Index: branches/2.8.x/CHANGELOG
===================================================================
--- branches/2.8.x/CHANGELOG	(revision 1905)
+++ branches/2.8.x/CHANGELOG	(revision 1906)
@@ -11,6 +11,8 @@
 ! = Update/Change
 ===============================================================================
 
+06 Jun-2013 Build 1906 Werner v.d.Decken(DarkViper)
++ new Method Password::isValid() checks a new password for invalid characters
 01 Jun-2013 Build 1905 Werner v.d.Decken(DarkViper)
 + new OutputFilter plugin 'FilterMediaRel'
 01 Jun-2013 Build 1904 Werner v.d.Decken(DarkViper)
Index: branches/2.8.x/wb/admin/interface/version.php
===================================================================
--- branches/2.8.x/wb/admin/interface/version.php	(revision 1905)
+++ branches/2.8.x/wb/admin/interface/version.php	(revision 1906)
@@ -51,5 +51,5 @@
 
 // check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled)
 if(!defined('VERSION')) define('VERSION', '2.8.3');
-if(!defined('REVISION')) define('REVISION', '1905');
+if(!defined('REVISION')) define('REVISION', '1906');
 if(!defined('SP')) define('SP', '');
Index: branches/2.8.x/wb/framework/Password.php
===================================================================
--- branches/2.8.x/wb/framework/Password.php	(revision 1905)
+++ branches/2.8.x/wb/framework/Password.php	(revision 1906)
@@ -68,10 +68,11 @@
 		parent::__construct($iIterationCountLog2, $bPortableHashes);
 	}
 /**
+ * make hash from password
  * @param string password to hash
  * @return string generated hash. Null if failed.
  */
-	public function hashPassword($sPassword)
+	public function makeHash($sPassword)
 	{
 		$sNewHash = parent::HashPassword($sPassword);
 		return ($sNewHash == '*') ? null : $sNewHash;
@@ -81,7 +82,7 @@
  * @param string existing stored hash
  * @return bool true if PW matches the stored hash
  */
-	public function checkPassword($sPassword, $sStoredHash)
+	public function checkIt($sPassword, $sStoredHash)
 	{
 		// compatibility layer for deprecated, simple and old MD5 hashes
 		if(preg_match('/^[0-9a-f]{32}$/si', $sStoredHash)) {
@@ -90,6 +91,18 @@
 		return parent::CheckPassword($sPassword, $sStoredHash);
 	}
 /**
+ * Check password for forbidden characters
+ * @param string password to test
+ * @return bool
+ */
+	public static function isValid($sPassword)
+	{
+		$sBlackList = '\"\'\,\;\<\>\?\\\{\|\}\~ '
+		            . '\x00-\x20\x22\x27\x2c\x3b\x3c\x3e\x3f\x5c\x7b-\x7f\xff';
+		$bRetval = !preg_match('/['.$sBlackList.']/si', $sPassword);
+		return $bRetval;
+	}
+/**
  * generate a case sensitive mnemonic password including numbers and special chars
  * makes no use of confusing characters like 'O' and '0' and so on.
  * @param int length of the generated password. default = PW_LENGTH_DEFAULT
@@ -103,7 +116,7 @@
 			array('B','C','D','F','G','H','J','K','M','N','P','Q','R','S','T','V','W','X','Y','Z'),
 			array('a','e','i','o','u'),
 			array('A','E','U'),
-			array('!','-','@','_',':','.','+','%','/','*')
+			array('!','-','@','_',':','.','+','%','/','*','=')
 		);
 		$iElements = ($iElements & self::PW_USE_ALL) == 0 ? self::PW_USE_ALL : $iElements;
 		if(($iLength < self::PW_LENGTH_MIN) || ($iLength > self::PW_LENGTH_MAX)) {