From d1c06a93df661d6afffcd7cd9cdc7433f3c52c12 Mon Sep 17 00:00:00 2001
From: Tom Hukins <tom@eborcom.com>
Date: Wed, 8 Jun 2016 06:27:52 +0100
Subject: [PATCH 1/2] Fix a typo (#5306)

---
 conf/defaults.ini | 2 +-
 conf/sample.ini   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/conf/defaults.ini b/conf/defaults.ini
index e7c3554340f..99a105fba36 100644
--- a/conf/defaults.ini
+++ b/conf/defaults.ini
@@ -293,7 +293,7 @@ facility =
 # Syslog tag. By default, the process' argv[0] is used.
 tag =
 
-#################################### AMPQ Event Publisher ##########################
+#################################### AMQP Event Publisher ##########################
 [event_publisher]
 enabled = false
 rabbitmq_url = amqp://localhost/
diff --git a/conf/sample.ini b/conf/sample.ini
index 7a1099d35af..6d6c6e0e9fd 100644
--- a/conf/sample.ini
+++ b/conf/sample.ini
@@ -261,7 +261,7 @@ check_for_updates = true
 # Expired days of log file(delete after max days), default is 7
 ;max_days = 7
 
-#################################### AMPQ Event Publisher ##########################
+#################################### AMQP Event Publisher ##########################
 [event_publisher]
 ;enabled = false
 ;rabbitmq_url = amqp://localhost/

From 22cda198aedfacaa93e2666e54db963ab93825a8 Mon Sep 17 00:00:00 2001
From: Karl <karl@theangryangel.co.uk>
Date: Wed, 8 Jun 2016 06:28:16 +0100
Subject: [PATCH 2/2] Apply EscapeFilter to username to address
 grafana/grafana#5121 (#5279)

---
 pkg/login/ldap.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkg/login/ldap.go b/pkg/login/ldap.go
index 0c817c9df0b..e02c59e1823 100644
--- a/pkg/login/ldap.go
+++ b/pkg/login/ldap.go
@@ -291,7 +291,7 @@ func (a *ldapAuther) searchForUser(username string) (*ldapUserInfo, error) {
 				a.server.Attr.Name,
 				a.server.Attr.MemberOf,
 			},
-			Filter: strings.Replace(a.server.SearchFilter, "%s", username, -1),
+			Filter: strings.Replace(a.server.SearchFilter, "%s", ldap.EscapeFilter(username), -1),
 		}
 
 		searchResult, err = a.conn.Search(&searchReq)
@@ -324,7 +324,7 @@ func (a *ldapAuther) searchForUser(username string) (*ldapUserInfo, error) {
 			if a.server.GroupSearchFilterUserAttribute == "" {
 				filter_replace = getLdapAttr(a.server.Attr.Username, searchResult)
 			}
-			filter := strings.Replace(a.server.GroupSearchFilter, "%s", filter_replace, -1)
+			filter := strings.Replace(a.server.GroupSearchFilter, "%s", ldap.EscapeFilter(filter_replace), -1)
 
 			if ldapCfg.VerboseLogging {
 				log.Info("LDAP: Searching for user's groups: %s", filter)