diff options
| author | Arthur Schiwon <blizzz@owncloud.com> | 2015-01-29 00:15:55 +0100 |
|---|---|---|
| committer | Arthur Schiwon <blizzz@owncloud.com> | 2015-07-23 14:33:30 +0200 |
| commit | 6309dbfa6a292726254e74dc72165c4c77f605b8 (patch) | |
| tree | 894085a6d0de3eac0162c3db9ad88aad07e34162 | |
| parent | 36f17964e5db0193130b403bdefa29b5c3e0b537 (diff) | |
| download | nextcloud-server-6309dbfa6a292726254e74dc72165c4c77f605b8.tar.gz nextcloud-server-6309dbfa6a292726254e74dc72165c4c77f605b8.zip | |
and escape the search term
| -rw-r--r-- | apps/user_ldap/group_ldap.php | 3 | ||||
| -rw-r--r-- | apps/user_ldap/lib/access.php | 2 | ||||
| -rw-r--r-- | apps/user_ldap/lib/connection.php | 1 |
3 files changed, 5 insertions, 1 deletions
diff --git a/apps/user_ldap/group_ldap.php b/apps/user_ldap/group_ldap.php index 87e4a5ce65f..5dc4f836904 100644 --- a/apps/user_ldap/group_ldap.php +++ b/apps/user_ldap/group_ldap.php @@ -444,6 +444,7 @@ class GROUP_LDAP extends BackendUtility implements \OCP\GroupInterface { if(!$this->groupExists($gid)) { return array(); } + $search = $this->access->escapeFilterPart($search, true); $cacheKey = 'usersInGroup-'.$gid.'-'.$search.'-'.$limit.'-'.$offset; // check for cache of the exact query $groupUsers = $this->access->connection->getFromCache($cacheKey); @@ -557,6 +558,7 @@ class GROUP_LDAP extends BackendUtility implements \OCP\GroupInterface { $this->access->connection->writeToCache($cacheKey, $groupUsers); return $groupUsers; } + $search = $this->access->escapeFilterPart($search, true); $isMemberUid = (strtolower($this->access->connection->ldapGroupMemberAssocAttr) === 'memberuid'); @@ -663,6 +665,7 @@ class GROUP_LDAP extends BackendUtility implements \OCP\GroupInterface { if(!$this->enabled) { return array(); } + $search = $this->access->escapeFilterPart($search, true); $pagingSize = $this->access->connection->ldapPagingSize; if ((! $this->access->connection->hasPagedResultSupport) || empty($pagingSize)) { diff --git a/apps/user_ldap/lib/access.php b/apps/user_ldap/lib/access.php index 23ecd4fc36f..d6d9743f7bd 100644 --- a/apps/user_ldap/lib/access.php +++ b/apps/user_ldap/lib/access.php @@ -958,7 +958,7 @@ class Access extends LDAPUtility implements user\IUserTools { /** * escapes (user provided) parts for LDAP filter * @param string $input, the provided value - * @param bool $allowAsterisk wether in * at the beginning should be preserved + * @param bool $allowAsterisk whether in * at the beginning should be preserved * @return string the escaped string */ public function escapeFilterPart($input, $allowAsterisk = false) { diff --git a/apps/user_ldap/lib/connection.php b/apps/user_ldap/lib/connection.php index d22adbd563c..7f7225ff141 100644 --- a/apps/user_ldap/lib/connection.php +++ b/apps/user_ldap/lib/connection.php @@ -34,6 +34,7 @@ use OC\ServerNotAvailableException; * @property boolean hasPagedResultSupport * @property string[] ldapBaseUsers * @property int|string ldapPagingSize holds an integer + * @property bool|mixed|void ldapGroupMemberAssocAttr */ class Connection extends LDAPUtility { private $ldapConnectionRes = null; |