Permalink
Browse files

3.6.3-Release

  • Loading branch information...
ikkez committed Dec 31, 2017
1 parent cd5bd81 commit 1d1fe8fee4ec868d9ce5f90973b722c9c2515428
Showing with 212 additions and 106 deletions.
  1. +32 −0 lib/CHANGELOG.md
  2. +12 −3 lib/auth.php
  3. +113 −54 lib/base.php
  4. +8 −11 lib/db/sql.php
  5. +31 −24 lib/db/sql/mapper.php
  6. +8 −2 lib/db/sql/session.php
  7. +1 −1 lib/session.php
  8. +3 −9 lib/smtp.php
  9. +2 −2 lib/template.php
  10. +2 −0 lib/web.php
View
@@ -1,5 +1,37 @@
CHANGELOG
3.6.3 (31 December 2017)
* PHP7 fix: remove deprecated (unset) cast
* Web->request: restricted follow_location to 3XX responses only
* CLI mode: refactored arguments parsing
* CLI mode: fixed query string encoding
* SMTP: Refactor parsing of attachments
* SMTP: clean-up mail headers for multipart messages, [#1065](https://github.com/bcosca/fatfree/issues/1065)
* config: fixed performance issues on parsing config files
* config: cast command parameters in config entries to php type & constant, [#1030](https://github.com/bcosca/fatfree/issues/1030)
* config: reduced registry calls
* config: skip hive escaping when resolving dynamic config vars, [#1030](https://github.com/bcosca/fatfree/issues/1030)
* Bug fix: Incorrect cookie lifetime computation, [#1070](https://github.com/bcosca/fatfree/issues/1070), [#1016](https://github.com/bcosca/fatfree/issues/1016)
* DB\SQL\Mapper: use RETURNING option instead of a sequence query to get lastInsertId in PostgreSQL, [#1069](https://github.com/bcosca/fatfree/issues/1069), [#230](https://github.com/bcosca/fatfree-core/issues/230)
* DB\SQL\Session: check if _agent is too long for SQL based sessions [#236](https://github.com/bcosca/fatfree-core/issues/236)
* DB\SQL\Session: fix Session handler table creation issue on SQL Server, [#899](https://github.com/bcosca/fatfree/issues/899)
* DB\SQL: fix oracle db issue with empty error variable, [#1072](https://github.com/bcosca/fatfree/issues/1072)
* DB\SQL\Mapper: fix sorting issues on SQL Server, [#1052](https://github.com/bcosca/fatfree/issues/1052) [#225](https://github.com/bcosca/fatfree-core/issues/225)
* Prevent directory traversal attacks on filesystem based cache [#1073](https://github.com/bcosca/fatfree/issues/1073)
* Bug fix, Template: PHP constants used in include with attribute, [#983](https://github.com/bcosca/fatfree/issues/983)
* Bug fix, Template: Numeric value in expression alters PHP_EOL context
* Template: use existing linefeed instead of PHP_EOL, [#1048](https://github.com/bcosca/fatfree/issues/1048)
* Template: make newline interpolation handling configurable [#223](https://github.com/bcosca/fatfree-core/issues/223)
* Template: add beforerender to Preview
* fix custom FORMATS without modifiers
* Cache: Refactor Cache->reset for XCache
* Cache: loosen reset cache key pattern, [#1041](https://github.com/bcosca/fatfree/issues/1041)
* XCache: suffix reset only works if xcache.admin.enable_auth is disabled
* Added HTTP 103 as recently approved by the IETF
* LDAP changes to for AD flexibility [#227](https://github.com/bcosca/fatfree-core/issues/227)
* Hide debug trace from ajax errors when DEBUG=0 [#1071](https://github.com/bcosca/fatfree/issues/1071)
* fix View->render using potentially wrong cache entry
3.6.2 (26 June 2017)
* Return a status code > 0 when dying on error [#220](https://github.com/bcosca/fatfree-core/issues/220)
* fix SMTP line width [#215](https://github.com/bcosca/fatfree-core/issues/215)
View
@@ -115,18 +115,27 @@ protected function _sql($id,$pw,$realm) {
* @param $pw string
**/
protected function _ldap($id,$pw) {
$dc=@ldap_connect($this->args['dc']);
$port=(int)($this->args['port']?:389);
$filter=$this->args['filter']=$this->args['filter']?:"uid=".$id;
$this->args['attr']=$this->args['attr']?:["uid"];
array_walk($this->args['attr'],
function($attr)use(&$filter,$id) {
$filter=str_ireplace($attr."=*",$attr."=".$id,$filter);});
$dc=@ldap_connect($this->args['dc'],$port);
if ($dc &&
ldap_set_option($dc,LDAP_OPT_PROTOCOL_VERSION,3) &&
ldap_set_option($dc,LDAP_OPT_REFERRALS,0) &&
ldap_bind($dc,$this->args['rdn'],$this->args['pw']) &&
($result=ldap_search($dc,$this->args['base_dn'],
$this->args['uid'].'='.$id)) &&
$filter,$this->args['attr'])) &&
ldap_count_entries($dc,$result) &&
($info=ldap_get_entries($dc,$result)) &&
$info['count']==1 &&
@ldap_bind($dc,$info[0]['dn'],$pw) &&
@ldap_close($dc)) {
return $info[0][$this->args['uid']][0]==$id;
return in_array($id,(array_map(function($value){return $value[0];},
array_intersect_key($info[0],
array_flip($this->args['attr'])))),TRUE);
}
user_error(self::E_LDAP,E_USER_ERROR);
}
Oops, something went wrong.

0 comments on commit 1d1fe8f

Please sign in to comment.