Fix usage of LDAP group conditions

fixes #11497
glpi-project · Sep 29, 2022 · ae021fa · ae021fa
1 parent 1bd287e
commit ae021fa
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 10 deletions.
diff --git a/src/Auth.php b/src/Auth.php
@@ -815,7 +815,7 @@ public function login($login_name, $login_password, $noauto = false, $remember_m
                                      'basedn'            => $ldap_method["basedn"],
                                      'login_field'       => $ldap_method['login_field'],
                                      'search_parameters' => $params,
-                                     'condition'         => $ldap_method["condition"],
+                                     'condition'         => Sanitizer::unsanitize($ldap_method["condition"]),
                                      'user_params'       => [
                                          'method' => AuthLDAP::IDENTIFIER_LOGIN,
                                          'value'  => $login_name

diff --git a/src/AuthLDAP.php b/src/AuthLDAP.php
@@ -1440,7 +1440,7 @@ public static function displayLdapFilter($target, $users = true)
         }
 
         if (!isset($_SESSION[$filter_var]) || ($_SESSION[$filter_var] == '')) {
-            $_SESSION[$filter_var] = $config_ldap->fields[$filter_name1];
+            $_SESSION[$filter_var] = Sanitizer::unsanitize($config_ldap->fields[$filter_name1]);
         }
 
         echo "<div class='card'>";
@@ -1450,21 +1450,21 @@ public static function displayLdapFilter($target, $users = true)
                                            : __('Filter to search in groups')) . "</td>";
 
         echo "<td>";
-        echo "<input type='text' name='ldap_filter' value='" . $_SESSION[$filter_var] . "' size='70'>";
+        echo "<input type='text' name='ldap_filter' value='" . htmlspecialchars($_SESSION[$filter_var], ENT_QUOTES) . "' size='70'>";
        //Only display when looking for groups in users AND groups
         if (
             !$users
             && ($config_ldap->fields["group_search_type"] == self::GROUP_SEARCH_BOTH)
         ) {
             if (!isset($_SESSION["ldap_group_filter2"]) || ($_SESSION["ldap_group_filter2"] == '')) {
-                $_SESSION["ldap_group_filter2"] = $config_ldap->fields[$filter_name2];
+                $_SESSION["ldap_group_filter2"] = Sanitizer::unsanitize($config_ldap->fields[$filter_name2]);
             }
             echo "</td></tr>";
 
             echo "<tr><td>" . __('Search filter for users') . "</td";
 
             echo "<td>";
-            echo "<input type='text' name='ldap_filter2' value='" . $_SESSION["ldap_group_filter2"] . "'
+            echo "<input type='text' name='ldap_filter2' value='" . htmlspecialchars($_SESSION["ldap_group_filter2"], ENT_QUOTES) . "'
                 size='70'></td></tr>";
         }
 
@@ -2508,10 +2508,10 @@ public static function getGroupsFromLDAP(
         if ($filter == '') {
             if ($search_in_groups) {
                 $filter = (!empty($config_ldap->fields['group_condition'])
-                       ? $config_ldap->fields['group_condition'] : "(objectclass=*)");
+                       ? Sanitizer::unsanitize($config_ldap->fields['group_condition']) : "(objectclass=*)");
             } else {
                 $filter = (!empty($config_ldap->fields['condition'])
-                       ? $config_ldap->fields['condition'] : "(objectclass=*)");
+                       ? Sanitizer::unsanitize($config_ldap->fields['condition']) : "(objectclass=*)");
             }
         }
         $cookie = '';
@@ -2762,7 +2762,7 @@ public static function ldapImportUserByServerId(
                 'login_field'       => $search_parameters['fields'][$search_parameters['method']],
                 'search_parameters' => $search_parameters,
                 'user_params'       => $params,
-                'condition'         => $config_ldap->fields['condition']
+                'condition'         => Sanitizer::unsanitize($config_ldap->fields['condition'])
             ];
 
             try {
@@ -3668,7 +3668,7 @@ public static function showUserImportForm(AuthLDAP $authldap)
 
                     echo "<tr><td class='text-end'><label for='ldap_filter'>" . __('Search filter for users') . "</label></td><td colspan='3'>";
                     echo "<input type='text' class='form-control' id='ldap_filter' name='ldap_filter' value=\"" .
-                      $_SESSION['ldap_import']['ldap_filter'] . "\">";
+                      htmlspecialchars($_SESSION['ldap_import']['ldap_filter'], ENT_QUOTES) . "\">";
                     echo "</td></tr>";
                 }
                 break;

diff --git a/src/User.php b/src/User.php
@@ -1698,7 +1698,7 @@ private function getFromLDAPGroupDiscret($ldap_connection, array $ldap_method, $
             $ldap_connection,
             $ldap_method["basedn"],
             $user_tmp,
-            $ldap_method["group_condition"],
+            Sanitizer::unsanitize($ldap_method["group_condition"]),
             $ldap_method["group_member_field"],
             $ldap_method["use_dn"],
             $ldap_method["login_field"]