Re: [openupload-devel] Escaping special password characters
Status: Beta
Brought to you by:
tsdogs
Menu
▾
▴
Re: [openupload-devel] Escaping special password characters
|
From: Weir, J. <jas...@nh...> - 2009-08-19 12:56:54
|
Yup - have you tried addcslashes? It errored on me I had to use addslashes... -J -----Original Message----- From: Alessandro Briosi [mailto:ts...@br...] Sent: Wednesday, August 19, 2009 8:39 AM To: OpenUpload Delvel and General talk Subject: Re: [openupload-devel] Escaping special password characters I have found this which can be of help, there is no ldap_escape function so your solution seems correct, the only thing is that also the username needs to be escaped. /* Escape any characters with a special meaning in LDAP. The following * characters have a special meaning (according to RFC 2253): * ',', '+', '"', '\', '<', '>', ';', '*' * These characters are escaped by prefixing them with '\'. */ $username = addcslashes($username, ',+"\\<>;*'); $password = addcslashes($password, ',+"\\<>;*'); but yours seems more complete. Alessandro Weir, Jason ha scritto: > Sounds like you are on top of it... > > Thanks! > -J > > -----Original Message----- > From: Alessandro Briosi [mailto:ts...@br...] > Sent: Wednesday, August 19, 2009 8:09 AM > To: ope...@li...; ab...@me... > Subject: Re: [openupload-devel] Escaping special password characters > > > well I use the provided _escape functions from php, which should avoid > injection, of course this does not apply to LDAP/AD, though they are not > SQL, but have not idea on what could be done with authentication and > queries on LDAP. > > Alessandro > > Weir, Jason ha scritto: >> Aside from the password issue this presents sql injection problems, >> all user entered data needs to be filtered in some way... >> >> Here is a more complete list >> >> $password = addslashes($password, '\;%_:$&?-+=*[]()¡"\"´`'); >> >> -Jason >> >> -----Original Message----- >> From: Alessandro Briosi [mailto:ts...@br...] >> Sent: Tuesday, August 18, 2009 5:30 PM >> To: OpenUpload Delvel and General talk >> Subject: Re: [openupload-devel] Escaping special password characters >> >> >> I think I should find a more general version, 'cause maybe we miss >> some... >> >> Thanks, >> Alessandro >> >> Weir, Jason ha scritto: >>> I added the following line to ldap.inc.php right after line 42 in >>> the authenticate function >>> >>> $password = addslashes($password, '!\',+"\\<>;*'); >>> >>> It fixed my problem - hope it helps someone else. >>> >>> -Jason >> >> _____________________________________________________________________ >> _ >> _______________________ >> >> Please visit www.nhrs.org to subscribe to NHRS email announcements >> and >> updates. >> ------------------------------------------------------------------------------ >> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day >> trial. Simplify your report design, integration and deployment - and focus on >> what you do best, core application coding. Discover what's new with >> Crystal Reports now. http://p.sf.net/sfu/bobj-july >> _______________________________________________ >> Openupload-devel mailing list >> Ope...@li... >> https://lists.sourceforge.net/lists/listinfo/openupload-devel > > ---------------------------------------------------------------------- > -------- > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day > trial. Simplify your report design, integration and deployment - and focus on > what you do best, core application coding. Discover what's new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ > Openupload-devel mailing list Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openupload-devel > > > ______________________________________________________________________ > _______________________ > > Please visit www.nhrs.org to subscribe to NHRS email announcements and > updates. > > > ______________________________________________________________________ > _______________________ > > Please visit www.nhrs.org to subscribe to NHRS email announcements and > updates. > ------------------------------------------------------------------------------ > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day > trial. Simplify your report design, integration and deployment - and focus on > what you do best, core application coding. Discover what's new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july > _______________________________________________ > Openupload-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openupload-devel ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Openupload-devel mailing list Ope...@li... https://lists.sourceforge.net/lists/listinfo/openupload-devel _____________________________________________________________________________________________ Please visit www.nhrs.org to subscribe to NHRS email announcements and updates. _____________________________________________________________________________________________ Please visit www.nhrs.org to subscribe to NHRS email announcements and updates. |
