Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
3.0.5
-
None
-
PHP Environment: PHP v5.2.8, Windows Server 2003 Standard
Description
I'm currently working on a custom auth plugin that combines NTLM and LDAP authentication in a custom package.
Long story short, some of the passwords in Active Directory begin with a space. Somewhere in the phpBB control flow, the password input POST'ed by the user becomes trimmed (or otherwise "sanitized") such that the leading space is removed. Naturally, Active Directory knows the difference between a password beginning with a space and one without, resulting in the affected users being unable to login.
Is there a reason the password input (and possibly others) are seemingly being trim()'d before being passed along to the respective auth_*.php plugin?
If not, wouldn't a good workaround be to move the trim()'ing and/or other sanitization into the auth_db.php (the default auth 'plugin') file so that it can be easily modified/removed by custom auth plugins?
Attachments
Issue Links
- depends on
-
PHPBB3-9716 Handle user input through a request class providing a more complete mechanism than request_var
-
- Unverified Fix
-