Username ambiguous
Gueuselambix - August 21, 2007 - 15:28
| Project: | CAS |
| Version: | 5.x-2.2 |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | active |
Description
When a user who is logged in with CAS, is given enough rights to edit information of other users, there goes something wrong.
This comes to outing when trying to retrieve an e-mail address, based on the username ($user->name).
This username is the username of the 'logged in' user, but this is not necessarily the username of the user you're editing.
In the following fragment, $user->name should be replaced by $form['_account']['#value']->init.
<?php
if ($ldap_config_name = _get_ldap_config_name($user->name))
{
_ldapauth_init($ldap_config_name);
$ldap->connect();
$cas_ldap_email_attribute = (string)variable_get('cas_ldap_email_attribute','mail');
$ldap_entries = $ldap->search($ldap->getOption('basedn'), $ldap->getOption('user_attr').'='.$user->name, array($cas_ldap_email_attribute));
?>