Details
Bug
Major
Description
When a new DirectAdmin account is created, the password will be truncated in the welcome email at the point a < character is detected.
For example, if the password is:
N{,e<E|7OC?V
The following will be included in the welcome email:
N{,e
Activity
Paul Phillips
created issue -
Paul Phillips
made changes -
| Field | Original Value | New Value |
|---|---|---|
| Rank | Ranked higher |
Paul Phillips
made changes -
| Sprint | 5.0.0 Sprint 1 [ 118 ] |
Paul Phillips
made changes -
| Rank | Ranked lower |
| Rank | Ranked higher |
The answer is yes. This has to do with email Html parsing, not DirectAdmin. This does only apply to passwords with a '<' however.
https://www.blesta.com/forums/index.php?/topic/13357-directadmin-activation-email
Is that related to h2o parsing the templates, or we parse the final message prior to delivery? Is there a global fix?
Paul Phillips
added a comment - Is that related to h2o parsing the templates, or we parse the final message prior to delivery? Is there a global fix? I don't think it is h2o taking care of this part, but it might be. It seems very likely there is a global fix, but we could also do a simple fix that doesn't allow the '<' character in the password.
| Assignee | Abdy Franco [ abdy ] |
| Status | Open [ 1 ] | In Progress [ 3 ] |
Automated transition triggered when Abdy Franco created pull request #23 in Stash -
| Status | In Progress [ 3 ] | In Review [ 5 ] |
| Resolution | Fixed [ 1 ] |
We can use the built-in "safe" filter. https://github.com/speedmax/h2o-php/wiki/Built-in-filters#safe
| Remaining Estimate | 0 minutes [ 0 ] | |
| Time Spent | 22 minutes [ 1320 ] | |
| Worklog Id | 14232 [ 14232 ] |
Nice find!
Automated transition triggered when Jonathan Reissmueller merged pull request #23 in Stash -
| Status | In Review [ 5 ] | Closed [ 6 ] |
Question.. will this impact other modules?