Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-8713

trimming login inputs isn't sensible

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • 3.0.5
    • 3.1.0-a1
    • Authentication
    • None
    • PHP Environment: PHP v5.2.8, Windows Server 2003 Standard

    Description

      I'm currently working on a custom auth plugin that combines NTLM and LDAP authentication in a custom package.

      Long story short, some of the passwords in Active Directory begin with a space. Somewhere in the phpBB control flow, the password input POST'ed by the user becomes trimmed (or otherwise "sanitized") such that the leading space is removed. Naturally, Active Directory knows the difference between a password beginning with a space and one without, resulting in the affected users being unable to login.

      Is there a reason the password input (and possibly others) are seemingly being trim()'d before being passed along to the respective auth_*.php plugin?

      If not, wouldn't a good workaround be to move the trim()'ing and/or other sanitization into the auth_db.php (the default auth 'plugin') file so that it can be easily modified/removed by custom auth plugins?

      Attachments

        Issue Links

          Activity

            People

              bantu Andreas Fischer
              dead.on# dead.on#
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: