Menu

#216 [change_sqlpass] improper password escape

open
nobody
None
5
2011-05-19
2011-05-19
No

Change_sqlpass escape the passwords before encrypting them. But this is only appropriate when a DB function is used for password encryption.

With a PHP encryption, escaping indeed changes the password.

The following patch escapes the password only when a DB function is used.

Discussion

  • Anonymous

    Anonymous - 2011-05-19
     
    selective-db-escape.patch

  • Anonymous

    Anonymous - 2011-05-19

    Versions:
    Squirrelmail 1.4.21 (Debian)
    Change_sqlpass 3.3-1.2

     

Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.