diff options
| author | Jaime Perez Crespo <jaime.perez@uninett.no> | 2016-04-21 09:11:32 +0200 |
|---|---|---|
| committer | Jaime Perez Crespo <jaime.perez@uninett.no> | 2016-04-21 09:11:32 +0200 |
| commit | 93821de42955eeaa3040f580abd384b3b05e8f16 (patch) | |
| tree | 2259f7df0443307d68c115e808e2549962014abf | |
| parent | 3d32ff6d8ba32ce0a6560741b9338f21941236c7 (diff) | |
| download | simplesamlphp-93821de42955eeaa3040f580abd384b3b05e8f16.zip simplesamlphp-93821de42955eeaa3040f580abd384b3b05e8f16.tar.gz simplesamlphp-93821de42955eeaa3040f580abd384b3b05e8f16.tar.bz2 | |
In the LDAP class, the password should only be escaped if it's not null, so that we don't try to bind with an empty password if none was provided. This fixes #366 and closes #370.
| -rw-r--r-- | lib/SimpleSAML/Auth/LDAP.php | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/SimpleSAML/Auth/LDAP.php b/lib/SimpleSAML/Auth/LDAP.php index b106079..3a3679d 100644 --- a/lib/SimpleSAML/Auth/LDAP.php +++ b/lib/SimpleSAML/Auth/LDAP.php @@ -605,7 +605,6 @@ class SimpleSAML_Auth_LDAP { * These characters are escaped by prefixing them with '\'. */ $username = addcslashes($username, ',+"\\<>;*'); - $password = addcslashes($password, ',+"\\<>;*'); if (isset($config['priv_user_dn'])) { $this->bind($config['priv_user_dn'], $config['priv_user_pw']); @@ -617,6 +616,8 @@ class SimpleSAML_Auth_LDAP { } if ($password !== null) { // checking users credentials ... assuming below that she may read her own attributes ... + // escape characters with a special meaning, also in the password + $password = addcslashes($password, ',+"\\<>;*'); if (!$this->bind($dn, $password)) { SimpleSAML\Logger::info('Library - LDAP validate(): Failed to authenticate \''. $username . '\' using DN \'' . $dn . '\''); return FALSE; |