bugfix: change-password plugin does not set SSHA userPassword correctly in LDAP #1970
Description
The change-password plugin does not set SSHA userPassword correctly in LDAP because of an error in the getSalt function in drivers/ldap.php file.
As it is, PHP throws a warning: PHP Warning: preg_replace(): Compilation failed: quantifier does not follow a repeatable item at offset 0 in /var/lib/snappymail/data/default/plugins/change-password/drivers/ldap.php on line 127
The returned value for the salt is empty, the resulting SSHA string is invalid, and the user can no longer log in unless they reset their password by some other means.
Workaround: just escape the + character in preg_replace:
return \substr(\preg_replace('#+/=#', '', \base64_encode(\random_bytes($iLength))), 0, $iLength);
to
return \substr(\preg_replace('#\+/=#', '', \base64_encode(\random_bytes($iLength))), 0, $iLength);
After that change, no more PHP warning and the password change works as expected.
Tested with PHP 8.1-fpm