Commit 46189cc1 authored by Richard Mansfield's avatar Richard Mansfield
Browse files

Sanitize personal details coming from LDAP server (bug #888840)



Change-Id: I4738d80982c7c0679e165c8ae930c7783ea218a3
Signed-off-by: default avatarRichard Mansfield <richard.mansfield@catalyst.net.nz>
parent 22386183
......@@ -132,9 +132,11 @@ class AuthLdap extends Auth {
// Match database and ldap entries and update in database if required
$fieldstoimport = array('firstname', 'lastname', 'email');
foreach ($fieldstoimport as $field) {
$sanitizer = "sanitize_$field";
$ldapdetails[$field] = $sanitizer($ldapdetails[$field]);
if (!empty($ldapdetails[$field]) && ($user->$field != $ldapdetails[$field])) {
$user->$field = $ldapdetails[$field];
set_profile_field($user->id, $field, $user->$field);
set_profile_field($user->id, $field, $ldapdetails[$field]);
}
}
}
......
......@@ -1225,13 +1225,13 @@ function login_submit(Pieform $form, $values) {
// We have the data - create the user
$USER->lastlogin = db_format_timestamp(time());
if (isset($userdata->firstname)) {
$USER->firstname = $userdata->firstname;
$USER->firstname = sanitize_firstname($userdata->firstname);
}
if (isset($userdata->lastname)) {
$USER->lastname = $userdata->lastname;
$USER->lastname = sanitize_firstname($userdata->lastname);
}
if (isset($userdata->email)) {
$USER->email = $userdata->email;
$USER->email = sanitize_email($userdata->email);
}
else {
// The user will be asked to populate this when they log in.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment