On 12/20/12 00:31 +0000, John Newbigin wrote:
Hi, This is a patch I have been sitting on for some time. I have been upgrading from 2.1.19 to 2.1.23 and I have found that some of my patches are still required (and even work). (These are red hat releases but it seems relevant to the vanilla source too). The first issue is that when using saslauthd with auth_httpform, the password is not correctly encoded if it contains a & character. I also escape the % which I think is required. Spaces and + might also be a problem (untested). For full correctness, all the expanded parameters should probably be correctly encoded as x-www-form-urlencoded http://www.w3.org/MarkUp/html-spec/html-spec_8.html I can implement that if anyone is interested but there might be others who know the code better.
John, There was a bug opened regarding this issue at: https://bugzilla.cyrusimap.org/show_bug.cgi?id=3508 A patch was applied (commit 09348d4e94a49ad4f0891934e353d993226cc9fd) prior to the 2.1.26 release. Can you verify it addresses your issue? Thanks, -- Dan White
