[SM-USERS] change_sqlpass patch for cracklib

Thu, 17 Feb 2011 16:09:41 -0800 

The change_sqlpass cracklib function in 3.3.2  will not work because of
variables error.

In functions, the new pass is   cp_newpass
but cracklib segment refers to $new_pw1

Simple patch to correct:

--- functions.php       2010-03-18 05:03:18.000000000 +1000
+++ functions.php.1     2011-02-18 09:39:32.000000000 +1000
@@ -884,7 +884,7 @@
       //
       if (empty($cracklib_dict_path))
       {
-         if (crack_check($new_pw1) === FALSE)
+         if (crack_check($cp_newpass) === FALSE)
          {
             $msg = crack_getlastmessage();
             //$msg = _(crack_getlastmessage());
@@ -895,7 +895,7 @@
       else
       {
          $dictionary = crack_opendict($cracklib_dict_path);
-         if (crack_check($dictionary, $new_pw1) === FALSE)
+         if (crack_check($dictionary, $cp_newpass) === FALSE)
          {
             $msg = crack_getlastmessage();
             //$msg = _(crack_getlastmessage());


... and patch is also attached in case the list screws with formatting..

Cheers
Noel


--- functions.php	2010-03-18 05:03:18.000000000 +1000
+++ functions.php.1	2011-02-18 09:39:32.000000000 +1000
@@ -884,7 +884,7 @@
       //
       if (empty($cracklib_dict_path))
       {
-         if (crack_check($new_pw1) === FALSE)
+         if (crack_check($cp_newpass) === FALSE)
          {
             $msg = crack_getlastmessage();
             //$msg = _(crack_getlastmessage());
@@ -895,7 +895,7 @@
       else
       {
          $dictionary = crack_opendict($cracklib_dict_path);
-         if (crack_check($dictionary, $new_pw1) === FALSE)
+         if (crack_check($dictionary, $cp_newpass) === FALSE)
          {
             $msg = crack_getlastmessage();
             //$msg = _(crack_getlastmessage());

Attachment: signature.asc
Description: This is a digitally signed message part

------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-users@lists.sourceforge.net
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): 
https://lists.sourceforge.net/lists/listinfo/squirrelmail-users

Reply via email to