etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

escapes for injection prtection (#7069)

This commit is contained in:
dahn 2023-01-10 02:54:51 -08:00 committed by GitHub
parent 77df050160
commit dffbc87278
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/ldap/OpenLdapUserManagerImpl.java
View File

@ -83,7 +83,7 @@ public class OpenLdapUserManagerImpl implements LdapUserManager {
usernameFilter.append("(");
usernameFilter.append(_ldapConfiguration.getUsernameAttribute(domainId));
usernameFilter.append("=");
usernameFilter.append((username == null ? "*" : username));
usernameFilter.append((username == null ? "*" : LdapUtils.escapeLDAPSearchFilter(username)));
usernameFilter.append(")");
String memberOfAttribute = _ldapConfiguration.getUserMemberOfAttribute(domainId);
@ -154,7 +154,7 @@ public class OpenLdapUserManagerImpl implements LdapUserManager {
groupNameFilter.append("(");
groupNameFilter.append(_ldapConfiguration.getCommonNameAttribute());
groupNameFilter.append("=");
groupNameFilter.append((groupName == null ? "*" : groupName));
groupNameFilter.append((groupName == null ? "*" : LdapUtils.escapeLDAPSearchFilter(groupName)));
groupNameFilter.append(")");
final StringBuilder result = new StringBuilder();
@ -194,7 +194,7 @@ public class OpenLdapUserManagerImpl implements LdapUserManager {
usernameFilter.append("(");
usernameFilter.append(_ldapConfiguration.getUsernameAttribute(domainId));
usernameFilter.append("=");
usernameFilter.append((username == null ? "*" : username));
usernameFilter.append((username == null ? "*" : LdapUtils.escapeLDAPSearchFilter(username)));
usernameFilter.append(")");
final StringBuilder memberOfFilter = new StringBuilder();