summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Bruederli <bruederli@kolabsys.com>2015-03-28 02:51:24 (GMT)
committerThomas Bruederli <bruederli@kolabsys.com>2015-03-28 02:51:24 (GMT)
commit4bbbb5c3817b23b1c15b364761a6ab89bd247dbb (patch)
tree5f9fbdd5e921770a0cfa86db64b848daf2e3acea
parentef305bbbb48e7136ea8b81972395af779c1c12df (diff)
downloadpykolab-4bbbb5c3817b23b1c15b364761a6ab89bd247dbb.tar.gz
Escape filter value when searching LDAP entries by attribute (#4924)
-rw-r--r--pykolab/auth/ldap/__init__.py3
1 files changed, 2 insertions, 1 deletions
diff --git a/pykolab/auth/ldap/__init__.py b/pykolab/auth/ldap/__init__.py
index fa01993..f823d46 100644
--- a/pykolab/auth/ldap/__init__.py
+++ b/pykolab/auth/ldap/__init__.py
@@ -21,6 +21,7 @@ import _ldap
import ldap
import ldap.async
import ldap.controls
+import ldap.filter
import logging
import time
@@ -964,7 +965,7 @@ class LDAP(pykolab.base.Base):
def search_entry_by_attribute(self, attr, value, **kw):
self._bind()
- _filter = "(%s=%s)" % (attr, value)
+ _filter = "(%s=%s)" % (attr, ldap.filter.escape_filter_chars(value))
config_base_dn = self.config_get('base_dn')
ldap_base_dn = self._kolab_domain_root_dn(self.domain)