From 594e19bddc42ffcaa248cb55bb3e9a33d7d602c8 Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@owncloud.com>
Date: Mon, 25 Jun 2012 13:16:35 +0200
Subject: [PATCH] LDAP: always sanitize DN and DN-containing attributes

---
 apps/user_ldap/lib_ldap.php | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/apps/user_ldap/lib_ldap.php b/apps/user_ldap/lib_ldap.php
index f4f75500c0..ffe6b3d2e9 100644
--- a/apps/user_ldap/lib_ldap.php
+++ b/apps/user_ldap/lib_ldap.php
@@ -449,7 +449,7 @@ class OC_LDAP {
 		if(isset($result[$attr]) && $result[$attr]['count'] > 0){
 			$values = array();
 			for($i=0;$i<$result[$attr]['count'];$i++) {
-				$values[] = $result[$attr][$i];
+				$values[] = self::resemblesDN($attr) ? self::sanitizeDN($result[$attr][$i]) : $result[$attr][$i];
 			}
 			return $values;
 		}
@@ -521,7 +521,7 @@ class OC_LDAP {
 						$key = strtolower($key);
 						if(isset($item[$key])) {
 							if($key != 'dn'){
-								$selection[$i][$key] = $item[$key][0];
+								$selection[$i][$key] = self::resemblesDN($key) ? self::sanitizeDN($item[$key][0]) : $item[$key][0];
 							} else {
 								$selection[$i][$key] = self::sanitizeDN($item[$key]);
 							}
@@ -534,7 +534,7 @@ class OC_LDAP {
 					$key = strtolower($attr[0]);
 
 					if(isset($item[$key])) {
-						if($key == 'dn') {
+						if(self::resemblesDN($key)) {
 							$selection[] = self::sanitizeDN($item[$key]);
 						} else {
 							$selection[] = $item[$key];
@@ -549,6 +549,15 @@ class OC_LDAP {
 		return $findings;
 	}
 
+	static private function resemblesDN($attr) {
+		$resemblingAttributes = array(
+			'dn',
+			'uniquemember',
+			'member'
+		);
+		return in_array($attr, $resemblingAttributes);
+	}
+
 	static private function sanitizeDN($dn) {
 		//OID sometimes gives back DNs with whitespace after the comma a la "uid=foo, cn=bar, dn=..." We need to tackle this!
 		$dn = preg_replace('/([^\\\]),(\s+)/','\1,',$dn);