return $name;
}
+ /**
+ * @brief escapes (user provided) parts for LDAP filter
+ * @param String $input, the provided value
+ * @returns the escaped string
+ */
+ public function escapeFilterPart($input) {
+ $search = array('*', '\\', '(', ')');
+ $replace = array('\\*', '\\\\', '\\(', '\\)');
+ return str_replace($search, $replace, $input);
+ }
+
/**
* @brief combines the input filters with AND
* @param $filters array, the filters to connect
* Check if the password is correct without logging in the user
*/
public function checkPassword($uid, $password) {
+ $uid = $this->escapeFilterPart($uid);
+
//find out dn of the user name
$filter = \OCP\Util::mb_str_replace('%uid', $uid, $this->connection->ldapLoginFilter, 'UTF-8');
$ldap_users = $this->fetchListOfUsers($filter, 'dn');
* Get a list of all users.
*/
public function getUsers($search = '', $limit = 10, $offset = 0) {
+ $search = $this->escapeFilterPart($search);
$cachekey = 'getUsers-'.$search.'-'.$limit.'-'.$offset;
//check if users are cached, if so return
projects / nextcloud-server.git / commitdiff