diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2007-05-13 11:48:51 +0200 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2007-05-13 11:48:51 +0200 |
| commit | c8dd2891cb8d68e147e8c435f070db2701b0a0aa (patch) | |
| tree | 8cad65bb6534ebdb502f1c49eb2c65fb906cc4c2 | |
| parent | 76ae5803f4b2f129b8a3445f4cbd2ead6b663391 (diff) | |
| download | rpg-c8dd2891cb8d68e147e8c435f070db2701b0a0aa.tar.gz rpg-c8dd2891cb8d68e147e8c435f070db2701b0a0aa.tar.bz2 | |
properly escape values used in LDAP filters FS#1048
darcs-hash:20070513094851-7ad00-c58c7a33f7c773975aab98664774718be155d361.gz
| -rw-r--r-- | inc/auth/ldap.class.php | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/inc/auth/ldap.class.php b/inc/auth/ldap.class.php index bc59411d8..765ed7c72 100644 --- a/inc/auth/ldap.class.php +++ b/inc/auth/ldap.class.php @@ -261,12 +261,26 @@ class auth_ldap extends auth_basic { } else { $value = $placeholders[$match]; } + $value = $this->_filterEscape($value); $filter = str_replace('%{'.$match.'}', $value, $filter); } return $filter; } /** + * Escape a string to be used in a LDAP filter + * + * Ported from Perl's Net::LDAP::Util escape_filter_value + * + * @author Andreas Gohr + */ + function _filterEscape($string){ + return preg_replace('/([\x00-\x1F\*\(\)\\\\])/e', + '"\\\\\".join("",unpack("H2","$1"))', + $string); + } + + /** * Opens a connection to the configured LDAP server and sets the wanted * option on the connection * |