mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
parent: 28304990 | patch | commit | show whitespace
Mark Craig
21.31.2014 5a5720f8a31446ae7d0c7271f39be5e3ff6461c4 
Fix example that allows injection attacks

Thanks to Matt for onscreen review.
1 files modified
7 ■■■■ changed files
opendj-sdk/opendj-ldap-sdk-examples/src/main/java/org/forgerock/opendj/examples/SearchBind.java 7 ●●●● patch | view | raw | blame | history 
 opendj-sdk/opendj-ldap-sdk-examples/src/main/java/org/forgerock/opendj/examples/SearchBind.java


@@ -30,6 +30,7 @@




import org.forgerock.opendj.ldap.Connection;


import org.forgerock.opendj.ldap.DN;


import org.forgerock.opendj.ldap.Filter;


import org.forgerock.opendj.ldap.LdapException;


import org.forgerock.opendj.ldap.LDAPConnectionFactory;


import org.forgerock.opendj.ldap.SearchScope;


@@ -82,8 +83,10 @@


        try {


            connection = factory.getConnection();


            SearchResultEntry entry =


                    connection.searchSingleEntry(baseDN, SearchScope.WHOLE_SUBTREE, "(mail=" + mail


                            + ")", "cn");


                    connection.searchSingleEntry(baseDN,


                            SearchScope.WHOLE_SUBTREE,


                            Filter.equality("mail", mail).toString(),


                            "cn");


            DN bindDN = entry.getName();


            connection.bind(bindDN.toString(), password);