Skip to content

Commit

Permalink
3.6.3-Release
Browse files Browse the repository at this point in the history
  • Loading branch information
ikkez committed Dec 31, 2017
1 parent cd5bd81 commit 1d1fe8f
Show file tree
Hide file tree
Showing 10 changed files with 212 additions and 106 deletions.
32 changes: 32 additions & 0 deletions lib/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,37 @@
CHANGELOG

3.6.3 (31 December 2017)
* PHP7 fix: remove deprecated (unset) cast
* Web->request: restricted follow_location to 3XX responses only
* CLI mode: refactored arguments parsing
* CLI mode: fixed query string encoding
* SMTP: Refactor parsing of attachments
* SMTP: clean-up mail headers for multipart messages, [#1065](https://github.com/bcosca/fatfree/issues/1065)
* config: fixed performance issues on parsing config files
* config: cast command parameters in config entries to php type & constant, [#1030](https://github.com/bcosca/fatfree/issues/1030)
* config: reduced registry calls
* config: skip hive escaping when resolving dynamic config vars, [#1030](https://github.com/bcosca/fatfree/issues/1030)
* Bug fix: Incorrect cookie lifetime computation, [#1070](https://github.com/bcosca/fatfree/issues/1070), [#1016](https://github.com/bcosca/fatfree/issues/1016)
* DB\SQL\Mapper: use RETURNING option instead of a sequence query to get lastInsertId in PostgreSQL, [#1069](https://github.com/bcosca/fatfree/issues/1069), [#230](https://github.com/bcosca/fatfree-core/issues/230)
* DB\SQL\Session: check if _agent is too long for SQL based sessions [#236](https://github.com/bcosca/fatfree-core/issues/236)
* DB\SQL\Session: fix Session handler table creation issue on SQL Server, [#899](https://github.com/bcosca/fatfree/issues/899)
* DB\SQL: fix oracle db issue with empty error variable, [#1072](https://github.com/bcosca/fatfree/issues/1072)
* DB\SQL\Mapper: fix sorting issues on SQL Server, [#1052](https://github.com/bcosca/fatfree/issues/1052) [#225](https://github.com/bcosca/fatfree-core/issues/225)
* Prevent directory traversal attacks on filesystem based cache [#1073](https://github.com/bcosca/fatfree/issues/1073)
* Bug fix, Template: PHP constants used in include with attribute, [#983](https://github.com/bcosca/fatfree/issues/983)
* Bug fix, Template: Numeric value in expression alters PHP_EOL context
* Template: use existing linefeed instead of PHP_EOL, [#1048](https://github.com/bcosca/fatfree/issues/1048)
* Template: make newline interpolation handling configurable [#223](https://github.com/bcosca/fatfree-core/issues/223)
* Template: add beforerender to Preview
* fix custom FORMATS without modifiers
* Cache: Refactor Cache->reset for XCache
* Cache: loosen reset cache key pattern, [#1041](https://github.com/bcosca/fatfree/issues/1041)
* XCache: suffix reset only works if xcache.admin.enable_auth is disabled
* Added HTTP 103 as recently approved by the IETF
* LDAP changes to for AD flexibility [#227](https://github.com/bcosca/fatfree-core/issues/227)
* Hide debug trace from ajax errors when DEBUG=0 [#1071](https://github.com/bcosca/fatfree/issues/1071)
* fix View->render using potentially wrong cache entry

3.6.2 (26 June 2017)
* Return a status code > 0 when dying on error [#220](https://github.com/bcosca/fatfree-core/issues/220)
* fix SMTP line width [#215](https://github.com/bcosca/fatfree-core/issues/215)
Expand Down
15 changes: 12 additions & 3 deletions lib/auth.php
Original file line number Diff line number Diff line change
Expand Up @@ -115,18 +115,27 @@ protected function _sql($id,$pw,$realm) {
* @param $pw string
**/
protected function _ldap($id,$pw) {
$dc=@ldap_connect($this->args['dc']);
$port=(int)($this->args['port']?:389);
$filter=$this->args['filter']=$this->args['filter']?:"uid=".$id;
$this->args['attr']=$this->args['attr']?:["uid"];
array_walk($this->args['attr'],
function($attr)use(&$filter,$id) {
$filter=str_ireplace($attr."=*",$attr."=".$id,$filter);});
$dc=@ldap_connect($this->args['dc'],$port);
if ($dc &&
ldap_set_option($dc,LDAP_OPT_PROTOCOL_VERSION,3) &&
ldap_set_option($dc,LDAP_OPT_REFERRALS,0) &&
ldap_bind($dc,$this->args['rdn'],$this->args['pw']) &&
($result=ldap_search($dc,$this->args['base_dn'],
$this->args['uid'].'='.$id)) &&
$filter,$this->args['attr'])) &&
ldap_count_entries($dc,$result) &&
($info=ldap_get_entries($dc,$result)) &&
$info['count']==1 &&
@ldap_bind($dc,$info[0]['dn'],$pw) &&
@ldap_close($dc)) {
return $info[0][$this->args['uid']][0]==$id;
return in_array($id,(array_map(function($value){return $value[0];},
array_intersect_key($info[0],
array_flip($this->args['attr'])))),TRUE);
}
user_error(self::E_LDAP,E_USER_ERROR);
}
Expand Down
Loading

0 comments on commit 1d1fe8f

Please sign in to comment.