-
Notifications
You must be signed in to change notification settings - Fork 164
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix Spaces in passwords are not handled correctly when adding servers #822
Conversation
@Shadow243 the problem is not the content type as PHP handles content types correctly by decoding incoming encoded types in POST, GET, etc. arrays. The problem should be the FILTER_UNSAFE_RAW filter applied on imap_pass field specified in modules/imap/setup.php . That filter seems to encode special characters. We don't want any encoding or changes in password fields - just ignore anything as a filter - we need the password as user submitted it. |
Copy that, I'm checking it out... |
After conducting checks by modifying or removing the filter, it seems that the issue might originate from the encoding done at line 182 of the By adjusting the content type from "application/x-www-form-urlencoded" to "multipart/form-data," the data is no longer encoded. However, this change alters the structure in Cypht, bringing us back to the previously suggested solution if preserving the existing structure is desired. The comment also references a list of tested filters, sourced from filter.constants.php and filter.filters.sanitize.php. After conducting thorough tests, it has become evident that the undesired transformation is indeed linked to the "application/x-www-form-urlencoded" encoding. Additional Information
|
@Shadow243 can you try submitting a normal browser form element with application/x-www-form-urlencoded enctype and see if the variable on the cypht backend is still badly encoded? If so, we should definitely fix site.js encoding function format_xhr_data, so it works with PHP decoding system. |
9352019
to
350de94
Compare
Trying this one, not getting transformed data with +. An alternative solution from: https://itecnote.com/tecnote/jquery-serialize-converts-all-spaces-to-plus/ is working. Changes can be seen here: #822 |
d5e32d1
to
2509118
Compare
2509118
to
d07bb2e
Compare
Issue Description
I encountered an issue where spaces in passwords were being encoded as
+
when submitting a POST request with the Content-Typeapplication/x-www-form-urlencoded
. This behavior was causing problems, as passwords with spaces were not processed correctly on the server.Proposed Correction
To address this issue, I added URL decoding (
urldecode()
) to the server-side code to properly decode data received from the POST request. This ensures that spaces in passwords are correctly handled and not transformed into+
symbols. As a result, passwords containing spaces are now processed as expected.Steps to Reproduce
application/x-www-form-urlencoded
.This change should resolve the issue as described in Issue #821 and ensure that passwords with spaces are handled correctly in POST requests.