diff options
Diffstat (limited to 'phpBB/includes/auth')
| -rw-r--r-- | phpBB/includes/auth/auth_apache.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/auth/auth_db.php | 22 | ||||
| -rw-r--r-- | phpBB/includes/auth/auth_ldap.php | 2 |
3 files changed, 16 insertions, 10 deletions
diff --git a/phpBB/includes/auth/auth_apache.php b/phpBB/includes/auth/auth_apache.php index 391e7abb0e..a148403c6f 100644 --- a/phpBB/includes/auth/auth_apache.php +++ b/phpBB/includes/auth/auth_apache.php @@ -245,5 +245,3 @@ function validate_session_apache(&$user) return false; } - -?>
\ No newline at end of file diff --git a/phpBB/includes/auth/auth_db.php b/phpBB/includes/auth/auth_db.php index e04a6307e9..6304d6e49a 100644 --- a/phpBB/includes/auth/auth_db.php +++ b/phpBB/includes/auth/auth_db.php @@ -27,6 +27,7 @@ if (!defined('IN_PHPBB')) function login_db(&$username, &$password) { global $db, $config; + global $request; // do not allow empty password if (!$password) @@ -69,7 +70,7 @@ function login_db(&$username, &$password) if ($show_captcha) { // Visual Confirmation handling - if (!class_exists('phpbb_captcha_factory')) + if (!class_exists('phpbb_captcha_factory', false)) { global $phpbb_root_path, $phpEx; include ($phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx); @@ -90,18 +91,29 @@ function login_db(&$username, &$password) { $captcha->reset(); } - + } // If the password convert flag is set we need to convert it if ($row['user_pass_convert']) { + // enable super globals to get literal value + // this is needed to prevent unicode normalization + $super_globals_disabled = $request->super_globals_disabled(); + if ($super_globals_disabled) + { + $request->enable_super_globals(); + } + // in phpBB2 passwords were used exactly as they were sent, with addslashes applied $password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : ''; $password_old_format = (!STRIP) ? addslashes($password_old_format) : $password_old_format; - $password_new_format = ''; + $password_new_format = $request->variable('password', '', true); - set_var($password_new_format, stripslashes($password_old_format), 'string'); + if ($super_globals_disabled) + { + $request->disable_super_globals(); + } if ($password == $password_new_format) { @@ -206,5 +218,3 @@ function login_db(&$username, &$password) 'user_row' => $row, ); } - -?>
\ No newline at end of file diff --git a/phpBB/includes/auth/auth_ldap.php b/phpBB/includes/auth/auth_ldap.php index e8c957aaa3..4f311797b2 100644 --- a/phpBB/includes/auth/auth_ldap.php +++ b/phpBB/includes/auth/auth_ldap.php @@ -345,5 +345,3 @@ function acp_ldap(&$new) 'config' => array('ldap_server', 'ldap_port', 'ldap_base_dn', 'ldap_uid', 'ldap_user_filter', 'ldap_email', 'ldap_user', 'ldap_password') ); } - -?>
\ No newline at end of file |