From b78e3e565cc9a1e4be749b2e40b06585382da543 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=B4me=20Chilliet?= <come@opensides.be>
Date: Wed, 12 Oct 2016 09:42:21 +0200
Subject: [PATCH] Fixed ACL assignment check for empty member list

---
 include/class_acl.inc                     | 7 ++++++-
 plugins/admin/acl/class_aclAssignment.inc | 5 +++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/include/class_acl.inc b/include/class_acl.inc
index 1f27d5f15..4cda415ce 100644
--- a/include/class_acl.inc
+++ b/include/class_acl.inc
@@ -141,7 +141,12 @@ class acl
     foreach ($ma as $memberdn) {
       // Check for wildcard here
       $dn = base64_decode($memberdn);
-      if ($dn != "*") {
+      if ($dn != '*') {
+        if (empty($dn)) {
+          trigger_error('Empty dn found in members of ACL');
+          continue;
+        }
+
         $ldap->cat($dn, array('cn', 'objectClass', 'description', 'uid'));
 
         /* Found entry... */
diff --git a/plugins/admin/acl/class_aclAssignment.inc b/plugins/admin/acl/class_aclAssignment.inc
index ecb2f283c..34c80f364 100644
--- a/plugins/admin/acl/class_aclAssignment.inc
+++ b/plugins/admin/acl/class_aclAssignment.inc
@@ -156,6 +156,11 @@ class ACLsAssignmentDialog extends GenericDialog
   function handle_finish ()
   {
     $this->dialog->save_object();
+    $messages = $this->dialog->check();
+    if (!empty($messages)) {
+      msg_dialog::displayChecks($messages);
+      return $this->dialog->execute();
+    }
     $this->attribute->addValue($this->dialog->getAclEntry());
     return FALSE;
   }
-- 
GitLab