-
Notifications
You must be signed in to change notification settings - Fork 754
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix wrong non alphanumeric regex when validate password #3059
Fix wrong non alphanumeric regex when validate password #3059
Conversation
Release/9.4.x
Release/9.4.x
- To allow _ - as valid non alphanumeric characters
Does anyone see a reason whey - and _ would have been not accepted previously because of ActiveDirectory or other authentication providers or some such? I am approving the changes, just wondering why it was like that... |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a good solution IMO. The password validation logic was incorrectly using this InvalidCharacters
regex which was intended to be used to validate CSS class names and HTML identifiers.
…eric-regex-update-password
* Remove disposal of MemoryStream for email attachments sent using SendtokenizedBuilkEmail * Corrected references to older site URL (#3056) * Corrected references to older site URL * corrected typo from replacement of registered character * Made the BuildAll task default + docs * Fixed a typo * Update .github/BUILD.md Co-Authored-By: Brian Dukes <bdukes@engagesoftware.com> * Update .github/BUILD.md Co-Authored-By: Brian Dukes <bdukes@engagesoftware.com> * Remove reference to empty fs npm package (#3094) fs is a core package, and the version on the npm registry is just an empty package; this was almost certainly added accidentally Fixes #3091 * Added defensive coding to prevent memory leaks * Updates .Net 4.7.2 warning for NL and DE languages (#3032) * Updated de-DE text As per Sebastian Leupold translation * Updated nl-NL warning about .Net 4.7.2 As per Timo Breumelhof translation * DNN-29557 - Infinite while loop fix (#3123) * Update Pages.resx SEO tip for creating a title (cherry picked from commit 04d1ee6) * DNN-31121 - Fix the non alphanumeric character regex (#3059) * DNN-7818: add send verification mail link in unverified message. * Add 'fileName' to condition when checking request for logo file. * Permissions for default folders (#3024) (cherry picked from commit e77a281) * DNN-32978 Copying pro html module don't modify the permission * Fixes errors with previous build scripts following PB merge * Updates issue templates and build docs (#3165) * Updates documentation as per recent changes * Added version information * Removed unneeded BuildAll parameter * Added back how to clean * Was already clearer * Documentation action cleanup (#3171) * Add validation method with IsNullOrWhiteSpace check. Use method to validate RoleGroup Name. closes #2927 (#3170) * OAuthClientBase now returns the correct RequestingCode instead of aborting the thread (#3152)
* Remove disposal of MemoryStream for email attachments sent using SendtokenizedBuilkEmail * Corrected references to older site URL (#3056) * Corrected references to older site URL * corrected typo from replacement of registered character * Made the BuildAll task default + docs * Fixed a typo * Update .github/BUILD.md Co-Authored-By: Brian Dukes <bdukes@engagesoftware.com> * Update .github/BUILD.md Co-Authored-By: Brian Dukes <bdukes@engagesoftware.com> * Remove reference to empty fs npm package (#3094) fs is a core package, and the version on the npm registry is just an empty package; this was almost certainly added accidentally Fixes #3091 * Added defensive coding to prevent memory leaks * Updates .Net 4.7.2 warning for NL and DE languages (#3032) * Updated de-DE text As per Sebastian Leupold translation * Updated nl-NL warning about .Net 4.7.2 As per Timo Breumelhof translation * DNN-29557 - Infinite while loop fix (#3123) * Update Pages.resx SEO tip for creating a title (cherry picked from commit 04d1ee6) * DNN-31121 - Fix the non alphanumeric character regex (#3059) * DNN-7818: add send verification mail link in unverified message. * Add 'fileName' to condition when checking request for logo file. * Permissions for default folders (#3024) (cherry picked from commit e77a281) * DNN-32978 Copying pro html module don't modify the permission * Fixes errors with previous build scripts following PB merge * Updates issue templates and build docs (#3165) * Updates documentation as per recent changes * Added version information * Removed unneeded BuildAll parameter * Added back how to clean * Was already clearer * Documentation action cleanup (#3171) * Add validation method with IsNullOrWhiteSpace check. Use method to validate RoleGroup Name. closes #2927 (#3170) * OAuthClientBase now returns the correct RequestingCode instead of aborting the thread (#3152) * Created INavigationManager to replace Globals.NavigateURL (#3160) * Added INavigationManager and updated Globals to reference new INavigationManager * Updated CreateModule to use new INavigationManager * Deprecated NavigateURL for v11.0 * Updated viewsource to use INavigationManager * Migrated Globals.NavigateUrl to use INavigationManager * Updated persona bar controllers to use NavigateUrl * Refactored NavigateURL to use new INavigationManager * Refactored Globals.NavigateURL -> INavigationManager * Refactored more NavigationManager usages * Updated more references to Globals.NavigateURL to use INavigationManager * Cleaned up mistakes that happened in config files in csproj files. These changes were auto-generated by visual studio and shouldn't have been made * removed generated nodes from csproj * Fixed spacing in web.config * Updated old Globals.NavigateURL methods to use registered INavigationManager so everything will execute the same code path * Updated INavigationManager reference to be static readonly instead of an instance property * Aliased Constants to 'Dnn.PersonaBar.Libary.Constants' to handle ambiguity * Added DependencyInjection to website project and updated RazorHost and Export * Updated DotNetNuke.Website Globals.NavigateURL references to use the new INavigationManager * Added missing using statement * Fixing typo Co-Authored-By: Brian Dukes <bdukes@engagesoftware.com> * Removing whitespace Co-Authored-By: Brian Dukes <bdukes@engagesoftware.com> * Fix typo * Use GetRequiredService for INavigationManager Rather than waiting for a null reference later when it's used, there's never a scenario where this dependency is expected to be missing, so we want to indicate that it's expected and recieve an error right away if there's an issue * Added new DotNetNuke.Abstractions project for storing different common abstractions for the platform * Updated all (non website project) classes to use INavigationManager from the new DotNetNuke.Abstractions project * Updated Website Project to use the INavigationManager from the new DotNetNuke.Abstractions project * Removed unnecessary attributes from NavigationManager * Updated redirection controller tests to mock out the DependencyProvider and the INavigationManager to fix failing unit tests * Fixed failing unit tests with mocking out INavigationManager * Removed private fields for DependencyProvider * Added singleton clear statements to prevent the INavigationManager from remaining in memory and conflicts between unit tests * Reset singleton state for PortalController to reduce side-effects from other tests and stale object state from Dependency Injection * Moved state cleanup code to teardown routine * Fixed failing unit tests in tests.web project. Added mocks for INavigationManager so the DepenencyProvider can resolve * Added new DotNetNuke.Abstractions.nuspec to create NuGets during build * Added missing nuspec files to the solution file * Updated copyright on all nuget files * Added .NET Foundation file headers to new Abstraction files * Resolved duplicate addition of DotNetNuke.Abstractions to sln file * Added SetTestableInstance and Clear methods to make it easier to test Components. The new methods are internal * Added happy path test for Navigation Manager * Added NavigationManager tests * Updated all INavigationManager references in .ascx.cs files to use private readonly since there should never be a child class * Removed extra's added by visual studio to .csproj files
…e#3178) * Remove disposal of MemoryStream for email attachments sent using SendtokenizedBuilkEmail * Corrected references to older site URL (dnnsoftware#3056) * Corrected references to older site URL * corrected typo from replacement of registered character * Made the BuildAll task default + docs * Fixed a typo * Update .github/BUILD.md Co-Authored-By: Brian Dukes <bdukes@engagesoftware.com> * Update .github/BUILD.md Co-Authored-By: Brian Dukes <bdukes@engagesoftware.com> * Remove reference to empty fs npm package (dnnsoftware#3094) fs is a core package, and the version on the npm registry is just an empty package; this was almost certainly added accidentally Fixes dnnsoftware#3091 * Added defensive coding to prevent memory leaks * Updates .Net 4.7.2 warning for NL and DE languages (dnnsoftware#3032) * Updated de-DE text As per Sebastian Leupold translation * Updated nl-NL warning about .Net 4.7.2 As per Timo Breumelhof translation * DNN-29557 - Infinite while loop fix (dnnsoftware#3123) * Update Pages.resx SEO tip for creating a title (cherry picked from commit 04d1ee6) * DNN-31121 - Fix the non alphanumeric character regex (dnnsoftware#3059) * DNN-7818: add send verification mail link in unverified message. * Add 'fileName' to condition when checking request for logo file. * Permissions for default folders (dnnsoftware#3024) (cherry picked from commit e77a281) * DNN-32978 Copying pro html module don't modify the permission * Fixes errors with previous build scripts following PB merge * Updates issue templates and build docs (dnnsoftware#3165) * Updates documentation as per recent changes * Added version information * Removed unneeded BuildAll parameter * Added back how to clean * Was already clearer * Documentation action cleanup (dnnsoftware#3171) * Add validation method with IsNullOrWhiteSpace check. Use method to validate RoleGroup Name. closes dnnsoftware#2927 (dnnsoftware#3170) * OAuthClientBase now returns the correct RequestingCode instead of aborting the thread (dnnsoftware#3152)
* Remove disposal of MemoryStream for email attachments sent using SendtokenizedBuilkEmail * Corrected references to older site URL (dnnsoftware#3056) * Corrected references to older site URL * corrected typo from replacement of registered character * Made the BuildAll task default + docs * Fixed a typo * Update .github/BUILD.md Co-Authored-By: Brian Dukes <bdukes@engagesoftware.com> * Update .github/BUILD.md Co-Authored-By: Brian Dukes <bdukes@engagesoftware.com> * Remove reference to empty fs npm package (dnnsoftware#3094) fs is a core package, and the version on the npm registry is just an empty package; this was almost certainly added accidentally Fixes dnnsoftware#3091 * Added defensive coding to prevent memory leaks * Updates .Net 4.7.2 warning for NL and DE languages (dnnsoftware#3032) * Updated de-DE text As per Sebastian Leupold translation * Updated nl-NL warning about .Net 4.7.2 As per Timo Breumelhof translation * DNN-29557 - Infinite while loop fix (dnnsoftware#3123) * Update Pages.resx SEO tip for creating a title (cherry picked from commit 04d1ee6) * DNN-31121 - Fix the non alphanumeric character regex (dnnsoftware#3059) * DNN-7818: add send verification mail link in unverified message. * Add 'fileName' to condition when checking request for logo file. * Permissions for default folders (dnnsoftware#3024) (cherry picked from commit e77a281) * DNN-32978 Copying pro html module don't modify the permission * Fixes errors with previous build scripts following PB merge * Updates issue templates and build docs (dnnsoftware#3165) * Updates documentation as per recent changes * Added version information * Removed unneeded BuildAll parameter * Added back how to clean * Was already clearer * Documentation action cleanup (dnnsoftware#3171) * Add validation method with IsNullOrWhiteSpace check. Use method to validate RoleGroup Name. closes dnnsoftware#2927 (dnnsoftware#3170) * OAuthClientBase now returns the correct RequestingCode instead of aborting the thread (dnnsoftware#3152) * Created INavigationManager to replace Globals.NavigateURL (dnnsoftware#3160) * Added INavigationManager and updated Globals to reference new INavigationManager * Updated CreateModule to use new INavigationManager * Deprecated NavigateURL for v11.0 * Updated viewsource to use INavigationManager * Migrated Globals.NavigateUrl to use INavigationManager * Updated persona bar controllers to use NavigateUrl * Refactored NavigateURL to use new INavigationManager * Refactored Globals.NavigateURL -> INavigationManager * Refactored more NavigationManager usages * Updated more references to Globals.NavigateURL to use INavigationManager * Cleaned up mistakes that happened in config files in csproj files. These changes were auto-generated by visual studio and shouldn't have been made * removed generated nodes from csproj * Fixed spacing in web.config * Updated old Globals.NavigateURL methods to use registered INavigationManager so everything will execute the same code path * Updated INavigationManager reference to be static readonly instead of an instance property * Aliased Constants to 'Dnn.PersonaBar.Libary.Constants' to handle ambiguity * Added DependencyInjection to website project and updated RazorHost and Export * Updated DotNetNuke.Website Globals.NavigateURL references to use the new INavigationManager * Added missing using statement * Fixing typo Co-Authored-By: Brian Dukes <bdukes@engagesoftware.com> * Removing whitespace Co-Authored-By: Brian Dukes <bdukes@engagesoftware.com> * Fix typo * Use GetRequiredService for INavigationManager Rather than waiting for a null reference later when it's used, there's never a scenario where this dependency is expected to be missing, so we want to indicate that it's expected and recieve an error right away if there's an issue * Added new DotNetNuke.Abstractions project for storing different common abstractions for the platform * Updated all (non website project) classes to use INavigationManager from the new DotNetNuke.Abstractions project * Updated Website Project to use the INavigationManager from the new DotNetNuke.Abstractions project * Removed unnecessary attributes from NavigationManager * Updated redirection controller tests to mock out the DependencyProvider and the INavigationManager to fix failing unit tests * Fixed failing unit tests with mocking out INavigationManager * Removed private fields for DependencyProvider * Added singleton clear statements to prevent the INavigationManager from remaining in memory and conflicts between unit tests * Reset singleton state for PortalController to reduce side-effects from other tests and stale object state from Dependency Injection * Moved state cleanup code to teardown routine * Fixed failing unit tests in tests.web project. Added mocks for INavigationManager so the DepenencyProvider can resolve * Added new DotNetNuke.Abstractions.nuspec to create NuGets during build * Added missing nuspec files to the solution file * Updated copyright on all nuget files * Added .NET Foundation file headers to new Abstraction files * Resolved duplicate addition of DotNetNuke.Abstractions to sln file * Added SetTestableInstance and Clear methods to make it easier to test Components. The new methods are internal * Added happy path test for Navigation Manager * Added NavigationManager tests * Updated all INavigationManager references in .ascx.cs files to use private readonly since there should never be a child class * Removed extra's added by visual studio to .csproj files
Fixes #3058
Summary