mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-31 22:10:45 +02:00
Code Issues Releases Wiki Activity

[ticket/sec-184] Do not output LDAP password to HTML

Browse Source 
SECURITY-184
This commit is contained in:
Joas Schilling
2015-06-04 14:29:03 +02:00
parent 9c84b3b5fb
commit 78b0c938a2
2 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
phpBB/includes/acp/acp_board.php
View File

@@ -567,6 +567,7 @@ class acp_board
$old_auth_config = array();
foreach ($auth_providers as $provider)
{
/** @var \phpbb\auth\provider\provider_interface $provider */
if ($fields = $provider->acp())
{
// Check if we need to create config fields for this plugin and save config when submit was pressed
@@ -582,6 +583,14 @@ class acp_board
continue;
}
if (substr($field, -9) === '_password' && $cfg_array[$field] === '********')
{
// Do not update password fields if the content is ********,
// because that is the password replacement we use to not
// send the password to the output
continue;
}
$old_auth_config[$field] = $this->new_config[$field];
$config_value = $cfg_array[$field];
$this->new_config[$field] = $config_value;