search

leenooks / phpLDAPadmin

phpLDAPadmin - Web based LDAP administration tool
www.phpldapadmin.org
GNU General Public License v2.0
539 stars 171 forks source link

Check hex format before parsing #144

Closed evan361425 closed 1 year ago

evan361425 commented 2 years ago

What happen

At https://github.com/leenooks/phpLDAPadmin/blob/fc7ab06358f4a849a9051561699fce002ca4f643/lib/ds_ldap.php#L1149

is trying to parse hex value. But if the string is not available string, it will show warning:

PHP Deprecated:  Invalid characters passed for attempted conversion, these have been ignored in ...

Replay the error

<?php
$rdn='OU=\E4\BFD';
preg_replace_callback('/\\\([0-9A-Fa-f]{2})/', function($m) { return chr(hexdec('${m[1]}')); }, $rdn);

How to solve

You can check it first to avoid this problem:

<?php

foreach ($dn as $key => $rdn) {
    if (ctype_xdigit($rdn)) {
        $a[$key] = preg_replace_callback('/\\\([0-9A-Fa-f]{2})/', function($m) { return chr(hexdec('${m[1]}')); }, $rdn);
    }
}

relate issue: https://github.com/dompdf/dompdf/issues/2003

leenooks commented 1 year ago

Closing this as I'm unable to re-produce this. The regex is pulling 2 chars that are 0-9a-f, which are by definition valid hex and thus valid for chr().