Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SMTP passwords with ampersand are saved as & #19340

Closed
fritzmg opened this issue Jun 10, 2022 · 5 comments
Closed

SMTP passwords with ampersand are saved as & #19340

fritzmg opened this issue Jun 10, 2022 · 5 comments
Labels
answered For when a question was asked and we referred to forum or answered it.
Milestone
For Prioritization

Comments

@fritzmg
Copy link

fritzmg commented Jun 10, 2022

Expected Behavior

When saving an SMTP passwords that contains an ampersand (&), it should be saved as such, otherwise authentication will not work.

Current Behavior

Ampersands in SMTP passwords are saved as &

Steps to Reproduce (for Bugs)

  1. Go to System - General settings - Email server settings.
  2. Fill out the details, with a password containing the & character, like foo&bar.
  3. Check the config/config.ini.php - it will say password = "foo&bar"

Your Environment

  • Matomo Version: 4.10.1
  • PHP Version: 7.4.28
  • Server Operating System: Debian 10
@fritzmg fritzmg added the Potential Bug Something that might be a bug, but needs validation and confirmation it can be reproduced. label Jun 10, 2022
@peterhashair
Copy link
Contributor

@fritzmg thanks for reporting this, our product team will prioritize this bug

@peterhashair peterhashair added the Needs priority decision This issue may need to be added to the current milestone by Product Manager label Jun 12, 2022
@sgiehl sgiehl removed the Needs priority decision This issue may need to be added to the current milestone by Product Manager label Jun 27, 2022
@sgiehl sgiehl added this to the For Prioritization milestone Jun 27, 2022
AaronClifford added a commit to AaronClifford/matomo that referenced this issue Aug 9, 2022
@AaronClifford
Bugfix: This should fix matomo-org#19340, added unsanitizeInputValue …
acf150e 
…around the username/password in the initSmtpTransport function, requires testing.
@AaronClifford AaronClifford mentioned this issue Aug 9, 2022
Closed
11 tasks
@fritzmg
Copy link
Author

fritzmg commented Aug 9, 2022

then when it's used it's likely unsanitizeInputValue is used as it is with other user inputted values in other areas.

That's currently not the case though - but I see you already created a PR to fix this 👍

@sgiehl
Copy link
Member

sgiehl commented Sep 8, 2022

@fritzmg Are you actually having any trouble with the & in your password?
Looking through the code it seems to be on purpose that a & is stored as &, as config values are encoded when written and decoded when read (using htmlentities).

@fritzmg
Copy link
Author

fritzmg commented Sep 8, 2022

I did, yes. However in retrospect I am not sure anymore if the credentials were the actual problem. I will need to test again.

@peterhashair peterhashair added answered For when a question was asked and we referred to forum or answered it. and removed Potential Bug Something that might be a bug, but needs validation and confirmation it can be reproduced. labels Nov 9, 2022
@peterhashair
Copy link
Contributor

@fritzmg I believe this is invalid, close the issue for now. If the issue appears again, feel free to reopen this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
answered For when a question was asked and we referred to forum or answered it.
Projects
None yet
Milestone
For Prioritization
3 participants
@sgiehl @peterhashair @fritzmg