phpgroupware-tracker
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Phpgroupware-tracker] [bug #23949] header/config passwords containing q


From: Olivier Berger
Subject: [Phpgroupware-tracker] [bug #23949] header/config passwords containing quotes badly managed when magic_quotes
Date: Mon, 28 Jul 2008 13:12:50 +0000
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.1) Gecko/2008071618 Iceweasel/3.0.1 (Debian-3.0.1-1)

URL:
  <http://savannah.gnu.org/bugs/?23949>

                 Summary: header/config passwords containing quotes badly
managed when magic_quotes
                 Project: phpGroupWare
            Submitted by: olberger
            Submitted on: lundi 28.07.2008 à 15:12
              Item Group: 0.9.16.012
                Category: API - Setup
                Severity: 3 - Normal
                Priority: 5 - Normal
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
       Component Version: DEB
        Operating System: GNU/Linux - Debian
         Reproducibility: None
         Planned Release: None
           Fixed Release: 

    _______________________________________________________

Details:

Hi.

If I'm not mistaken, whenever one is using PHP5 with magic_quotes (which is
the default ?), and header or config password is set to a value where it
contains single or double quotes, it's impossible to login in the setup to
access the header or config dialogs.

I think that the following code should be changed from :
if($FormPW ==
stripslashes($GLOBALS['phpgw_info']['server']['header_admin_password']))
to :
if(stripslashes($FormPW) ==
stripslashes($GLOBALS['phpgw_info']['server']['header_admin_password']))

Hope this helps,




    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?23949>

_______________________________________________
  Message posté via/par Savannah
  http://savannah.gnu.org/





reply via email to

[Prev in Thread] Current Thread [Next in Thread]