From c61eaab8025ce84e601ed076e991ce02d37b0165 Mon Sep 17 00:00:00 2001 From: Olav Morken <olav.morken@uninett.no> Date: Mon, 17 Dec 2007 07:11:37 +0000 Subject: [PATCH] LDAP login: escape '*' in username. git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@113 44740490-163a-0410-bde0-09ae8108e29a --- www/auth/login.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/www/auth/login.php b/www/auth/login.php index fda493bb8..8e9411464 100644 --- a/www/auth/login.php +++ b/www/auth/login.php @@ -65,11 +65,10 @@ if (isset($_POST['username'])) { /* Escape any characters with a special meaning in LDAP. The following * characters have a special meaning (according to RFC 2253): - * ',', '+', '"', '\', '<', '>', ';' + * ',', '+', '"', '\', '<', '>', ';', '*' * These characters are escaped by prefixing them with '\'. - * TODO: should '*' be escaped as well? */ - $ldapusername = addcslashes($username, ',+"\\<>;'); + $ldapusername = addcslashes($username, ',+"\\<>;*'); /* Insert the LDAP username into the pattern configured in the * 'auth.ldap.dnpattern' option. -- GitLab