| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 19890 | Bug reports | Security | public | 2024-12-13 17:14 | 2025-02-17 17:57 |
| Reporter | mferraz | Assigned To | tibor.pacalat | ||
| Priority | none | Severity | minor | ||
| Status | closed | Resolution | fixed | ||
| Product Version | 6.6.x | ||||
| Summary | 19890: The required password lenght is wrong | ||||
| Description | Hi. Some users are asked to set an 8-character password when setting a new password, but it is a minimal 12-character requirement. | ||||
| Steps To Reproduce | Set the password | ||||
| Tags | No tags attached. | ||||
| Bug heat | 266 | ||||
| Complete LimeSurvey version number (& build) | 6.8.2+241203 | ||||
| I will donate to the project if issue is resolved | No | ||||
| Browser | |||||
| Database type & version | PostgreSQL 13 | ||||
| Server OS (if known) | Ubuntu | ||||
| Webserver software & version (if known) | Apache | ||||
| PHP Version | PHP 8.1 | ||||
 |
@mferraz Do you mean on this screen (see screenshot)? If so I can confirm that the feedback up is wrong. It says minimum 8 characters, but this is not true. Screenshot 2025-02-03 at 11.40.29.png (90,307 bytes) |
|
|
Hi. That's right. |
 |
https://github.com/LimeSurvey/LimeSurvey/pull/4164 Before the fix, the error message showed all the rules, not just the one which was failing. It is to highlight that using the prior approach would only work for standard rules, not for rules set in the plugin: it is impossible to know the rules set in the plugin. For that there would have to be a new plugin event (or as workaround call the plugin empty password from User::getPasswordHelpText()) As a suggestion, I think the screen should show the rules in the screen it self before a password is submitted, calling the helptext method from the screen rendering. |
 |
Plugin can not set value of checkPasswordStrength ? Maybe report it as a new issue : my opinion : paswordPlugin can set (or update)
|
|
|
Fixed in Release 6.10.5+250217 |
