LDAP password will not be accepted when using > or < in the password string
- Status
- Closed
- Subject
- LDAP password will not be accepted when using > or < in the password string
- Version
- 10.x
- Category
- Error
- Feature
- Permission
- Resolution status
- New
- Submitted by
- ukoegler
- Lastmod by
- Marc Laporte
- Rating
- Description
we are using ldap for login to tikiwiki. If the user has a > or < character in his password he is not able to login to tikiwiki. He will get the message "password is not correct".
I asume that this might be a code problem in php or html so that tikiwiki interprete these characters as code?The Problem will be found here:
-> /srv/www/htdocs/tikiwiki/tiki-setup_base.php
in the line:
614: $_POST = $inputFilter->filter($_POST);
...in which obviously all Request-Parameters will be somehow filtered inklusive Password
($_REQUEST'pass'). Before/After the Request-Hash looks as follows (Test-Passwort: Ordix<0590):<!-- array(5) { %22user%22=> string(2) "ca" %22pass%22=> string(10) "Ordix>0590" %22login%22=> string(6) "Log In" %22stay_in_ssl_mode_present%22=> string(1) "y" %22stay_in_ssl_mode%22=> string(1) "n" }
<!-- array(5) { %22user%22=> string(2) "ca" %22pass%22=> string(9) "Ordix0590" %22login%22=> string(6) "Log In" %22stay_in_ssl_mode_present%22=> string(1) "y" %22stay_in_ssl_mode%22=> string(1) "n" } the "inputFilter" will be declared here: 606:$inputFilter = DeclFilter::fromConfiguration($inputConfiguration, array('catchAllFilter')); it seems to be a Bug inTikiwiki. is there a solution?
-->- Solution
Merging with Issue
https://dev.tiki.org/item4599- Workaround
we have now removed the filter for the passwort.
affected file is wikix:/srv/www/htdocs/tikiwiki/tiki-login.php ( line 15)
9 $inputConfiguration = array(
10 array( 'staticKeyFilters' => array(
11 'user' => 'text',
12 'username' => 'text',
13 // upd by ts Fr 19. Jul 13:16:29 CEST 2013
14 // Entered password wir be no longer filtered
15 //'pass' => 'text',
16 ) )
17 );So then logging with special characters works (although you could now also integrate with any unsightly code)
Is there a possobility to check this filter for certain bugs?
- Importance
- 10 high
- Priority
- 50
- Demonstrate Bug (Tiki 19+)
-
This bug has been demonstrated on show2.tiki.org
Please demonstrate your bug on show2.tiki.org
Version: Create show2.tiki.org instanceAbout show2.tiki.orgTo help developers solve the bug, we kindly request that you demonstrate your bug on a show2.tiki.org instance. To start, simply select a version and click on "Create show2.tiki.org instance". Once the instance is ready (in a minute or two), as indicated in the status window below, you can then access that instance, login (the initial admin username/password is "admin") and configure the Tiki to demonstrate your bug. Priority will be given to bugs that have been demonstrated on show2.tiki.org.
- Ticket ID
- 4597
- Created
- Thursday 18 July, 2013 07:16:06 GMT-0000
by ukoegler - LastModif
- Wednesday 11 September, 2013 15:55:08 GMT-0000
Attachments
| filename | created | hits | comment | version | filetype | ||
|---|---|---|---|---|---|---|---|
| No attachments for this item | |||||||
;){kind=link}
;){kind=link}
- fresh opening of tiki home page tiki-index (I removed a warning) is it OK
- Tracker with field type "Numeric" won't
- tiki 25.1 Database 'xxxx'. Unable to connect to database (when 25.0 will connect)
- Kanban plugin; the Swimlane field throw an error if using a category field type
- Kanban plugin: Error if the fields Description and Swimlane are empty
;){kind=link}
;){kind=link}