summaryrefslogtreecommitdiff
path: root/lib/Auth/LDAP.php
diff options
context:
space:
mode:
Diffstat (limited to 'lib/Auth/LDAP.php')
-rw-r--r--lib/Auth/LDAP.php25
1 files changed, 8 insertions, 17 deletions
diff --git a/lib/Auth/LDAP.php b/lib/Auth/LDAP.php
index 644ee8a..77bf6c0 100644
--- a/lib/Auth/LDAP.php
+++ b/lib/Auth/LDAP.php
@@ -408,12 +408,6 @@ class LDAP
$moz_ldapsearch = "/usr/lib/mozldap/ldapsearch";
}
- $passwd = str_replace(
- array('"', '`'),
- array('\"', '\`'),
- $_SESSION['user']->user_bind_pw
- );
-
$command = array(
$moz_ldapsearch,
'-x',
@@ -422,20 +416,17 @@ class LDAP
'-p',
$this->_ldap_port,
'-b',
- '"' . $entry_dn . '"',
+ escapeshellarg($entry_dn),
'-D',
- '"' . $_SESSION['user']->user_bind_dn . '"',
+ escapeshellarg($_SESSION['user']->user_bind_dn),
'-w',
- '"' . $passwd . '"',
+ escapeshellarg($_SESSION['user']->user_bind_pw),
'-J',
- '"' . implode(
- ':',
- array(
- '1.3.6.1.4.1.42.2.27.9.5.2', // OID
- 'true', // Criticality
- 'dn:' . $_SESSION['user']->user_bind_dn // User DN
- )
- ) . '"',
+ escapeshellarg(implode(':', array(
+ '1.3.6.1.4.1.42.2.27.9.5.2', // OID
+ 'true', // Criticality
+ 'dn:' . $_SESSION['user']->user_bind_dn // User DN
+ ))),
'-s',
'base',
'"(objectclass=*)"',