Nemcio/Gogs
1
0
Fork 0
mirror of https://github.com/gogs/gogs.git synced 2026-02-16 11:26:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

ldap: return valid LDAP string if user input lacks "%s" (#5171)

Browse Source 
If the user provides a string that does not contain "%s", fmt.Sprintf
silently appends "%!(EXTRA type=value)" instead of failing loudly.
This fixes #4375.
This commit is contained in:
Josef Kemetmüller
2018-04-16 23:19:45 +02:00
committed by 无闻
parent cb47595f13
commit c0b45fa36f
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/auth/ldap/ldap.go
View File

@@ -56,7 +56,7 @@ func (ls *Source) sanitizedUserQuery(username string) (string, bool) {
return "", false
}
return fmt.Sprintf(ls.Filter, username), true
return strings.Replace(ls.Filter, "%s", username, -1), true
}
func (ls *Source) sanitizedUserDN(username string) (string, bool) {
@@ -67,7 +67,7 @@ func (ls *Source) sanitizedUserDN(username string) (string, bool) {
return "", false
}
return fmt.Sprintf(ls.UserDN, username), true
return strings.Replace(ls.UserDN, "%s", username, -1), true
}
func (ls *Source) sanitizedGroupFilter(group string) (string, bool) {