The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Bug htmlentities or equiv on FTP Backup password

Discussion in 'General Discussion' started by BahBah, Mar 12, 2010.

  1. BahBah

    BahBah Active Member

    Joined:
    Sep 25, 2003
    Messages:
    33
    Likes Received:
    0
    Trophy Points:
    6
    Hi

    The password field on the Configure Backup page that is used for the authentication details of the remote FTP backup either uses htmlentities (or equivalent to the PHP function) on form submission but definately uses it on page load. This means any instances of ampersand, for example, get reinterpreted on form submit and saves an invalid password. In addition to this, it doesn't unhtmlentities when restoring the password into the field on new page load so therefor on further submits you end up saving &

    On a sidenote, I know it's not crucial, I'm not too sure the password should be viewable in the HTML and instead should remain empty so that an empty password form submission doesn't update the password. I was able to ascertain the htmlentities problem by viewing in plain text my password in the html source. I appreciate that someone needs to be logged into WHM to do this, and the only obvious scenario for malicious use of this would be someone using the logged in computer but it wouldn't take much effort to resolve this permanently.

    I see cleartext has been filed as a bug: http://bugzilla.cpanel.net/show_bug.cgi?id=2150 (in 2005!) but haven't been able to find the htmlentities bug logged.
     
    #1 BahBah, Mar 12, 2010
    Last edited: Mar 12, 2010
  2. dansgalaxy

    dansgalaxy Well-Known Member

    Joined:
    Jan 29, 2007
    Messages:
    92
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Reading, UK
    cPanel Access Level:
    Root Administrator
    Bumping this as this is an issue I have just discovered. This needs to be fixed and is a stupid bug, which can't just easily be fixed in minor updates.

    I am having problems with this as it now means cpbackup seems to find it impossible to authenticate with my FTP backup.
     
Loading...

Share This Page