Escape special characters in LDAP filter

duffee / Mojolicious_session_example

A simple Mojolicious application example for authenticating a user and maintaining a session

Artistic License 2.0

9 stars 5 forks source link

Escape special characters in LDAP filter #27

Open ilmari opened 5 years ago

ilmari commented 5 years ago

RFC 4515 requires * ( ) \ and NUL to be escaped with a backslash followed by the hexadecimal representation of the byte value.

duffee commented 5 years ago

I'll have a look at this next week. I guess I've just depended on Net::LDAP to handle it.

ilmari commented 5 years ago

Net::LDAP has no handling for this, sadly. Net::LDAP::Filter knows how to escape and unescape attribute values in a filter, but the only input form is the filter string, so we must do the escaping ourselves.