mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2025-07-22 02:35:23 +03:00
27 lines
1,002 B
Diff
27 lines
1,002 B
Diff
From c2771cbb452949fb5b1e921d8c051c59b024fc28 Mon Sep 17 00:00:00 2001
|
|
From: Alexandr Dubovikov <alexandr.dubovikov@gmail.com>
|
|
Date: Thu, 14 Dec 2017 15:16:58 +0100
|
|
Subject: [PATCH] Update LDAP.php
|
|
|
|
prevent some potentially leading to privilege escalation. Thanks go to Kaarle R.
|
|
---
|
|
api/Authentication/LDAP.php | 3 +--
|
|
1 file changed, 1 insertion(+), 2 deletions(-)
|
|
|
|
diff --git a/api/Authentication/LDAP.php b/api/Authentication/LDAP.php
|
|
index 653af2e..f3f0c9d 100644
|
|
--- a/api/Authentication/LDAP.php
|
|
+++ b/api/Authentication/LDAP.php
|
|
@@ -72,8 +72,7 @@ class LDAP extends Authentication {
|
|
return array();
|
|
}
|
|
}
|
|
-
|
|
- $r=@ldap_search( $ds, LDAP_BASEDN, LDAP_USERNAME_ATTRIBUTE_OPEN .$param['username'].LDAP_USERNAME_ATTRIBUTE_CLOSE);
|
|
+ $r=@ldap_search( $ds, LDAP_BASEDN, LDAP_USERNAME_ATTRIBUTE_OPEN.@ldap_escape($param['username']).LDAP_USERNAME_ATTRIBUTE_CLOSE);
|
|
if ($r) {
|
|
$result = @ldap_get_entries( $ds, $r);
|
|
|
|
--
|
|
2.14.3
|
|
|