From 5a5720f8a31446ae7d0c7271f39be5e3ff6461c4 Mon Sep 17 00:00:00 2001
From: Mark Craig <mark.craig@forgerock.com>
Date: Tue, 21 Oct 2014 10:31:17 +0000
Subject: [PATCH] Fix example that allows injection attacks

---
 opendj-sdk/opendj-ldap-sdk-examples/src/main/java/org/forgerock/opendj/examples/SearchBind.java |    7 +++++--
 1 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/opendj-sdk/opendj-ldap-sdk-examples/src/main/java/org/forgerock/opendj/examples/SearchBind.java b/opendj-sdk/opendj-ldap-sdk-examples/src/main/java/org/forgerock/opendj/examples/SearchBind.java
index 4d85260..67db44b 100644
--- a/opendj-sdk/opendj-ldap-sdk-examples/src/main/java/org/forgerock/opendj/examples/SearchBind.java
+++ b/opendj-sdk/opendj-ldap-sdk-examples/src/main/java/org/forgerock/opendj/examples/SearchBind.java
@@ -30,6 +30,7 @@
 
 import org.forgerock.opendj.ldap.Connection;
 import org.forgerock.opendj.ldap.DN;
+import org.forgerock.opendj.ldap.Filter;
 import org.forgerock.opendj.ldap.LdapException;
 import org.forgerock.opendj.ldap.LDAPConnectionFactory;
 import org.forgerock.opendj.ldap.SearchScope;
@@ -82,8 +83,10 @@
         try {
             connection = factory.getConnection();
             SearchResultEntry entry =
-                    connection.searchSingleEntry(baseDN, SearchScope.WHOLE_SUBTREE, "(mail=" + mail
-                            + ")", "cn");
+                    connection.searchSingleEntry(baseDN,
+                            SearchScope.WHOLE_SUBTREE,
+                            Filter.equality("mail", mail).toString(),
+                            "cn");
             DN bindDN = entry.getName();
             connection.bind(bindDN.toString(), password);
 

--
Gitblit v1.10.0