SF.net SVN: postfixadmin:[1398] trunk/create-mailbox.php

[<chr...@us...>]

Revision: 1398
          http://postfixadmin.svn.sourceforge.net/postfixadmin/?rev=1398&view=rev
Author:   christian_boltz
Date:     2012-05-28 20:26:43 +0000 (Mon, 28 May 2012)
Log Message:
-----------
create-mailbox.php:
- do not escape the password coming from $_POST. Fixes
  https://sourceforge.net/tracker/index.php?func=detail&aid=3094804&group_id=191583&atid=937964 

Modified Paths:
--------------
    trunk/create-mailbox.php

Modified: trunk/create-mailbox.php
===================================================================
--- trunk/create-mailbox.php	2012-05-28 20:05:48 UTC (rev 1397)
+++ trunk/create-mailbox.php	2012-05-28 20:26:43 UTC (rev 1398)
@@ -75,8 +75,8 @@
 
    if (isset ($_POST['fUsername']) && isset ($_POST['fDomain'])) $fUsername = escape_string ($_POST['fUsername']) . "@" . escape_string ($_POST['fDomain']);
    $fUsername = strtolower ($fUsername);
-   if (isset ($_POST['fPassword'])) $fPassword = escape_string ($_POST['fPassword']); # TODO: remove escaping (except for DB query and when handing it over to dovecotpw) - https://sourceforge.net/tracker/?func=detail&aid=3094804&group_id=191583&atid=937964
-   if (isset ($_POST['fPassword2'])) $fPassword2 = escape_string ($_POST['fPassword2']);
+   if (isset ($_POST['fPassword'])) $fPassword = $_POST['fPassword']; # NOT ESCAPED!
+   if (isset ($_POST['fPassword2'])) $fPassword2 = $_POST['fPassword2']; # NOT ESCAPED
    isset ($_POST['fName']) ? $fName = escape_string ($_POST['fName']) : $fName = "";
    if (isset ($_POST['fDomain'])) $fDomain = escape_string ($_POST['fDomain']);
    isset ($_POST['fQuota']) ? $fQuota = intval($_POST['fQuota']) : $fQuota = 0;

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.