Say your admin email address on a remote application is "john@doe.com" and your password is "something!". Because of the ! point, you cannot add the application (you get an error that the password is not correct).
In admin/sources/control_panel/cp_products/apps.php we have this line in product_add()
$app_md5_password = md5( trim( $this->ipsclass->input['app_password'] ) );
needs to be changed to
$app_md5_password = md5( trim( $_POST['app_password'] ) );
Otherwise !, $, <, > and other characters can get "cleaned", and the resulting MD5 hash would be of these "cleaned" characters. We then send the MD5-once password to the remote application. This is fine for
IP.Board, but when working with a converged Drupal installation, it does NOT clean the special characters before generating a hash, so the hash we generated did not match the one used in Drupal.
I am not positive how you can properly handle this since any applications you may Converge will have their own rules.
Źródło: http://community.invisionpower.com/tracker/issue-25321-adding-application-uses-cleaned-password/
wto, 28 wrzesień 2010
Kanał Rss
Kanał Atom