aboutsummaryrefslogtreecommitdiffstats
path: root/services
diff options
context:
space:
mode:
authorzeripath <art27@cantab.net>2022-07-05 16:59:27 +0100
committerGitHub <noreply@github.com>2022-07-05 16:59:27 +0100
commit6efbe49439f9dff87133f14a8c64a96c0b637635 (patch)
treefcec05271e4e206fd607dad1733387c366ce17bd /services
parent45f17528a856718457b79011cfd20c127ee87452 (diff)
downloadgitea-6efbe49439f9dff87133f14a8c64a96c0b637635.tar.gz
gitea-6efbe49439f9dff87133f14a8c64a96c0b637635.zip
EscapeFilter the group dn membership (#20200)
The uid provided to the group filter must be properly escaped using the provided ldap.EscapeFilter function. Fix #20181 Signed-off-by: Andrew Thornton <art27@cantab.net>
Diffstat (limited to 'services')
-rw-r--r--services/auth/source/ldap/source_search.go2
1 files changed, 1 insertions, 1 deletions
diff --git a/services/auth/source/ldap/source_search.go b/services/auth/source/ldap/source_search.go
index 988d56005e..a97a1179d9 100644
--- a/services/auth/source/ldap/source_search.go
+++ b/services/auth/source/ldap/source_search.go
@@ -199,7 +199,7 @@ func checkRestricted(l *ldap.Conn, ls *Source, userDN string) bool {
// List all group memberships of a user
func (source *Source) listLdapGroupMemberships(l *ldap.Conn, uid string) []string {
var ldapGroups []string
- groupFilter := fmt.Sprintf("(%s=%s)", source.GroupMemberUID, uid)
+ groupFilter := fmt.Sprintf("(%s=%s)", source.GroupMemberUID, ldap.EscapeFilter(uid))
result, err := l.Search(ldap.NewSearchRequest(
source.GroupDN,
ldap.ScopeWholeSubtree,