[Tickets #1519] RESOLVED: backslash must be doubled in password

bugs at bugs.horde.org bugs at bugs.horde.org
Thu Mar 10 11:35:14 PST 2005 

DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/?id=1519
-----------------------------------------------------------------------
 Ticket             | 1519
 Updated By         | jmorzins at mit.edu
 Summary            | backslash must be doubled in password
 Queue              | IMP
 Version            | RELENG_3
 State              | Bogus
 Priority           | 1. Low
 Type               | Bug
 Owners             | 
-----------------------------------------------------------------------


jmorzins at mit.edu (2005-03-10 11:35) wrote:

Respectfully, I think the person who replied has misunderstood my report.

IMP builds and sends an IMAP command when it tries to log me in.  My bug
report concerns the fact that IMP builds the command wrongly.  As far as I
can see, php's handling of backslashes is completely clean and proper, and
is not part of this bug report.

As proof that PHP is correctly configured, I point out that I can
successfully use IMP to send myself email with tricky subjects ilke:
  test \\ of \ backslash

The doubled backslash between "test" and "of" is properly preserved in my
email, and the single backslash between "of" and "backslash" is also
properly preserved.  IMP's php code is doing the right thing.


However, when I try to log in, the php code is doing the right thing, but
IMP constructs the login command incorrectly.  A login command must escape
any backslashes in the password.  This is specified in RFC 2060, which is
recommend reading for anyone who is trying to write an IMAP client.  Because
IMP is not escaping the backslashes when it constructs the IMAP login
command, the command fails.  If the user is an IMAP guru who knows probably
IMAP failure modes and know that the *protocol layer* requires doubled
backslashes, the user can compensate for IMP's shortcomings...

IMP should not require the user to be a guru, and should build
correctly-formatted password strings before trying to log in to the server.


Thank you
 Jacob Morzinski

More information about the bugs mailing list