Multibyte support for PasswordLength constraint

Created on 14 June 2023, over 1 year ago
Updated 8 April 2024, 9 months ago

Problem/Motivation

Using multibyte characters in a password results in a miscalculated length, potentially leading to passwords not meeting length constraints.

E.g. for the password abcΒ£, strlen() returns the length 5. If the minimum password length was 5 then this password would pass even though it is only 4 characters long.

Steps to reproduce

  • Set up a password policy with a length constraint.
  • Use one multibyte character in a password that appears to be one character shorter than the constraint.
  • Password is allowed when it shouldn't be.

Proposed resolution

  • Replace strlen() with mb_strlen()

Remaining tasks

User interface changes

N/A

API changes

N/A

Data model changes

N/A

πŸ› Bug report
Status

Fixed

Version

4.0

Component

Code

Created by

πŸ‡¬πŸ‡§United Kingdom justanothermark

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

Production build 0.71.5 2024