Added a function for LDAP input sanitization.

[Heikkips]

Added a function for sanitizing input strings before LDAP operations.
@link https://www.owasp.org/index.php/LDAP_injection

This can be used to sanitize the input of several oxAuth endpoints e.g.:

return StringHelper.sanitizeLdapInput(authorizationParameter.substring(prefix.length()));

AuthorizationGrant authorizationGrant = authorizationGrantList.getAuthorizationGrantByAccessToken(StringHelper.sanitizeLdapInput(accessToken));

[mzico]

@yurem ^

[nynymike]

I'm not sure oxCore is the right place to do this. You may end up sanitizing all input, not just input from the end user. Personally, I would do this in the authn interception script. Futhermore, I think Weld has some built in protection for escaping user input.

[yurem]

Line from oxAuth builds filter like Filter.create(String.format("oxAuthTokenCode=%s", TokenHashUtil.getHashedToken(p_code))

According to UnboidID SDK docs it already has sanitizing support:
It is safer, since if the assertion value may be based on user input then it is not necessary to worry about sanitizing the data or the possibility of injection attacks.

Can you provide example of invalid input to allow us double check it.