X-Git-Url: https://git.stderr.nl/gitweb?a=blobdiff_plain;f=ldapdb%2Fmodels%2Fquery.py;h=ae4b73c7b559a3eac87e4953935b271c4a46bba1;hb=8ba89c04b8902950edf7287bc83cb4dbfe039532;hp=f430286b65be5d14531e46a86b540eaa3a851ab6;hpb=aa99c514ad0457d05e95f48de4b0c855a75b363e;p=matthijs%2Fupstream%2Fdjango-ldapdb.git

diff --git a/ldapdb/models/query.py b/ldapdb/models/query.py
index f430286..ae4b73c 100644
--- a/ldapdb/models/query.py
+++ b/ldapdb/models/query.py
@@ -21,7 +21,6 @@
 from copy import deepcopy
 import ldap
 
-from django.db.models.fields import Field
 from django.db.models.query import QuerySet as BaseQuerySet
 from django.db.models.query_utils import Q
 from django.db.models.sql import Query as BaseQuery
@@ -29,6 +28,14 @@ from django.db.models.sql.where import WhereNode as BaseWhereNode, Constraint as
 
 import ldapdb
 
+def escape_ldap_filter(value):
+    value = str(value)
+    return value.replace('\\', '\\5c') \
+                .replace('*', '\\2a') \
+                .replace('(', '\\28') \
+                .replace(')', '\\29') \
+                .replace('\0', '\\00')
+
 class Constraint(BaseConstraint):
     """
     An object that can be passed to WhereNode.add() and knows how to
@@ -43,13 +50,15 @@ class Constraint(BaseConstraint):
         from django.db.models.base import ObjectDoesNotExist
 
         if lookup_type == 'endswith':
-            params = ["*%s" % value]
+            params = ["*%s" % escape_ldap_filter(value)]
         elif lookup_type == 'startswith':
-            params = ["%s*" % value]
+            params = ["%s*" % escape_ldap_filter(value)]
+        elif lookup_type == 'contains':
+            params = ["*%s*" % escape_ldap_filter(value)]
         elif lookup_type == 'exact':
-            params = [value]
+            params = [escape_ldap_filter(value)]
         elif lookup_type == 'in':
-            params = [v for v in value]
+            params = [escape_ldap_filter(v) for v in value]
         else:
             raise TypeError("Field has invalid lookup: %s" % lookup_type)
 
@@ -81,12 +90,7 @@ class WhereNode(BaseWhereNode):
             if isinstance(item, WhereNode):
                 bits.append(item.as_sql())
                 continue
-            if len(item) == 4:
-                # django 1.1
-                (table, column, type), x, y, values = item
-            else:
-                # django 1.0
-                table, column, type, x, y, values = item
+            (table, column, type), x, y, values = item
             equal_bits = [ "(%s=%s)" % (column, value) for value in values ]
             if len(equal_bits) == 1:
                 clause = equal_bits[0]