Issue information
-
#025321
-
Unconfirmed
-
-
-
-
Issue Confirmations
-
Yes (0)No (0)
0
Say your admin email address on a remote application is "john@doe.com" and your password is "something!". Because of the ! point, you cannot add the application (you get an error that the password is not correct).
In admin/sources/control_panel/cp_products/apps.php we have this line in product_add()
needs to be changed to
Otherwise !, $, <, > and other characters can get "cleaned", and the resulting MD5 hash would be of these "cleaned" characters. We then send the MD5-once password to the remote application. This is fine for IP.Board, but when working with a converged Drupal installation, it does NOT clean the special characters before generating a hash, so the hash we generated did not match the one used in Drupal.
I am not positive how you can properly handle this since any applications you may Converge will have their own rules.
In admin/sources/control_panel/cp_products/apps.php we have this line in product_add()
$app_md5_password = md5( trim( $this->ipsclass->input['app_password'] ) );
needs to be changed to
$app_md5_password = md5( trim( $_POST['app_password'] ) );
Otherwise !, $, <, > and other characters can get "cleaned", and the resulting MD5 hash would be of these "cleaned" characters. We then send the MD5-once password to the remote application. This is fine for IP.Board, but when working with a converged Drupal installation, it does NOT clean the special characters before generating a hash, so the hash we generated did not match the one used in Drupal.
I am not positive how you can properly handle this since any applications you may Converge will have their own rules.
0 user(s) are reading this issue
0 members, 0 guests, 0 anonymous users
