mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-31 14:00:31 +02:00
Code Issues Releases Wiki Activity

Correct escaping/unescaping in the LDAP authentication plugin. #48175

Browse Source 
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9769 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Chris Smith
2009-07-17 13:21:03 +00:00
parent ab9715a9fe
commit 5f6db9584c
3 changed files with 29 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
phpBB/includes/auth/auth_ldap.php
View File

@@ -63,9 +63,11 @@ function init_ldap()
// ldap_connect only checks whether the specified server is valid, so the connection might still fail
$search = @ldap_search(
$ldap,
$config['ldap_base_dn'],
htmlspecialchars_decode($config['ldap_base_dn']),
ldap_user_filter($user->data['username']),
(empty($config['ldap_email'])) ? array($config['ldap_uid']) : array($config['ldap_uid'], $config['ldap_email']),
(empty($config['ldap_email'])) ?
array(htmlspecialchars_decode($config['ldap_uid'])) :
array(htmlspecialchars_decode($config['ldap_uid']), htmlspecialchars_decode($config['ldap_email'])),
0,
1
);
@@ -85,7 +87,7 @@ function init_ldap()
return sprintf($user->lang['LDAP_NO_IDENTITY'], $user->data['username']);
}
if (!empty($config['ldap_email']) && !isset($result[0][$config['ldap_email']]))
if (!empty($config['ldap_email']) && !isset($result[0][htmlspecialchars_decode($config['ldap_email'])]))
{
return $user->lang['LDAP_NO_EMAIL'];
}
@@ -152,7 +154,7 @@ function login_ldap(&$username, &$password)
if ($config['ldap_user'] || $config['ldap_password'])
{
if (!@ldap_bind($ldap, $config['ldap_user'], htmlspecialchars_decode($config['ldap_password'])))
if (!@ldap_bind($ldap, htmlspecialchars_decode($config['ldap_user']), htmlspecialchars_decode($config['ldap_password'])))
{
return $user->lang['LDAP_NO_SERVER_CONNECTION'];
}
@@ -160,9 +162,11 @@ function login_ldap(&$username, &$password)
$search = @ldap_search(
$ldap,
$config['ldap_base_dn'],
htmlspecialchars_decode($config['ldap_base_dn']),
ldap_user_filter($username),
(empty($config['ldap_email'])) ? array($config['ldap_uid']) : array($config['ldap_uid'], $config['ldap_email']),
(empty($config['ldap_email'])) ?
array(htmlspecialchars_decode($config['ldap_uid'])) :
array(htmlspecialchars_decode($config['ldap_uid']), htmlspecialchars_decode($config['ldap_email'])),
0,
1
);
@@ -223,7 +227,7 @@ function login_ldap(&$username, &$password)
$ldap_user_row = array(
'username' => $username,
'user_password' => phpbb_hash($password),
'user_email' => (!empty($config['ldap_email'])) ? $ldap_result[0][$config['ldap_email']][0] : '',
'user_email' => (!empty($config['ldap_email'])) ? utf8_htmlspecialchars($ldap_result[0][htmlspecialchars_decode($config['ldap_email'])][0]) : '',
'group_id' => (int) $row['group_id'],
'user_type' => USER_NORMAL,
'user_ip' => $user->ip,