From c30c2b332cf498efef9a01609ff4aa5bd7f8cc14 Mon Sep 17 00:00:00 2001
From: Jani Averbach <jaa@jaa.iki.fi>
Date: Sun, 30 Mar 2014 17:55:43 -0400
Subject: [PATCH] LDAP: Escape username in case we are using userbased bind.

---
 src/main/java/com/gitblit/auth/LdapAuthProvider.java |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/src/main/java/com/gitblit/auth/LdapAuthProvider.java b/src/main/java/com/gitblit/auth/LdapAuthProvider.java
index 892f30b..83f2466 100644
--- a/src/main/java/com/gitblit/auth/LdapAuthProvider.java
+++ b/src/main/java/com/gitblit/auth/LdapAuthProvider.java
@@ -299,7 +299,7 @@
 				String bindPattern = settings.getString(Keys.realm.ldap.bindpattern, "");
 				if (!StringUtils.isEmpty(bindPattern)) {
 					try {
-						String bindUser = StringUtils.replace(bindPattern, "${username}", simpleUsername);
+						String bindUser = StringUtils.replace(bindPattern, "${username}", escapeLDAPSearchFilter(simpleUsername));
 						ldapConnection.bind(bindUser, new String(password));
 						
 						alreadyAuthenticated = true;

--
Gitblit v1.9.1