$this->linkid = @ldap_connect($this->server, $this->port);
if(!$this->linkid) {
- if(function_exists('ldap_error')) {
+ if(function_exists('ldap_error') && is_object($this->linkid)) {
return $this->set_error(ldap_error($this->linkid));
} else {
return $this->set_error('ldap_connect failed');
}
}
+ /**
+ * Sanitizes ldap search strings.
+ * See rfc2254
+ * @link http://www.faqs.org/rfcs/rfc2254.html
+ * @since 1.5.1
+ * @param string $string
+ * @return string sanitized string
+ */
+ function ldapspecialchars($string) {
+ $sanitized=array('\\' => '\5c',
+ '*' => '\2a',
+ '(' => '\28',
+ ')' => '\29',
+ "\x00" => '\00');
+
+ return str_replace(array_keys($sanitized),array_values($sanitized),$string);
+ }
/* ========================== Public ======================== */
* @return array search results
*/
function search($expr) {
-
/* To be replaced by advanded search expression parsing */
if(is_array($expr)) return false;
/* Encode the expression */
$expr = $this->charset_encode($expr);
- if(strstr($expr, '*') === false) {
- $expr = "*$expr*";
+
+ /*
+ * allow use of one asterisk in search.
+ * Don't allow any ldap special chars if search is different
+ */
+ if($expr!='*') {
+ $expr = '*' . $this->ldapspecialchars($expr) . '*';
}
$expression = "cn=$expr";
projects / squirrelmail.git / blobdiff