From 38d010c693ce342c4274382f8208cb84e455c8c4 Mon Sep 17 00:00:00 2001
From: Jan-Hendrik Willms <tleilax+studip@gmail.com>
Date: Tue, 17 May 2022 11:09:39 +0000
Subject: [PATCH] fix password validation

Closes #1066

Merge request studip/studip!631
---
 app/controllers/admin/user.php        | 3 ++-
 lib/classes/StudipInstaller.php       | 2 +-
 lib/phplib/email_validation.class.php | 4 ++--
 3 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/app/controllers/admin/user.php b/app/controllers/admin/user.php
index 7254eea37ce..9f574e2aec8 100644
--- a/app/controllers/admin/user.php
+++ b/app/controllers/admin/user.php
@@ -419,7 +419,8 @@ class Admin_UserController extends AuthenticatedController
             //change password
             if (($GLOBALS['perm']->have_perm('root') && Config::get()->ALLOW_ADMIN_USERACCESS) && (Request::get('pass_1') != '' || Request::get('pass_2') != '')) {
                 if (Request::get('pass_1') == Request::get('pass_2')) {
-                    if (mb_strlen(Request::get('pass_1')) < 4) {
+                    $validator = new email_validation_class();
+                    if (!$validator->ValidatePassword(Request::get('pass_1'))) {
                         $details[] = _('Das Passwort ist zu kurz. Es sollte mindestens 8 Zeichen lang sein.');
                     } else {
                         $um->changePassword(Request::get('pass_1'));
diff --git a/lib/classes/StudipInstaller.php b/lib/classes/StudipInstaller.php
index 4b2f341df1c..b2c10f0c915 100644
--- a/lib/classes/StudipInstaller.php
+++ b/lib/classes/StudipInstaller.php
@@ -2,7 +2,7 @@
 final class StudipInstaller
 {
     const USERNAME_REGEX = '/^([a-zA-Z0-9_@.-]{4,})$/';
-    const PASSWORD_REGEX = '/^([[:print:]]{8,72})$/';
+    const PASSWORD_REGEX = '/^([[:print:]]{8,})$/';
 
     private $base_path;
 
diff --git a/lib/phplib/email_validation.class.php b/lib/phplib/email_validation.class.php
index 94ba99b7c17..070fa0213fa 100644
--- a/lib/phplib/email_validation.class.php
+++ b/lib/phplib/email_validation.class.php
@@ -9,7 +9,7 @@
 class email_validation_class
 {
     var $username_regular_expression=null;
-    var $password_regular_expression="/^(.{8,72})\$/";
+    var $password_regular_expression="/^.{8,}\$/";
     var $name_regular_expression='/^[_ a-zA-ZÃ€-Ã¿\'-]+$/';
     var $telefon_regular_expression="/^([0-9 \(\)\\/+_-]*)\$/";
     var $timeout=10;
@@ -97,7 +97,7 @@ class email_validation_class
 
     Function ValidatePassword($password)
     {
-        return(preg_match($this->password_regular_expression,$password)!=0);
+        return preg_match($this->password_regular_expression, $password) != 0;
     }
 
     Function ValidateName($name)
-- 
GitLab