Project

General

Profile

Actions

Bug #10765

open

Ampersands in ldap_extended_query are escaped twice

Added by Louis Sautier over 4 years ago. Updated about 4 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Authentication
Target version:
-
Start date:
07/15/2020
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4.4
Affected Architecture:
All

Description

Hello,
I recently ran into an issue with an LDAP server whose Query field contained an ampersand.

The field is set to

memberOf=CN=Some Group,OU=One & Two,DC=blah,DC=local

That results in
<ldap_extended_query><![CDATA[memberOf=CN=Some Group,OU=One &amp; Two,DC=blah,DC=local]]></ldap_extended_query>

in config.xml.

Re-writing the XML config with Python shows that & is escaped twice (once because of CDATA, once because of the HTML entities):

#!/usr/bin/env python3
import xml.etree.ElementTree as ET

xml = "<ldap_extended_query><![CDATA[memberOf=CN=Some Group,OU=One &amp; Two,DC=blah,DC=local]]></ldap_extended_query>" 
tree = ET.fromstring(xml)
print(ET.tostring(tree, encoding="unicode"))

Running the script results in

<ldap_extended_query>memberOf=CN=Some Group,OU=One &amp;amp; Two,DC=blah,DC=local</ldap_extended_query>

Both syntaxes should be equivalent. However, when the configuration is reloaded, the query (as shown in the WEB UI) becomes

memberOf=CN=Some Group,OU=One &amp; Two,DC=blah,DC=local

and is now invalid.

Actions

Also available in: Atom PDF