directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny (JIRA)" <>
Subject [jira] [Commented] (DIRSHARED-143) Provide helper method to escape characters to be used in LDAP Filter literal
Date Sat, 03 Nov 2012 08:40:12 GMT


Emmanuel Lecharny commented on DIRSHARED-143:

There is no simple solution. Consider those filters :

(cn=acm*) -> should we escape '*', and produce a (cn=acm\2a) filter ? What if the user
intention was to match every cn starting with 'acm' ?

(&(cn=my)(cn\3Dtest)) -> should we  escape the filter to (&cn=my\29\28cn\3Dtest\29)

Now, we do have a method that escape the 5 special chars, but it's protected and it works
only on String value :

     * Handles the escaping of special characters in LDAP search filter assertion values using
     * &lt;valueencoding&gt; rule as described in
     * <a href="">RFC 4515</a>. Needed so that
     * {@link ExprNode#printToBuffer(StringBuffer)} results in a valid filter string that
can be parsed
     * again (as a way of cloning filters).
     * @param value Right hand side of "attrId=value" assertion occurring in an LDAP search
     * @return Escaped version of <code>value</code>
    protected static Value<?> escapeFilterValue( Value<?> value )

We can add one that is a public method working on String, would it be enough ?
> Provide helper method to escape characters to be used in LDAP Filter literal
> ----------------------------------------------------------------------------
>                 Key: DIRSHARED-143
>                 URL:
>             Project: Directory Shared
>          Issue Type: Improvement
>    Affects Versions: 1.0.0-M13
>            Reporter: Hendy Irawan
> In order to prevent malicious injection, user-provided input must be escaped (the 5 restricted
characters) before being put in LDAP filter.
> Provide a helper static method to make it convenient and available as public API.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message