System will be undergoing maintenance on November 24th from 20:00 CET to November 25th 05:00 CET Some downtime might happen. Sorry for the inconvenience.

Commit 2251697f authored by Jean-Philippe Levy's avatar Jean-Philippe Levy

Fix ldap characters again

parent 9387f6e7
......@@ -712,16 +712,20 @@ function build($pRequest,&$file,$pWritenBP){
}
// Ldap escape special caracters
function ldap_escape ($str){
function ldap_escape($str, $login=false, $escape=false){
$str = trim($str);
if ( isset($str) ) {
$str = str_replace("\\", "\\\\", $str);
$str = str_replace("'", "\'", $str);
$str = str_replace('"', '\"', $str);
if ( $login ) {
$search = array("\\\\",'"','+','>','<');
$replace = array("\\",'\"','\\2B','\>','\<');
} else {
$search = array("\\","'",'"');
$replace = array("\\\\","\'",'\"');
}
$str = str_replace($search, $replace, $str);
if ( $escape ) { $str = str_replace("\\", "\\\\", $str); }
return $str;
}
......
......@@ -155,9 +155,11 @@ else {
if(is_int($result)){ continue; }
$user_dn = $result["distinguishedname"][0];
$user_dn = str_replace("\\","",$user_dn);
$in_clause = "(";
foreach($result["memberof"] as $group_dn){
$group_dn=str_replace("\\","",$group_dn);
// idem, skip the first entry is it's an int
if(is_int($group_dn)){ continue; }
......@@ -175,7 +177,7 @@ else {
$group_id = mysqli_result($sql_results,0,"group_id");
// check user's connection to ldap
$ldapbind = ldap_bind($ldapconn, $user_dn, $mdp);
$ldapbind = ldap_bind($ldapconn, ldap_escape($user_dn,true), $mdp);
if($ldapbind){
// insert the user in DB.
......@@ -198,7 +200,7 @@ else {
$ldap_port=mysqli_result($ldapsql,0,"ldap_port");
$ldap_rdn=mysqli_result($ldapsql,0,"ldap_rdn");
$ldap_search=mysqli_result($ldapsql,0,"ldap_search");
$user_location=str_replace("\\\\","\\",mysqli_result($usersql,0,"user_location"));
$user_location=ldap_escape(mysqli_result($usersql,0,"user_location"),true);
$ldapconn=ldap_connect($ldap_ip,$ldap_port);
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
......
......@@ -56,12 +56,12 @@ if($backend_selected=="1"){
foreach ($group_names as $group_name) {
$sql = "SELECT group_dn FROM groups WHERE group_name = '$group_name'";
$result = sqlrequest("$database_eonweb", "$sql");
$group_dn = mysqli_result($result,0,"group_dn");
$group_dn = ldap_escape(mysqli_result($result,0,"group_dn"),true,true);
$mini_array = array();
foreach ($ldap_search_begins as $c){
$filter = "(&(objectCategory=user)(memberOf=$group_dn)(name=" . $c . "*))";
$sr=ldap_search($ldapconn, $ldap_search, $filter, array("dn" ,"name", "samaccountname", "mail"));
$info = ldap_get_entries($ldapconn, $sr);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment