USEFULL/gogs
1
0
Fork 0
mirror of https://github.com/gogs/gogs.git synced 2025-05-31 11:42:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

#3791 update LDAP username check (#3906)

Browse Source
This commit is contained in:
Саша Иванов 2016-12-21 11:43:22 +03:00 committed by 无闻
parent 7cb440273c
commit ca6cbb95cc
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
modules/auth/ldap/ldap.go
View File

@ -59,8 +59,8 @@ func (ls *Source) sanitizedUserQuery(username string) (string, bool) {
func (ls *Source) sanitizedUserDN(username string) (string, bool) { func (ls *Source) sanitizedUserDN(username string) (string, bool) {
// See http://tools.ietf.org/search/rfc4514: "special characters" // See http://tools.ietf.org/search/rfc4514: "special characters"
badCharacters := "\x00()*\\,='\"#+;<> " badCharacters := "\x00()*\\,='\"#+;<>"
if strings.ContainsAny(username, badCharacters) { if strings.ContainsAny(username, badCharacters) || strings.HasPrefix(username, " ") || strings.HasSuffix(username, " ") {
log.Debug("'%s' contains invalid DN characters. Aborting.", username) log.Debug("'%s' contains invalid DN characters. Aborting.", username)
return "", false return "", false
} }