Author: bdaw
Date: 2010-10-07 08:21:45 -0400 (Thu, 07 Oct 2010)
New Revision: 438
Modified:
idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/LDAPIdentityStoreImpl.java
Log:
- PLIDM-24 names in LDAP search filter are not escaped properly - additional patch by
mputz
Modified:
idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/LDAPIdentityStoreImpl.java
===================================================================
---
idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/LDAPIdentityStoreImpl.java 2010-10-06
23:28:39 UTC (rev 437)
+++
idm/branches/1.1.0/picketlink-idm-ldap/src/main/java/org/picketlink/idm/impl/store/ldap/LDAPIdentityStoreImpl.java 2010-10-07
12:21:45 UTC (rev 438)
@@ -1247,12 +1247,12 @@
.append("=");
if (checkedTypeConfiguration.isParentMembershipAttributeDN())
{
- af.append(ldapIO.getDn());
+ af.append(Tools.escapeLDAPSearchFilter(ldapIO.getDn()));
}
else
{
//TODO: this doesn't make much sense unless parent/child are same
identity types and resides in the same LDAP context
- af.append(ldapIO.getName());
+ af.append(Tools.escapeLDAPSearchFilter(ldapIO.getName()));
}
af.append(")");
}
@@ -1264,12 +1264,12 @@
.append("=");
if (checkedTypeConfiguration.isChildMembershipAttributeDN())
{
- af.append(ldapIO.getDn());
+ af.append(Tools.escapeLDAPSearchFilter(ldapIO.getDn()));
}
else
{
//TODO: this doesn't make much sense unless parent/child are same
identity types and resides in the same LDAP context
- af.append(ldapIO.getName());
+ af.append(Tools.escapeLDAPSearchFilter(ldapIO.getName()));
}
af.append(")");
}
@@ -1296,6 +1296,7 @@
else
{
filter =
"(".concat(checkedTypeConfiguration.getIdAttributeName()).concat("=").concat(nameFilter).concat(")");
+
sr = searchIdentityObjects(ctx,
entryCtxs,
"(&(" + filter + ")" + af.toString() +
")",