#
# Security fix for LDAP anonymous bind bypassing authentication (#1293)
# Licensed under the GPLv2
# Olivier Bilodeau <obilodeau@inverse.ca>
#
# old_revision [54c13c3b3b2d4c2f4035d84fe8f3ced73bb882e0]
#
# patch "pf/html/admin/login.php"
#  from [437daaaf2a52b935008754acd28d6b71d1d33220]
#    to [3091155d3aee619c63b0ac5aa32708fbd5c8903d]
#
============================================================
--- pf/html/admin/login.php	437daaaf2a52b935008754acd28d6b71d1d33220
+++ pf/html/admin/login.php	3091155d3aee619c63b0ac5aa32708fbd5c8903d
@@ -39,9 +39,9 @@ function check_input($input){
   }
 } 
 
-# rejecting NULLs because they end-up doing an anonymous LDAP bind
+# rejecting NULLs or empty strings because they end-up doing an anonymous LDAP bind
 function check_password($input){
-  if (isset($input)) {
+  if (isset($input) && !is_null($input) && !empty($input)) {
     return true;
   } else {
     print "Invalid password<br>";