From 9e05e667ec93f225f8d2d7d1eae65a887e203dbb Mon Sep 17 00:00:00 2001 From: iglocska Date: Fri, 20 Nov 2020 11:16:57 +0100 Subject: [PATCH] fix: [password validation] don't accept linebreaks - as reported by cert.sk --- src/Model/Table/UsersTable.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Model/Table/UsersTable.php b/src/Model/Table/UsersTable.php index 7f82624..d294914 100644 --- a/src/Model/Table/UsersTable.php +++ b/src/Model/Table/UsersTable.php @@ -38,7 +38,7 @@ class UsersTable extends AppTable ->add('password', [ 'password_complexity' => [ 'rule' => function($value, $context) { - if (!preg_match('/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/', $value) || strlen($value) < 12) { + if (!preg_match('/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/s', $value) || strlen($value) < 12) { return false; } return true;