From f80c7d78cba353da7fa78b74e9d51a74b6a8f83f Mon Sep 17 00:00:00 2001 From: Chad Sikorra Date: Fri, 4 Dec 2015 20:22:28 -0600 Subject: [PATCH 1/3] Escape carriage returns in LDAP DNs. --- src/Symfony/Component/Ldap/LdapClient.php | 15 ++++++++++- .../Component/Ldap/Tests/LdapClientTest.php | 25 +++++++++++++++++++ 2 files changed, 39 insertions(+), 1 deletion(-) create mode 100644 src/Symfony/Component/Ldap/Tests/LdapClientTest.php diff --git a/src/Symfony/Component/Ldap/LdapClient.php b/src/Symfony/Component/Ldap/LdapClient.php index 0a8fa22c16c6f..78157fd195cf6 100644 --- a/src/Symfony/Component/Ldap/LdapClient.php +++ b/src/Symfony/Component/Ldap/LdapClient.php @@ -99,7 +99,20 @@ public function find($dn, $query, $filter = '*') */ public function escape($subject, $ignore = '', $flags = 0) { - return ldap_escape($subject, $ignore, $flags); + $value = ldap_escape($subject, $ignore, $flags); + + // Per RFC 4514, leading/trailing spaces should be encoded in DNs, as well as carriage returns. + if ((int)$flags & LDAP_ESCAPE_DN) { + if (!empty($value) && $value[0] === ' ') { + $value = '\\20' . substr($value, 1); + } + if (!empty($value) && $value[strlen($value) - 1] === ' ') { + $value = substr($value, 0, -1) . '\\20'; + } + $value = str_replace("\r", '\0d', $value); + } + + return $value; } private function connect() diff --git a/src/Symfony/Component/Ldap/Tests/LdapClientTest.php b/src/Symfony/Component/Ldap/Tests/LdapClientTest.php new file mode 100644 index 0000000000000..f2783955970bf --- /dev/null +++ b/src/Symfony/Component/Ldap/Tests/LdapClientTest.php @@ -0,0 +1,25 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\Ldap\Tests; + +use Symfony\Component\Ldap\LdapClient; +use Symfony\Polyfill\Php56\Php56 as p; + +class LdapClientTest extends \PHPUnit_Framework_TestCase +{ + public function testLdapEscape() + { + $ldap = new LdapClient(); + + $this->assertEquals('\20foo\3dbar\0d(baz)*\20', $ldap->escape(" foo=bar\r(baz)* ", null, p::LDAP_ESCAPE_DN)); + } +} From 898d764fc732e9977b6f74c852f72527c6d73b24 Mon Sep 17 00:00:00 2001 From: Chad Sikorra Date: Fri, 4 Dec 2015 20:50:15 -0600 Subject: [PATCH 2/3] Apply CS fixes. --- src/Symfony/Component/Ldap/LdapClient.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/Symfony/Component/Ldap/LdapClient.php b/src/Symfony/Component/Ldap/LdapClient.php index 78157fd195cf6..3fc0cb5454240 100644 --- a/src/Symfony/Component/Ldap/LdapClient.php +++ b/src/Symfony/Component/Ldap/LdapClient.php @@ -102,12 +102,12 @@ public function escape($subject, $ignore = '', $flags = 0) $value = ldap_escape($subject, $ignore, $flags); // Per RFC 4514, leading/trailing spaces should be encoded in DNs, as well as carriage returns. - if ((int)$flags & LDAP_ESCAPE_DN) { + if ((int) $flags & LDAP_ESCAPE_DN) { if (!empty($value) && $value[0] === ' ') { - $value = '\\20' . substr($value, 1); + $value = '\\20'.substr($value, 1); } if (!empty($value) && $value[strlen($value) - 1] === ' ') { - $value = substr($value, 0, -1) . '\\20'; + $value = substr($value, 0, -1).'\\20'; } $value = str_replace("\r", '\0d', $value); } From 242fb9e9c89bc01dcbb7803800b0ca02ae580ec4 Mon Sep 17 00:00:00 2001 From: Chad Sikorra Date: Mon, 7 Dec 2015 17:06:19 -0600 Subject: [PATCH 3/3] Require the ldap extension for tests. --- src/Symfony/Component/Ldap/Tests/LdapClientTest.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/Symfony/Component/Ldap/Tests/LdapClientTest.php b/src/Symfony/Component/Ldap/Tests/LdapClientTest.php index f2783955970bf..acf15b06d62c3 100644 --- a/src/Symfony/Component/Ldap/Tests/LdapClientTest.php +++ b/src/Symfony/Component/Ldap/Tests/LdapClientTest.php @@ -14,6 +14,9 @@ use Symfony\Component\Ldap\LdapClient; use Symfony\Polyfill\Php56\Php56 as p; +/** + * @requires extension ldap + */ class LdapClientTest extends \PHPUnit_Framework_TestCase { public function testLdapEscape()