--- a/web/lib/Zend/Ldap.php Thu May 07 15:10:09 2015 +0200
+++ b/web/lib/Zend/Ldap.php Thu May 07 15:16:02 2015 +0200
@@ -15,15 +15,15 @@
*
* @category Zend
* @package Zend_Ldap
- * @copyright Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com)
+ * @copyright Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com)
* @license http://framework.zend.com/license/new-bsd New BSD License
- * @version $Id: Ldap.php 24593 2012-01-05 20:35:02Z matthew $
+ * @version $Id$
*/
/**
* @category Zend
* @package Zend_Ldap
- * @copyright Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com)
+ * @copyright Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com)
* @license http://framework.zend.com/license/new-bsd New BSD License
*/
class Zend_Ldap
@@ -814,6 +814,10 @@
{
$moreCreds = true;
+ // Security check: remove null bytes in password
+ // @see https://net.educause.edu/ir/library/pdf/csd4875.pdf
+ $password = str_replace("\0", '', $password);
+
if ($username === null) {
$username = $this->_getUsername();
$password = $this->_getPassword();
@@ -1202,7 +1206,7 @@
*
* @param string|Zend_Ldap_Dn $dn
* @param array $entry
- * @return Zend_Ldap Provides a fluid interface
+ * @return Zend_Ldap Provides a fluent interface
* @throws Zend_Ldap_Exception
*/
public function add($dn, array $entry)
@@ -1250,7 +1254,7 @@
*
* @param string|Zend_Ldap_Dn $dn
* @param array $entry
- * @return Zend_Ldap Provides a fluid interface
+ * @return Zend_Ldap Provides a fluent interface
* @throws Zend_Ldap_Exception
*/
public function update($dn, array $entry)
@@ -1297,7 +1301,7 @@
*
* @param string|Zend_Ldap_Dn $dn
* @param array $entry
- * @return Zend_Ldap Provides a fluid interface
+ * @return Zend_Ldap Provides a fluent interface
* @throws Zend_Ldap_Exception
*/
public function save($dn, array $entry)
@@ -1315,7 +1319,7 @@
*
* @param string|Zend_Ldap_Dn $dn
* @param boolean $recursively
- * @return Zend_Ldap Provides a fluid interface
+ * @return Zend_Ldap Provides a fluent interface
* @throws Zend_Ldap_Exception
*/
public function delete($dn, $recursively = false)
@@ -1382,7 +1386,7 @@
* @param string|Zend_Ldap_Dn $to
* @param boolean $recursively
* @param boolean $alwaysEmulate
- * @return Zend_Ldap Provides a fluid interface
+ * @return Zend_Ldap Provides a fluent interface
* @throws Zend_Ldap_Exception
*/
public function moveToSubtree($from, $to, $recursively = false, $alwaysEmulate = false)
@@ -1413,7 +1417,7 @@
* @param string|Zend_Ldap_Dn $to
* @param boolean $recursively
* @param boolean $alwaysEmulate
- * @return Zend_Ldap Provides a fluid interface
+ * @return Zend_Ldap Provides a fluent interface
* @throws Zend_Ldap_Exception
*/
public function move($from, $to, $recursively = false, $alwaysEmulate = false)
@@ -1430,7 +1434,7 @@
* @param string|Zend_Ldap_Dn $to
* @param boolean $recursively
* @param boolean $alwaysEmulate
- * @return Zend_Ldap Provides a fluid interface
+ * @return Zend_Ldap Provides a fluent interface
* @throws Zend_Ldap_Exception
*/
public function rename($from, $to, $recursively = false, $alwaysEmulate = false)
@@ -1475,7 +1479,7 @@
* @param string|Zend_Ldap_Dn $from
* @param string|Zend_Ldap_Dn $to
* @param boolean $recursively
- * @return Zend_Ldap Provides a fluid interface
+ * @return Zend_Ldap Provides a fluent interface
* @throws Zend_Ldap_Exception
*/
public function copyToSubtree($from, $to, $recursively = false)
@@ -1503,7 +1507,7 @@
* @param string|Zend_Ldap_Dn $from
* @param string|Zend_Ldap_Dn $to
* @param boolean $recursively
- * @return Zend_Ldap Provides a fluid interface
+ * @return Zend_Ldap Provides a fluent interface
* @throws Zend_Ldap_Exception
*/
public function copy($from, $to, $recursively = false)