View Issue Details

IDProjectCategoryView StatusLast Update
0006358OXID eShop (all versions)4. ------ eShop Core -------public2016-03-29 10:54
ReporterMitmacher 
PrioritylowSeverityminorReproducibilityalways
Status acknowledgedResolutionopen 
Product Version4.9.7 / 5.2.7 
Target VersionFixed in Version 
Summary0006358: Wrong HTML encoding when passing passwords to smtp auth (login)
DescriptionYou are not allowed to use smtp passwords with html special chars in it. That happens because of wrong html encoding in function setSmtp() in oxemail.php. It seems that this problem applies to all OXID versions.
Steps To ReproduceCreate an email account (through your provider) with a password which includes an ampersand for example. Fill in these account data to your main shop settings and try to send an email (contact or order). This won't work because the "&" in your password has been encoded to "&" and therefore is invalid.
Additional InformationPerhaps a simple solution could be to replace line 475:

$this->_setSmtpAuthInfo($oShop->oxshops__oxsmtpuser->value, $oShop->oxshops__oxsmtppwd->value);

with this:
$this->_setSmtpAuthInfo($oShop->oxshops__oxsmtpuser->value, $oShop->oxshops__oxsmtppwd->getRawValue());

So all html special chars would be allowed to use in passwords which is the expected behaviour I guess.
TagsNo tags attached.
ThemeNot defined
BrowserNot defined
PHP VersionNot defined
MySQL VersionNot defined

Activities

There are no notes attached to this issue.