[#2338] Login fails because quoted credentials

A.Ninja
OFFLINE
Posts: 2
Thanks: 0
Karma: 0

13 years 10 months ago - 13 years 9 months ago #154758 by A.Ninja

[#2338] Login fails because quoted credentials was created by A.Ninja

If the credentials contains characters like a single quote ('), double quote (") or backslash (\) then they were quoted. I don't know why they are quoted (maybe a default behavior of Joomla), but to avoid login problems we have to unquote them. Here is my solution:

I edited comprofiler.php at line 1206+1207 and changed it to:

Code:

$username = trim( stripslashes( cbGetParam( $_POST, 'username', '' ) ) );
$passwd2  = trim( stripslashes( cbGetParam( $_POST, 'passwd', '', _CB_ALLOWRAW ) ) );

Now i can login without problems.

Maybe this would help someone! ^^

Last edit: 13 years 9 months ago by krileon.

Please Log in or Create an account to join the conversation.

beat
OFFLINE
Posts: 2174
Thanks: 463
Karma: 352

13 years 10 months ago #154762 by beat

Replied by beat on topic Re: Login fails because quoted credentials

Thanks for sharing the fix.
Which exact Joomla version was this problem this with ?

I recall that we needed the escapings to avoid a vulnerability in an older version of Joomla.
Before applying that fix we will need review the use of those variable in each Joomla version.

Added to bugtracker as #2338

Beat - Community Builder Team Member

Before posting on forums: Read FAQ thoroughly -- Help us spend more time coding by helping others in this forum, many thanks

CB links: Our membership - CBSubs - Templates - Hosting - Forge - Send me a Private Message (PM) only for private/confidential info

Please Log in or Create an account to join the conversation.

A.Ninja
OFFLINE
Posts: 2
Thanks: 0
Karma: 0