escape special chars when creating group filter.

The LDAP search filter used for group queries needs to be escaped so that group names with special characters will not break the search filter in queries.
2019-03-18 11:54:31 +11:00 · 2019-03-18 11:54:31 +11:00 · 0ad5d46a4c
parent 9f29a8e154
commit 0ad5d46a4c
1 changed files with 1 additions and 1 deletions
--- a/app/models.py
+++ b/app/models.py
@ -171,7 +171,7 @@ class User(db.Model):
        whether a user is allowed to enter or not
        """
        LDAP_BASE_DN = Setting().get('ldap_base_dn')
-        groupSearchFilter = "(&(objectcategory=group)(member=%s))" % groupDN
+        groupSearchFilter = "(&(objectcategory=group)(member=%s))" % ldap.filter.escape_filter_chars(groupDN)
        result = [groupDN]
        try:
            groups = self.ldap_search(groupSearchFilter, LDAP_BASE_DN)