[Vmail-discuss] VE-passwd doesn't like commas

Chris Lightfoot chris@ex-parrot.com
Wed, 24 Jul 2002 11:34:22 +0100


On Wed, Jul 24, 2002 at 11:22:33AM +0100, Stephen Marley wrote:
> > I've noticed a problem with VE-passwd in that it is 
> > impossible to log in to
> > the vmail web control page with a password set with VE-passwd 
> > if it contains
> > comma characters ( , )
> > 
> > Eg, 
> > 
> > ./VE-passwd ',,,,,,'
> > 
> > generates a usage error and 
> > 
> > ./VE-passwd ',.,.,.' will create an unusable password.
> > 
> > Is this a documented feature? 
> 
> Excuse me, I was being stupid there. Ignore the first example, however
> 
> ./VE-passwd mydomain.com ',,,,,,'
> 
> still creates an unusable password.

Hmm. This one's slightly embarrassing. The function
http_unescape in DomainAdmin.pm is completely bogus.
Replace it with

sub http_unescape ($) {
    my $text = shift;
    $text =~ s/+/ /g;
    $text =~ s/%([0-9a-f]{2})/chr(hex($1))/gei;
    return $text;
}

Actually there are some escaping issues in other parts of
the code (in particular the email_setup script) which
ought to be fixed.

Hmm. Perhaps we should just rewrite those scripts using
CGI.pm. (Perhaps CGI::Fast.)

-- 
``What is it that will make it possible to spend $20 billion of your money
  to put some clown on the moon? Good old American know-how -- as provided
  by good old Americans, like Doctor Wernher von Braun.'' (Tom Lehrer)