Security: Prevent leak of POP3 passwords in html code.

This commit is contained in:
Sebijk 2023-06-06 17:37:52 +02:00
parent 76a58c77f5
commit e2a4d687e8
3 changed files with 9 additions and 4 deletions

View file

@ -1355,7 +1355,13 @@ else if($_REQUEST['action'] == 'extpop3')
&& IsPOSTRequest())
{
$_REQUEST['p_user'] = str_replace(array("\n", "\r"), '', $_REQUEST['p_user']);
if(empty($_REQUEST['p_pass'])) {
$account = $thisUser->GetPOP3Account((int)$_REQUEST['id']);
$_REQUEST['p_pass'] = $account['p_pass'];
}
else {
$_REQUEST['p_pass'] = str_replace(array("\n", "\r"), '', $_REQUEST['p_pass']);
}
if(CheckPOP3Login($_REQUEST['p_host'], (int)$_REQUEST['p_port'], $_REQUEST['p_user'], $_REQUEST['p_pass'], isset($_REQUEST['p_ssl'])))
{

View file

@ -96,7 +96,6 @@ function checkPOP3AccountForm(form)
{
if(form.elements['p_host'].value.length < 2
|| form.elements['p_user'].value.length < 2
|| form.elements['p_pass'].value.length < 2
|| form.elements['p_port'].value.length < 1)
{
alert(lang['fillin']);

View file

@ -39,9 +39,9 @@
</td>
</tr>
<tr>
<td class="listTableLeft">* <label for="p_pass">{lng p="password"}:</label></td>
<td class="listTableLeft"><label for="p_pass">{lng p="password"}:</label></td>
<td class="listTableRight">
<input type="password" name="p_pass" id="p_pass" value="{if isset($account.p_pass)}{text value=$account.p_pass allowEmpty=true}{/if}" size="24" />
<input type="password" name="p_pass" id="p_pass" placeholder="****" size="24" />
</td>
</tr>
<tr>