Permalink
Browse files

Escape the rest of the filter values we use in constructed filters

Usernames with special characters—e.g. parens—were breaking all of our
normal filters.
  • Loading branch information...
1 parent 3154934 commit 6323aed5c296924120f1f4659c19c7f03f598f51 @tsibley tsibley committed Feb 23, 2012
Showing with 4 additions and 4 deletions.
  1. +4 −4 lib/RT/Authen/ExternalAuth/LDAP.pm
@@ -39,7 +39,7 @@ sub GetAuth {
$filter = Net::LDAP::Filter->new( '(&(' .
$attr_map->{'Name'} .
'=' .
- $username .
+ escape_filter_value($username) .
')' .
$filter .
')'
@@ -188,7 +188,7 @@ sub CanonicalizeUserInfo {
my @attrs = values(%{$config->{'attr_map'}});
# This is a bit confusing and probably broken. Something to revisit..
- my $filter_addition = ($key && $value) ? "(". $key . "=$value)" : "";
+ my $filter_addition = ($key && $value) ? "(". $key . "=". escape_filter_value($value) .")" : "";
if(defined($filter) && ($filter ne "()")) {
$filter = Net::LDAP::Filter->new( "(&" .
$filter .
@@ -315,7 +315,7 @@ sub UserExists {
'(' .
$config->{'attr_map'}->{'Name'} .
'=' .
- $username .
+ escape_filter_value($username) .
'))'
);
}
@@ -400,7 +400,7 @@ sub UserDisabled {
'(' .
$config->{'attr_map'}->{'Name'} .
'=' .
- $username .
+ escape_filter_value($username) .
'))'
);
} else {

0 comments on commit 6323aed

Please sign in to comment.