From: Calin Crisan <ccrisan@gmail.com>
Date: Sun, 28 May 2017 11:13:39 +0000 (+0300)
Subject: restrict admin password to some printable ascii characters
X-Git-Url: http://www.vanbest.org/gitweb/?a=commitdiff_plain;h=175e86c56f36dcddcdea7299c05eb15b1e757a97;p=motioneye-debian

restrict admin password to some printable ascii characters
---

diff --git a/motioneye/scripts/relayevent.sh b/motioneye/scripts/relayevent.sh
index c335870..5130fb4 100755
--- a/motioneye/scripts/relayevent.sh
+++ b/motioneye/scripts/relayevent.sh
@@ -15,7 +15,8 @@ if [ -f "$motioneye_conf" ]; then
         motion_conf="$conf_path/motion.conf"
         if [ -r "$motion_conf" ]; then
             username=$(cat $motion_conf | grep 'admin_username' | cut -d ' ' -f 3)
-            password=$(cat $motion_conf | grep 'admin_password' | cut -d ' ' -f 3 | sed -r 's/[^][a-zA-Z0-9\/?_.=&{}":, _]/-/g')
+            password=$(cat $motion_conf | grep 'admin_password' | cut -d ' ' -f 3 | sed -r 's/[^][a-zA-Z0-9/?_.=&{}":, _]/-/g')
+            echo "aa${password}aa" > /tmp/wtf
         fi
     fi
 fi
diff --git a/motioneye/static/js/main.js b/motioneye/static/js/main.js
index ac473f2..ac43386 100644
--- a/motioneye/static/js/main.js
+++ b/motioneye/static/js/main.js
@@ -569,6 +569,13 @@ function initUI() {
     makeTimeValidator($('input[type=text].time'));
     
     /* custom validators */
+    makeCustomValidator($('#adminPasswordEntry'), function (value) {
+        if (!value.toLowerCase().match(new RegExp('^[\x21-\x7F]*$'))) {
+            return "special characters are not allowed in admin password";
+        }
+        
+        return true;
+    }, '');
     makeCustomValidator($('#deviceNameEntry'), function (value) {
         if (!value) {
             return 'this field is required';