From 2af74736514f8bc194239e40a6a04a862db305e0 Mon Sep 17 00:00:00 2001 From: Arthur Schiwon Date: Fri, 3 Aug 2012 15:51:25 +0200 Subject: [PATCH] LDAP: sanitize base, user and group trees. fixes oc-1302 --- apps/user_ldap/lib_ldap.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apps/user_ldap/lib_ldap.php b/apps/user_ldap/lib_ldap.php index ab838812ae..70b4664542 100644 --- a/apps/user_ldap/lib_ldap.php +++ b/apps/user_ldap/lib_ldap.php @@ -666,9 +666,9 @@ class OC_LDAP { self::$ldapPort = OCP\Config::getAppValue('user_ldap', 'ldap_port', 389); self::$ldapAgentName = OCP\Config::getAppValue('user_ldap', 'ldap_dn',''); self::$ldapAgentPassword = base64_decode(OCP\Config::getAppValue('user_ldap', 'ldap_agent_password','')); - self::$ldapBase = OCP\Config::getAppValue('user_ldap', 'ldap_base', ''); - self::$ldapBaseUsers = OCP\Config::getAppValue('user_ldap', 'ldap_base_users',self::$ldapBase); - self::$ldapBaseGroups = OCP\Config::getAppValue('user_ldap', 'ldap_base_groups', self::$ldapBase); + self::$ldapBase = self::sanitizeDN(OCP\Config::getAppValue('user_ldap', 'ldap_base', '')); + self::$ldapBaseUsers = self::sanitizeDN(OCP\Config::getAppValue('user_ldap', 'ldap_base_users',self::$ldapBase)); + self::$ldapBaseGroups = self::sanitizeDN(OCP\Config::getAppValue('user_ldap', 'ldap_base_groups', self::$ldapBase)); self::$ldapTLS = OCP\Config::getAppValue('user_ldap', 'ldap_tls',0); self::$ldapNoCase = OCP\Config::getAppValue('user_ldap', 'ldap_nocase', 0); self::$ldapUserDisplayName = strtolower(OCP\Config::getAppValue('user_ldap', 'ldap_display_name', 'uid'));