diff options
-rw-r--r-- | ext/ldap/ldap.c | 89 | ||||
-rw-r--r-- | ext/ldap/tests/ldap_escape_all.phpt | 14 | ||||
-rw-r--r-- | ext/ldap/tests/ldap_escape_both.phpt | 14 | ||||
-rw-r--r-- | ext/ldap/tests/ldap_escape_dn.phpt | 14 | ||||
-rw-r--r-- | ext/ldap/tests/ldap_escape_filter.phpt | 14 | ||||
-rw-r--r-- | ext/ldap/tests/ldap_escape_ignore.phpt | 15 |
6 files changed, 160 insertions, 0 deletions
diff --git a/ext/ldap/ldap.c b/ext/ldap/ldap.c index 3cfa2092e7..734486a124 100644 --- a/ext/ldap/ldap.c +++ b/ext/ldap/ldap.c @@ -67,6 +67,9 @@ #include <sasl/sasl.h> #endif +#define PHP_LDAP_ESCAPE_FILTER 0x01 +#define PHP_LDAP_ESCAPE_DN 0x02 + typedef struct { LDAP *link; #if defined(LDAP_API_FEATURE_X_OPENLDAP) && defined(HAVE_3ARG_SETREBINDPROC) @@ -195,6 +198,9 @@ PHP_MINIT_FUNCTION(ldap) REGISTER_LONG_CONSTANT("GSLC_SSL_TWOWAY_AUTH", GSLC_SSL_TWOWAY_AUTH, CONST_PERSISTENT | CONST_CS); #endif + REGISTER_LONG_CONSTANT("LDAP_ESCAPE_FILTER", PHP_LDAP_ESCAPE_FILTER, CONST_PERSISTENT | CONST_CS); + REGISTER_LONG_CONSTANT("LDAP_ESCAPE_DN", PHP_LDAP_ESCAPE_DN, CONST_PERSISTENT | CONST_CS); + le_link = zend_register_list_destructors_ex(_close_ldap_link, NULL, "ldap link", module_number); le_result = zend_register_list_destructors_ex(_free_ldap_result, NULL, "ldap result", module_number); le_result_entry = zend_register_list_destructors_ex(_free_ldap_result_entry, NULL, "ldap result entry", module_number); @@ -2136,6 +2142,81 @@ PHP_FUNCTION(ldap_set_rebind_proc) /* }}} */ #endif +static void php_ldap_do_escape(const zend_bool *map, const unsigned char *value, const int valuelen, unsigned char **result, int *resultlen) +{ + char hex[] = "0123456789abcdef"; + int i, p = 0; + size_t len = 0; + + for (i = 0; i < valuelen; i++) { + len += (map[value[i]]) ? 3 : 1; + } + len += 1; + + (*result) = (unsigned char *)emalloc(len); + (*resultlen) = (int)len; + + for (i = 0; i < valuelen; i++) { + if (map[value[i]]) { + (*result)[p++] = '\\'; + (*result)[p++] = hex[value[i] >> 4]; + (*result)[p++] = hex[value[i] & 0x0f]; + } else { + (*result)[p++] = value[i]; + } + } + + (*result)[p++] = '\0'; +} + +static void php_ldap_escape_map_set_chars(zend_bool *map, const unsigned char *chars, const int charslen, char escape) +{ + int i = 0; + while (i < charslen) { + map[chars[i++]] = escape; + } +} + +PHP_FUNCTION(ldap_escape) +{ + unsigned char *value, *ignores, *result; + int valuelen = 0, ignoreslen = 0, resultlen = 0, i; + long flags = 0; + zend_bool map[256] = {0}, havecharlist = 0; + + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|sl", &value, &valuelen, &ignores, &ignoreslen, &flags) != SUCCESS) { + return; + } + + if (!valuelen) { + RETURN_EMPTY_STRING(); + } + + if (flags & PHP_LDAP_ESCAPE_FILTER) { + havecharlist = 1; + php_ldap_escape_map_set_chars(map, "\\*()\0", sizeof("\\*()\0") - 1, 1); + } + + if (flags & PHP_LDAP_ESCAPE_DN) { + havecharlist = 1; + php_ldap_escape_map_set_chars(map, "\\,=+<>;\"#", sizeof("\\,=+<>;\"#") - 1, 1); + } + + if (!havecharlist) { + for (i = 0; i < 256; i++) { + map[i] = 1; + } + } + + if (ignoreslen) { + php_ldap_escape_map_set_chars(map, ignores, ignoreslen, 0); + } + + php_ldap_do_escape(map, value, valuelen, &result, &resultlen); + + RETURN_STRINGL(result, resultlen - 1, 0); +} + #ifdef STR_TRANSLATION /* {{{ php_ldap_do_translate */ @@ -2625,6 +2706,12 @@ ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_set_rebind_proc, 0, 0, 2) ZEND_END_ARG_INFO() #endif +ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_escape, 0, 0, 1) + ZEND_ARG_INFO(0, value) + ZEND_ARG_INFO(0, ignore) + ZEND_ARG_INFO(0, flags) +ZEND_END_ARG_INFO() + #ifdef STR_TRANSLATION ZEND_BEGIN_ARG_INFO_EX(arginfo_ldap_t61_to_8859, 0, 0, 1) ZEND_ARG_INFO(0, value) @@ -2703,6 +2790,8 @@ const zend_function_entry ldap_functions[] = { PHP_FE(ldap_set_rebind_proc, arginfo_ldap_set_rebind_proc) #endif + PHP_FE(ldap_escape, arginfo_ldap_escape) + #ifdef STR_TRANSLATION PHP_FE(ldap_t61_to_8859, arginfo_ldap_t61_to_8859) PHP_FE(ldap_8859_to_t61, arginfo_ldap_8859_to_t61) diff --git a/ext/ldap/tests/ldap_escape_all.phpt b/ext/ldap/tests/ldap_escape_all.phpt new file mode 100644 index 0000000000..a79be004ff --- /dev/null +++ b/ext/ldap/tests/ldap_escape_all.phpt @@ -0,0 +1,14 @@ +--TEST-- +ldap_escape() test all +--SKIPIF-- +<?php require_once('skipif.inc'); ?> +--FILE-- +<?php + +$subject = 'foo=bar(baz)*'; + +var_dump(ldap_escape($subject)); + +?> +--EXPECT-- +string(39) "\66\6f\6f\3d\62\61\72\28\62\61\7a\29\2a"
\ No newline at end of file diff --git a/ext/ldap/tests/ldap_escape_both.phpt b/ext/ldap/tests/ldap_escape_both.phpt new file mode 100644 index 0000000000..2169c0ad2e --- /dev/null +++ b/ext/ldap/tests/ldap_escape_both.phpt @@ -0,0 +1,14 @@ +--TEST-- +ldap_escape() test filter and DN +--SKIPIF-- +<?php require_once('skipif.inc'); ?> +--FILE-- +<?php + +$subject = 'foo=bar(baz)*'; + +var_dump(ldap_escape($subject, null, LDAP_ESCAPE_DN | LDAP_ESCAPE_FILTER)); + +?> +--EXPECT-- +string(21) "foo\3dbar\28baz\29\2a"
\ No newline at end of file diff --git a/ext/ldap/tests/ldap_escape_dn.phpt b/ext/ldap/tests/ldap_escape_dn.phpt new file mode 100644 index 0000000000..fbcb0545ae --- /dev/null +++ b/ext/ldap/tests/ldap_escape_dn.phpt @@ -0,0 +1,14 @@ +--TEST-- +ldap_escape() test DN +--SKIPIF-- +<?php require_once('skipif.inc'); ?> +--FILE-- +<?php + +$subject = 'foo=bar(baz)*'; + +var_dump(ldap_escape($subject, null, LDAP_ESCAPE_DN)); + +?> +--EXPECT-- +string(15) "foo\3dbar(baz)*"
\ No newline at end of file diff --git a/ext/ldap/tests/ldap_escape_filter.phpt b/ext/ldap/tests/ldap_escape_filter.phpt new file mode 100644 index 0000000000..e4540a452d --- /dev/null +++ b/ext/ldap/tests/ldap_escape_filter.phpt @@ -0,0 +1,14 @@ +--TEST-- +ldap_escape() test filter +--SKIPIF-- +<?php require_once('skipif.inc'); ?> +--FILE-- +<?php + +$subject = 'foo=bar(baz)*'; + +var_dump(ldap_escape($subject, null, LDAP_ESCAPE_FILTER)); + +?> +--EXPECT-- +string(19) "foo=bar\28baz\29\2a"
\ No newline at end of file diff --git a/ext/ldap/tests/ldap_escape_ignore.phpt b/ext/ldap/tests/ldap_escape_ignore.phpt new file mode 100644 index 0000000000..ab56aa2d0e --- /dev/null +++ b/ext/ldap/tests/ldap_escape_ignore.phpt @@ -0,0 +1,15 @@ +--TEST-- +ldap_escape() test ignore +--SKIPIF-- +<?php require_once('skipif.inc'); ?> +--FILE-- +<?php + +$subject = 'foo=bar(baz)*'; +$ignore = 'ao'; + +var_dump(ldap_escape($subject, $ignore)); + +?> +--EXPECT-- +string(31) "\66oo\3d\62a\72\28\62a\7a\29\2a"
\ No newline at end of file |