Actions
Bug #2338
closed
Username or password with single quotes and double quotes can not login
Description
As reported here by A.Ninja (thank you) with fix suggestion:
http://www.joomlapolis.com/forum/147-potential-bug/154758-login-fails-because-quoted-credentials
I edited comprofiler.php at line 1206+1207 and changed it to:
$username = trim( stripslashes( cbGetParam( $ _POST, 'username', '' ) ) );
$passwd2 = trim( stripslashes( cbGetParam( $ _POST, 'passwd', '', _CB_ALLOWRAW ) ) );
I recall that we needed the escapings to avoid a vulnerability in an older version of Joomla.
Before applying that fix we will need review the use of those variable in each Joomla version.
Updated by beat almost 13 years ago
- Status changed from New to Assigned
- Assignee set to beat
- % Done changed from 0 to 50
We will do that just for Joomla 1.6+, as those are safe.
Updated by beat almost 13 years ago
- Status changed from Assigned to Resolved
- % Done changed from 50 to 90
Updated by beat almost 13 years ago
- Subject changed from Username with single quotes and double quotes can not login to Username or password with single quotes and double quotes can not login
- Status changed from Resolved to Closed
- % Done changed from 90 to 100
r1499 fixes this at 2 levels.
Actions