However, the regex is fairly forgiving for each.
public static isValidAttributeFormat ( string $value ) : boolean | ||
$value | string | |
return | boolean |
/** * {@inheritdoc} */ public function toLdapFilter($alias = null) { if ($this->skipFilterForAlias($alias)) { return ''; } if (!LdapUtilities::isValidAttributeFormat($this->oid)) { throw new LdapQueryException(sprintf('Matching rule "%s" is not a valid format.', $this->oid)); } if ($this->getValueForQuery($alias) instanceof BaseOperator) { return $this->getValueForQuery($alias)->toLdapFilter($alias); } return self::SEPARATOR_START . $this->getAttributeToQuery($alias) . ':' . $this->oid . ':' . $this->operatorSymbol . LdapUtilities::escapeValue($this->getValueForQuery($alias), null, LDAP_ESCAPE_FILTER) . self::SEPARATOR_END; }
/** * This will get the translated attribute or just the attribute if no schema translation was done. * * @param null|string $alias * @return string * @throws LdapQueryException */ protected function getAttributeToQuery($alias) { $attribute = $this->getTranslatedAttribute($alias) ?: $this->getAttribute(); // This avoids possible LDAP injection from unverified input for an attribute name. if (!LdapUtilities::isValidAttributeFormat($attribute)) { throw new LdapQueryException(sprintf('Attribute "%s" is not a valid name or OID.', $attribute)); } return $attribute; }