[Kolab-devel] [issue242] Bug in escape function in ldap.class.php

Bernhard Herzog kolab-issues at intevation.de
Wed Jul 14 18:04:00 CEST 2004


New submission from Bernhard Herzog <bh at intevation.de>:

While looking through the code a bit I noticed a bug in the escape function in
kolab-webadmin/kolab-webadmin/php/admin/include/ldap.class.php.  The function
backslas escapes some characters in a string like this:

    $str = str_replace( '*',  '\\2a', $str );
    $str = str_replace( '(',  '\\28', $str );
    $str = str_replace( ')',  '\\29', $str );
    $str = str_replace( '\\', '\\5c', $str );
    $str = str_replace( '\0', '\\00', $str );

AFAICT, this would mean that '*' is transformed to '\\5c2a' instead of the
intended '\\2a'.

----------
assignedto: steffen
messages: 874
nosy: bh, steffen
priority: bug
status: unread
title: Bug in escape function in ldap.class.php
topic: server
________________________________________________
Kolab issue tracker <kolab-issues at intevation.de>
<https://intevation.de/roundup/kolab/issue242>
________________________________________________




More information about the devel mailing list