summaryrefslogtreecommitdiffstats
path: root/modules/auth
diff options
context:
space:
mode:
authorJochen Rill <jochen@tabbed.de>2017-11-13 10:32:16 +0100
committerLauris BH <lauris@nix.lv>2017-11-13 11:32:16 +0200
commitf94e6fd7a5c39bc82ab1bcf6a0befbc8358e84df (patch)
treeb151d261e5fa4c6a0c3933d9433172d003901716 /modules/auth
parent134958fd9f40b96384bc76598409a4a6fa032708 (diff)
downloadgitea-f94e6fd7a5c39bc82ab1bcf6a0befbc8358e84df.tar.gz
gitea-f94e6fd7a5c39bc82ab1bcf6a0befbc8358e84df.zip
Correct ldap username validation. (#2880)
PR #342 was only partially applied. Spaces should not be at the start and end of a username but they can be inside.
Diffstat (limited to 'modules/auth')
-rw-r--r--modules/auth/ldap/ldap.go2
1 files changed, 1 insertions, 1 deletions
diff --git a/modules/auth/ldap/ldap.go b/modules/auth/ldap/ldap.go
index 7754cc8182..bb69f35587 100644
--- a/modules/auth/ldap/ldap.go
+++ b/modules/auth/ldap/ldap.go
@@ -69,7 +69,7 @@ func (ls *Source) sanitizedUserQuery(username string) (string, bool) {
func (ls *Source) sanitizedUserDN(username string) (string, bool) {
// See http://tools.ietf.org/search/rfc4514: "special characters"
- badCharacters := "\x00()*\\,='\"#+;<> "
+ badCharacters := "\x00()*\\,='\"#+;<>"
if strings.ContainsAny(username, badCharacters) {
log.Debug("'%s' contains invalid DN characters. Aborting.", username)
return "", false