Special characters in password hash escaped twice when _ispconfig_pw_crypted == 1
Problem occurs when adding mail user with hashed password (and I believe ftp user too) through remote client. When password hash includes special character (i.e. backslash) it is escaped twice.
_getSQL (tform_base.inc.php) whole inserted record is escaped:
$record = $this->encode($record, $tab, true);
and then for password with _ispconfig_pw_crypted == 1
$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
so password field is escaped first time in
encode and second time in