我们如何处理LDAP过滤器中的换行符?
[英]How can we handle line feed in LDAP filters?
问题描述
Whenever I use a filter as 
每当我使用过滤器作为
(&(initials=abc)(title=manager)
)
this filter includes a line feed. 此过滤器包含换行符。
Executing this filter string reports an unbalanced parenthesis LDAP error. 执行此过滤器字符串报告不平衡括号LDAP错误。
Can any one please help out with this, how to handle line feeds? 谁能帮忙解决此问题,如何处理换行符? Are filters with line feeds supported in LDAP? LDAP是否支持带有换行符的过滤器? Is this an invalid filter or can it be handled, maybe using some escaping techinique? 这是无效的过滤器还是可以使用某些转义技术来处理?
1 个解决方案
解决方案1
1 2016-09-02 06:51:22
Are you accepting filters from user input and using that directly as input to LDAP queries? 您是否接受来自用户输入的过滤器并将其直接用作LDAP查询的输入? For security reasons, I would strongly advise against ever using unsanitized user input in this way, regardless of the target database. 为了安全起见,我会强烈建议不要使用过这种方式unsanitized用户输入,无论目标数据库中。 The correct approach would be to accept parameters from the user and then dynamically build filters using those parameters (note that you still need to take escaping rules into account to prevent possible injection attacks. This is why you should use a tool to build dynamnic filters, eg the filter support included in Spring LDAP). 正确的方法是接受用户的参数,然后使用这些参数动态构建过滤器(请注意,您仍然需要考虑转义规则,以防止可能的注入攻击。这就是为什么您应该使用工具来构建动态过滤器,例如Spring LDAP中包含的过滤器支持)。
That said, this particular problem should be pretty easy to solve: just do a String.replace for the characters you want to remove from the filter before using it. 就是说,这个特殊问题应该很容易解决:在使用之前,只需对要从过滤器中删除的字符做一个String.replace即可。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.