From 011d5f554c1fcc2896c8798c9ef29b59af7b2692 Mon Sep 17 00:00:00 2001 From: Victor Dubiniuk Date: Fri, 23 Sep 2016 01:30:57 +0300 Subject: Harden empty Signed-off-by: Arthur Schiwon --- apps/user_ldap/lib/Access.php | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) (limited to 'apps/user_ldap/lib/Access.php') diff --git a/apps/user_ldap/lib/Access.php b/apps/user_ldap/lib/Access.php index 96b6bae64bd..19920c58d6c 100644 --- a/apps/user_ldap/lib/Access.php +++ b/apps/user_ldap/lib/Access.php @@ -184,14 +184,14 @@ class Access extends LDAPUtility implements IUserTools { $dn = $this->helper->DNasBaseParameter($dn); $rr = @$this->ldap->read($cr, $dn, $filter, array($attr)); if(!$this->ldap->isResource($rr)) { - if(!empty($attr)) { + if ($attr !== '') { //do not throw this message on userExists check, irritates \OCP\Util::writeLog('user_ldap', 'readAttribute failed for DN '.$dn, \OCP\Util::DEBUG); } //in case an error occurs , e.g. object does not exist return false; } - if (empty($attr) && ($filter === 'objectclass=*' || $this->ldap->countEntries($cr, $rr) === 1)) { + if ($attr === '' && ($filter === 'objectclass=*' || $this->ldap->countEntries($cr, $rr) === 1)) { \OCP\Util::writeLog('user_ldap', 'readAttribute: '.$dn.' found', \OCP\Util::DEBUG); return array(); } @@ -423,8 +423,8 @@ class Access extends LDAPUtility implements IUserTools { } if($isUser) { - $usernameAttribute = $this->connection->ldapExpertUsernameAttr; - if(!empty($usernameAttribute)) { + $usernameAttribute = strval($this->connection->ldapExpertUsernameAttr); + if ($usernameAttribute !== '') { $username = $this->readAttribute($fdn, $usernameAttribute); $username = $username[0]; } else { @@ -1129,7 +1129,7 @@ class Access extends LDAPUtility implements IUserTools { private function combineFilter($filters, $operator) { $combinedFilter = '('.$operator; foreach($filters as $filter) { - if(!empty($filter) && $filter[0] !== '(') { + if ($filter !== '' && $filter[0] !== '(') { $filter = '('.$filter.')'; } $combinedFilter.=$filter; @@ -1212,7 +1212,7 @@ class Access extends LDAPUtility implements IUserTools { $search = $this->prepareSearchTerm($search); if(!is_array($searchAttributes) || count($searchAttributes) === 0) { - if(empty($fallbackAttribute)) { + if ($fallbackAttribute === '') { return ''; } $filter[] = $fallbackAttribute . '=' . $search; @@ -1238,8 +1238,12 @@ class Access extends LDAPUtility implements IUserTools { $allowEnum = $config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes'); - $result = empty($term) ? '*' : - $allowEnum !== 'no' ? $term . '*' : $term; + $result = $term; + if ($term === '') { + $result = '*'; + } else if ($allowEnum !== 'no') { + $result = $term . '*'; + } return $result; } @@ -1286,7 +1290,7 @@ class Access extends LDAPUtility implements IUserTools { $filter = $this->connection->ldapUserFilter; $base = $this->connection->ldapBaseUsers; - if($this->connection->ldapUuidUserAttribute === 'auto' && empty($uuidOverride)) { + if ($this->connection->ldapUuidUserAttribute === 'auto' && $uuidOverride === '') { // Sacrebleu! The UUID attribute is unknown :( We need first an // existing DN to be able to reliably detect it. $result = $this->search($filter, $base, ['dn'], 1); @@ -1342,7 +1346,7 @@ class Access extends LDAPUtility implements IUserTools { return true; } - if(!empty($uuidOverride) && !$force) { + if ($uuidOverride !== '' && !$force) { $this->connection->$uuidAttr = $uuidOverride; return true; } @@ -1385,7 +1389,7 @@ class Access extends LDAPUtility implements IUserTools { if($this->detectUuidAttribute($dn, $isUser)) { $uuid = $this->readAttribute($dn, $this->connection->$uuidAttr); if( !is_array($uuid) - && !empty($uuidOverride) + && $uuidOverride !== '' && $this->detectUuidAttribute($dn, $isUser, true)) { $uuid = $this->readAttribute($dn, $this->connection->$uuidAttr); -- cgit v1.2.3