playground
/
gogs
mirror of https://github.com/gogits/gogs.git
1
0
Fork 0
Code Issues Releases Activity
Browse Source

#3791 update LDAP username check (#3906)

pull/3781/merge
Саша Иванов 8 years ago committed by 无闻
parent
7cb440273c
commit
ca6cbb95cc
1 changed files with 2 additions and 2 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      modules/auth/ldap/ldap.go

2
modules/auth/ldap/ldap.go
Unescape View File

@ -60,7 +60,7 @@ func (ls *Source) sanitizedUserQuery(username string) (string, bool) {
func (ls *Source) sanitizedUserDN(username string) (string, bool) {
// See http://tools.ietf.org/search/rfc4514: "special characters"
badCharacters := "\x00()*\\,='\"#+;<>"
if strings.ContainsAny(username, badCharacters) {
if strings.ContainsAny(username, badCharacters) || strings.HasPrefix(username, " ") || strings.HasSuffix(username, " ") {
log.Debug("'%s' contains invalid DN characters. Aborting.", username)
return "", false
}

Write Preview
Loading…
Cancel
Save