From a5c03db798d258e776995ec7c860edc689acd3ee Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Sun, 18 Oct 2015 03:37:46 -0400
Subject: [PATCH] Security: Added options to validate username/password on logon (#1490500)

---
 config/defaults.inc.php |    9 +++++++++
 1 files changed, 9 insertions(+), 0 deletions(-)

diff --git a/config/defaults.inc.php b/config/defaults.inc.php
index d53b700..eef7de4 100644
--- a/config/defaults.inc.php
+++ b/config/defaults.inc.php
@@ -306,6 +306,7 @@
 // Lifetime of LDAP cache. Possible units: s, m, h, d, w
 $config['ldap_cache_ttl'] = '10m';
 
+
 // ----------------------------------
 // SYSTEM
 // ----------------------------------
@@ -377,6 +378,14 @@
 //       UPDATE users SET username = LOWER(username);
 $config['login_lc'] = 2;
 
+// Maximum length (in bytes) of logon username and password.
+$config['login_username_maxlen'] = 1024;
+$config['login_password_maxlen'] = 1024;
+
+// Logon username filter. Regular expression for use with preg_match().
+// Example: '/^[a-z0-9_@.-]+$/'
+$config['login_username_filter'] = null;
+
 // Includes should be interpreted as PHP files
 $config['skin_include_php'] = false;
 

--
Gitblit v1.9.1