AD登录过滤特殊字符,防止LDAP注入(代码库)
private static final char[] LDAP_FILTER_ESCAPE_SEQUENCE = new char[]{'\\', '*', '(', ')', '\0', '/'}; private static final String[] LDAP_FILTER_ESCAPE_SEQUENCE_CHARACTER = new String[]{"\\5c", "\\2a", "\\28", "\\29", "\\00", "\\2f"}; public static String replaceFilter(String userInput) { if (com.yonyou.yht.sdkutils.StringUtils.isBlank(userInput)) { return userInput; } String tmp = userInput; for (int charIndex = 0; charIndex < LDAP_FILTER_ESCAPE_SEQUENCE.length; ++charIndex) { int index = tmp.indexOf(LDAP_FILTER_ESCAPE_SEQUENCE[charIndex]); if (index != -1) { tmp = tmp.replace(String.valueOf(LDAP_FILTER_ESCAPE_SEQUENCE[charIndex]), LDAP_FILTER_ESCAPE_SEQUENCE_CHARACTER[charIndex]); } } return tmp; }
原创文章,欢迎转载,转载请注明出处!
把每一件简单的事情做好,就是不简单;把每一件平凡的事情做好,就是不平凡!相信自己,创造奇迹~~
