Permalink
Browse files

MDL-15039 Apostrophes in idnumber prevent users from being unenrolled…

… via LDAP

If any member of a course has an ID number containing an apostrophe (eg.
CN=Paddy O'Brien,OU=Students,DC=etc...), no other members will ever be
unenrolled via LDAP.

Thanks to Michael Woods for the bug report and proposed solution.
  • Loading branch information...
1 parent 957e659 commit fb8f96c38d842d175ed9f1759e3acc10d2b9ad13 iarenaza committed Jun 2, 2008
Showing with 5 additions and 4 deletions.
  1. +5 −4 enrol/ldap/enrol.php
View
@@ -243,6 +243,7 @@ function sync_enrolments($type, $enrol = false) {
$ldapmembers = $course[strtolower($CFG->{'enrol_ldap_memberattribute_role'.$role->id} )];
unset($ldapmembers['count']); // remove oddity ;)
+ $ldapmembers = addslashes_recursive($ldapmembers);
}
// prune old ldap enrolments
@@ -278,19 +279,19 @@ function sync_enrolments($type, $enrol = false) {
$sql = 'SELECT id,1 FROM '.$CFG->prefix.'user '
." WHERE idnumber='$ldapmember'";
$member = get_record_sql($sql);
-// print "sql: $sql \nidnumber = $ldapmember \n" . var_dump($member);
+// print "sql: $sql \nidnumber = ".stripslashes($ldapmember)." \n".var_dump($member);
if(empty($member) || empty($member->id)){
- print "Could not find user $ldapmember, skipping\n";
+ print "Could not find user ".stripslashes($ldapmember).", skipping\n";
continue;
}
$member = $member->id;
if (!get_record('role_assignments', 'roleid', $role->id,
'contextid', $context->id,
'userid', $member, 'enrol', 'ldap')){
if (role_assign($role->id, $member, 0, $context->id, 0, 0, 0, 'ldap')){
- print "Assigned role $type to $member ($ldapmember) for course $course_obj->id ($course_obj->shortname)\n";
+ print "Assigned role $type to $member (".stripslashes($ldapmember).") for course $course_obj->id ($course_obj->shortname)\n";
} else {
- print "Failed to assign role $type to $member ($ldapmember) for course $course_obj->id ($course_obj->shortname)\n";
+ print "Failed to assign role $type to $member (".stripslashes($ldapmember).") for course $course_obj->id ($course_obj->shortname)\n";
}
}
}

0 comments on commit fb8f96c

Please sign in to comment.