From 21f3bd9502be8b9985407de8070f3fe5e85acc73 Mon Sep 17 00:00:00 2001
From: Grahame Bowland <grahame@oreamnos.com.au>
Date: Fri, 1 May 2020 15:49:34 +0800
Subject: [PATCH] escape username when building LDAP query

---
 src/ldap.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ldap.rs b/src/ldap.rs
index ee0deee..ec7d67d 100644
--- a/src/ldap.rs
+++ b/src/ldap.rs
@@ -23,7 +23,7 @@ pub fn ldap_search(username: &str) -> Option<LDAPUser> {
         .search(
             "cn=Users,dc=ad,dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au",
             Scope::Subtree,
-            &format!("(cn={})", username),
+            &format!("(cn={})", ldap3::ldap_escape(username)),
             vec!["when_created", "displayName", "name"],
         )
         .expect("LDAP error")
-- 
GitLab