Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-06 14:20:55 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix potential ldap injection

Browse Source 
Signed-off-by: Felix Eckhofer <felix@eckhofer.com>
This commit is contained in:
Felix Eckhofer
2023-02-25 20:27:52 +01:00
committed by Nicola Murino
parent e0cbb966f0
commit 71f691b208
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
examples/ldapauthserver/httpd/ldapauth.go
View File

@@ -78,7 +78,7 @@ func checkSFTPGoUserAuth(w http.ResponseWriter, r *http.Request) {
searchRequest := ldap.NewSearchRequest(
ldapConfig.BaseDN,
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
strings.Replace(ldapConfig.SearchFilter, "%s", authReq.Username, 1),
strings.Replace(ldapConfig.SearchFilter, "%s", ldap.EscapeFilter(authReq.Username), 1),
ldapConfig.SearchBaseAttrs,
nil,
)