Opened 14 years ago

Closed 12 years ago

#439 closed defect (invalid)

Passwords are incorrectly being stripped of certain non-text characters

Reported by: anonymous Owned by: dmorton
Priority: normal Milestone: 1.0.3
Component: PHP scripts Version: 1.0.2
Severity: normal Keywords: passwords non-text characters
Cc:

Description

Christian Katterl reports:

when I was testing MaiaMailguard 1.0.2 i found out, that password-
authenticating (i tested with imap) is impossible, when the password
contains a ? (ascii 34 [dec.])

We may want to take a closer look at how password strings are being filtered before being submitted to the authentication source, and be clearer about what kind of sanitizing we're doing, and what characters we want to strip out or allow.

Change History (2)

comment:1 Changed 14 years ago by anonymous

no filtering is done to the password, exept trim() and stripslashes().

I'm not sure why we always trim input... that would break a leading or trailing space... and stripslashes is only needed if php des it automatically.

comment:2 Changed 12 years ago by mortonda@…

  • Resolution set to invalid
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.