);
foreach ($user->getAuthContainer() as $author => $auth) {
if ($auth->setReadOnly()) {
continue;
Related news
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.10.