trait LdapTransformationTraits in Lightweight Directory Access Protocol (LDAP) 8.4
Helper functions to work around hard dependencies on the LDAP extension.
Hierarchy
- trait \Drupal\ldap_servers\LdapTransformationTraits
4 files declare their use of LdapTransformationTraits
- LDAPAuthorizationProvider.php in ldap_authorization/
src/ Plugin/ authorization/ Provider/ LDAPAuthorizationProvider.php - LdapEntryProvisionSubscriber.php in ldap_user/
src/ EventSubscriber/ LdapEntryProvisionSubscriber.php - Server.php in ldap_servers/
src/ Entity/ Server.php - TokenProcessor.php in ldap_servers/
src/ Processor/ TokenProcessor.php
File
- ldap_servers/
src/ LdapTransformationTraits.php, line 10
Namespace
Drupal\ldap_serversView source
trait LdapTransformationTraits {
/**
* Wrapper for ldap_escape().
*
* Helpful for unit testing without the PHP LDAP module.
*
* @param string $value
* String to escape.
*
* @return string
* Escaped string.
*/
protected function ldapEscapeDn($value) : string {
if (\function_exists('ldap_escape')) {
$value = ldap_escape($value, '', LDAP_ESCAPE_DN);
}
else {
$value = self::php56PolyfillLdapEscape($value, '', 2);
}
// Copied from Symfonfy's Adapter.php for ease of use.
// Per RFC 4514, leading/trailing spaces should be encoded in DNs,
// as well as carriage returns.
if (!empty($value) && strpos($value, ' ') === 0) {
$value = '\\20' . substr($value, 1);
}
if (!empty($value) && $value[\strlen($value) - 1] === ' ') {
$value = substr($value, 0, -1) . '\\20';
}
return str_replace("\r", '\\0d', $value);
}
/**
* Wrapper for ldap_escape().
*
* Helpful for unit testing without the PHP LDAP module.
*
* @param string $value
* String to escape.
*
* @return string
* Escaped string.
*/
protected function ldapEscapeFilter($value) : string {
if (\function_exists('ldap_escape')) {
$value = ldap_escape($value, '', LDAP_ESCAPE_FILTER);
}
else {
$value = self::php56PolyfillLdapEscape($value, '', 1);
}
return $value;
}
/**
* Stub implementation of the {@link ldap_escape()} function of ext-ldap.
*
* Escape strings for safe use in LDAP filters and DNs. Copied from polyfill
* due to issues from testing infrastructure.
*
* @param string $subject
* Subject.
* @param string $ignore
* Ignore.
* @param int $flags
* Flags.
*
* @return string
* Escaped string.
*
* @see http://stackoverflow.com/a/8561604
* @author Chris Wright <ldapi@daverandom.com>
*/
public static function php56PolyfillLdapEscape(string $subject, $ignore = '', $flags = 0) : string {
$ldap_escape_filter = 1;
$ldap_escape_dn = 2;
static $charMaps = NULL;
if (NULL === $charMaps) {
$charMaps = [
$ldap_escape_filter => [
'\\',
'*',
'(',
')',
"\0",
],
$ldap_escape_dn => [
'\\',
',',
'=',
'+',
'<',
'>',
';',
'"',
'#',
"\r",
],
];
$charMaps[0] = [];
for ($i = 0; $i < 256; ++$i) {
$charMaps[0][\chr($i)] = sprintf('\\%02x', $i);
}
for ($i = 0, $l = \count($charMaps[$ldap_escape_filter]); $i < $l; ++$i) {
$chr = $charMaps[$ldap_escape_filter][$i];
unset($charMaps[$ldap_escape_filter][$i]);
$charMaps[$ldap_escape_filter][$chr] = $charMaps[0][$chr];
}
for ($i = 0, $l = \count($charMaps[$ldap_escape_dn]); $i < $l; ++$i) {
$chr = $charMaps[$ldap_escape_dn][$i];
unset($charMaps[$ldap_escape_dn][$i]);
$charMaps[$ldap_escape_dn][$chr] = $charMaps[0][$chr];
}
}
// Create the base char map to escape.
$flags = (int) $flags;
$charMap = [];
if ($flags & $ldap_escape_filter) {
$charMap += $charMaps[$ldap_escape_filter];
}
if ($flags & $ldap_escape_dn) {
$charMap += $charMaps[$ldap_escape_dn];
}
if (!$charMap) {
$charMap = $charMaps[0];
}
// Remove any chars to ignore from the list.
$ignore = (string) $ignore;
for ($i = 0, $l = \strlen($ignore); $i < $l; ++$i) {
unset($charMap[$ignore[$i]]);
}
// Do the main replacement.
$result = strtr($subject, $charMap);
// Encode leading/trailing spaces if self::LDAP_ESCAPE_DN is passed.
if ($flags & $ldap_escape_dn) {
if ($result[0] === ' ') {
$result = '\\20' . substr($result, 1);
}
if ($result[\strlen($result) - 1] === ' ') {
$result = substr($result, 0, -1) . '\\20';
}
}
return $result;
}
/**
* Wrapper for ldap_explode_dn().
*
* Try to avoid working with DN directly and instead use Entry objects.
*
* @param string $dn
* DN to explode.
*
* @return array
* Exploded DN.
*/
public static function splitDnWithAttributes(string $dn) : array {
if (\function_exists('ldap_explode_dn')) {
return ldap_explode_dn($dn, 0);
}
$rdn = explode(',', $dn);
$rdn = array_map(static function ($attribute) {
$attribute = trim($attribute);
// This is a workaround for OpenLDAP escaping Unicode values.
[
$key,
$value,
] = explode('=', $attribute);
$value = str_replace('%', '\\', urlencode($value));
return implode('=', [
$key,
$value,
]);
}, $rdn);
return [
'count' => count($rdn),
] + $rdn;
}
/**
* Wrapper for ldap_explode_dn().
*
* Try to avoid working with DN directly and instead use Entry objects.
*
* @param string $dn
* DN to explode.
*
* @return array|false
* Exploded DN.
*/
public static function splitDnWithValues(string $dn) {
if (function_exists('ldap_explode_dn')) {
return ldap_explode_dn($dn, 1);
}
$rdn = explode(',', $dn);
$rdn = array_map(static function ($attribute) {
$attribute = trim($attribute);
// This is a workaround for OpenLDAP escaping Unicode values.
/** @var string[] $elements */
$elements = explode('=', $attribute);
return str_replace('%', '\\', urlencode($elements[1]));
}, $rdn);
return [
'count' => count($rdn),
] + $rdn;
}
}Members
Name |
Modifiers | Type | Description | Overrides |
|---|---|---|---|---|
|
LdapTransformationTraits:: |
protected | function | Wrapper for ldap_escape(). | |
|
LdapTransformationTraits:: |
protected | function | Wrapper for ldap_escape(). | |
|
LdapTransformationTraits:: |
public static | function | Stub implementation of the {@link ldap_escape()} function of ext-ldap. | |
|
LdapTransformationTraits:: |
public static | function | Wrapper for ldap_explode_dn(). | |
|
LdapTransformationTraits:: |
public static | function | Wrapper for ldap_explode_dn(). |