View Issue Details

IDProjectCategoryView StatusLast Update
0000374Main CAcert Websitewebsite contentpublic2013-01-14 21:03
Reportergaofi Assigned To 
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Fixed in Version2006 
Summary0000374: thawte verification wiki
DescriptionThere should be a note saying that you can NOT use single-quote characters (and possibly others) in you password if you want the process to function correctly.

If your passwor includes single-quotes, you end up with a "I'm sorry, I couldn't match your login details to your certificate to an account on this system.", with no reference to the password field itself !
TagsNo tags attached.
Reviewed by
Test Instructions

Activities

gaofi

2006-12-19 10:36

reporter   ~0000759

Last edited: 2006-12-19 10:41

Duane, FYI, this was not a duplicate.
I posted two different bugs to address both the code bug, and the wiki...on request by philipp gühring.
Anyway, this is now a nearly solved bug, as I sent him the following patch, wiche solves the issue :

diff -ur cacert.orig/tverify/index.php cacert.patched/tverify/index.php
--- cacert.orig/tverify/index.php 2006-08-13 02:49:44.000000000 +0200
+++ cacert.patched/tverify/index.php 2006-12-18 23:14:45.000000000 +0100
@@ -47,7 +47,7 @@
    if($id == 1)
    {
        $email = mysql_escape_string($_REQUEST["email"]);
- $password = mysql_escape_string($_REQUEST["pword"]);
+ $password = mysql_escape_string(stripslashes(trim($_REQUEST["pword"])));
        $URL = mysql_escape_string($_REQUEST["notaryURL"]);
        $CN = mysql_escape_string($_SESSION['_config']['CN']);
        $memid = mysql_escape_string($_SESSION['_config']['uid']);

duane

2006-12-20 10:23

developer   ~0000760

patch applied.

Issue History

Date Modified Username Field Change
2006-12-19 06:35 gaofi New Issue
2006-12-19 10:36 gaofi Note Added: 0000759
2006-12-19 10:41 gaofi Note Edited: 0000759
2006-12-20 10:23 duane Status new => solved?
2006-12-20 10:23 duane Resolution open => fixed
2006-12-20 10:23 duane Assigned To => duane
2006-12-20 10:23 duane Note Added: 0000760
2007-10-24 05:53 evaldo Assigned To duane =>
2007-10-24 05:53 evaldo Status solved? => closed
2013-01-14 21:03 Werner Dworak Fixed in Version => 2006