This repository was archived by the owner on May 4, 2021. It is now read-only.
This repository was archived by the owner on May 4, 2021. It is now read-only.
DVORAK mangles key IDs #16
Open
Description
In parsePasswordOTP, if the user is using the DVORAK keyboard layout, you take care of fixing the OTP, but leave the rest of the values mangled.
This means that if they switch back to a QWERTY based keyboard layout, their key ID will no longer match.
I would suggest something like this instead:
function parsePasswordOTP($str, $delim = '[:]')
{
/* Dvorak? */
if (preg_match("/^((.*)" . $delim . ")?" .
"(([jxe.uidchtnbpygkJXE.UIDCHTNBPYGK]{0,16})" .
"([jxe.uidchtnbpygkJXE.UIDCHTNBPYGK]{32}))$/",
$str, $matches))
{
// Un-mangle the OTP (convert from DVORAK -> QWERTY)
$str = strtr($str, "jxe.uidchtnbpygk", "cbdefghijklnrtuv");
}
if (!preg_match("/^((.*)" . $delim . ")?" .
"(([cbdefghijklnrtuvCBDEFGHIJKLNRTUV]{0,16})" .
"([cbdefghijklnrtuvCBDEFGHIJKLNRTUV]{32}))$/",
$str, $matches))
{
return false;
}
$ret['otp'] = $matches[3];
$ret['password'] = $matches[2];
$ret['prefix'] = $matches[4];
$ret['ciphertext'] = $matches[5];
return $ret;
}Metadata
Metadata
Assignees
Labels
No labels