Project

General

Profile

Actions
Copy link

Bug #2338

closed

Username or password with single quotes and double quotes can not login

Added by beat almost 14 years ago. Updated over 13 years ago.

Status:
Closed
Priority:
Normal
Assignee:
beat
Target version:
CB 1.7
Start date:
20 February 2011
Due date:
% Done:

100%

Estimated time:
5:00 h

Description

As reported here by A.Ninja (thank you) with fix suggestion:
http://www.joomlapolis.com/forum/147-potential-bug/154758-login-fails-because-quoted-credentials

I edited comprofiler.php at line 1206+1207 and changed it to:


$username = trim( stripslashes( cbGetParam( $ _POST, 'username', '' ) ) );
$passwd2  = trim( stripslashes( cbGetParam( $ _POST, 'passwd', '', _CB_ALLOWRAW ) ) );

I recall that we needed the escapings to avoid a vulnerability in an older version of Joomla.
Before applying that fix we will need review the use of those variable in each Joomla version.

Actions
Copy link
 #1

Updated by beat over 13 years ago

  • Status changed from New to Assigned
  • Assignee set to beat
  • % Done changed from 0 to 50

We will do that just for Joomla 1.6+, as those are safe.

Actions
Copy link
 #2

Updated by beat over 13 years ago

  • Status changed from Assigned to Resolved
  • % Done changed from 50 to 90
Actions
Copy link
 #3

Updated by beat over 13 years ago

  • Subject changed from Username with single quotes and double quotes can not login to Username or password with single quotes and double quotes can not login
  • Status changed from Resolved to Closed
  • % Done changed from 90 to 100

r1499 fixes this at 2 levels.

Actions
Copy link

Also available in: Atom PDF