[#2338] Login fails because quoted credentials

10 years 1 month ago - 10 years 1 month ago #154758 by A.Ninja
If the credentials contains characters like a single quote ('), double quote (") or backslash (\) then they were quoted. I don't know why they are quoted (maybe a default behavior of Joomla), but to avoid login problems we have to unquote them. Here is my solution:

I edited comprofiler.php at line 1206+1207 and changed it to:
$username = trim( stripslashes( cbGetParam( $_POST, 'username', '' ) ) );
$passwd2  = trim( stripslashes( cbGetParam( $_POST, 'passwd', '', _CB_ALLOWRAW ) ) );

Now i can login without problems.

Maybe this would help someone! ^^

Please Log in to join the conversation.

10 years 1 month ago #154762 by beat
Thanks for sharing the fix.
Which exact Joomla version was this problem this with ?

I recall that we needed the escapings to avoid a vulnerability in an older version of Joomla.
Before applying that fix we will need review the use of those variable in each Joomla version.

Added to bugtracker as #2338

Beat - Community Builder Team Member

Before posting on forums: Read FAQ thoroughly -- Help us spend more time coding by helping others in this forum, many thanks :)
CB links: Our membership - CBSubs - Templates - Hosting - Forge - Send me a Private Message (PM) only for private/confidential info

Please Log in to join the conversation.

10 years 1 month ago #154764 by A.Ninja
Replied by A.Ninja on topic Re: Login fails because quoted credentials
Joomla 1.6.0
CB 1.4

Please Log in to join the conversation.

Moderators: beatnantkrileon
Time to create page: 0.432 seconds

Facebook Twitter LinkedIn