USEFULL
/
gogs
mirror of https://github.com/gogs/gogs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ldap: return valid LDAP string if user input lacks "%s" (#5171) 

If the user provides a string that does not contain "%s", fmt.Sprintf
silently appends "%!(EXTRA type=value)" instead of failing loudly.
This fixes #4375.
pull/5181/head
Josef Kemetmüller 2018-04-16 23:19:45 +02:00 committed by 无闻
parent cb47595f13
commit c0b45fa36f
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/auth/ldap/ldap.go
View File

@ -56,7 +56,7 @@ func (ls *Source) sanitizedUserQuery(username string) (string, bool) {
return "", false
}
return fmt.Sprintf(ls.Filter, username), true
return strings.Replace(ls.Filter, "%s", username, -1), true
}
func (ls *Source) sanitizedUserDN(username string) (string, bool) {
@ -67,7 +67,7 @@ func (ls *Source) sanitizedUserDN(username string) (string, bool) {
return "", false
}
return fmt.Sprintf(ls.UserDN, username), true
return strings.Replace(ls.UserDN, "%s", username, -1), true
}
func (ls *Source) sanitizedGroupFilter(group string) (string, bool) {