and escape the search term
This commit is contained in:
parent
953a88785b
commit
73600cfdd8
|
@ -444,6 +444,7 @@ class GROUP_LDAP extends BackendUtility implements \OCP\GroupInterface {
|
||||||
if(!$this->groupExists($gid)) {
|
if(!$this->groupExists($gid)) {
|
||||||
return array();
|
return array();
|
||||||
}
|
}
|
||||||
|
$search = $this->access->escapeFilterPart($search, true);
|
||||||
$cacheKey = 'usersInGroup-'.$gid.'-'.$search.'-'.$limit.'-'.$offset;
|
$cacheKey = 'usersInGroup-'.$gid.'-'.$search.'-'.$limit.'-'.$offset;
|
||||||
// check for cache of the exact query
|
// check for cache of the exact query
|
||||||
$groupUsers = $this->access->connection->getFromCache($cacheKey);
|
$groupUsers = $this->access->connection->getFromCache($cacheKey);
|
||||||
|
@ -557,6 +558,7 @@ class GROUP_LDAP extends BackendUtility implements \OCP\GroupInterface {
|
||||||
$this->access->connection->writeToCache($cacheKey, $groupUsers);
|
$this->access->connection->writeToCache($cacheKey, $groupUsers);
|
||||||
return $groupUsers;
|
return $groupUsers;
|
||||||
}
|
}
|
||||||
|
$search = $this->access->escapeFilterPart($search, true);
|
||||||
$isMemberUid =
|
$isMemberUid =
|
||||||
(strtolower($this->access->connection->ldapGroupMemberAssocAttr)
|
(strtolower($this->access->connection->ldapGroupMemberAssocAttr)
|
||||||
=== 'memberuid');
|
=== 'memberuid');
|
||||||
|
@ -663,6 +665,7 @@ class GROUP_LDAP extends BackendUtility implements \OCP\GroupInterface {
|
||||||
if(!$this->enabled) {
|
if(!$this->enabled) {
|
||||||
return array();
|
return array();
|
||||||
}
|
}
|
||||||
|
$search = $this->access->escapeFilterPart($search, true);
|
||||||
$pagingSize = $this->access->connection->ldapPagingSize;
|
$pagingSize = $this->access->connection->ldapPagingSize;
|
||||||
if ((! $this->access->connection->hasPagedResultSupport)
|
if ((! $this->access->connection->hasPagedResultSupport)
|
||||||
|| empty($pagingSize)) {
|
|| empty($pagingSize)) {
|
||||||
|
|
|
@ -958,7 +958,7 @@ class Access extends LDAPUtility implements user\IUserTools {
|
||||||
/**
|
/**
|
||||||
* escapes (user provided) parts for LDAP filter
|
* escapes (user provided) parts for LDAP filter
|
||||||
* @param string $input, the provided value
|
* @param string $input, the provided value
|
||||||
* @param bool $allowAsterisk wether in * at the beginning should be preserved
|
* @param bool $allowAsterisk whether in * at the beginning should be preserved
|
||||||
* @return string the escaped string
|
* @return string the escaped string
|
||||||
*/
|
*/
|
||||||
public function escapeFilterPart($input, $allowAsterisk = false) {
|
public function escapeFilterPart($input, $allowAsterisk = false) {
|
||||||
|
|
|
@ -32,6 +32,7 @@ namespace OCA\user_ldap\lib;
|
||||||
* @property boolean hasPagedResultSupport
|
* @property boolean hasPagedResultSupport
|
||||||
* @property string[] ldapBaseUsers
|
* @property string[] ldapBaseUsers
|
||||||
* @property int|string ldapPagingSize holds an integer
|
* @property int|string ldapPagingSize holds an integer
|
||||||
|
* @property bool|mixed|void ldapGroupMemberAssocAttr
|
||||||
*/
|
*/
|
||||||
class Connection extends LDAPUtility {
|
class Connection extends LDAPUtility {
|
||||||
private $ldapConnectionRes = null;
|
private $ldapConnectionRes = null;
|
||||||
|
|
Loading…
Reference in New Issue