View Issue Details

IDProjectCategoryView StatusLast Update
0006358OXID eShop (all versions)4. ------ eShop Core -------public2024-03-13 10:01
ReporterMitmacher Assigned To 
Status resolvedResolutionfixed 
Product Version4.9.7 / 5.2.7 
Fixed in Version6.2.2 
Summary0006358: Wrong HTML encoding when passing passwords to smtp auth (login)
DescriptionYou are not allowed to use smtp passwords with html special chars in it. That happens because of wrong html encoding in function setSmtp() in oxemail.php. It seems that this problem applies to all OXID versions.
Steps To ReproduceCreate an email account (through your provider) with a password which includes an ampersand for example. Fill in these account data to your main shop settings and try to send an email (contact or order). This won't work because the "&" in your password has been encoded to "&" and therefore is invalid.
Additional InformationPerhaps a simple solution could be to replace line 475:

$this->_setSmtpAuthInfo($oShop->oxshops__oxsmtpuser->value, $oShop->oxshops__oxsmtppwd->value);

with this:
$this->_setSmtpAuthInfo($oShop->oxshops__oxsmtpuser->value, $oShop->oxshops__oxsmtppwd->getRawValue());

So all html special chars would be allowed to use in passwords which is the expected behaviour I guess.
TagsNo tags attached.
ThemeNot defined
BrowserNot defined
PHP VersionNot defined
Database VersionNot defined



2024-03-13 10:01

administrator   ~0016399

This was fixed in oxideshop_ce v6.5.6 from a pull request by tabsl in and released with metapackage v6.2.2