-
Notifications
You must be signed in to change notification settings - Fork 358
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
added filter parsing that will convert to proper hex values #338
base: master
Are you sure you want to change the base?
Conversation
I suggest instead to use something like filter := fmt.Sprintf("(foo=%s)", ldap.EscapeFilter("my(value)+with Special(c\\hars)") in your code. |
I just tested out your suggestion, and it doesn't handle strings values that already have \xx hex values (example, |
Also, it looks like the checks for go 1.7 - 1.10 is failing due to |
If it's already escaped, why would you run |
I am accounting for it due to the fact that testing on the |
I am also accounting for it so as to not break compatibility for anyone that already went through the trouble of escaping their filter queries already. |
how do you distinguish between an already escaped string and something like |
Good question. As of right now, my patch does not account for this. It only searches for \xx That being said, I noticed that there are no test cases to account for this. I just tested this without the patch, and it looks like that go-ldap as an app in it's existing state does not account for this:
I also checked the existing state of Do you have any ideas on how to address this? I could possibly search the string for Another possibility would be to break compatibility, and not allow \xx hex characters into CompileFilter, and allow it to freely use EscapeFilter without worry, or some variation of it (maybe add a new |
Right, the only way to solve this unambiguously is to know your data, i.e. if it's already escaped or not. If not, always use What you could do is to add a different
I would't break it, adding a function which gives some more convenience which returns a string that the current |
I've now pushed up an updated that adds a If you want to use a wildcard search, you'll have to use |
If you really want a special |
- Prevents break search filter strings with special characters - go-ldap/ldap#338 (comment)
This PR addresses the issues provided in #337
This will take an input filter string, and parse it for values, and convert non-alphanumeric values to hex values before passing it to the
compileFilter
method. This also adds a public helper function ofParseFilter
to help users of this library in the future.