From ef118bc9f80212bba96168a894c076245065fa60 Mon Sep 17 00:00:00 2001
From: Joshua Rogers <MegaManSec@users.noreply.github.com>
Date: Fri, 5 Sep 2025 23:04:11 +0200
Subject: [PATCH] Fix LDAP filter escaping (RFC4515)

- Correctly escape NUL byte (\0 -> \00)
- Replace hardcoded "\00" (three chars) with actual NUL
- Ensure proper hex codes:
    \  -> \5c
    (  -> \28
    )  -> \29
    *  -> \2a
    NUL -> \00

Previously, "\00" was treated as "\" (0x5c), so NULs were never escaped.
---
 ldap.php | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/ldap.php b/ldap.php
index 2b033ed..730b815 100644
--- a/ldap.php
+++ b/ldap.php
@@ -78,15 +78,17 @@ public function search($basedn, $filter, $fields = array(), $sort = array()) {
 		return false;
 	}
 
-	public static function escape($str = '') {
-		$metaChars = array("\\00", "\\", "(", ")", "*");
-		$quotedMetaChars = array();
-		foreach($metaChars as $key => $value) {
-			$quotedMetaChars[$key] = '\\'. dechex(ord($value));
-		}
-		$str = str_replace($metaChars, $quotedMetaChars, $str);
-		return $str;
-	}
+    public static function escape($str = '') {
+        // RFC4515: escape \ * ( ) NUL
+        $map = [
+            "\\"   => "\\5c",
+            "*"    => "\\2a",
+            "("    => "\\28",
+            ")"    => "\\29",
+            "\0"   => "\\00",
+        ];
+        return strtr($str, $map);
+    }
 }
 
 class LDAPConnectionFailureException extends RuntimeException {}