fix: move hyphen to end of password validation regex character class#102
Merged
fix: move hyphen to end of password validation regex character class#102
Conversation
The hyphen character was positioned between * and + in the regex character class [#?!@$%^&*-+], causing it to be interpreted as a range operator (ASCII 42-43) instead of a literal hyphen (ASCII 45). This caused passwords containing hyphens to fail validation while passwords with asterisks passed. Moving the hyphen to the end of the character class [#?!@$%^&*+-] ensures it is treated as a literal character. Regression introduced in 757e964. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This pull request fixes a regex bug in password validation that was incorrectly rejecting passwords containing hyphens. The hyphen character was positioned in the middle of a character class (*-+), causing it to be interpreted as a range operator (ASCII 42-43) instead of a literal hyphen character (ASCII 45). This regression was introduced when the + character was added to the allowed special characters.
Changes:
- Moved hyphen from middle to end of character class in all three password configuration regex patterns
- Updated
password_allowed_special_characters,password_shape_pattern, andpassword_shape_warningto use*+-instead of*-+
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
smarcet
force-pushed
the
hotfix/password-hyphen-validation
branch
from
a6889ac to
fbb9ec8
Compare
smarcet
added a commit
that referenced
this pull request
Feb 2, 2026
…102) * fix: move hyphen to end of password validation regex character class The hyphen character was positioned between * and + in the regex character class [#?!@$%^&*-+], causing it to be interpreted as a range operator (ASCII 42-43) instead of a literal hyphen (ASCII 45). This caused passwords containing hyphens to fail validation while passwords with asterisks passed. Moving the hyphen to the end of the character class [#?!@$%^&*+-] ensures it is treated as a literal character. Regression introduced in 757e964. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * chore: add regresion test --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> Co-authored-by: smarcet <smarcet@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
*-+in the regex character class, causing it to be interpreted as a range operator (ASCII 42-43) instead of a literal hyphen (ASCII 45)*+-) ensures it's treated as a literal characterRoot Cause
Regression introduced in commit 757e964 (
fix/password-special-charactersbranch). When+was added to the allowed special characters, it was placed after the hyphen, changing*-](valid) to*-+](range).Test plan
Test-Pass1!) now passes validationTest*Pass1!) still passes validationTest+Pass1!) passes validation🤖 Generated with Claude Code