[imp] Bug in IMP 2.2.6: Escaped backslash in Preferences/signature
Rich Lafferty
rich@horde.org
Fri, 3 Aug 2001 13:21:10 -0400
On Fri, Aug 03, 2001 at 06:43:56PM +0200, Fritz Zaucker (zaucker@ee.ethz.ch) wrote:
> This behaviour can be verified on the IMP demo site at
> https://demo.horde.org/stable/horde/imp/
>
> If a backslash is used in Preferences/Signature the backslash is
> "escaped" with a second backslash upon saving the Preferences.
>
> This is done by the call to addslashes() in the file
> horde/imp/prefs.php3 in line 69:
>
> if (!(imp_set_signature(addslashes($signature), $imp->user, $imp->server))) {
>
> If addslashes() is removed from that line, no second backslash is added.
>
> The question is if this is save to do there?
No, it's not, else you're letting people type SQL into their
signature. But I can't duplicate that here; what's the setting of
magic_quotes_gpc there?
(Er, we might wish to fix that on demo.horde.org, too, whoever's
maintaining that right now :-)
-Rich
--
Rich Lafferty --------------+-----------------------------------------------
Montreal, Quebec, Canada | Save the Pacific Northwest Tree Octopus!
http://www.lafferty.ca/ | http://zapatopi.net/treeoctopus.html
rich@lafferty.ca -----------+-----------------------------------------------