summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorArthur Schiwon <blizzz@owncloud.com>2012-05-17 15:14:47 +0200
committerArthur Schiwon <blizzz@owncloud.com>2012-05-17 17:17:40 +0200
commit7a7c301d7d0643fbb1a3a31b8ad5974013567270 (patch)
treefdf76a815860c5fcfe4992d994bdaa4054eb8b20
parent57cf0ae3d106828515fd831347a0438c9b80b477 (diff)
downloadnextcloud-server-7a7c301d7d0643fbb1a3a31b8ad5974013567270.tar.gz
nextcloud-server-7a7c301d7d0643fbb1a3a31b8ad5974013567270.zip
LDAP: follow user- and groupname char limitations for LDAP display names
WARNING: may affect existing installations if display names included unallowed characters. Allowed are only a-zA-Z0-9._-@ This fix is however needed, because names with unallowed characters may cause conflicts
-rw-r--r--apps/user_ldap/lib_ldap.php28
1 files changed, 21 insertions, 7 deletions
diff --git a/apps/user_ldap/lib_ldap.php b/apps/user_ldap/lib_ldap.php
index 00d81e73efd..5252f4cce7c 100644
--- a/apps/user_ldap/lib_ldap.php
+++ b/apps/user_ldap/lib_ldap.php
@@ -198,6 +198,7 @@ class OC_LDAP {
$ldapname = self::readAttribute($dn, $nameAttribute);
$ldapname = $ldapname[0];
}
+ $ldapname = self::sanitizeUsername($ldapname);
//a new user/group! Then let's try to add it. We're shooting into the blue with the user/group name, assuming that in most cases there will not be a conflict. Otherwise an error will occur and we will continue with our second shot.
if(self::mapComponent($dn, $ldapname, $isUser)) {
@@ -255,16 +256,17 @@ class OC_LDAP {
continue;
}
- //a new group! Then let's try to add it. We're shooting into the blue with the group name, assuming that in most cases there will not be a conflict
- if(self::mapComponent($ldapObject['dn'], $ldapObject[$nameAttribute], $isUsers)) {
- $ownCloudNames[] = $ldapObject[$nameAttribute];
+ //a new group! Then let's try to add it. We're shooting into the blue with the group name, assuming that in most cases there will not be a conflict. But first make sure, that the display name contains only allowed characters.
+ $ocname = self::sanitizeUsername($ldapObject[$nameAttribute]);
+ if(self::mapComponent($ldapObject['dn'], $ocname, $isUsers)) {
+ $ownCloudNames[] = $ocname;
continue;
}
//doh! There is a conflict. We need to distinguish between groups. Adding indexes is an idea, but not much of a help for the user. The DN is ugly, but for now the only reasonable way. But we transform it to a readable format and remove the first part to only give the path where this entry is located.
- $oc_name = self::alternateOwnCloudName($ldapObject[$nameAttribute], $ldapObject['dn']);
- if(self::mapComponent($ldapObject['dn'], $oc_name, $isUsers)) {
- $ownCloudNames[] = $oc_name;
+ $ocname = self::alternateOwnCloudName($ocname, $ldapObject['dn']);
+ if(self::mapComponent($ldapObject['dn'], $ocname, $isUsers)) {
+ $ownCloudNames[] = $ocname;
continue;
}
@@ -284,7 +286,9 @@ class OC_LDAP {
*/
static private function alternateOwnCloudName($name, $dn) {
$ufn = ldap_dn2ufn($dn);
- return $name . ' (' . trim(substr_replace($ufn, '', 0, strpos($ufn, ','))) . ')';
+ $name = $name . '@' . trim(substr_replace($ufn, '', 0, strpos($ufn, ',')));
+ $name = self::sanitizeUsername($name);
+ return $name;
}
/**
@@ -522,6 +526,16 @@ class OC_LDAP {
return $dn;
}
+ static private function sanitizeUsername($name) {
+ //REPLACEMENTS
+ $name = str_replace(' ', '_', $name);
+
+ //every remaining unallowed characters will be removed
+ $name = preg_replace('/[^a-zA-Z0-9_.@-]/', '', $name);
+
+ return $name;
+ }
+
/**
* @brief combines the input filters with AND
* @param $filters array, the filters to connect