diff options
author | Michael Kozono <mkozono@gmail.com> | 2017-09-20 15:25:30 -0700 |
---|---|---|
committer | Michael Kozono <mkozono@gmail.com> | 2017-10-07 10:28:13 -0700 |
commit | f610fea7771f09067c5ee76468d07e217794934e (patch) | |
tree | ed449884e9e95af8e03382ebf4e2c1a7fd2067f5 /lib/gitlab | |
parent | 1e7ff892c00eea4e26a653b7a13dee4330b49221 (diff) | |
download | gitlab-ce-f610fea7771f09067c5ee76468d07e217794934e.tar.gz |
Handle CR and LF characters
Diffstat (limited to 'lib/gitlab')
-rw-r--r-- | lib/gitlab/ldap/dn.rb | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/lib/gitlab/ldap/dn.rb b/lib/gitlab/ldap/dn.rb index 554156142cc..f62d36101c4 100644 --- a/lib/gitlab/ldap/dn.rb +++ b/lib/gitlab/ldap/dn.rb @@ -225,6 +225,12 @@ module Gitlab # if necessary (i.e. leading or trailing space). NORMAL_ESCAPES = [',', '+', '"', '\\', '<', '>', ';', '='] + # The following must be represented as escaped hex + HEX_ESCAPES = { + "\n" => '\0a', + "\r" => '\0d' + } + # Compiled character class regexp using the keys from the above hash, and # checking for a space or # at the start, or space at the end, of the # string. @@ -232,10 +238,15 @@ module Gitlab NORMAL_ESCAPES.map { |e| Regexp.escape(e) }.join + "])") + HEX_ESCAPE_RE = Regexp.new("([" + + HEX_ESCAPES.keys.map { |e| Regexp.escape(e) }.join + + "])") + ## # Escape a string for use in a DN value def self.escape(string) - string.gsub(ESCAPE_RE) { |char| "\\" + char } + escaped = string.gsub(ESCAPE_RE) { |char| "\\" + char } + escaped.gsub(HEX_ESCAPE_RE) { |char| HEX_ESCAPES[char] } end ## |