1
0
mirror of https://github.com/kakwa/ldapcherry synced 2024-11-26 11:14:31 +01:00

escaping search string for ldap

This commit is contained in:
kakwa 2015-07-15 21:28:54 +02:00
parent 3a6da2e480
commit 64b9573634

View File

@ -8,6 +8,7 @@
import cherrypy import cherrypy
import ldap import ldap
import ldap.modlist as modlist import ldap.modlist as modlist
import ldap.filter
import logging import logging
import ldapcherry.backend import ldapcherry.backend
from ldapcherry.exceptions import UserDoesntExist, GroupDoesntExist from ldapcherry.exceptions import UserDoesntExist, GroupDoesntExist
@ -213,6 +214,7 @@ class Backend(ldapcherry.backend.Backend):
def _get_user(self, username, attrs=ALL_ATTRS): def _get_user(self, username, attrs=ALL_ATTRS):
username = ldap.filter.escape_filter_chars(username)
user_filter = self.user_filter_tmpl % { user_filter = self.user_filter_tmpl % {
'username': username 'username': username
} }
@ -378,6 +380,7 @@ class Backend(ldapcherry.backend.Backend):
def search(self, searchstring): def search(self, searchstring):
ret = {} ret = {}
searchstring = ldap.filter.escape_filter_chars(searchstring)
searchfilter = self.search_filter_tmpl % { searchfilter = self.search_filter_tmpl % {
'searchstring': searchstring 'searchstring': searchstring
} }
@ -410,6 +413,8 @@ class Backend(ldapcherry.backend.Backend):
return ret return ret
def get_groups(self, username): def get_groups(self, username):
username = ldap.filter.escape_filter_chars(username)
userdn = self._get_user(username, NO_ATTR) userdn = self._get_user(username, NO_ATTR)
searchfilter = self.group_filter_tmpl % { searchfilter = self.group_filter_tmpl % {