From ea3fe45ce50d09ae151dfff90627992e0e2b6d43 Mon Sep 17 00:00:00 2001 From: Denis Flaven Date: Thu, 14 Jun 2012 16:23:42 +0000 Subject: [PATCH] Fix for Trac #559: ldap user can login with blank password SVN:1.2.1[2108] --- modules/authent-ldap/model.authent-ldap.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/authent-ldap/model.authent-ldap.php b/modules/authent-ldap/model.authent-ldap.php index b63064d75..0b81fb39d 100644 --- a/modules/authent-ldap/model.authent-ldap.php +++ b/modules/authent-ldap/model.authent-ldap.php @@ -120,7 +120,7 @@ class UserLDAP extends UserInternal $aEntry = ldap_get_entries($hDS, $hSearchResult); $sUserDN = $aEntry[0]['dn']; $bUserBind = @ldap_bind($hDS, $sUserDN, $sPassword); - if ($bUserBind !== false) + if (($bUserBind !== false) && !empty($sPassword)) { ldap_unbind($hDS); return true; // Password Ok