deon/phpldapadmin
1
0
Fork 0
Code Issues 36 Pull Requests Packages Projects Releases Wiki Activity

SF Bug #2981355 - rawurldecode killing complex passwords

Browse Source
This commit is contained in:
Deon George 2011-04-26 10:10:43 +10:00
parent cc860371d6
commit 2cf20fcf44
2 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
htdocs/login_form.php
View File

@ -56,6 +56,7 @@ if ($app['server']->getAuthType() == 'http') {
echo '<div>';
echo '<input type="hidden" name="cmd" value="login" />';
printf('<input type="hidden" name="server_id" value="%s" />',$app['server']->getIndex());
echo '<input type="hidden" name="nodecode[login_pass]" value="1" />';
if (get_request('redirect','GET',false,false))
printf('<input type="hidden" name="redirect" value="%s" />',rawurlencode(get_request('redirect','GET')));

8
lib/functions.php
View File

@ -648,20 +648,20 @@ function error($msg,$type='note',$redirect=null,$fatal=false,$backtrace=false) {
function get_request($attr,$type='POST',$die=false,$default=null) {
switch($type) {
case 'GET':
$value = isset($_GET[$attr]) ? (is_array($_GET[$attr]) ? $_GET[$attr] : trim(rawurldecode($_GET[$attr]))) : $default;
$value = isset($_GET[$attr]) ? (is_array($_GET[$attr]) ? $_GET[$attr] : (trim(empty($_GET['nodecode'][$attr]) ? rawurldecode($_GET[$attr]) : $_GET[$attr]))) : $default;
break;
case 'REQUEST':
$value = isset($_REQUEST[$attr]) ? (is_array($_REQUEST[$attr]) ? $_REQUEST[$attr] : trim(rawurldecode($_REQUEST[$attr]))) : $default;
$value = isset($_REQUEST[$attr]) ? (is_array($_REQUEST[$attr]) ? $_REQUEST[$attr] : trim(empty($_REQUEST['nodecode'][$attr]) ? rawurldecode($_REQUEST[$attr]) : $_REQUEST[$attr])) : $default;
break;
case 'SESSION':
$value = isset($_SESSION[$attr]) ? (is_array($_SESSION[$attr]) ? $_SESSION[$attr] : rawurldecode($_SESSION[$attr])) : $default;
$value = isset($_SESSION[$attr]) ? (is_array($_SESSION[$attr]) ? $_SESSION[$attr] : (empty($_SESSION['nodecode'][$attr]) ? rawurldecode($_SESSION[$attr]) : $_SESSION[$attr])) : $default;
break;
case 'POST':
default:
$value = isset($_POST[$attr]) ? (is_array($_POST[$attr]) ? $_POST[$attr] : trim(rawurldecode($_POST[$attr]))) : $default;
$value = isset($_POST[$attr]) ? (is_array($_POST[$attr]) ? $_POST[$attr] : trim(empty($_POST['nodecode'][$attr]) ? rawurldecode($_POST[$attr]) : $_POST[$attr])) : $default;
break;
}