[imp] backslashes in passwords (again)
Adrian Hosey
alh at warhound.org
Wed Aug 20 15:04:59 PDT 2003
On Wed, 20 Aug 2003, Adrian Hosey wrote:
:
: I still have some people with backslashes in their password who can't
: login. I found this line in imp/lib/IMP.php:
:
: 152: Auth::setAuth($imp['uniquser'], array('password' => $_POST['pass']));
:
: So that's going to be bypassing Horde::getFormData() and if
: magic_quotes_gpc is on, $_POST['pass'] will be something like "foo\\bar"
: when the password is really "foo\bar".
Replying to myself. Sorry, it's been a long day.
Anyway, someone is going to yell at me because the FAQ says this:
-=-=-
5.3.10 Email sent from IMP is full of backslashes.
If characters such as ', ", and \ are producing extra backslashes ("\") in
IMP, you probably have one of the following settings in your php.ini (or
php3.ini in PHP version 3):
magic_quotes_gpc = on
magic_quotes_runtime = on
magic_quotes_sybase = on
All magic_quotes options must be disabled for IMP. Remember to restart
your web server after changing php.ini settings.
-=-=-
So let me rephrase my question. Is there a reason to use $_POST['pass'] in
the code? Why not use Horde::getFormData() and then this won't be a FAQ
anymore. What if some people are running IMP alongside other PHP
applications that need magic_quotes_gpc to be on?
That's why I'm hesitant to just turn off magic_quotes_gpc. I don't know if
that has implications for other PHP code on the server.
Thanks again,
- A
--
We're currently having what we in the industry like to call "an
unrequested fission surplus."
More information about the imp
mailing list