merged 7.5 utf8 password fix
This commit is contained in:
parent
6193d6bef5
commit
3c325c9c5a
2 changed files with 47 additions and 22 deletions
|
|
@ -21,21 +21,6 @@
|
|||
definition and the table schema.
|
||||
- Fixed a limit bug in the asset discovery service.
|
||||
- Fixed #8853: link to manageWorkflows is broken
|
||||
- Fixed #8890: meta_loop in post form not working (United Knowledge)
|
||||
- added: ldaps and ldapi are now supported when working with LDAP authentication
|
||||
- rfe #740: Thingy Pre-Text (SDH Consulting Group)
|
||||
- rfe #746: use the menu title in asset manager
|
||||
- rfe #549: New macro for checking spectre status. VersionTag::RequestCommit and Operation::VestionTag::www_commitVertionTag now both check for spectre status before trying to commit.
|
||||
- rfe #637: Alphabetize wiki items under a keyword?
|
||||
- Autocommit assets like CS posts or Calendar Events can now be added before the
|
||||
parent is committed. They will go into the same version tag as their parent.
|
||||
- rfe #640: Refactored autocommit and autocomment
|
||||
- added a perltidyrc to the docs folder. we'll be using this to clean up code.
|
||||
- fixed: Site Nav navigation template can now be used more than once per page
|
||||
- added: TextArea now supports "maxlength" attribute
|
||||
- added: DataForm can now run a workflow when an entry is added
|
||||
- Fixed #8921: Duplicating templates through conventional methods maintains default template flag
|
||||
- Fixed #8962: Wrong mime-type used for json data
|
||||
- Added: WebGUI::Pluggable find() and findAndLoad() for easier module loading
|
||||
- Added RFE #327: Select All button to class list in Search asset
|
||||
- Fixed #8984: Weather Asset missing hoverhelp
|
||||
|
|
@ -162,6 +147,39 @@
|
|||
- fixed: Shelf/Product import export does not work
|
||||
- fixed: Shelf/Product import does not work with windows files
|
||||
|
||||
7.5.31
|
||||
- fixed: debian licensing problem with user list
|
||||
- fixed: Wrong password behaviour (#8905)
|
||||
- removed the old js file IndexedSearch/ColorPicker2.js that hasn't been used
|
||||
in about 3 years.
|
||||
- Fixed #8984: Weather Asset missing hoverhelp
|
||||
|
||||
7.5.30
|
||||
- fixed: can't add EMS tickets to badges
|
||||
- fixed 8962: Wrong mime-type used for json data
|
||||
- fixed: default site has no content
|
||||
- fixed: possible to execute arbitrary perl code as any user that can upload files
|
||||
|
||||
7.5.29
|
||||
- fixed: Site Nav is broken
|
||||
|
||||
7.5.28
|
||||
- Fixed #8890: meta_loop in post form not working (United Knowledge)
|
||||
- added: ldaps and ldapi are now supported when working with LDAP authentication
|
||||
- rfe #740: Thingy Pre-Text (SDH Consulting Group)
|
||||
- rfe #746: use the menu title in asset manager
|
||||
- rfe #549: New macro for checking spectre status. VersionTag::RequestCommit and Operation::VestionTag::www_commitVertionTag now both check for spectre status before trying to commit.
|
||||
- rfe #637: Alphabetize wiki items under a keyword?
|
||||
- Autocommit assets like CS posts or Calendar Events can now be added before the
|
||||
parent is committed. They will go into the same version tag as their parent.
|
||||
- rfe #640: Refactored autocommit and autocomment
|
||||
- added a perltidyrc to the docs folder. we'll be using this to clean up code.
|
||||
- fixed: Site Nav navigation template can now be used more than once per page
|
||||
- added: TextArea now supports "maxlength" attribute
|
||||
- added: DataForm can now run a workflow when an entry is added
|
||||
- Fixed #8921: Duplicating templates through conventional methods maintains default template flag
|
||||
- Fixed #8962: Wrong mime-type used for json data
|
||||
|
||||
7.5.24
|
||||
- fixed: Spelling mistake on site starter
|
||||
- fixed: DatePicker.js can now use different first days of the week.
|
||||
|
|
|
|||
|
|
@ -120,7 +120,7 @@ sub authenticate {
|
|||
|
||||
$identifier = $_[1];
|
||||
$userData = $self->getParams;
|
||||
if ((Digest::MD5::md5_base64(Encode::encode_utf8($identifier)) eq $$userData{identifier}) && ($identifier ne "")) {
|
||||
if (($self->hashPassword($identifier) eq $$userData{identifier}) && ($identifier ne "")) {
|
||||
return 1;
|
||||
}
|
||||
$self->user(WebGUI::User->new($self->session,1));
|
||||
|
|
@ -246,7 +246,7 @@ sub createAccountSave {
|
|||
my $properties;
|
||||
$properties->{ changeUsername } = $setting->get("webguiChangeUsername");
|
||||
$properties->{ changePassword } = $setting->get("webguiChangePassword");
|
||||
$properties->{ identifier } = Digest::MD5::md5_base64($password);
|
||||
$properties->{ identifier } = $self->hashPassword($password);
|
||||
$properties->{ passwordLastUpdated } = $session->datetime->time();
|
||||
$properties->{ passwordTimeout } = $setting->get("webguiPasswordTimeout");
|
||||
$properties->{ status } = 'Deactivated' if ($setting->get("webguiValidateEmail"));
|
||||
|
|
@ -409,7 +409,7 @@ sub editUserFormSave {
|
|||
my $userData = $self->getParams($userId);
|
||||
my $identifier = $self->session->form->process('authWebGUI.identifier');
|
||||
unless (!$identifier || $identifier eq "password") {
|
||||
$properties->{identifier} = Digest::MD5::md5_base64($self->session->form->process('authWebGUI.identifier'));
|
||||
$properties->{identifier} = $self->hashPassword($self->session->form->process('authWebGUI.identifier'));
|
||||
if($userData->{identifier} ne $properties->{identifier}){
|
||||
$properties->{passwordLastUpdated} =$self->session->datetime->time();
|
||||
}
|
||||
|
|
@ -671,6 +671,13 @@ sub getUserIdByPasswordRecoveryToken {
|
|||
return $session->db->quickScalar("select userId from authentication where fieldName = 'emailRecoverPasswordVerificationNumber' and fieldData = ?", [$token]);
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
sub hashPassword {
|
||||
my ($self, $password) = @_;
|
||||
return Digest::MD5::md5_base64(Encode::encode_utf8($password));
|
||||
}
|
||||
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
sub login {
|
||||
my $self = shift;
|
||||
|
|
@ -954,7 +961,7 @@ sub profileRecoverPasswordFinish {
|
|||
if ($self->_isValidPassword($password, $passwordConfirm)) {
|
||||
$self->user( $user );
|
||||
$self->saveParams($userId, $self->authMethod,
|
||||
{ identifier => Digest::MD5::md5_base64($password),
|
||||
{ identifier => $self->hashPassword($password),
|
||||
passwordLastUpdated => $self->session->datetime->time });
|
||||
$self->_logSecurityMessage;
|
||||
return $self->SUPER::login;
|
||||
|
|
@ -1103,7 +1110,7 @@ sub emailResetPasswordFinish {
|
|||
if ($self->_isValidPassword($password, $passwordConfirm)) {
|
||||
$self->user(WebGUI::User->new($self->session, $userId));
|
||||
$self->saveParams($userId, $self->authMethod,
|
||||
{ identifier => Digest::MD5::md5_base64($password),
|
||||
{ identifier => $self->hashPassword($password),
|
||||
passwordLastUpdated => $self->session->datetime->time });
|
||||
$self->_logSecurityMessage;
|
||||
|
||||
|
|
@ -1157,7 +1164,7 @@ sub resetExpiredPasswordSave {
|
|||
|
||||
return $self->resetExpiredPassword($u->userId, "<h1>".$i18n->get(70)."</h1><ul>".$error.'</ul>') if ($error);
|
||||
|
||||
$properties->{identifier} = Digest::MD5::md5_base64($self->session->form->process("identifier"));
|
||||
$properties->{identifier} = $self->hashPassword($self->session->form->process("identifier"));
|
||||
$properties->{passwordLastUpdated} =$self->session->datetime->time();
|
||||
|
||||
$self->saveParams($u->userId,$self->authMethod,$properties);
|
||||
|
|
@ -1229,7 +1236,7 @@ sub updateAccount {
|
|||
if($password){
|
||||
my $userData = $self->getParams;
|
||||
unless ($password eq "password") {
|
||||
$properties->{identifier} = Digest::MD5::md5_base64($password);
|
||||
$properties->{identifier} = $self->hashPassword($password);
|
||||
$self->_logSecurityMessage();
|
||||
if($userData->{identifier} ne $properties->{identifier}){
|
||||
$properties->{passwordLastUpdated} =$self->session->datetime->time();
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue