From b3cd5a649be62f175de651a16ae02c5f709ca2f4 Mon Sep 17 00:00:00 2001
From: Nathaniel Guse <nathaniel.guse@gmail.com>
Date: Mon, 3 Sep 2012 13:32:33 -0500
Subject: [ticket/8713] Do not trim login inputs

Create a function to request variables which are not trimmed.

All requests for passwords (except forum passwords) now use the
untrimmed request function.

PHPBB3-8713
---
 phpBB/includes/acp/acp_language.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'phpBB/includes/acp/acp_language.php')

diff --git a/phpBB/includes/acp/acp_language.php b/phpBB/includes/acp/acp_language.php
index 2b19f93c75..87cf605d8e 100644
--- a/phpBB/includes/acp/acp_language.php
+++ b/phpBB/includes/acp/acp_language.php
@@ -100,11 +100,11 @@ class acp_language
 			switch ($method)
 			{
 				case 'ftp':
-					$transfer = new ftp(request_var('host', ''), request_var('username', ''), request_var('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
+					$transfer = new ftp(request_var('host', ''), request_var('username', ''), $request->untrimed_variable('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
 				break;
 
 				case 'ftp_fsock':
-					$transfer = new ftp_fsock(request_var('host', ''), request_var('username', ''), request_var('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
+					$transfer = new ftp_fsock(request_var('host', ''), request_var('username', ''), $request->untrimed_variable('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
 				break;
 
 				default:
@@ -404,7 +404,7 @@ class acp_language
 						trigger_error($user->lang['INVALID_UPLOAD_METHOD'], E_USER_ERROR);
 					}
 
-					$transfer = new $method(request_var('host', ''), request_var('username', ''), request_var('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
+					$transfer = new $method(request_var('host', ''), request_var('username', ''), $request->untrimed_variable('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
 
 					if (($result = $transfer->open_session()) !== true)
 					{
-- 
cgit v1.2.1


From f2607fc9e80c6f9ad7543b7be5ea6f294aa6c40a Mon Sep 17 00:00:00 2001
From: Andreas Fischer <bantu@phpbb.com>
Date: Sat, 8 Sep 2012 14:15:56 +0200
Subject: [ticket/8713] Rename untrimed_variable() to untrimmed_variable().

PHPBB3-8713
---
 phpBB/includes/acp/acp_language.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'phpBB/includes/acp/acp_language.php')

diff --git a/phpBB/includes/acp/acp_language.php b/phpBB/includes/acp/acp_language.php
index 87cf605d8e..b5f5ba2312 100644
--- a/phpBB/includes/acp/acp_language.php
+++ b/phpBB/includes/acp/acp_language.php
@@ -100,11 +100,11 @@ class acp_language
 			switch ($method)
 			{
 				case 'ftp':
-					$transfer = new ftp(request_var('host', ''), request_var('username', ''), $request->untrimed_variable('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
+					$transfer = new ftp(request_var('host', ''), request_var('username', ''), $request->untrimmed_variable('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
 				break;
 
 				case 'ftp_fsock':
-					$transfer = new ftp_fsock(request_var('host', ''), request_var('username', ''), $request->untrimed_variable('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
+					$transfer = new ftp_fsock(request_var('host', ''), request_var('username', ''), $request->untrimmed_variable('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
 				break;
 
 				default:
@@ -404,7 +404,7 @@ class acp_language
 						trigger_error($user->lang['INVALID_UPLOAD_METHOD'], E_USER_ERROR);
 					}
 
-					$transfer = new $method(request_var('host', ''), request_var('username', ''), $request->untrimed_variable('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
+					$transfer = new $method(request_var('host', ''), request_var('username', ''), $request->untrimmed_variable('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
 
 					if (($result = $transfer->open_session()) !== true)
 					{
-- 
cgit v1.2.1


From cc0c378caf9bfc480391a9d11d5a4d78c0df097c Mon Sep 17 00:00:00 2001
From: Andreas Fischer <bantu@phpbb.com>
Date: Sat, 8 Sep 2012 14:40:35 +0200
Subject: [ticket/8713] Call htmlspecialchars_decode() on transfer (e.g. ftp)
 passwords.

PHPBB3-8713
---
 phpBB/includes/acp/acp_language.php | 27 ++++++++++++++++++++++++---
 1 file changed, 24 insertions(+), 3 deletions(-)

(limited to 'phpBB/includes/acp/acp_language.php')

diff --git a/phpBB/includes/acp/acp_language.php b/phpBB/includes/acp/acp_language.php
index b5f5ba2312..2be1ccfc41 100644
--- a/phpBB/includes/acp/acp_language.php
+++ b/phpBB/includes/acp/acp_language.php
@@ -100,11 +100,25 @@ class acp_language
 			switch ($method)
 			{
 				case 'ftp':
-					$transfer = new ftp(request_var('host', ''), request_var('username', ''), $request->untrimmed_variable('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
+					$transfer = new ftp(
+						request_var('host', ''),
+						request_var('username', ''),
+						htmlspecialchars_decode($request->untrimmed_variable('password', '')),
+						request_var('root_path', ''),
+						request_var('port', ''),
+						request_var('timeout', '')
+					);
 				break;
 
 				case 'ftp_fsock':
-					$transfer = new ftp_fsock(request_var('host', ''), request_var('username', ''), $request->untrimmed_variable('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
+					$transfer = new ftp_fsock(
+						request_var('host', ''),
+						request_var('username', ''),
+						htmlspecialchars_decode($request->untrimmed_variable('password', '')),
+						request_var('root_path', ''),
+						request_var('port', ''),
+						request_var('timeout', '')
+					);
 				break;
 
 				default:
@@ -404,7 +418,14 @@ class acp_language
 						trigger_error($user->lang['INVALID_UPLOAD_METHOD'], E_USER_ERROR);
 					}
 
-					$transfer = new $method(request_var('host', ''), request_var('username', ''), $request->untrimmed_variable('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
+					$transfer = new $method(
+						request_var('host', ''),
+						request_var('username', ''),
+						htmlspecialchars_decode($request->untrimmed_variable('password', '')),
+						request_var('root_path', ''),
+						request_var('port', ''),
+						request_var('timeout', '')
+					);
 
 					if (($result = $transfer->open_session()) !== true)
 					{
-- 
cgit v1.2.1