Escape username before LDAP search.
This commit is contained in:
parent
a70a426cfd
commit
940f2b5a9d
|
@ -42,7 +42,7 @@ if ($config['auth_type'] == 'db') {
|
|||
$ldap = @ldap_connect($config['ldap_uri']);
|
||||
@ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
|
||||
@ldap_bind($ldap, $config['ldap_bind_dn'], $config['ldap_bind_pw']);
|
||||
$filter = str_replace('%user%', $input->user, $config['ldap_search']);
|
||||
$filter = str_replace('%user%', @ldap_escape($input->user, null, LDAP_ESCAPE_FILTER), $config['ldap_search']);
|
||||
$result = @ldap_search($ldap, $config['ldap_base_dn'], $filter, array('dn'));
|
||||
$dn = @ldap_get_dn($ldap, ldap_first_entry($ldap, $result));
|
||||
if (@ldap_bind($ldap, $dn, $input->password)) {
|
||||
|
|
Loading…
Reference in a new issue