diff options
| author | Joas Schilling <nickvergessen@gmx.de> | 2015-06-04 14:29:03 +0200 |
|---|---|---|
| committer | Joas Schilling <nickvergessen@gmx.de> | 2015-06-04 14:29:03 +0200 |
| commit | 78b0c938a25316be1228c3e8117ef7dd859821d7 (patch) | |
| tree | 09185fe335c921df042a1864e49d6e157d5e6c89 /phpBB/includes/acp/acp_board.php | |
| parent | 9c84b3b5fb488aa2a04f521e4fc070531e0fa02b (diff) | |
| download | forums-78b0c938a25316be1228c3e8117ef7dd859821d7.tar forums-78b0c938a25316be1228c3e8117ef7dd859821d7.tar.gz forums-78b0c938a25316be1228c3e8117ef7dd859821d7.tar.bz2 forums-78b0c938a25316be1228c3e8117ef7dd859821d7.tar.xz forums-78b0c938a25316be1228c3e8117ef7dd859821d7.zip | |
[ticket/sec-184] Do not output LDAP password to HTML
SECURITY-184
Diffstat (limited to 'phpBB/includes/acp/acp_board.php')
| -rw-r--r-- | phpBB/includes/acp/acp_board.php | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index 5247bb213d..4a1c74fd77 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -567,6 +567,7 @@ class acp_board $old_auth_config = array(); foreach ($auth_providers as $provider) { + /** @var \phpbb\auth\provider\provider_interface $provider */ if ($fields = $provider->acp()) { // Check if we need to create config fields for this plugin and save config when submit was pressed @@ -582,6 +583,14 @@ class acp_board continue; } + if (substr($field, -9) === '_password' && $cfg_array[$field] === '********') + { + // Do not update password fields if the content is ********, + // because that is the password replacement we use to not + // send the password to the output + continue; + } + $old_auth_config[$field] = $this->new_config[$field]; $config_value = $cfg_array[$field]; $this->new_config[$field] = $config_value; |