[Vtigercrm-developers] vtiger CRM 5.4.0 - Security Patch Released in Live
Adam Heinz
amh at metricwise.net
Tue Mar 26 15:21:25 GMT 2013
I found the password issue in Trac:
http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/6325
On Tue, Mar 26, 2013 at 11:04 AM, Adam Heinz <amh at metricwise.net> wrote:
> I'm still working through the patch, but I think I see a bad hunk. At
> modules/Users/Authenticate.php:33, I
> see vtlib_purify($_REQUEST['user_password']) being added back in. I think
> I remember this specifically causing problems for passwords with special
> characters in them.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20130326/14156d00/attachment.html>
More information about the vtigercrm-developers
mailing list