bug #16842 [Ldap] Escape carriage returns in LDAP DNs. (ChadSikorra)
This PR was squashed before being merged into the 2.8 branch (closes #16842).
Discussion
----------
[Ldap] Escape carriage returns in LDAP DNs.
Depends upon this commit in polyfill: https://github.com/symfony/polyfill/pull/14
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Carriage returns are supposed to be escaped in a LDAP DN. Leading and trailing spaces should be encoded as well. The spaces were taken care of in the polyfill implementation of `ldap_escape`, but the actual PHP function doesn't do the same. So I moved that logic within the component function and removed it from the polyfill function.
Commits
-------
2243db4
[Ldap] Escape carriage returns in LDAP DNs.
This commit is contained in:
commit
d4fff991e0
@ -99,7 +99,20 @@ class LdapClient implements LdapClientInterface
|
|||||||
*/
|
*/
|
||||||
public function escape($subject, $ignore = '', $flags = 0)
|
public function escape($subject, $ignore = '', $flags = 0)
|
||||||
{
|
{
|
||||||
return ldap_escape($subject, $ignore, $flags);
|
$value = ldap_escape($subject, $ignore, $flags);
|
||||||
|
|
||||||
|
// Per RFC 4514, leading/trailing spaces should be encoded in DNs, as well as carriage returns.
|
||||||
|
if ((int) $flags & LDAP_ESCAPE_DN) {
|
||||||
|
if (!empty($value) && $value[0] === ' ') {
|
||||||
|
$value = '\\20'.substr($value, 1);
|
||||||
|
}
|
||||||
|
if (!empty($value) && $value[strlen($value) - 1] === ' ') {
|
||||||
|
$value = substr($value, 0, -1).'\\20';
|
||||||
|
}
|
||||||
|
$value = str_replace("\r", '\0d', $value);
|
||||||
|
}
|
||||||
|
|
||||||
|
return $value;
|
||||||
}
|
}
|
||||||
|
|
||||||
private function connect()
|
private function connect()
|
||||||
|
28
src/Symfony/Component/Ldap/Tests/LdapClientTest.php
Normal file
28
src/Symfony/Component/Ldap/Tests/LdapClientTest.php
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
/*
|
||||||
|
* This file is part of the Symfony package.
|
||||||
|
*
|
||||||
|
* (c) Fabien Potencier <fabien@symfony.com>
|
||||||
|
*
|
||||||
|
* For the full copyright and license information, please view the LICENSE
|
||||||
|
* file that was distributed with this source code.
|
||||||
|
*/
|
||||||
|
|
||||||
|
namespace Symfony\Component\Ldap\Tests;
|
||||||
|
|
||||||
|
use Symfony\Component\Ldap\LdapClient;
|
||||||
|
use Symfony\Polyfill\Php56\Php56 as p;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @requires extension ldap
|
||||||
|
*/
|
||||||
|
class LdapClientTest extends \PHPUnit_Framework_TestCase
|
||||||
|
{
|
||||||
|
public function testLdapEscape()
|
||||||
|
{
|
||||||
|
$ldap = new LdapClient();
|
||||||
|
|
||||||
|
$this->assertEquals('\20foo\3dbar\0d(baz)*\20', $ldap->escape(" foo=bar\r(baz)* ", null, p::LDAP_ESCAPE_DN));
|
||||||
|
}
|
||||||
|
}
|
Reference in New Issue
Block a user