mirror of
https://bitbucket.org/jsuto/piler.git
synced 2025-01-12 10:10:12 +01:00
parent
1d57248db9
commit
23e0d829cb
@ -212,9 +212,7 @@ class ModelUserAuth extends Model {
|
|||||||
|
|
||||||
if($ldap_auth->is_bind_ok()) {
|
if($ldap_auth->is_bind_ok()) {
|
||||||
|
|
||||||
$a['dn'] = stripslashes($a['dn']);
|
$a['dn'] = $this->escapeLdapFilter($a['dn']);
|
||||||
$a['dn'] = preg_replace("/\(/", '\(', $a['dn']);
|
|
||||||
$a['dn'] = preg_replace("/\)/", '\)', $a['dn']);
|
|
||||||
|
|
||||||
$query = $ldap->query($ldap_base_dn, "(|(&(objectClass=$ldap_account_objectclass)($ldap_mail_attr=$username_prefix$username))(&(objectClass=$ldap_distributionlist_objectclass)($ldap_distributionlist_attr=$username_prefix$username)" . ")(&(objectClass=$ldap_distributionlist_objectclass)($ldap_distributionlist_attr=" . $a['dn'] . ")))", array());
|
$query = $ldap->query($ldap_base_dn, "(|(&(objectClass=$ldap_account_objectclass)($ldap_mail_attr=$username_prefix$username))(&(objectClass=$ldap_distributionlist_objectclass)($ldap_distributionlist_attr=$username_prefix$username)" . ")(&(objectClass=$ldap_distributionlist_objectclass)($ldap_distributionlist_attr=" . $a['dn'] . ")))", array());
|
||||||
|
|
||||||
@ -538,6 +536,42 @@ class ModelUserAuth extends Model {
|
|||||||
return $rc;
|
return $rc;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/*
|
||||||
|
* For more explanation, see https://bitbucket.org/jsuto/piler/issues/679/get-mailing-list-members-from-active
|
||||||
|
* Credits: Thoth
|
||||||
|
*/
|
||||||
|
|
||||||
|
public function escapeLdapFilter($str = '') {
|
||||||
|
// The characters that need to be escape.
|
||||||
|
//
|
||||||
|
// NOTE: It's important that the slash is the first character replaced.
|
||||||
|
// Otherwise the slash added by other replacements will then be
|
||||||
|
// replaced as well, resulted in double-escaping all characters
|
||||||
|
// replaced before the slashes were replaced.
|
||||||
|
//
|
||||||
|
$metaChars = array(
|
||||||
|
chr(0x5c), // \
|
||||||
|
chr(0x2a), // *
|
||||||
|
chr(0x28), // (
|
||||||
|
chr(0x29), // )
|
||||||
|
chr(0x00) // NUL
|
||||||
|
);
|
||||||
|
|
||||||
|
// Build the list of the escaped versions of those characters.
|
||||||
|
|
||||||
|
$quotedMetaChars = array();
|
||||||
|
|
||||||
|
foreach ($metaChars as $key => $value) {
|
||||||
|
$quotedMetaChars[$key] = '\\' .
|
||||||
|
str_pad(dechex(ord($value)), 2, '0', STR_PAD_LEFT);
|
||||||
|
}
|
||||||
|
|
||||||
|
// Make all the necessary replacements in the input string and return
|
||||||
|
// the result.
|
||||||
|
|
||||||
|
return str_replace($metaChars, $quotedMetaChars, $str);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
?>
|
?>
|
||||||
|
Loading…
Reference in New Issue
Block a user