Skip to content

Commit 86c7d5a

Browse files
authored
sanitize ldap (#167)
* escape inputs * Update UnityLDAP.php
1 parent 57e67b8 commit 86c7d5a

File tree

1 file changed

+4
-0
lines changed

1 file changed

+4
-0
lines changed

resources/lib/UnityLDAP.php

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -311,24 +311,28 @@ public function getAllOrgGroups($UnitySQL, $UnityMailer, $UnityRedis, $UnityWebh
311311

312312
public function getUserEntry($uid)
313313
{
314+
$uid = ldap_escape($uid, LDAP_ESCAPE_DN);
314315
$ldap_entry = new LDAPEntry($this->getConn(), unityLDAP::RDN . "=$uid," . $this->STR_USEROU);
315316
return $ldap_entry;
316317
}
317318

318319
public function getGroupEntry($gid)
319320
{
321+
$uid = ldap_escape($gid, LDAP_ESCAPE_DN);
320322
$ldap_entry = new LDAPEntry($this->getConn(), unityLDAP::RDN . "=$gid," . $this->STR_GROUPOU);
321323
return $ldap_entry;
322324
}
323325

324326
public function getPIGroupEntry($gid)
325327
{
328+
$uid = ldap_escape($gid, LDAP_ESCAPE_DN);
326329
$ldap_entry = new LDAPEntry($this->getConn(), unityLDAP::RDN . "=$gid," . $this->STR_PIGROUPOU);
327330
return $ldap_entry;
328331
}
329332

330333
public function getOrgGroupEntry($gid)
331334
{
335+
$uid = ldap_escape($gid, LDAP_ESCAPE_DN);
332336
$ldap_entry = new LDAPEntry($this->getConn(), unityLDAP::RDN . "=$gid," . $this->STR_ORGGROUPOU);
333337
return $ldap_entry;
334338
}

0 commit comments

Comments
 (0)