Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
bug #36498 [Security/Core] fix escape for username in LdapBindAuthent…
…icationProvider.php (stoccc) This PR was merged into the 3.4 branch. Discussion ---------- [Security/Core] fix escape for username in LdapBindAuthenticationProvider.php | Q | A | ------------- | --- | Branch? | 3.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | License | MIT I think that when we call `ldap_search()` as definitely it will do the `$this->ldap->query()` call, the proper filter applied should be `LdapInterface::ESCAPE_FILTER` as documented in https://www.php.net/manual/en/function.ldap-escape.php while `LdapInterface::ESCAPE_DN` should be used for `dn` only This simple change should fix, I'm sorry if I'm wrong. Commits ------- 4bda68a Update LdapBindAuthenticationProvider.php
- Loading branch information