deon/phpldapadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Decode plainpassword before check ()

Browse Source 
When the user's password contains HTML special chars
the password check would always fail if the
the given plainpassword is not decoded first.
This commit is contained in:
Armin Leuprecht 2020-08-30 13:57:40 +02:00 committed by GitHub
parent 34d4f20222
commit fb437b037e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 0 deletions

1
lib/functions.php

@ -2311,6 +2311,7 @@ function pla_password_hash($password_clear,$enc_type) {
* @return Boolean True if the clear password matches the hash, and false otherwise.
*/
function password_check($cryptedpassword,$plainpassword,$attribute='userpassword') {
$plainpassword = htmlspecialchars_decode($plainpassword);
if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
debug_log('Entered (%%)',1,0,__FILE__,__LINE__,__METHOD__,$fargs);