diff --git a/src/zm_user.cpp b/src/zm_user.cpp
index 6dbfb56fa..da0c66416 100644
--- a/src/zm_user.cpp
+++ b/src/zm_user.cpp
@@ -245,3 +245,18 @@ User *zmLoadAuthUser( const char *auth, bool use_remote_addr ) {
Debug(1, "No user found for auth_key %s", auth );
return 0;
}
+
+//Function to check Username length
+bool checkUser ( const char *username) {
+ if ( strlen(username) > 32) {
+ return false;
+ }
+ return true;
+}
+//Function to check password length
+bool checkPass (const char *password) {
+ if ( strlen(password) > 64) {
+ return false;
+ }
+ return true;
+}
diff --git a/src/zm_user.h b/src/zm_user.h
index 37bf45736..00c61185b 100644
--- a/src/zm_user.h
+++ b/src/zm_user.h
@@ -77,5 +77,7 @@ public:
User *zmLoadUser( const char *username, const char *password=0 );
User *zmLoadAuthUser( const char *auth, bool use_remote_addr );
+bool checkUser ( const char *username);
+bool checkPass (const char *password);
#endif // ZM_USER_H
diff --git a/src/zms.cpp b/src/zms.cpp
index a5fef0134..634e07030 100644
--- a/src/zms.cpp
+++ b/src/zms.cpp
@@ -191,9 +191,12 @@ int main( int argc, const char *argv[] ) {
User *user = 0;
if ( strcmp(config.auth_relay, "none") == 0 ) {
- if ( username.length() ) {
+ if ( checkUser(username.c_str()) ) {
user = zmLoadUser(username.c_str());
+ } else {
+ Error("")
}
+
} else {
//if ( strcmp( config.auth_relay, "hashed" ) == 0 )
{
diff --git a/src/zmu.cpp b/src/zmu.cpp
index af6cb603d..a8ee61273 100644
--- a/src/zmu.cpp
+++ b/src/zmu.cpp
@@ -425,6 +425,10 @@ int main(int argc, char *argv[]) {
if ( config.opt_use_auth ) {
if ( strcmp(config.auth_relay, "none") == 0 ) {
+ if ( !checkUser(username)) {
+ fprintf(stderr, "Error, username greater than allowed 32 characters\n");
+ exit_zmu(-1);
+ }
if ( !username ) {
fprintf(stderr, "Error, username must be supplied\n");
exit_zmu(-1);
@@ -438,7 +442,14 @@ int main(int argc, char *argv[]) {
fprintf(stderr, "Error, username and password or auth string must be supplied\n");
exit_zmu(-1);
}
-
+ if ( !checkUser(username)) {
+ fprintf(stderr, "Error, username greater than allowed 32 characters\n");
+ exit_zmu(-1);
+ }
+ if ( !checkPass(password)) {
+ fprintf(stderr, "Error, password greater than allowed 64 characters\n");
+ exit_zmu(-1);
+ }
//if ( strcmp( config.auth_relay, "hashed" ) == 0 )
{
if ( auth ) {
diff --git a/web/skins/classic/includes/control_functions.php b/web/skins/classic/includes/control_functions.php
index 6274afae5..ec51458ee 100644
--- a/web/skins/classic/includes/control_functions.php
+++ b/web/skins/classic/includes/control_functions.php
@@ -270,7 +270,7 @@ function controlPresets( $monitor, $cmds ) {
NumPresets(); $i++ ) {
?>
- " value="" onclick="controlCmd('');"/>
+