Uploaded image for project: 'Blesta Core'
  1. Blesta Core
  2. CORE-3856

DirectAdmin: Passwords truncated in welcome email

        Details

        • Type: Bug
        • Status: Closed
        • Priority: Major
        • Resolution: Fixed
        • Affects Version/s: 4.12.0-b1
        • Fix Version/s: 4.12.0
        • Component/s: Modules
        • Labels:
          None

          Description

          When a new DirectAdmin account is created, the password will be truncated in the welcome email at the point a < character is detected.

          For example, if the password is:

          N{,e<E|7OC?V

          The following will be included in the welcome email:

          N{,e

            Activity

            Ascending order - Click to sort in descending order
            Hide
            Permalink
            admin Paul Phillips added a comment -

            Question.. will this impact other modules?

            Show
            admin Paul Phillips added a comment - Question.. will this impact other modules?
            Hide
            Permalink
            jonathan Jonathan Reissmueller added a comment - - edited

            The answer is yes. This has to do with email Html parsing, not DirectAdmin. This does only apply to passwords with a '<' however.

            https://www.blesta.com/forums/index.php?/topic/13357-directadmin-activation-email

            Show
            jonathan Jonathan Reissmueller added a comment - - edited The answer is yes. This has to do with email Html parsing, not DirectAdmin. This does only apply to passwords with a '<' however. https://www.blesta.com/forums/index.php?/topic/13357-directadmin-activation-email
            Hide
            Permalink
            admin Paul Phillips added a comment -

            Is that related to h2o parsing the templates, or we parse the final message prior to delivery? Is there a global fix?

            Show
            admin Paul Phillips added a comment - Is that related to h2o parsing the templates, or we parse the final message prior to delivery? Is there a global fix?
            Hide
            Permalink
            jonathan Jonathan Reissmueller added a comment -

            I don't think it is h2o taking care of this part, but it might be. It seems very likely there is a global fix, but we could also do a simple fix that doesn't allow the '<' character in the password.

            Show
            jonathan Jonathan Reissmueller added a comment - I don't think it is h2o taking care of this part, but it might be. It seems very likely there is a global fix, but we could also do a simple fix that doesn't allow the '<' character in the password.
            Hide
            Permalink
            abdy Abdy Franco added a comment -

            We can use the built-in "safe" filter. https://github.com/speedmax/h2o-php/wiki/Built-in-filters#safe

            Show
            abdy Abdy Franco added a comment - We can use the built-in "safe" filter. https://github.com/speedmax/h2o-php/wiki/Built-in-filters#safe
            Hide
            Permalink
            jonathan Jonathan Reissmueller added a comment -

            Nice find!

            Show
            jonathan Jonathan Reissmueller added a comment - Nice find!

              People

              • Assignee:
                abdy Abdy Franco
                Reporter:
                admin Paul Phillips
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  28/Sep/20

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 22 minutes
                  22m

                    Agile