Ticket #270 (closed defect: fixed)

Opened 11 months ago

Last modified 11 months ago

No error if the Verification Password is empty when joining

Reported by: ihispano Assigned to: misja
Priority: normal Milestone: 0.9.0
Component: core Version: 0.9.0
Severity: normal Keywords: password verification,password
Cc: Patch Included:
Review Stage:

Description

When filling out the information to join if the Verification Password box is left empty the form continues without any testing of the password.

In lib/elgglib.php function validate_login (~line 2099) 

    if (!empty($password2) && $password1 != $password2) {
        return false;
    }

so nothing happens if an empty string is passed in. Since the default value for validate_login's $password2 parameter is null, maybe it should be changed to: 

    if (!is_null($password2) && $password1 != $password2) {
        return false;
    }

I haven't tested this, so I don't what would be effected by changing it to is_null. Found on Elgg 0.9.

Change History

01/16/08 11:01:16 changed by ewout

  • status changed from new to closed.
  • resolution set to fixed.

Hopefully resolved in r1514.