LDAP: always sanitize DN and DN-containing attributes
This commit is contained in:
parent
85ac75b4f4
commit
594e19bddc
|
@ -449,7 +449,7 @@ class OC_LDAP {
|
|||
if(isset($result[$attr]) && $result[$attr]['count'] > 0){
|
||||
$values = array();
|
||||
for($i=0;$i<$result[$attr]['count'];$i++) {
|
||||
$values[] = $result[$attr][$i];
|
||||
$values[] = self::resemblesDN($attr) ? self::sanitizeDN($result[$attr][$i]) : $result[$attr][$i];
|
||||
}
|
||||
return $values;
|
||||
}
|
||||
|
@ -521,7 +521,7 @@ class OC_LDAP {
|
|||
$key = strtolower($key);
|
||||
if(isset($item[$key])) {
|
||||
if($key != 'dn'){
|
||||
$selection[$i][$key] = $item[$key][0];
|
||||
$selection[$i][$key] = self::resemblesDN($key) ? self::sanitizeDN($item[$key][0]) : $item[$key][0];
|
||||
} else {
|
||||
$selection[$i][$key] = self::sanitizeDN($item[$key]);
|
||||
}
|
||||
|
@ -534,7 +534,7 @@ class OC_LDAP {
|
|||
$key = strtolower($attr[0]);
|
||||
|
||||
if(isset($item[$key])) {
|
||||
if($key == 'dn') {
|
||||
if(self::resemblesDN($key)) {
|
||||
$selection[] = self::sanitizeDN($item[$key]);
|
||||
} else {
|
||||
$selection[] = $item[$key];
|
||||
|
@ -549,6 +549,15 @@ class OC_LDAP {
|
|||
return $findings;
|
||||
}
|
||||
|
||||
static private function resemblesDN($attr) {
|
||||
$resemblingAttributes = array(
|
||||
'dn',
|
||||
'uniquemember',
|
||||
'member'
|
||||
);
|
||||
return in_array($attr, $resemblingAttributes);
|
||||
}
|
||||
|
||||
static private function sanitizeDN($dn) {
|
||||
//OID sometimes gives back DNs with whitespace after the comma a la "uid=foo, cn=bar, dn=..." We need to tackle this!
|
||||
$dn = preg_replace('/([^\\\]),(\s+)/','\1,',$dn);
|
||||
|
|
Loading…
Reference in New Issue