Bug #10765: Ampersands in ldap_extended_query are escaped twice - pfSense - pfSense bugtracker

Actions

Copy link

Bug #10765

open

Ampersands in ldap_extended_query are escaped twice

Added by Louis Sautier almost 4 years ago. Updated over 3 years ago.

Status:

New

Priority:

Normal

Assignee:

Category:

Authentication

Target version:

Start date:

07/15/2020

Due date:

% Done:

Estimated time:

Plus Target Version:

Release Notes:

Affected Version:

2.4.4

Affected Architecture:

All

Description

Hello,
I recently ran into an issue with an LDAP server whose Query field contained an ampersand.

The field is set to

memberOf=CN=Some Group,OU=One & Two,DC=blah,DC=local

That results in

<ldap_extended_query><![CDATA[memberOf=CN=Some Group,OU=One &amp; Two,DC=blah,DC=local]]></ldap_extended_query>

in config.xml.

Re-writing the XML config with Python shows that & is escaped twice (once because of CDATA, once because of the HTML entities):

#!/usr/bin/env python3
import xml.etree.ElementTree as ET

xml = "<ldap_extended_query><![CDATA[memberOf=CN=Some Group,OU=One &amp; Two,DC=blah,DC=local]]></ldap_extended_query>" 
tree = ET.fromstring(xml)
print(ET.tostring(tree, encoding="unicode"))

Running the script results in

<ldap_extended_query>memberOf=CN=Some Group,OU=One &amp;amp; Two,DC=blah,DC=local</ldap_extended_query>

Both syntaxes should be equivalent. However, when the configuration is reloaded, the query (as shown in the WEB UI) becomes

memberOf=CN=Some Group,OU=One &amp; Two,DC=blah,DC=local

and is now invalid.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense

Custom queries

Bug #10765

Ampersands in ldap_extended_query are escaped twice

Updated by Louis Sautier over 3 years ago

Updated by Jim Pingle over 3 years ago