]> source.dussan.org Git - gitea.git/commitdiff
projects / gitea.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 134958f)
Correct ldap username validation. (#2880)
authorJochen Rill <jochen@tabbed.de>
Mon, 13 Nov 2017 09:32:16 +0000 (10:32 +0100)
committerLauris BH <lauris@nix.lv>
Mon, 13 Nov 2017 09:32:16 +0000 (11:32 +0200)
PR #342 was only partially applied. Spaces should not be at the start
and end of a username but they can be inside.

modules/auth/ldap/ldap.go patch | blob | history

diff --git a/modules/auth/ldap/ldap.go b/modules/auth/ldap/ldap.go
index 7754cc8182646dfd8f12b7dfeff248e147a3e637..bb69f355877ce77ba610809ae448b507688129c1 100644 (file)
--- a/modules/auth/ldap/ldap.go
+++ b/modules/auth/ldap/ldap.go
@@ -69,7 +69,7 @@ func (ls *Source) sanitizedUserQuery(username string) (string, bool) {
 
 func (ls *Source) sanitizedUserDN(username string) (string, bool) {
        // See http://tools.ietf.org/search/rfc4514: "special characters"
-       badCharacters := "\x00()*\\,='\"#+;<> "
+       badCharacters := "\x00()*\\,='\"#+;<>"
        if strings.ContainsAny(username, badCharacters) {
                log.Debug("'%s' contains invalid DN characters. Aborting.", username)
                return "", false
Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD: https://github.com/go-gitea/gitea