diff options
| -rw-r--r-- | apps/user_ldap/lib/access.php | 10 | ||||
| -rw-r--r-- | apps/user_ldap/user_ldap.php | 2 |
2 files changed, 9 insertions, 3 deletions
diff --git a/apps/user_ldap/lib/access.php b/apps/user_ldap/lib/access.php index 5a4d324fba2..76747be70cf 100644 --- a/apps/user_ldap/lib/access.php +++ b/apps/user_ldap/lib/access.php @@ -1085,12 +1085,18 @@ class Access extends LDAPUtility implements user\IUserTools { /** * escapes (user provided) parts for LDAP filter * @param string $input, the provided value + * @param bool $allowAsterisk wether in * at the beginning should be preserved * @return string the escaped string */ - public function escapeFilterPart($input) { + public function escapeFilterPart($input, $allowAsterisk = false) { + $asterisk = ''; + if($allowAsterisk && strlen($input) > 0 && $input[0] === '*') { + $asterisk = '*'; + $input = mb_substr($input, 1, null, 'UTF-8'); + } $search = array('*', '\\', '(', ')'); $replace = array('\\*', '\\\\', '\\(', '\\)'); - return str_replace($search, $replace, $input); + return $asterisk . str_replace($search, $replace, $input); } /** diff --git a/apps/user_ldap/user_ldap.php b/apps/user_ldap/user_ldap.php index 38c32cbda4a..52278082312 100644 --- a/apps/user_ldap/user_ldap.php +++ b/apps/user_ldap/user_ldap.php @@ -93,7 +93,7 @@ class USER_LDAP extends BackendUtility implements \OCP\UserInterface { * Get a list of all users. */ public function getUsers($search = '', $limit = 10, $offset = 0) { - $search = $this->access->escapeFilterPart($search); + $search = $this->access->escapeFilterPart($search, true); $cachekey = 'getUsers-'.$search.'-'.$limit.'-'.$offset; //check if users are cached, if so return |