diff --git a/install.sh b/install.sh index 5606e59c..a2d2cdc8 100644 --- a/install.sh +++ b/install.sh @@ -1763,11 +1763,16 @@ create_admin_and_show_logins_success_message() { fi - if [ "$SET_ADMIN_PASSWORD" = true ]; then - new_password="${custom_password}" - else - new_password=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 16) - fi + if [ "$SET_ADMIN_PASSWORD" = true ]; then + if [[ "$custom_password" =~ ^[A-Za-z0-9]{6,16}$ ]]; then + new_password="${custom_password}" + else + echo "Warning: custom_password is invalid (must be alphanumeric and 6–16 characters). Generating a secure password." + new_password=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 16) + fi + else + new_password=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 16) + fi display_admin_status_and_logins() {