From d5de441ee75336c04cd57ff7c6023be9bf9c0dcc Mon Sep 17 00:00:00 2001
From: Andreas Gohr <gohr@cosmocode.de>
Date: Wed, 13 Jun 2007 16:43:10 +0200
Subject: [PATCH] better LDAP filter escaping

darcs-hash:20070613144310-6e07b-c271e09c76564ecf7a49a19f9791b7aebf337ade.gz
---
 functions.php | 10 ++++++++--
 index.php     |  2 +-
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/functions.php b/functions.php
index 671fca4..9166d31 100644
--- a/functions.php
+++ b/functions.php
@@ -348,10 +348,16 @@ function ldap_store_objectclasses($dn,$classes){
 }
 
 /**
- * escape parenthesises in given string
+ * Escape a string to be used in a LDAP filter
+ *
+ * Ported from Perl's Net::LDAP::Util escape_filter_value
+ *
+ * @author Andreas Gohr <andi@splitbrain.org>
  */
 function ldap_filterescape($string){
-  return strtr($string,array('('=>'\(', ')'=>'\)'));
+  return preg_replace('/([\x00-\x1F\*\(\)\\\\])/e',
+                            '"\\\\\".join("",unpack("H2","$1"))',
+                            $string);
 }
 
 /**
diff --git a/index.php b/index.php
index 01eeb47..857e69e 100644
--- a/index.php
+++ b/index.php
@@ -139,7 +139,7 @@
         $other .= '(!('.$FIELDS['name'].'='.chr($i).'*))';
       }
       $ldapfilter = "(&(objectClass=inetOrgPerson)$other)";
-    }elseif($filter=='*'){
+    }elseif($filter=='\2a'){ //escaped asterisk
       // List all
       $ldapfilter = "(objectClass=inetOrgPerson)";
     }else{
-- 
2.39.5