Changeset 7968

Show
Ignore:
Timestamp:
08/03/09 14:28:18 (3 years ago)
Author:
jjshoe
Message:

#3735
Don't send the actual secret in the email

Also warn if a secret is blank.

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • modules/branches/2.5/weakpasswords/functions.inc.php

    r7648 r7968  
    2929        $count = 0; 
    3030        foreach($weak as $details)  { 
    31           $extended_text .= sprintf(_("%s: %s / secret: %s => %s<br>"), $details['deviceortrunk'], $details['name'], $details['secret'], $details['message']); 
     31          $extended_text .= sprintf(_("%s: %s / %s<br>"), $details['deviceortrunk'], $details['name'], $details['message']); 
    3232          $count++; 
    3333        } 
     
    6565    $reversed = strrev($secret); 
    6666    $match = "0123456789"; 
    67     if(strpos($match,$secret) || strpos($match,$reversed))  { 
     67    if($secret == '') 
     68    { 
     69      $weak[] = array("deviceortrunk" => $deviceortrunk, "name" => $name, "message" => _("Secret is empty"), "secret" => $secret); 
     70    } 
     71    else if(strpos($match,$secret) || strpos($match,$reversed))  { 
    6872      $weak[] = array("deviceortrunk" => $deviceortrunk, "name" => $name, "message" => _("Secret has sequential digits"), "secret" => $secret); 
    6973    }