On 20 Jul 2011, at 10:02, Clément OUDOT wrote:
> Hi,
>
> I have a piece of code where I build a search filter with some
> variables, like this:
>
> my $searchFilter =
> "(&(objectClass=" . $portal->{ldapGroupObjectClass} . ")(|";
> foreach ( split( $portal->{multiValuesSeparator}, $value ) ) {
> $searchFilter .= "(" . $key . "=" . $_ . ")";
> }
> $searchFilter .= "))";
>
> This works well, excepted when the value (in the key=value syntax)
> contains a backslash ('\'). This is the case for example if the value
> is a DN like this : cn=OUDOT\, Clement, ou=users, dc=example, dc=com
>
> To make this works, I added this line :
>
> $searchFilter =~ s/\\/\\\\/;
>
>
> My question: is this a bug in my code, or can this be a Perl-LDAP bug?
> I am using version 0.4001.
I think it is a bug in your code :-(
LDAP search filter strings consider certain characters as "special" when used
in assertion values, so there is an escape mechanism defined - which is to use
backslash and the hex-encoding of the character (eg \xx) or backslash and a
single character (eg \c).
So your $_ value needs to be escaped correctly before inserting it into an LDAP
filter string. You need to escape more than backslashes - what if your input
value was ")"? Doing a subsequent regexp replace of \ to \\ is not really
robust.
RFC 4515 should list all the characters that you have to escape. Actually, the
Net::LDAP::Filter documentation lists them as well :-)
You could also consider building your filter using Net::LDAP::Filter instead of
as a string.
Chris
