Disable POP auth when APOP fail
|Reported by:||lilyfan||Owned by:|
|Severity:||normal||Keywords:||has-patch needs-testing reporter-feedback|
If APOP authentication is failed, class-pop3.php tries normal POP auth (USER/PASS).
When a server only accepts APOP authentication, the second process should be fail for sure.
It is nonsence and harmful, because the error message of first process (APOP) is over-written by second try (POP).
To solve the desmiss of APOP fail message, it is neccesary to disable normal POP authentication.
I propose a new class variable $ALLOWLOGIN to decide it.
Additonaly, $ALLOWAPOP is useless because it is no problem to fix it TRUE. (Removing this variable is not included in the patch)
Change History (12)
- Keywords needs-testing reporter-feedback added; commit removed