From: Andreas Gohr <gohr@cosmocode.de>
Date: Wed, 13 Jun 2007 14:43:10 +0000 (+0200)
Subject: better LDAP filter escaping
X-Git-Tag: 0.7.1~65
X-Git-Url: https://git.sur5r.net/?p=contagged;a=commitdiff_plain;h=d5de441ee75336c04cd57ff7c6023be9bf9c0dcc

better LDAP filter escaping

darcs-hash:20070613144310-6e07b-c271e09c76564ecf7a49a19f9791b7aebf337ade.gz
---

diff --git a/functions.php b/functions.php
index 671fca4..9166d31 100644
--- a/functions.php
+++ b/functions.php
@@ -348,10 +348,16 @@ function ldap_store_objectclasses($dn,$classes){
 }
 
 /**
- * escape parenthesises in given string
+ * Escape a string to be used in a LDAP filter
+ *
+ * Ported from Perl's Net::LDAP::Util escape_filter_value
+ *
+ * @author Andreas Gohr <andi@splitbrain.org>
  */
 function ldap_filterescape($string){
-  return strtr($string,array('('=>'\(', ')'=>'\)'));
+  return preg_replace('/([\x00-\x1F\*\(\)\\\\])/e',
+                            '"\\\\\".join("",unpack("H2","$1"))',
+                            $string);
 }
 
 /**
diff --git a/index.php b/index.php
index 01eeb47..857e69e 100644
--- a/index.php
+++ b/index.php
@@ -139,7 +139,7 @@
         $other .= '(!('.$FIELDS['name'].'='.chr($i).'*))';
       }
       $ldapfilter = "(&(objectClass=inetOrgPerson)$other)";
-    }elseif($filter=='*'){
+    }elseif($filter=='\2a'){ //escaped asterisk
       // List all
       $ldapfilter = "(objectClass=inetOrgPerson)";
     }else{