diff options
| author | Aaron Dewes <aaron.dewes@protonmail.com> | 2023-03-14 07:41:03 +0100 |
|---|---|---|
| committer | Aaron Dewes <aaron@runcitadel.space> | 2023-08-13 15:43:04 +0200 |
| commit | 13d9494af32fb30c39f7ce64f781454681eb0379 (patch) | |
| tree | fbc6cd0034777f8ae106c23b329c4f1ae9888083 /apps | |
| parent | c42d9d439a2aa72d0be159f793c08dfeb612eec9 (diff) | |
| download | nextcloud-server-13d9494af32fb30c39f7ce64f781454681eb0379.tar.gz nextcloud-server-13d9494af32fb30c39f7ce64f781454681eb0379.zip | |
Escape some more values
Signed-off-by: Aaron Dewes <aaron.dewes@protonmail.com>
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/user_ldap/lib/Wizard.php | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/apps/user_ldap/lib/Wizard.php b/apps/user_ldap/lib/Wizard.php index 785a0c6359a..29407ceb0a5 100644 --- a/apps/user_ldap/lib/Wizard.php +++ b/apps/user_ldap/lib/Wizard.php @@ -909,7 +909,7 @@ class Wizard extends LDAPUtility { if (is_array($objcs) && count($objcs) > 0) { $filter .= '(|'; foreach ($objcs as $objc) { - $filter .= '(objectclass=' . $objc . ')'; + $filter .= '(objectclass=' . ldap_escape($objc, '', LDAP_ESCAPE_FILTER) . ')'; } $filter .= ')'; $parts++; @@ -925,7 +925,7 @@ class Wizard extends LDAPUtility { } $base = $this->configuration->ldapBase[0]; foreach ($cns as $cn) { - $rr = $this->ldap->search($cr, $base, 'cn=' . $cn, ['dn', 'primaryGroupToken']); + $rr = $this->ldap->search($cr, $base, 'cn=' . ldap_escape($cn, '', LDAP_ESCAPE_FILTER), ['dn', 'primaryGroupToken']); if (!$this->ldap->isResource($rr)) { continue; } @@ -936,10 +936,10 @@ class Wizard extends LDAPUtility { if ($dn === false || $dn === '') { continue; } - $filterPart = '(memberof=' . $dn . ')'; + $filterPart = '(memberof=' . ldap_escape($dn, '', LDAP_ESCAPE_FILTER) . ')'; if (isset($attrs['primaryGroupToken'])) { $pgt = $attrs['primaryGroupToken'][0]; - $primaryFilterPart = '(primaryGroupID=' . $pgt .')'; + $primaryFilterPart = '(primaryGroupID=' . ldap_escape($pgt, '', LDAP_ESCAPE_FILTER) .')'; $filterPart = '(|' . $filterPart . $primaryFilterPart . ')'; } $filter .= $filterPart; @@ -963,7 +963,7 @@ class Wizard extends LDAPUtility { if (is_array($objcs) && count($objcs) > 0) { $filter .= '(|'; foreach ($objcs as $objc) { - $filter .= '(objectclass=' . $objc . ')'; + $filter .= '(objectclass=' . ldap_escape($objc, '', LDAP_ESCAPE_FILTER) . ')'; } $filter .= ')'; $parts++; |