| Summary | Password is set wrong because of addslashes/magic_quotes_gpc |
| Queue | Horde Base |
| Queue Version | 3.0.4 |
| Type | Bug |
| State | Resolved |
| Priority | 3. High |
| Owners | |
| Requester | jonathan (at) gretchen (dot) dyndns (dot) info |
| Created | 10/21/2005 (1175 days ago) |
| Due | |
| Updated | 10/21/2005 (1175 days ago) |
| Assigned | |
| Resolved | 10/21/2005 (1175 days ago) |
| Attachments | |
| Milestone | |
| Patch | No |
State ⇒ Resolved
State ⇒ Unconfirmed
Type ⇒ Bug
Priority ⇒ 3. High
Summary ⇒ Password is set wrong because of addslashes/magic_quotes_gpc
Queue ⇒ Horde Base
authentication. My password contains characters which are quoted by
php. From manual this is the default behavior [1]. But if horde uses
these credentials for imp to log to an imap-server, the password is
wrong, because of to much '\'. So i think you have to check with
get_magic_quotes_gpc(), if an stripslash is necessary or not.
file lib/Horde/Auth/http.php,in function transparent()
my function look like this:
function transparent()
{
if (!empty($_SERVER['PHP_AUTH_USER']) &&
!empty($_SERVER['PHP_AUTH_PW'])) {
if (get_magic_quotes_gpc()){
$this->setAuth($_SERVER['PHP_AUTH_USER'],
array('password' =>
stripslashes($_SERVER['PHP_AUTH_PW']),
'transparent' => 1));
} else {
$this->setAuth($_SERVER['PHP_AUTH_USER'],
array('password' => $_SERVER['PHP_AUTH_PW'],
'transparent' => 1));
}
return true;
}
$this->_setAuthError(AUTH_REASON_MESSAGE, _("HTTP
Authentication not found."));
return false;
}
[1] http://php.speedbone.de/manual/en/function.addslashes.php
The PHP directive magic_quotes_gpc is on by default, and it
essentially runs addslashes() on all GET, POST, and COOKIE data. Do
not use addslashes() on strings that have already been escaped with
magic_quotes_gpc as you'll then do double escaping. The function
get_magic_quotes_gpc() may come in handy for checking this.