Potential minor bug in getNewPasswordErrors

2 posts by 2 authors in: Forums > CMS Builder
Last Post: Yesterday at 8:57pm (RSS)

Hey,

v3.78

lib/Password.php

Line 109/110:

// allow plugins to add additional password rules
$errors = \Plugin::filter('login_newPasswordErrors', $errors, $passwordText);

Prior to this, $error is an array e.g.

$errors[] = t("Password cannot start with $hashPrefix");

So, if the login_newPasswordErrors returns anything, it overwrites any $errors[] that may have also been triggered.

I've applied this, and it allows both the core password errors AND anything added by the filter to be combined into the one error array:

$extraErrors = \Plugin::filter('login_newPasswordErrors', $errors, $passwordText);     
$errors = array_merge($errors, $extraErrors);

For context (i.e. because maybe I'm using this addFilter wrong..!) my login_newPasswordErrors filter is set up like this:

addFilter('login_newPasswordErrors', 'customPasswordErrors', null, 4);

and the customPasswordErrors function returns an array.

Cheers

Rob

By Dave - Yesterday at 8:57pm

Hi Rob,

You want to treat $errors as an array inside the plugin hook function. And, you can use addFilter() or the new Plugin::filter() method.

Plugin::filter('login_newPasswordErrors', function ($errors, $passwordText) {
    $errors[] = "Changing password is disabled"; // add an error
    return $errors;
});

This let's you manipulate the errors as needed.  So if you remove them all it will bypass any errors, or if you add one.

Let me know if that makes sense.

Dave Edis - Senior Developer
interactivetools.com