@fritzmg opened this Issue on June 10th 2022

Expected Behavior

When saving an SMTP passwords that contains an ampersand (&), it should be saved as such, otherwise authentication will not work.

Current Behavior

Ampersands in SMTP passwords are saved as &

Steps to Reproduce (for Bugs)

  1. Go to System - General settings - Email server settings.
  2. Fill out the details, with a password containing the & character, like foo&bar.
  3. Check the config/config.ini.php - it will say password = "foo&bar"

Your Environment

  • Matomo Version: 4.10.1
  • PHP Version: 7.4.28
  • Server Operating System: Debian 10
@peterhashair commented on June 12th 2022 Contributor

@fritzmg thanks for reporting this, our product team will prioritize this bug

@fritzmg commented on August 9th 2022

then when it's used it's likely unsanitizeInputValue is used as it is with other user inputted values in other areas.

That's currently not the case though - but I see you already created a PR to fix this 👍

@sgiehl commented on September 8th 2022 Member

@fritzmg Are you actually having any trouble with the & in your password?
Looking through the code it seems to be on purpose that a & is stored as &, as config values are encoded when written and decoded when read (using htmlentities).

@fritzmg commented on September 8th 2022

I did, yes. However in retrospect I am not sure anymore if the credentials were the actual problem. I will need to test again.

Powered by GitHub Issue Mirror