[stable27] fix(LDAP): escape DN on check-usertags/v27.1.9rc1
@@ -279,6 +279,8 @@ class Access extends LDAPUtility { | |||
* Normalizes a result grom getAttributes(), i.e. handles DNs and binary | |||
* data if present. | |||
* | |||
* DN values are escaped as per RFC 2253 | |||
* | |||
* @param array $result from ILDAPWrapper::getAttributes() | |||
* @param string $attribute the attribute name that was read | |||
* @return string[] | |||
@@ -1260,6 +1262,8 @@ class Access extends LDAPUtility { | |||
/** | |||
* Executes an LDAP search | |||
* | |||
* DN values in the result set are escaped as per RFC 2253 | |||
* | |||
* @throws ServerNotAvailableException | |||
*/ | |||
public function search( |
@@ -144,7 +144,8 @@ class CheckUser extends Command { | |||
$attrs = $access->userManager->getAttributes(); | |||
$user = $access->userManager->get($uid); | |||
$avatarAttributes = $access->getConnection()->resolveRule('avatar'); | |||
$result = $access->search('objectclass=*', $user->getDN(), $attrs, 1, 0); | |||
$baseDn = $this->helper->DNasBaseParameter($user->getDN()); | |||
$result = $access->search('objectclass=*', $baseDn, $attrs, 1, 0); | |||
foreach ($result[0] as $attribute => $valueSet) { | |||
$output->writeln(' ' . $attribute . ': '); | |||
foreach ($valueSet as $value) { |
@@ -206,6 +206,21 @@ class Helper { | |||
/** | |||
* sanitizes a DN received from the LDAP server | |||
* | |||
* This is used and done to have a stable format of DNs that can be compared | |||
* and identified again. The input DN value is modified as following: | |||
* | |||
* 1) whitespaces after commas are removed | |||
* 2) the DN is turned to lower-case | |||
* 3) the DN is escaped according to RFC 2253 | |||
* | |||
* When a future DN is supposed to be used as a base parameter, it has to be | |||
* run through DNasBaseParameter() first, to recode \5c into a backslash | |||
* again, otherwise the search or read operation will fail with LDAP error | |||
* 32, NO_SUCH_OBJECT. Regular usage in LDAP filters requires the backslash | |||
* being escaped, however. | |||
* | |||
* Internally, DNs are stored in their sanitized form. | |||
* | |||
* @param array|string $dn the DN in question | |||
* @return array|string the sanitized DN | |||
*/ |