From c61eaab8025ce84e601ed076e991ce02d37b0165 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Mon, 17 Dec 2007 07:11:37 +0000
Subject: [PATCH] LDAP login: escape '*' in username.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@113 44740490-163a-0410-bde0-09ae8108e29a
---
 www/auth/login.php | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/www/auth/login.php b/www/auth/login.php
index fda493bb8..8e9411464 100644
--- a/www/auth/login.php
+++ b/www/auth/login.php
@@ -65,11 +65,10 @@ if (isset($_POST['username'])) {
 
 	/* Escape any characters with a special meaning in LDAP. The following
 	 * characters have a special meaning (according to RFC 2253):
-	 * ',', '+', '"', '\', '<', '>', ';'
+	 * ',', '+', '"', '\', '<', '>', ';', '*'
 	 * These characters are escaped by prefixing them with '\'.
-	 * TODO: should '*' be escaped as well?
 	 */
-	$ldapusername = addcslashes($username, ',+"\\<>;');
+	$ldapusername = addcslashes($username, ',+"\\<>;*');
 
 	/* Insert the LDAP username into the pattern configured in the
 	 * 'auth.ldap.dnpattern' option.
-- 
GitLab