diff options
| author | Josef Kemetmüller <josef.kemetmueller@aon.at> | 2018-04-16 23:19:45 +0200 |
|---|---|---|
| committer | 无闻 <u@gogs.io> | 2018-04-16 17:19:45 -0400 |
| commit | c0b45fa36ff2b61a61a6c0f7e32f83f64cdb1a62 (patch) | |
| tree | 7e68e3dd9e284b54a4b36684b3e5ba940ae80b30 | |
| parent | cb47595f13a4671280f09c1e07b651559ae4f261 (diff) | |
ldap: return valid LDAP string if user input lacks "%s" (#5171)
If the user provides a string that does not contain "%s", fmt.Sprintf
silently appends "%!(EXTRA type=value)" instead of failing loudly.
This fixes #4375.
| -rw-r--r-- | pkg/auth/ldap/ldap.go | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/pkg/auth/ldap/ldap.go b/pkg/auth/ldap/ldap.go index 3120b0ee..5b976460 100644 --- a/pkg/auth/ldap/ldap.go +++ b/pkg/auth/ldap/ldap.go @@ -56,7 +56,7 @@ func (ls *Source) sanitizedUserQuery(username string) (string, bool) { return "", false } - return fmt.Sprintf(ls.Filter, username), true + return strings.Replace(ls.Filter, "%s", username, -1), true } func (ls *Source) sanitizedUserDN(username string) (string, bool) { @@ -67,7 +67,7 @@ func (ls *Source) sanitizedUserDN(username string) (string, bool) { return "", false } - return fmt.Sprintf(ls.UserDN, username), true + return strings.Replace(ls.UserDN, "%s", username, -1), true } func (ls *Source) sanitizedGroupFilter(group string) (string, bool) { |