Permalink
Browse files

Fix ldap UserID contents umlauts

  • Loading branch information...
1 parent e272eb5 commit 674c30826c05befcb4f829589484ea0d1590d325 @c12simple c12simple committed Sep 22, 2016
@@ -26,6 +26,7 @@
use Pydio\Core\Controller\ProgressBarCLI;
use Pydio\Core\Services\RolesService;
use Pydio\Core\Services\UsersService;
+use Pydio\Core\Utils\Vars\InputFilter;
use Pydio\Core\Utils\Vars\StringHelper;
defined('AJXP_EXEC') or die('Access not allowed');
@@ -977,4 +978,16 @@ public function getLdapGroupListFromDN()
self::$allowedGroupList = $returnArray;
return $returnArray;
}
+
+ /**
+ * By pass sanitizing user id that make sure tha we can use utf8 user_id
+ *
+ * @param $s
+ * @param int $level
+ * @return mixed|string
+ */
+ public function sanitize($s, $level = InputFilter::SANITIZE_HTML)
+ {
+ return $s;
+ }
}
@@ -26,6 +26,7 @@
use Pydio\Core\Model\UserInterface;
use Pydio\Core\PluginFramework\PluginsService;
+use Pydio\Core\Utils\Vars\InputFilter;
defined('AJXP_EXEC') or die('Access not allowed');
@@ -556,4 +557,21 @@ public function filterCredentials($userId, $pwd)
return array($this->extractRealId($userId), $pwd);
}
+ /**
+ * @param $s
+ * @param int $level
+ * @return mixed|string
+ */
+ public function sanitize($s, $level = InputFilter::SANITIZE_HTML)
+ {
+ /**
+ * Override only for ldap.
+ */
+ if ($this->masterSlaveMode) {
+ if ($this->masterName == 'ldap') {
+ return $this->drivers[$this->masterName]->sanitize($s, $level);
+ }
+ }
+ return parent::sanitize($s, $level);
+ }
}
@@ -121,7 +121,9 @@ function logUserFromLoginAction(\Psr\Http\Message\ServerRequestInterface &$reque
if ($cookieLogin) {
list($userId, $userPass) = CookiesHelper::getRememberCookieData();
} else {
- $userId = (isSet($httpVars["userid"]) ? InputFilter::sanitize($httpVars["userid"], InputFilter::SANITIZE_EMAILCHARS) : null);
+ //$userId = (isSet($httpVars["userid"]) ? InputFilter::sanitize($httpVars["userid"], InputFilter::SANITIZE_EMAILCHARS) : null);
+ // Auth drivers will do the sanitizing userId.
+ $userId = (isSet($httpVars["userid"]) ? $httpVars["userid"] : null);
$userPass = (isSet($httpVars["password"]) ? trim($httpVars["password"]) : null);
}
$rememberMe = ((isSet($httpVars["remember_me"]) && $httpVars["remember_me"] == "true") ? true : false);
@@ -32,6 +32,7 @@
use Pydio\Core\Services\RolesService;
use Pydio\Core\Services\UsersService;
use Zend\Diactoros\Response\TextResponse;
+use Pydio\Core\Utils\Vars\InputFilter;
defined('AJXP_EXEC') or die( 'Access not allowed');
@@ -381,4 +382,15 @@ public function updateUserObject(&$userObject)
}
}
+ /**
+ * Sanitize user_id and password. Should be implemented by children (auth ldap) to
+ * be able to use login_id with special characters (utf8) such as : ä, é ...
+ * @param $s
+ * @param int $level
+ * @return mixed|string
+ * @throws \Pydio\Core\Exception\ForbiddenCharacterException
+ */
+ public function sanitize($s, $level = InputFilter::SANITIZE_HTML){
+ return InputFilter::sanitize($s, $level);
+ }
}

0 comments on commit 674c308

Please sign in to comment.