LDAP: improve compilation of filters

author: Arthur Schiwon <blizzz@owncloud.com> 2014-02-19 13:13:01 +0100
committer: Arthur Schiwon <blizzz@owncloud.com> 2014-02-19 13:13:01 +0100
commit: c0328b4f0f12f54635e2ea2dccf6c356d8f479cc (patch)
tree: 5c8d526e58590396c5dacb06c1bf253d42ce0ce7 /apps/user_ldap/user_ldap.php
parent: f9d4780d27ca21d86d8dacf73eda52a73a479d61 (diff)
download: nextcloud-server-c0328b4f0f12f54635e2ea2dccf6c356d8f479cc.tar.gz
nextcloud-server-c0328b4f0f12f54635e2ea2dccf6c356d8f479cc.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/apps/user_ldap/user_ldap.php b/apps/user_ldap/user_ldap.php
index 4a147cf9884..757de6b60f4 100644
--- a/apps/user_ldap/user_ldap.php
+++ b/apps/user_ldap/user_ldap.php
@@ -163,6 +163,8 @@ class USER_LDAP extends BackendUtility implements \OCP\UserInterface {
 	 * Check if the password is correct without logging in the user
 	 */
 	public function checkPassword($uid, $password) {
+		$uid = $this->access->escapeFilterPart($uid);
+
 		//find out dn of the user name
 		$filter = \OCP\Util::mb_str_replace(
 			'%uid', $uid, $this->access->connection->ldapLoginFilter, 'UTF-8');
@@ -203,6 +205,7 @@ class USER_LDAP extends BackendUtility implements \OCP\UserInterface {
 	 * Get a list of all users.
 	 */
 	public function getUsers($search = '', $limit = 10, $offset = 0) {
+		$search = $this->access->escapeFilterPart($search);
 		$cachekey = 'getUsers-'.$search.'-'.$limit.'-'.$offset;
 
 		//check if users are cached, if so return
author	Arthur Schiwon <blizzz@owncloud.com>	2014-02-19 13:13:01 +0100
committer	Arthur Schiwon <blizzz@owncloud.com>	2014-02-19 13:13:01 +0100
commit	c0328b4f0f12f54635e2ea2dccf6c356d8f479cc (patch)
tree	5c8d526e58590396c5dacb06c1bf253d42ce0ce7 /apps/user_ldap/user_ldap.php
parent	f9d4780d27ca21d86d8dacf73eda52a73a479d61 (diff)
download	nextcloud-server-c0328b4f0f12f54635e2ea2dccf6c356d8f479cc.tar.gz nextcloud-server-c0328b4f0f12f54635e2ea2dccf6c356d8f479cc.zip