php – 如何防止LDAP注入

前端之家收集整理的这篇文章主要介绍了php – 如何防止LDAP注入前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我们正在构建一个通过PHP使用LDAP的应用程序,我想到有什么可以做到注入LDAP更好,但更好的是如何防止LDAP注入?
构建LDAP过滤器时,必须确保根据 RFC2254处理过滤器值:

Any control characters with an ACII
code < 32 as well as the characters
with special meaning in LDAP filters
“*”,“(“,“)”,and “\” (the backslash)
are converted into the representation
of a backslash followed by two hex
digits representing the hexadecimal
value of the character.

Zend_Ldap例如使用以下例程

//[...]
$val = str_replace(array('\\','*','(',')'),array('\5c','\2a','\28','\29'),$val);
for ($i = 0; $i<strlen($val); $i++) {
    $char = substr($val,$i,1);
    if (ord($char)<32) {
        $hex = dechex(ord($char));
        if (strlen($hex) == 1) $hex = '0' . $hex;
        $val = str_replace($char,'\\' . $hex,$val);
    }
}
//[...]

猜你在找的PHP相关文章