Merge pull request #12704 from owncloud/fix-12647-2

preserve an asterisk at the start when escaping a search term

2 files changed, 9 insertions, 3 deletions

diff --git a/apps/user_ldap/lib/access.php b/apps/user_ldap/lib/access.php
index 5a4d324fba2..76747be70cf 100644
--- a/apps/user_ldap/lib/access.php
+++ b/apps/user_ldap/lib/access.php
@@ -1085,12 +1085,18 @@ class Access extends LDAPUtility implements user\IUserTools {
 	/**
 	* escapes (user provided) parts for LDAP filter
 	* @param string $input, the provided value
+	* @param bool $allowAsterisk wether in * at the beginning should be preserved
 	* @return string the escaped string
 	*/
-	public function escapeFilterPart($input) {
+	public function escapeFilterPart($input, $allowAsterisk = false) {
+		$asterisk = '';
+		if($allowAsterisk && strlen($input) > 0 && $input[0] === '*') {
+			$asterisk = '*';
+			$input = mb_substr($input, 1, null, 'UTF-8');
+		}
 		$search  = array('*', '\\', '(', ')');
 		$replace = array('\\*', '\\\\', '\\(', '\\)');
-		return str_replace($search, $replace, $input);
+		return $asterisk . str_replace($search, $replace, $input);
 	}
 
 	/**
diff --git a/apps/user_ldap/user_ldap.php b/apps/user_ldap/user_ldap.php
index 38c32cbda4a..52278082312 100644
--- a/apps/user_ldap/user_ldap.php
+++ b/apps/user_ldap/user_ldap.php
@@ -93,7 +93,7 @@ class USER_LDAP extends BackendUtility implements \OCP\UserInterface {
 	 * Get a list of all users.
 	 */
 	public function getUsers($search = '', $limit = 10, $offset = 0) {
-		$search = $this->access->escapeFilterPart($search);
+		$search = $this->access->escapeFilterPart($search, true);
 		$cachekey = 'getUsers-'.$search.'-'.$limit.'-'.$offset;
 
 		//check if users are cached, if so return