#172 md5.js broken with passwords using special chars

enhancement
closed-fixed
5
2003-03-27
2003-03-26
tobozo
No

Actually this item is about two things :

1) md5.js won't work if the password contains special
characters (eg "é", "ú").

Bug found by : courou@users.sf.net
Bug is reproductible : Yes

Login as admin, create a new user "test", assign a
password like "Yé3ú@1!", logoff, and try to logging in
using the test account with the specified password.

Same thing happens if the username contains special
chars.

Workaround : drop the original md5.js (quite heavy) and
use an up-to-date version of the script.

This one covers md4, md5, and sha1

http://www-
adele.imag.fr/~donsez/cours/exemplescourstechnoweb/j
s_securehash/
mirror : http://pajhome.org.uk/crypt/md5/

2) When on login page, pressing the submit button
generates a javascript error :
"document.logintrue.setcookie is null or not an object"
I can login successfully anyway (if my username and
pass don't have any special char).

Bug found by : courou@users.sf.net
Bug is reproductible : Yes

Workaround : ???

Both bugs have been found using MSIE 5.x and earlier
versions packaged with Windows NT5 (FR and US).

hope this helps

tobozo

Discussion

  • tobozo

    tobozo - 2003-03-26

    Logged In: YES
    user_id=126727

    > 2) When on login page, pressing the submit button
    > generates a javascript error :
    > "document.logintrue.setcookie is null or not an object"
    > I can login successfully anyway (if my username and
    > pass don't have any special char).

    workaround (courou@users.sf.net) :
    use document.forms["logintrue"].setcookie instead of
    document.logintrue.setcookie

    eg :
    if (document.forms["logintrue"].setcookie) {
    document.forms["logintrue"].setcookie;
    }

     
  • Joe Stewart

    Joe Stewart - 2003-03-27

    Logged In: YES
    user_id=77269

    This problem has been corrected in the CVS. Please update your
    copy of PHPSlash, or wait for the next release.

     
  • Joe Stewart

    Joe Stewart - 2003-03-27
    • assigned_to: nobody --> joestewart
    • status: open --> closed-fixed
     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks