From ea716b729d2c0ec535e2ce30b51d77b22b914832 Mon Sep 17 00:00:00 2001
From: Nestor <npegane@hotmail.com>
Date: Mon, 11 Sep 2017 16:59:51 +0200
Subject: [PATCH] =?UTF-8?q?FIX=20#5701=20Vue=20mot=20de=20passe=20superadm?=
 =?UTF-8?q?in=20li=C3=A9e=20au=20contr=C3=B4leur=20+=20ajout=20controle=20?=
 =?UTF-8?q?mot=20de=20passe=20vide?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 install/class/Class_Install.php |  3 ++-
 install/scripts/password.php    | 10 +++++-----
 install/view/password_view.php  |  4 ++--
 3 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/install/class/Class_Install.php b/install/class/Class_Install.php
index 15705c123e2..73240400528 100755
--- a/install/class/Class_Install.php
+++ b/install/class/Class_Install.php
@@ -2147,7 +2147,8 @@ class Install extends functions
         $db = new Database();
 
         $query = "UPDATE users SET password=? WHERE user_id='superadmin'";
-        $db->query($query, [\Core\Models\SecurityModel::getPasswordHash($newPass)]);
+        $sec = new security();
+        $db->query($query, [$sec->getPasswordHash($newPass)]);
     }
 
     function copy_dir($dir2copy, $dir_paste, $excludeExt=false)
diff --git a/install/scripts/password.php b/install/scripts/password.php
index 8fd6e535c6c..22e55f606ba 100755
--- a/install/scripts/password.php
+++ b/install/scripts/password.php
@@ -32,14 +32,14 @@
     include_once '../../core/init.php';
     require_once('install/class/Class_Install.php');
     $Class_Install = new Install;
-
 //CONTROLLER
-    if (!isset($_REQUEST['newSuperadminPass']) || empty($_REQUEST['newSuperadminPass'])) {
+    $trimmedPassword=rtrim($_REQUEST['newSuperadminPass']);
+    if (!isset($_REQUEST['newSuperadminPass']) || empty($trimmedPassword)) {
         header("Location: ../error.php?error=badForm"); exit;
     }
-
-    $Class_Install->setSuperadminPass(
+    $resp=$Class_Install->setSuperadminPass(
         $_REQUEST['newSuperadminPass']
     );
+    
 
-    header("Location: ../index.php?step=resume");
+    header("Location: ../index.php?step=config");
\ No newline at end of file
diff --git a/install/view/password_view.php b/install/view/password_view.php
index 86b6c7aa432..04be8f89a1a 100755
--- a/install/view/password_view.php
+++ b/install/view/password_view.php
@@ -74,7 +74,7 @@
             <h6>
                 <?php echo _PASSWORD_EXP;?>
             </h6>
-            <form action="scripts/password.php" method="post">
+            <form action="scripts/password.php" method="post" id="newAdminPassForm" name="newAdminPassForm">
                 <table>
                     <tr>
                         <td>
@@ -120,7 +120,7 @@
                     </a>
                 </div>
                 <div style="float: right;" class="nextButton" id="next">
-                    <a href="#" onClick="goTo('index.php?step=config');" id="okAdminPass" style="display: none;">
+                    <a href="#" onClick="document.getElementById('newAdminPassForm').submit();" id="okAdminPass" style="display: none;">
                         <?php echo _NEXT_INSTALL;?>
                     </a>
                 </div>
-- 
GitLab