Be more strict if applying double quotes around passwords
When authenticating we handle the control password as follows:
// Surround non-hex strings with double quotes.
const kIsHexRE = /^[A-Fa-f0-9]*$/;
if (!kIsHexRE.test(pwdArg))
pwdArg = '"' + pwdArg + '"';But the spec says "AUTHENTICATE" [ SP 1*HEXDIG / QuotedString ] CRLF
and HEXDIG being DIGIT / "A" / "B" / "C" / "D" / "E" / "F" according to RFC 2234. Thus, we are a bit more lenient than we should at the moment.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information