playground
/
gogs
mirror of https://github.com/gogits/gogs.git
1
0
Fork 0
Code Issues Releases Activity
Browse Source

ldap: return valid LDAP string if user input lacks "%s" (#5171) 

If the user provides a string that does not contain "%s", fmt.Sprintf
silently appends "%!(EXTRA type=value)" instead of failing loudly.
This fixes #4375.
pull/5181/head
Josef Kemetmüller 7 years ago committed by 无闻
parent
cb47595f13
commit
c0b45fa36f
1 changed files with 2 additions and 2 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      pkg/auth/ldap/ldap.go

4
pkg/auth/ldap/ldap.go
Unescape View File

@ -56,7 +56,7 @@ func (ls *Source) sanitizedUserQuery(username string) (string, bool) {
return "", false
}
return fmt.Sprintf(ls.Filter, username), true
return strings.Replace(ls.Filter, "%s", username, -1), true
}
func (ls *Source) sanitizedUserDN(username string) (string, bool) {
@ -67,7 +67,7 @@ func (ls *Source) sanitizedUserDN(username string) (string, bool) {
return "", false
}
return fmt.Sprintf(ls.UserDN, username), true
return strings.Replace(ls.UserDN, "%s", username, -1), true
}
func (ls *Source) sanitizedGroupFilter(group string) (string, bool) {

Write Preview
Loading…
Cancel
Save