From: Andreas Gohr Date: Wed, 13 Jun 2007 14:43:10 +0000 (+0200) Subject: better LDAP filter escaping X-Git-Tag: 0.7.1~65 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=d5de441ee75336c04cd57ff7c6023be9bf9c0dcc;p=contagged better LDAP filter escaping darcs-hash:20070613144310-6e07b-c271e09c76564ecf7a49a19f9791b7aebf337ade.gz --- diff --git a/functions.php b/functions.php index 671fca4..9166d31 100644 --- a/functions.php +++ b/functions.php @@ -348,10 +348,16 @@ function ldap_store_objectclasses($dn,$classes){ } /** - * escape parenthesises in given string + * Escape a string to be used in a LDAP filter + * + * Ported from Perl's Net::LDAP::Util escape_filter_value + * + * @author Andreas Gohr */ function ldap_filterescape($string){ - return strtr($string,array('('=>'\(', ')'=>'\)')); + return preg_replace('/([\x00-\x1F\*\(\)\\\\])/e', + '"\\\\\".join("",unpack("H2","$1"))', + $string); } /** diff --git a/index.php b/index.php index 01eeb47..857e69e 100644 --- a/index.php +++ b/index.php @@ -139,7 +139,7 @@ $other .= '(!('.$FIELDS['name'].'='.chr($i).'*))'; } $ldapfilter = "(&(objectClass=inetOrgPerson)$other)"; - }elseif($filter=='*'){ + }elseif($filter=='\2a'){ //escaped asterisk // List all $ldapfilter = "(objectClass=inetOrgPerson)"; }else{