Re: [openupload-devel] Escaping special password characters
Status: Beta
Brought to you by:
tsdogs
Menu
▾
▴
Re: [openupload-devel] Escaping special password characters
|
From: Alessandro B. <ts...@br...> - 2009-08-19 13:08:45
|
nope, but I'll let u know when I come to the point :) Alessandro Weir, Jason ha scritto: > Yup - have you tried addcslashes? It errored on me I had to use addslashes... > > -J > > -----Original Message----- > From: Alessandro Briosi [mailto:ts...@br...] > Sent: Wednesday, August 19, 2009 8:39 AM > To: OpenUpload Delvel and General talk > Subject: Re: [openupload-devel] Escaping special password characters > > > I have found this which can be of help, there is no ldap_escape function > so your solution seems correct, the only thing is that also the username > needs to be escaped. > > /* Escape any characters with a special meaning in LDAP. The following > * characters have a special meaning (according to RFC 2253): > * ',', '+', '"', '\', '<', '>', ';', '*' > * These characters are escaped by prefixing them with '\'. > */ > $username = addcslashes($username, ',+"\\<>;*'); > $password = addcslashes($password, ',+"\\<>;*'); > > but yours seems more complete. > Alessandro > > Weir, Jason ha scritto: >> Sounds like you are on top of it... >> >> Thanks! >> -J >> >> -----Original Message----- >> From: Alessandro Briosi [mailto:ts...@br...] >> Sent: Wednesday, August 19, 2009 8:09 AM >> To: ope...@li...; ab...@me... >> Subject: Re: [openupload-devel] Escaping special password characters >> >> >> well I use the provided _escape functions from php, which should avoid >> injection, of course this does not apply to LDAP/AD, though they are not >> SQL, but have not idea on what could be done with authentication and >> queries on LDAP. >> >> Alessandro >> >> Weir, Jason ha scritto: >>> Aside from the password issue this presents sql injection problems, >>> all user entered data needs to be filtered in some way... >>> >>> Here is a more complete list >>> >>> $password = addslashes($password, '\;%_:$&?-+=*[]()¡"\"´`'); >>> >>> -Jason >>> >>> -----Original Message----- >>> From: Alessandro Briosi [mailto:ts...@br...] >>> Sent: Tuesday, August 18, 2009 5:30 PM >>> To: OpenUpload Delvel and General talk >>> Subject: Re: [openupload-devel] Escaping special password characters >>> >>> >>> I think I should find a more general version, 'cause maybe we miss >>> some... >>> >>> Thanks, >>> Alessandro >>> >>> Weir, Jason ha scritto: >>>> I added the following line to ldap.inc.php right after line 42 in >>>> the authenticate function >>>> >>>> $password = addslashes($password, '!\',+"\\<>;*'); >>>> >>>> It fixed my problem - hope it helps someone else. >>>> >>>> -Jason >>> _____________________________________________________________________ >>> _ >>> _______________________ >>> >>> Please visit www.nhrs.org to subscribe to NHRS email announcements >>> and >>> updates. >>> ------------------------------------------------------------------------------ >>> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day >>> trial. Simplify your report design, integration and deployment - and focus on >>> what you do best, core application coding. Discover what's new with >>> Crystal Reports now. http://p.sf.net/sfu/bobj-july >>> _______________________________________________ >>> Openupload-devel mailing list >>> Ope...@li... >>> https://lists.sourceforge.net/lists/listinfo/openupload-devel >> ---------------------------------------------------------------------- >> -------- >> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day >> trial. Simplify your report design, integration and deployment - and focus on >> what you do best, core application coding. Discover what's new with >> Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ >> Openupload-devel mailing list Ope...@li... >> https://lists.sourceforge.net/lists/listinfo/openupload-devel >> >> >> ______________________________________________________________________ >> _______________________ >> >> Please visit www.nhrs.org to subscribe to NHRS email announcements and >> updates. >> >> >> ______________________________________________________________________ >> _______________________ >> >> Please visit www.nhrs.org to subscribe to NHRS email announcements and >> updates. >> ------------------------------------------------------------------------------ >> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day >> trial. Simplify your report design, integration and deployment - and focus on >> what you do best, core application coding. Discover what's new with >> Crystal Reports now. http://p.sf.net/sfu/bobj-july >> _______________________________________________ >> Openupload-devel mailing list >> Ope...@li... >> https://lists.sourceforge.net/lists/listinfo/openupload-devel > > ------------------------------------------------------------------------------ > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day > trial. Simplify your report design, integration and deployment - and focus on > what you do best, core application coding. Discover what's new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ > Openupload-devel mailing list Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openupload-devel > > > _____________________________________________________________________________________________ > > Please visit www.nhrs.org to subscribe to NHRS email announcements and updates. > > > _____________________________________________________________________________________________ > > Please visit www.nhrs.org to subscribe to NHRS email announcements and updates. > ------------------------------------------------------------------------------ > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day > trial. Simplify your report design, integration and deployment - and focus on > what you do best, core application coding. Discover what's new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july > _______________________________________________ > Openupload-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openupload-devel |
