[Pkg-owncloud-commits] [owncloud] 114/394: LDAP: escape values in the DN, fixes #419
David Prévot
taffit at alioth.debian.org
Fri Nov 8 23:11:40 UTC 2013
This is an automated email from the git hooks/post-receive script.
taffit pushed a commit to annotated tag v4.5.10
in repository owncloud.
commit 124e4ba53c6d5276de14090e82d3e23641d54e4b
Author: Arthur Schiwon <blizzz at owncloud.com>
Date: Fri Nov 16 23:29:00 2012 +0100
LDAP: escape values in the DN, fixes #419
---
apps/user_ldap/lib/access.php | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/apps/user_ldap/lib/access.php b/apps/user_ldap/lib/access.php
index e24f045..1db483c 100644
--- a/apps/user_ldap/lib/access.php
+++ b/apps/user_ldap/lib/access.php
@@ -113,6 +113,19 @@ abstract class Access {
//make comparisons and everything work
$dn = mb_strtolower($dn, 'UTF-8');
+ //escape DN values according to RFC 2253
+ //thanks to Kolab, http://git.kolab.org/pear/Net_LDAP3/tree/lib/Net/LDAP3.php#n1313
+ $aDN = ldap_explode_dn($dn, false);
+ unset($aDN['count']);
+ foreach($aDN as $key => $part) {
+ $value = substr($part, strpos($part, '=')+1);
+ $escapedValue = strtr($value, Array(','=>'\2c', '='=>'\3d', '+'=>'\2b',
+ '<'=>'\3c', '>'=>'\3e', ';'=>'\3b', '\\'=>'\5c',
+ '"'=>'\22', '#'=>'\23'));
+ $part = str_replace($part, $value, $escapedValue);
+ }
+ $dn = implode(',', $aDN);
+
return $dn;
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud.git
More information about the Pkg-owncloud-commits
mailing list