Leave passwords alone - Githubissues

deflomu / Roundcube-SMTP-per-Identity-Plugin

Roundcube plugin to setup different SMTP settings per identity

MIT License

44 stars 19 forks source link

Leave passwords alone #6

Closed dscho closed 9 years ago

dscho commented 9 years ago

Secure passwords often contain characters that would be modified by parse_input_value(), e.g. quotes. Let's just leave the password values as specified by the user.

Signed-off-by: Johannes Schindelin johannes.schindelin@gmx.de

deflomu commented 9 years ago

This seems like a valid request. I just looked at the roundcube source and they also use get_input_value() but with some parameters (see https://github.com/roundcube/roundcubemail/blob/681ba6fc3c296cd6cd11050531b8f4e785141786/index.php#L101-L102). So we have to find out why they do this and if it's important.

EDIT: I just realized this is only the IMAP password and not the SMTP password. Will investigate :)

dscho commented 9 years ago

Ah, right, they still use get_input_value() but with $allow_html == TRUE. Fixed.

deflomu commented 9 years ago

Committed in 8f6c93999beb88cbd8434d8761de38c7465dc209. Thank you.