From 11216a1925b8431c33dd40fcf068a4a3d3ce536d Mon Sep 17 00:00:00 2001 From: Aleksander Machniak Date: Fri, 16 Nov 2018 13:22:13 +0100 Subject: [PATCH] Changed 'password_charset' default to 'UTF-8' (#6522) --- CHANGELOG | 3 ++- config/defaults.inc.php | 8 +++----- index.php | 2 +- plugins/password/password.php | 9 +++------ 4 files changed, 9 insertions(+), 13 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 258d72692..57d78cdc6 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,10 +1,11 @@ CHANGELOG Roundcube Webmail =========================== +- Changed 'password_charset' default to 'UTF-8' (#6522) - Add skins_allowed option (#6483) - SMTP GSSAPI support via krb_authentication plugin (#6417) - Avoid Referer leaking by using Referrer-Policy:same-origin header (#6385) -- Removed referer_check option (#6440) +- Removed 'referer_check' option (#6440) - Use constant prefix for temp file names, don't remove temp files from other apps (#6511) - Ignore 'Sender' header on Reply-All action (#6506) - Update to TinyMCE 4.8.2 diff --git a/config/defaults.inc.php b/config/defaults.inc.php index cacfa48e3..fb7b9a542 100644 --- a/config/defaults.inc.php +++ b/config/defaults.inc.php @@ -538,11 +538,9 @@ $config['username_domain_forced'] = false; // For example %n = mail.domain.tld, %t = domain.tld $config['mail_domain'] = ''; -// Password character set. -// If your authentication backend supports it, use "UTF-8". -// Otherwise, use the appropriate character set. -// Defaults to ISO-8859-1 for backward compatibility. -$config['password_charset'] = 'ISO-8859-1'; +// Password character set, to change the password for user +// authentication or for password change operations +$config['password_charset'] = 'UTF-8'; // How many seconds must pass between emails sent by a user $config['sendmail_delay'] = 0; diff --git a/index.php b/index.php index 3af2c6a3f..f0dc37ac1 100644 --- a/index.php +++ b/index.php @@ -103,7 +103,7 @@ $RCMAIL->action = $startup['action']; // try to log in if ($RCMAIL->task == 'login' && $RCMAIL->action == 'login') { $request_valid = $_SESSION['temp'] && $RCMAIL->check_request(); - $pass_charset = $RCMAIL->config->get('password_charset', 'ISO-8859-1'); + $pass_charset = $RCMAIL->config->get('password_charset', 'UTF-8'); // purge the session in case of new login when a session already exists $RCMAIL->kill_session(); diff --git a/plugins/password/password.php b/plugins/password/password.php index 05c13e5b2..39c549939 100644 --- a/plugins/password/password.php +++ b/plugins/password/password.php @@ -141,7 +141,7 @@ class password extends rcube_plugin $this->rc->output->command('display_message', $this->gettext('nopassword'), 'error'); } else { - $charset = strtoupper($this->rc->config->get('password_charset', 'ISO-8859-1')); + $charset = strtoupper($this->rc->config->get('password_charset', 'UTF-8')); $rc_charset = strtoupper($this->rc->output->get_charset()); $sespwd = $this->rc->decrypt($_SESSION['password']); @@ -152,12 +152,9 @@ class password extends rcube_plugin // check allowed characters according to the configured 'password_charset' option // by converting the password entered by the user to this charset and back to UTF-8 $orig_pwd = $newpwd; - $chk_pwd = rcube_charset::convert($orig_pwd, $rc_charset, $charset); - $chk_pwd = rcube_charset::convert($chk_pwd, $charset, $rc_charset); + $chk_pwd = rcube_charset::convert($orig_pwd, $rc_charset, $charset); + $chk_pwd = rcube_charset::convert($chk_pwd, $charset, $rc_charset); - // WARNING: Default password_charset is ISO-8859-1, so conversion will - // change national characters. This may disable possibility of using - // the same password in other MUA's. // We're doing this for consistence with Roundcube core $newpwd = rcube_charset::convert($newpwd, $rc_charset, $charset); $conpwd = rcube_charset::convert($conpwd, $rc_charset, $charset);