8000 fix: Do not escape wildcard in objectclass from admin config by jcdelepine · Pull Request #3 · horde/Ldap · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

fix: Do not escape wildcard in objectclass from admin config #3

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. Weâ 8000 €™ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 2, 2025
Merged

fix: Do not escape wildcard in objectclass from admin config #3

merged 1 commit into from
Jun 2, 2025

Conversation

jcdelepine
Copy link
Contributor
@jcdelepine jcdelepine commented Jun 1, 2025
edited
Loading

The default objectclass filter in Horde's LDAP config is ['*'], but this value was being escaped to '\2A', resulting in invalid filters like (objectclass=\2A) instead of (objectclass=*). This patch disables escaping for values coming from trusted configuration.

Values from user input are still escaped to prevent LDAP injection.

@jcdelepine
Do not escape wildcard in objectclass from admin config
d7a59b5 
The default objectclass filter in Horde's LDAP config is ['*'],
but this value was being escaped to '\2A', resulting in invalid filters
like (objectclass=\2A) instead of (objectclass=*). This patch disables
escaping for values coming from trusted configuration.

Values from user input are still escaped to prevent LDAP injection.
@jcdelepine jcdelepine force-pushed the fix-ldap-filter-wildcard branch from 7abb184 to d7a59b5 Compare June 1, 2025 14:30
@ralflang ralflang changed the title Do not escape wildcard in objectclass from admin config fix: Do not escape wildcard in objectclass from admin config Jun 2, 2025
ralflang
ralflang approved these changes Jun 2, 2025
View reviewed changes
Copy link
Member
@ralflang ralflang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you very much.

@ralflang
Copy link
Member
ralflang commented Jun 2, 2025

There are some rebase conflicts and the CI is red. I will fixup this.

@ralflang ralflang changed the base branch from FRAMEWORK_6_0 to FRAMEWORK_6_0-fixups June 2, 2025 04:15
@ralflang ralflang merged commit 8dfda8d into horde:FRAMEWORK_6_0-fixups Jun 2, 2025
1 check failed
@ralflang
Copy link
Member
ralflang commented Jun 2, 2025

Released as https://packagist.org/packages/horde/ldap#v3.0.0alpha9 - thank you very much.

Notes:

  • If you give upstream write access to your PR branch, we can simplify touchups before release
  • I edited the commit message to contain the prefix "fix: " in the first line. The commit should still display you as the author.
  • Merged to a separate branch, cherry-picked/rebased the actual commit on FRAMEWORK_6_0 so it would apply without warnings
  • Repaired the test suite. Upside: It's now working correctly and pointing out actual problems. Downside: It's showing problems with the diff test and I have not yet looked into it if this means the Horde_Ldap_Diff class is broken or something is wrong with the fixtures.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ralflang ralflang ralflang approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jcdelepine @ralflang
0