LEMONLDAP::NG : security bug in Portal/Simple.pm
This commit is contained in:
parent
2df9aed0f9
commit
d739803b92
|
@ -1,8 +1,9 @@
|
|||
lemonldap-ng (0.8.3) unstable; urgency=low
|
||||
lemonldap-ng (0.8.3) unstable; urgency=high
|
||||
|
||||
* Syntax errors in configuration are now displayed
|
||||
* Security fix: authentication could be replayed with another uid
|
||||
|
||||
-- Xavier Guimard <x.guimard@free.fr> Sat, 23 Jun 2007 21:57:02 +0200
|
||||
-- Xavier Guimard <x.guimard@free.fr> Tue, 03 Jul 2007 20:49:43 +0200
|
||||
|
||||
lemonldap-ng (0.8.2.4) unstable; urgency=low
|
||||
|
||||
|
|
|
@ -1,5 +1,7 @@
|
|||
Revision history for Perl extension Lemonldap::NG::Portal.
|
||||
|
||||
0.75 Tue Jul 3 20:42:09 2007
|
||||
- Security fix: authentication could be replayed with another uid
|
||||
0.741 Tue Jul 3 7:21:16 2007
|
||||
- Little bug in redirect sub
|
||||
|
||||
|
|
|
@ -2,7 +2,7 @@ package Lemonldap::NG::Portal;
|
|||
|
||||
print STDERR
|
||||
"See Lemonldap::NG::Portal(3) to know which Lemonldap::NG::Portal::* module to use.";
|
||||
our $VERSION = "0.74";
|
||||
our $VERSION = "0.75";
|
||||
|
||||
1;
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ use CGI::Cookie;
|
|||
require POSIX;
|
||||
use Lemonldap::NG::Portal::_i18n;
|
||||
|
||||
our $VERSION = '0.741';
|
||||
our $VERSION = '0.75';
|
||||
|
||||
our @ISA = qw(CGI Exporter);
|
||||
|
||||
|
@ -131,8 +131,8 @@ sub header {
|
|||
# CGI.pm overload to add Lemonldap::NG cookie
|
||||
sub redirect {
|
||||
my $self = shift;
|
||||
if ( $self->{cookie} ) {
|
||||
$self->SUPER::redirect( @_, -cookie => $self->{cookie} );
|
||||
if ( $_[0]->{cookie} ) {
|
||||
$self->SUPER::redirect( @_, -cookie => $_[0]->{cookie} );
|
||||
}
|
||||
else {
|
||||
$self->SUPER::redirect(@_);
|
||||
|
@ -350,7 +350,6 @@ sub unbind {
|
|||
# 12. Default authentication: LDAP bind with user credentials
|
||||
sub authenticate {
|
||||
my $self = shift;
|
||||
return PE_OK if ( $self->{id} );
|
||||
$self->unbind();
|
||||
my $err;
|
||||
return $err unless ( ( $err = $self->connectLDAP ) == PE_OK );
|
||||
|
|
Loading…
Reference in New Issue