Merge pull request #484 from genericpenguin/genericpenguin-escape-chars-groupsearchfilter

escape special chars when creating group filter.
2019-04-01 21:41:56 +07:00 · 2019-04-01 21:41:56 +07:00 · ae7b41ece2
parent 9f29a8e154 0ad5d46a4c
commit ae7b41ece2
1 changed files with 1 additions and 1 deletions
--- a/app/models.py
+++ b/app/models.py
@ -171,7 +171,7 @@ class User(db.Model):
        whether a user is allowed to enter or not
        """
        LDAP_BASE_DN = Setting().get('ldap_base_dn')
-        groupSearchFilter = "(&(objectcategory=group)(member=%s))" % groupDN
+        groupSearchFilter = "(&(objectcategory=group)(member=%s))" % ldap.filter.escape_filter_chars(groupDN)
        result = [groupDN]
        try:
            groups = self.ldap_search(groupSearchFilter, LDAP_BASE_DN)