matomo icon indicating copy to clipboard operation
matomo copied to clipboard

Published 20 hours ago verified publisher icon matomo-org

SMTP passwords with ampersand are saved as &

Open fritzmg opened this issue 2 years ago • 4 comments

Expected Behavior

When saving an SMTP passwords that contains an ampersand (&), it should be saved as such, otherwise authentication will not work.

Current Behavior

Ampersands in SMTP passwords are saved as &

Steps to Reproduce (for Bugs)

  1. Go to System - General settings - Email server settings.
  2. Fill out the details, with a password containing the & character, like foo&bar.
  3. Check the config/config.ini.php - it will say password = "foo&bar"

Your Environment

  • Matomo Version: 4.10.1
  • PHP Version: 7.4.28
  • Server Operating System: Debian 10

fritzmg avatar Jun 10 '22 17:06 fritzmg

@fritzmg thanks for reporting this, our product team will prioritize this bug

peterhashair avatar Jun 12 '22 22:06 peterhashair

then when it's used it's likely unsanitizeInputValue is used as it is with other user inputted values in other areas.

That's currently not the case though - but I see you already created a PR to fix this 👍

fritzmg avatar Aug 09 '22 09:08 fritzmg

@fritzmg Are you actually having any trouble with the & in your password? Looking through the code it seems to be on purpose that a & is stored as &, as config values are encoded when written and decoded when read (using htmlentities).

sgiehl avatar Sep 08 '22 12:09 sgiehl

I did, yes. However in retrospect I am not sure anymore if the credentials were the actual problem. I will need to test again.

fritzmg avatar Sep 08 '22 13:09 fritzmg

@fritzmg I believe this is invalid, close the issue for now. If the issue appears again, feel free to reopen this issue.

peterhashair avatar Nov 09 '22 02:11 peterhashair