Merge branch '4.4' into 5.0

* 4.4:
  [FrameworkBundle] Fix session.attribute_bag service definition
  [Routing] Remove unused properties from the Route annotation
  [Routing] Add missing _locale requirements
  Update LdapBindAuthenticationProvider.php
  Add reproducer to for hit after update expire cacheItem
  [Cache] fix FilesystemTagAwareAdapter failing when a tag link preexists

Author: nicolas-grekas

Authentication/Provider/LdapBindAuthenticationProvider.php

@@ -82,14 +82,13 @@ protected function checkAuthentication(UserInterface $user, UsernamePasswordToke
         }
 
         try {
-            $username = $this->ldap->escape($username, '', LdapInterface::ESCAPE_DN);
-
             if ($this->queryString) {
                 if ('' !== $this->searchDn && '' !== $this->searchPassword) {
                     $this->ldap->bind($this->searchDn, $this->searchPassword);
                 } else {
                     throw new LogicException('Using the "query_string" config without using a "search_dn" and a "search_password" is not supported.');
                 }
+                $username = $this->ldap->escape($username, '', LdapInterface::ESCAPE_FILTER);
                 $query = str_replace('{username}', $username, $this->queryString);
                 $result = $this->ldap->query($this->dnString, $query)->execute();
                 if (1 !== $result->count()) {
@@ -98,6 +97,7 @@ protected function checkAuthentication(UserInterface $user, UsernamePasswordToke
 
                 $dn = $result[0]->getDn();
             } else {
+                $username = $this->ldap->escape($username, '', LdapInterface::ESCAPE_DN);
                 $dn = str_replace('{username}', $username, $this->dnString);
             }