From bec35facaf051446c04116a5d57ee5876a13cffa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Florian=20Ha=CC=88fner?= <fha@scireum.de>
Date: Mon, 25 Nov 2024 16:11:30 +0100
Subject: [PATCH] Fixes client side password checks.

If the settings require letters AND digits, false must be returned if either of the conditions are not fulfilled. Same goes of upper and lower case requirements.

Fixes: SE-14149
---
 .../templates/biz/password/change-password-script.html.pasta  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/main/resources/default/templates/biz/password/change-password-script.html.pasta b/src/main/resources/default/templates/biz/password/change-password-script.html.pasta
index 935bbd277..f9693be18 100644
--- a/src/main/resources/default/templates/biz/password/change-password-script.html.pasta
+++ b/src/main/resources/default/templates/biz/password/change-password-script.html.pasta
@@ -84,11 +84,11 @@
                 return false;
             }
 
-            if (settings.requireLettersAndDigits && !/\d/.test(password) && !/[a-zA-Z]/.test(password)) {
+            if (settings.requireLettersAndDigits && (!/\d/.test(password) || !/[a-zA-Z]/.test(password))) {
                 return false;
             }
 
-            if (settings.requireUpperAndLowerCase && !/[a-z]/.test(password) && !/[A-Z]/.test(password)) {
+            if (settings.requireUpperAndLowerCase && (!/[a-z]/.test(password) || !/[A-Z]/.test(password))) {
                 return false;
             }