From 230bf91da9be546c5cd4d2d47b2225eb6035f245 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sat, 18 Aug 2018 19:42:56 +0100
Subject: [PATCH] Password check

---
 webadmin/userprofile.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webadmin/userprofile.php b/webadmin/userprofile.php
index a9c6a7a2d..267528819 100755
--- a/webadmin/userprofile.php
+++ b/webadmin/userprofile.php
@@ -25,7 +25,7 @@ if (isset($_POST['submitchangepassword'])) {
 
     // Don't rely on php PRNG
     $newpassword = exec("openssl rand -base64 32 | tr -dc A-Za-z0-9 | head -c 10 ; echo -n ''");
-    if ((preg_match('/[^A-Za-z0-9]/', $newpassword)) && (strlen($newpassword)>9)) {
+    if ((preg_match('/^[a-z\d_]$/i', $newpassword)) && (strlen($newpassword)>9)) {
         exec('cp password_confirm_template.html password_confirm.html');
         exec('sed -i "s|USERNAME|'.$username.'|g" password_confirm.html');
         exec('sed -i "s|NEWPASSWORD|'.$newpassword.'|g" password_confirm.html');
-- 
GitLab