diff -r 5a6b6e770365 -r 68c69c656a2c web/lib/Zend/Ldap.php --- a/web/lib/Zend/Ldap.php Thu May 07 15:10:09 2015 +0200 +++ b/web/lib/Zend/Ldap.php Thu May 07 15:16:02 2015 +0200 @@ -15,15 +15,15 @@ * * @category Zend * @package Zend_Ldap - * @copyright Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com) + * @copyright Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com) * @license http://framework.zend.com/license/new-bsd New BSD License - * @version $Id: Ldap.php 24593 2012-01-05 20:35:02Z matthew $ + * @version $Id$ */ /** * @category Zend * @package Zend_Ldap - * @copyright Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com) + * @copyright Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com) * @license http://framework.zend.com/license/new-bsd New BSD License */ class Zend_Ldap @@ -814,6 +814,10 @@ { $moreCreds = true; + // Security check: remove null bytes in password + // @see https://net.educause.edu/ir/library/pdf/csd4875.pdf + $password = str_replace("\0", '', $password); + if ($username === null) { $username = $this->_getUsername(); $password = $this->_getPassword(); @@ -1202,7 +1206,7 @@ * * @param string|Zend_Ldap_Dn $dn * @param array $entry - * @return Zend_Ldap Provides a fluid interface + * @return Zend_Ldap Provides a fluent interface * @throws Zend_Ldap_Exception */ public function add($dn, array $entry) @@ -1250,7 +1254,7 @@ * * @param string|Zend_Ldap_Dn $dn * @param array $entry - * @return Zend_Ldap Provides a fluid interface + * @return Zend_Ldap Provides a fluent interface * @throws Zend_Ldap_Exception */ public function update($dn, array $entry) @@ -1297,7 +1301,7 @@ * * @param string|Zend_Ldap_Dn $dn * @param array $entry - * @return Zend_Ldap Provides a fluid interface + * @return Zend_Ldap Provides a fluent interface * @throws Zend_Ldap_Exception */ public function save($dn, array $entry) @@ -1315,7 +1319,7 @@ * * @param string|Zend_Ldap_Dn $dn * @param boolean $recursively - * @return Zend_Ldap Provides a fluid interface + * @return Zend_Ldap Provides a fluent interface * @throws Zend_Ldap_Exception */ public function delete($dn, $recursively = false) @@ -1382,7 +1386,7 @@ * @param string|Zend_Ldap_Dn $to * @param boolean $recursively * @param boolean $alwaysEmulate - * @return Zend_Ldap Provides a fluid interface + * @return Zend_Ldap Provides a fluent interface * @throws Zend_Ldap_Exception */ public function moveToSubtree($from, $to, $recursively = false, $alwaysEmulate = false) @@ -1413,7 +1417,7 @@ * @param string|Zend_Ldap_Dn $to * @param boolean $recursively * @param boolean $alwaysEmulate - * @return Zend_Ldap Provides a fluid interface + * @return Zend_Ldap Provides a fluent interface * @throws Zend_Ldap_Exception */ public function move($from, $to, $recursively = false, $alwaysEmulate = false) @@ -1430,7 +1434,7 @@ * @param string|Zend_Ldap_Dn $to * @param boolean $recursively * @param boolean $alwaysEmulate - * @return Zend_Ldap Provides a fluid interface + * @return Zend_Ldap Provides a fluent interface * @throws Zend_Ldap_Exception */ public function rename($from, $to, $recursively = false, $alwaysEmulate = false) @@ -1475,7 +1479,7 @@ * @param string|Zend_Ldap_Dn $from * @param string|Zend_Ldap_Dn $to * @param boolean $recursively - * @return Zend_Ldap Provides a fluid interface + * @return Zend_Ldap Provides a fluent interface * @throws Zend_Ldap_Exception */ public function copyToSubtree($from, $to, $recursively = false) @@ -1503,7 +1507,7 @@ * @param string|Zend_Ldap_Dn $from * @param string|Zend_Ldap_Dn $to * @param boolean $recursively - * @return Zend_Ldap Provides a fluid interface + * @return Zend_Ldap Provides a fluent interface * @throws Zend_Ldap_Exception */ public function copy($from, $to, $recursively = false)