Feature request: If TYPO3 is configured to send a notification email about install...
authorAndreas Otto <andreas.otto@dkd.de>
Fri, 18 May 2007 08:19:41 +0000 (08:19 +0000)
committerAndreas Otto <andreas.otto@dkd.de>
Fri, 18 May 2007 08:19:41 +0000 (08:19 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/trunk@2338 709f56b5-9817-0410-a4d7-c38de5d9e867

ChangeLog
typo3/sysext/install/mod/class.tx_install.php

index 3d45f3f..37de7b5 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,6 @@
+2007-05-17 Andreas Otto <andreas.otto@dkd.de>
+       * Feature request: If TYPO3 is configured to send a notification email about install tool logins this email discloses the used password if the login fails. Since this behaviour might not be wanted only the last 5 characters of the md5 hash of the used password are disclosed.
+
 2007-05-12  Oliver Hader  <oh@inpublica.de>
 
        * Fixed bug #5074: IRRE - Hook processDatamap_afterDatabaseOperations executed early
index f15e53c..9e94618 100755 (executable)
@@ -340,8 +340,8 @@ BTW: This Install Tool will only work if cookies are accepted by your web browse
                                $wEmail = $GLOBALS['TYPO3_CONF_VARS']['BE']['warning_email_addr'];
                                if ($wEmail)    {
                                        $subject="Install Tool Login ATTEMPT at '".$GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename']."'";
-                                       $email_body="There has been a Install Tool login attempt at TYPO3 site '".$GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename']."' (".t3lib_div::getIndpEnv('HTTP_HOST').").
-Password tried was '".$p."'
+                                       $email_body="There has been an Install Tool login attempt at TYPO3 site '".$GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename']."' (".t3lib_div::getIndpEnv('HTTP_HOST').").
+The md5 hash of the last 5 characters of the password tried was '".substr(md5($p), -5)."'
 REMOTE_ADDR was '".t3lib_div::getIndpEnv('REMOTE_ADDR')."' (".t3lib_div::getIndpEnv('REMOTE_HOST').')';
                                        mail($wEmail,
                                                $subject,