fix issue #690 - ldap escaping during ldap peoplesearch and helpdesk advanced searches

jrivard · jrivard · commit fc0722377cbe · 2023-02-10T07:34:40.000-05:00
diff --git a/server/src/main/java/password/pwm/http/servlet/helpdesk/HelpdeskServlet.java b/server/src/main/java/password/pwm/http/servlet/helpdesk/HelpdeskServlet.java
@@ -523,7 +523,7 @@ private static HelpdeskSearchResultsBean searchImpl(
             final SearchConfiguration.SearchConfigurationBuilder builder = SearchConfiguration.builder();
             builder.contexts( helpdeskProfile.readSettingAsStringArray( PwmSetting.HELPDESK_SEARCH_BASE ) );
             builder.enableContextValidation( false );
-            builder.enableValueEscaping( false );
+            builder.enableValueEscaping( true );
             builder.enableSplitWhitespace( true );
 
             if ( !useProxy )
diff --git a/server/src/main/java/password/pwm/http/servlet/peoplesearch/PeopleSearchDataReader.java b/server/src/main/java/password/pwm/http/servlet/peoplesearch/PeopleSearchDataReader.java
@@ -838,7 +838,7 @@ private Optional<SearchConfiguration> makeSearchConfiguration(
         final SearchConfiguration.SearchConfigurationBuilder builder = SearchConfiguration.builder();
         builder.contexts( this.peopleSearchConfiguration.getLdapBase() );
         builder.enableContextValidation( false );
-        builder.enableValueEscaping( false );
+        builder.enableValueEscaping( true );
         builder.enableSplitWhitespace( true );
 
         if ( !useProxy() )
