Issue Details (XML | Word | Printable)

Key: MDL-6704
Type: Bug Bug
Status: Resolved Resolved
Resolution: Fixed
Priority: Major Major
Assignee: Petr Skoda
Reporter: Janne Mikkonen
Votes: 0
Watchers: 2
Operations

Add/Edit UI Mockup to this issue
If you were logged in you would be able to see more operations.
Moodle

Missing encoding checks /auth/ldap/lib.php

Created: 27/Sep/06 08:07 AM   Updated: 01/Mar/07 07:13 PM
Return to search
Component/s: Authentication
Affects Version/s: 1.5.4, 1.6.2, 1.6.3, 1.7
Fix Version/s: 1.8, 1.9

File Attachments: 1. Text File diff.txt (2 kB)
Environment: MS-AD, PHP 5.1.2, MySQL 5.0.24 latin charset
Issue Links:
Dependency
 

Database: MySQL
Participants: Janne Mikkonen, Martin Dougiamas, Martín Langhoff, Petr Skoda and Yu Zhang
Security Level: None
Resolved date: 01/Mar/07
Affected Branches: MOODLE_15_STABLE, MOODLE_16_STABLE, MOODLE_17_STABLE
Fixed Branches: MOODLE_18_STABLE, MOODLE_19_STABLE


 Description  « Hide
When using latin charset database some functions in /auth/ldap/lib.php are missing proper
encoding checks and conversions if necessary. This will cause data loss when syncronizing database
with LDAP and it disables user accounts when username contains charachters like å, á, é etc...
Functions missing checks:
- auth_sync_users
- auth_get_userinfo_asobj
- auth_ldap_update_user_record

 All   Comments   Change History   Version Control      Sort Order: Ascending order - Click to sort in descending order
[ Permalink | « Hide ]
Martin Dougiamas added a comment - 02/Oct/06 03:15 PM
To do after backups

[ Permalink | « Hide ]
Yu Zhang added a comment - 10/Oct/06 12:45 PM
Hi,

Could you pleaes check these modifications are correct? (In the attached file). Sorry I don't know much about LDAP. I could not find where to place checks for auth_sync_users(), where should the checks be?

Yu


[ Permalink | « Hide ]
Petr Skoda added a comment - 10/Oct/06 03:36 PM
Please no more utf8_decode() it works only for iso-latin-1 only.

When I was hacking with MS LDAP, I noticed that depending on the version it was sending either utf-8 or default platform encoding (cp1250 in my case). I think that the encoding should be configurable, because we can not guess it in all cases.


[ Permalink | « Hide ]
Petr Skoda added a comment - 27/Oct/06 01:17 AM
To be fixed in 1.8

[ Permalink | « Hide ]
Martín Langhoff added a comment - 24/Jan/07 07:13 AM
Now that 1.8 is only UTF-8, the situation is that
  • The LDAP protocol uses UTF-8. Barring servers doing strange stuff, or PHP-LDAP messing the data up, Moodle should just use the string as returned. It will be valid UTF-8. I did quite a bit of digging around the protocol specs.
  • auth/db has 2 cases:
  • DB backend supports unicode (even if the database/tables are not in utf-8), we can just issue "use names UTF-8 " and stop worrying as this transfers the job of ensuring data we trade with the DB is treated as UTF-8.
  • DB backend does not support unicode. Add option to set what encoding should we assume the db is encoded in, and transcode accordingly.

[ Permalink | « Hide ]
Petr Skoda added a comment - 01/Mar/07 07:13 PM
encoding is now fully configurable, thanks for the report


Powered by a free Atlassian JIRA open source license for Moodle. Try JIRA - bug tracking software for your team.
Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.13.5-#360) - Bug/feature request - Atlassian news - Contact Administrators