SF Bug #3036033 - Error if CN begins with a % sign

This commit is contained in:
Deon George 2011-04-29 12:08:38 +10:00
parent 2ea1fc6314
commit a35298e7f3
11 changed files with 57 additions and 29 deletions

View File

@ -169,7 +169,7 @@ if (get_request('meth','REQUEST') != 'ajax') {
echo '<td valign="top" align="center">';
printf('<select name="attr" onchange="ajDISPLAY(\'%s\',\'cmd=add_value_form&server_id=%s&dn=%s&attr=\'+this.value,\'%s\',\'append\');">',
'ADDATTR',$app['server']->getIndex(),rawurlencode(get_request('dn','REQUEST')),_('Please Wait'));
'ADDATTR',$app['server']->getIndex(),$request['template']->getDNEncode(),_('Please Wait'));
printf('<option value="%s">%s</option>','','');
foreach ($request['template']->getAvailAttrs() as $attribute)

View File

@ -64,11 +64,11 @@ if ($add_result) {
else if ($action_number == 2)
$redirect_url = sprintf('cmd.php?%s&template=%s&container=%s',
$href,'default',rawurlencode($request['template']->getContainer()));
$href,'default',$request['template']->getContainerEncode());
else
$redirect_url = sprintf('cmd.php?%s&template=%s&dn=%s',
$href,'default',rawurlencode($request['template']->getDN()));
$href,'default',$request['template']->getDNEncode());
if ($action_number == 1 || $action_number == 2)
printf('<meta http-equiv="refresh" content="0; url=%s" />',$redirect_url);

View File

@ -65,7 +65,7 @@ if (count($request['template']->getLDAPadd(true))) {
echo '<div>';
echo '<input type="hidden" name="cmd" value="create" />';
printf('<input type="hidden" name="server_id" value="%s" />',$app['server']->getIndex());
printf('<input type="hidden" name="container" value="%s" />',htmlspecialchars($request['template']->getContainer()));
printf('<input type="hidden" name="container" value="%s" />',$request['template']->getContainerEncode(false));
printf('<input type="hidden" name="template" value="%s" />',$request['template']->getID());
foreach ($request['template']->getRDNAttrs() as $rdn)
printf('<input type="hidden" name="rdn_attribute[]" value="%s" />',htmlspecialchars($rdn));
@ -127,7 +127,7 @@ if (count($request['template']->getLDAPadd(true))) {
} else {
$href = sprintf('cmd=template_engine&server_id=%s&dn=%s',
$app['server']->getIndex(),rawurlencode($request['dn']));
$app['server']->getIndex(),$request['template']->getDNEncode());
echo '<div style="text-align: center;">';
echo _('You made no changes');

View File

@ -64,7 +64,7 @@ if ($result) {
}
$redirect_url = sprintf('cmd.php?cmd=template_engine&server_id=%s&dn=%s',
$app['server']->getIndex(),rawurlencode($request['dn']));
$app['server']->getIndex(),$request['template']->getDNEncode());
foreach ($request['template']->getLDAPmodify() as $attr => $junk)
$redirect_url .= sprintf('&modified_attrs[]=%s',$attr);

View File

@ -42,7 +42,7 @@ if (count($request['template']->getLDAPmodify(true))) {
echo '<div>';
echo '<input type="hidden" name="cmd" value="update" />';
printf('<input type="hidden" name="server_id" value="%s" />',$app['server']->getIndex());
printf('<input type="hidden" name="dn" value="%s" />',htmlspecialchars($request['dn']));
printf('<input type="hidden" name="dn" value="%s" />',$request['template']->getDNEncode(false));
echo "\n";
$request['page']->drawHiddenAttributes();
@ -221,7 +221,7 @@ if (count($request['template']->getLDAPmodify(true))) {
} else {
$href = sprintf('cmd=template_engine&server_id=%s&dn=%s',
$app['server']->getIndex(),rawurlencode($request['dn']));
$app['server']->getIndex(),$request['template']->getDNEncode());
echo '<div style="text-align: center;">';
echo _('You made no changes');

View File

@ -57,7 +57,7 @@ class AJAXTree extends HTMLTree {
return '';
# Get our children.
$child_count = $this->readChildrenNumber($item);
$child_count = $this->readChildrenNumber($entry->getDN());
$nb = 0;
if ($first_child)
@ -81,12 +81,12 @@ class AJAXTree extends HTMLTree {
$new_code = array('1','1','0','0');
# Links
$parms['openclose'] = htmlspecialchars(sprintf('server_id=%s&dn=%s&code=%s%s',$this->getServerID(),rawurlencode($item),$code,$new_code[$nb]));
$parms['edit'] = htmlspecialchars(sprintf('cmd=template_engine&server_id=%s&dn=%s',$this->getServerID(),rawurlencode($item)));
$parms['openclose'] = htmlspecialchars(sprintf('server_id=%s&dn=%s&code=%s%s',$this->getServerID(),$entry->getDNEncode(),$code,$new_code[$nb]));
$parms['edit'] = htmlspecialchars(sprintf('cmd=template_engine&server_id=%s&dn=%s',$this->getServerID(),$entry->getDNEncode()));
$href = sprintf('cmd.php?%s',$parms['edit']);
# Each node has a unique id based on dn
$node_id = sprintf('node%s',base64_encode(sprintf('%s-%s',$server->getIndex(),$item)));
$node_id = sprintf('node%s',base64_encode(sprintf('%s-%s',$server->getIndex(),$entry->getDN())));
$node_id = str_replace('=','_',$node_id);
if ($level == 0)
@ -110,12 +110,12 @@ class AJAXTree extends HTMLTree {
echo '</a>';
}
printf('<a href="%s" onclick="return ajDISPLAY(\'BODY\',\'%s\',\'%s\');" title="%s" >',$href,$parms['edit'],_('Retrieving DN'),htmlspecialchars($item));
printf('<a href="%s" onclick="return ajDISPLAY(\'BODY\',\'%s\',\'%s\');" title="%s" >',$href,$parms['edit'],_('Retrieving DN'),htmlspecialchars($entry->getDN()));
printf('<span class="dnicon"><img id="jt%sfolder" src="%s/%s" alt="->" class="imgs" style="border: 0px; vertical-align:text-top;" /></span>',$node_id,IMGDIR,$entry->getIcon($server));
echo '</a>';
echo '&nbsp;';
printf('<a href="%s" onclick="return ajDISPLAY(\'BODY\',\'%s\',\'%s\');" title="%s" class="phplm">',$href,$parms['edit'],_('Retrieving DN'),htmlspecialchars($item));
printf('<a href="%s" onclick="return ajDISPLAY(\'BODY\',\'%s\',\'%s\');" title="%s" class="phplm">',$href,$parms['edit'],_('Retrieving DN'),htmlspecialchars($entry->getDN()));
echo $this->get_formatted_dn($entry,$level-1);
echo ($child_count ? (sprintf(' (%s%s)',$child_count,($entry->isSizeLimited() ? '+' : ''))) : '');
echo '</a>';
@ -264,7 +264,7 @@ class AJAXTree extends HTMLTree {
$output = '';
$href = sprintf('cmd=template_engine&server_id=%s&container=%s',$this->getServerID(),rawurlencode($entry->getDN()));
$href = sprintf('cmd=template_engine&server_id=%s&container=%s',$this->getServerID(),$entry->getDNEncode());
$output .= $this->get_indentation($level);
$output .= sprintf('<img src="%s" alt="--" class="imgs" style="border: 0px; vertical-align:text-top;" />',$img);

View File

@ -195,6 +195,14 @@ class Query extends xmlTemplate {
return $this->dn;
}
public function getDNEncode($url=true) {
// @todo Be nice to do all this in 1 location
if ($url)
return urlencode(preg_replace('/%([0-9a-fA-F]+)/',"%25\\1",$this->dn));
else
return preg_replace('/%([0-9a-fA-F]+)/',"%25\\1",$this->dn);
}
public function getAttrSortOrder() {
if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
debug_log('Entered (%%)',5,0,__FILE__,__LINE__,__METHOD__,$fargs);

View File

@ -273,7 +273,7 @@ class QueryRender extends PageRender {
printf('<td class="icon"><img src="%s/%s" alt="icon" /></td>',IMGDIR,get_icon($server->getIndex(),$dndetails['dn']));
printf('<td colspan="2"><a href="cmd.php?cmd=template_engine&amp;server_id=%s&amp;dn=%s">%s</a></td>',
$server->getIndex(),rawurlencode($dndetails['dn']),htmlspecialchars(get_rdn($dndetails['dn'])));
$server->getIndex(),$this->template->getDNEncode(),htmlspecialchars(get_rdn($dndetails['dn'])));
echo '</tr>';
printf('<tr class="list_item"><td class="blank">&nbsp;</td><td class="heading">dn</td><td class="value">%s</td></tr>',
@ -363,7 +363,7 @@ class QueryRender extends PageRender {
if ($_SESSION[APPCONFIG]->getValue('mass','enabled'))
printf('<td><input type="checkbox" id="ma_%s" name="dn[]" value="%s" onclick="this.checked=!this.checked;" /></td>',$j,$dndetails['dn']);
$href = sprintf('cmd=template_engine&server_id=%s&dn=%s',$server->getIndex(),rawurlencode($dndetails['dn']));
$href = sprintf('cmd=template_engine&server_id=%s&dn=%s',$server->getIndex(),$this->template->getDNEncode());
printf('<td class="icon"><a href="cmd.php?%s"><img src="%s/%s" alt="icon" /></a></td>',
htmlspecialchars($href),
IMGDIR,get_icon($server->getIndex(),$dndetails['dn']));

View File

@ -634,6 +634,14 @@ class Template extends xmlTemplate {
return $this->getRDN();
}
public function getDNEncode($url=true) {
// @todo Be nice to do all this in 1 location
if ($url)
return urlencode(preg_replace('/%([0-9a-fA-F]+)/',"%25\\1",$this->getDN()));
else
return preg_replace('/%([0-9a-fA-F]+)/',"%25\\1",$this->getDN());
}
/**
* Set the container for this template, if we are creating entries
*
@ -665,6 +673,14 @@ class Template extends xmlTemplate {
return $this->container;
}
public function getContainerEncode($url=true) {
// @todo Be nice to do all this in 1 location
if ($url)
return urlencode(preg_replace('/%([0-9a-fA-F]+)/',"%25\\1",$this->container));
else
return preg_replace('/%([0-9a-fA-F]+)/',"%25\\1",$this->container);
}
/**
* Copy a DN
*/

View File

@ -53,7 +53,7 @@ class TemplateRender extends PageRender {
parent::accept();
$this->url_base = sprintf('server_id=%s&dn=%s',
$this->getServerID(),rawurlencode($this->template->getDN()));
$this->getServerID(),$this->template->getDNEncode());
$this->layout['hint'] = sprintf('<td class="icon"><img src="%s/light.png" alt="%s" /></td><td colspan="3"><span class="hint">%%s</span></td>',
IMGDIR,_('Hint'));
$this->layout['action'] = '<td class="icon"><img src="%s/%s" alt="%s" /></td><td><a href="cmd.php?%s" title="%s">%s</a></td>';
@ -646,7 +646,7 @@ class TemplateRender extends PageRender {
} elseif ($this->template->getContext() == 'copyasnew') {
$this->drawStepFormStart($this->page);
printf('<input type="hidden" name="container" value="%s" />',htmlspecialchars($this->template->getContainer()));
printf('<input type="hidden" name="container" value="%s" />',$this->template->getContainer(false));
echo '<div><table>';
$this->drawRDNChooser();
echo '</table></div>';
@ -699,7 +699,7 @@ class TemplateRender extends PageRender {
break;
case 'modification':
$title = get_rdn($this->dn);
$title = htmlspecialchars(get_rdn($this->dn));
break;
default:
@ -1188,7 +1188,7 @@ class TemplateRender extends PageRender {
if (DEBUGTMP) printf('<font size=-2>%s</font><br />',__METHOD__);
$href = sprintf('cmd=template_engine&server_id=%s&container=%s',$this->getServerID(),rawurlencode($this->template->getDN()));
$href = sprintf('cmd=template_engine&server_id=%s&container=%s',$this->getServerID(),$this->template->getDNEncode());
if (isAjaxEnabled())
return sprintf($this->layout['actionajax'],IMGDIR,'create.png',_('Create'),
@ -1227,7 +1227,7 @@ class TemplateRender extends PageRender {
if (DEBUGTMP) printf('<font size=-2>%s</font><br />',__METHOD__);
$href = sprintf('cmd=query_engine&server_id=%s&filter=%s&base=%s&scope=one&query=none&size_limit=0&search=true',
$this->getServerID(),rawurlencode('objectClass=*'),rawurlencode($this->template->getDN()));
$this->getServerID(),rawurlencode('objectClass=*'),$this->template->getDNEncode());
if (isAjaxEnabled())
return sprintf($this->layout['actionajax'],IMGDIR,'children.png',_('Children'),
@ -1389,7 +1389,7 @@ class TemplateRender extends PageRender {
echo '<div>';
printf('<input type="hidden" name="server_id" value="%s" />',$this->getServerID());
printf('<input type="hidden" name="dn" value="%s" />',htmlspecialchars($this->template->getDN()));
printf('<input type="hidden" name="dn" value="%s" />',$this->template->getDNEncode(false));
printf('<input type="hidden" name="template" value="%s" />',$this->template->getID());
echo '</div>';
@ -1514,7 +1514,7 @@ class TemplateRender extends PageRender {
$this->drawObjectClassChooser();
} else {
printf('<input type="hidden" name="container" value="%s" />',htmlspecialchars($this->template->getContainer()));
printf('<input type="hidden" name="container" value="%s" />',$this->template->getContainerEncode(false));
echo '</div>';
echo '<table class="entry" cellspacing="0" border="0" style="margin-left: auto; margin-right: auto;">';
@ -2075,7 +2075,7 @@ function fillRec(id,value) {
if (DEBUGTMP) printf('<font size=-2>%s</font><br />',__METHOD__);
$href_parm = htmlspecialchars(sprintf('cmd=add_value_form&server_id=%s&dn=%s&attr=%s',
$this->getServerID(),rawurlencode($this->template->getDN()),rawurlencode($attribute->getName(false))));
$this->getServerID(),$this->template->getDNEncode(),rawurlencode($attribute->getName(false))));
if (isAjaxEnabled())
return sprintf('(<a href="cmd.php?%s" title="%s %s" onclick="return ajDISPLAY(\'ADDVALUE%s\',\'%s&amp;raw=1\',\'%s\',1);">%s</a>)',
@ -2093,7 +2093,7 @@ function fillRec(id,value) {
if (DEBUGTMP) printf('<font size=-2>%s</font><br />',__METHOD__);
$href_parm = htmlspecialchars(sprintf('cmd=add_value_form&server_id=%s&dn=%s&attr=%s',
$this->getServerID(),rawurlencode($this->template->getDN()),rawurlencode($attribute->getName(false))));
$this->getServerID(),$this->template->getDNEncode(),rawurlencode($attribute->getName(false))));
if (isAjaxEnabled())
return sprintf('(<a href="cmd.php?%s" title="%s %s" onclick="return ajDISPLAY(\'BODY\',\'%s\',\'%s\');">%s</a>)',
@ -2111,7 +2111,7 @@ function fillRec(id,value) {
if (DEBUGTMP) printf('<font size=-2>%s</font><br />',__METHOD__);
$href = sprintf('cmd=modify_member_form&server_id=%s&dn=%s&attr=%s',
$this->getServerID(),rawurlencode($this->template->getDN()),rawurlencode($attribute->getName()));
$this->getServerID(),$this->template->getDNEncode(),rawurlencode($attribute->getName()));
if (isAjaxEnabled())
return sprintf('(<a href="cmd.php?%s" title="%s: %s" onclick="return ajDISPLAY(\'BODY\',\'%s\',\'%s\');">%s</a>)',
@ -2130,7 +2130,7 @@ function fillRec(id,value) {
if (DEBUGTMP) printf('<font size=-2>%s</font><br />',__METHOD__);
$href = sprintf('cmd.php?cmd=rename_form&server_id=%s&dn=%s&template=%s',
$this->getServerID(),rawurlencode($this->template->getDN()),$this->template->getID());
$this->getServerID(),$this->template->getDNEncode(),$this->template->getID());
return sprintf('<small>(<a href="%s">%s</a>)</small>',htmlspecialchars($href),_('rename'));
}
@ -2285,7 +2285,7 @@ function fillRec(id,value) {
echo '<!-- This form is submitted by JavaScript when the user clicks "Delete attribute" on a binary attribute -->';
echo '<form id="delete_attribute_form" action="cmd.php?cmd=delete_attr" method="post">';
printf('<input type="hidden" name="server_id" value="%s" />',$this->getServerID());
printf('<input type="hidden" name="dn" value="%s" />',htmlspecialchars($this->template->getDN()));
printf('<input type="hidden" name="dn" value="%s" />',$this->template->getDNEncode());
printf('<input type="hidden" name="template" value="%s" />',$this->template->getID());
echo '<input type="hidden" name="attr" value="FILLED IN BY JAVASCRIPT" />';
echo '<input type="hidden" name="index" value="FILLED IN BY JAVASCRIPT" />';

View File

@ -58,6 +58,10 @@ class TreeItem {
return $this->dn;
}
public function getDNEncode() {
return urlencode(preg_replace('/%([0-9a-fA-F]+)/',"%25\\1",$this->dn));
}
/**
* Get the RDN of this tree items DN.
*