bug in smtp auth

Daniel Reichelt mail at itamservices.de
Wed Feb 21 21:28:26 CET 2007


Hi folks!

I just hunted down a pretty simple yet annoying bug concerning smtp auth. I'm
using a password with special characters in it which get \-escaped by my php
installation. I tracked down the issue to lie in rcube_smpt.inc:L101 which I
changed like this:

FROM
$smtp_pass = str_replace('%p', decrypt_passwd($_SESSION['password']),
$CONFIG['smtp_pass']);

TO
$smtp_pass = str_replace('%p',
stripslashes(decrypt_passwd($_SESSION['password'])), $CONFIG['smtp_pass']);


I don't know if it might be more useful to move stripslashes into
decrypt_passwd - I'll leave that up to you. Furthermore, a "king's solution"
might be to query the value of PHP's magic_qpc_quotes variable to strip-slash
the decrypted password only when it's been \-escaped - thus making the usage of
backslashes in the smtp password possible.

HTH & cheers,

Daniel



PS: sorry for potential double post, don't know if the first post got through
due to touchy smtp auth :-)




More information about the Dev mailing list