Mahara

Personal details from LDAP should be sanitized

Bug #888840 reported by François Marier
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
Fix Released
Medium
François Marier
Mahara 1.5.0

Bug Description

We should sanitize/validate firstname, lastname and email coming from LDAP as if they were coming from a manual account creation (admin area).

Tags: security ldap
Revision history for this message
François Marier (fmarier) wrote :

https://reviews.mahara.org/#change,842

Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/842
Committed: http://gitorious.org/mahara/mahara/commit/46189cc1f8665017f112ce6de3b99f5a70a4b19a
Submitter: Francois Marier (<email address hidden>)
Branch: master

commit 46189cc1f8665017f112ce6de3b99f5a70a4b19a
Author: Richard Mansfield <email address hidden>
Date: Fri Nov 11 14:14:42 2011 +1300

    Sanitize personal details coming from LDAP server (bug #888840)

    Change-Id: I4738d80982c7c0679e165c8ae930c7783ea218a3
    Signed-off-by: Richard Mansfield <email address hidden>

François Marier (fmarier)
Changed in mahara:
status: In Progress → Fix Committed
Revision history for this message
Mahara Bot (dev-mahara) wrote :

Reviewed: https://reviews.mahara.org/977
Committed: http://gitorious.org/mahara/mahara/commit/e4d9c24f9ea135cdb165c039b66bb98a7db7648f
Submitter: Francois Marier (<email address hidden>)
Branch: master

commit e4d9c24f9ea135cdb165c039b66bb98a7db7648f
Author: Richard Mansfield <email address hidden>
Date: Mon Jan 9 13:46:36 2012 +1300

    Fix warning when trying to sanitise missing ldap fields (bug #888840)

    During "update user info on login", we were attempting to sanitise all
    ldap attributes in the config, even when they are not set (commit
    46189cc1f8). This generates php warnings, which have become more
    obvious now that Display Name and Student ID have been added to the
    list of attributes (see commit 35d2f822da).

    Change-Id: I015855b956f0fcfa71db087ad1dfebffffd09396
    Signed-off-by: Richard Mansfield <email address hidden>

Melissa Draper (melissa)
Changed in mahara:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.