diff options
| author | Arthur Schiwon <blizzz@owncloud.com> | 2012-05-17 15:14:47 +0200 |
|---|---|---|
| committer | Arthur Schiwon <blizzz@owncloud.com> | 2012-05-17 17:17:40 +0200 |
| commit | 7a7c301d7d0643fbb1a3a31b8ad5974013567270 (patch) | |
| tree | fdf76a815860c5fcfe4992d994bdaa4054eb8b20 /apps | |
| parent | 57cf0ae3d106828515fd831347a0438c9b80b477 (diff) | |
| download | nextcloud-server-7a7c301d7d0643fbb1a3a31b8ad5974013567270.tar.gz nextcloud-server-7a7c301d7d0643fbb1a3a31b8ad5974013567270.zip | |
LDAP: follow user- and groupname char limitations for LDAP display names
WARNING: may affect existing installations if display names included unallowed characters. Allowed are only a-zA-Z0-9._-@ This fix is however needed, because names with unallowed characters may cause conflicts
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/user_ldap/lib_ldap.php | 28 |
1 files changed, 21 insertions, 7 deletions
diff --git a/apps/user_ldap/lib_ldap.php b/apps/user_ldap/lib_ldap.php index 00d81e73efd..5252f4cce7c 100644 --- a/apps/user_ldap/lib_ldap.php +++ b/apps/user_ldap/lib_ldap.php @@ -198,6 +198,7 @@ class OC_LDAP { $ldapname = self::readAttribute($dn, $nameAttribute); $ldapname = $ldapname[0]; } + $ldapname = self::sanitizeUsername($ldapname); //a new user/group! Then let's try to add it. We're shooting into the blue with the user/group name, assuming that in most cases there will not be a conflict. Otherwise an error will occur and we will continue with our second shot. if(self::mapComponent($dn, $ldapname, $isUser)) { @@ -255,16 +256,17 @@ class OC_LDAP { continue; } - //a new group! Then let's try to add it. We're shooting into the blue with the group name, assuming that in most cases there will not be a conflict - if(self::mapComponent($ldapObject['dn'], $ldapObject[$nameAttribute], $isUsers)) { - $ownCloudNames[] = $ldapObject[$nameAttribute]; + //a new group! Then let's try to add it. We're shooting into the blue with the group name, assuming that in most cases there will not be a conflict. But first make sure, that the display name contains only allowed characters. + $ocname = self::sanitizeUsername($ldapObject[$nameAttribute]); + if(self::mapComponent($ldapObject['dn'], $ocname, $isUsers)) { + $ownCloudNames[] = $ocname; continue; } //doh! There is a conflict. We need to distinguish between groups. Adding indexes is an idea, but not much of a help for the user. The DN is ugly, but for now the only reasonable way. But we transform it to a readable format and remove the first part to only give the path where this entry is located. - $oc_name = self::alternateOwnCloudName($ldapObject[$nameAttribute], $ldapObject['dn']); - if(self::mapComponent($ldapObject['dn'], $oc_name, $isUsers)) { - $ownCloudNames[] = $oc_name; + $ocname = self::alternateOwnCloudName($ocname, $ldapObject['dn']); + if(self::mapComponent($ldapObject['dn'], $ocname, $isUsers)) { + $ownCloudNames[] = $ocname; continue; } @@ -284,7 +286,9 @@ class OC_LDAP { */ static private function alternateOwnCloudName($name, $dn) { $ufn = ldap_dn2ufn($dn); - return $name . ' (' . trim(substr_replace($ufn, '', 0, strpos($ufn, ','))) . ')'; + $name = $name . '@' . trim(substr_replace($ufn, '', 0, strpos($ufn, ','))); + $name = self::sanitizeUsername($name); + return $name; } /** @@ -522,6 +526,16 @@ class OC_LDAP { return $dn; } + static private function sanitizeUsername($name) { + //REPLACEMENTS + $name = str_replace(' ', '_', $name); + + //every remaining unallowed characters will be removed + $name = preg_replace('/[^a-zA-Z0-9_.@-]/', '', $name); + + return $name; + } + /** * @brief combines the input filters with AND * @param $filters array, the filters to connect |