[Vmail-discuss] http_unescape bug

Chris Lightfoot chris@ex-parrot.com
Mon, 4 Nov 2002 12:42:44 +0000

On Mon, Nov 04, 2002 at 11:49:19AM +0100, Marcin Sochacki wrote:
> There is a bug in DomainAdmin.pm, which prevents setting passwords with
> some special characters in them. I've spotted the problem when trying
> to set a password with colon in it e.g. 'secret2:2'
> Of course the bug is only seen when changing the password via the web
> interface.
> The problem lies in subroutine http_unescape:
>     $text =~ s/\%(\d+)/chr(hex($1))/ge;
> should be changed to something like:
>     $text =~ s/\%([\dA-Fa-f]{2})/chr(hex($1))/ge;

Oops. Now fixed in CVS.

Never criticise somebody until you have walked a mile in their shoes.
That way, they're a mile away, and you have their shoes.