directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Parker <dpar...@utica.edu>
Subject Re: How to Escape LDAP Filter Query ?
Date Wed, 30 May 2012 20:08:39 GMT
On 05/30/2012 12:55 PM, Hendy Irawan wrote:
> Dear Apache Directory users,
>
> How do I escape an LDAP filter query ?
>
> e.g.
>
> String searchTerm = ...; // from user input
> String filter = "(&(objectclass=person)(cn=*" + escapeFunction(searchTerm)
> + "*))";
>
> What is this escapeFunction ?
>

Hello,

What exactly do you want to escape in searchTerm?  Are you trying to 
prevent someone from entering something like 
"johndoe,o=x.com,dc=x,dc=com" as the search term?  If that is the case, 
then you could sanitize the input using something like this:

     if( searchTerm.contains(",") )
         searchTerm = searchTerm.substring(0,searchTerm.indexOf(","));

Or you could simply sanitize the user input by checking for various 
characters (& | ! , etc.) and rejecting the input if one of these is 
found in the string.

I'm not much of a Java programmer, so there is probably a better way, 
but I hope this helps.

     - Dave

-- 

Dave Parker
Systems Administrator
Utica College
Integrated Information Technology Services
(315) 792-3229
Registered Linux User #408177


Mime
View raw message