From: Tomas K. <to...@us...> - 2006-01-28 09:42:32
|
> This is a patch for filling username in login page directly from url like > > > http://mail-server/src/login.php?loginname=admin > > > (usable for elementary-level-users, but for me too, because I have 27 > chars in login name;) > > This patch also solves problem with formatting plugins text (hook > login_form; concat_hook_function in table instead of do_hook after table). > > > Daniel Kahoun > > > > --- src/login.php.orig 2005-12-03 09:32:03.000000000 +0100 > +++ src/login.php 2006-01-27 12:38:23.000000000 +0100 > @@ -55,7 +55,7 @@ header('Pragma: no-cache'); > > > do_hook('login_cookie'); > > -$loginname_value = (sqGetGlobalVar('loginname', $loginname) ? > htmlspecialchars($loginname) : ''); > +if (!sqGetGlobalVar('loginname', $loginname)) $loginname = > $_GET['login_username']; SquirrelMail documentation states that you should not access GET and POST variables directly. You are trying to access unchecked $_GET['login_username'] variable. sqGetGlobalVar should retrieve loginname variable from GET request if third argument in not specified. Second part of patch was already discussed in stable tracker and plugins list. Your hook changes break four SquirrelMail plugins. -- Tomas |