Autogenerated password breaks Roundcube

    Hi


    When running the installer, it creates a random password for roundcube_user. This autogenerated password breaks Roundcube, because the special characters are not escaped.
    Example, in my case:
    The generated password was " g#"!/@ect|'*8SVi " which contains a single quote, and an @ sign
    The generated code looks like this:

    Code
    1. $config['db_dsnw'] = 'mysql://roundcube_user:g#"!/@ect|'*8SVi@localhost:3306/ispcp_roundcube';


    Which prints a PHP error, because of the single quote in the password. It would also break if there was just the @ sign.


    Those characters would need to be escaped (and maybe more). But I'd recommend to make things simple: just use alphanumeric passwords and make them a bit longer (30 characters or so).

    @theemstra


    What you mean exactly when you say: "Same for some email passwords on roundcube." If you're talking about password generated through the frontEnd when creating new mail account, please create a new thread because this is another issue.


    Thanks.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    SSH key for online support

    @Jadawin


    At first, you should consider to follow our posting rules because here, you do not provide us sufficient information... See i-MSCP bugs - Reporting rules


    Anyway, I cannot reproduce the problem with the 1.2.x branch and no change has been made since version 1.2.0 in the installer that can cause that issue. This issue has been already solved in past. The code which is responsible to escape the single quotes in the password is:


    Perl
    1. (my $dbPass = main::setupGetQuestion('ROUNDCUBE_SQL_PASSWORD')) =~ s%(')%\\$1%g;


    Thus, it could be great to know which version you're using, the plugins you are using, your distro, codename and so on.


    See the screens below which show that your password is correctly escaped with the 1.2.x serie:

    Files

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    SSH key for online support

    @theemstra


    I've just tried to create a mail account with the following password: g#"!/@ect|'*8SVi and all is working as expected. ;) I must really know which password cause your issue.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    SSH key for online support

    @Jadawin


    I've even tried with a password containing only one @ character and this works ;)


    I'll only add check for usernames/passwords length and also escape usernames because single quotes are also allowed in them.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    SSH key for online support