Skip to content

Commit 1e1b813

Browse files
committed
remove change command from commandline (insecure, leaves history); fix output buffering
1 parent cdb4565 commit 1e1b813

1 file changed

Lines changed: 22 additions & 29 deletions

File tree

core/cli/Passwd.php

Lines changed: 22 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -24,37 +24,30 @@ public function run(array $args): bool
2424
exit(1);
2525
}
2626

27-
$cli_specified_password = $args[1] ?? '';
28-
if (trim($cli_specified_password)) {
29-
if (strlen($cli_specified_password) < 6) {
30-
echo 'Password must be at least 6 characters long.' . PHP_EOL;
31-
return false;
27+
exec('stty -echo');
28+
29+
$password = '';
30+
$password_again = '';
31+
32+
$valid = false;
33+
ob_end_clean(); // Clear output buffering so terminal echoing works properly.
34+
do {
35+
echo 'New password: ';
36+
$password = trim(readline());
37+
echo PHP_EOL . 'New password (again): ';
38+
$password_again = trim(readline());
39+
40+
if ($password != $password_again) {
41+
echo PHP_EOL . 'Passwords do not match.' . PHP_EOL;
42+
} elseif (strlen($password) < 6) {
43+
echo PHP_EOL . 'Password must be at least 6 characters long.' . PHP_EOL;
44+
} else {
45+
$valid = true;
3246
}
33-
$password = $cli_specified_password;
34-
} else {
35-
exec('stty -echo');
47+
} while (!$valid);
48+
ob_start(); // Resume output buffering.
3649

37-
$password = '';
38-
$password_again = '';
39-
40-
$valid = false;
41-
do {
42-
echo 'New password: ';
43-
$password = trim(readline());
44-
echo PHP_EOL . 'New password (again): ';
45-
$password_again = trim(readline());
46-
47-
if ($password != $password_again) {
48-
echo PHP_EOL . 'Passwords do not match.' . PHP_EOL;
49-
} elseif (strlen($password) < 6) {
50-
echo PHP_EOL . 'Password must be at least 6 characters long.' . PHP_EOL;
51-
} else {
52-
$valid = true;
53-
}
54-
} while (!$valid);
55-
56-
exec('stty echo');
57-
}
50+
exec('stty echo');
5851

5952
$passsword_hashed = password_hash($password . OB_HASH_SALT, PASSWORD_DEFAULT);
6053

0 commit comments

Comments
 (0)