Some characters in passwords seems to make problems with the server

[insonic-Ivo]

Checklist

• I verified that Kanboard is correctly installed
• I verified that the problem does not come from a plugin
• I verified that the problem is not already reported
• I understand that Kanboard is in maintenance mode. It doesn't mean it's abandoned, but there is no significant feature development

Actual behaviour

If I want to set the following password, the system just shows me an Apache test page:
Example password:
8${)0b8>Y>y|l#l(}~:=<SsgqCa>g(7c
It seems there is a character, that confuses the Apache or the PHP scripts. Maybe this is also a security issue, because there is no qualified error message but an unexpected server response. Not sure how this password was set. Maybe an older version of Kanboard was able to handle this. But it doesn't work with 1.2.26 and 1.2.29.

Expected behaviour

I think it should accept every character that I can type in, or should tell me the limits and don't let me send it to the server.

Steps to reproduce

Just make a user and set the password that I wrote before.

Configuration

• Kanboard version: 1.2.29
• OS: Rocky Linux 8.8
• OS Version: Linux 4.18.0-477.10.1.el8_8.x86_64
• PHP Version: 8.1.19
• Datenbank Version: 10.10.4-MariaDB
• PHP SAPI: fpm-fcgi
• HTTP-Client: cURL
• Datenbanktreiber: mysql
• Apache Version: 2.4.37
• Browser: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/112.0

Screenshots

[fguillot]

I cannot reproduce your problem with the information provided. The fact that the default Apache test page is shown is a sign that something is misconfigured on your side.

[insonic-Ivo]

OK, that could be possible. I will dive into the apache config next days and hope I can find out why POST data breaks the vHost.

[insonic-Ivo]

I found out, that the character sequence '${}' makes this problem, but only on my server mentioned above. On a Debian 11 with containerized apache and Kanboard there is no problem.
I also couldn't find a config option that leads to this error page. I would be happy to find the source of the error, but at the moment I'm not sure how to do it.
However, I also think that it is not Kanboard's fault. At first I thought Kanboard works as an app and makes an incorrect call on the server, but since it is a simple form, the error must be with Apache. (or maybe with my configuration)