LDAP: escape values in the DN, fixes #419

2012-11-16 23:29:00 +01:00 · 2012-11-16 23:29:00 +01:00 · 24e13419a3
parent a85d891938
commit 24e13419a3
1 changed files with 13 additions and 0 deletions
--- a/apps/user_ldap/lib/access.php
+++ b/apps/user_ldap/lib/access.php
@ -119,6 +119,19 @@ abstract class Access {
 		//make comparisons and everything work
 		$dn = mb_strtolower($dn, 'UTF-8');

+		//escape DN values according to RFC 2253
+		//thanks to Kolab, http://git.kolab.org/pear/Net_LDAP3/tree/lib/Net/LDAP3.php#n1313
+		$aDN = ldap_explode_dn($dn, false);
+		unset($aDN['count']);
+		foreach($aDN as $key => $part) {
+			$value = substr($part, strpos($part, '=')+1);
+			$escapedValue = strtr($value, Array(','=>'\2c', '='=>'\3d', '+'=>'\2b',
+				'<'=>'\3c', '>'=>'\3e', ';'=>'\3b', '\\'=>'\5c',
+				'"'=>'\22', '#'=>'\23'));
+			$part = str_replace($part, $value, $escapedValue);
+		}
+		$dn = implode(',', $aDN);
+
 		return $dn;
 	}