Author: jfthomps Date: Mon May 7 20:36:10 2012 New Revision: 1335241 URL: http://svn.apache.org/viewvc?rev=1335241&view=rev Log: VCL-576 Finalizing for 2.3 release
ldapauth.php: modified getLDAPUserData - modified code to handle single quotes in userid Modified: incubator/vcl/trunk/web/.ht-inc/authmethods/ldapauth.php Modified: incubator/vcl/trunk/web/.ht-inc/authmethods/ldapauth.php URL: http://svn.apache.org/viewvc/incubator/vcl/trunk/web/.ht-inc/authmethods/ldapauth.php?rev=1335241&r1=1335240&r2=1335241&view=diff ============================================================================== --- incubator/vcl/trunk/web/.ht-inc/authmethods/ldapauth.php (original) +++ incubator/vcl/trunk/web/.ht-inc/authmethods/ldapauth.php Mon May 7 20:36:10 2012 @@ -319,9 +319,11 @@ function getLDAPUserData($authtype, $use # FIXME hack array_push($ldapsearch, 'gecos'); + $searchuser = stripslashes($userid); + $search = ldap_search($ds, $auth['binddn'], - "{$auth['unityid']}=$userid", + "{$auth['unityid']}=$searchuser", $ldapsearch, 0, 3, 15); $return = array(); if($search) {