feat(site): Validate admin password

cogk · cogk · commit b7f5641f54b0 · 2025-08-04T16:01:10.000+02:00
diff --git a/press/press/doctype/site/site.py b/press/press/doctype/site/site.py
@@ -367,6 +367,7 @@ def validate(self):
 			self.validate_site_name()
 		self.validate_bench()
 		self.set_site_admin_password()
+		self.validate_admin_password()
 		self.validate_installed_apps()
 		self.validate_host_name()
 		self.validate_site_config()
@@ -392,6 +393,17 @@ def set_site_admin_password(self):
 		if not self.admin_password:
 			self.admin_password = frappe.generate_hash(length=16)
 
+	def validate_admin_password(self):
+		# Shell characters can cause issues because they are not escaped
+		# https://stackoverflow.com/questions/15783701/which-characters-need-to-be-escaped-when-using-bash/44581064#44581064
+		if not self.is_new():
+			return  # Only validate on new sites, changing the password once created does nothing (yet)
+		if not self.admin_password or self.is_dummy_password(self.admin_password):
+			return
+		SHELL_CHARS = " !\"#$&'()*,;<>?[\\]^`{|}"
+		if any(c in SHELL_CHARS for c in self.admin_password):
+			frappe.throw("Admin password must not contain special characters")
+
 	def validate_bench(self):
 		if (
 			self.status not in ("Broken", "Archived")
