Skip to content

Commit bf705c4

Browse files
simonLeary42simonLeary42
committed
sanitize ldap (#167)
* escape inputs * Update UnityLDAP.php
1 parent ed50b68 commit bf705c4

File tree

1 file changed

+4
-0
lines changed

1 file changed

+4
-0
lines changed

resources/lib/UnityLDAP.php

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -311,21 +311,25 @@ public function getAllOrgGroups($UnitySQL, $UnityMailer, $UnityRedis, $UnityWebh
311311

312312
public function getUserEntry($uid)
313313
{
314+
$uid = ldap_escape($uid, LDAP_ESCAPE_DN);
314315
return $this->getEntry(unityLDAP::RDN . "=$uid," . $this->STR_USEROU);
315316
}
316317

317318
public function getGroupEntry($gid)
318319
{
320+
$uid = ldap_escape($gid, LDAP_ESCAPE_DN);
319321
return $this->getEntry(unityLDAP::RDN . "=$gid," . $this->STR_GROUPOU);
320322
}
321323

322324
public function getPIGroupEntry($gid)
323325
{
326+
$uid = ldap_escape($gid, LDAP_ESCAPE_DN);
324327
return $this->getEntry(unityLDAP::RDN . "=$gid," . $this->STR_PIGROUPOU);
325328
}
326329

327330
public function getOrgGroupEntry($gid)
328331
{
332+
$uid = ldap_escape($gid, LDAP_ESCAPE_DN);
329333
return $this->getEntry(unityLDAP::RDN . "=$gid," . $this->STR_ORGGROUPOU);
330334
}
331335
}

0 commit comments

Comments
 (0)