[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Patch for ledgersmb 1.2 AM.pm am.pl
- Subject: Patch for ledgersmb 1.2 AM.pm am.pl
- From: ..hidden..
- Date: Fri, 16 May 2014 20:22:27 -0700
I have a small security patch for Ledgersmb 1.2.
LedgerSMB/AM.pm
and bin/am.pl
Basically it requires the validation of a users password before a password
change.
Happy spring from ultra dry Silicon Valley!
-turtle
Index: AM.pm
===================================================================
--- AM.pm (revision 6968)
+++ AM.pm (working copy)
@@ -1356,12 +1356,18 @@
company menuwidth countrycode address timeout stylesheet
printer password);
- if ( $form->{old_password} && $form->{new_password}
- && $form->{new_password} eq $form->{confirm_password}
- ){
- $myconfig->{password} = $form->{new_password};
- $myconfig->{if_old_password} = $form->{old_password};
+ #removed the existing password from the form.
+ #Require user to supply a valid password for a password change. --Turtle
+ if ($form->{new_password} eq $form->{confirm_password}) {
+ if ($form->{new_password} && $form->{new_password} ne '' ) {
+ if (Session::password_check($form, $form->{login}, $form->{old_password})){
+ $myconfig->{password} = $form->{new_password};
+ }
+ else{ $form->error("Current password incorrect");}
+ }
}
+ else { $form->error("New passwords do not match");}
+
$myconfig->{save_preferences} = '1';
$myconfig->save_member();
Index: am.pl
===================================================================
--- am.pl (revision 6968)
+++ am.pl (working copy)
@@ -2340,7 +2340,7 @@
</tr>
<tr>
<th align="right">| . $locale->text('Password') . qq|</th>
- <td><input type=password name=new_password size=10 value="$myconfig{password}"></td>
+ <td><input type=password name=new_password size=10 value=""></td>
</tr>
<tr>
<th align="right">| . $locale->text('Confirm') . qq|</th>------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get unparalleled scalability from the best Selenium testing platform available
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Ledger-smb-devel mailing list
..hidden..
https://lists.sourceforge.net/lists/listinfo/ledger-smb-devel