Any control characters with an ACII code < 32 as well as the characters
with special meaning in LDAP filters "*", "(", ")", and "\" (the
backslash) are converted into the representation of a backslash followed
by two hex digits representing the hexadecimal value of the character.
| public static escapeFilterValue ( array $values ) : array | ||
| $values | array | Values to escape. |
| return | array | Escaped values. |
/**
* Test escaping of filter values.
*/
public function testEscapeFilterValue()
{
$expected = 't\\28e,s\\29t\\2av\\5cal\\1eue';
$filterval = 't(e,s)t*v\\al' . chr(30) . 'ue';
// String call
$this->assertEquals(array($expected), Horde_Ldap_Util::escapeFilterValue($filterval));
// Array call.
$this->assertEquals(array($expected), Horde_Ldap_Util::escapeFilterValue(array($filterval)));
// Multiple arrays.
$this->assertEquals(array($expected, $expected, $expected), Horde_Ldap_Util::escapeFilterValue(array($filterval, $filterval, $filterval)));
}
/**
* Test group fetching.
*
* @return NULL
*/
public function testGetGroups()
{
foreach ($this->servers as $server) {
$filter = '(&(objectClass=kolabGroupOfNames)(member=' . Horde_Ldap_Util::escapeFilterValue('cn=The Administrator,dc=example,dc=org') . '))';
$result = $server->search($filter, array());
$this->assertTrue(!empty($result));
/* $entry = $server->_firstEntry($result); */
/* $this->assertTrue(!empty($entry)); */
/* $uid = $server->_getDn($entry); */
/* $this->assertTrue(!empty($uid)); */
/* $entry = $server->_nextEntry($entry); */
/* $this->assertTrue(empty($entry)); */
/* $entries = $server->_getDns($result); */
/* $this->assertTrue(!empty($entries)); */
$groups = $server->getGroups('cn=The Administrator,dc=example,dc=org');
$this->assertTrue(!empty($groups));
$groups = $server->getGroups($server->uidForIdOrMailOrAlias('*****@*****.**'));
$this->assertContains('cn=group@example.org,dc=example,dc=org', $groups);
$groups = $server->getGroupAddresses($server->uidForIdOrMailOrAlias('*****@*****.**'));
$this->assertContains('*****@*****.**', $groups);
$groups = $server->getGroups($server->uidForIdOrMailOrAlias('*****@*****.**'));
$this->assertContains('cn=group@example.org,dc=example,dc=org', $groups);
$groups = $server->getGroupAddresses($server->uidForIdOrMailOrAlias('*****@*****.**'));
$this->assertContains('*****@*****.**', $groups);
$groups = $server->getGroups('nobody');
$this->assertTrue(empty($groups));
}
}
/**
* Creates a new part of an LDAP filter.
*
* The following matching rules exists:
* - equals: One of the attributes values is exactly $value.
* Please note that case sensitiviness depends on the
* attributes syntax configured in the server.
* - begins: One of the attributes values must begin with $value.
* - ends: One of the attributes values must end with $value.
* - contains: One of the attributes values must contain $value.
* - present | any: The attribute can contain any value but must exist.
* - greater: The attributes value is greater than $value.
* - less: The attributes value is less than $value.
* - greaterOrEqual: The attributes value is greater or equal than $value.
* - lessOrEqual: The attributes value is less or equal than $value.
* - approx: One of the attributes values is similar to $value.
*
* If $escape is set to true then $value will be escaped. If set to false
* then $value will be treaten as a raw filter value string. You should
* then escape it yourself using {@link
* Horde_Ldap_Util::escapeFilterValue()}.
*
* Examples:
* <code>
* // This will find entries that contain an attribute "sn" that ends with
* // "foobar":
* $filter = Horde_Ldap_Filter::create('sn', 'ends', 'foobar');
*
* // This will find entries that contain an attribute "sn" that has any
* // value set:
* $filter = Horde_Ldap_Filter::create('sn', 'any');
* </code>
*
* @param string $attribute Name of the attribute the filter should apply
* to.
* @param string $match Matching rule (equals, begins, ends, contains,
* greater, less, greaterOrEqual, lessOrEqual,
* approx, any).
* @param string $value If given, then this is used as a filter value.
* @param boolean $escape Should $value be escaped?
*
* @return Horde_Ldap_Filter
* @throws Horde_Ldap_Exception
*/
public static function create($attribute, $match, $value = '', $escape = true)
{
if ($escape) {
$array = Horde_Ldap_Util::escapeFilterValue(array($value));
$value = $array[0];
}
switch (Horde_String::lower($match)) {
case 'equals':
case '=':
$filter = '(' . $attribute . '=' . $value . ')';
break;
case 'begins':
$filter = '(' . $attribute . '=' . $value . '*)';
break;
case 'ends':
$filter = '(' . $attribute . '=*' . $value . ')';
break;
case 'contains':
$filter = '(' . $attribute . '=*' . $value . '*)';
break;
case 'greater':
case '>':
$filter = '(' . $attribute . '>' . $value . ')';
break;
case 'less':
case '<':
$filter = '(' . $attribute . '<' . $value . ')';
break;
case 'greaterorequal':
case '>=':
$filter = '(' . $attribute . '>=' . $value . ')';
break;
case 'lessorequal':
case '<=':
$filter = '(' . $attribute . '<=' . $value . ')';
break;
case 'approx':
case '~=':
$filter = '(' . $attribute . '~=' . $value . ')';
break;
case 'any':
case 'present':
$filter = '(' . $attribute . '=*)';
break;
default:
throw new Horde_Ldap_Exception('Matching rule "' . $match . '" unknown');
}
return new Horde_Ldap_Filter(array('filter' => $filter));
}
