From 17ec0273c2fd7c183782672e910f31d20b52abe7 Mon Sep 17 00:00:00 2001
From: Bogdano Arendartchuk <bogdano@mandriva.org>
Date: Fri, 4 May 2007 15:50:33 +0000
Subject: Escape values used in LDAP search filters using ldap.filter.

---
 RepSys/plugins/ldapusers.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/RepSys/plugins/ldapusers.py b/RepSys/plugins/ldapusers.py
index 6471f58..75d362c 100644
--- a/RepSys/plugins/ldapusers.py
+++ b/RepSys/plugins/ldapusers.py
@@ -118,6 +118,8 @@ def make_handler():
     except ImportError:
         raise Error, "LDAP support needs the python-ldap package "\
                 "to be installed"
+    else:
+        from ldap.filter import escape_filter_chars
 
     def users_wrapper(section, option=None, default=None, walk=False):
         global users_cache
@@ -137,7 +139,7 @@ def make_handler():
         except ldap.LDAPError, e:
             raise LDAPError(e)
         try:
-            data = {"username": option}
+            data = {"username": escape_filter_chars(option)}
             filter = interpolate("ldap-filterformat", filterformat, data)
             attrs = used_attributes(format)
             try:
-- 
cgit v1.2.1