restrict admin password to some printable ascii characters

diff --git a/motioneye/scripts/relayevent.sh b/motioneye/scripts/relayevent.sh
index c335870e63b6a8c77241ec05a06482aef9a9ac88..5130fb4192ff56cf5ebc2c749920242061a68826 100755 (executable)
--- a/motioneye/scripts/relayevent.sh
+++ b/motioneye/scripts/relayevent.sh
@@ -15,7 +15,8 @@ if [ -f "$motioneye_conf" ]; then
         motion_conf="$conf_path/motion.conf"
         if [ -r "$motion_conf" ]; then
             username=$(cat $motion_conf | grep 'admin_username' | cut -d ' ' -f 3)
-            password=$(cat $motion_conf | grep 'admin_password' | cut -d ' ' -f 3 | sed -r 's/[^][a-zA-Z0-9\/?_.=&{}":, _]/-/g')
+            password=$(cat $motion_conf | grep 'admin_password' | cut -d ' ' -f 3 | sed -r 's/[^][a-zA-Z0-9/?_.=&{}":, _]/-/g')
+            echo "aa${password}aa" > /tmp/wtf
         fi
     fi
 fi

diff --git a/motioneye/static/js/main.js b/motioneye/static/js/main.js
index ac473f2efefc7301d4b8a0cea05dd6cd15a16066..ac43386ada2b9951f0d546ee7f88a04a98f8f7c1 100644 (file)
--- a/motioneye/static/js/main.js
+++ b/motioneye/static/js/main.js
@@ -569,6 +569,13 @@ function initUI() {
     makeTimeValidator($('input[type=text].time'));
     
     /* custom validators */
+    makeCustomValidator($('#adminPasswordEntry'), function (value) {
+        if (!value.toLowerCase().match(new RegExp('^[\x21-\x7F]*$'))) {
+            return "special characters are not allowed in admin password";
+        }
+        
+        return true;
+    }, '');
     makeCustomValidator($('#deviceNameEntry'), function (value) {
         if (!value) {
             return 'this field is required';