don't allow use of starttls on ldap socket connection

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@9980 7612ce4b-ef26-0410-bec9-ea0150e637f0

diff --git a/functions/abook_ldap_server.php b/functions/abook_ldap_server.php
index 596360a6275a3ad250182771183eac7712bfc11c..4fe79c654892006802a832b616e9ef295803f801 100644 (file)
--- a/functions/abook_ldap_server.php
+++ b/functions/abook_ldap_server.php
@@ -246,16 +246,17 @@ class abook_ldap_server extends addressbook_backend {
          * http://www.php.net/ldap-start-tls
          * Check if v3 or newer protocol is used,
          * check if ldap_start_tls function is available.
-         * Silently ignore setting, if requirements are not satisfied
+         * Silently ignore setting, if these requirements are not satisfied.
+         * Break with error message if somebody tries to start TLS on
+         * ldaps or socket connection.
          */
         if($this->starttls && 
            !empty($this->protocol) && $this->protocol >= 3 &&
            function_exists('ldap_start_tls') ) {
-            // make sure that $this->host is not ldaps:// URL.
-            if (preg_match("/^ldaps:\/\/.+/i",$this->server)) {
-                return $this->set_error("you can't enable starttls on ldaps connection.");
+            // make sure that $this->server is not ldaps:// or ldapi:// URL.
+            if (preg_match("/^ldap[si]:\/\/.+/i",$this->server)) {
+                return $this->set_error("you can't enable starttls on ldaps and ldapi connections.");
             }
-            // TODO: starttls and ldapi:// tests are needed
             
             // try starting tls
             if (! @ldap_start_tls($this->linkid)) {