[mms] Better error handling when attempting to authenticate via IMAP …

…LOGIN command with non-ASCII credentials (Bug #13554).
horde · Sep 17, 2014 · ecea895 · ecea895
1 parent 3d2c703
commit ecea895
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 2 deletions.
diff --git a/framework/Imap_Client/lib/Horde/Imap/Client/Socket.php b/framework/Imap_Client/lib/Horde/Imap/Client/Socket.php
@@ -724,10 +724,22 @@ protected function _tryLogin($method)
             break;
 
         case 'LOGIN':
-            $username = new Horde_Imap_Client_Data_Format_Astring($username);
+            /* See, e.g., RFC 6855 [5] - LOGIN command does not support
+             * non-ASCII characters. If we reach this point, treat as an
+             * authentication failure. */
+            try {
+                $username = new Horde_Imap_Client_Data_Format_Astring($username);
+                $password = new Horde_Imap_Client_Data_Format_Astring($password);
+            } catch (Horde_Imap_Client_Data_Format_Exception $e) {
+                throw new Horde_Imap_Client_Exception(
+                    Horde_Imap_Client_Translation::r("Authentication failed."),
+                    Horde_Imap_Client_Exception::LOGIN_AUTHENTICATIONFAILED
+                );
+            }
+
             $cmd = $this->_command('LOGIN')->add(array(
                 $username,
-                new Horde_Imap_Client_Data_Format_Astring($password)
+                $password
             ));
             $cmd->debug = array(
                 sprintf('LOGIN %s [PASSWORD]', $username)

diff --git a/framework/Imap_Client/package.xml b/framework/Imap_Client/package.xml
@@ -21,6 +21,7 @@
  </stability>
  <license uri="http://www.horde.org/licenses/lgpl21">LGPL-2.1</license>
  <notes>
+* [mms] Better error handling when attempting to authenticate via IMAP LOGIN command with non-ASCII credentials (Bug #13554).
 * [mms] Fix sending IMAP APPEND data when the UTF-8 capability is enabled.
 * [mms] Fix parsing IMAP mailbox list requests when UTF-8 mode is enabled.
 * [mms] Ensure client sorting tests work reproducibly across systems with varying default locales.
@@ -2696,6 +2697,7 @@
    <date>2014-09-05</date>
    <license uri="http://www.horde.org/licenses/lgpl21">LGPL-2.1</license>
    <notes>
+* [mms] Better error handling when attempting to authenticate via IMAP LOGIN command with non-ASCII credentials (Bug #13554).
 * [mms] Fix sending IMAP APPEND data when the UTF-8 capability is enabled.
 * [mms] Fix parsing IMAP mailbox list requests when UTF-8 mode is enabled.
 * [mms] Ensure client sorting tests work reproducibly across systems with varying default locales.