Opened 5 years ago
Last modified 4 years ago
#7244 new enhancement
Disable POP auth when APOP fail
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | Future Release |
| Component: | Version: | 2.3 | |
| Severity: | normal | Keywords: | has-patch needs-testing reporter-feedback |
| Cc: |
Description
If APOP authentication is failed, class-pop3.php tries normal POP auth (USER/PASS).
When a server only accepts APOP authentication, the second process should be fail for sure.
It is nonsence and harmful, because the error message of first process (APOP) is over-written by second try (POP).
To solve the desmiss of APOP fail message, it is neccesary to disable normal POP authentication.
I propose a new class variable $ALLOWLOGIN to decide it.
Additonaly, $ALLOWAPOP is useless because it is no problem to fix it TRUE. (Removing this variable is not included in the patch)
Attachments (2)
Change History (12)
comment:3
jacobsantos — 4 years ago
- Component changed from General to Mail
- Owner anonymous deleted
might be worth pushing this upstream
- Keywords needs-testing reporter-feedback added; commit removed
mmm... @lilyfan: why change?
if( (!$count) || ($count == -1) )
- Milestone changed from 2.8 to 2.9
Moving to 2.9 as we are in beta now and I don't want to risk changes in this area at this time.
punting pending reporter feedback
- Milestone changed from 2.9 to Future Release
Patch for wp-includes/class-pop3.php