Skip to content

Version 0.3.2
Compare
Choose a tag to compare
@Cito Cito released this 24 Sep 15:05
· 20 commits to master since this release
0.3.2
b3db8f2
  • The login value in the search filter is now properly escaped in the authenticate() method. Although the bind test in the second stage of the method ensures the proper password is passed, this could be exploited to login with a different user name like 'foo*' instead of 'foobar'. Thanks to Patrick Valsecchi for the bug report.
Assets 2
Loading