Last active
February 21, 2023 15:51
-
-
Save stevebauman/0db9b5daa414d60fc266 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/** | |
* Escapes the inserted value for LDAP. | |
* | |
* @param string $value The value to escape | |
* @param string $ignore The characters to ignore | |
* @param int $flags The PHP flag to use | |
* | |
* @return bool|string | |
*/ | |
public function escapeManual($value, $ignore = '*', $flags = 0) | |
{ | |
/* | |
* If a flag was supplied, we'll send the value | |
* off to be escaped using the PHP flag values | |
* and return the result. | |
*/ | |
if($flags) { | |
return $this->escapeWithFlags($value, $ignore, $flags); | |
} | |
// Convert ignore string into an array | |
$ignores = str_split($ignore); | |
// Convert the value to a hex string | |
$hex = bin2hex($value); | |
/* | |
* Separate the string, with the hex length of 2, | |
* and place a backslash on the end of each section | |
*/ | |
$value = chunk_split($hex, 2, "\\"); | |
/* | |
* We'll append a backslash at the front of the string | |
* and remove the ending backslash of the string | |
*/ | |
$value = "\\" . substr($value, 0, -1); | |
// Go through each character to ignore | |
foreach($ignores as $charToIgnore) | |
{ | |
// Convert the characterToIgnore to a hex | |
$hexed = bin2hex($charToIgnore); | |
// Replace the hexed variant with the original character | |
$value = str_replace("\\" . $hexed, $charToIgnore, $value); | |
} | |
// Finally we can return the escaped value | |
return $value; | |
} | |
/** | |
* Escapes the inserted value with flags. Supplying either 1 | |
* or 2 into the flags parameter will escape only certain values | |
* | |
* | |
* @param string $value The value to escape | |
* @param string $ignore The characters to ignore | |
* @param int $flags The PHP flag to use | |
* @return bool|string | |
*/ | |
public function escapeWithFlags($value, $ignore = '*', $flags = 0) | |
{ | |
// Convert ignore string into an array | |
$ignores = str_split($ignore); | |
$escapeFilter = ['\\', '*', '(', ')']; | |
$escapeDn = ['\\', ',', '=', '+', '<', '>', ';', '"', '#']; | |
switch($flags) | |
{ | |
case 1: | |
// Int 1 equals to LDAP_ESCAPE_FILTER | |
$escapes = $escapeFilter; | |
break; | |
case 2: | |
// Int 2 equals to LDAP_ESCAPE_DN | |
$escapes = $escapeDn; | |
break; | |
case 3: | |
// If both LDAP_ESCAPE_FILTER and LDAP_ESCAPE_DN are used | |
$escapes = array_merge($escapeFilter, $escapeDn); | |
break; | |
default: | |
return false; | |
} | |
foreach($escapes as $escape) | |
{ | |
// Make sure the escaped value isn't being ignored | |
if( ! in_array($escape, $ignores)) | |
{ | |
$hexed = chunk_split(bin2hex($escape), 2, "\\"); | |
$hexed = "\\" . substr($hexed, 0, -1); | |
$value = str_replace($escape, $hexed, $value); | |
} | |
} | |
return $value; | |
} |
Hey @stevebauman @stevebauman,
could you please help on this LDAP queries
- If I need to escape LDAP special characters present in the input field, URL etc. then what need to do on that part.
Do I need to remove all the special characters using Laravel or PHP core function?
Not exactly sure, from where I should start?
Thanks
Hi @urvinsanghavi1,
Run the input field's value through ldap_escape($inputValue, '', LDAP_ESCAPE_FILTER)
. I.e.
$input = ldap_escape(request('input'), '', LDAP_ESCAPE_FILTER);
$ldapFilter = sprintf('(cn=%s)', $input);
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Tests