From: gdr at go2 dot pl Operating system: Linux PHP version: 5.2.9 PHP Bug Type: Feature/Change Request Bug description: Add LDAP escaping
Description: ------------ The LDAP module needs a function to escape strings to prevent LDAP injections, like MySQL module has mysql_escape_string() Reproduce code: --------------- $sr=ldap_search($ds, "", "(sn=$_GET[lastname])"); Expected result: ---------------- $sr=ldap_search($ds, "", "(sn=".ldap_escape_string($_GET[lastname]).")"); -- Edit bug report at http://bugs.php.net/?id=47607&edit=1 -- Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=47607&r=trysnapshot52 Try a CVS snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=47607&r=trysnapshot53 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=47607&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=47607&r=fixedcvs Fixed in CVS and need be documented: http://bugs.php.net/fix.php?id=47607&r=needdocs Fixed in release: http://bugs.php.net/fix.php?id=47607&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=47607&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=47607&r=needscript Try newer version: http://bugs.php.net/fix.php?id=47607&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=47607&r=support Expected behavior: http://bugs.php.net/fix.php?id=47607&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=47607&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=47607&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=47607&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=47607&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=47607&r=dst IIS Stability: http://bugs.php.net/fix.php?id=47607&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=47607&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=47607&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=47607&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=47607&r=mysqlcfg
