escape inputs

simonLeary42 · web-flow · commit 4c8f32476d0a · 2025-04-06T16:20:48.000-04:00
diff --git a/resources/lib/UnityLDAP.php b/resources/lib/UnityLDAP.php
@@ -315,25 +315,25 @@ public function getAllOrgGroups($UnitySQL, $UnityMailer, $UnityRedis, $UnityWebh
 
     public function getUserEntry($uid)
     {
-        $ldap_entry = new LDAPEntry($this->getConn(), unityLDAP::RDN . "=$uid," . $this->STR_USEROU);
+        $ldap_entry = new LDAPEntry($this->getConn(), unityLDAP::RDN . "=" . ldap_escape($uid, LDAP_ESCAPE_DN) . "," . $this->STR_USEROU);
         return $ldap_entry;
     }
 
     public function getGroupEntry($gid)
     {
-        $ldap_entry = new LDAPEntry($this->getConn(), unityLDAP::RDN . "=$gid," . $this->STR_GROUPOU);
+        $ldap_entry = new LDAPEntry($this->getConn(), unityLDAP::RDN . "=" . ldap_escape($gid, LDAP_ESCAPE_DN) . "," . $this->STR_GROUPOU);
         return $ldap_entry;
     }
 
     public function getPIGroupEntry($gid)
     {
-        $ldap_entry = new LDAPEntry($this->getConn(), unityLDAP::RDN . "=$gid," . $this->STR_PIGROUPOU);
+        $ldap_entry = new LDAPEntry($this->getConn(), unityLDAP::RDN . "=" . ldap_escape($gid, LDAP_ESCAPE_DN) . "," . $this->STR_PIGROUPOU);
         return $ldap_entry;
     }
 
     public function getOrgGroupEntry($gid)
     {
-        $ldap_entry = new LDAPEntry($this->getConn(), unityLDAP::RDN . "=$gid," . $this->STR_ORGGROUPOU);
+        $ldap_entry = new LDAPEntry($this->getConn(), unityLDAP::RDN . "=" . ldap_escape($gid, LDAP_ESCAPE_DN) . "," . $this->STR_ORGGROUPOU);
         return $ldap_entry;
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -315,25 +315,25 @@ public function getAllOrgGroups($UnitySQL, $UnityMailer, $UnityRedis, $UnityWebh`
`315`	`315`
`316`	`316`	`public function getUserEntry($uid)`
`317`	`317`	`{`
`318`		`- $ldap_entry = new LDAPEntry($this->getConn(), unityLDAP::RDN . "=$uid," . $this->STR_USEROU);`
	`318`	`+ $ldap_entry = new LDAPEntry($this->getConn(), unityLDAP::RDN . "=" . ldap_escape($uid, LDAP_ESCAPE_DN) . "," . $this->STR_USEROU);`
`319`	`319`	`return $ldap_entry;`
`320`	`320`	`}`
`321`	`321`
`322`	`322`	`public function getGroupEntry($gid)`
`323`	`323`	`{`
`324`		`- $ldap_entry = new LDAPEntry($this->getConn(), unityLDAP::RDN . "=$gid," . $this->STR_GROUPOU);`
	`324`	`+ $ldap_entry = new LDAPEntry($this->getConn(), unityLDAP::RDN . "=" . ldap_escape($gid, LDAP_ESCAPE_DN) . "," . $this->STR_GROUPOU);`
`325`	`325`	`return $ldap_entry;`
`326`	`326`	`}`
`327`	`327`
`328`	`328`	`public function getPIGroupEntry($gid)`
`329`	`329`	`{`
`330`		`- $ldap_entry = new LDAPEntry($this->getConn(), unityLDAP::RDN . "=$gid," . $this->STR_PIGROUPOU);`
	`330`	`+ $ldap_entry = new LDAPEntry($this->getConn(), unityLDAP::RDN . "=" . ldap_escape($gid, LDAP_ESCAPE_DN) . "," . $this->STR_PIGROUPOU);`
`331`	`331`	`return $ldap_entry;`
`332`	`332`	`}`
`333`	`333`
`334`	`334`	`public function getOrgGroupEntry($gid)`
`335`	`335`	`{`
`336`		`- $ldap_entry = new LDAPEntry($this->getConn(), unityLDAP::RDN . "=$gid," . $this->STR_ORGGROUPOU);`
	`336`	`+ $ldap_entry = new LDAPEntry($this->getConn(), unityLDAP::RDN . "=" . ldap_escape($gid, LDAP_ESCAPE_DN) . "," . $this->STR_ORGGROUPOU);`
`337`	`337`	`return $ldap_entry;`
`338`	`338`	`}`
`339`	`339`	`}`