Author Topic: Wrong parameter parsing  (Read 15135 times)

Offline pvx

  • Newbie
  • *
  • Posts: 1
Wrong parameter parsing
« on: May 12, 2007, 11:34:56 AM »
PasswordMaker PHP edition 1.3 has a bug in argument parsing. All arguments in code are checked with isset() function, but code begins with setting all arguments to empty string (''), so isset() always returns true and default values for arguments are not set.

Which means that unless you set all arguments, PasswordMaker returns empty string (because error checking doesn't report anything to the user).

Quick fix is to remove (comment) the empty-string-init line:

Code: [Select]
//$args = array('alg'=>'md5', 'mpw'=>'', 'url'=>'', 'user'=>'', 'mod'=>'', 'len'=>'', 'charset'=>'', 'pfx'=>'', 'sfx'=>'', LEET=>'');
"Nicer" way would be to replace isset()s with !=''. Also it wouldn't hurt to report errors to the user   (if he enters invalid arguments).

PasswordMaker is a great idea, thanks to all developers!

Offline Miquel 'Fire' Burns

  • Administrator
  • *****
  • Posts: 1141
  • Programmer
    • http://www.miquelfire.com/
Wrong parameter parsing
« Reply #1 on: May 13, 2007, 02:44:06 AM »
Changing every !isset with empty should work with the logic the person who wrote that was going for.
"I'm not drunk, just sleep deprived."

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3348
    • http://passwordmaker.org/
Wrong parameter parsing
« Reply #2 on: May 13, 2007, 05:18:34 AM »
I see miquel has made the change and checked it into Subversion on SourceForge. Thanks, Miquel! Feel free to publish it in a new release.

PasswordMaker Forums

Wrong parameter parsing
« Reply #2 on: May 13, 2007, 05:18:34 AM »