Download & Extend
Password policy » Issues

True unicode support

Posted by sionescu on August 17, 2011 at 9:02am
Project:Password policy
Version:7.x-1.x-dev
Component:Code
Category:feature request
Priority:major
Assigned:Unassigned
Status:fixed

Issue Summary

Problem/Motivation

Validation for passwords containing special unicode characters is not fully supported.

There is an issue with the way strings are iterated through, proper string size is calculated but the

<?php
$password[$i]
?>

approach goes through the string in 8bit increments so for example:
<?php
$password = "ăăPassword1" ;
$length = mb_strlen($password);

echo $length;
for($i = 0; $i<$length; $i++){
  echo $password[$i];
}
?>

Will output:
11ăăPasswor

Proposed resolution

We could use a function like:
http://www.php.net/manual/en/function.str-split.php#97690

<?php
function uni_strsplit($string, $split_length=1)
{
    preg_match_all('`.`u', $string, $arr);
    $arr = array_chunk($arr[0], $split_length);
    $arr = array_map('implode', $arr);
    return $arr;
}
?>

to get an array of actual unicode characters and then iterate with foreach

Remaining tasks

I will try to provide a patch, but please confirm that this is an issue.

Login or register to post comments

Comments

#1

Posted by sionescu on August 17, 2011 at 10:36am

This is the patch against master.
The password_policy_unicode_str_to_array function can be improved and moved to Drupal Core unicode.inc.

AttachmentSizeStatusTest resultOperations
unicode-1251756-1.patch5.98 KBTest request sentNoneView details

#2

Posted by erikwebb on November 4, 2011 at 4:03am
Status:active» needs work

I think strictly using either the PHP Multibyte String functions or, even better, Drupal's mbstring-safe functions drupal_strlen() and drupal_substr() would be a better approach.

#3

Posted by erikwebb on March 1, 2012 at 2:34pm
Version:7.x-1.0-beta1» 7.x-1.x-dev
Status:needs work» needs review

I think this general solution makes more sense -

<?php
  $chars = drupal_strlen($password);
  $num = 0;
  for ($i = 0; $i < $chars; ++$i) {
    if (ctype_alnum(drupal_substr($password, $i, 1))) {
      $num++;
    }
  }
?>

Look good?

AttachmentSizeStatusTest resultOperations
password_policy-true_unicode_support-1251756-3.patch6.26 KBTest request sentNoneView details

#4

Posted by erikwebb on May 2, 2012 at 6:59pm
Title:True unicode support.» True unicode support
Status:needs review» fixed

Fixed and committed.

http://drupalcode.org/project/password_policy.git/commit/f346f3e

#5

Posted by mongolito404 on May 11, 2012 at 3:39pm
Status:fixed» needs review

The commited patch still use the now undefined password_policy_unicode_str_to_array() function in password_policy_constraint_letter_validate().

The attached patch should fix the issue.

AttachmentSizeStatusTest resultOperations
password_policy-true_unicode_support_followup-1251756-5.patch1.21 KBTest request sentNoneView details

#6

Posted by erikwebb on May 18, 2012 at 9:34pm
Status:needs review» fixed

I know it's semantics, but in the future you should open a new issue and point to this one (even if I made a mistake in this commit).

Also you made this Git patch from a base level Git repo instead of one rooted in the module itself. I fixed the patch and committed with attribution.

http://drupalcode.org/project/password_policy.git/commit/9f404ef