These are the characters that I am quite convinced that need to escape by now: -
- \ n
-
- ,
- ;
-
-
-
-
- & gt;
- & lt;
- +
I have worked through the Internet, and I have not received a comprehensive list.
However, I know that through all the relevant RFCs I I can comb it carefully, I:
- Do not trust yourself to find everything,
- Do not have time, and
- I'm pretty sure that they are already remembered.
Edit:
Oh, and here's that list .
'linked list') This assumption is that you are limited to a certain character set, so It misses some things, that is, it is not a single state to avoid dangerous characters - linefeed though it is possible to store the lollipeds, if the user is left, then the user can arbitrate the LDIF. The more understandable solution is:
- ASCIA Encrypt base 64 with all values outside the e character set and the control letter (Reggae is very easy to use; Regex methods of expressing short stories, and since, since non-control ASCII characters are in all adjacent blocks, you can instead use a regex for that category; Although literate programming says that you should not do it, it also increases the difference in error), and to use it: Use syntax,
- if the base 64 is not encoded Use the escape sequences below (although you do not have to avoid {\ 0} clear reason), and finally ...
- Test it on your system Base 64 escaping thing is very windproof , But w Creating users with each non-control ASCII character set will be a good idea, then load those users and check that everything is okay. I have not taken this step yet, so assume that this is not the right solution. In addition, the software that you use to parse LDIF can not be completely compatible, or there may be additional problems with it that make it problematic, so even if it is correct, YMMV.
(The link below is an important part of the pasted link, if the link goes to AWOL.)
Mitigation In order to properly use with the help of the user, the input sequence LDAP has different input if the user input is used as a DN (Distinguished Name) or as part of the search filter. The entries below show the character that needs to be avoided and there is a suitable escape method for each case.
Used in DN - To Avoid & amp; ! | = & Lt; & Gt; Used in the filter - {\ ASCII} is required to escape ({\ 28}) {\ 29} \ {\ 5c} * {\ 2a} / {\ 2f} NUL { \ 0}
I have worked through the Internet, and I have not received a comprehensive list.
However, I know that through all the relevant RFCs I I can comb it carefully, I:
- Do not trust yourself to find everything,
- Do not have time, and
- I'm pretty sure that they are already remembered.
Edit:
Oh, and here's that list .
'linked list') This assumption is that you are limited to a certain character set, so It misses some things, that is, it is not a single state to avoid dangerous characters - linefeed though it is possible to store the lollipeds, if the user is left, then the user can arbitrate the LDIF. The more understandable solution is:
- ASCIA Encrypt base 64 with all values outside the e character set and the control letter (Reggae is very easy to use; Regex methods of expressing short stories, and since, since non-control ASCII characters are in all adjacent blocks, you can instead use a regex for that category; Although literate programming says that you should not do it, it also increases the difference in error), and to use it: Use syntax,
- if the base 64 is not encoded Use the escape sequences below (although you do not have to avoid {\ 0} clear reason), and finally ...
- Test it on your system Base 64 escaping thing is very windproof , But w Creating users with each non-control ASCII character set will be a good idea, then load those users and check that everything is okay. I have not taken this step yet, so assume that this is not the right solution. In addition, the software that you use to parse LDIF can not be completely compatible, or there may be additional problems with it that make it problematic, so even if it is correct, YMMV.
(The link below is an important part of the pasted link, if the link goes to AWOL.)
Mitigation
In order to properly use with the help of the user, the input sequence LDAP has different input if the user input is used as a DN (Distinguished Name) or as part of the search filter. The entries below show the character that needs to be avoided and there is a suitable escape method for each case.
Used in DN - To Avoid
& amp; ! | = & Lt; & Gt; Used in the filter - {\ ASCII} is required to escape({\ 28}) {\ 29} \ {\ 5c} * {\ 2a} / {\ 2f} NUL { \ 0}
No comments:
Post a Comment