From 4c8f32476d0a56eb9e9681cd0b57180fdeecb5c0 Mon Sep 17 00:00:00 2001 From: simonLeary42 <71396965+simonLeary42@users.noreply.github.com> Date: Sun, 6 Apr 2025 16:20:48 -0400 Subject: [PATCH 1/2] escape inputs --- resources/lib/UnityLDAP.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/resources/lib/UnityLDAP.php b/resources/lib/UnityLDAP.php index fc44cd4f..436e0723 100644 --- a/resources/lib/UnityLDAP.php +++ b/resources/lib/UnityLDAP.php @@ -315,25 +315,25 @@ public function getAllOrgGroups($UnitySQL, $UnityMailer, $UnityRedis, $UnityWebh public function getUserEntry($uid) { - $ldap_entry = new LDAPEntry($this->getConn(), unityLDAP::RDN . "=$uid," . $this->STR_USEROU); + $ldap_entry = new LDAPEntry($this->getConn(), unityLDAP::RDN . "=" . ldap_escape($uid, LDAP_ESCAPE_DN) . "," . $this->STR_USEROU); return $ldap_entry; } public function getGroupEntry($gid) { - $ldap_entry = new LDAPEntry($this->getConn(), unityLDAP::RDN . "=$gid," . $this->STR_GROUPOU); + $ldap_entry = new LDAPEntry($this->getConn(), unityLDAP::RDN . "=" . ldap_escape($gid, LDAP_ESCAPE_DN) . "," . $this->STR_GROUPOU); return $ldap_entry; } public function getPIGroupEntry($gid) { - $ldap_entry = new LDAPEntry($this->getConn(), unityLDAP::RDN . "=$gid," . $this->STR_PIGROUPOU); + $ldap_entry = new LDAPEntry($this->getConn(), unityLDAP::RDN . "=" . ldap_escape($gid, LDAP_ESCAPE_DN) . "," . $this->STR_PIGROUPOU); return $ldap_entry; } public function getOrgGroupEntry($gid) { - $ldap_entry = new LDAPEntry($this->getConn(), unityLDAP::RDN . "=$gid," . $this->STR_ORGGROUPOU); + $ldap_entry = new LDAPEntry($this->getConn(), unityLDAP::RDN . "=" . ldap_escape($gid, LDAP_ESCAPE_DN) . "," . $this->STR_ORGGROUPOU); return $ldap_entry; } } From 78b0c78b6f41d9f56255e76848e74240d323215a Mon Sep 17 00:00:00 2001 From: simonLeary42 <71396965+simonLeary42@users.noreply.github.com> Date: Sun, 6 Apr 2025 16:23:17 -0400 Subject: [PATCH 2/2] Update UnityLDAP.php --- resources/lib/UnityLDAP.php | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/resources/lib/UnityLDAP.php b/resources/lib/UnityLDAP.php index 436e0723..54c87746 100644 --- a/resources/lib/UnityLDAP.php +++ b/resources/lib/UnityLDAP.php @@ -315,25 +315,29 @@ public function getAllOrgGroups($UnitySQL, $UnityMailer, $UnityRedis, $UnityWebh public function getUserEntry($uid) { - $ldap_entry = new LDAPEntry($this->getConn(), unityLDAP::RDN . "=" . ldap_escape($uid, LDAP_ESCAPE_DN) . "," . $this->STR_USEROU); + $uid = ldap_escape($uid, LDAP_ESCAPE_DN); + $ldap_entry = new LDAPEntry($this->getConn(), unityLDAP::RDN . "=$uid," . $this->STR_USEROU); return $ldap_entry; } public function getGroupEntry($gid) { - $ldap_entry = new LDAPEntry($this->getConn(), unityLDAP::RDN . "=" . ldap_escape($gid, LDAP_ESCAPE_DN) . "," . $this->STR_GROUPOU); + $uid = ldap_escape($gid, LDAP_ESCAPE_DN); + $ldap_entry = new LDAPEntry($this->getConn(), unityLDAP::RDN . "=$gid," . $this->STR_GROUPOU); return $ldap_entry; } public function getPIGroupEntry($gid) { - $ldap_entry = new LDAPEntry($this->getConn(), unityLDAP::RDN . "=" . ldap_escape($gid, LDAP_ESCAPE_DN) . "," . $this->STR_PIGROUPOU); + $uid = ldap_escape($gid, LDAP_ESCAPE_DN); + $ldap_entry = new LDAPEntry($this->getConn(), unityLDAP::RDN . "=$gid," . $this->STR_PIGROUPOU); return $ldap_entry; } public function getOrgGroupEntry($gid) { - $ldap_entry = new LDAPEntry($this->getConn(), unityLDAP::RDN . "=" . ldap_escape($gid, LDAP_ESCAPE_DN) . "," . $this->STR_ORGGROUPOU); + $uid = ldap_escape($gid, LDAP_ESCAPE_DN); + $ldap_entry = new LDAPEntry($this->getConn(), unityLDAP::RDN . "=$gid," . $this->STR_ORGGROUPOU); return $ldap_entry; } }