From 7b6aafbb2c8b3b4c7608dd048e1c9a7ffe59bce1 Mon Sep 17 00:00:00 2001
From: Matt Scott <matt@azorian.solutions>
Date: Fri, 8 Dec 2023 04:53:52 -0500
Subject: [PATCH] Adding LDAP search filter cleansing mechanism to account for
 special characters that need replaced in LDAP search queries.

---
 powerdnsadmin/models/user.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/powerdnsadmin/models/user.py b/powerdnsadmin/models/user.py
index 0596e3d..02e4af0 100644
--- a/powerdnsadmin/models/user.py
+++ b/powerdnsadmin/models/user.py
@@ -133,9 +133,21 @@ class User(db.Model):
         conn.protocol_version = ldap.VERSION3
         return conn
 
+    def escape_filter_chars(self, filter_str):
+        """
+        Escape chars for ldap search
+        """
+        escape_chars = ['\\', '*', '(', ')', '\x00']
+        replace_chars = ['\\5c', '\\2a', '\\28', '\\29', '\\00']
+        for escape_char in escape_chars:
+            filter_str = filter_str.replace(escape_char, replace_chars[escape_chars.index(escape_char)])
+        return filter_str
+
     def ldap_search(self, searchFilter, baseDN, retrieveAttributes=None):
         searchScope = ldap.SCOPE_SUBTREE
 
+        searchFilter = self.escape_filter_chars(searchFilter)
+
         try:
             conn = self.ldap_init_conn()
             if Setting().get('ldap_type') == 'ad':