Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

[ZF-11839] fixed security issue (possible password disclosure) #526

Closed
wants to merge 39 commits into from

2 participants

@sgehrig

1.11-fix ported to ZF2

sgehrig added some commits
@sgehrig sgehrig updateing 7f7c19d
@sgehrig sgehrig Revert "updateing"
This reverts commit 7f7c19da825c7771f685ba594b506414bf8e9cb4.
90a5225
@sgehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 d46a241
@sgehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 cd3deb5
@sgehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 c7c402a
@sgehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 7a661fa
@sgehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 b26807b
@sgehrig sgehrig test 7927a0f
@sgehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 7c309bf
@sgehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 e494b38
@sgehrig sgehrig Merge branch 'master' of github.com:sgehrig/zf2 2c50897
@sgehrig sgehrig deleted HTTPTest f1e045f
@sgehrig sgehrig Merge branch 'master', remote branch 'zf2/master' 47e0377
@sgehrig sgehrig Merge branch 'master' of github.com:sgehrig/zf2 70492e4
@sgehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 9cb3a2d
@sgehrig sgehrig added .DS_Store to .gitignore
Signed-off-by: Stefan Gehrig <gehrig@ishd.de>
17bdc38
@sgehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 37995a5
@sgehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 722664e
@sgehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 bebe1bf
@sgehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 4dc9a11
@sgehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 03b8abd
@sgehrig sgehrig Merge branch 'master' of github.com:sgehrig/zf2 e8d1313
@sgehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 08c06c8
@sgehrig sgehrig Merge remote branch 'origin/master' c7e6a11
@sgehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 cf35376
@sgehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 8aea678
@sgehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 5aad269
@sgehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 3df55f1
@sgehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 f21ba83
@sgehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 fa582ca
@sgehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 6cc59ca
@sgehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 4c938d8
@sgehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 010bbb8
@sgehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 c93d1ef
@sgehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 dc8907c
@sgehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2
Conflicts:
	.gitignore
0b5d964
@sgehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 671ba15
@sgehrig sgehrig [ZF-11839] fixed security problem (possible password disclosure) 28ff442
@sgehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 188816b
@weierophinney

Reviewed, merged, and pushed to master. In the future, do your fixes/features on discrete branches, to ensure we don't get spurious commits by accident. :)

@sgehrig
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Jul 31, 2010
  1. @sgehrig

    updateing

    sgehrig authored
  2. @sgehrig

    Revert "updateing"

    sgehrig authored
    This reverts commit 7f7c19da825c7771f685ba594b506414bf8e9cb4.
  3. @sgehrig
Commits on Aug 12, 2010
  1. @sgehrig
Commits on Aug 23, 2010
  1. @sgehrig
Commits on Sep 22, 2010
  1. @sgehrig
Commits on Oct 5, 2010
  1. @sgehrig
  2. @sgehrig

    test

    sgehrig authored
Commits on Nov 3, 2010
  1. @sgehrig
Commits on Nov 14, 2010
  1. @sgehrig
  2. @sgehrig
Commits on Nov 25, 2010
  1. @sgehrig

    deleted HTTPTest

    sgehrig authored
  2. @sgehrig
  3. @sgehrig
Commits on Dec 2, 2010
  1. @sgehrig
Commits on Dec 7, 2010
  1. @sgehrig

    added .DS_Store to .gitignore

    sgehrig authored
    Signed-off-by: Stefan Gehrig <gehrig@ishd.de>
  2. @sgehrig
Commits on Dec 14, 2010
  1. @sgehrig
Commits on Dec 20, 2010
  1. @sgehrig
Commits on Dec 29, 2010
  1. @sgehrig
Commits on Jan 11, 2011
  1. @sgehrig
  2. @sgehrig
Commits on Jan 30, 2011
  1. @sgehrig
  2. @sgehrig
Commits on Feb 2, 2011
  1. @sgehrig
Commits on Feb 3, 2011
  1. @sgehrig
Commits on Feb 5, 2011
  1. @sgehrig
Commits on Feb 24, 2011
  1. @sgehrig
Commits on Mar 2, 2011
  1. @sgehrig
Commits on Mar 8, 2011
  1. @sgehrig
Commits on Mar 9, 2011
  1. @sgehrig
Commits on Mar 23, 2011
  1. @sgehrig
Commits on Apr 1, 2011
  1. @sgehrig
Commits on Apr 19, 2011
  1. @sgehrig
Commits on May 5, 2011
  1. @sgehrig
Commits on Jul 29, 2011
  1. @sgehrig

    Merge branch 'master' of git://github.com/zendframework/zf2

    sgehrig authored
    Conflicts:
    	.gitignore
Commits on Oct 20, 2011
  1. @sgehrig
Commits on Oct 24, 2011
  1. @sgehrig
  2. @sgehrig
This page is out of date. Refresh to see the latest.
Showing with 1 addition and 1 deletion.
  1. +1 −1  library/Zend/Authentication/Adapter/Ldap.php
View
2  library/Zend/Authentication/Adapter/Ldap.php
@@ -365,7 +365,7 @@ public function authenticate()
} else {
$line = $zle->getLine();
$messages[] = $zle->getFile() . "($line): " . $zle->getMessage();
- $messages[] = str_replace($password, '*****', $zle->getTraceAsString());
+ $messages[] = preg_replace('/\b'.preg_quote($password, '/').'\b/', '*****', $zle->getTraceAsString());
$messages[0] = 'An unexpected failure occurred';
}
$messages[1] = $zle->getMessage();
Something went wrong with that request. Please try again.