stable

Clone or download

Read-only

request #24168: Indirect LDAP injection via the ldap_id attribute of a user when checking if it exists

This is a follow up to git #tuleap/stable/bd47f29847fcd6a68d359bc8aefb8749bb8a1b7c the initial fix was incomplete. Issue was identified thanks to Psalm taint analysis. Change-Id: I695be7d006e0cabdb9d4804f62772b0d88f3ffc0

Modified Files

Name
M plugins/ldap/include/LDAP_ProjectGroupDao.class.php +3 −0 Go to diff View file
M plugins/ldap/include/LDAP_UserManager.class.php +1 −1 Go to diff View file
M src/common/DB/Compat/Legacy2018/CompatPDODataAccess.php +3 −0 Go to diff View file
M src/common/DB/Compat/Legacy2018/LegacyDataAccessInterface.php +2 −0 Go to diff View file