[prev in list] [next in list] [prev in thread] [next in thread] 

List:       squirrelmail-plugins
Subject:    Re: [SM-PLUGINS] chg_sasl_pass  bug :(
From:       "Bucovina Dude" <bucovina () users ! sourceforge ! net>
Date:       2004-09-29 5:38:20
Message-ID: 1747.207.225.28.86.1096436300.LeVaultMail () www ! levault ! net
[Download RAW message or body]

Dominik Thinay wrote:
> Hi
>
> If i change my pass  too ;;;;;; and i take a look in my sasldb2 i see that i
> have set the pass to \;\;\;\;\;\;
> Thats not very well :(
>
> The problem is  $new_pw = escapeshellcmd("$new_pw");
>
> Any ideas to fix

Not escaping the input seems to work. Though normally it is a good security
practice to do things like this, I see how it can get in the way in this case.
Any thoughts on the potential dangers of not checking the input? I am checking
the length, though.

Brad



-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
--
squirrelmail-plugins mailing list
Posting Guidelines: http://squirrelmail.org/wiki/wiki.php?MailingListPostingGuidelines
List Address: squirrelmail-plugins@lists.sourceforge.net
List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.plugins
List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=3931
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-plugins
[prev in list] [next in list] [prev in thread] [next in thread]