Skip to content

Commit 9daa2c9

Browse files
committed
fix incorrect value escaping for heldpesk/peoplesearch form-based ldap searches
1 parent 4b10284 commit 9daa2c9

File tree

2 files changed

+2
-2
lines changed

2 files changed

+2
-2
lines changed

server/src/main/java/password/pwm/http/servlet/helpdesk/HelpdeskServlet.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -507,7 +507,7 @@ private static HelpdeskSearchResultsBean searchImpl(
507507
final SearchConfiguration.SearchConfigurationBuilder builder = SearchConfiguration.builder();
508508
builder.contexts( helpdeskProfile.readSettingAsStringArray( PwmSetting.HELPDESK_SEARCH_BASE ) );
509509
builder.enableContextValidation( false );
510-
builder.enableValueEscaping( false );
510+
builder.enableValueEscaping( true );
511511
builder.enableSplitWhitespace( true );
512512

513513
if ( !useProxy )

server/src/main/java/password/pwm/http/servlet/peoplesearch/PeopleSearchDataReader.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -762,7 +762,7 @@ private SearchResultBean makeSearchResultsImpl(
762762
final SearchConfiguration.SearchConfigurationBuilder builder = SearchConfiguration.builder();
763763
builder.contexts( this.peopleSearchConfiguration.getLdapBase() );
764764
builder.enableContextValidation( false );
765-
builder.enableValueEscaping( false );
765+
builder.enableValueEscaping( true );
766766
builder.enableSplitWhitespace( true );
767767

768768
if ( !useProxy() )

0 commit comments

Comments
 (0)