SMTP passwords with ampersand are saved as & #19340

Expected Behavior

When saving an SMTP passwords that contains an ampersand (&), it should be saved as such, otherwise authentication will not work.

Current Behavior

Ampersands in SMTP passwords are saved as &

Steps to Reproduce (for Bugs)

1. Go to System - General settings - Email server settings.
2. Fill out the details, with a password containing the & character, like foo&bar.
3. Check the config/config.ini.php - it will say password = "foo&bar"

Your Environment

• Matomo Version: 4.10.1
• PHP Version: 7.4.28
• Server Operating System: Debian 10

@fritzmg thanks for reporting this, our product team will prioritize this bug

then when it's used it's likely unsanitizeInputValue is used as it is with other user inputted values in other areas.

That's currently not the case though - but I see you already created a PR to fix this 👍

@fritzmg Are you actually having any trouble with the & in your password?
Looking through the code it seems to be on purpose that a & is stored as &, as config values are encoded when written and decoded when read (using htmlentities).

I did, yes. However in retrospect I am not sure anymore if the credentials were the actual problem. I will need to test again.

@fritzmg I believe this is invalid, close the issue for now. If the issue appears again, feel free to reopen this issue.