[Vmail-discuss] VE-passwd doesn't like commas
Chris Lightfoot
chris@ex-parrot.com
Wed, 24 Jul 2002 11:34:22 +0100
On Wed, Jul 24, 2002 at 11:22:33AM +0100, Stephen Marley wrote:
> > I've noticed a problem with VE-passwd in that it is
> > impossible to log in to
> > the vmail web control page with a password set with VE-passwd
> > if it contains
> > comma characters ( , )
> >
> > Eg,
> >
> > ./VE-passwd ',,,,,,'
> >
> > generates a usage error and
> >
> > ./VE-passwd ',.,.,.' will create an unusable password.
> >
> > Is this a documented feature?
>
> Excuse me, I was being stupid there. Ignore the first example, however
>
> ./VE-passwd mydomain.com ',,,,,,'
>
> still creates an unusable password.
Hmm. This one's slightly embarrassing. The function
http_unescape in DomainAdmin.pm is completely bogus.
Replace it with
sub http_unescape ($) {
my $text = shift;
$text =~ s/+/ /g;
$text =~ s/%([0-9a-f]{2})/chr(hex($1))/gei;
return $text;
}
Actually there are some escaping issues in other parts of
the code (in particular the email_setup script) which
ought to be fixed.
Hmm. Perhaps we should just rewrite those scripts using
CGI.pm. (Perhaps CGI::Fast.)
--
``What is it that will make it possible to spend $20 billion of your money
to put some clown on the moon? Good old American know-how -- as provided
by good old Americans, like Doctor Wernher von Braun.'' (Tom Lehrer)