防止LDAP注入

lanyulei · Dec 8, 2024 · ddcf5a6 · ddcf5a6
1 parent 36e7e12
commit ddcf5a6
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/pkg/ldap/search.go b/pkg/ldap/search.go
@@ -70,7 +70,7 @@ func searchRequest(username string) (userInfo *ldap.Entry, err error) {
 		0,
 		0,
 		false,
-		fmt.Sprintf("(%v=%v)", viper.GetString("settings.ldap.userField"), username),
+		fmt.Sprintf("(%v=%v)", viper.GetString("settings.ldap.userField"), ldap.EscapeFilter(username)),
 		ldapFieldsFilter,
 		nil)