mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-30 21:40:43 +02:00
Code Issues Releases Wiki Activity

Merge branch '3.3.x'

Browse Source
This commit is contained in:
Máté Bartus
2021-01-22 19:14:53 +01:00
parent 64ee69b519 c2b0533fb8
commit 29e7226c96
73 changed files with 218 additions and 206 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
phpBB/phpbb/auth/provider/apache.php
View File

@@ -73,7 +73,7 @@ class apache extends base
*/
public function init()
{
if (!$this->request->is_set('PHP_AUTH_USER', request_interface::SERVER) || $this->user->data['username'] !== htmlspecialchars_decode($this->request->server('PHP_AUTH_USER')))
if (!$this->request->is_set('PHP_AUTH_USER', request_interface::SERVER) || $this->user->data['username'] !== htmlspecialchars_decode($this->request->server('PHP_AUTH_USER'), ENT_COMPAT))
{
return $this->language->lang('APACHE_SETUP_BEFORE_USE');
}
@@ -113,8 +113,8 @@ class apache extends base
);
}
$php_auth_user = htmlspecialchars_decode($this->request->server('PHP_AUTH_USER'));
$php_auth_pw = htmlspecialchars_decode($this->request->server('PHP_AUTH_PW'));
$php_auth_user = htmlspecialchars_decode($this->request->server('PHP_AUTH_USER'), ENT_COMPAT);
$php_auth_pw = htmlspecialchars_decode($this->request->server('PHP_AUTH_PW'), ENT_COMPAT);
if (!empty($php_auth_user) && !empty($php_auth_pw))
{
@@ -180,8 +180,8 @@ class apache extends base
return array();
}
$php_auth_user = htmlspecialchars_decode($this->request->server('PHP_AUTH_USER'));
$php_auth_pw = htmlspecialchars_decode($this->request->server('PHP_AUTH_PW'));
$php_auth_user = htmlspecialchars_decode($this->request->server('PHP_AUTH_USER'), ENT_COMPAT);
$php_auth_pw = htmlspecialchars_decode($this->request->server('PHP_AUTH_PW'), ENT_COMPAT);
if (!empty($php_auth_user) && !empty($php_auth_pw))
{

22
phpBB/phpbb/auth/provider/ldap.php
View File

@@ -83,7 +83,7 @@ class ldap extends base
if ($this->config['ldap_user'] || $this->config['ldap_password'])
{
if (!@ldap_bind($ldap, htmlspecialchars_decode($this->config['ldap_user']), htmlspecialchars_decode($this->config['ldap_password'])))
if (!@ldap_bind($ldap, htmlspecialchars_decode($this->config['ldap_user'], ENT_COMPAT), htmlspecialchars_decode($this->config['ldap_password'], ENT_COMPAT)))
{
return $this->language->lang('LDAP_INCORRECT_USER_PASSWORD');
}
@@ -92,11 +92,11 @@ class ldap extends base
// ldap_connect only checks whether the specified server is valid, so the connection might still fail
$search = @ldap_search(
$ldap,
htmlspecialchars_decode($this->config['ldap_base_dn']),
htmlspecialchars_decode($this->config['ldap_base_dn'], ENT_COMPAT),
$this->ldap_user_filter($this->user->data['username']),
(empty($this->config['ldap_email'])) ?
array(htmlspecialchars_decode($this->config['ldap_uid'])) :
array(htmlspecialchars_decode($this->config['ldap_uid']), htmlspecialchars_decode($this->config['ldap_email'])),
array(htmlspecialchars_decode($this->config['ldap_uid'], ENT_COMPAT)) :
array(htmlspecialchars_decode($this->config['ldap_uid'], ENT_COMPAT), htmlspecialchars_decode($this->config['ldap_email'], ENT_COMPAT)),
0,
1
);
@@ -180,7 +180,7 @@ class ldap extends base
if ($this->config['ldap_user'] || $this->config['ldap_password'])
{
if (!@ldap_bind($ldap, htmlspecialchars_decode($this->config['ldap_user']), htmlspecialchars_decode($this->config['ldap_password'])))
if (!@ldap_bind($ldap, htmlspecialchars_decode($this->config['ldap_user'], ENT_COMPAT), htmlspecialchars_decode($this->config['ldap_password'], ENT_COMPAT)))
{
return array(
'status' => LOGIN_ERROR_EXTERNAL_AUTH,
@@ -192,11 +192,11 @@ class ldap extends base
$search = @ldap_search(
$ldap,
htmlspecialchars_decode($this->config['ldap_base_dn']),
htmlspecialchars_decode($this->config['ldap_base_dn'], ENT_COMPAT),
$this->ldap_user_filter($username),
(empty($this->config['ldap_email'])) ?
array(htmlspecialchars_decode($this->config['ldap_uid'])) :
array(htmlspecialchars_decode($this->config['ldap_uid']), htmlspecialchars_decode($this->config['ldap_email'])),
array(htmlspecialchars_decode($this->config['ldap_uid'], ENT_COMPAT)) :
array(htmlspecialchars_decode($this->config['ldap_uid'], ENT_COMPAT), htmlspecialchars_decode($this->config['ldap_email'], ENT_COMPAT)),
0,
1
);
@@ -205,7 +205,7 @@ class ldap extends base
if (is_array($ldap_result) && count($ldap_result) > 1)
{
if (@ldap_bind($ldap, $ldap_result[0]['dn'], htmlspecialchars_decode($password)))
if (@ldap_bind($ldap, $ldap_result[0]['dn'], htmlspecialchars_decode($password, ENT_COMPAT)))
{
@ldap_close($ldap);
@@ -257,7 +257,7 @@ class ldap extends base
$ldap_user_row = array(
'username' => $username,
'user_password' => '',
'user_email' => (!empty($this->config['ldap_email'])) ? utf8_htmlspecialchars($ldap_result[0][htmlspecialchars_decode($this->config['ldap_email'])][0]) : '',
'user_email' => (!empty($this->config['ldap_email'])) ? utf8_htmlspecialchars($ldap_result[0][htmlspecialchars_decode($this->config['ldap_email'], ENT_COMPAT)][0]) : '',
'group_id' => (int) $row['group_id'],
'user_type' => USER_NORMAL,
'user_ip' => $this->user->ip,
@@ -337,7 +337,7 @@ class ldap extends base
*/
private function ldap_user_filter($username)
{
$filter = '(' . $this->config['ldap_uid'] . '=' . $this->ldap_escape(htmlspecialchars_decode($username)) . ')';
$filter = '(' . $this->config['ldap_uid'] . '=' . $this->ldap_escape(htmlspecialchars_decode($username, ENT_COMPAT)) . ')';
if ($this->config['ldap_user_filter'])
{
$_filter = ($this->config['ldap_user_filter'][0] == '(' && substr($this->config['ldap_user_filter'], -1) == ')') ? $this->config['ldap_user_filter'] : "({$this->config['ldap_user_filter']})";