Project:CAS
Version:5.x-2.2
Component:Code
Category:bug report
Priority:normal
Assigned:Unassigned
Status:closed (won't fix)

Issue Summary

When a user who is logged in with CAS, is given enough rights to edit information of other users, there goes something wrong.
This comes to outing when trying to retrieve an e-mail address, based on the username ($user->name).
This username is the username of the 'logged in' user, but this is not necessarily the username of the user you're editing.

In the following fragment, $user->name should be replaced by $form['_account']['#value']->init.

<?php
         
if ($ldap_config_name = _get_ldap_config_name($user->name))
          {
           
_ldapauth_init($ldap_config_name);
           
$ldap->connect();
           
$cas_ldap_email_attribute = (string)variable_get('cas_ldap_email_attribute','mail');
           
$ldap_entries = $ldap->search($ldap->getOption('basedn'), $ldap->getOption('user_attr').'='.$user->name, array($cas_ldap_email_attribute));
?>

Comments

#1

Status:active» closed (won't fix)

Drupal 5.x and CAS 5.x-x.x have reached their end-of-life (#1104504: End-of-life 5.x-x.x).

Since the referenced code bears no resemblance to the currently supported 6.x-2.x, 6.x-3.x, and 7.x-1.x branches, I'm closing this issue.

nobody click here