Make sure $value is of type Array (Part 2)

1c7bd3d2 · Tim van Dijen · GitHub · 4a634f74 · 1c7bd3d2
Unverified Commit 1c7bd3d2 authored 7 years ago by Tim van Dijen Committed by GitHub 7 years ago
--- a/lib/SimpleSAML/Auth/LDAP.php
+++ b/lib/SimpleSAML/Auth/LDAP.php
@@ -53,10 +53,8 @@ class SimpleSAML_Auth_LDAP
     * @param int $port
     * @param bool $referrals
     */
-    // TODO: Flesh out documentation
    public function __construct($hostname, $enable_tls = true, $debug = false, $timeout = 0, $port = 389, $referrals = true)
    {
-
        // Debug
        SimpleSAML\Logger::debug('Library - LDAP __construct(): Setup LDAP with ' .
                        'host=\'' . $hostname .
@@ -207,8 +205,7 @@ class SimpleSAML_Auth_LDAP
    {
        // Create the search filter
        $attribute = self::escape_filter_value($attribute, false);
-        $value = \SimpleSAML\Utils\Arrays::Arrayize($value);
-        $value = self::escape_filter_value($value);
+        $value = self::escape_filter_value($value, true);
        $filter = '';
        foreach ($attribute as $attr) {
            $filter .= '(' . $attr . '=' . $value. ')';
@@ -222,8 +219,7 @@ class SimpleSAML_Auth_LDAP

        // Search using generated filter
        SimpleSAML\Logger::debug('Library - LDAP search(): Searching base \'' . $base . '\' for \'' . $filter . '\'');
-        // TODO: Should aliases be dereferenced?
-        $result = @ldap_search($this->ldap, $base, $filter, array(), 0, 0, $this->timeout);
+        $result = @ldap_search($this->ldap, $base, $filter, array(), 0, 0, $this->timeout, LDAP_DEREF_NEVER);
        if ($result === false) {
            throw $this->makeException('Library - LDAP search(): Failed search on base \'' . $base . '\' for \'' . $filter . '\'');
        }
@@ -250,7 +246,6 @@ class SimpleSAML_Auth_LDAP
        if ($dn === false) {
            throw $this->makeException('Library - LDAP search(): Unable to get DN after searching base \'' . $base . '\' for \'' . $filter . '\'');
        }
-        // FIXME: Are we now sure, if no excepton has been thrown, that we are returning a DN?
        return $dn;
    }

@@ -598,7 +593,6 @@ class SimpleSAML_Auth_LDAP
     * @param string $password
     * @return array|bool
     */
-    // TODO: Documentation; only cleared up exception/log messages
    public function validate($config, $username, $password = null)
    {
        /* Escape any characters with a special meaning in LDAP. The following
@@ -644,15 +638,13 @@ class SimpleSAML_Auth_LDAP
     * backslash followed by two hex digits representing the hexadecimal value of the character.
     *
     * @static
-     * @param array $values Array of values to escape
+     * @param string|array $values Array of values to escape
     * @return array Array $values, but escaped
     */
    public static function escape_filter_value($values = array(), $singleValue = true)
    {
        // Parameter validation
-        if (!is_array($values)) {
-            $values = array($values);
-        }
+        $values = \SimpleSAML\Utils\Arrays::arrayize($values);

        foreach ($values as $key => $val) {
            // Escaping of filter meta characters