[Fedora-directory-devel] Please review: Bug 472092 - (DSGW_passwd_corrupt) DSGW password corruption
Rich Megginson
rmeggins at redhat.com
Mon Dec 22 20:04:05 UTC 2008
https://bugzilla.redhat.com/show_bug.cgi?id=472092
Resolves: bug 472092
Bug Description: DSGW password corruption
Reviewed by: ???
Files: see diff
Branch: HEAD
Fix Description: 1) By default, all of the get/post parameters have the
html entities escaped, so we can be sure that they are displayed to the
user escaped, to avoid XSS issues. However, values sent to LDAP must be
unescaped. The doauth code is used to authenticate directory manager
and ordinary users, so we have to unescape the password explicitly
there. The domodify code is used when data is added or modified in the
directory server. It's easier to just fix all of the values before
sending to the directory server.
2) The entity code has been moved to adminutil, so use the adminutil
functions instead of the dsgw functions. This will require adminutil 1.1.8.
3) Clean up various compiler warnings.
Platforms tested: RHEL5
Flag Day: no
Doc impact: no
https://bugzilla.redhat.com/attachment.cgi?id=327686&action=diff
More information about the Fedora-directory-devel
mailing list