From e38a930e7e1e462026a8e7ff3d0a20376b9fa4dd Mon Sep 17 00:00:00 2001 From: Gunnar Wrobel Date: Tue, 7 Apr 2009 07:38:58 +0200 Subject: [PATCH] Ensure the user password is never returned. --- .../lib/Horde/Kolab/Server/Object/Person.php | 24 +++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/framework/Kolab_Server/lib/Horde/Kolab/Server/Object/Person.php b/framework/Kolab_Server/lib/Horde/Kolab/Server/Object/Person.php index bf6946cd8..c2e542fa9 100644 --- a/framework/Kolab_Server/lib/Horde/Kolab/Server/Object/Person.php +++ b/framework/Kolab_Server/lib/Horde/Kolab/Server/Object/Person.php @@ -49,6 +49,9 @@ class Horde_Kolab_Server_Object_Person extends Horde_Kolab_Server_Object self::ATTRIBUTE_TELNO, ), 'derived' => array( + self::ATTRIBUTE_USERPASSWORD => array( + 'base' => self::ATTRIBUTE_USERPASSWORD, + ), self::ATTRIBUTE_SN => array( 'base' => self::ATTRIBUTE_SN, 'order' => 0, @@ -69,6 +72,23 @@ class Horde_Kolab_Server_Object_Person extends Horde_Kolab_Server_Object ); /** + * Derive an attribute value. + * + * @param string $attr The attribute to derive. + * + * @return mixed The value of the attribute. + */ + protected function derive($attr) + { + switch ($attr) { + case self::ATTRIBUTE_USERPASSWORD: + return ''; + default: + return parent::derive($attr); + } + } + + /** * Salt and hash the password. * * @param string $password The password. @@ -187,8 +207,10 @@ class Horde_Kolab_Server_Object_Person extends Horde_Kolab_Server_Object $info[self::ATTRIBUTE_CN] = $info[self::ATTRIBUTE_SN]; } - if (isset($info[self::ATTRIBUTE_USERPASSWORD])) { + if (!empty($info[self::ATTRIBUTE_USERPASSWORD])) { $info[self::ATTRIBUTE_USERPASSWORD] = $this->hashPassword($info[self::ATTRIBUTE_USERPASSWORD]); + } else if (isset($info[self::ATTRIBUTE_USERPASSWORD])) { + unset($info[self::ATTRIBUTE_USERPASSWORD]); } return parent::save($info); -- 2.11.0