Security: Prevent leak of POP3 passwords in html code.
This commit is contained in:
parent
76a58c77f5
commit
e2a4d687e8
3 changed files with 9 additions and 4 deletions
|
@ -1355,7 +1355,13 @@ else if($_REQUEST['action'] == 'extpop3')
|
|||
&& IsPOSTRequest())
|
||||
{
|
||||
$_REQUEST['p_user'] = str_replace(array("\n", "\r"), '', $_REQUEST['p_user']);
|
||||
if(empty($_REQUEST['p_pass'])) {
|
||||
$account = $thisUser->GetPOP3Account((int)$_REQUEST['id']);
|
||||
$_REQUEST['p_pass'] = $account['p_pass'];
|
||||
}
|
||||
else {
|
||||
$_REQUEST['p_pass'] = str_replace(array("\n", "\r"), '', $_REQUEST['p_pass']);
|
||||
}
|
||||
|
||||
if(CheckPOP3Login($_REQUEST['p_host'], (int)$_REQUEST['p_port'], $_REQUEST['p_user'], $_REQUEST['p_pass'], isset($_REQUEST['p_ssl'])))
|
||||
{
|
||||
|
|
|
@ -96,7 +96,6 @@ function checkPOP3AccountForm(form)
|
|||
{
|
||||
if(form.elements['p_host'].value.length < 2
|
||||
|| form.elements['p_user'].value.length < 2
|
||||
|| form.elements['p_pass'].value.length < 2
|
||||
|| form.elements['p_port'].value.length < 1)
|
||||
{
|
||||
alert(lang['fillin']);
|
||||
|
|
|
@ -39,9 +39,9 @@
|
|||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="listTableLeft">* <label for="p_pass">{lng p="password"}:</label></td>
|
||||
<td class="listTableLeft"><label for="p_pass">{lng p="password"}:</label></td>
|
||||
<td class="listTableRight">
|
||||
<input type="password" name="p_pass" id="p_pass" value="{if isset($account.p_pass)}{text value=$account.p_pass allowEmpty=true}{/if}" size="24" />
|
||||
<input type="password" name="p_pass" id="p_pass" placeholder="****" size="24" />
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
|
|
Loading…
Reference in a new issue