From 8f22733068d6a0ae64838037dac15c90b45af8d7 Mon Sep 17 00:00:00 2001
From: tokul <tokul@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Date: Sun, 21 Aug 2005 15:19:03 +0000
Subject: [PATCH] don't allow use of starttls on ldap socket connection

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@9980 7612ce4b-ef26-0410-bec9-ea0150e637f0
---
 functions/abook_ldap_server.php | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/functions/abook_ldap_server.php b/functions/abook_ldap_server.php
index 596360a6..4fe79c65 100644
--- a/functions/abook_ldap_server.php
+++ b/functions/abook_ldap_server.php
@@ -246,16 +246,17 @@ class abook_ldap_server extends addressbook_backend {
          * http://www.php.net/ldap-start-tls
          * Check if v3 or newer protocol is used,
          * check if ldap_start_tls function is available.
-         * Silently ignore setting, if requirements are not satisfied
+         * Silently ignore setting, if these requirements are not satisfied.
+         * Break with error message if somebody tries to start TLS on
+         * ldaps or socket connection.
          */
         if($this->starttls && 
            !empty($this->protocol) && $this->protocol >= 3 &&
            function_exists('ldap_start_tls') ) {
-            // make sure that $this->host is not ldaps:// URL.
-            if (preg_match("/^ldaps:\/\/.+/i",$this->server)) {
-                return $this->set_error("you can't enable starttls on ldaps connection.");
+            // make sure that $this->server is not ldaps:// or ldapi:// URL.
+            if (preg_match("/^ldap[si]:\/\/.+/i",$this->server)) {
+                return $this->set_error("you can't enable starttls on ldaps and ldapi connections.");
             }
-            // TODO: starttls and ldapi:// tests are needed
             
             // try starting tls
             if (! @ldap_start_tls($this->linkid)) {
-- 
2.25.1