Alexander Griesser wrote:
Hi folks!
Hi Alex
I'm new to roundcubemail (just using it since yesterday) and today I found out, that passwords that contain german umlauts don't get authenticated correctly.
After having a look at the sourcecode I found the file that contained the bug and it is located in imap.inc (iil_C_Login). Attached to this mail is a patch that fixes this issue, as well as the bugs #1483977 and #1483886.
I recently committed some changes that are similar to the patch you submitted to the list. Password input is now decoded to ISO-8859-1 using get_input_value(), which is more generic than utf8_decode, and there are some changes to correctly escape the given password for the IMAP login.
I know, that the imap library was taken from ilohamail and therefore I also informed the ilohamail mailing list about this issue and asked them to apply this patch too.
Not sure if they will because decoding is only necessary if the login form was utf-8 and the browser submitted the form data in utf-8 encoding. IMO it's up to the app that invokes iil_C_Login to decode the password correctly.
The patch can also be downloaded here: http://tuxx-home.at/projects/roundcubemail/roundcubemail-loginumlauts.diff
Please check out the latest revision and test it with your local environment.
Thanks! Thomas