Ldap.php: Added checks for missing LDAP..._SEARCH. Do not throw an error if...

Ldap.php: Added checks for missing LDAP..._SEARCH. Do not throw an error if there is an empty result. HTML Entitites for typeahead will be escaped on client side.

Ldap.php: Added checks for missing LDAP..._SEARCH. Do not throw an error if...
3cca88c7 · Carsten Rose · 1d943848 · 3cca88c7 · 3cca88c7
Commit 3cca88c7 authored 8 years ago by Carsten Rose
--- a/extension/qfq/qfq/Constants.php
+++ b/extension/qfq/qfq/Constants.php
@@ -201,6 +201,7 @@ const ERROR_UNKNOWN_ACTION = 1502;
 const ERROR_NO_TARGET_PATH_FILE_NAME = 1503;

 const ERROR_LDAP_CONNECT = 1600;
+const ERROR_MISSING_TYPE_AHEAD_LDAP_SEARCH = 1601;

 // KeyValueParser
 const ERROR_KVP_VALUE_HAS_NO_KEY = 1900;

--- a/extension/qfq/qfq/helper/Ldap.php
+++ b/extension/qfq/qfq/helper/Ldap.php
@@ -21,6 +21,7 @@ class Ldap {
     * @throws UserFormException
     */
    private function ldapConnect($ldapServer) {
+
        $ds = ldap_connect($ldapServer);  // must be a valid LDAP server!
        if (!$ds) {
            throw new UserFormException("Unable to connect to LDAP server: $ldapServer", ERROR_LDAP_CONNECT);
@@ -85,6 +86,7 @@ class Ldap {
    }

    /**
+     *
     * @param array $config [FE_LDAP_SERVER , FE_LDAP_BASE_DN, FE_LDAP_SEARCH, FE_TYPEAHEAD_LIMIT, FE_TYPEAHEAD_LDAP_KEY_PRINTF, FE_TYPEAHEAD_LDAP_VALUE_PRINTF]
     * @param string $searchValue value to search via $config[FE_LDAP_SEARCH]
     * @param string $mode MODE_LDAP_SINGLE | MODE_LDAP_MULTI
@@ -95,8 +97,15 @@ class Ldap {
        $arr = array();

        // For TypeAhead, use an optional given F_TYPEAHEAD_LDAP_SEARCH
-        if ($mode == MODE_LDAP_MULTI && $config[F_TYPEAHEAD_LDAP_SEARCH] != '') {
+        if ($mode == MODE_LDAP_MULTI) {
+            if (!isset($config[F_TYPEAHEAD_LDAP_SEARCH]) || $config[F_TYPEAHEAD_LDAP_SEARCH] == '') {
+                throw new UserFormException("Missing definition for `" . F_TYPEAHEAD_LDAP_SEARCH . "`", ERROR_MISSING_TYPE_AHEAD_LDAP_SEARCH);
+            }
            $config[F_LDAP_SEARCH] = $config[F_TYPEAHEAD_LDAP_SEARCH];
+        } else {
+            if (!isset($config[F_LDAP_SEARCH]) || $config[F_LDAP_SEARCH] == '') {
+                throw new UserFormException("Missing definition for `" . F_LDAP_SEARCH . "`", ERROR_MISSING_TYPE_AHEAD_LDAP_SEARCH);
+            }
        }

        $searchValue = Support::ldap_escape($searchValue, null, LDAP_ESCAPE_FILTER);
@@ -115,30 +124,33 @@ class Ldap {
                    array_merge($keyArr, $valueArr, $specificArr))));

        $sr = $this->ldapSearch($ds, $config, $attr);
-        $info = ldap_get_entries($ds, $sr);
+        if ($sr !== false) {
+            $info = ldap_get_entries($ds, $sr);

-        if ($mode == MODE_LDAP_MULTI) {
+            if ($mode == MODE_LDAP_MULTI) {

-            // Iterate over all Elements, per element collect all needed attributes
-            for ($i = 0; $i < $info["count"]; $i++) {
+                // Iterate over all Elements, per element collect all needed attributes
+                for ($i = 0; $i < $info["count"]; $i++) {

-                $key = $this->printfResult($keyFormat, $keyArr, $info[$i]);
-                $value = $this->printfResult($valueFormat, $valueArr, $info[$i]);
+                    // HTML Entities will be escaped on Client side.
+                    $key = $this->printfResult($keyFormat, $keyArr, $info[$i], false);
+                    $value = $this->printfResult($valueFormat, $valueArr, $info[$i], false);

-                if ($key == '' || $value == '') {
-                    continue; // if $key or $value is empty: skip
-                }
+                    if ($key == '' || $value == '') {
+                        continue; // if $key or $value is empty: skip
+                    }

-                $arr[] = [API_TYPEAHEAD_KEY => $key, API_TYPEAHEAD_VALUE => $value];
-            }
-        } else {
-            // Collect all attributes
-            foreach ($attr as $key) {
-                $value = isset($info[0][$key][0]) ? $info[0][$key][0] : '';
-                $arr[$key] = htmlentities($value);
+                    $arr[] = [API_TYPEAHEAD_KEY => $key, API_TYPEAHEAD_VALUE => $value];
+                }
+            } else {
+                // Collect all attributes
+                foreach ($attr as $key) {
+                    $value = isset($info[0][$key][0]) ? $info[0][$key][0] : '';
+                    $arr[$key] = $value;
+                }
            }
+            ldap_close($ds);
        }
-        ldap_close($ds);

        return $arr;
    }
@@ -188,12 +200,20 @@ class Ldap {
     * @throws CodeException
     * @throws UserFormException
     */
-    private function printfResult($format, array $keyArr, $infoElement) {
+    private function printfResult($format, array $keyArr, $infoElement, $doHtmlEntity = true) {

        $args = array($format);

        foreach ($keyArr as $key) {
-            $args[] = (isset($infoElement[$key][0])) ? htmlentities($infoElement[$key][0]) : '';
+            $val = '';
+
+            if (isset($infoElement[$key][0])) {
+                $val = $infoElement[$key][0];
+                if ($doHtmlEntity === true) {
+                    $val = htmlentities($val);
+                }
+            }
+            $args[] = $val;
        }

        return call_user_func_array('sprintf', $args);