| Anonymous | Login | Signup for a new account | 2013-05-18 11:38 EDT |  |
| Main | My View | View Issues | Change Log | Roadmap | Wiki | ManTweet | Repositories |
| View Issue Details [ Jump to Notes ] [ Wiki ] | [ Issue History ] [ Print ] | ||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||
| 0010944 | mantisbt | ldap | public | 2009-09-15 08:31 | 2012-10-27 09:21 | ||||
| Reporter | dhx | ||||||||
| Assigned To | dregad | ||||||||
| Priority | normal | Severity | minor | Reproducibility | N/A | ||||
| Status | closed | Resolution | duplicate | ||||||
| Platform | OS | OS Version | |||||||
| Product Version | |||||||||
| Target Version | Fixed in Version | ||||||||
| Summary | 0010944: ldap_get_field_from_username does not properly check return value from ldap_get_entries | ||||||||
| Description | Important lines from ldap_get_field_from_username: $t_info = ldap_get_entries( $t_ds, $t_sr ); ... if ( count( $t_info ) == 0 ) { ... $t_value = $t_info[0][$p_field][0]; A few things. count( $t_info ) == 0... is this ever true? The PHP documentation of the ldap_get_entries function seems to indicate that the 'count' key is always returned in the array. In other words, $t_info['count'] is always defined in the result and therefore count($t_info) is always at least 1? We then don't check if $p_field is a valid attribute in the result and even if it is, it seems that multiple (or no values) may be returned for each attribute? Kirill reported on IRC an error within this function: Undefined offset: 0 core/ldap_api.php Line: 229 core/ldap_api.php 117 - - ldap_get_field_from_username ( <string>'administrator', <string>'mail' ) Which seems to agree with our lack of checking that attributes/values do actually exist within the returned results? | ||||||||
| Tags | No tags attached. | ||||||||
| Attached Files | |||||||||
 Relationships |
||||||||||||||||
|
||||||||||||||||
 Relationships |
|
Notes |
|
 (0023196)vboctor (administrator) 2009-10-15 03:46 |
The following forum post may have a repro of the wrong error handling. It seems that system warnings show up when an invalid user is queried. http://www.mantisbt.org/forums/viewtopic.php?f=3&t=8282 [^] |
 (0023733)tk (reporter) 2009-11-17 01:40 |
I think this is the same problem I posted in 0010230 and analysed in 0010230:0021146 . Essentially, you need to check for the number of rows in the resulting array since ldap_get_entries returns true even if no results are found. I.e., given $t_info = ldap_get_entries( $t_ds, $t_sr ); you need to test like if($t_info["count"]==0) return false; Regarding the email entry I proposed in 0010230:0021171 :
$t_info = ldap_get_entries( $t_ds, $t_sr );
if( ( $t_info ) && ( $t_info['count'] > 0) && ( array_key_exists( 'mail',
$t_info[0] ) ) ) {
$t_ldap_mail = $t_info[0]['mail'][0];
}
|
 (0028701)dregad (developer) 2011-04-27 04:41 |
I think this is related to, and possibly duplicate of 0012960 |
|
(0029022) dregad (developer) 2011-06-16 10:07 |
Since 0012960 was resolved, I think this one should be as well. |
 (0029023)rombert (developer) 2011-06-16 10:24 |
I'm going to leave this to @dhx as the reporter of this issue. |
|
(0029578) dregad (developer) 2011-08-28 19:23 |
@dhx, can you please confirm this is indeed resolved by 0012960 as I think it is ? |
|
(0033053) dregad (developer) 2012-10-06 05:27 |
dhx since you have not provided any feedback on this, I assume you agree with my assessment that it's a duplicate of 0012960. |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2009-09-15 08:31 | dhx | New Issue | |
| 2009-09-15 08:32 | dhx | Relationship added | has duplicate 0010943 |
| 2009-10-06 16:49 | jreese | Target Version | 1.2.0 RC2 => 1.2.2 |
| 2009-10-07 04:01 | vboctor | Status | new => acknowledged |
| 2009-10-15 03:46 | vboctor | Note Added: 0023196 | |
| 2009-11-17 01:40 | tk | Note Added: 0023733 | |
| 2010-01-02 01:28 | vboctor | Target Version | 1.2.2 => 1.3.x |
| 2011-04-27 04:41 | dregad | Note Added: 0028701 | |
| 2011-04-27 06:33 | atrol | Relationship added | related to 0012960 |
| 2011-04-27 06:33 | atrol | Relationship added | related to 0010230 |
| 2011-05-26 03:45 | rombert | Description Updated | View Revisions |
| 2011-06-16 10:07 | dregad | Note Added: 0029022 | |
| 2011-06-16 10:24 | rombert | Note Added: 0029023 | |
| 2011-08-28 19:23 | dregad | Note Added: 0029578 | |
| 2011-08-28 19:23 | dregad | Status | acknowledged => feedback |
| 2011-08-28 19:23 | dregad | Description Updated | View Revisions |
| 2012-10-06 05:27 | dregad | Note Added: 0033053 | |
| 2012-10-06 05:27 | dregad | Relationship replaced | duplicate of 0012960 |
| 2012-10-06 05:27 | dregad | Status | feedback => resolved |
| 2012-10-06 05:27 | dregad | Resolution | open => duplicate |
| 2012-10-06 05:27 | dregad | Assigned To | => dregad |
| 2012-10-06 05:27 | dregad | Target Version | 1.3.x => |
| 2012-10-27 09:21 | atrol | Status | resolved => closed |
|
Issue History |
| MantisBT 1.2.16dev master-1.2.x-8c2bd07 [^]
Copyright © 2000 - 2013 MantisBT Team
Time: 0.0846 seconds. memory usage: 2,840 KB |
|