Quote in password causes problems in LDAP module

[GoogleCodeExporter]

Hey.

I've been fiddling with different login modules in SimpleSamlPhp and I
came across a weird bug when testing the LDAP module. It seems that
having a single or double quote in one's password will make
SimpleSamlPhp escape the quote with a backslash. I haven't dug around
much in the code other than printing the actual value of $password in
modules/ldap/lib/ConfigHelper.php to visibly check if this was the
case.

On this topic: What is the purpose of all the LDAP code in
www/auth/login.php when the login() function for the LDAP module is in
modules/ldap/lib/ConfigHelper.php? (And why is login() in
ConfigHelper.php?) LDAPMulti.php refers to www/auth/login.php as being
based on the code but does not seem to actually use it.

Mathias Meisfjordskar

Original issue reported on code.google.com by andreass...@gmail.com on 19 Jun 2009 at 5:54

[GoogleCodeExporter]

Original comment by andreass...@gmail.com on 19 Jun 2009 at 5:54

• Added labels: Priority-High

[GoogleCodeExporter]

I have been looking at this bug, but is unable to reproduce it. Have
tested with a password containing both single and double quotes, and
I am able to authenicate. When printing the password using error_log()
in the bind-function, I don't see any extra backslashes except for
those that are added by the error_log() function.

One possible source for the extra escaping is PHP's magic_quotes, but
www/_include.php contains code to remove those if they are enabled, so
I don't see how they can be present. I tested with magic_quotes
enabled, and the extra escaping was removed.

I am closing this bug for now, but will reopen it if you can provide me
with more information about what causes this bug.

Original comment by olavmrk@gmail.com on 2 Jul 2009 at 8:37

• Changed state: Invalid