better LDAP filter escaping

[contagged] / functions.php

diff --git a/functions.php b/functions.php
index 671fca402a873b55017460f1544669b31bdb898b..9166d31ca0c5e9f77ead7d923a32e21ce2ae7029 100644 (file)
--- a/functions.php
+++ b/functions.php
@@ -348,10 +348,16 @@ function ldap_store_objectclasses($dn,$classes){
 }
 
 /**
- * escape parenthesises in given string
+ * Escape a string to be used in a LDAP filter
+ *
+ * Ported from Perl's Net::LDAP::Util escape_filter_value
+ *
+ * @author Andreas Gohr <andi@splitbrain.org>
  */
 function ldap_filterescape($string){
-  return strtr($string,array('('=>'\(', ')'=>'\)'));
+  return preg_replace('/([\x00-\x1F\*\(\)\\\\])/e',
+                            '"\\\\\".join("",unpack("H2","$1"))',
+                            $string);
 }
 
 /**