diff --git a/www/auth/login.php b/www/auth/login.php index fda493bb8efa34a8eb9a78c8e1dffb6e484e9f50..8e9411464adb5a0e9511c641fe32997ecb12f79b 100644 --- a/www/auth/login.php +++ b/www/auth/login.php @@ -65,11 +65,10 @@ if (isset($_POST['username'])) { /* Escape any characters with a special meaning in LDAP. The following * characters have a special meaning (according to RFC 2253): - * ',', '+', '"', '\', '<', '>', ';' + * ',', '+', '"', '\', '<', '>', ';', '*' * These characters are escaped by prefixing them with '\'. - * TODO: should '*' be escaped as well? */ - $ldapusername = addcslashes($username, ',+"\\<>;'); + $ldapusername = addcslashes($username, ',+"\\<>;*'); /* Insert the LDAP username into the pattern configured in the * 'auth.ldap.dnpattern' option.