#40 user input is not validated in LDAP auth plugin
Closed: Fixed None Opened 6 years ago by jdennis.

See ticket #39.

I had an error in the user dn template for the ldap info plugin. This resulted in cryptic error messages in the httpd error_log file.

User supplied values should be validated before they are accepted.


Fields changed

milestone: => 1.0

Some additional comments from Rob in duplicate ticket #60:

The current plugin configure() calls to enable the info/auth/provider/login plugins don't raise any fatal errors in case of problems. This is good because the installer won't catch them.

Any errors caught in the individual plugins should be raised and caught by the installer, suitable messages displayed and then install stopped and possible rolled-back.

patch_available: => 0

Fields changed

milestone: 1.0 m4 => Backlog

Fields changed

milestone: Backlog => 1.1

Fields changed

design_link: =>
owner: simo => rcritten
rhbz: =>
status: new => accepted

https://pagure.io/ipsilon/pull-request/20

patch_available: 0 => 1
summary: user input is not validated => user input is not validated in LDAP auth plugin

master: f1efb10

resolution: => fixed
status: accepted => closed

Metadata Update from @rcritten:
- Issue assigned to rcritten
- Issue set to the milestone: 1.1

4 years ago

Login to comment on this ticket.

Metadata