Samuel Krempp a écrit, le 25/03/2012 10:12:
I wonder if quotes could also be used to run exploits through the password ?
I just tried some engineered password, and well, yes, userpassword needs more escaping. Let's hope the mom of little bobby tables won't also pick a smart password :-)
http://xkcd.com/327/I'm not knowing enough about gosa to escape quotes in gosa.conf, but it definitely needs taking care of.