apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge release branch 4.17 to main

Browse Source 
* 4.17:
  escapes for injection prtection (#7069)
This commit is contained in:
Daan Hoogland 2023-01-10 11:58:01 +01:00
commit f3e05543cc
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/ldap/OpenLdapUserManagerImpl.java
View File

@ -83,7 +83,7 @@ public class OpenLdapUserManagerImpl implements LdapUserManager {
usernameFilter.append("(");
usernameFilter.append(_ldapConfiguration.getUsernameAttribute(domainId));
usernameFilter.append("=");
usernameFilter.append((username == null ? "*" : username));
usernameFilter.append((username == null ? "*" : LdapUtils.escapeLDAPSearchFilter(username)));
usernameFilter.append(")");
String memberOfAttribute = _ldapConfiguration.getUserMemberOfAttribute(domainId);
@ -154,7 +154,7 @@ public class OpenLdapUserManagerImpl implements LdapUserManager {
groupNameFilter.append("(");
groupNameFilter.append(_ldapConfiguration.getCommonNameAttribute());
groupNameFilter.append("=");
groupNameFilter.append((groupName == null ? "*" : groupName));
groupNameFilter.append((groupName == null ? "*" : LdapUtils.escapeLDAPSearchFilter(groupName)));
groupNameFilter.append(")");
final StringBuilder result = new StringBuilder();
@ -194,7 +194,7 @@ public class OpenLdapUserManagerImpl implements LdapUserManager {
usernameFilter.append("(");
usernameFilter.append(_ldapConfiguration.getUsernameAttribute(domainId));
usernameFilter.append("=");
usernameFilter.append((username == null ? "*" : username));
usernameFilter.append((username == null ? "*" : LdapUtils.escapeLDAPSearchFilter(username)));
usernameFilter.append(")");
final StringBuilder memberOfFilter = new StringBuilder();