diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

bug #16842 [Ldap] Escape carriage returns in LDAP DNs. (ChadSikorra)

Browse Source 
This PR was squashed before being merged into the 2.8 branch (closes #16842).

Discussion
----------

[Ldap] Escape carriage returns in LDAP DNs.

Depends upon this commit in polyfill: https://github.com/symfony/polyfill/pull/14

| Q             | A
| ------------- | ---
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | n/a
| License       | MIT
| Doc PR        | n/a

Carriage returns are supposed to be escaped in a LDAP DN. Leading and trailing spaces should be encoded as well. The spaces were taken care of in the polyfill implementation of `ldap_escape`, but the actual PHP function doesn't do the same. So I moved that logic within the component function and removed it from the polyfill function.

Commits
-------

2243db4 [Ldap] Escape carriage returns in LDAP DNs.
This commit is contained in:
Fabien Potencier 2015-12-18 17:29:00 +01:00
commit d4fff991e0
2 changed files with 42 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/Symfony/Component/Ldap/LdapClient.php
View File

@ -99,7 +99,20 @@ class LdapClient implements LdapClientInterface
*/
public function escape($subject, $ignore = '', $flags = 0)
{
return ldap_escape($subject, $ignore, $flags);
$value = ldap_escape($subject, $ignore, $flags);
// Per RFC 4514, leading/trailing spaces should be encoded in DNs, as well as carriage returns.
if ((int) $flags & LDAP_ESCAPE_DN) {
if (!empty($value) && $value[0] === ' ') {
$value = '\\20'.substr($value, 1);
}
if (!empty($value) && $value[strlen($value) - 1] === ' ') {
$value = substr($value, 0, -1).'\\20';
}
$value = str_replace("\r", '\0d', $value);
}
return $value;
}
private function connect()

28
src/Symfony/Component/Ldap/Tests/LdapClientTest.php Normal file
View File

@ -0,0 +1,28 @@
<?php
/*
* This file is part of the Symfony package.
*
* (c) Fabien Potencier <fabien@symfony.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace Symfony\Component\Ldap\Tests;
use Symfony\Component\Ldap\LdapClient;
use Symfony\Polyfill\Php56\Php56 as p;
/**
* @requires extension ldap
*/
class LdapClientTest extends \PHPUnit_Framework_TestCase
{
public function testLdapEscape()
{
$ldap = new LdapClient();
$this->assertEquals('\20foo\3dbar\0d(baz)*\20', $ldap->escape(" foo=bar\r(baz)* ", null, p::LDAP_ESCAPE_DN));
}
}