SquirrelMail – change_sqlpass plugin

Found a bug in the squirrelmail change_sqlpass plugin. Made the ugly fix; gonna dive in and write a patch later.

The bug occurs in functions.php

There is a mismatch between:
function get_password_salt, where the program reasonably returns the value of the password salt when $csp_salt_static is empty and $csp_salt_query is not empty.

function get_password_encrypt_string, in the switch statement,
it uses the value of the password salt as the name of the password salt field, and the SQL fails.

It’s a one line fix:
– return ‘encrypt(“‘ . $password . ‘”, ‘ . $salt . ‘)’;
+ return ‘encrypt(“‘ . $password . ‘”, “‘ . $salt . ‘”)’;

Leave a Reply




You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>