@@ -120,7 +120,7 @@ public function inGroup($uid, $gid): bool {
120120 $ parts = explode ('@ ' , $ mid ); //making sure we get only the uid
121121 $ mid = $ parts [0 ];
122122 }
123- $ filter = str_replace ('%uid ' , $ mid , $ this ->access ->connection ->ldapLoginFilter );
123+ $ filter = str_replace ('%uid ' , $ this -> access -> escapeFilterPart ( $ mid) , $ this ->access ->connection ->ldapLoginFilter );
124124 $ filterParts [] = $ filter ;
125125 $ bytes += strlen ($ filter );
126126 if ($ bytes >= 9000000 ) {
@@ -921,7 +921,7 @@ public function usersInGroup($gid, $search = '', $limit = -1, $offset = 0) {
921921 case 'memberuid ' :
922922 //we got uids, need to get their DNs to 'translate' them to user names
923923 $ filter = $ this ->access ->combineFilterWithAnd ([
924- str_replace ('%uid ' , trim ($ member ), $ this ->access ->connection ->ldapLoginFilter ),
924+ str_replace ('%uid ' , $ this -> access -> escapeFilterPart ($ member ), $ this ->access ->connection ->ldapLoginFilter ),
925925 $ this ->access ->combineFilterWithAnd ([
926926 $ this ->access ->getFilterPartForUserSearch ($ search ),
927927 $ this ->access ->connection ->ldapUserFilter
@@ -1044,7 +1044,7 @@ public function countUsersInGroup($gid, $search = '') {
10441044 }
10451045 //we got uids, need to get their DNs to 'translate' them to user names
10461046 $ filter = $ this ->access ->combineFilterWithAnd ([
1047- str_replace ('%uid ' , $ member , $ this ->access ->connection ->ldapLoginFilter ),
1047+ str_replace ('%uid ' , $ this -> access -> escapeFilterPart ( $ member) , $ this ->access ->connection ->ldapLoginFilter ),
10481048 $ this ->access ->getFilterPartForUserSearch ($ search )
10491049 ]);
10501050 $ ldap_users = $ this ->access ->fetchListOfUsers ($ filter , ['dn ' ], 1 );
0 commit comments