lib/Auth
Aleksander Machniak
machniak at kolabsys.com
Fri Aug 10 18:19:59 CEST 2012
lib/Auth/LDAP.php | 25 ++++++++-----------------
1 file changed, 8 insertions(+), 17 deletions(-)
New commits:
commit 31d013e5bb9250be126d961f2838335bd2bbe0f6
Author: Aleksander Machniak <machniak at kolabsys.com>
Date: Fri Aug 10 18:19:30 2012 +0200
Use escapeshellarg() for executed command arguments
diff --git a/lib/Auth/LDAP.php b/lib/Auth/LDAP.php
index 644ee8a..77bf6c0 100644
--- a/lib/Auth/LDAP.php
+++ b/lib/Auth/LDAP.php
@@ -408,12 +408,6 @@ class LDAP
$moz_ldapsearch = "/usr/lib/mozldap/ldapsearch";
}
- $passwd = str_replace(
- array('"', '`'),
- array('\"', '\`'),
- $_SESSION['user']->user_bind_pw
- );
-
$command = array(
$moz_ldapsearch,
'-x',
@@ -422,20 +416,17 @@ class LDAP
'-p',
$this->_ldap_port,
'-b',
- '"' . $entry_dn . '"',
+ escapeshellarg($entry_dn),
'-D',
- '"' . $_SESSION['user']->user_bind_dn . '"',
+ escapeshellarg($_SESSION['user']->user_bind_dn),
'-w',
- '"' . $passwd . '"',
+ escapeshellarg($_SESSION['user']->user_bind_pw),
'-J',
- '"' . implode(
- ':',
- array(
- '1.3.6.1.4.1.42.2.27.9.5.2', // OID
- 'true', // Criticality
- 'dn:' . $_SESSION['user']->user_bind_dn // User DN
- )
- ) . '"',
+ escapeshellarg(implode(':', array(
+ '1.3.6.1.4.1.42.2.27.9.5.2', // OID
+ 'true', // Criticality
+ 'dn:' . $_SESSION['user']->user_bind_dn // User DN
+ ))),
'-s',
'base',
'"(objectclass=*)"',
More information about the commits
mailing list