diff options
| author | Arthur Schiwon <blizzz@owncloud.com> | 2015-01-29 00:15:55 +0100 |
|---|---|---|
| committer | Arthur Schiwon <blizzz@owncloud.com> | 2015-01-29 00:27:05 +0100 |
| commit | 73600cfdd80694a9ffa526147d79b231fd85c5b2 (patch) | |
| tree | 95544293e6d475851c1f82f6eba9e073195c69c7 | |
| parent | 953a88785bf71bcf0763e98934d6d2b503f88402 (diff) | |
| download | nextcloud-server-73600cfdd80694a9ffa526147d79b231fd85c5b2.tar.gz nextcloud-server-73600cfdd80694a9ffa526147d79b231fd85c5b2.zip | |
and escape the search term
| -rw-r--r-- | apps/user_ldap/group_ldap.php | 3 | ||||
| -rw-r--r-- | apps/user_ldap/lib/access.php | 2 | ||||
| -rw-r--r-- | apps/user_ldap/lib/connection.php | 1 |
3 files changed, 5 insertions, 1 deletions
diff --git a/apps/user_ldap/group_ldap.php b/apps/user_ldap/group_ldap.php index bd56dbd56c4..40d702360fb 100644 --- a/apps/user_ldap/group_ldap.php +++ b/apps/user_ldap/group_ldap.php @@ -444,6 +444,7 @@ class GROUP_LDAP extends BackendUtility implements \OCP\GroupInterface { if(!$this->groupExists($gid)) { return array(); } + $search = $this->access->escapeFilterPart($search, true); $cacheKey = 'usersInGroup-'.$gid.'-'.$search.'-'.$limit.'-'.$offset; // check for cache of the exact query $groupUsers = $this->access->connection->getFromCache($cacheKey); @@ -557,6 +558,7 @@ class GROUP_LDAP extends BackendUtility implements \OCP\GroupInterface { $this->access->connection->writeToCache($cacheKey, $groupUsers); return $groupUsers; } + $search = $this->access->escapeFilterPart($search, true); $isMemberUid = (strtolower($this->access->connection->ldapGroupMemberAssocAttr) === 'memberuid'); @@ -663,6 +665,7 @@ class GROUP_LDAP extends BackendUtility implements \OCP\GroupInterface { if(!$this->enabled) { return array(); } + $search = $this->access->escapeFilterPart($search, true); $pagingSize = $this->access->connection->ldapPagingSize; if ((! $this->access->connection->hasPagedResultSupport) || empty($pagingSize)) { diff --git a/apps/user_ldap/lib/access.php b/apps/user_ldap/lib/access.php index b6394823947..e041bc32a65 100644 --- a/apps/user_ldap/lib/access.php +++ b/apps/user_ldap/lib/access.php @@ -958,7 +958,7 @@ class Access extends LDAPUtility implements user\IUserTools { /** * escapes (user provided) parts for LDAP filter * @param string $input, the provided value - * @param bool $allowAsterisk wether in * at the beginning should be preserved + * @param bool $allowAsterisk whether in * at the beginning should be preserved * @return string the escaped string */ public function escapeFilterPart($input, $allowAsterisk = false) { diff --git a/apps/user_ldap/lib/connection.php b/apps/user_ldap/lib/connection.php index a9d21ffc8e7..c083e7d55e1 100644 --- a/apps/user_ldap/lib/connection.php +++ b/apps/user_ldap/lib/connection.php @@ -32,6 +32,7 @@ namespace OCA\user_ldap\lib; * @property boolean hasPagedResultSupport * @property string[] ldapBaseUsers * @property int|string ldapPagingSize holds an integer + * @property bool|mixed|void ldapGroupMemberAssocAttr */ class Connection extends LDAPUtility { private $ldapConnectionRes = null; |