Easy Hosting Control Panel for Ubuntu

Bug #818103
Comment #2

Comment 2 for bug 818103

Revision history for this message

Derek manning (derek-manning) wrote on 2011-07-29: Re: [Bug 818103] [NEW] SquirrelMail password Script Issue

I'm running .13 I haven't updated yet. I'll check and see .15 I've got an internal ticket that I'm tracking this against, but everything seems ok on my side after the fix.

does the .13 - .15 upgrade include a new squirrel mail plug in? The issue I ask having is explicitly with the squirrel plugin. Including some error return checking on the database use/select statement would catch this.

ehcpdeveloper <email address hidden> wrote:

>is this same, in version 0.29.15, which is latest now ?
>I checked on my side, files seems ok.
>please download from www.ehcp.net/download and re-check
>thanks for bug report.
>
>On Fri, Jul 29, 2011 at 6:18 PM, Derek manning
><email address hidden> wrote:
>> Public bug reported:
>>
>> ECHP version: 0.29.13
>>
>> ehcp plugin for squirrel mail has two issues:
>> 1. It is possible to select an invalid database. Lack of error checking on mysql select statement will cause script failure without notifying user. this can be tested by modifying config.php and changing the dbname variable to a database that doesn't exist. ie/ $dbname = foobar
>>
>> 2. Variable name in config.php file for database name is $dbname, while
>> select statement in ehcp_password_change.php references $db. this causes
>> the database update command to select a "null" database on the database
>> server because $db is not initialized. This failure is not reported due
>> to the issue (1.) above.
>>
>> The emailuser password never gets changed.
>>
>> ** Affects: ehcp
>> Importance: Undecided
>> Status: New
>>
>> --
>> You received this bug notification because you are a member of Easy
>> Hosting Control Panel Team, which is subscribed to Easy Hosting Control
>> Panel for Ubuntu.
>> https://bugs.launchpad.net/bugs/818103
>>
>> Title:
>> SquirrelMail password Script Issue
>>
>> Status in Easy Hosting Control Panel for Ubuntu:
>> New
>>
>> Bug description:
>> ECHP version: 0.29.13
>>
>> ehcp plugin for squirrel mail has two issues:
>> 1. It is possible to select an invalid database. Lack of error checking on mysql select statement will cause script failure without notifying user. this can be tested by modifying config.php and changing the dbname variable to a database that doesn't exist. ie/ $dbname = foobar
>>
>> 2. Variable name in config.php file for database name is $dbname,
>> while select statement in ehcp_password_change.php references $db.
>> this causes the database update command to select a "null" database on
>> the database server because $db is not initialized. This failure is
>> not reported due to the issue (1.) above.
>>
>> The emailuser password never gets changed.
>>
>> To manage notifications about this bug go to:
>> https://bugs.launchpad.net/ehcp/+bug/818103/+subscriptions
>>
>
>--
>You received this bug notification because you are subscribed to the bug
>report.
>https://bugs.launchpad.net/bugs/818103
>
>Title:
> SquirrelMail password Script Issue
>
>Status in Easy Hosting Control Panel for Ubuntu:
> New
>
>Bug description:
> ECHP version: 0.29.13
>
> ehcp plugin for squirrel mail has two issues:
> 1. It is possible to select an invalid database. Lack of error checking on mysql select statement will cause script failure without notifying user. this can be tested by modifying config.php and changing the dbname variable to a database that doesn't exist. ie/ $dbname = foobar
>
> 2. Variable name in config.php file for database name is $dbname,
> while select statement in ehcp_password_change.php references $db.
> this causes the database update command to select a "null" database on
> the database server because $db is not initialized. This failure is
> not reported due to the issue (1.) above.
>
> The emailuser password never gets changed.
>
>To manage notifications about this bug go to:
>https://bugs.launchpad.net/ehcp/+bug/818103/+subscriptions

I'm running .13 I haven't updated yet. I'll check and see .15  I've got an internal ticket that I'm tracking this against, but everything seems ok on my side after the fix.

does the .13 - .15 upgrade include a new squirrel mail plug in? The issue I ask having is explicitly with the squirrel plugin.  Including some error return checking on the database use/select statement would catch this.

ehcpdeveloper <info@ehcp.net> wrote:

>is this same, in version 0.29.15, which is latest now ?
>I checked on my side, files seems ok.
>please download from www.ehcp.net/download and re-check
>thanks for bug report.
>
>On Fri, Jul 29, 2011 at 6:18 PM, Derek manning
><818103@bugs.launchpad.net> wrote:
>> Public bug reported:
>>
>> ECHP version:  0.29.13
>>
>> ehcp plugin for squirrel mail has two issues:
>> 1. It is possible to select an invalid database. Lack of error checking on mysql select statement will cause script failure without notifying user.   this can be tested by modifying config.php and changing the dbname variable to a database that doesn't exist.  ie/ $dbname = foobar
>>
>> 2. Variable name in config.php file for database name is $dbname, while
>> select statement in ehcp_password_change.php references $db. this causes
>> the database update command to select a "null" database on the database
>> server because $db is not initialized.  This failure is not reported due
>> to the issue (1.) above.
>>
>> The emailuser password never gets changed.
>>
>> ** Affects: ehcp
>>     Importance: Undecided
>>         Status: New
>>
>> --
>> You received this bug notification because you are a member of Easy
>> Hosting Control Panel Team, which is subscribed to Easy Hosting Control
>> Panel for Ubuntu.
>> https://bugs.launchpad.net/bugs/818103
>>
>> Title:
>>  SquirrelMail password Script Issue
>>
>> Status in Easy Hosting Control Panel for Ubuntu:
>>  New
>>
>> Bug description:
>>  ECHP version:  0.29.13
>>
>>  ehcp plugin for squirrel mail has two issues:
>>  1. It is possible to select an invalid database. Lack of error checking on mysql select statement will cause script failure without notifying user.   this can be tested by modifying config.php and changing the dbname variable to a database that doesn't exist.  ie/ $dbname = foobar
>>
>>  2. Variable name in config.php file for database name is $dbname,
>>  while select statement in ehcp_password_change.php references $db.
>>  this causes the database update command to select a "null" database on
>>  the database server because $db is not initialized.  This failure is
>>  not reported due to the issue (1.) above.
>>
>>  The emailuser password never gets changed.
>>
>> To manage notifications about this bug go to:
>> https://bugs.launchpad.net/ehcp/+bug/818103/+subscriptions
>>
>
>-- 
>You received this bug notification because you are subscribed to the bug
>report.
>https://bugs.launchpad.net/bugs/818103
>
>Title:
>  SquirrelMail password Script Issue
>
>Status in Easy Hosting Control Panel for Ubuntu:
>  New
>
>Bug description:
>  ECHP version:  0.29.13
>
>  ehcp plugin for squirrel mail has two issues:
>  1. It is possible to select an invalid database. Lack of error checking on mysql select statement will cause script failure without notifying user.   this can be tested by modifying config.php and changing the dbname variable to a database that doesn't exist.  ie/ $dbname = foobar
>
>  2. Variable name in config.php file for database name is $dbname,
>  while select statement in ehcp_password_change.php references $db.
>  this causes the database update command to select a "null" database on
>  the database server because $db is not initialized.  This failure is
>  not reported due to the issue (1.) above.
>
>  The emailuser password never gets changed.
>
>To manage notifications about this bug go to:
>https://bugs.launchpad.net/ehcp/+bug/818103/+subscriptions