-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi folks!
I'm new to roundcubemail (just using it since yesterday) and today I found out, that passwords that contain german umlauts don't get authenticated correctly.
After having a look at the sourcecode I found the file that contained the bug and it is located in imap.inc (iil_C_Login). Attached to this mail is a patch that fixes this issue, as well as the bugs #1483977 and #1483886.
I know, that the imap library was taken from ilohamail and therefore I also informed the ilohamail mailing list about this issue and asked them to apply this patch too.
The patch can also be downloaded here: http://tuxx-home.at/projects/roundcubemail/roundcubemail-loginumlauts.diff
PS.: Please reply to me directly as I am not subscribed to the list.
best regards,
| .-. | Alexander Griesser -- private@tuxx-home.at | .''. | | /v\ \ http://www.tuxx-home.at/ / : :' : | | /( )\ | GPG-KeyID: 0xA2949B5A |. ' | | ^^ ^^-------------------------------------------------' `- |
--- imap.inc.orig 2006-09-27 10:51:22.408713456 +0200 +++ imap.inc 2006-09-27 10:50:26.982139576 +0200 @@ -225,7 +225,9 @@
function iil_C_Login(&$conn, $user, $password){
- fputs($conn->fp, "a001 LOGIN $user "$password"\r\n");
- // $passwords needs to be utf8_decode'd so that the german umlauts don't
- // get corrupted. Updated by php@tuxx-home.at, ag
- fputs($conn->fp, "a001 LOGIN $user "" . utf8_decode($password) . ""\r\n"); do{ $line = iil_ReadReply($conn->fp);
I just installed the newest SVN this morning to see if the sessions
were fixed, however, when I attempt to Compose a message the Sender
Field is blank. And therefore the messages cannot be sent.
Anyone want to point me in the right direction?
Ken
BTW, TinyMCE is looking sweet!
On Sep 27, 2006, at 8:38 AM, Ken Samland wrote:
I just installed the newest SVN this morning to see if the sessions
were fixed, however, when I attempt to Compose a message the Sender
Field is blank. And therefore the messages cannot be sent.Anyone want to point me in the right direction?
Ken
BTW, TinyMCE is looking sweet!
I also get an alert message when clicking New Message. After
clicking OK in this Alert box, I am then redirected to the compose
page, which is lacking my FROM attributes.
Ken
oops! I just sent this response to the list from the wrong email address. (Could a mod please reject my previous email to avoid that address from getting on every spam list that exists? Thanks!)
Ken,
See if it's the same problem I had: http://roundcubeforum.net/forum/index.php?topic=633.0
Basically identities.html_signature was missing from the database
Ken Samland wrote:
On Sep 27, 2006, at 8:38 AM, Ken Samland wrote:
I just installed the newest SVN this morning to see if the sessions were fixed, however, when I attempt to Compose a message the Sender Field is blank. And therefore the messages cannot be sent.
Anyone want to point me in the right direction?
Ken
BTW, TinyMCE is looking sweet!
I also get an alert message when clicking New Message. After clicking OK in this Alert box, I am then redirected to the compose page, which is lacking my FROM attributes.
Ken
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Ken,
See if it's the same problem I had: http://roundcubeforum.net/forum/index.php?topic=633.0
Basically identities.html_signature was missing from the database.
Ken Samland wrote:
I just installed the newest SVN this morning to see if the sessions were fixed, however, when I attempt to Compose a message the Sender Field is blank. And therefore the messages cannot be sent.
Anyone want to point me in the right direction?
Ken
BTW, TinyMCE is looking sweet!
On Sep 27, 2006, at 9:16 AM, Matt Kaatman wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Ken,
See if it's the same problem I had: http://roundcubeforum.net/forum/index.php?topic=633.0
Basically identities.html_signature was missing from the database.
Ken Samland wrote:
I just installed the newest SVN this morning to see if the
sessions were fixed, however, when I attempt to Compose a message the Sender
Field is blank. And therefore the messages cannot be sent.Anyone want to point me in the right direction?
Ken
BTW, TinyMCE is looking sweet!
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFGnm68fJo/chYc68RAqyqAJ9/7W31UH+xVVuvFbfm+d5mwycnggCfWhwz 2p5ozOv5L2ugWNxVkPr6PU8= =Bt4q -----END PGP SIGNATURE-----
Roger that! Adding identities.html_signature solved the "FROM" Field
issue.
Sadly, I still receive an alert when I click "New Message".
Apparently they weren't related.
Ken
On Wed, 27 Sep 2006 08:38:39 -0400, Ken Samland ksamland@wilson.wnyric.org wrote:
I just installed the newest SVN this morning to see if the sessions were fixed, however, when I attempt to Compose a message the Sender Field is blank. And therefore the messages cannot be sent.
Anyone want to point me in the right direction?
Your DB is out of sync, from the UPDATING file:
- run all commands in SQL/*.update.sql or re-initalize database with *.initial.sql
Do this and you'll have the drop down populated again.
P
Ken
BTW, TinyMCE is looking sweet!
-- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
-- http://fak3r.com - you don't have to kick it
On Wed, 27 Sep 2006 10:26:03 -0400, Ken Samland ksamland@wilson.wnyric.org wrote:
On Sep 27, 2006, at 9:16 AM, Matt Kaatman wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Ken,
See if it's the same problem I had: http://roundcubeforum.net/forum/index.php?topic=633.0
Basically identities.html_signature was missing from the database.
Ken Samland wrote:
I just installed the newest SVN this morning to see if the sessions were fixed, however, when I attempt to Compose a message the Sender Field is blank. And therefore the messages cannot be sent.
Anyone want to point me in the right direction?
Ken
BTW, TinyMCE is looking sweet!
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFGnm68fJo/chYc68RAqyqAJ9/7W31UH+xVVuvFbfm+d5mwycnggCfWhwz 2p5ozOv5L2ugWNxVkPr6PU8= =Bt4q -----END PGP SIGNATURE-----
Roger that! Adding identities.html_signature solved the "FROM" Field issue.
Sadly, I still receive an alert when I click "New Message". Apparently they weren't related.
I've seen this for the past few days, likely a debug statement left in?
P
Ken
This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
-- http://fak3r.com - you don't have to kick it
2006/9/27, phil phil@cryer.us:
On Wed, 27 Sep 2006 10:26:03 -0400, Ken Samland < ksamland@wilson.wnyric.org> wrote:
On Sep 27, 2006, at 9:16 AM, Matt Kaatman wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Ken,
See if it's the same problem I had: http://roundcubeforum.net/forum/index.php?topic=633.0
Basically identities.html_signature was missing from the database.
Ken Samland wrote:
I just installed the newest SVN this morning to see if the sessions were fixed, however, when I attempt to Compose a message the Sender Field is blank. And therefore the messages cannot be sent.
Anyone want to point me in the right direction?
Ken
BTW, TinyMCE is looking sweet!
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFGnm68fJo/chYc68RAqyqAJ9/7W31UH+xVVuvFbfm+d5mwycnggCfWhwz 2p5ozOv5L2ugWNxVkPr6PU8= =Bt4q -----END PGP SIGNATURE-----
Roger that! Adding identities.html_signature solved the "FROM" Field issue.
Sadly, I still receive an alert when I click "New Message". Apparently they weren't related.
I've seen this for the past few days, likely a debug statement left in?
P
Ken
This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
-- http://fak3r.com - you don't have to kick it
-- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Hello
about popup see http://trac.roundcube.net/trac.cgi/ticket/1484039 Üllar
Everyone has been so helpful so far :)
"From" problem fixed "Alert(URL)" fixed
Now where did my LDAP go? It is still working in Beta 1, but not
last nights SVN...any thoughts?
Ken
On Wed, 27 Sep 2006 10:54:16 -0400, Ken Samland ksamland@wilson.wnyric.org wrote:
Everyone has been so helpful so far :)
"From" problem fixed "Alert(URL)" fixed
Now where did my LDAP go? It is still working in Beta 1, but not last nights SVN...any thoughts?
From Thomas' email earlier this week:
"I removed the LDAP search temporarily because it also uses list functionality but is subject to be changed: it is planned to allow multiple sources for address data like the local address book and one or more LDAP directories. This will require a re-write of the LDAP access as well as the client scripts and I didn't want to change the LDAP list code now and then replace it with something else soon. Please forgive me that I broke some functions in the Trunk but I ran out of time to finish everything."
He'll be traveling for ~5 weeks.
P
Ken
-- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
-- http://fak3r.com - you don't have to kick it
Yes, LDAP has been removed as mentioned by Thomas:
I removed the LDAP search temporarily because it also uses list functionality but is subject to be changed: it is planned to allow multiple sources for address data like the local address book and one or more LDAP directories. This will require a re-write of the LDAP access as well as the client scripts and I didn't want to change the LDAP list code now and then replace it with something else soon.
So the current SVN does not have LDAP support as of now.
Regards, Nipun Jain.
On 9/27/06, Ken Samland ksamland@wilson.wnyric.org wrote:
Everyone has been so helpful so far :) "From" problem fixed "Alert(URL)" fixed
Now where did my LDAP go? It is still working in Beta 1, but not last nights SVN...any thoughts?
Ken
Who is the list moderator? Could a mod please remove the below message so that my other email address doesn't end up on web based archives for spammers to grab?
Thanks, Matt
Matt Kaatman wrote:
Ken,
See if it's the same problem I had: http://roundcubeforum.net/forum/index.php?topic=633.0
Basically identities.html_signature was missing from the database.
Ken Samland wrote:
I just installed the newest SVN this morning to see if the sessions were fixed, however, when I attempt to Compose a message the Sender Field is blank. And therefore the messages cannot be sent.
Anyone want to point me in the right direction?
Ken
BTW, TinyMCE is looking sweet!
I removed the offending debug statement - grab the latest SVN and you should be good. -Eric
phil wrote:
On Wed, 27 Sep 2006 10:26:03 -0400, Ken Samland ksamland@wilson.wnyric.org wrote:
On Sep 27, 2006, at 9:16 AM, Matt Kaatman wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Ken,
See if it's the same problem I had: http://roundcubeforum.net/forum/index.php?topic=633.0
Basically identities.html_signature was missing from the database.
Ken Samland wrote:
I just installed the newest SVN this morning to see if the sessions were fixed, however, when I attempt to Compose a message the Sender Field is blank. And therefore the messages cannot be sent.
Anyone want to point me in the right direction?
Ken
BTW, TinyMCE is looking sweet!
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFGnm68fJo/chYc68RAqyqAJ9/7W31UH+xVVuvFbfm+d5mwycnggCfWhwz 2p5ozOv5L2ugWNxVkPr6PU8= =Bt4q -----END PGP SIGNATURE-----
Roger that! Adding identities.html_signature solved the "FROM" Field issue.
Sadly, I still receive an alert when I click "New Message". Apparently they weren't related.
I've seen this for the past few days, likely a debug statement left in?
P
Ken
This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
-- http://fak3r.com - you don't have to kick it
Alexander Griesser wrote:
Hi folks!
Hi Alex
I'm new to roundcubemail (just using it since yesterday) and today I found out, that passwords that contain german umlauts don't get authenticated correctly.
After having a look at the sourcecode I found the file that contained the bug and it is located in imap.inc (iil_C_Login). Attached to this mail is a patch that fixes this issue, as well as the bugs #1483977 and #1483886.
I recently committed some changes that are similar to the patch you submitted to the list. Password input is now decoded to ISO-8859-1 using get_input_value(), which is more generic than utf8_decode, and there are some changes to correctly escape the given password for the IMAP login.
I know, that the imap library was taken from ilohamail and therefore I also informed the ilohamail mailing list about this issue and asked them to apply this patch too.
Not sure if they will because decoding is only necessary if the login form was utf-8 and the browser submitted the form data in utf-8 encoding. IMO it's up to the app that invokes iil_C_Login to decode the password correctly.
The patch can also be downloaded here: http://tuxx-home.at/projects/roundcubemail/roundcubemail-loginumlauts.diff
Please check out the latest revision and test it with your local environment.
Thanks! Thomas
Alexander Griesser wrote: (...) The patch can also be downloaded here: http://tuxx-home.at/projects/roundcubemail/roundcubemail-loginumlauts.diff (...)
In regard to this, I think one should *always* check if the data is really UTF-8 before you decode it. E.g. if roundcube gets integrated into an environment where no UTF-8 is used, the utf8_decode() would break the string supplied.
Example: "äöü" in ISO-8859-1, after a utf8_decode() only a "?" is left of the string.
I wrote a small blog entry to illustrate encoding-difficulties a while back. While it's specifically a Smarty modifier, maybe it's still useful for someone: http://blog.klimpong.de/archives/2006/10/permanent_uft8.html
Cheers,
Till Klampaeckel e: mailto:klimpong@gmail.com p: +491704018676 l: http://beta.plazes.com/whereis/till
Want to know what's up in Berlin?
-
Alexander Griesser -
Eric Stadtherr -
Ken Samland -
Matt Kaatman -
Matt Kaatman -
Nipun Jain -
phil -
Thomas Bruederli -
till -
Yllar Pajus