[2.2.0] Possible bug in ispconfig_isp_web.inc.php

Discussion in 'General' started by bjmg, Mar 9, 2006.

  1. bjmg

    bjmg New Member


    I found the following code in lib/classes/ispconfig_isp_web.lib.php (around line 314):
    if(substr($web["optionen_mysql_passwort"],0,5) != "||||:" and $web["optionen_mysql_passwort"] != "") {
          $go_api->db->query("UPDATE isp_isp_web SET optionen_mysql_passwort = concat('||||:' , password([b]optionen_mysql_passwort[/b])) where doc_id = '$doc_id'");
    Now I think that optionen_mysql_passwort (written bold) is wrong. It should be $web["optionen_mysql_passwort"], right?

    I did not test what that code actually does. I just saw that line and thought there is an error.

  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Hi Bernhard,

    thank you for reviewing the code! The snippet above is correct. The if statement checks if "||||:" is not at the beginning of the password string and then it encrypts the content of the table column "optionen_mysql_passwort" with the mysql password command and adds "||||:" at the beginning.


Share This Page