Admin E-mail options SMTP password: special HTML characters escaped
ZC 1.5.6c
PHP 7.3.8
MariaDB 10.3.17
Plugins:
multi-language country names v1.1.0
multi-language zone names v1.0.0
sitemap XML 3.9.6
Easy Populate v4.0
Image Handle 5 v5.1.5
Stripe v1.3.4
Direct Bank Deposit v1.5.3
Skinny About Us Page v1.0
CKEditor v3.7s
Structured Data Plugin (master from git)
Google ReCaptcha 2 v3.4
Flexible Footer Menu Multilingual v1.5
Gift Wrap Module v2.14
Edit invoice & packing slips v1.0.2
Hi, I have noticed today that the SMTP password in the email options section of the admin configuration does not accept HTML special characters: it escapes them. This is visible when trying to edit the password again.
" becomes "
< becomes <
etc.
I did not see a specific bug report for this field, but I realize that the sanitizing is being looked at. Maybe a quick fix for this particular one might be possible? I'm afraid of compromising security by trying haphazardly myself, but am happy to experiment with suggestions.
Last edited by gernot; 8 Sep 2019 at 08:42 AM.
Zen Cart 1.5.6c modified to support Japanese language (postage module support work in progress). Upgraded incrementally each version from initial 1.5.5d.
Bookmarks