summaryrefslogtreecommitdiffstats
path: root/apps/user_ldap/lib/Access.php
diff options
context:
space:
mode:
authorLukas Reschke <lukas@statuscode.ch>2016-10-18 17:20:15 +0200
committerGitHub <noreply@github.com>2016-10-18 17:20:15 +0200
commitb8eea5fcab428939463c605bebebb602b732d121 (patch)
treee218a713d3c482680b535a43336bc37d8382a851 /apps/user_ldap/lib/Access.php
parent9759f55e505010f6135d7aaeae83d26885939363 (diff)
parentdade28cadd3d73feaf665cfd338928643b7c5793 (diff)
downloadnextcloud-server-b8eea5fcab428939463c605bebebb602b732d121.tar.gz
nextcloud-server-b8eea5fcab428939463c605bebebb602b732d121.zip
Merge pull request #1729 from nextcloud/downstream-ldap-3
[downstream] LDAP empty hardening
Diffstat (limited to 'apps/user_ldap/lib/Access.php')
-rw-r--r--apps/user_ldap/lib/Access.php26
1 files changed, 15 insertions, 11 deletions
diff --git a/apps/user_ldap/lib/Access.php b/apps/user_ldap/lib/Access.php
index 40bae8d7b41..e7facd80ae0 100644
--- a/apps/user_ldap/lib/Access.php
+++ b/apps/user_ldap/lib/Access.php
@@ -184,14 +184,14 @@ class Access extends LDAPUtility implements IUserTools {
$dn = $this->helper->DNasBaseParameter($dn);
$rr = @$this->ldap->read($cr, $dn, $filter, array($attr));
if(!$this->ldap->isResource($rr)) {
- if(!empty($attr)) {
+ if ($attr !== '') {
//do not throw this message on userExists check, irritates
\OCP\Util::writeLog('user_ldap', 'readAttribute failed for DN '.$dn, \OCP\Util::DEBUG);
}
//in case an error occurs , e.g. object does not exist
return false;
}
- if (empty($attr) && ($filter === 'objectclass=*' || $this->ldap->countEntries($cr, $rr) === 1)) {
+ if ($attr === '' && ($filter === 'objectclass=*' || $this->ldap->countEntries($cr, $rr) === 1)) {
\OCP\Util::writeLog('user_ldap', 'readAttribute: '.$dn.' found', \OCP\Util::DEBUG);
return array();
}
@@ -422,8 +422,8 @@ class Access extends LDAPUtility implements IUserTools {
}
if($isUser) {
- $usernameAttribute = $this->connection->ldapExpertUsernameAttr;
- if(!empty($usernameAttribute)) {
+ $usernameAttribute = strval($this->connection->ldapExpertUsernameAttr);
+ if ($usernameAttribute !== '') {
$username = $this->readAttribute($fdn, $usernameAttribute);
$username = $username[0];
} else {
@@ -1128,7 +1128,7 @@ class Access extends LDAPUtility implements IUserTools {
private function combineFilter($filters, $operator) {
$combinedFilter = '('.$operator;
foreach($filters as $filter) {
- if(!empty($filter) && $filter[0] !== '(') {
+ if ($filter !== '' && $filter[0] !== '(') {
$filter = '('.$filter.')';
}
$combinedFilter.=$filter;
@@ -1211,7 +1211,7 @@ class Access extends LDAPUtility implements IUserTools {
$search = $this->prepareSearchTerm($search);
if(!is_array($searchAttributes) || count($searchAttributes) === 0) {
- if(empty($fallbackAttribute)) {
+ if ($fallbackAttribute === '') {
return '';
}
$filter[] = $fallbackAttribute . '=' . $search;
@@ -1237,8 +1237,12 @@ class Access extends LDAPUtility implements IUserTools {
$allowEnum = $config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes');
- $result = empty($term) ? '*' :
- $allowEnum !== 'no' ? $term . '*' : $term;
+ $result = $term;
+ if ($term === '') {
+ $result = '*';
+ } else if ($allowEnum !== 'no') {
+ $result = $term . '*';
+ }
return $result;
}
@@ -1285,7 +1289,7 @@ class Access extends LDAPUtility implements IUserTools {
$filter = $this->connection->ldapUserFilter;
$base = $this->connection->ldapBaseUsers;
- if($this->connection->ldapUuidUserAttribute === 'auto' && empty($uuidOverride)) {
+ if ($this->connection->ldapUuidUserAttribute === 'auto' && $uuidOverride === '') {
// Sacrebleu! The UUID attribute is unknown :( We need first an
// existing DN to be able to reliably detect it.
$result = $this->search($filter, $base, ['dn'], 1);
@@ -1341,7 +1345,7 @@ class Access extends LDAPUtility implements IUserTools {
return true;
}
- if(!empty($uuidOverride) && !$force) {
+ if ($uuidOverride !== '' && !$force) {
$this->connection->$uuidAttr = $uuidOverride;
return true;
}
@@ -1384,7 +1388,7 @@ class Access extends LDAPUtility implements IUserTools {
if($this->detectUuidAttribute($dn, $isUser)) {
$uuid = $this->readAttribute($dn, $this->connection->$uuidAttr);
if( !is_array($uuid)
- && !empty($uuidOverride)
+ && $uuidOverride !== ''
&& $this->detectUuidAttribute($dn, $isUser, true)) {
$uuid = $this->readAttribute($dn,
$this->connection->$uuidAttr);