diff --git a/install/index.php b/install/index.php
index 6026c0ae4..20896fce5 100644
--- a/install/index.php
+++ b/install/index.php
@@ -348,8 +348,11 @@ if (!file_exists('.lock')) {
" class="form-control" name="callbook_username" />
-
@@ -467,9 +470,12 @@ if (!file_exists('.lock')) {
-
@@ -1173,6 +1179,10 @@ if (!file_exists('.lock')) {
if (!directory_check() || !websiteurl_check()) {
return;
}
+ pwdForbiddenChars($('#callbook_password'));
+ if ($('#callbook_password').hasClass('is-invalid') && $('#callbook_password').val() != '') {
+ return;
+ }
if (passwordField.val() != '') {
user_pwd_check();
}
@@ -1262,6 +1272,17 @@ if (!file_exists('.lock')) {
}
}
+ function pwdForbiddenChars(field) {
+ let pwd = field.val();
+ let specialChars = /['"\/\\<>]/;
+
+ if (pwd != '') {
+ if (specialChars.test(pwd)) {
+ input_is_valid(field, false);
+ }
+ }
+ }
+
/*
*
* General Requirement Levels
@@ -1286,7 +1307,10 @@ if (!file_exists('.lock')) {
* Tab 3 - Configuration
*
* Rules:
- * Website-URL and Directory have to be green. No checks needed for 'Callbook' and 'Advanced Settings'.
+ * Website-URL and Directory have to be green. No checks needed 'Advanced Settings'.
+ *
+ * Callbook Password:
+ * - do not allow specialchars defined in pwdForbiddenChars() (hard)
*
* Directory:
* - no slash allowed (hard)
@@ -1315,6 +1339,10 @@ if (!file_exists('.lock')) {
websiteurl_check();
checklist_configuration();
});
+
+ $('#callbook_password').on('change', function() {
+ pwdForbiddenChars($('#callbook_password'));
+ });
});
function directory_check() {
@@ -1475,6 +1503,7 @@ if (!file_exists('.lock')) {
* Tab 5 - First User
*
* Rules:
+ * - do not allow specialchars in userpassword defined in pwdForbiddenChars() (hard)
* - No input can be empty (hard)
* - Locator have to match regex (hard)
* - E-Mail have to match regex (hard)
@@ -1514,6 +1543,9 @@ if (!file_exists('.lock')) {
emailField.on('change', function() {
email_verification();
});
+ passwordField.on('change', function() {
+ pwdForbiddenChars(passwordField);
+ });
cnfmPasswordField.on('change focusout', function() {
user_pwd_check();
});
@@ -1685,6 +1717,10 @@ if (!file_exists('.lock')) {
function checklist_configuration() {
var checklist_configuration = true;
+ if ($('#callbook_password').hasClass('is-invalid')) {
+ checklist_configuration = false;
+ }
+
if ($('#directory').hasClass('is-invalid')) {
checklist_configuration = false;
}
@@ -1787,4 +1823,4 @@ if (!file_exists('.lock')) {
header("Location: $websiteurl");
} ?>
-