Skip to content

Commit eccffd0

Browse files
authored
Merge pull request #61320 from nextcloud/fix/escape-ldap-members-in-filter
fix(user_ldap): Escape filter part when searching for group members
2 parents f75f0cc + 30ba835 commit eccffd0

1 file changed

Lines changed: 3 additions & 3 deletions

File tree

apps/user_ldap/lib/Group_LDAP.php

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -120,7 +120,7 @@ public function inGroup($uid, $gid): bool {
120120
$parts = explode('@', $mid); //making sure we get only the uid
121121
$mid = $parts[0];
122122
}
123-
$filter = str_replace('%uid', $mid, $this->access->connection->ldapLoginFilter);
123+
$filter = str_replace('%uid', $this->access->escapeFilterPart($mid), $this->access->connection->ldapLoginFilter);
124124
$filterParts[] = $filter;
125125
$bytes += strlen($filter);
126126
if ($bytes >= 9000000) {
@@ -921,7 +921,7 @@ public function usersInGroup($gid, $search = '', $limit = -1, $offset = 0) {
921921
case 'memberuid':
922922
//we got uids, need to get their DNs to 'translate' them to user names
923923
$filter = $this->access->combineFilterWithAnd([
924-
str_replace('%uid', trim($member), $this->access->connection->ldapLoginFilter),
924+
str_replace('%uid', $this->access->escapeFilterPart($member), $this->access->connection->ldapLoginFilter),
925925
$this->access->combineFilterWithAnd([
926926
$this->access->getFilterPartForUserSearch($search),
927927
$this->access->connection->ldapUserFilter
@@ -1044,7 +1044,7 @@ public function countUsersInGroup($gid, $search = '') {
10441044
}
10451045
//we got uids, need to get their DNs to 'translate' them to user names
10461046
$filter = $this->access->combineFilterWithAnd([
1047-
str_replace('%uid', $member, $this->access->connection->ldapLoginFilter),
1047+
str_replace('%uid', $this->access->escapeFilterPart($member), $this->access->connection->ldapLoginFilter),
10481048
$this->access->getFilterPartForUserSearch($search)
10491049
]);
10501050
$ldap_users = $this->access->fetchListOfUsers($filter, ['dn'], 1);

0 commit comments

Comments
 (0)