6.0.0-beta1
▾
Tasks
New Task
Search
Photos
Wiki
▾
Tickets
New Ticket
Search
dev.horde.org
Toggle Alerts Log
Help
11/8/25
H
istory
A
ttachments
C
omment
W
atch
Download
Comment on [#11791] Horde_Auth_Ldap::updateUser() calls Horde_Ldap::modify() with incorrect arguments
*
Your Email Address
*
Spam protection
Enter the letters below:
. .. .. . ..__ \ /|\ ||__| |[__) \/ | \|| |\__|| \
Comment
> I did some short tests and it works if $olddn is null. > > > I did not test the case $olddn != null, but reviewing the code it > behaves very different: > > * It calls $this->_ldap->move($olddn, $newdn) if ($oldID != $newID), but > - does no check if $newdn is actually a DN > - does not ensure that $oldID refers to the same user as $olddn > - does not ensure that $newID refers to the same user as $newdn > > * it uses complete $credentials for the new $entry but does not check > if only credentials are in it > > * it does not hash the password > > * it does not check shadowmin > > * it does not set shadowlastchange
Attachment
Watch this ticket
N
ew Ticket
M
y Tickets
S
earch
Q
uery Builder
R
eports
Saved Queries
Open Bugs
Bugs waiting for Feedback
Open Bugs in Releases
Open Enhancements
Enhancements waiting for Feedback
Bugs with Patches
Enhancements with Patches
Release Showstoppers
Stalled Tickets
New Tickets
Horde 5 Showstoppers