diff options
author | zeripath <art27@cantab.net> | 2022-07-05 16:59:27 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-07-05 16:59:27 +0100 |
commit | 6efbe49439f9dff87133f14a8c64a96c0b637635 (patch) | |
tree | fcec05271e4e206fd607dad1733387c366ce17bd /services | |
parent | 45f17528a856718457b79011cfd20c127ee87452 (diff) | |
download | gitea-6efbe49439f9dff87133f14a8c64a96c0b637635.tar.gz gitea-6efbe49439f9dff87133f14a8c64a96c0b637635.zip |
EscapeFilter the group dn membership (#20200)
The uid provided to the group filter must be properly escaped using the provided
ldap.EscapeFilter function.
Fix #20181
Signed-off-by: Andrew Thornton <art27@cantab.net>
Diffstat (limited to 'services')
-rw-r--r-- | services/auth/source/ldap/source_search.go | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/services/auth/source/ldap/source_search.go b/services/auth/source/ldap/source_search.go index 988d56005e..a97a1179d9 100644 --- a/services/auth/source/ldap/source_search.go +++ b/services/auth/source/ldap/source_search.go @@ -199,7 +199,7 @@ func checkRestricted(l *ldap.Conn, ls *Source, userDN string) bool { // List all group memberships of a user func (source *Source) listLdapGroupMemberships(l *ldap.Conn, uid string) []string { var ldapGroups []string - groupFilter := fmt.Sprintf("(%s=%s)", source.GroupMemberUID, uid) + groupFilter := fmt.Sprintf("(%s=%s)", source.GroupMemberUID, ldap.EscapeFilter(uid)) result, err := l.Search(ldap.NewSearchRequest( source.GroupDN, ldap.ScopeWholeSubtree, |