Title: Sanitize input problem
Last modified: January 4, 2021

---

# Sanitize input problem

 *  Resolved [yellowboxtenant](https://wordpress.org/support/users/yellowboxtenant/)
 * (@yellowboxtenant)
 * [5 years, 5 months ago](https://wordpress.org/support/topic/sanitize-input-problem/)
 * It appears usernames are not sanitized before sent to ldap search. To replicate,
   add \’ in front of the username before logging in. If PHP warnings are turned
   on, you should see this:
 * `Warning: ldap_search(): Search: Bad search filter in /xxxxx/wp-content/plugins/
   authldap/ldap.php on line 204 Call Stack: 0.0005 406080 1. {main}() /xxxxx/wp-
   login.php:0 0.2600 3583480 2. wp_signon() /xxxxx/wp-login.php:1257 0.2601 3584720
   3. wp_authenticate() /xxxxx/wp-includes/user.php:95 0.2601 3584760 4. apply_filters()/
   xxxxx/wp-includes/pluggable.php:549 0.2601 3585160 5. WP_Hook->apply_filters()/
   xxxxx/wp-includes/plugin.php:212 0.2601 3586640 6. authLdap_login() /xxxxx/wp-
   includes/class-wp-hook.php:287 0.2615 3591984 7. Org_Heigl\AuthLdap\LdapList-
   >authenticate() /xxxxx/wp-content/plugins/authldap/authLdap.php:278 0.2615 3591984
   8. Org_Heigl\AuthLdap\LDAP->authenticate() /xxxxx/wp-content/plugins/authldap/
   src/LdapList.php:46 0.2835 3592352 9. Org_Heigl\AuthLdap\LDAP->search() /xxxxx/
   wp-content/plugins/authldap/ldap.php:249 0.2835 3592352 10. ldap_search() /xxxxx/
   wp-content/plugins/authldap/ldap.php:204`
 * This poses a problem for our security team, and we are unable to deploy our websites
   with your plugin active. We like using your plugin and would like to continue
   using it instead of finding an alternative.
    -  This topic was modified 5 years, 5 months ago by [yellowboxtenant](https://wordpress.org/support/users/yellowboxtenant/).

Viewing 2 replies - 1 through 2 (of 2 total)

 *  Plugin Author [heiglandreas](https://wordpress.org/support/users/heiglandreas/)
 * (@heiglandreas)
 * [5 years, 5 months ago](https://wordpress.org/support/topic/sanitize-input-problem/#post-13865719)
 * In the just released version 2.4.3 I’ve added escaping of the provided “username”
   value, so that this should not be an issue any more. All other provided informations
   come either from the administrator or directly from the LDAP and are therefore
   not considered harmful and are not escaped. The password is also not escaped 
   as that might break existing valid logins.
 * Can you check that it works as you expected?
 *  Thread Starter [yellowboxtenant](https://wordpress.org/support/users/yellowboxtenant/)
 * (@yellowboxtenant)
 * [5 years, 5 months ago](https://wordpress.org/support/topic/sanitize-input-problem/#post-13867199)
 * Yes, the fix works. Thank you!

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Sanitize input problem’ is closed to new replies.

 * ![](https://s.w.org/plugins/geopattern-icon/authldap.svg)
 * [authLdap](https://wordpress.org/plugins/authldap/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/authldap/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/authldap/)
 * [Active Topics](https://wordpress.org/support/plugin/authldap/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/authldap/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/authldap/reviews/)

 * 2 replies
 * 2 participants
 * Last reply from: [yellowboxtenant](https://wordpress.org/support/users/yellowboxtenant/)
 * Last activity: [5 years, 5 months ago](https://wordpress.org/support/topic/sanitize-input-problem/#post-13867199)
 * Status: resolved