- allow multibyte search configuration

- added ldap_user_filter to add additional restrictions on the user objects used for authentication [Bug #12627] - improved ldap explanations a bit - display searchable subforums of invisible parents in advanced search forum selection [Bug #11395] git-svn-id: file:///svn/phpbb/trunk@8047 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-05-05 15:16:16 +02:00 · 2007-08-18 13:52:33 +00:00 · 2007-08-18 13:52:33 +00:00 · 979ee66773
commit 979ee66773
parent 6f6e3bba7e
7 changed files with 49 additions and 21 deletions
--- a/phpBB/adm/index.php
+++ b/phpBB/adm/index.php
@ -477,7 +477,7 @@ function validate_config_vars($config_vars, &$cfg_array, &$error)
 				$cfg_array[$config_name] = trim($cfg_array[$config_name]);
 				// Make sure no NUL byte is present...
-				if (strpos($cfg_array[$config_name], '\0') !== false || strpos($cfg_array[$config_name], '%00') !== false)
+				if (strpos($cfg_array[$config_name], "\0") !== false || strpos($cfg_array[$config_name], '%00') !== false)
 				{
 					$cfg_array[$config_name] = '';
 					break;
--- a/phpBB/docs/CHANGELOG.html
+++ b/phpBB/docs/CHANGELOG.html
@ -226,6 +226,8 @@ p a {
 		<li>[Fix] Header icons fixed in FF for RTL languages (Bug #14084)</li>
 		<li>[Change] Words in topic titles and post subjects are highlighted on the search results page and viewtopic too now (Bug #13383)</li>
 		<li>[Fix] Made sure strip_bbcode cannot get the idea that a smiley is a BBCode (Bug #14030)</li>
 		<li>[Change] Added a filter for user objects to LDAP configuration and improved explanations (Bug #12627)</li>
 		<li>[Fix] Display searchable subforums of invisible parents in advanced search forum selection (Bug #11395)</li>
 	</ul>
 	</div>
--- a/phpBB/includes/acp/acp_search.php
+++ b/phpBB/includes/acp/acp_search.php
@ -92,7 +92,7 @@ class acp_search
 		unset($search);
 		unset($error);
-		$cfg_array = (isset($_REQUEST['config'])) ? request_var('config', array('' => '')) : array();
+		$cfg_array = (isset($_REQUEST['config'])) ? request_var('config', array('' => ''), true) : array();
 		$updated = request_var('updated', false);
 		foreach ($settings as $config_name => $var_type)
--- a/phpBB/includes/auth/auth_ldap.php
+++ b/phpBB/includes/auth/auth_ldap.php
@ -46,7 +46,7 @@ function init_ldap()
 	$search = @ldap_search(
 		$ldap,
 		$config['ldap_base_dn'],
-		'(' . $config['ldap_uid'] . '=' . ldap_escape(htmlspecialchars_decode($user->data['username'])) . ')',
+		ldap_user_filter($user->data['username']),
 		(empty($config['ldap_email'])) ? array($config['ldap_uid']) : array($config['ldap_uid'], $config['ldap_email']),
 		0,
 		1
@ -114,7 +114,7 @@ function login_ldap(&$username, &$password)
 	$search = @ldap_search(
 		$ldap,
 		$config['ldap_base_dn'],
-		'(' . $config['ldap_uid'] . '=' . ldap_escape(htmlspecialchars_decode($username)) . ')',
+		ldap_user_filter($username),
 		(empty($config['ldap_email'])) ? array($config['ldap_uid']) : array($config['ldap_uid'], $config['ldap_email']),
 		0,
 		1
@ -215,6 +215,25 @@ function login_ldap(&$username, &$password)
 	);
 }
 /**
 * Generates a filter string for ldap_search to find a user
 *
 * @param	$username	string	Username identifying the searched user
 *
 * @return				string	A filter string for ldap_search
 */
 function ldap_user_filter($username)
 {
 	global $config;
 	$filter = '(' . $config['ldap_uid'] . '=' . ldap_escape(htmlspecialchars_decode($username)) . ')';
 	if ($config['ldap_user_filter'])
 	{
 		$filter = "(&$filter({$config['ldap_user_filter']}))";
 	}
 	return $filter;
 }
 /**
 * Escapes an LDAP AttributeValue
 */
@ -237,14 +256,6 @@ function acp_ldap(&$new)
 		<dt><label for="ldap_server">' . $user->lang['LDAP_SERVER'] . ':</label><br /><span>' . $user->lang['LDAP_SERVER_EXPLAIN'] . '</span></dt>
 		<dd><input type="text" id="ldap_server" size="40" name="config[ldap_server]" value="' . $new['ldap_server'] . '" /></dd>
 	</dl>
 	<dl>
 		<dt><label for="ldap_user">' . $user->lang['LDAP_USER'] . ':</label><br /><span>' . $user->lang['LDAP_USER_EXPLAIN'] . '</span></dt>
 		<dd><input type="text" id="ldap_user" size="40" name="config[ldap_user]" value="' . $new['ldap_user'] . '" /></dd>
 	</dl>
 	<dl>
 		<dt><label for="ldap_password">' . $user->lang['LDAP_PASSWORD'] . ':</label><br /><span>' . $user->lang['LDAP_PASSWORD_EXPLAIN'] . '</span></dt>
 		<dd><input type="password" id="ldap_password" size="40" name="config[ldap_password]" value="' . $new['ldap_password'] . '" /></dd>
 	</dl>
 	<dl>
 		<dt><label for="ldap_dn">' . $user->lang['LDAP_DN'] . ':</label><br /><span>' . $user->lang['LDAP_DN_EXPLAIN'] . '</span></dt>
 		<dd><input type="text" id="ldap_dn" size="40" name="config[ldap_base_dn]" value="' . $new['ldap_base_dn'] . '" /></dd>
@ -253,16 +264,28 @@ function acp_ldap(&$new)
 		<dt><label for="ldap_uid">' . $user->lang['LDAP_UID'] . ':</label><br /><span>' . $user->lang['LDAP_UID_EXPLAIN'] . '</span></dt>
 		<dd><input type="text" id="ldap_uid" size="40" name="config[ldap_uid]" value="' . $new['ldap_uid'] . '" /></dd>
 	</dl>
 	<dl>
 		<dt><label for="ldap_user_filter">' . $user->lang['LDAP_USER_FILTER'] . ':</label><br /><span>' . $user->lang['LDAP_USER_FILTER_EXPLAIN'] . '</span></dt>
 		<dd><input type="text" id="ldap_user_filter" size="40" name="config[ldap_user_filter]" value="' . $new['ldap_user_filter'] . '" /></dd>
 	</dl>
 	<dl>
 		<dt><label for="ldap_email">' . $user->lang['LDAP_EMAIL'] . ':</label><br /><span>' . $user->lang['LDAP_EMAIL_EXPLAIN'] . '</span></dt>
 		<dd><input type="text" id="ldap_email" size="40" name="config[ldap_email]" value="' . $new['ldap_email'] . '" /></dd>
 	</dl>
 	<dl>
 		<dt><label for="ldap_user">' . $user->lang['LDAP_USER'] . ':</label><br /><span>' . $user->lang['LDAP_USER_EXPLAIN'] . '</span></dt>
 		<dd><input type="text" id="ldap_user" size="40" name="config[ldap_user]" value="' . $new['ldap_user'] . '" /></dd>
 	</dl>
 	<dl>
 		<dt><label for="ldap_password">' . $user->lang['LDAP_PASSWORD'] . ':</label><br /><span>' . $user->lang['LDAP_PASSWORD_EXPLAIN'] . '</span></dt>
 		<dd><input type="password" id="ldap_password" size="40" name="config[ldap_password]" value="' . $new['ldap_password'] . '" /></dd>
 	</dl>
 	';
 	// These are fields required in the config table
 	return array(
 		'tpl'		=> $tpl,
-		'config'	=> array('ldap_server', 'ldap_user', 'ldap_password', 'ldap_base_dn', 'ldap_uid', 'ldap_email')
+		'config'	=> array('ldap_server', 'ldap_base_dn', 'ldap_uid', 'ldap_user_filter', 'ldap_email', 'ldap_user', 'ldap_password')
 	);
 }
--- a/phpBB/install/database_update.php
+++ b/phpBB/install/database_update.php
@ -1496,6 +1496,7 @@ if (version_compare($current_version, '3.0.RC4', '<='))
 	// Setting this here again because new installations may not have it...
 	set_config('cron_lock', '0', true);
 	set_config('ldap_user_filter', '');
 	$no_updates = false;
 }
--- a/phpBB/language/en/acp/board.php
+++ b/phpBB/language/en/acp/board.php
@ -304,13 +304,15 @@ $lang = array_merge($lang, array(
 	'LDAP_NO_EMAIL'					=> 'The specified e-mail attribute does not exist.',
 	'LDAP_NO_IDENTITY'				=> 'Could not find a login identity for %s.',
 	'LDAP_PASSWORD'					=> 'LDAP password',
-	'LDAP_PASSWORD_EXPLAIN'			=> 'Leave blank to use anonymous access. Else fill in the password for the above user. <strong>WARNING:</strong> This password will be stored as plain text in the database visible to everybody who can access your database.',
+	'LDAP_PASSWORD_EXPLAIN'			=> 'Leave blank to use anonymous binding. Else fill in the password for the above user.  Required for Active Directory Servers. <strong>WARNING:</strong> This password will be stored as plain text in the database visible to everybody who can access your database or who can view this configuration page.',
 	'LDAP_SERVER'					=> 'LDAP server name',
-	'LDAP_SERVER_EXPLAIN'			=> 'If using LDAP this is the name or IP address of the server.',
+	'LDAP_SERVER_EXPLAIN'			=> 'If using LDAP this is the hostname or IP address of the LDAP server. Alternatively you can specify an URL like ldap://hostname:port/',
 	'LDAP_UID'						=> 'LDAP <var>uid</var>',
 	'LDAP_UID_EXPLAIN'				=> 'This is the key under which to search for a given login identity, e.g. <var>uid</var>, <var>sn</var>, etc.',
-	'LDAP_USER'						=> 'LDAP user',
+	'LDAP_USER'						=> 'LDAP user <var>dn</var>',
-	'LDAP_USER_EXPLAIN'				=> 'Leave blank to use anonymous access. If filled in phpBB will connect to the LDAP server as the specified user.',
+	'LDAP_USER_EXPLAIN'				=> 'Leave blank to use anonymous binding. If filled in phpBB uses the specified distinguished name on login attempts to find the correct user, e.g. <samp>uid=Username,ou=MyUnit,o=MyCompany,c=US</samp>. Required for Active Directory Servers.',
 	'LDAP_USER_FILTER'				=> 'LDAP user filter',
 	'LDAP_USER_FILTER_EXPLAIN'		=> 'Optionally you can further limit the searched objects with additional filters. For example <samp>objectClass=posixGroup</samp> would result in the use of <samp>(&(uid=$username)(objectClass=posixGroup))</samp>',
 ));
 // Server Settings
--- a/phpBB/search.php
+++ b/phpBB/search.php
@ -939,9 +939,9 @@ while ($row = $db->sql_fetchrow($result))
 		continue;
 	}
-	if (!$auth->acl_get('f_list', $row['forum_id']) || $row['forum_type'] == FORUM_LINK || ($row['forum_password'] && !$row['user_id']))
+	if ($row['forum_type'] == FORUM_LINK || ($row['forum_password'] && !$row['user_id']))
 	{
-		// if the user does not have permissions to list this forum skip to the next branch
+		// if this forum is a link or password protected (user has not entered the password yet) then skip to the next branch
 		continue;
 	}
@ -964,9 +964,9 @@ while ($row = $db->sql_fetchrow($result))
 	$right = $row['right_id'];
-	if (!$auth->acl_get('f_search', $row['forum_id']))
+	if ($auth->acl_gets('!f_search', '!f_list', $row['forum_id']))
 	{
-		// if the user does not have permissions to search this forum skip only this forum/category
+		// if the user does not have permissions to search or see this forum skip only this forum/category
 		continue;
 	}