sanitize ldap (#167)

simonLeary42 · web-flow · commit 86c7d5a46b9b · 2025-04-30T10:45:04.000-04:00
* escape inputs

* Update UnityLDAP.php
diff --git a/resources/lib/UnityLDAP.php b/resources/lib/UnityLDAP.php
@@ -311,24 +311,28 @@ public function getAllOrgGroups($UnitySQL, $UnityMailer, $UnityRedis, $UnityWebh
 
     public function getUserEntry($uid)
     {
+        $uid = ldap_escape($uid, LDAP_ESCAPE_DN);
         $ldap_entry = new LDAPEntry($this->getConn(), unityLDAP::RDN . "=$uid," . $this->STR_USEROU);
         return $ldap_entry;
     }
 
     public function getGroupEntry($gid)
     {
+        $uid = ldap_escape($gid, LDAP_ESCAPE_DN);
         $ldap_entry = new LDAPEntry($this->getConn(), unityLDAP::RDN . "=$gid," . $this->STR_GROUPOU);
         return $ldap_entry;
     }
 
     public function getPIGroupEntry($gid)
     {
+        $uid = ldap_escape($gid, LDAP_ESCAPE_DN);
         $ldap_entry = new LDAPEntry($this->getConn(), unityLDAP::RDN . "=$gid," . $this->STR_PIGROUPOU);
         return $ldap_entry;
     }
 
     public function getOrgGroupEntry($gid)
     {
+        $uid = ldap_escape($gid, LDAP_ESCAPE_DN);
         $ldap_entry = new LDAPEntry($this->getConn(), unityLDAP::RDN . "=$gid," . $this->STR_ORGGROUPOU);
         return $ldap_entry;
     }

Original file line number	Diff line number	Diff line change
`@@ -311,24 +311,28 @@ public function getAllOrgGroups($UnitySQL, $UnityMailer, $UnityRedis, $UnityWebh`
`311`	`311`
`312`	`312`	`public function getUserEntry($uid)`
`313`	`313`	`{`
	`314`	`+ $uid = ldap_escape($uid, LDAP_ESCAPE_DN);`
`314`	`315`	`$ldap_entry = new LDAPEntry($this->getConn(), unityLDAP::RDN . "=$uid," . $this->STR_USEROU);`
`315`	`316`	`return $ldap_entry;`
`316`	`317`	`}`
`317`	`318`
`318`	`319`	`public function getGroupEntry($gid)`
`319`	`320`	`{`
	`321`	`+ $uid = ldap_escape($gid, LDAP_ESCAPE_DN);`
`320`	`322`	`$ldap_entry = new LDAPEntry($this->getConn(), unityLDAP::RDN . "=$gid," . $this->STR_GROUPOU);`
`321`	`323`	`return $ldap_entry;`
`322`	`324`	`}`
`323`	`325`
`324`	`326`	`public function getPIGroupEntry($gid)`
`325`	`327`	`{`
	`328`	`+ $uid = ldap_escape($gid, LDAP_ESCAPE_DN);`
`326`	`329`	`$ldap_entry = new LDAPEntry($this->getConn(), unityLDAP::RDN . "=$gid," . $this->STR_PIGROUPOU);`
`327`	`330`	`return $ldap_entry;`
`328`	`331`	`}`
`329`	`332`
`330`	`333`	`public function getOrgGroupEntry($gid)`
`331`	`334`	`{`
	`335`	`+ $uid = ldap_escape($gid, LDAP_ESCAPE_DN);`
`332`	`336`	`$ldap_entry = new LDAPEntry($this->getConn(), unityLDAP::RDN . "=$gid," . $this->STR_ORGGROUPOU);`
`333`	`337`	`return $ldap_entry;`
`334`	`338`	`}`