Page MenuHomePhorge
Files F3294747

ldapsprintf.php
No OneTemporary
Actions

ldapsprintf.php
View Options

<?php
/**
* Format an LDAP string. This function behaves like `sprintf`, except that all
* the normal conversions (like "%s") will be properly escaped, and additional
* conversions are supported:
*
* %S (Search Filter)
* Escapes text for use in a search filter.
*
* %Q (Raw Query)
* Inserts raw, unescaped text. DANGEROUS!
*
*/
function ldap_sprintf($pattern /* , ... */) {
$args = func_get_args();
return xsprintf('xsprintf_ldap', null, $args);
}
/**
* @{function:ldap_sprintf} callback for LDAP encoding.
*/
function xsprintf_ldap($userdata, &$pattern, &$pos, &$value, &$length) {
$type = $pattern[$pos];
// https://www.owasp.org/index.php/Preventing_LDAP_Injection_in_Java
switch ($type) {
case 'S':
$value = str_replace(
array('\\', '*', '(', ')', "\0"),
array('\\5c', '\\2a', '\\28', '\\29', '\\00'),
$value);
$type = 's';
break;
case 's':
$value = addcslashes($value, ',\\#+<>;"= ');
$type = 's';
break;
case 'Q':
$type = 's';
break;
}
$pattern[$pos] = $type;
}

File Metadata

Mime Type
text/x-php
Expires
Wed, Mar 26, 22:35 (1 w, 1 d ago)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
1115567
Default Alt Text
ldapsprintf.php (1 KB)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike 4.0 (CC-BY-SA) unless otherwise noted; code licensed under Apache 2.0 or other open source licenses. · CC BY-SA 4.0 · Apache 2.0