diff options
Diffstat (limited to 'community/homer-api/0001-Update-LDAP.php.patch')
-rw-r--r-- | community/homer-api/0001-Update-LDAP.php.patch | 27 |
1 files changed, 0 insertions, 27 deletions
diff --git a/community/homer-api/0001-Update-LDAP.php.patch b/community/homer-api/0001-Update-LDAP.php.patch deleted file mode 100644 index a0b7e917566..00000000000 --- a/community/homer-api/0001-Update-LDAP.php.patch +++ /dev/null @@ -1,27 +0,0 @@ -From c2771cbb452949fb5b1e921d8c051c59b024fc28 Mon Sep 17 00:00:00 2001 -From: Alexandr Dubovikov <alexandr.dubovikov@gmail.com> -Date: Thu, 14 Dec 2017 15:16:58 +0100 -Subject: [PATCH] Update LDAP.php - -prevent some potentially leading to privilege escalation. Thanks go to Kaarle R. ---- - api/Authentication/LDAP.php | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/api/Authentication/LDAP.php b/api/Authentication/LDAP.php -index 653af2e..f3f0c9d 100644 ---- a/api/Authentication/LDAP.php -+++ b/api/Authentication/LDAP.php -@@ -72,8 +72,7 @@ class LDAP extends Authentication { - return array(); - } - } -- -- $r=@ldap_search( $ds, LDAP_BASEDN, LDAP_USERNAME_ATTRIBUTE_OPEN .$param['username'].LDAP_USERNAME_ATTRIBUTE_CLOSE); -+ $r=@ldap_search( $ds, LDAP_BASEDN, LDAP_USERNAME_ATTRIBUTE_OPEN.@ldap_escape($param['username']).LDAP_USERNAME_ATTRIBUTE_CLOSE); - if ($r) { - $result = @ldap_get_entries( $ds, $r); - --- -2.14.3 - |