View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] |
ID | Project | Category | View Status | Date Submitted | Last Update |
0015800 | CDash | (No Category) | public | 2015-10-19 08:28 | 2016-01-07 13:11 |
|
Reporter | Bernhard Seßler | |
Assigned To | | |
Priority | normal | Severity | minor | Reproducibility | always |
Status | new | Resolution | open | |
Platform | | OS | | OS Version | |
Product Version | 2.2 | |
Target Version | | Fixed in Version | | |
|
Summary | 0015800: [PATCH] LDAP bind fails with password containing special characters |
Description | In case the LDAP password for a user contains special characters (such as the ampersand '&' for example) binding to the LDAP service (and hence logging in to CDash) fails, as these characters were encoded to HTML entities beforehand.
The attached patch decodes all HTML entities contained in the password and allows users in a LDAP directory and a password containing special characters to log in to CDash. |
Steps To Reproduce | - Configure CDash to use LDAP authentication
- Create a password containing special characters for a user in a LDAP tree to log in / register on CDash (e.g. '&')
- Try to register the user / log in on CDash with the correct LDAP credentials |
Tags | No tags attached. |
|
Attached Files | 0001-Decode-HTML-entities-in-LDAP-password.patch [^] (1,425 bytes) 2015-10-19 08:28 [Show Content] [Hide Content]From da5f7cdb6229014995a7ef6415c47194fc8d9f3b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bernhard=20Se=C3=9Fler?= <bernhard.sessler@diehl.com>
Date: Mon, 19 Oct 2015 14:07:57 +0200
Subject: [PATCH] Decode HTML entities in LDAP password
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Special characters contained in the password are encoded into HTML
entities when submitting the login form, which in turn causes problems
when trying to authenticate against an LDAP directory (such as Active
Directory).
Decoding potential HTML entities in the password allows for binding
to LDAP with a password containing special characters.
Signed-off-by: Bernhard Seßler <bernhard.sessler@diehl.com>
---
login_functions.php | 3 +++
1 file changed, 3 insertions(+)
diff --git a/login_functions.php b/login_functions.php
index 95ff6a4..ced52d9 100644
--- a/login_functions.php
+++ b/login_functions.php
@@ -88,6 +88,9 @@ function ldapAuthenticate($email, $password, $SessionCachePolicy, $rememberme)
include "cdash/config.php";
include_once "models/user.php";
+ // Decode possible HTML entities in password
+ $password = html_entity_decode($password);
+
$ldap = ldap_connect($CDASH_LDAP_HOSTNAME);
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, $CDASH_LDAP_PROTOCOL_VERSION);
ldap_set_option($ldap, LDAP_OPT_REFERRALS, $CDASH_LDAP_OPT_REFERRALS);
--
2.6.1
|
|