Should Piwik check that the login & password have minimum length and valid characters?
public static isUserCredentialsSanityCheckEnabled ( ) : boolean | ||
Результат | boolean | True if checks enabled; false otherwise |
/** * Returns true if the password is complex enough (at least 6 characters and max 26 characters) * * @param $input string * @return bool */ public static function isValidPasswordString($input) { if (!SettingsPiwik::isUserCredentialsSanityCheckEnabled() && !empty($input)) { return true; } $l = strlen($input); return $l >= self::PASSWORD_MIN_LENGTH; }
/** * Returns `true` if the login is valid. * * _Warning: does not check if the login already exists! You must use UsersManager_API->userExists as well._ * * @param string $userLogin * @throws Exception * @return bool */ public static function checkValidLoginString($userLogin) { if (!SettingsPiwik::isUserCredentialsSanityCheckEnabled() && !empty($userLogin)) { return; } $loginMinimumLength = 2; $loginMaximumLength = 100; $l = strlen($userLogin); if (!($l >= $loginMinimumLength && $l <= $loginMaximumLength && preg_match('/^[A-Za-z0-9_.@+-]*$/D', $userLogin) > 0)) { throw new Exception(Piwik::translate('UsersManager_ExceptionInvalidLoginFormat', array($loginMinimumLength, $loginMaximumLength))); } }