LDAP: always sanitize DN and DN-containing attributes

author Arthur Schiwon <blizzz@owncloud.com>

Mon, 25 Jun 2012 11:16:35 +0000 (13:16 +0200)

committer Arthur Schiwon <blizzz@owncloud.com>

Mon, 25 Jun 2012 11:22:00 +0000 (13:22 +0200)
author Arthur Schiwon <blizzz@owncloud.com>
Mon, 25 Jun 2012 11:16:35 +0000 (13:16 +0200)
committer Arthur Schiwon <blizzz@owncloud.com>
Mon, 25 Jun 2012 11:22:00 +0000 (13:22 +0200)
diff --git a/apps/user_ldap/lib_ldap.php b/apps/user_ldap/lib_ldap.php

index c88b18b10d374df5830879acd6db8ef0ea76b6e6..2940e1d825203a77c5ba4c672ebc16e41a6d85a8 100644 (file)
--- a/apps/user_ldap/lib_ldap.php
+++ b/apps/user_ldap/lib_ldap.php
@@ -425,7 +425,7 @@ class OC_LDAP {
                 if(isset($result[$attr]) && $result[$attr]['count'] > 0){
                         $values = array();
                         for($i=0;$i<$result[$attr]['count'];$i++) {
-                               $values[] = $result[$attr][$i];
+                               $values[] = self::resemblesDN($attr) ? self::sanitizeDN($result[$attr][$i]) : $result[$attr][$i];
                         }
                         return $values;
                 }
@@ -508,7 +508,7 @@ class OC_LDAP {
                                                 $key = strtolower($key);
                                                 if(isset($item[$key])) {
                                                         if($key != 'dn'){
-                                                               $selection[$i][$key] = $item[$key][0];
+                                                               $selection[$i][$key] = self::resemblesDN($key) ? self::sanitizeDN($item[$key][0]) : $item[$key][0];
                                                         } else {
                                                                 $selection[$i][$key] = self::sanitizeDN($item[$key]);
                                                         }
@@ -521,7 +521,7 @@ class OC_LDAP {
                                         $key = strtolower($attr[0]);
  
                                         if(isset($item[$key])) {
-                                               if($key == 'dn') {
+                                               if(self::resemblesDN($key)) {
                                                         $selection[] = self::sanitizeDN($item[$key]);
                                                 } else {
                                                         $selection[] = $item[$key];
@@ -536,6 +536,15 @@ class OC_LDAP {
                 return $findings;
         }
  
+       static private function resemblesDN($attr) {
+               $resemblingAttributes = array(
+                       'dn',
+                       'uniquemember',
+                       'member'
+               );
+               return in_array($attr, $resemblingAttributes);
+       }
+
         static private function sanitizeDN($dn) {
                 //OID sometimes gives back DNs with whitespace after the comma a la "uid=foo, cn=bar, dn=..." We need to tackle this!
                 $dn = preg_replace('/([^\\\]),(\s+)/','\1,',$dn);
author	Arthur Schiwon <blizzz@owncloud.com>
	Mon, 25 Jun 2012 11:16:35 +0000 (13:16 +0200)
committer	Arthur Schiwon <blizzz@owncloud.com>
	Mon, 25 Jun 2012 11:22:00 +0000 (13:22 +0200)