diff options
| author | Stefan Giehl <stefan@matomo.org> | 2022-10-17 01:49:16 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-10-17 01:49:16 +0300 |
| commit | 90e0778bcd94d3ef120a587d77d6b50488c94695 (patch) | |
| tree | ce89a3b2956202f9b3356968cbf0be8e5ec14070 | |
| parent | 13c828a21b510d6ca46a1d16dc7968faaf8e1913 (diff) | |
Ensure password check can only throw wrong password error (#19861)
| -rw-r--r-- | core/Plugin/API.php | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/core/Plugin/API.php b/core/Plugin/API.php index a5aa8d73ee..275bbf0ed4 100644 --- a/core/Plugin/API.php +++ b/core/Plugin/API.php @@ -131,7 +131,17 @@ abstract class API $passwordConfirmation = Common::unsanitizeInputValue($passwordConfirmation); - if (!StaticContainer::get(PasswordVerifier::class)->isPasswordCorrect($loginCurrentUser, $passwordConfirmation)) { + try { + if ( + !StaticContainer::get(PasswordVerifier::class)->isPasswordCorrect( + $loginCurrentUser, + $passwordConfirmation + ) + ) { + throw new Exception(Piwik::translate('UsersManager_CurrentPasswordNotCorrect')); + } + } catch (Exception $e) { + // in case of any error (e.g. the provided password is too weak) throw new Exception(Piwik::translate('UsersManager_CurrentPasswordNotCorrect')); } } |