]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - IkiWiki/Plugin/passwordauth.pm
cherry-pick uri security fix
[git.ikiwiki.info.git] / IkiWiki / Plugin / passwordauth.pm
index a2e774c36e96c694207ec0505f2faddcdb7bc884..af16c27542257de13251adae31acdd6578d31b95 100644 (file)
@@ -26,9 +26,21 @@ sub formbuilder_setup (@) { #{{{
                
                if ($form->submitted eq "Register" || $form->submitted eq "Create Account") {
                        $form->field(name => "confirm_password", type => "password");
+                       $form->field(name => "account_creation_password", type => "password") if (length $config{account_creation_password});
                        $form->field(name => "email", size => 50);
                        $form->title("register");
                        $form->text("");
+               
+                       $form->field(name => "confirm_password",
+                               validate => sub {
+                                       shift eq $form->field("password");
+                               },
+                       );
+                       $form->field(name => "password",
+                               validate => sub {
+                                       shift eq $form->field("confirm_password");
+                               },
+                       );
                }
 
                if ($form->submitted) {
@@ -46,11 +58,12 @@ sub formbuilder_setup (@) { #{{{
        
                        if ($submittype eq "Create Account") {
                                $form->field(
-                                       name => "confirm_password",
+                                       name => "account_creation_password",
                                        validate => sub {
-                                               shift eq $form->field("password");
+                                               shift eq $config{account_creation_password};
                                        },
-                               );
+                                       required => 1,
+                               ) if (length $config{account_creation_password});
                                $form->field(
                                        name => "email",
                                        validate => "EMAIL",
@@ -112,13 +125,15 @@ sub formbuilder_setup (@) { #{{{
                        value => $session->param("name"), force => 1,
                        fieldset => "login");
                $form->field(name => "password", type => "password",
-                       fieldset => "login");
+                       fieldset => "login",
+                       validate => sub {
+                               shift eq $form->field("confirm_password");
+                       }),
                $form->field(name => "confirm_password", type => "password",
                        fieldset => "login",
                        validate => sub {
                                shift eq $form->field("password");
-                       });
-               
+                       }),
        }
 }
 
@@ -189,16 +204,13 @@ sub formbuilder (@) { #{{{
                if ($form->submitted eq "Save Preferences" && $form->validate) {
                        my $user_name=$form->field('name');
                        foreach my $field (qw(password)) {
-                               if (defined $form->field($field)) {
+                               if (defined $form->field($field) && length $form->field($field)) {
                                        IkiWiki::userinfo_set($user_name, $field, $form->field($field)) ||
                                                error("failed to set $field");
                                }
                        }
                }
        }
-       
-       IkiWiki::printheader($session);
-       print IkiWiki::misctemplate($form->title, $form->render(submit => $buttons));
 } #}}}
 
 1