diff options
| author | AaronDewes <aaron.dewes@protonmail.com> | 2023-03-13 18:58:59 +0000 |
|---|---|---|
| committer | Aaron Dewes <aaron@runcitadel.space> | 2023-08-13 15:43:04 +0200 |
| commit | c42d9d439a2aa72d0be159f793c08dfeb612eec9 (patch) | |
| tree | 2398b0844536c1588b486aef8378f74752a8e0cd /apps | |
| parent | 51a73d8e807e6211a4b0d06c54f2d4833576cb48 (diff) | |
| download | nextcloud-server-c42d9d439a2aa72d0be159f793c08dfeb612eec9.tar.gz nextcloud-server-c42d9d439a2aa72d0be159f793c08dfeb612eec9.zip | |
Fix: Escape group names for LDAP
Groups may contain special characters (Like "(" or ")") that should be escaped to ensure geenrted queries are correct.
Signed-off-by: AaronDewes <aaron.dewes@protonmail.com>
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/user_ldap/lib/Wizard.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/apps/user_ldap/lib/Wizard.php b/apps/user_ldap/lib/Wizard.php index 3014ec8e8a7..785a0c6359a 100644 --- a/apps/user_ldap/lib/Wizard.php +++ b/apps/user_ldap/lib/Wizard.php @@ -973,7 +973,7 @@ class Wizard extends LDAPUtility { if (is_array($cns) && count($cns) > 0) { $filter .= '(|'; foreach ($cns as $cn) { - $filter .= '(cn=' . $cn . ')'; + $filter .= '(cn=' . ldap_escape($cn, '', LDAP_ESCAPE_FILTER) . ')'; } $filter .= ')'; } |