[Phpslash-trackers] [ phpslash-Bugs-710158 ] md5.js broken with passwords using special chars
Brought to you by:
joestewart,
nhruby
From: SourceForge.net <no...@so...> - 2003-03-27 19:12:50
|
Bugs item #710158, was opened at 2003-03-26 11:08 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=110566&aid=710158&group_id=10566 Category: phplib-related Group: enhancement >Status: Closed >Resolution: Fixed Priority: 5 Submitted By: tobozo (tobozo) >Assigned to: Joe Stewart (joestewart) Summary: md5.js broken with passwords using special chars Initial Comment: Actually this item is about two things : 1) md5.js won't work if the password contains special characters (eg "é", "ú"). Bug found by : co...@us... Bug is reproductible : Yes Login as admin, create a new user "test", assign a password like "Yé3ú@1!", logoff, and try to logging in using the test account with the specified password. Same thing happens if the username contains special chars. Workaround : drop the original md5.js (quite heavy) and use an up-to-date version of the script. This one covers md4, md5, and sha1 http://www- adele.imag.fr/~donsez/cours/exemplescourstechnoweb/j s_securehash/ mirror : http://pajhome.org.uk/crypt/md5/ 2) When on login page, pressing the submit button generates a javascript error : "document.logintrue.setcookie is null or not an object" I can login successfully anyway (if my username and pass don't have any special char). Bug found by : co...@us... Bug is reproductible : Yes Workaround : ??? Both bugs have been found using MSIE 5.x and earlier versions packaged with Windows NT5 (FR and US). hope this helps tobozo ---------------------------------------------------------------------- Comment By: Joe Stewart (joestewart) Date: 2003-03-27 13:26 Message: Logged In: YES user_id=77269 This problem has been corrected in the CVS. Please update your copy of PHPSlash, or wait for the next release. ---------------------------------------------------------------------- Comment By: tobozo (tobozo) Date: 2003-03-26 11:16 Message: Logged In: YES user_id=126727 > 2) When on login page, pressing the submit button > generates a javascript error : > "document.logintrue.setcookie is null or not an object" > I can login successfully anyway (if my username and > pass don't have any special char). workaround (co...@us...) : use document.forms["logintrue"].setcookie instead of document.logintrue.setcookie eg : if (document.forms["logintrue"].setcookie) { document.forms["logintrue"].setcookie; } ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=110566&aid=710158&group_id=10566 |