Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[Ldap] Escape carriage returns in LDAP DNs.
  • Loading branch information
ChadSikorra authored and fabpot committed Dec 18, 2015
1 parent dd78303 commit 2243db4
Show file tree
Hide file tree
Showing 2 changed files with 42 additions and 1 deletion.
15 changes: 14 additions & 1 deletion src/Symfony/Component/Ldap/LdapClient.php
Expand Up @@ -99,7 +99,20 @@ public function find($dn, $query, $filter = '*')
*/
public function escape($subject, $ignore = '', $flags = 0)
{
return ldap_escape($subject, $ignore, $flags);
$value = ldap_escape($subject, $ignore, $flags);

// Per RFC 4514, leading/trailing spaces should be encoded in DNs, as well as carriage returns.
if ((int) $flags & LDAP_ESCAPE_DN) {
if (!empty($value) && $value[0] === ' ') {
$value = '\\20'.substr($value, 1);
}
if (!empty($value) && $value[strlen($value) - 1] === ' ') {
$value = substr($value, 0, -1).'\\20';
}
$value = str_replace("\r", '\0d', $value);
}

return $value;
}

private function connect()
Expand Down
28 changes: 28 additions & 0 deletions src/Symfony/Component/Ldap/Tests/LdapClientTest.php
@@ -0,0 +1,28 @@
<?php

/*
* This file is part of the Symfony package.
*
* (c) Fabien Potencier <fabien@symfony.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/

namespace Symfony\Component\Ldap\Tests;

use Symfony\Component\Ldap\LdapClient;
use Symfony\Polyfill\Php56\Php56 as p;

/**
* @requires extension ldap
*/
class LdapClientTest extends \PHPUnit_Framework_TestCase
{
public function testLdapEscape()
{
$ldap = new LdapClient();

$this->assertEquals('\20foo\3dbar\0d(baz)*\20', $ldap->escape(" foo=bar\r(baz)* ", null, p::LDAP_ESCAPE_DN));
}
}

0 comments on commit 2243db4

Please sign in to comment.