| Subject: | Password-check containing an "&" fails |
Hi,
if you pass a passphrase containing an "&" to Data-Password-Check it'll treat the "&" as a unix command. Tested on - and with:
Data-Password-Check-1.05
uname -a: Linux 2.6.11.4-21.9-smp
perl -v: v5.8.6 built for x86_64-linux-thread-multi
perltest.pl:
--- snip ---
#!/usr/bin/perl -w
#
#
# use strict;
use warnings;
use Data::Password::Check;
# Flush STDOUT
$| = 1;
$pwd_to_check = $ARGV[0];
# check a password
# $result = Data::Password::Check->check({'password' => $pwd_to_check});
### Main ###
#
my $pwcheck = Data::Password::Check->check({
'password' => $pwd_to_check
});
# did the password failed any tests?
if ($pwcheck->has_errors) {
# print the errors
print "The password $pwd_to_check was found to be: \n";
print(
join("\n", @{ $pwcheck->error_list }),
"\n"
);
}
--- snap ---
# perl perltest.pl hhh&jjj results in:
[1] 21707
-bash: jjj: command not found
ossim:/srv/www/cgi-bin # The password hhh was found to be:
The password must be at least 6 characters
Your password must contain a mixture of lower and upper-case letters
You cannot use a single repeated character as a password
[1]+ Done perl perltest.pl hhh
#
I wonder if there's an example/documentation about how to use the Password-Check in conjunction with an apache-server?
Regards,
J.Schecker