[Ldap] Escape carriage returns in LDAP DNs.

This commit is contained in:
Chad Sikorra 2015-12-04 20:22:28 -06:00 committed by Fabien Potencier
parent dd7830314a
commit 2243db49b8
2 changed files with 42 additions and 1 deletions

View File

@ -99,7 +99,20 @@ class LdapClient implements LdapClientInterface
*/
public function escape($subject, $ignore = '', $flags = 0)
{
return ldap_escape($subject, $ignore, $flags);
$value = ldap_escape($subject, $ignore, $flags);
// Per RFC 4514, leading/trailing spaces should be encoded in DNs, as well as carriage returns.
if ((int) $flags & LDAP_ESCAPE_DN) {
if (!empty($value) && $value[0] === ' ') {
$value = '\\20'.substr($value, 1);
}
if (!empty($value) && $value[strlen($value) - 1] === ' ') {
$value = substr($value, 0, -1).'\\20';
}
$value = str_replace("\r", '\0d', $value);
}
return $value;
}
private function connect()

View File

@ -0,0 +1,28 @@
<?php
/*
* This file is part of the Symfony package.
*
* (c) Fabien Potencier <fabien@symfony.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace Symfony\Component\Ldap\Tests;
use Symfony\Component\Ldap\LdapClient;
use Symfony\Polyfill\Php56\Php56 as p;
/**
* @requires extension ldap
*/
class LdapClientTest extends \PHPUnit_Framework_TestCase
{
public function testLdapEscape()
{
$ldap = new LdapClient();
$this->assertEquals('\20foo\3dbar\0d(baz)*\20', $ldap->escape(" foo=bar\r(baz)* ", null, p::LDAP_ESCAPE_DN));
}
}