/**
* abook_ldap_server.php
*
- * Copyright (c) 1999-2004 The SquirrelMail Project Team
+ * Copyright (c) 1999-2005 The SquirrelMail Project Team
* Licensed under the GNU GPL. For full terms see the file COPYING.
*
* Address book backend for LDAP server
$this->linkid = @ldap_connect($this->server, $this->port);
if(!$this->linkid) {
- if(function_exists('ldap_error')) {
+ if(function_exists('ldap_error') && is_object($this->linkid)) {
return $this->set_error(ldap_error($this->linkid));
} else {
return $this->set_error('ldap_connect failed');
* @return string encoded string
*/
function charset_encode($str) {
- if($this->charset == 'utf-8') {
- if(function_exists('utf8_encode')) {
- return utf8_encode($str);
- } else {
- return $str;
- }
+ global $default_charset;
+ if($this->charset != $default_charset) {
+ return charset_convert($default_charset,$str,$this->charset,false);
} else {
return $str;
}
}
/**
- * Decode from charset used by this LDAP server to html entities
+ * Decode from charset used by this LDAP server to charset used by translation
*
- * Uses squirrelmail charset_decode functions
+ * Uses SquirrelMail charset_decode functions
* @param string string that has to be decoded
* @return string decoded string
*/
function charset_decode($str) {
global $default_charset;
if ($this->charset != $default_charset) {
- return charset_decode($this->charset,$str);
+ return charset_convert($this->charset,$str,$default_charset,false);
} else {
return $str;
}
}
+ /**
+ * Sanitizes ldap search strings.
+ * See rfc2254
+ * @link http://www.faqs.org/rfcs/rfc2254.html
+ * @since 1.5.1
+ * @param string $string
+ * @return string sanitized string
+ */
+ function ldapspecialchars($string) {
+ $sanitized=array('\\' => '\5c',
+ '*' => '\2a',
+ '(' => '\28',
+ ')' => '\29',
+ "\x00" => '\00');
+
+ return str_replace(array_keys($sanitized),array_values($sanitized),$string);
+ }
/* ========================== Public ======================== */
* @return array search results
*/
function search($expr) {
-
/* To be replaced by advanded search expression parsing */
if(is_array($expr)) return false;
/* Encode the expression */
$expr = $this->charset_encode($expr);
- if(strstr($expr, '*') === false) {
- $expr = "*$expr*";
+
+ /*
+ * allow use of one asterisk in search.
+ * Don't allow any ldap special chars if search is different
+ */
+ if($expr!='*') {
+ $expr = '*' . $this->ldapspecialchars($expr) . '*';
}
$expression = "cn=$expr";