diff options
author | Victor Dubiniuk <victor.dubiniuk@gmail.com> | 2016-09-23 01:30:57 +0300 |
---|---|---|
committer | Arthur Schiwon <blizzz@arthur-schiwon.de> | 2016-10-13 00:53:34 +0200 |
commit | 011d5f554c1fcc2896c8798c9ef29b59af7b2692 (patch) | |
tree | a82d4724e97221a2cf05fb3e5c2c39fc8a462321 /apps/user_ldap | |
parent | 17fa45a29200ced15b4258f2d06d8159b60856f9 (diff) | |
download | nextcloud-server-011d5f554c1fcc2896c8798c9ef29b59af7b2692.tar.gz nextcloud-server-011d5f554c1fcc2896c8798c9ef29b59af7b2692.zip |
Harden empty
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
Diffstat (limited to 'apps/user_ldap')
-rw-r--r-- | apps/user_ldap/lib/Access.php | 26 | ||||
-rw-r--r-- | apps/user_ldap/lib/Configuration.php | 4 | ||||
-rw-r--r-- | apps/user_ldap/lib/Connection.php | 13 | ||||
-rw-r--r-- | apps/user_ldap/lib/Group_LDAP.php | 11 | ||||
-rw-r--r-- | apps/user_ldap/lib/User/User.php | 27 | ||||
-rw-r--r-- | apps/user_ldap/lib/User_LDAP.php | 6 | ||||
-rw-r--r-- | apps/user_ldap/lib/Wizard.php | 22 |
7 files changed, 59 insertions, 50 deletions
diff --git a/apps/user_ldap/lib/Access.php b/apps/user_ldap/lib/Access.php index 96b6bae64bd..19920c58d6c 100644 --- a/apps/user_ldap/lib/Access.php +++ b/apps/user_ldap/lib/Access.php @@ -184,14 +184,14 @@ class Access extends LDAPUtility implements IUserTools { $dn = $this->helper->DNasBaseParameter($dn); $rr = @$this->ldap->read($cr, $dn, $filter, array($attr)); if(!$this->ldap->isResource($rr)) { - if(!empty($attr)) { + if ($attr !== '') { //do not throw this message on userExists check, irritates \OCP\Util::writeLog('user_ldap', 'readAttribute failed for DN '.$dn, \OCP\Util::DEBUG); } //in case an error occurs , e.g. object does not exist return false; } - if (empty($attr) && ($filter === 'objectclass=*' || $this->ldap->countEntries($cr, $rr) === 1)) { + if ($attr === '' && ($filter === 'objectclass=*' || $this->ldap->countEntries($cr, $rr) === 1)) { \OCP\Util::writeLog('user_ldap', 'readAttribute: '.$dn.' found', \OCP\Util::DEBUG); return array(); } @@ -423,8 +423,8 @@ class Access extends LDAPUtility implements IUserTools { } if($isUser) { - $usernameAttribute = $this->connection->ldapExpertUsernameAttr; - if(!empty($usernameAttribute)) { + $usernameAttribute = strval($this->connection->ldapExpertUsernameAttr); + if ($usernameAttribute !== '') { $username = $this->readAttribute($fdn, $usernameAttribute); $username = $username[0]; } else { @@ -1129,7 +1129,7 @@ class Access extends LDAPUtility implements IUserTools { private function combineFilter($filters, $operator) { $combinedFilter = '('.$operator; foreach($filters as $filter) { - if(!empty($filter) && $filter[0] !== '(') { + if ($filter !== '' && $filter[0] !== '(') { $filter = '('.$filter.')'; } $combinedFilter.=$filter; @@ -1212,7 +1212,7 @@ class Access extends LDAPUtility implements IUserTools { $search = $this->prepareSearchTerm($search); if(!is_array($searchAttributes) || count($searchAttributes) === 0) { - if(empty($fallbackAttribute)) { + if ($fallbackAttribute === '') { return ''; } $filter[] = $fallbackAttribute . '=' . $search; @@ -1238,8 +1238,12 @@ class Access extends LDAPUtility implements IUserTools { $allowEnum = $config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes'); - $result = empty($term) ? '*' : - $allowEnum !== 'no' ? $term . '*' : $term; + $result = $term; + if ($term === '') { + $result = '*'; + } else if ($allowEnum !== 'no') { + $result = $term . '*'; + } return $result; } @@ -1286,7 +1290,7 @@ class Access extends LDAPUtility implements IUserTools { $filter = $this->connection->ldapUserFilter; $base = $this->connection->ldapBaseUsers; - if($this->connection->ldapUuidUserAttribute === 'auto' && empty($uuidOverride)) { + if ($this->connection->ldapUuidUserAttribute === 'auto' && $uuidOverride === '') { // Sacrebleu! The UUID attribute is unknown :( We need first an // existing DN to be able to reliably detect it. $result = $this->search($filter, $base, ['dn'], 1); @@ -1342,7 +1346,7 @@ class Access extends LDAPUtility implements IUserTools { return true; } - if(!empty($uuidOverride) && !$force) { + if ($uuidOverride !== '' && !$force) { $this->connection->$uuidAttr = $uuidOverride; return true; } @@ -1385,7 +1389,7 @@ class Access extends LDAPUtility implements IUserTools { if($this->detectUuidAttribute($dn, $isUser)) { $uuid = $this->readAttribute($dn, $this->connection->$uuidAttr); if( !is_array($uuid) - && !empty($uuidOverride) + && $uuidOverride !== '' && $this->detectUuidAttribute($dn, $isUser, true)) { $uuid = $this->readAttribute($dn, $this->connection->$uuidAttr); diff --git a/apps/user_ldap/lib/Configuration.php b/apps/user_ldap/lib/Configuration.php index 54dfe6779ba..80b353360c3 100644 --- a/apps/user_ldap/lib/Configuration.php +++ b/apps/user_ldap/lib/Configuration.php @@ -161,7 +161,7 @@ class Configuration { break; case 'homeFolderNamingRule': $trimmedVal = trim($val); - if(!empty($trimmedVal) && strpos($val, 'attr:') === false) { + if ($trimmedVal !== '' && strpos($val, 'attr:') === false) { $val = 'attr:'.$trimmedVal; } break; @@ -309,7 +309,7 @@ class Configuration { foreach($value as $key => $val) { if(is_string($val)) { $val = trim($val); - if(!empty($val)) { + if ($val !== '') { //accidental line breaks are not wanted and can cause // odd behaviour. Thus, away with them. $finalValue[] = $val; diff --git a/apps/user_ldap/lib/Connection.php b/apps/user_ldap/lib/Connection.php index 64c8b9675a3..6028486e8bb 100644 --- a/apps/user_ldap/lib/Connection.php +++ b/apps/user_ldap/lib/Connection.php @@ -137,7 +137,7 @@ class Connection extends LDAPUtility { $this->configuration->$name = $value; $after = $this->configuration->$name; if($before !== $after) { - if(!empty($this->configID)) { + if ($this->configID !== '') { $this->configuration->saveConfiguration(); } $this->validateConfiguration(); @@ -358,8 +358,8 @@ class Connection extends LDAPUtility { } } - $backupPort = $this->configuration->ldapBackupPort; - if(empty($backupPort)) { + $backupPort = intval($this->configuration->ldapBackupPort); + if ($backupPort <= 0) { $this->configuration->backupPort = $this->configuration->ldapPort; } @@ -427,7 +427,10 @@ class Connection extends LDAPUtility { //combinations $agent = $this->configuration->ldapAgentName; $pwd = $this->configuration->ldapAgentPassword; - if((empty($agent) && !empty($pwd)) || (!empty($agent) && empty($pwd))) { + if ( + ($agent === '' && $pwd !== '') + || ($agent !== '' && $pwd === '') + ) { \OCP\Util::writeLog('user_ldap', $errorStr.'either no password is given for the'. 'user agent or a password is given, but not an'. @@ -568,7 +571,7 @@ class Connection extends LDAPUtility { * @throws \OC\ServerNotAvailableException */ private function doConnect($host, $port) { - if(empty($host)) { + if ($host === '') { return false; } $this->ldapConnectionRes = $this->ldap->connect($host, $port); diff --git a/apps/user_ldap/lib/Group_LDAP.php b/apps/user_ldap/lib/Group_LDAP.php index 67caa415efa..49e5e724833 100644 --- a/apps/user_ldap/lib/Group_LDAP.php +++ b/apps/user_ldap/lib/Group_LDAP.php @@ -360,7 +360,7 @@ class Group_LDAP extends BackendUtility implements \OCP\GroupInterface { $filterParts = []; $filterParts[] = $this->access->getFilterForUserCount(); - if(!empty($search)) { + if ($search !== '') { $filterParts[] = $this->access->getFilterPartForUserSearch($search); } $filterParts[] = 'primaryGroupID=' . $groupID; @@ -658,7 +658,7 @@ class Group_LDAP extends BackendUtility implements \OCP\GroupInterface { $groupUsers[] = $this->access->dn2username($ldap_users[0]['dn'][0]); } else { //we got DNs, check if we need to filter by search or we can give back all of them - if(!empty($search)) { + if ($search !== '') { if(!$this->access->readAttribute($member, $this->access->connection->ldapUserDisplayName, $this->access->getFilterPartForUserSearch($search))) { @@ -714,7 +714,7 @@ class Group_LDAP extends BackendUtility implements \OCP\GroupInterface { return false; } - if(empty($search)) { + if ($search === '') { $groupUsers = count($members) + $primaryUserCount; $this->access->connection->writeToCache($cacheKey, $groupUsers); return $groupUsers; @@ -826,9 +826,8 @@ class Group_LDAP extends BackendUtility implements \OCP\GroupInterface { return array(); } $search = $this->access->escapeFilterPart($search, true); - $pagingSize = $this->access->connection->ldapPagingSize; - if ((! $this->access->connection->hasPagedResultSupport) - || empty($pagingSize)) { + $pagingSize = intval($this->access->connection->ldapPagingSize); + if (!$this->access->connection->hasPagedResultSupport || $pagingSize <= 0) { return $this->getGroupsChunk($search, $limit, $offset); } $maxGroups = 100000; // limit max results (just for safety reasons) diff --git a/apps/user_ldap/lib/User/User.php b/apps/user_ldap/lib/User/User.php index b2fcac10641..e29b10616ca 100644 --- a/apps/user_ldap/lib/User/User.php +++ b/apps/user_ldap/lib/User/User.php @@ -183,13 +183,13 @@ class User { $displayName = $displayName2 = ''; $attr = strtolower($this->connection->ldapUserDisplayName); if(isset($ldapEntry[$attr])) { - $displayName = $ldapEntry[$attr][0]; + $displayName = strval($ldapEntry[$attr][0]); } $attr = strtolower($this->connection->ldapUserDisplayName2); if(isset($ldapEntry[$attr])) { - $displayName2 = $ldapEntry[$attr][0]; + $displayName2 = strval($ldapEntry[$attr][0]); } - if(!empty($displayName)) { + if ($displayName !== '') { $this->composeAndStoreDisplayName($displayName); $this->access->cacheUserDisplayName( $this->getUsername(), @@ -261,10 +261,10 @@ class User { * @throws \Exception */ public function getHomePath($valueFromLDAP = null) { - $path = $valueFromLDAP; + $path = strval($valueFromLDAP); $attr = null; - if( is_null($path) + if (is_null($valueFromLDAP) && strpos($this->access->connection->homeFolderNamingRule, 'attr:') === 0 && $this->access->connection->homeFolderNamingRule !== 'attr:') { @@ -276,7 +276,7 @@ class User { } } - if(!empty($path)) { + if ($path !== '') { //if attribute's value is an absolute path take this, otherwise append it to data dir //check for / at the beginning or pattern c:\ resp. c:/ if( '/' !== $path[0] @@ -393,7 +393,8 @@ class User { * @returns string the effective display name */ public function composeAndStoreDisplayName($displayName, $displayName2 = '') { - if(!empty($displayName2)) { + $displayName2 = strval($displayName2); + if($displayName2 !== '') { $displayName .= ' (' . $displayName2 . ')'; } $this->store('displayName', $displayName); @@ -432,20 +433,20 @@ class User { if($this->wasRefreshed('email')) { return; } - $email = $valueFromLDAP; + $email = strval($valueFromLDAP); if(is_null($valueFromLDAP)) { $emailAttribute = $this->connection->ldapEmailAttribute; - if(!empty($emailAttribute)) { + if ($emailAttribute !== '') { $aEmail = $this->access->readAttribute($this->dn, $emailAttribute); if(is_array($aEmail) && (count($aEmail) > 0)) { - $email = $aEmail[0]; + $email = strval($aEmail[0]); } } } - if(!is_null($email)) { + if ($email !== '') { $user = $this->userManager->get($this->uid); if (!is_null($user)) { - $currentEmail = $user->getEMailAddress(); + $currentEmail = strval($user->getEMailAddress()); if ($currentEmail !== $email) { $user->setEMailAddress($email); } @@ -470,7 +471,7 @@ class User { if(is_null($valueFromLDAP)) { $quotaAttribute = $this->connection->ldapQuotaAttribute; - if(!empty($quotaAttribute)) { + if ($quotaAttribute !== '') { $aQuota = $this->access->readAttribute($this->dn, $quotaAttribute); if($aQuota && (count($aQuota) > 0)) { $quota = $aQuota[0]; diff --git a/apps/user_ldap/lib/User_LDAP.php b/apps/user_ldap/lib/User_LDAP.php index e7658149302..9f2468bcc85 100644 --- a/apps/user_ldap/lib/User_LDAP.php +++ b/apps/user_ldap/lib/User_LDAP.php @@ -385,7 +385,7 @@ class User_LDAP extends BackendUtility implements \OCP\IUserBackend, \OCP\UserIn //Check whether the display name is configured to have a 2nd feature $additionalAttribute = $this->access->connection->ldapUserDisplayName2; $displayName2 = ''; - if(!empty($additionalAttribute)) { + if ($additionalAttribute !== '') { $displayName2 = $this->access->readAttribute( $this->access->username2dn($uid), $additionalAttribute); @@ -398,8 +398,8 @@ class User_LDAP extends BackendUtility implements \OCP\IUserBackend, \OCP\UserIn if($displayName && (count($displayName) > 0)) { $displayName = $displayName[0]; - if(is_array($displayName2) && (count($displayName2) > 0)) { - $displayName2 = $displayName2[0]; + if (is_array($displayName2)){ + $displayName2 = count($displayName2) > 0 ? $displayName2[0] : ''; } $user = $this->access->userManager->get($uid); diff --git a/apps/user_ldap/lib/Wizard.php b/apps/user_ldap/lib/Wizard.php index cdc98c72cde..2c388b1803e 100644 --- a/apps/user_ldap/lib/Wizard.php +++ b/apps/user_ldap/lib/Wizard.php @@ -220,7 +220,7 @@ class Wizard extends LDAPUtility { } $attr = $this->configuration->ldapUserDisplayName; - if($attr !== 'displayName' && !empty($attr)) { + if ($attr !== '' && $attr !== 'displayName') { // most likely not the default value with upper case N, // verify it still produces a result $count = intval($this->countUsersWithAttribute($attr, true)); @@ -262,7 +262,7 @@ class Wizard extends LDAPUtility { } $attr = $this->configuration->ldapEmailAttribute; - if(!empty($attr)) { + if ($attr !== '') { $count = intval($this->countUsersWithAttribute($attr, true)); if($count > 0) { return false; @@ -552,7 +552,7 @@ class Wizard extends LDAPUtility { } //make sure the use display name is set $displayName = $this->configuration->ldapGroupDisplayName; - if(empty($displayName)) { + if ($displayName === '') { $d = $this->configuration->getDefaults(); $this->applyFind('ldap_group_display_name', $d['ldap_group_display_name']); @@ -576,7 +576,7 @@ class Wizard extends LDAPUtility { } //make sure the use display name is set $displayName = $this->configuration->ldapUserDisplayName; - if(empty($displayName)) { + if ($displayName === '') { $d = $this->configuration->getDefaults(); $this->applyFind('ldap_display_name', $d['ldap_display_name']); } @@ -904,7 +904,7 @@ class Wizard extends LDAPUtility { $er = $this->ldap->firstEntry($cr, $rr); $attrs = $this->ldap->getAttributes($cr, $er); $dn = $this->ldap->getDN($cr, $er); - if(empty($dn)) { + if ($dn == false || $dn === '') { continue; } $filterPart = '(memberof=' . $dn . ')'; @@ -923,7 +923,7 @@ class Wizard extends LDAPUtility { if($parts > 1) { $filter = '(&' . $filter . ')'; } - if(empty($filter)) { + if ($filter === '') { $filter = '(objectclass=*)'; } break; @@ -973,7 +973,7 @@ class Wizard extends LDAPUtility { //fallback $attr = 'cn'; } - if(!empty($attr)) { + if ($attr !== '') { $filterUsername = '(' . $attr . $loginpart . ')'; $parts++; } @@ -1098,8 +1098,10 @@ class Wizard extends LDAPUtility { $agent = $this->configuration->ldapAgentName; $pwd = $this->configuration->ldapAgentPassword; - return ( (!empty($agent) && !empty($pwd)) - || (empty($agent) && empty($pwd))); + return + ($agent !== '' && $pwd !== '') + || ($agent === '' && $pwd === '') + ; } /** @@ -1236,7 +1238,7 @@ class Wizard extends LDAPUtility { if(is_array($setFeatures) && !empty($setFeatures)) { //something is already configured? pre-select it. $this->result->addChange($dbkey, $setFeatures); - } else if($po && !empty($maxEntryObjC)) { + } else if ($po && $maxEntryObjC !== '') { //pre-select objectclass with most result entries $maxEntryObjC = str_replace($p, '', $maxEntryObjC); $this->applyFind($dbkey, $maxEntryObjC); |