fixed a security vulnerability
parent
33bf9f7e1e
commit
a5ca0f9e67
|
@ -1,3 +1,4 @@
|
|||
STRIP_RE = r'[()"\'&|<>=~!]+'
|
||||
LDAP_URL = 'ldap://ldap.hackerspace.pl'
|
||||
DN_STRING = 'uid=%s,ou=People,dc=hackerspace,dc=pl'
|
||||
FAIL_DELAY = 0.5
|
||||
|
|
3
auth.py
3
auth.py
|
@ -32,8 +32,9 @@ def irc_nick():
|
|||
conn.start_tls_s()
|
||||
login,code = '', 401
|
||||
try:
|
||||
nick = re.sub(app.config['STRIP_RE'], '', request.form['nick'])
|
||||
res = conn.search_s(app.config['IRC_BASEDN'], ldap.SCOPE_SUBTREE,
|
||||
app.config['IRC_LDAP_FILTER'] % request.form['nick'])
|
||||
app.config['IRC_LDAP_FILTER'] % nick)
|
||||
if len(res) == 1:
|
||||
login = res[0][1]['uid'][0]
|
||||
code = 200
|
||||
|
|
Loading…
Reference in New Issue