Ticket #439 (closed defect: invalid)

Opened 5 years ago

Last modified 3 years ago

Passwords are incorrectly being stripped of certain non-text characters

Reported by: anonymous Owned by: dmorton
Priority: normal Milestone: 1.0.3
Component: PHP scripts Version: 1.0.2
Severity: normal Keywords: passwords non-text characters
Cc:

Description (last modified by mortonda@…) (diff)

Christian Katterl reports: 

 when I was testing MaiaMailguard 1.0.2 i found out, that password-
 authenticating (i tested with imap) is impossible, when the password
 contains a ? (ascii 34 [dec.])

We may want to take a closer look at how password strings are being filtered before being submitted to the authentication source, and be clearer about what kind of sanitizing we're doing, and what characters we want to strip out or allow.

Change History

Changed 5 years ago by anonymous

no filtering is done to the password, exept trim() and stripslashes().

I'm not sure why we always trim input... that would break a leading or trailing space... and stripslashes is only needed if php des it automatically.

Changed 3 years ago by mortonda@…

  • status changed from new to closed
  • resolution set to invalid
  • description modified (diff)
Note: See TracTickets for help on using tickets.