Your message dated Wed, 8 Mar 2006 23:17:53 +0100 (CET)
with message-id <[EMAIL PROTECTED]>
and subject line Bug#355921: Squirrelmail administrator plugin authentication
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: squirrelmail
Version: 1.4.4-8
The plugin 'administrator' can authenticate which user has access to
administrating the squirrelmail configuration by two ways. One of them is by
listing the lines in a file called 'admins'. The other one is by determining
whether the config.php file is owned by a system user named equally to the
IMAP user provided.
There is an issue with the second way. The line 39 of the file
/usr/share/squirrelmail/plugins/administrator/auth.php should look like
} else if (($adm_id = fileowner(SM_PATH . 'config/config.php')) &&
instead of
} else if ($adm_id = fileowner(SM_PATH . 'config/config.php') &&
so $adm_id is assigned the result from fileowner instead the the boolen result
from the fileowner(...)&&function_exists(...) expression.
Regards,
Eloi Granado
pgpDdRpw46Ic8.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Version: 2:1.4.5-1
Hello Eloi,
On Wed, March 8, 2006 19:17, Eloi Granado wrote:
> Package: squirrelmail
> Version: 1.4.4-8
Thanks for your report.
> The plugin 'administrator' can authenticate which user has access to
> administrating the squirrelmail configuration by two ways. One of them is
> by
> listing the lines in a file called 'admins'. The other one is by
> determining
> whether the config.php file is owned by a system user named equally to the
> IMAP user provided.
>
> There is an issue with the second way. The line 39 of the file
> /usr/share/squirrelmail/plugins/administrator/auth.php should look like
> } else if (($adm_id = fileowner(SM_PATH . 'config/config.php')) &&
> instead of
> } else if ($adm_id = fileowner(SM_PATH . 'config/config.php') &&
> so $adm_id is assigned the result from fileowner instead the the boolen
> result
> from the fileowner(...)&&function_exists(...) expression.
You are right, but this has already been corrected in SquirrelMail 1.4.5.
Unfortunately, I can't update Debian stable for this bug. So I'm closing
the bug for any version >= 1.4.5. If you need the bug fixed, you can adapt
the package yourself, but such an update won't be allowed into stable at
this point, I'm afraid.
regards,
Thijs
--- End Message ---
