deon/phpldapadmin
1
0
Fork 0
Code Issues 36 Pull Requests Packages Projects Releases Wiki Activity

don't apply preventXSS on 'filter' parameters in export and search (#168)

Browse Source 
fixes #98
This commit is contained in:
bendem 2023-01-20 10:08:49 +01:00 committed by GitHub
parent d09aa72a42
commit 364c0565a2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/copy.php
View File

@ -41,7 +41,7 @@ $request['recursive'] = (get_request('recursive') == 'on') ? true : false;
$request['remove'] = (get_request('remove') == 'yes') ? true : false;
if ($request['recursive']) {
$filter = get_request('filter','POST',false,'(objectClass=*)');
$filter = get_request('filter','POST',false,'(objectClass=*)',false);
# Build a tree similar to that of the tree browser to give to r_copy_dn
$ldap['tree'] = array();

2
htdocs/export_form.php
View File

@ -17,7 +17,7 @@ $request['dn'] = get_request('dn','GET',false,'');
$request['format'] = get_request('format','GET',false,get_line_end_format());
$request['scope'] = get_request('scope','GET',false,'base');
$request['exporter_id'] = get_request('exporter_id','GET',false,'LDIF');
$request['filter'] = get_request('filter','GET',false,'(objectClass=*)');
$request['filter'] = get_request('filter','GET',false,'(objectClass=*)',false);
$request['attr'] = get_request('attributes','GET',false,'*');
$request['sys_attr'] = get_request('sys_attr','GET') ? true: false;

2
lib/Query.php
View File

@ -134,7 +134,7 @@ class Query extends xmlTemplate {
# If this is a custom search, we need to populate are paramters
if ($this->getID() == 'none') {
$bases = get_request('base','REQUEST',false,null);
$query['filter'] = get_request('filter','REQUEST',false,'objectClass=*');
$query['filter'] = get_request('filter','REQUEST',false,'objectClass=*',false);
$query['scope'] = get_request('scope','REQUEST',false,'sub');
$attrs = get_request('display_attrs','REQUEST',false,'');

2
lib/export_functions.php
View File

@ -125,7 +125,7 @@ abstract class Export {
$query = array();
$base = get_request('dn','REQUEST');
$query['baseok'] = true;
$query['filter'] = get_request('filter','REQUEST',false,'objectclass=*');
$query['filter'] = get_request('filter','REQUEST',false,'objectclass=*',false);
$query['scope'] = get_request('scope','REQUEST',false,'base');
$query['deref'] = $_SESSION[APPCONFIG]->getValue('deref','export');
$query['size_limit'] = 0;