Escape values provided by user

[foglcz]

As in #2 , the values coming either from user and/or LDAP itself, can contain unescaped sequences.

Escape values properly, ie. using this -> http://php.net/manual/en/function.ldap-escape.php

For example, a comma is a wrong character, that when unescaped, throws an exception during search. Comma could be there, because you can have a group name:

HSBC (Pvt.) Ltd., Asia
(^ the character needing escaping is a comma, which will get escaped by LDAP. NEEDS TESTING!!)

Backend tests:

• Groupname with a backslash
• Groupname with a comma
• Groupname with backslash, that is member of a group of the user
• Groupname with comma, that is member of a group of the user

"Frontend" tests - supply values to authenticator:

• Comma in a username
• Dot in a username
• Backslash in a username

[josefsabl]

I just found out, that ldap_escape is in PHP 5.6 and up and simply using it would be bc break as ldap-authenticator supports php 5.3.2 and up.

Here http://stackoverflow.com/questions/8560874/php-ldap-add-function-to-escape-ldap-special-characters-in-dn-syntax is an example of how to escape the sequence manually.