mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

and escape the search term

This commit is contained in:
Arthur Schiwon 2015-01-29 00:15:55 +01:00
parent 953a88785b
commit 73600cfdd8
3 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
apps/user_ldap/group_ldap.php
View File

@ -444,6 +444,7 @@ class GROUP_LDAP extends BackendUtility implements \OCP\GroupInterface {
if(!$this->groupExists($gid)) { if(!$this->groupExists($gid)) {
return array(); return array();
} }
$search = $this->access->escapeFilterPart($search, true);
$cacheKey = 'usersInGroup-'.$gid.'-'.$search.'-'.$limit.'-'.$offset; $cacheKey = 'usersInGroup-'.$gid.'-'.$search.'-'.$limit.'-'.$offset;
// check for cache of the exact query // check for cache of the exact query
$groupUsers = $this->access->connection->getFromCache($cacheKey); $groupUsers = $this->access->connection->getFromCache($cacheKey);
@ -557,6 +558,7 @@ class GROUP_LDAP extends BackendUtility implements \OCP\GroupInterface {
$this->access->connection->writeToCache($cacheKey, $groupUsers); $this->access->connection->writeToCache($cacheKey, $groupUsers);
return $groupUsers; return $groupUsers;
} }
$search = $this->access->escapeFilterPart($search, true);
$isMemberUid = $isMemberUid =
(strtolower($this->access->connection->ldapGroupMemberAssocAttr) (strtolower($this->access->connection->ldapGroupMemberAssocAttr)
=== 'memberuid'); === 'memberuid');
@ -663,6 +665,7 @@ class GROUP_LDAP extends BackendUtility implements \OCP\GroupInterface {
if(!$this->enabled) { if(!$this->enabled) {
return array(); return array();
} }
$search = $this->access->escapeFilterPart($search, true);
$pagingSize = $this->access->connection->ldapPagingSize; $pagingSize = $this->access->connection->ldapPagingSize;
if ((! $this->access->connection->hasPagedResultSupport) if ((! $this->access->connection->hasPagedResultSupport)
|| empty($pagingSize)) { || empty($pagingSize)) {

2
apps/user_ldap/lib/access.php
View File

@ -958,7 +958,7 @@ class Access extends LDAPUtility implements user\IUserTools {
/** /**
* escapes (user provided) parts for LDAP filter * escapes (user provided) parts for LDAP filter
* @param string $input, the provided value * @param string $input, the provided value
* @param bool $allowAsterisk wether in * at the beginning should be preserved * @param bool $allowAsterisk whether in * at the beginning should be preserved
* @return string the escaped string * @return string the escaped string
*/ */
public function escapeFilterPart($input, $allowAsterisk = false) { public function escapeFilterPart($input, $allowAsterisk = false) {

1
apps/user_ldap/lib/connection.php
View File

@ -32,6 +32,7 @@ namespace OCA\user_ldap\lib;
* @property boolean hasPagedResultSupport * @property boolean hasPagedResultSupport
* @property string[] ldapBaseUsers * @property string[] ldapBaseUsers
* @property int|string ldapPagingSize holds an integer * @property int|string ldapPagingSize holds an integer
* @property bool|mixed|void ldapGroupMemberAssocAttr
*/ */
class Connection extends LDAPUtility { class Connection extends LDAPUtility {
private $ldapConnectionRes = null; private $ldapConnectionRes = null;