Merge pull request #454 from UPC/416_ldap

[#416] escape values as suggested by nonamed01

lib/Ravada/Auth/LDAP.pm

@@ -18,6 +18,7 @@ use Moose;
 use Net::LDAP;
 use Net::LDAPS;
 use Net::LDAP::Entry;
+use Net::LDAP::Util qw(escape_filter_value);
 use Net::Domain qw(hostdomain);
 
 use Ravada::Auth::SQL;
@@ -65,6 +66,9 @@ sub add_user {
 
     _init_ldap_admin();
 
+    $name = escape_filter_value($name);
+    $password = escape_filter_value($password);
+
     confess "No dc base in config ".Dumper($$CONFIG->{ldap})
         if !_dc_base();
     my ($givenName, $sn) = $name =~ m{(\w+)\.(.*)};
@@ -124,6 +128,8 @@ Search user by uid
 sub search_user {
     my $username = shift;
 
+    $username = escape_filter_value($username);
+
     _init_ldap();
 
     my $ldap = (shift or $LDAP_ADMIN);
@@ -172,6 +178,8 @@ sub add_group {
     my $name = shift;
     my $base = (shift or _dc_base());
 
+    $name = escape_filter_value($name);
+
     my $mesg = $LDAP_ADMIN->add(
         cn => $name
         ,dn => "cn=$name,ou=groups,$base"
@@ -224,6 +232,8 @@ sub search_group {
     my $base = ( $args{base} or "ou=groups,"._dc_base() );
     my $ldap = ( $args{ldap} or $LDAP );
 
+    $name = escape_filter_value($name);
+
     my $mesg = $ldap ->search (
         filter => "cn=$name"
          ,base => $base