From fc0edc8e2fa02ddfed672a239a936aaa783caf08 Mon Sep 17 00:00:00 2001
From: nilsteampassnet <nils@teampass.net>
Date: Thu, 4 May 2023 14:12:14 +0200
Subject: [PATCH] 3.0.7

Fix for #3699
---
 sources/admin.queries.php | 2 +-
 sources/ldap.queries.php  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/sources/admin.queries.php b/sources/admin.queries.php
index 0c214d50b..df6bb4bb6 100755
--- a/sources/admin.queries.php
+++ b/sources/admin.queries.php
@@ -2687,7 +2687,7 @@
         );
 
         // prepare data
-        $post_value = filter_var($dataReceived['value'], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+        $post_value = filter_var($dataReceived['value'], FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
         $post_field = filter_var($dataReceived['field'], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
         
         require_once 'main.functions.php';
diff --git a/sources/ldap.queries.php b/sources/ldap.queries.php
index 68a50566c..1b78bf9f2 100755
--- a/sources/ldap.queries.php
+++ b/sources/ldap.queries.php
@@ -137,7 +137,7 @@
 
         // prepare variables
         $post_username = filter_var($dataReceived['username'], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
-        $post_password = filter_var($dataReceived['password'], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+        $post_password = filter_var($dataReceived['password'], FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
 
         // Build ldap configuration array
         $config = [