Commit 27553a3f authored by Raphaël OUAZANA's avatar Raphaël OUAZANA
Browse files

Proper fix for filter value escaping (references #750)

parent 58b8b1cc
......@@ -53,6 +53,7 @@ import java.util.Set;
import org.apache.directory.api.ldap.model.entry.BinaryValue;
import org.apache.directory.api.ldap.model.filter.EqualityNode;
import org.apache.directory.api.ldap.model.filter.FilterEncoder;
import org.apache.directory.api.ldap.model.filter.SimpleNode;
import org.lsc.utils.CaseIgnoreStringHashMap;
......@@ -97,7 +98,7 @@ public class LscDatasets implements Serializable {
SimpleNode<byte[]> filter = new EqualityNode<byte[]>(attribute, binValue);
return filter.getEscapedValue().toString();
} else {
return getStringValueAttribute(attribute);
return FilterEncoder.encodeFilterValue(getStringValueAttribute(attribute));
}
}
......
......@@ -60,7 +60,6 @@ import javax.naming.directory.Attribute;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.apache.directory.api.ldap.model.filter.FilterEncoder;
import org.lsc.Configuration;
import org.lsc.LscDatasets;
import org.lsc.beans.IBean;
......@@ -243,17 +242,17 @@ public abstract class AbstractSimpleJndiService implements Closeable {
* the identified object
*/
public SearchResult get(String id, LscDatasets pivotAttrs, boolean fromSource, String searchString) throws NamingException {
searchString = Pattern.compile("\\{id\\}", Pattern.CASE_INSENSITIVE).matcher(searchString).replaceAll(Matcher.quoteReplacement(FilterEncoder.encodeFilterValue(id)));
searchString = Pattern.compile("\\{id\\}", Pattern.CASE_INSENSITIVE).matcher(searchString).replaceAll(Matcher.quoteReplacement(id));
if (pivotAttrs != null && pivotAttrs.getDatasets() != null && pivotAttrs.getDatasets().size() > 0) {
for (String attributeName : pivotAttrs.getAttributesNames()) {
String valueId = pivotAttrs.getValueForFilter(attributeName.toLowerCase());
searchString = Pattern.compile("\\{" + attributeName + "\\}", Pattern.CASE_INSENSITIVE).matcher(searchString).replaceAll(Matcher.quoteReplacement(FilterEncoder.encodeFilterValue(valueId)));
searchString = Pattern.compile("\\{" + attributeName + "\\}", Pattern.CASE_INSENSITIVE).matcher(searchString).replaceAll(Matcher.quoteReplacement(valueId));
}
} else if (attrsId.size() == 1) {
searchString = Pattern.compile("\\{" + attrsId.get(0) + "\\}", Pattern.CASE_INSENSITIVE).matcher(searchString).replaceAll(Matcher.quoteReplacement(FilterEncoder.encodeFilterValue(id)));
searchString = Pattern.compile("\\{" + attrsId.get(0) + "\\}", Pattern.CASE_INSENSITIVE).matcher(searchString).replaceAll(Matcher.quoteReplacement(id));
} else {
// this is kept for backwards compatibility but will be removed
searchString = filterIdSync.replaceAll("\\{0\\}", Matcher.quoteReplacement(FilterEncoder.encodeFilterValue(id)));
searchString = filterIdSync.replaceAll("\\{0\\}", Matcher.quoteReplacement(id));
}
return getJndiServices().getEntry(baseDn, searchString, _filteredSc);
......
......@@ -80,7 +80,6 @@ import org.apache.directory.api.ldap.model.entry.Value;
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.api.ldap.model.exception.LdapInvalidDnException;
import org.apache.directory.api.ldap.model.exception.LdapURLEncodingException;
import org.apache.directory.api.ldap.model.filter.FilterEncoder;
import org.apache.directory.api.ldap.model.message.AliasDerefMode;
import org.apache.directory.api.ldap.model.message.Control;
import org.apache.directory.api.ldap.model.message.LdapResult;
......@@ -227,14 +226,14 @@ public class SyncReplSourceService extends SimpleJndiSrcService implements IAsyn
searchString = filterIdClean;
}
searchString = Pattern.compile("\\{id\\}", Pattern.CASE_INSENSITIVE).matcher(searchString).replaceAll(Matcher.quoteReplacement(FilterEncoder.encodeFilterValue(id)));
searchString = Pattern.compile("\\{id\\}", Pattern.CASE_INSENSITIVE).matcher(searchString).replaceAll(Matcher.quoteReplacement(id));
if (pivotAttrs != null && pivotAttrs.getDatasets() != null && pivotAttrs.getDatasets().size() > 0) {
for (String attributeName : pivotAttrs.getAttributesNames()) {
String valueId = pivotAttrs.getValueForFilter(attributeName.toLowerCase());
searchString = Pattern.compile("\\{" + attributeName + "\\}", Pattern.CASE_INSENSITIVE).matcher(searchString).replaceAll(Matcher.quoteReplacement(FilterEncoder.encodeFilterValue(valueId)));
searchString = Pattern.compile("\\{" + attributeName + "\\}", Pattern.CASE_INSENSITIVE).matcher(searchString).replaceAll(Matcher.quoteReplacement(valueId));
}
} else if (attrsId.size() == 1) {
searchString = Pattern.compile("\\{" + attrsId.get(0) + "\\}", Pattern.CASE_INSENSITIVE).matcher(searchString).replaceAll(Matcher.quoteReplacement(FilterEncoder.encodeFilterValue(id)));
searchString = Pattern.compile("\\{" + attrsId.get(0) + "\\}", Pattern.CASE_INSENSITIVE).matcher(searchString).replaceAll(Matcher.quoteReplacement(id));
} else {
// this is kept for backwards compatibility but will be removed
searchString = filterIdSync.replaceAll("\\{0\\}", id);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment