From 24e13419a38949aa554911c919956c591b0ee0cd Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@owncloud.com>
Date: Fri, 16 Nov 2012 23:29:00 +0100
Subject: [PATCH] LDAP: escape values in the DN, fixes #419

---
 apps/user_ldap/lib/access.php | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/apps/user_ldap/lib/access.php b/apps/user_ldap/lib/access.php
index b2244c17c0..2273caec02 100644
--- a/apps/user_ldap/lib/access.php
+++ b/apps/user_ldap/lib/access.php
@@ -119,6 +119,19 @@ abstract class Access {
 		//make comparisons and everything work
 		$dn = mb_strtolower($dn, 'UTF-8');
 
+		//escape DN values according to RFC 2253
+		//thanks to Kolab, http://git.kolab.org/pear/Net_LDAP3/tree/lib/Net/LDAP3.php#n1313
+		$aDN = ldap_explode_dn($dn, false);
+		unset($aDN['count']);
+		foreach($aDN as $key => $part) {
+			$value = substr($part, strpos($part, '=')+1);
+			$escapedValue = strtr($value, Array(','=>'\2c', '='=>'\3d', '+'=>'\2b',
+				'<'=>'\3c', '>'=>'\3e', ';'=>'\3b', '\\'=>'\5c',
+				'"'=>'\22', '#'=>'\23'));
+			$part = str_replace($part, $value, $escapedValue);
+		}
+		$dn = implode(',', $aDN);
+
 		return $dn;
 	}
 
-- 
GitLab