nyx/tests/fixtures/ldap_injection/php/unsafe_ldap_search.php

<?php
// Unsafe: $_GET['user'] concatenated into an LDAP filter and passed straight
// to ldap_search.  LDAP_INJECTION fires on the filter argument.
$ds = ldap_connect("ldap://example.com");
$user = $_GET['user'];
$filter = "(uid=" . $user . ")";
$result = ldap_search($ds, "ou=people,dc=example,dc=com", $filter);
new capacity bits (#67) 2026-05-07 01:29:31 -04:00			`<?php`
			`// Unsafe: $_GET['user'] concatenated into an LDAP filter and passed straight`
			`// to ldap_search. LDAP_INJECTION fires on the filter argument.`
			`$ds = ldap_connect("ldap://example.com");`
			`$user = $_GET['user'];`
			`$filter = "(uid=" . $user . ")";`
			`$result = ldap_search($ds, "ou=people,dc=example,dc=com", $filter);`