Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

[ZF-11839] fixed security issue (possible password disclosure) #526

Closed
wants to merge 39 commits into from

2 participants

Stefan Gehrig Matthew Weier O'Phinney
Stefan Gehrig

1.11-fix ported to ZF2

sgehrig added some commits
Stefan Gehrig sgehrig updateing 7f7c19d
Stefan Gehrig sgehrig Revert "updateing"
This reverts commit 7f7c19da825c7771f685ba594b506414bf8e9cb4.
90a5225
Stefan Gehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 d46a241
Stefan Gehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 cd3deb5
Stefan Gehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 c7c402a
Stefan Gehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 7a661fa
Stefan Gehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 b26807b
Stefan Gehrig sgehrig test 7927a0f
Stefan Gehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 7c309bf
Stefan Gehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 e494b38
Stefan Gehrig sgehrig Merge branch 'master' of github.com:sgehrig/zf2 2c50897
Stefan Gehrig sgehrig deleted HTTPTest f1e045f
Stefan Gehrig sgehrig Merge branch 'master', remote branch 'zf2/master' 47e0377
Stefan Gehrig sgehrig Merge branch 'master' of github.com:sgehrig/zf2 70492e4
Stefan Gehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 9cb3a2d
Stefan Gehrig sgehrig added .DS_Store to .gitignore
Signed-off-by: Stefan Gehrig <gehrig@ishd.de>
17bdc38
Stefan Gehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 37995a5
Stefan Gehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 722664e
Stefan Gehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 bebe1bf
Stefan Gehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 4dc9a11
Stefan Gehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 03b8abd
Stefan Gehrig sgehrig Merge branch 'master' of github.com:sgehrig/zf2 e8d1313
Stefan Gehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 08c06c8
Stefan Gehrig sgehrig Merge remote branch 'origin/master' c7e6a11
Stefan Gehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 cf35376
Stefan Gehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 8aea678
Stefan Gehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 5aad269
Stefan Gehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 3df55f1
Stefan Gehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 f21ba83
Stefan Gehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 fa582ca
Stefan Gehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 6cc59ca
Stefan Gehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 4c938d8
Stefan Gehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 010bbb8
Stefan Gehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 c93d1ef
Stefan Gehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 dc8907c
Stefan Gehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2
Conflicts:
	.gitignore
0b5d964
Stefan Gehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 671ba15
Stefan Gehrig sgehrig [ZF-11839] fixed security problem (possible password disclosure) 28ff442
Stefan Gehrig sgehrig Merge branch 'master' of git://github.com/zendframework/zf2 188816b
Matthew Weier O'Phinney

Reviewed, merged, and pushed to master. In the future, do your fixes/features on discrete branches, to ensure we don't get spurious commits by accident. :)

Stefan Gehrig
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Jul 31, 2010
  1. Stefan Gehrig

    updateing

    sgehrig authored
  2. Stefan Gehrig

    Revert "updateing"

    sgehrig authored
    This reverts commit 7f7c19da825c7771f685ba594b506414bf8e9cb4.
  3. Stefan Gehrig
Commits on Aug 12, 2010
  1. Stefan Gehrig
Commits on Aug 23, 2010
  1. Stefan Gehrig
Commits on Sep 22, 2010
  1. Stefan Gehrig
Commits on Oct 5, 2010
  1. Stefan Gehrig
  2. Stefan Gehrig

    test

    sgehrig authored
Commits on Nov 3, 2010
  1. Stefan Gehrig
Commits on Nov 14, 2010
  1. Stefan Gehrig
  2. Stefan Gehrig
Commits on Nov 25, 2010
  1. Stefan Gehrig

    deleted HTTPTest

    sgehrig authored
  2. Stefan Gehrig
  3. Stefan Gehrig
Commits on Dec 2, 2010
  1. Stefan Gehrig
Commits on Dec 7, 2010
  1. Stefan Gehrig

    added .DS_Store to .gitignore

    sgehrig authored
    Signed-off-by: Stefan Gehrig <gehrig@ishd.de>
  2. Stefan Gehrig
Commits on Dec 14, 2010
  1. Stefan Gehrig
Commits on Dec 20, 2010
  1. Stefan Gehrig
Commits on Dec 29, 2010
  1. Stefan Gehrig
Commits on Jan 11, 2011
  1. Stefan Gehrig
  2. Stefan Gehrig
Commits on Jan 30, 2011
  1. Stefan Gehrig
  2. Stefan Gehrig
Commits on Feb 2, 2011
  1. Stefan Gehrig
Commits on Feb 3, 2011
  1. Stefan Gehrig
Commits on Feb 5, 2011
  1. Stefan Gehrig
Commits on Feb 24, 2011
  1. Stefan Gehrig
Commits on Mar 2, 2011
  1. Stefan Gehrig
Commits on Mar 8, 2011
  1. Stefan Gehrig
Commits on Mar 9, 2011
  1. Stefan Gehrig
Commits on Mar 23, 2011
  1. Stefan Gehrig
Commits on Apr 1, 2011
  1. Stefan Gehrig
Commits on Apr 19, 2011
  1. Stefan Gehrig
Commits on May 5, 2011
  1. Stefan Gehrig
Commits on Jul 29, 2011
  1. Stefan Gehrig

    Merge branch 'master' of git://github.com/zendframework/zf2

    sgehrig authored
    Conflicts:
    	.gitignore
Commits on Oct 20, 2011
  1. Stefan Gehrig
Commits on Oct 24, 2011
  1. Stefan Gehrig
  2. Stefan Gehrig
This page is out of date. Refresh to see the latest.
Showing with 1 addition and 1 deletion.
  1. +1 −1  library/Zend/Authentication/Adapter/Ldap.php
2  library/Zend/Authentication/Adapter/Ldap.php
View
@@ -365,7 +365,7 @@ public function authenticate()
} else {
$line = $zle->getLine();
$messages[] = $zle->getFile() . "($line): " . $zle->getMessage();
- $messages[] = str_replace($password, '*****', $zle->getTraceAsString());
+ $messages[] = preg_replace('/\b'.preg_quote($password, '/').'\b/', '*****', $zle->getTraceAsString());
$messages[0] = 'An unexpected failure occurred';
}
$messages[1] = $zle->getMessage();
Something went wrong with that request. Please try again.