> Lloyd Zusman <ljz <at> asfast.com> writes:
>
>
>> Lloyd Zusman <ljz <at> asfast.com> writes:
>>
>>
>>> I'm using a recent 1.5.1 version from CVS, and I have found what
>>> seems to be a problem with the OneTimePadEncrypt and OneTimePadDecrypt
>>> functions in functions/strings.php.
>
>
> OK. I figured out the problem. The OneTimePad* functions make use of
> base64_encode/decode. One of the base64 encoded characters is the plus
> sign ("+"), which upon url encoding (I forget wheither its the
> urlencode() function or the rawurlencode() function), gets replaced with a
> blank.
>
> Apparently, somewhere in the chain of events within the login processing
> in version 1.5.1, some sort of url encoding also takes place for the
> password that is being encrypted and decrypted via the OneTimePad*
> functions. If any plus signs appear in the result of base64_encode, these
> then get converted to spaces, which causes the subsequent base64_decode
> step to return a garbled password to the imap login step.
>
> I solved this by writing wrapper functions around base64_encode and
> base64_decode which cause the plus sign to be appropriately replaced with a
> character that's safe. I then cause these wrapper functions to be used in
> place of base64_encode/decode within the OneTimePad* functions.
>
> Everything now works fine.
>
>
> So this brings up the question of how to get this fix into the
> Squirrelmail
> code base. I'm new here and I don't know the accepted procedure. Should
> I post my patch here, or should I go over to the 'devel' mailing list?
How about finding the reason why session or cookie data is corrupted?
Used PHP version?
Your session settings?
All non-default php settings and used configure line?
Can you reproduce same issue with 1.4.x and 1.5.1cvs? SquirrelMail
1.5.1cvs contains experimental cookie code. We must be sure that issue is
caused by OTP code or sqsession_cookie code.
--
Tomas
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
--
squirrelmail-users mailing list
Posting Guidelines:
http://www.squirrelmail.org/wiki/MailingListPostingGuidelines
List Address: [email protected]
List Archives:
http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user
List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
