SF Bug #3036033 - Error if CN begins with a % sign
This commit is contained in:
parent
2ea1fc6314
commit
a35298e7f3
@ -169,7 +169,7 @@ if (get_request('meth','REQUEST') != 'ajax') {
|
||||
echo '<td valign="top" align="center">';
|
||||
|
||||
printf('<select name="attr" onchange="ajDISPLAY(\'%s\',\'cmd=add_value_form&server_id=%s&dn=%s&attr=\'+this.value,\'%s\',\'append\');">',
|
||||
'ADDATTR',$app['server']->getIndex(),rawurlencode(get_request('dn','REQUEST')),_('Please Wait'));
|
||||
'ADDATTR',$app['server']->getIndex(),$request['template']->getDNEncode(),_('Please Wait'));
|
||||
|
||||
printf('<option value="%s">%s</option>','','');
|
||||
foreach ($request['template']->getAvailAttrs() as $attribute)
|
||||
|
@ -64,11 +64,11 @@ if ($add_result) {
|
||||
|
||||
else if ($action_number == 2)
|
||||
$redirect_url = sprintf('cmd.php?%s&template=%s&container=%s',
|
||||
$href,'default',rawurlencode($request['template']->getContainer()));
|
||||
$href,'default',$request['template']->getContainerEncode());
|
||||
|
||||
else
|
||||
$redirect_url = sprintf('cmd.php?%s&template=%s&dn=%s',
|
||||
$href,'default',rawurlencode($request['template']->getDN()));
|
||||
$href,'default',$request['template']->getDNEncode());
|
||||
|
||||
if ($action_number == 1 || $action_number == 2)
|
||||
printf('<meta http-equiv="refresh" content="0; url=%s" />',$redirect_url);
|
||||
|
@ -65,7 +65,7 @@ if (count($request['template']->getLDAPadd(true))) {
|
||||
echo '<div>';
|
||||
echo '<input type="hidden" name="cmd" value="create" />';
|
||||
printf('<input type="hidden" name="server_id" value="%s" />',$app['server']->getIndex());
|
||||
printf('<input type="hidden" name="container" value="%s" />',htmlspecialchars($request['template']->getContainer()));
|
||||
printf('<input type="hidden" name="container" value="%s" />',$request['template']->getContainerEncode(false));
|
||||
printf('<input type="hidden" name="template" value="%s" />',$request['template']->getID());
|
||||
foreach ($request['template']->getRDNAttrs() as $rdn)
|
||||
printf('<input type="hidden" name="rdn_attribute[]" value="%s" />',htmlspecialchars($rdn));
|
||||
@ -127,7 +127,7 @@ if (count($request['template']->getLDAPadd(true))) {
|
||||
|
||||
} else {
|
||||
$href = sprintf('cmd=template_engine&server_id=%s&dn=%s',
|
||||
$app['server']->getIndex(),rawurlencode($request['dn']));
|
||||
$app['server']->getIndex(),$request['template']->getDNEncode());
|
||||
|
||||
echo '<div style="text-align: center;">';
|
||||
echo _('You made no changes');
|
||||
|
@ -64,7 +64,7 @@ if ($result) {
|
||||
}
|
||||
|
||||
$redirect_url = sprintf('cmd.php?cmd=template_engine&server_id=%s&dn=%s',
|
||||
$app['server']->getIndex(),rawurlencode($request['dn']));
|
||||
$app['server']->getIndex(),$request['template']->getDNEncode());
|
||||
|
||||
foreach ($request['template']->getLDAPmodify() as $attr => $junk)
|
||||
$redirect_url .= sprintf('&modified_attrs[]=%s',$attr);
|
||||
|
@ -42,7 +42,7 @@ if (count($request['template']->getLDAPmodify(true))) {
|
||||
echo '<div>';
|
||||
echo '<input type="hidden" name="cmd" value="update" />';
|
||||
printf('<input type="hidden" name="server_id" value="%s" />',$app['server']->getIndex());
|
||||
printf('<input type="hidden" name="dn" value="%s" />',htmlspecialchars($request['dn']));
|
||||
printf('<input type="hidden" name="dn" value="%s" />',$request['template']->getDNEncode(false));
|
||||
echo "\n";
|
||||
|
||||
$request['page']->drawHiddenAttributes();
|
||||
@ -221,7 +221,7 @@ if (count($request['template']->getLDAPmodify(true))) {
|
||||
|
||||
} else {
|
||||
$href = sprintf('cmd=template_engine&server_id=%s&dn=%s',
|
||||
$app['server']->getIndex(),rawurlencode($request['dn']));
|
||||
$app['server']->getIndex(),$request['template']->getDNEncode());
|
||||
|
||||
echo '<div style="text-align: center;">';
|
||||
echo _('You made no changes');
|
||||
|
@ -57,7 +57,7 @@ class AJAXTree extends HTMLTree {
|
||||
return '';
|
||||
|
||||
# Get our children.
|
||||
$child_count = $this->readChildrenNumber($item);
|
||||
$child_count = $this->readChildrenNumber($entry->getDN());
|
||||
|
||||
$nb = 0;
|
||||
if ($first_child)
|
||||
@ -81,12 +81,12 @@ class AJAXTree extends HTMLTree {
|
||||
$new_code = array('1','1','0','0');
|
||||
|
||||
# Links
|
||||
$parms['openclose'] = htmlspecialchars(sprintf('server_id=%s&dn=%s&code=%s%s',$this->getServerID(),rawurlencode($item),$code,$new_code[$nb]));
|
||||
$parms['edit'] = htmlspecialchars(sprintf('cmd=template_engine&server_id=%s&dn=%s',$this->getServerID(),rawurlencode($item)));
|
||||
$parms['openclose'] = htmlspecialchars(sprintf('server_id=%s&dn=%s&code=%s%s',$this->getServerID(),$entry->getDNEncode(),$code,$new_code[$nb]));
|
||||
$parms['edit'] = htmlspecialchars(sprintf('cmd=template_engine&server_id=%s&dn=%s',$this->getServerID(),$entry->getDNEncode()));
|
||||
$href = sprintf('cmd.php?%s',$parms['edit']);
|
||||
|
||||
# Each node has a unique id based on dn
|
||||
$node_id = sprintf('node%s',base64_encode(sprintf('%s-%s',$server->getIndex(),$item)));
|
||||
$node_id = sprintf('node%s',base64_encode(sprintf('%s-%s',$server->getIndex(),$entry->getDN())));
|
||||
$node_id = str_replace('=','_',$node_id);
|
||||
|
||||
if ($level == 0)
|
||||
@ -110,12 +110,12 @@ class AJAXTree extends HTMLTree {
|
||||
echo '</a>';
|
||||
}
|
||||
|
||||
printf('<a href="%s" onclick="return ajDISPLAY(\'BODY\',\'%s\',\'%s\');" title="%s" >',$href,$parms['edit'],_('Retrieving DN'),htmlspecialchars($item));
|
||||
printf('<a href="%s" onclick="return ajDISPLAY(\'BODY\',\'%s\',\'%s\');" title="%s" >',$href,$parms['edit'],_('Retrieving DN'),htmlspecialchars($entry->getDN()));
|
||||
printf('<span class="dnicon"><img id="jt%sfolder" src="%s/%s" alt="->" class="imgs" style="border: 0px; vertical-align:text-top;" /></span>',$node_id,IMGDIR,$entry->getIcon($server));
|
||||
echo '</a>';
|
||||
|
||||
echo ' ';
|
||||
printf('<a href="%s" onclick="return ajDISPLAY(\'BODY\',\'%s\',\'%s\');" title="%s" class="phplm">',$href,$parms['edit'],_('Retrieving DN'),htmlspecialchars($item));
|
||||
printf('<a href="%s" onclick="return ajDISPLAY(\'BODY\',\'%s\',\'%s\');" title="%s" class="phplm">',$href,$parms['edit'],_('Retrieving DN'),htmlspecialchars($entry->getDN()));
|
||||
echo $this->get_formatted_dn($entry,$level-1);
|
||||
echo ($child_count ? (sprintf(' (%s%s)',$child_count,($entry->isSizeLimited() ? '+' : ''))) : '');
|
||||
echo '</a>';
|
||||
@ -264,7 +264,7 @@ class AJAXTree extends HTMLTree {
|
||||
|
||||
$output = '';
|
||||
|
||||
$href = sprintf('cmd=template_engine&server_id=%s&container=%s',$this->getServerID(),rawurlencode($entry->getDN()));
|
||||
$href = sprintf('cmd=template_engine&server_id=%s&container=%s',$this->getServerID(),$entry->getDNEncode());
|
||||
|
||||
$output .= $this->get_indentation($level);
|
||||
$output .= sprintf('<img src="%s" alt="--" class="imgs" style="border: 0px; vertical-align:text-top;" />',$img);
|
||||
|
@ -195,6 +195,14 @@ class Query extends xmlTemplate {
|
||||
return $this->dn;
|
||||
}
|
||||
|
||||
public function getDNEncode($url=true) {
|
||||
// @todo Be nice to do all this in 1 location
|
||||
if ($url)
|
||||
return urlencode(preg_replace('/%([0-9a-fA-F]+)/',"%25\\1",$this->dn));
|
||||
else
|
||||
return preg_replace('/%([0-9a-fA-F]+)/',"%25\\1",$this->dn);
|
||||
}
|
||||
|
||||
public function getAttrSortOrder() {
|
||||
if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
|
||||
debug_log('Entered (%%)',5,0,__FILE__,__LINE__,__METHOD__,$fargs);
|
||||
|
@ -273,7 +273,7 @@ class QueryRender extends PageRender {
|
||||
printf('<td class="icon"><img src="%s/%s" alt="icon" /></td>',IMGDIR,get_icon($server->getIndex(),$dndetails['dn']));
|
||||
|
||||
printf('<td colspan="2"><a href="cmd.php?cmd=template_engine&server_id=%s&dn=%s">%s</a></td>',
|
||||
$server->getIndex(),rawurlencode($dndetails['dn']),htmlspecialchars(get_rdn($dndetails['dn'])));
|
||||
$server->getIndex(),$this->template->getDNEncode(),htmlspecialchars(get_rdn($dndetails['dn'])));
|
||||
echo '</tr>';
|
||||
|
||||
printf('<tr class="list_item"><td class="blank"> </td><td class="heading">dn</td><td class="value">%s</td></tr>',
|
||||
@ -363,7 +363,7 @@ class QueryRender extends PageRender {
|
||||
if ($_SESSION[APPCONFIG]->getValue('mass','enabled'))
|
||||
printf('<td><input type="checkbox" id="ma_%s" name="dn[]" value="%s" onclick="this.checked=!this.checked;" /></td>',$j,$dndetails['dn']);
|
||||
|
||||
$href = sprintf('cmd=template_engine&server_id=%s&dn=%s',$server->getIndex(),rawurlencode($dndetails['dn']));
|
||||
$href = sprintf('cmd=template_engine&server_id=%s&dn=%s',$server->getIndex(),$this->template->getDNEncode());
|
||||
printf('<td class="icon"><a href="cmd.php?%s"><img src="%s/%s" alt="icon" /></a></td>',
|
||||
htmlspecialchars($href),
|
||||
IMGDIR,get_icon($server->getIndex(),$dndetails['dn']));
|
||||
|
@ -634,6 +634,14 @@ class Template extends xmlTemplate {
|
||||
return $this->getRDN();
|
||||
}
|
||||
|
||||
public function getDNEncode($url=true) {
|
||||
// @todo Be nice to do all this in 1 location
|
||||
if ($url)
|
||||
return urlencode(preg_replace('/%([0-9a-fA-F]+)/',"%25\\1",$this->getDN()));
|
||||
else
|
||||
return preg_replace('/%([0-9a-fA-F]+)/',"%25\\1",$this->getDN());
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the container for this template, if we are creating entries
|
||||
*
|
||||
@ -665,6 +673,14 @@ class Template extends xmlTemplate {
|
||||
return $this->container;
|
||||
}
|
||||
|
||||
public function getContainerEncode($url=true) {
|
||||
// @todo Be nice to do all this in 1 location
|
||||
if ($url)
|
||||
return urlencode(preg_replace('/%([0-9a-fA-F]+)/',"%25\\1",$this->container));
|
||||
else
|
||||
return preg_replace('/%([0-9a-fA-F]+)/',"%25\\1",$this->container);
|
||||
}
|
||||
|
||||
/**
|
||||
* Copy a DN
|
||||
*/
|
||||
|
@ -53,7 +53,7 @@ class TemplateRender extends PageRender {
|
||||
parent::accept();
|
||||
|
||||
$this->url_base = sprintf('server_id=%s&dn=%s',
|
||||
$this->getServerID(),rawurlencode($this->template->getDN()));
|
||||
$this->getServerID(),$this->template->getDNEncode());
|
||||
$this->layout['hint'] = sprintf('<td class="icon"><img src="%s/light.png" alt="%s" /></td><td colspan="3"><span class="hint">%%s</span></td>',
|
||||
IMGDIR,_('Hint'));
|
||||
$this->layout['action'] = '<td class="icon"><img src="%s/%s" alt="%s" /></td><td><a href="cmd.php?%s" title="%s">%s</a></td>';
|
||||
@ -646,7 +646,7 @@ class TemplateRender extends PageRender {
|
||||
|
||||
} elseif ($this->template->getContext() == 'copyasnew') {
|
||||
$this->drawStepFormStart($this->page);
|
||||
printf('<input type="hidden" name="container" value="%s" />',htmlspecialchars($this->template->getContainer()));
|
||||
printf('<input type="hidden" name="container" value="%s" />',$this->template->getContainer(false));
|
||||
echo '<div><table>';
|
||||
$this->drawRDNChooser();
|
||||
echo '</table></div>';
|
||||
@ -699,7 +699,7 @@ class TemplateRender extends PageRender {
|
||||
break;
|
||||
|
||||
case 'modification':
|
||||
$title = get_rdn($this->dn);
|
||||
$title = htmlspecialchars(get_rdn($this->dn));
|
||||
break;
|
||||
|
||||
default:
|
||||
@ -1188,7 +1188,7 @@ class TemplateRender extends PageRender {
|
||||
|
||||
if (DEBUGTMP) printf('<font size=-2>%s</font><br />',__METHOD__);
|
||||
|
||||
$href = sprintf('cmd=template_engine&server_id=%s&container=%s',$this->getServerID(),rawurlencode($this->template->getDN()));
|
||||
$href = sprintf('cmd=template_engine&server_id=%s&container=%s',$this->getServerID(),$this->template->getDNEncode());
|
||||
|
||||
if (isAjaxEnabled())
|
||||
return sprintf($this->layout['actionajax'],IMGDIR,'create.png',_('Create'),
|
||||
@ -1227,7 +1227,7 @@ class TemplateRender extends PageRender {
|
||||
if (DEBUGTMP) printf('<font size=-2>%s</font><br />',__METHOD__);
|
||||
|
||||
$href = sprintf('cmd=query_engine&server_id=%s&filter=%s&base=%s&scope=one&query=none&size_limit=0&search=true',
|
||||
$this->getServerID(),rawurlencode('objectClass=*'),rawurlencode($this->template->getDN()));
|
||||
$this->getServerID(),rawurlencode('objectClass=*'),$this->template->getDNEncode());
|
||||
|
||||
if (isAjaxEnabled())
|
||||
return sprintf($this->layout['actionajax'],IMGDIR,'children.png',_('Children'),
|
||||
@ -1389,7 +1389,7 @@ class TemplateRender extends PageRender {
|
||||
|
||||
echo '<div>';
|
||||
printf('<input type="hidden" name="server_id" value="%s" />',$this->getServerID());
|
||||
printf('<input type="hidden" name="dn" value="%s" />',htmlspecialchars($this->template->getDN()));
|
||||
printf('<input type="hidden" name="dn" value="%s" />',$this->template->getDNEncode(false));
|
||||
printf('<input type="hidden" name="template" value="%s" />',$this->template->getID());
|
||||
echo '</div>';
|
||||
|
||||
@ -1514,7 +1514,7 @@ class TemplateRender extends PageRender {
|
||||
$this->drawObjectClassChooser();
|
||||
|
||||
} else {
|
||||
printf('<input type="hidden" name="container" value="%s" />',htmlspecialchars($this->template->getContainer()));
|
||||
printf('<input type="hidden" name="container" value="%s" />',$this->template->getContainerEncode(false));
|
||||
echo '</div>';
|
||||
|
||||
echo '<table class="entry" cellspacing="0" border="0" style="margin-left: auto; margin-right: auto;">';
|
||||
@ -2075,7 +2075,7 @@ function fillRec(id,value) {
|
||||
if (DEBUGTMP) printf('<font size=-2>%s</font><br />',__METHOD__);
|
||||
|
||||
$href_parm = htmlspecialchars(sprintf('cmd=add_value_form&server_id=%s&dn=%s&attr=%s',
|
||||
$this->getServerID(),rawurlencode($this->template->getDN()),rawurlencode($attribute->getName(false))));
|
||||
$this->getServerID(),$this->template->getDNEncode(),rawurlencode($attribute->getName(false))));
|
||||
|
||||
if (isAjaxEnabled())
|
||||
return sprintf('(<a href="cmd.php?%s" title="%s %s" onclick="return ajDISPLAY(\'ADDVALUE%s\',\'%s&raw=1\',\'%s\',1);">%s</a>)',
|
||||
@ -2093,7 +2093,7 @@ function fillRec(id,value) {
|
||||
if (DEBUGTMP) printf('<font size=-2>%s</font><br />',__METHOD__);
|
||||
|
||||
$href_parm = htmlspecialchars(sprintf('cmd=add_value_form&server_id=%s&dn=%s&attr=%s',
|
||||
$this->getServerID(),rawurlencode($this->template->getDN()),rawurlencode($attribute->getName(false))));
|
||||
$this->getServerID(),$this->template->getDNEncode(),rawurlencode($attribute->getName(false))));
|
||||
|
||||
if (isAjaxEnabled())
|
||||
return sprintf('(<a href="cmd.php?%s" title="%s %s" onclick="return ajDISPLAY(\'BODY\',\'%s\',\'%s\');">%s</a>)',
|
||||
@ -2111,7 +2111,7 @@ function fillRec(id,value) {
|
||||
if (DEBUGTMP) printf('<font size=-2>%s</font><br />',__METHOD__);
|
||||
|
||||
$href = sprintf('cmd=modify_member_form&server_id=%s&dn=%s&attr=%s',
|
||||
$this->getServerID(),rawurlencode($this->template->getDN()),rawurlencode($attribute->getName()));
|
||||
$this->getServerID(),$this->template->getDNEncode(),rawurlencode($attribute->getName()));
|
||||
|
||||
if (isAjaxEnabled())
|
||||
return sprintf('(<a href="cmd.php?%s" title="%s: %s" onclick="return ajDISPLAY(\'BODY\',\'%s\',\'%s\');">%s</a>)',
|
||||
@ -2130,7 +2130,7 @@ function fillRec(id,value) {
|
||||
if (DEBUGTMP) printf('<font size=-2>%s</font><br />',__METHOD__);
|
||||
|
||||
$href = sprintf('cmd.php?cmd=rename_form&server_id=%s&dn=%s&template=%s',
|
||||
$this->getServerID(),rawurlencode($this->template->getDN()),$this->template->getID());
|
||||
$this->getServerID(),$this->template->getDNEncode(),$this->template->getID());
|
||||
|
||||
return sprintf('<small>(<a href="%s">%s</a>)</small>',htmlspecialchars($href),_('rename'));
|
||||
}
|
||||
@ -2285,7 +2285,7 @@ function fillRec(id,value) {
|
||||
echo '<!-- This form is submitted by JavaScript when the user clicks "Delete attribute" on a binary attribute -->';
|
||||
echo '<form id="delete_attribute_form" action="cmd.php?cmd=delete_attr" method="post">';
|
||||
printf('<input type="hidden" name="server_id" value="%s" />',$this->getServerID());
|
||||
printf('<input type="hidden" name="dn" value="%s" />',htmlspecialchars($this->template->getDN()));
|
||||
printf('<input type="hidden" name="dn" value="%s" />',$this->template->getDNEncode());
|
||||
printf('<input type="hidden" name="template" value="%s" />',$this->template->getID());
|
||||
echo '<input type="hidden" name="attr" value="FILLED IN BY JAVASCRIPT" />';
|
||||
echo '<input type="hidden" name="index" value="FILLED IN BY JAVASCRIPT" />';
|
||||
|
@ -58,6 +58,10 @@ class TreeItem {
|
||||
return $this->dn;
|
||||
}
|
||||
|
||||
public function getDNEncode() {
|
||||
return urlencode(preg_replace('/%([0-9a-fA-F]+)/',"%25\\1",$this->dn));
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the RDN of this tree items DN.
|
||||
*
|
||||
|
Loading…
Reference in New Issue
Block a user