From 029f58a2457b948fdca6d19b65d4418ec4c435c7 Mon Sep 17 00:00:00 2001
From: Mendel <44873735+rabbidiesel@users.noreply.github.com>
Date: Wed, 25 Mar 2026 17:59:34 -0400
Subject: [PATCH] Fix http auth password copy length (#7769)

---
 app/provision/app_config.php                              | 8 ++++++++
 .../domain_settings/resources/classes/domain_settings.php | 7 +++++--
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/app/provision/app_config.php b/app/provision/app_config.php
index cbe145ab6..3655927a7 100644
--- a/app/provision/app_config.php
+++ b/app/provision/app_config.php
@@ -72,6 +72,14 @@
 		$apps[$x]['default_settings'][$y]['default_setting_enabled'] = "false";
 		$apps[$x]['default_settings'][$y]['default_setting_description'] = "";
 		$y++;
+		$apps[$x]['default_settings'][$y]['default_setting_uuid'] = "885a43f9-eea2-4150-ba25-f576918880b3";
+		$apps[$x]['default_settings'][$y]['default_setting_category'] = "provision";
+		$apps[$x]['default_settings'][$y]['default_setting_subcategory'] = "password_http_auth_length";
+		$apps[$x]['default_settings'][$y]['default_setting_name'] = "numeric";
+		$apps[$x]['default_settings'][$y]['default_setting_value'] = "20";
+		$apps[$x]['default_settings'][$y]['default_setting_enabled'] = "true";
+		$apps[$x]['default_settings'][$y]['default_setting_description'] = "Set the length for generated http auth passwords.";
+		$y++;
 		$apps[$x]['default_settings'][$y]['default_setting_uuid'] = "c998c762-6a43-4911-a465-a9653eeb793d";
 		$apps[$x]['default_settings'][$y]['default_setting_category'] = "provision";
 		$apps[$x]['default_settings'][$y]['default_setting_subcategory'] = "http_auth_enabled";
diff --git a/core/domain_settings/resources/classes/domain_settings.php b/core/domain_settings/resources/classes/domain_settings.php
index ee79db594..6277cfa0b 100644
--- a/core/domain_settings/resources/classes/domain_settings.php
+++ b/core/domain_settings/resources/classes/domain_settings.php
@@ -231,6 +231,9 @@ class domain_settings {
 	public function copy($records) {
 		if (permission_exists($this->permission_prefix . 'add') && permission_exists('domain_select') && count($_SESSION['domains']) > 1) {
 
+			//define the global variables
+			global $settings;
+
 			//add multi-lingual support
 			$language = new text;
 			$text     = $language->get();
@@ -279,7 +282,7 @@ class domain_settings {
 
 							//set a random password for http_auth_password
 							if ($domain_setting_subcategory == "http_auth_password") {
-								$domain_setting_value = generate_password();
+								$domain_setting_value = generate_password(max(8, intval($settings->get('provision', 'password_http_auth_length', 20))));
 							}
 
 							//target is different domain, check if exists
@@ -360,7 +363,7 @@ class domain_settings {
 
 							//set a random password for http_auth_password
 							if ($domain_setting_subcategory == "http_auth_password") {
-								$domain_setting_value = generate_password();
+								$domain_setting_value = generate_password(max(8, intval($settings->get('provision', 'password_http_auth_length', 20))));
 							}
 
 							// check if exists