View Issue Details

IDProjectCategoryView StatusLast Update
0007083OXID eShop (all versions)1.05. Userspublic2020-02-06 09:25
ReporterMoehlis Assigned To 
PrioritylowSeveritytrivialReproducibilityalways
Status acknowledgedResolutionopen 
Product Version6.1.3 
Summary0007083: changeuser doesn't check raw password input
DescriptionWhen registering, using a password containing ">" is no problem.
But when changing email address in my-account, the password is not accepted.

Problem is located in OxidEsales\EshopCommunity\Core\InputValidator:checkLogin

is:
\OxidEsales\Eshop\Core\Registry::getConfig()->getRequestParameter('user_password');

should be:
\OxidEsales\Eshop\Core\Registry::getConfig()->getRequestParameter('user_password', true);

See OxidEsales\EshopCommunity\Application\Component\UserComponent:createUser for reference.


Affects _all_ Shop Versions.
TagsUser, Validation
ThemeNot defined
BrowserNot defined
PHP VersionNot defined
Database VersionNot defined

Activities

QA

2020-02-06 09:25

administrator   ~0013114

-MK