Correct escaping/unescaping in the LDAP authentication plugin. #48175

git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9769 89ea8834-ac86-4346-8a33-228a782c2dd0

phpBB/config.php

@@ -0,0 +1,17 @@
+<?php
+// phpBB 3.0.x auto-generated configuration file
+// Do not change anything in this file!
+$dbms = 'mysqli';
+$dbhost = '';
+$dbport = '';
+$dbname = 'phpbb';
+$dbuser = 'root';
+$dbpasswd = 'testing';
+$table_prefix = 'phpbb_';
+$acm_type = 'file';
+$load_extensions = '';
+
+@define('PHPBB_INSTALLED', true);
+@define('DEBUG', true);
+@define('DEBUG_EXTRA', true);
+?>

phpBB/docs/CHANGELOG.html

@@ -158,6 +158,7 @@
 		<li>[Fix] Fix &quot;Always show a scrollbar for short pages&quot; for IE8 and Firefox 3.5 (Bug #47865 - Patch by stokerpiller)</li>
 		<li>[Fix] Do not allow setting group as default group for pending user (Bug #45675 - Patch by nickvergessen)</li>
 		<li>[Fix] Fail gracefully if store folder is not writable during update. (Bugs #46615, #46945)</li>
+		<li>[Fix] Correct escaping/unescaping in the LDAP authentication plugin. (Bug #48175)</li>
 		<li>[Change] Change the data format of the default file ACM to be more secure from tampering and have better performance.</li>
 		<li>[Change] Add index on log_time to the log table to prevent slowdown on boards with many log entries. (Bug #44665 - Patch by bantu)</li>
 		<li>[Change] Template engine now permits to a limited extent variable includes.</li>

phpBB/includes/auth/auth_ldap.php

@@ -63,9 +63,11 @@ function init_ldap()
 	// ldap_connect only checks whether the specified server is valid, so the connection might still fail
 	$search = @ldap_search(
 		$ldap,
-		$config['ldap_base_dn'],
+		htmlspecialchars_decode($config['ldap_base_dn']),
 		ldap_user_filter($user->data['username']),
-		(empty($config['ldap_email'])) ? array($config['ldap_uid']) : array($config['ldap_uid'], $config['ldap_email']),
+		(empty($config['ldap_email'])) ?
+			array(htmlspecialchars_decode($config['ldap_uid'])) :
+			array(htmlspecialchars_decode($config['ldap_uid']), htmlspecialchars_decode($config['ldap_email'])),
 		0,
 		1
 	);
@@ -85,7 +87,7 @@ function init_ldap()
 		return sprintf($user->lang['LDAP_NO_IDENTITY'], $user->data['username']);
 	}
 
-	if (!empty($config['ldap_email']) && !isset($result[0][$config['ldap_email']]))
+	if (!empty($config['ldap_email']) && !isset($result[0][htmlspecialchars_decode($config['ldap_email'])]))
 	{
 		return $user->lang['LDAP_NO_EMAIL'];
 	}
@@ -152,7 +154,7 @@ function login_ldap(&$username, &$password)
 
 	if ($config['ldap_user'] || $config['ldap_password'])
 	{
-		if (!@ldap_bind($ldap, $config['ldap_user'], htmlspecialchars_decode($config['ldap_password'])))
+		if (!@ldap_bind($ldap, htmlspecialchars_decode($config['ldap_user']), htmlspecialchars_decode($config['ldap_password'])))
 		{
 			return $user->lang['LDAP_NO_SERVER_CONNECTION'];
 		}
@@ -160,9 +162,11 @@ function login_ldap(&$username, &$password)
 
 	$search = @ldap_search(
 		$ldap,
-		$config['ldap_base_dn'],
+		htmlspecialchars_decode($config['ldap_base_dn']),
 		ldap_user_filter($username),
-		(empty($config['ldap_email'])) ? array($config['ldap_uid']) : array($config['ldap_uid'], $config['ldap_email']),
+		(empty($config['ldap_email'])) ?
+			array(htmlspecialchars_decode($config['ldap_uid'])) :
+			array(htmlspecialchars_decode($config['ldap_uid']), htmlspecialchars_decode($config['ldap_email'])),
 		0,
 		1
 	);
@@ -223,7 +227,7 @@ function login_ldap(&$username, &$password)
 				$ldap_user_row = array(
 					'username'		=> $username,
 					'user_password'	=> phpbb_hash($password),
-					'user_email'	=> (!empty($config['ldap_email'])) ? $ldap_result[0][$config['ldap_email']][0] : '',
+					'user_email'	=> (!empty($config['ldap_email'])) ? utf8_htmlspecialchars($ldap_result[0][htmlspecialchars_decode($config['ldap_email'])][0]) : '',
 					'group_id'		=> (int) $row['group_id'],
 					'user_type'		=> USER_NORMAL,
 					'user_ip'		=> $user->ip,