Signed-off-by: SJ <sj@acts.hu>
This commit is contained in:
SJ 2016-05-03 22:24:09 +02:00
parent 1d57248db9
commit 23e0d829cb

View File

@ -212,9 +212,7 @@ class ModelUserAuth extends Model {
if($ldap_auth->is_bind_ok()) {
$a['dn'] = stripslashes($a['dn']);
$a['dn'] = preg_replace("/\(/", '\(', $a['dn']);
$a['dn'] = preg_replace("/\)/", '\)', $a['dn']);
$a['dn'] = $this->escapeLdapFilter($a['dn']);
$query = $ldap->query($ldap_base_dn, "(|(&(objectClass=$ldap_account_objectclass)($ldap_mail_attr=$username_prefix$username))(&(objectClass=$ldap_distributionlist_objectclass)($ldap_distributionlist_attr=$username_prefix$username)" . ")(&(objectClass=$ldap_distributionlist_objectclass)($ldap_distributionlist_attr=" . $a['dn'] . ")))", array());
@ -538,6 +536,42 @@ class ModelUserAuth extends Model {
return $rc;
}
/*
* For more explanation, see https://bitbucket.org/jsuto/piler/issues/679/get-mailing-list-members-from-active
* Credits: Thoth
*/
public function escapeLdapFilter($str = '') {
// The characters that need to be escape.
//
// NOTE: It's important that the slash is the first character replaced.
// Otherwise the slash added by other replacements will then be
// replaced as well, resulted in double-escaping all characters
// replaced before the slashes were replaced.
//
$metaChars = array(
chr(0x5c), // \
chr(0x2a), // *
chr(0x28), // (
chr(0x29), // )
chr(0x00) // NUL
);
// Build the list of the escaped versions of those characters.
$quotedMetaChars = array();
foreach ($metaChars as $key => $value) {
$quotedMetaChars[$key] = '\\' .
str_pad(dechex(ord($value)), 2, '0', STR_PAD_LEFT);
}
// Make all the necessary replacements in the input string and return
// the result.
return str_replace($metaChars, $quotedMetaChars, $str);
}
}
?>