upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-06-17 12:42:50 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 16

fix(user_ldap): Escape filter part when searching for group members

Browse source 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
This commit is contained in:
Côme Chilliet 2026-05-18 16:27:00 +02:00 committed by backportbot[bot]
parent f81ab0e451
commit 392231e6a6
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
apps/user_ldap/lib/Group_LDAP.php
View file

@ -119,7 +119,7 @@ class Group_LDAP extends ABackend implements GroupInterface, IGroupLDAP, IGetDis
$parts = explode('@', $mid); //making sure we get only the uid
$mid = $parts[0];
}
$filter = str_replace('%uid', $mid, $this->access->connection->ldapLoginFilter);
$filter = str_replace('%uid', $this->access->escapeFilterPart($mid), $this->access->connection->ldapLoginFilter);
$filterParts[] = $filter;
$bytes += strlen($filter);
if ($bytes >= 9000000) {
@ -920,7 +920,7 @@ class Group_LDAP extends ABackend implements GroupInterface, IGroupLDAP, IGetDis
case 'memberuid':
//we got uids, need to get their DNs to 'translate' them to user names
$filter = $this->access->combineFilterWithAnd([
str_replace('%uid', trim($member), $this->access->connection->ldapLoginFilter),
str_replace('%uid', $this->access->escapeFilterPart($member), $this->access->connection->ldapLoginFilter),
$this->access->combineFilterWithAnd([
$this->access->getFilterPartForUserSearch($search),
$this->access->connection->ldapUserFilter
@ -1043,7 +1043,7 @@ class Group_LDAP extends ABackend implements GroupInterface, IGroupLDAP, IGetDis
}
//we got uids, need to get their DNs to 'translate' them to user names
$filter = $this->access->combineFilterWithAnd([
str_replace('%uid', $member, $this->access->connection->ldapLoginFilter),
str_replace('%uid', $this->access->escapeFilterPart($member), $this->access->connection->ldapLoginFilter),
$this->access->getFilterPartForUserSearch($search)
]);
$ldap_users = $this->access->fetchListOfUsers($filter, ['dn'], 1);