Skip to content
Snippets Groups Projects
Commit c61eaab8 authored by Olav Morken's avatar Olav Morken
Browse files

LDAP login: escape '*' in username. 

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@113 44740490-163a-0410-bde0-09ae8108e29a
parent 72c986a0
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 2 additions and 3 deletions
www/auth/login.php
+ 2
3
View file @ c61eaab8
...@@ -65,11 +65,10 @@ if (isset($_POST['username'])) { ...@@ -65,11 +65,10 @@ if (isset($_POST['username'])) {
/* Escape any characters with a special meaning in LDAP. The following /* Escape any characters with a special meaning in LDAP. The following
* characters have a special meaning (according to RFC 2253): * characters have a special meaning (according to RFC 2253):
* ',', '+', '"', '\', '<', '>', ';' * ',', '+', '"', '\', '<', '>', ';', '*'
* These characters are escaped by prefixing them with '\'. * These characters are escaped by prefixing them with '\'.
* TODO: should '*' be escaped as well?
*/ */
$ldapusername = addcslashes($username, ',+"\\<>;'); $ldapusername = addcslashes($username, ',+"\\<>;*');
/* Insert the LDAP username into the pattern configured in the /* Insert the LDAP username into the pattern configured in the
* 'auth.ldap.dnpattern' option. * 'auth.ldap.dnpattern' option.
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment