Page Menu
Home
c4science
Search
Configure Global Search
Log In
Files
F92771087
ldapsprintf.php
No One
Temporary
Actions
Download File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Subscribers
None
File Metadata
Details
File Info
Storage
Attached
Created
Sat, Nov 23, 14:20
Size
1 KB
Mime Type
text/x-php
Expires
Mon, Nov 25, 14:20 (1 d, 23 h)
Engine
blob
Format
Raw Data
Handle
22508974
Attached To
rPHU libphutil
ldapsprintf.php
View Options
<?php
/**
* Format an LDAP string. This function behaves like sprintf(), except that all
* the normal conversions (like %s) will be properly escaped, and additional
* conversions are supported:
*
* %S (Search Filter)
* Escapes text for use in a search filter.
*
* %Q (Raw Query)
* Inserts raw, unescaped text. DANGEROUS!
*
*/
function
ldap_sprintf
(
$pattern
/* , ... */
)
{
$args
=
func_get_args
();
return
xsprintf
(
'xsprintf_ldap'
,
null
,
$args
);
}
/**
* ldap_sprintf() callback for LDAP encoding.
* @group markup
*/
function
xsprintf_ldap
(
$userdata
,
&
$pattern
,
&
$pos
,
&
$value
,
&
$length
)
{
$type
=
$pattern
[
$pos
];
// https://www.owasp.org/index.php/Preventing_LDAP_Injection_in_Java
switch
(
$type
)
{
case
'S'
:
$value
=
str_replace
(
array
(
'
\\
'
,
'*'
,
'('
,
')'
,
"
\0
"
),
array
(
'
\\
5c'
,
'
\\
2a'
,
'
\\
28'
,
'
\\
29'
,
'
\\
00'
),
$value
);
$type
=
's'
;
break
;
case
's'
:
$value
=
addcslashes
(
$value
,
',
\\
#+<>;"= '
);
$type
=
's'
;
break
;
case
'Q'
:
$type
=
's'
;
break
;
}
$pattern
[
$pos
]
=
$type
;
}
Event Timeline
Log In to Comment