security-and-privacy/ldapcherry
security-and-privacy/ldapcherry
1
0
Fork 0
mirror of https://github.com/kakwa/ldapcherry synced 2024-11-22 09:24:21 +01:00
Code Releases Activity

escaping search string for ldap

Browse Source
This commit is contained in:
kakwa 2015-07-15 21:28:54 +02:00
parent 3a6da2e480
commit 64b9573634
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ldapcherry/backend/backendLdap.py
View File

@ -8,6 +8,7 @@
import cherrypy
import ldap
import ldap.modlist as modlist
import ldap.filter
import logging
import ldapcherry.backend
from ldapcherry.exceptions import UserDoesntExist, GroupDoesntExist
@ -213,6 +214,7 @@ class Backend(ldapcherry.backend.Backend):
def _get_user(self, username, attrs=ALL_ATTRS):
username = ldap.filter.escape_filter_chars(username)
user_filter = self.user_filter_tmpl % {
'username': username
}
@ -378,6 +380,7 @@ class Backend(ldapcherry.backend.Backend):
def search(self, searchstring):
ret = {}
searchstring = ldap.filter.escape_filter_chars(searchstring)
searchfilter = self.search_filter_tmpl % {
'searchstring': searchstring
}
@ -410,6 +413,8 @@ class Backend(ldapcherry.backend.Backend):
return ret
def get_groups(self, username):
username = ldap.filter.escape_filter_chars(username)
userdn = self._get_user(username, NO_ATTR)
searchfilter = self.group_filter_tmpl % {