From fc0722377cbeac0629319a2d08df859848fc6231 Mon Sep 17 00:00:00 2001 From: Jason Rivard Date: Fri, 10 Feb 2023 07:34:40 -0500 Subject: [PATCH] fix issue #690 - ldap escaping during ldap peoplesearch and helpdesk advanced searches --- .../password/pwm/http/servlet/helpdesk/HelpdeskServlet.java | 2 +- .../pwm/http/servlet/peoplesearch/PeopleSearchDataReader.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/server/src/main/java/password/pwm/http/servlet/helpdesk/HelpdeskServlet.java b/server/src/main/java/password/pwm/http/servlet/helpdesk/HelpdeskServlet.java index b2056a55c..3d191f009 100644 --- a/server/src/main/java/password/pwm/http/servlet/helpdesk/HelpdeskServlet.java +++ b/server/src/main/java/password/pwm/http/servlet/helpdesk/HelpdeskServlet.java @@ -523,7 +523,7 @@ private static HelpdeskSearchResultsBean searchImpl( final SearchConfiguration.SearchConfigurationBuilder builder = SearchConfiguration.builder(); builder.contexts( helpdeskProfile.readSettingAsStringArray( PwmSetting.HELPDESK_SEARCH_BASE ) ); builder.enableContextValidation( false ); - builder.enableValueEscaping( false ); + builder.enableValueEscaping( true ); builder.enableSplitWhitespace( true ); if ( !useProxy ) diff --git a/server/src/main/java/password/pwm/http/servlet/peoplesearch/PeopleSearchDataReader.java b/server/src/main/java/password/pwm/http/servlet/peoplesearch/PeopleSearchDataReader.java index 537bfdfb0..d78117ef0 100644 --- a/server/src/main/java/password/pwm/http/servlet/peoplesearch/PeopleSearchDataReader.java +++ b/server/src/main/java/password/pwm/http/servlet/peoplesearch/PeopleSearchDataReader.java @@ -838,7 +838,7 @@ private Optional makeSearchConfiguration( final SearchConfiguration.SearchConfigurationBuilder builder = SearchConfiguration.builder(); builder.contexts( this.peopleSearchConfiguration.getLdapBase() ); builder.enableContextValidation( false ); - builder.enableValueEscaping( false ); + builder.enableValueEscaping( true ); builder.enableSplitWhitespace( true ); if ( !useProxy() )