Minor Bug: Characters allowed in admin password Minor Bug: Characters allowed in admin password
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Minor Bug: Characters allowed in admin password

Started by adipisicing, December 28, 2007, 10:23:49 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

adipisicing

Summary:
The instructions and behavior install.php for what characters are allowed in the administration account's password do not match the documentation.

Details:
The instructions on the install page for creating an admin account say "Use only alphanumeric characters." Indeed, if nonalphanumeric characters are entered for the password, it is considered an error, and the user is told "Admin username and password must only contain alphanumeric characters."

However, in the section "2.1.2 The install screen" of the documentation, it says
QuoteThis will be your admin password to your coppermine install.... Use a combination of letters, numbers and special characters in your password. like " j3e4n5n6y* "

It also ocurrs to me that if the intended behavior is indeed to only accept alphanumeric characters, the install page should probably say "Use only alphanumeric characters in the username and password.", because that section also includes a field for the admin email address.

Version: 1.4.14

Miscellany:
Sorry if this is a duplicate or is already fixed in SVN, I couldn't find this in the bugs forum.
Let me know if I can be of additional help.

Also, thanks for CPG, it's a great piece of software!
Unless otherwise noted, all code that I post on these forums to which I hold the copyright is released under the GPLv2.

Joachim Müller

Thanks for spotting. I changed the docs both of cpg1.4.x as well as cpg1.5.x in the SVN repository, so the changes will make it into the next releases. The wording is now
QuoteThis will be your admin password to your coppermine install. Don't use trivial, overly abused passwords - if an attacker figures out your password, s/he will be able to hack your entire site! Use a combination of upper and lower case letters and numbers like "j3e4N5n6yG". Remember, passwords like your admin username are case sensitive. Be careful when creating your password. Write it down and keep it safe, preferably somewhere away from your computer.
Marking this thread as "fixed". Thanks again for your report.