projects / squirrelmail.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0d4096a) | patch
sanitizing ldap search. I think, in this case it only prevents ldap search
authortokul <tokul@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Sun, 27 Feb 2005 09:45:53 +0000 (09:45 +0000)
committertokul <tokul@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Sun, 27 Feb 2005 09:45:53 +0000 (09:45 +0000)
commitd58ed98fa224002865312f5ad9462e6ab4603d03
treee0900375ed186dacded0c1c3fad6ea616d7ba7e3tree | snapshot (zip tar.gz)
parent0d4096aa92907a59ffa435a246dbedcd60968ba2commit | diff
sanitizing ldap search. I think, in this case it only prevents ldap search
errors. Backend does not enclose search in () and custom search options
can't be inserted. If I am wrong, attacker was able to scrap some complex
cn=*something* search expression, that could abuse ldap backend or ldap
server.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@8894 7612ce4b-ef26-0410-bec9-ea0150e637f0
ChangeLog diff | blob | blame | history
functions/abook_ldap_server.php diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.