mirror of
https://github.com/kakwa/ldapcherry
synced 2024-11-26 11:14:31 +01:00
escaping search string for ldap
This commit is contained in:
parent
3a6da2e480
commit
64b9573634
@ -8,6 +8,7 @@
|
|||||||
import cherrypy
|
import cherrypy
|
||||||
import ldap
|
import ldap
|
||||||
import ldap.modlist as modlist
|
import ldap.modlist as modlist
|
||||||
|
import ldap.filter
|
||||||
import logging
|
import logging
|
||||||
import ldapcherry.backend
|
import ldapcherry.backend
|
||||||
from ldapcherry.exceptions import UserDoesntExist, GroupDoesntExist
|
from ldapcherry.exceptions import UserDoesntExist, GroupDoesntExist
|
||||||
@ -213,6 +214,7 @@ class Backend(ldapcherry.backend.Backend):
|
|||||||
|
|
||||||
def _get_user(self, username, attrs=ALL_ATTRS):
|
def _get_user(self, username, attrs=ALL_ATTRS):
|
||||||
|
|
||||||
|
username = ldap.filter.escape_filter_chars(username)
|
||||||
user_filter = self.user_filter_tmpl % {
|
user_filter = self.user_filter_tmpl % {
|
||||||
'username': username
|
'username': username
|
||||||
}
|
}
|
||||||
@ -378,6 +380,7 @@ class Backend(ldapcherry.backend.Backend):
|
|||||||
def search(self, searchstring):
|
def search(self, searchstring):
|
||||||
ret = {}
|
ret = {}
|
||||||
|
|
||||||
|
searchstring = ldap.filter.escape_filter_chars(searchstring)
|
||||||
searchfilter = self.search_filter_tmpl % {
|
searchfilter = self.search_filter_tmpl % {
|
||||||
'searchstring': searchstring
|
'searchstring': searchstring
|
||||||
}
|
}
|
||||||
@ -410,6 +413,8 @@ class Backend(ldapcherry.backend.Backend):
|
|||||||
return ret
|
return ret
|
||||||
|
|
||||||
def get_groups(self, username):
|
def get_groups(self, username):
|
||||||
|
|
||||||
|
username = ldap.filter.escape_filter_chars(username)
|
||||||
userdn = self._get_user(username, NO_ATTR)
|
userdn = self._get_user(username, NO_ATTR)
|
||||||
|
|
||||||
searchfilter = self.group_filter_tmpl % {
|
searchfilter = self.group_filter_tmpl % {
|
||||||
|
Loading…
Reference in New Issue
Block a user