[opencms-dev] BUG: URLDecoder complains about content of password
Stefan Nehlsen
sn at ltsh.de
Wed Jul 2 16:01:15 CEST 2008
I'm really new to OpenCMS and discovered a bug in one of my very first
actions. Being a newbie I would propose that someone more expierenced
will look at this.
After installing version 7.0.4 I wanted to change the password and
entered something like that: "test%"
This leads to the following error message:
URLDecoder: Incomplete trailing escape (%) pattern
I don't think that this is a error message you want to see in this
situation, instead it looks as that there is something happening on
the wrong level.
I created a different account and gave it a password like "test%20".
This string was accepted as password data but I wasn't able to login
with it even when I tried a decoded version "test ".
This is a bug -- a user is able to disable his account.
cu, Stefan
--
Stefan Nehlsen | ParlaNet Administration | sn at ltsh.de | +49 431 988-1260
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://webmail.opencms.org/pipermail/opencms-dev/attachments/20080702/56972dbe/attachment.sig>
More information about the opencms-dev
mailing list