check if object is returned.

[squirrelmail.git] / functions / abook_ldap_server.php

diff --git a/functions/abook_ldap_server.php b/functions/abook_ldap_server.php
index fe0fff455326899151f5bd4a13a079e3d22263f5..cfb36000e820916309927db1003643bbb681a0da 100644 (file)
--- a/functions/abook_ldap_server.php
+++ b/functions/abook_ldap_server.php
@@ -2,7 +2,7 @@
 /**
  * abook_ldap_server.php
  *
- * Copyright (c) 1999-2004 The SquirrelMail Project Team
+ * Copyright (c) 1999-2005 The SquirrelMail Project Team
  * Licensed under the GNU GPL. For full terms see the file COPYING.
  *
  * Address book backend for LDAP server
@@ -161,7 +161,7 @@ class abook_ldap_server extends addressbook_backend {
 
         $this->linkid = @ldap_connect($this->server, $this->port);
         if(!$this->linkid) {
-            if(function_exists('ldap_error')) {
+            if(function_exists('ldap_error') && is_object($this->linkid)) {
                 return $this->set_error(ldap_error($this->linkid));
             } else {
                 return $this->set_error('ldap_connect failed');
@@ -207,33 +207,47 @@ class abook_ldap_server extends addressbook_backend {
      * @return string encoded string
      */
     function charset_encode($str) {
-        if($this->charset == 'utf-8') {
-            if(function_exists('utf8_encode')) {
-                return utf8_encode($str);
-            } else {
-                return $str;
-            }
+        global $default_charset;
+        if($this->charset != $default_charset) {
+            return charset_convert($default_charset,$str,$this->charset,false);
         } else {
             return $str;
         }
     }
 
     /**
-     * Decode from charset used by this LDAP server to html entities
+     * Decode from charset used by this LDAP server to charset used by translation
      *
-     * Uses squirrelmail charset_decode functions
+     * Uses SquirrelMail charset_decode functions
      * @param string string that has to be decoded
      * @return string decoded string
      */
     function charset_decode($str) {
         global $default_charset;
         if ($this->charset != $default_charset) {
-            return charset_decode($this->charset,$str);
+            return charset_convert($this->charset,$str,$default_charset,false);
         } else {
             return $str;
         }
     }
 
+    /**
+     * Sanitizes ldap search strings.
+     * See rfc2254
+     * @link http://www.faqs.org/rfcs/rfc2254.html
+     * @since 1.5.1
+     * @param string $string
+     * @return string sanitized string
+     */
+    function ldapspecialchars($string) {
+        $sanitized=array('\\' => '\5c',
+                         '*' => '\2a',
+                         '(' => '\28',
+                         ')' => '\29',
+                         "\x00" => '\00');
+
+        return str_replace(array_keys($sanitized),array_values($sanitized),$string);
+    }
 
     /* ========================== Public ======================== */
 
@@ -243,14 +257,18 @@ class abook_ldap_server extends addressbook_backend {
      * @return array search results
      */
     function search($expr) {
-
         /* To be replaced by advanded search expression parsing */
         if(is_array($expr)) return false;
 
         /* Encode the expression */
         $expr = $this->charset_encode($expr);
-        if(strstr($expr, '*') === false) {
-            $expr = "*$expr*";
+
+        /*
+         * allow use of one asterisk in search. 
+         * Don't allow any ldap special chars if search is different
+         */
+        if($expr!='*') {
+            $expr = '*' . $this->ldapspecialchars($expr) . '*';
         }
         $expression = "cn=$expr";