RELEASE 0.9.8.5

This commit is contained in:
Deon George 2009-06-30 20:28:51 +10:00
parent c131e8b479
commit c3713350e2
15 changed files with 141 additions and 68 deletions

View File

@ -1,5 +1,5 @@
<?php
// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/create_form.php,v 1.31.2.5 2005/12/31 04:21:37 wurley Exp $
// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/Attic/create_form.php,v 1.31.2.5 2005/12/31 04:21:37 wurley Exp $
/**
* The menu where the user chooses an RDN, Container, and Template for creating a new entry.

View File

@ -1,4 +1,4 @@
/* $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/css/style.css,v 1.44.4.2 2005/12/06 22:00:54 wurley Exp $ */
/* $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/css/style.css,v 1.44.4.3 2008/11/28 14:21:37 wurley Exp $ */
span.hint {
font-size: small;
font-weight: normal;
@ -35,7 +35,7 @@ table.schema_attr th {
padding: 5px;
color: white;
font-weight: bold;
font-size: 125%;
font-size: 100%;
}
table.schema_attr td {
@ -163,7 +163,7 @@ a img {
body {
font-family: arial, helvetica, sans-serif;
background-color: white;
font-size: 12pt;
font-size: 10pt;
}
table.tree tr.login td {
@ -204,7 +204,7 @@ table.tree tr.server td {
padding-top: 15px;
padding-bottom: 0px;
vertical-align: top;
font-size: 20px;
font-size: 12px;
text-align: left;
}
@ -212,7 +212,7 @@ table.tree td.icon {
text-align: center;
padding: 0px;
width: 14px;
font-size: 1px;
font-size: 10px;
}
table.tree td.rdn {
@ -267,7 +267,7 @@ h3.title {
background-color: #018;
border: 1px solid black;
font-weight: normal;
font-size: 150%;
font-size: 140%;
}
h3.subtitle {
@ -317,14 +317,14 @@ table.edit_dn input {
}
table.edit_dn input.val {
font-size: 14px;
font-size: 12px;
width: 350px;
font-family: arial, helvetica, sans-serif;
background-color: white;
}
table.edit_dn textarea.val {
font-size: 14px;
font-size: 12px;
width: 350px;
font-family: arial, helvetica, sans-serif;
background-color: white;
@ -418,7 +418,7 @@ input.update_dn {
}
small {
font-size: 10pt;
font-size: 8pt;
}
form.edit_dn {
@ -433,7 +433,7 @@ h4.oclass {
margin-top: 8px;
font-weight: normal;
border: 1px solid black;
font-size: 140%;
font-size: 120%;
color: white;
}
@ -595,7 +595,7 @@ table.create td.heading {
}
table.create td.name {
font-size: 13px;
font-size: 11px;
width: 350px;
}
@ -642,7 +642,7 @@ table.export_form {
}
table.export_form tr td {
font-size: 13px;
font-size: 11px;
text-align: left;
vertical-align: top;
padding: 4px;

View File

@ -1,5 +1,5 @@
<?php
// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/entry_chooser.php,v 1.27.2.4 2005/12/31 03:13:48 wurley Exp $
// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/entry_chooser.php,v 1.27.2.5 2008/11/28 14:21:37 wurley Exp $
/**
* Display a selection (popup window) to pick a DN.
@ -70,7 +70,9 @@ if (isset($ldapserver) && $container !== false) {
else
foreach ($dn_list as $dn) {
$href = sprintf("javascript:returnDN('%s%s')",($rdn ? "$rdn," : ''),$dn);
$href = sprintf("javascript:returnDN('%s%s')",
($rdn ? '"'.htmlspecialchars(dn_js_escape($rdn)).',"' : ''),
htmlspecialchars(dn_js_escape($dn)));
echo '&nbsp;&nbsp;&nbsp;';
printf('<a href="entry_chooser.php?server_id=%s&amp;form_element=%s&amp;rdn=%s&amp;container=%s"><img src="images/plus.png" /></a>',
$ldapserver->server_id,$return_form_element,$rdn,rawurlencode($dn));

View File

@ -1,5 +1,5 @@
<?php
// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/help.php,v 1.5 2005/02/26 12:35:05 wurley Exp $
// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/Attic/help.php,v 1.5 2005/02/26 12:35:05 wurley Exp $
/**
* @package phpLDAPadmin

View File

@ -1,5 +1,5 @@
<?php
// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/login_form.php,v 1.25.4.2 2005/12/11 09:03:07 wurley Exp $
// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/login_form.php,v 1.25.4.3 2008/11/28 14:21:37 wurley Exp $
/**
* Displays the login form for a server for users who specify 'cookie' or 'session' for their auth_type.
@ -69,12 +69,6 @@ include './header.php'; ?>
<center>
<table class="login">
<?php if( $ldapserver->isAnonBindAllowed() ) { ?>
<tr>
<td colspan="2"><small><label for="anonymous_bind_checkbox"><?php echo _('Anonymous Bind'); ?></label></small> <input type="checkbox" name="anonymous_bind" onclick="toggle_disable_login_fields(this)" id="anonymous_bind_checkbox"/></td>
</tr>
<?php } ?>
<tr>
<td><small>
<?php
@ -94,7 +88,15 @@ else
</tr>
<tr>
<td colspan="2"><center><input type="submit" name="submit" value="<?php echo _('Authenticate'); ?>" /></center></td>
<td colspan="2" align="center" valign="bottom">
<input type="submit" name="submit" value="<?php echo _('Authenticate'); ?>" />
<?php if( $ldapserver->isAnonBindAllowed() ) { ?>
&nbsp;&nbsp;&nbsp;
<input type="checkbox" name="anonymous_bind" onclick="toggle_disable_login_fields(this)"
id="anonymous_bind_checkbox"/>&nbsp;
<small><label for="anonymous_bind_checkbox"><?php echo _('Anonymous Bind'); ?></label></small>
<?php } ?>
</td>
</tr>
</table>
</center>

View File

@ -1,5 +1,5 @@
<?php
// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/rename.php,v 1.29.2.3 2005/12/08 11:54:19 wurley Exp $
// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/rename.php,v 1.29.2.4 2008/11/28 14:21:37 wurley Exp $
/**
* Renames a DN to a different name.
@ -47,13 +47,13 @@ if (count($new_dn_value) != 2 || ! isset($new_dn_value[1]))
$new_dn_attr = $new_dn_value[0];
$new_dn_value = $new_dn_value[1];
$success = run_hook('pre_rename_entry',array('server_id'=>$ldapserver->server_id,'old_dn'=>$dn,'new_dn'=>$new_dn_value));
$success = run_hook('pre_rename_entry',array('server_id'=>$ldapserver->server_id,'old_dn'=>dn_escape($dn),'new_dn'=>dn_escape($new_dn_value)));
if ($success) {
$success = false;
$deleteoldrdn = $old_dn_attr == $new_dn_attr;
$success = $ldapserver->rename($dn,$new_rdn,$container,$deleteoldrdn);
$success = $ldapserver->rename(dn_escape($dn),dn_escape($new_rdn),$container,$deleteoldrdn);
} else {
pla_error(_('Could not rename the entry') );

View File

@ -1,5 +1,5 @@
<?php
// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/template_engine.php,v 1.26.2.38 2007/03/21 23:16:06 wurley Exp $
// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/template_engine.php,v 1.26.2.40 2008/11/28 14:21:37 wurley Exp $
/**
* Template render engine.
@ -38,7 +38,7 @@ if (isset($_REQUEST['dn'])) {
if (! $ldapserver->haveAuthInfo())
pla_error(_('Not enough information to login to server. Please check your configuration.'));
$ldapserver->dnExists($dn)
$ldapserver->dnExists(dn_escape($dn))
or pla_error(sprintf(_('No such entry: %s'),pretty_print_dn($dn)));
$rdn = get_rdn($dn);
@ -870,15 +870,46 @@ foreach ($template['attrs'] as $attr => $vals) {
echo '</small>';
} else
} else {
if (is_dn_string($val) || $ldapserver->isDNAttr($attr))
if ($ldapserver->dnExists($val)) {
printf('<a title="'._('Go to %s').
'" href="template_engine.php?server_id=%s&amp;dn=%s"><img '.
'style="vertical-align: top" src="images/go.png" alt="Go" '.
'/>&nbsp;%s</a>&nbsp;',
htmlspecialchars($val),$ldapserver->server_id,
rawurlencode($val),dn_unescape($val));
} else {
printf('<a title="'._('DN not available %s').'"><img '.
'style="vertical-align: top" src="images/nogo.png" alt="N/E" '.
'/>&nbsp;%s</a>&nbsp;',
htmlspecialchars($val),$ldapserver->server_id,
rawurlencode($val),dn_unescape($val));
}
elseif (is_mail_string($val))
printf('<img style="vertical-align: center" src="images/mail.png"'.
' alt="Mail" />&nbsp;<a href="mailto:%s">%s</a>&nbsp;',
htmlspecialchars($val),$val);
elseif (is_url_string($val))
printf('<img style="vertical-align: center" src="images/dc.png" '.
'alt="URL" />&nbsp;<a href="%s" target="new">%s</a>&nbsp;',
htmlspecialchars($val),$val);
else
echo htmlspecialchars($val).'<br />';
}
}
}
if (! strcasecmp($attr,'userPassword') && isset($user_password))
printf('<small><a href="javascript:passwordComparePopup(\'%s\')">%s</a></small>',base64_encode($user_password),_('Check password...'));
if (preg_match("/^${attr}=/",$rdn))
if (preg_match("/^${attr}=/",$rdn) &&
!($ldapserver->isReadOnly() || $ldapserver->isAttrReadOnly($attr)))
printf('<small>(<a href="%s">%s</a>)</small>',$rename_href,_('rename'));
echo '</td>';
@ -1038,9 +1069,9 @@ foreach ($template['attrs'] as $attr => $vals) {
printf('<a href="%s" target="new"><img style="vertical-align: center" src="images/dc.png" alt="URL" /></a>&nbsp;',htmlspecialchars($val));
if ($ldapserver->isMultiLineAttr($attr,$val))
printf('<textarea class="val" rows="3" cols="50" name="%s" id="%s">%s</textarea>',$input_name,$input_id,htmlspecialchars($val));
printf('<textarea class="val" rows="3" cols="50" name="%s" id="%s">%s</textarea>',$input_name,$input_id,htmlspecialchars(dn_unescape($val)));
else
printf('<input type="text" class="val" name="%s" id="%s" value="%s" />&nbsp;',$input_name,$input_id,htmlspecialchars($val));
printf('<input type="text" class="val" name="%s" id="%s" value="%s" />&nbsp;',$input_name,$input_id,htmlspecialchars(dn_unescape($val)));
/* draw a link for popping up the entry browser if this is the type of attribute
that houses DNs. */
@ -1071,8 +1102,12 @@ foreach ($template['attrs'] as $attr => $vals) {
$description = isset($group['description']) ? $group['description'] : null;
if ($description)
if (is_array($description)) {
foreach ($description as $item)
printf(' (%s)',htmlspecialchars($item));
} else {
printf(' (%s)',htmlspecialchars($description));
}
echo '</small>';
}

View File

@ -1,5 +1,5 @@
<?php
// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/tree.php,v 1.88.4.10 2007/03/18 03:16:06 wurley Exp $
// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/Attic/tree.php,v 1.88.4.10 2007/03/18 03:16:06 wurley Exp $
/**
* This script displays the LDAP tree for all the servers that you have

View File

@ -1,5 +1,5 @@
<?php
// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/update.php,v 1.25.2.6 2006/01/14 23:33:39 wurley Exp $
// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/update.php,v 1.25.2.7 2008/11/28 14:21:37 wurley Exp $
/**
* Updates or deletes a value from a specified attribute for a specified dn.
@ -49,28 +49,35 @@ $failed_attrs = array();
if (! is_array($update_array))
pla_error(_('update_array is malformed. This might be a phpLDAPadmin bug. Please report it.'));
run_hook ('pre_update',array('server_id'=>$ldapserver->server_id,'dn'=>$dn,'update_array'=>$update_array));
# Check for delete attributes (indicated by the attribute entry appearing like this: attr => ''
foreach ($update_array as $attr => $val)
if (! is_array($val))
foreach ($update_array as $attr => $val) {
if (! is_array($val)) {
if (array_key_exists($attr,$skip_array))
unset($update_array[$attr]);
elseif ($val == '')
$update_array[$attr] = array();
# Skip change
else
else {
if (is_dn_string($val) || $ldapserver->isDNAttr($attr))
$val=dn_escape($val);
$update_array[$attr] = $val;
else
}
} else {
if (array_key_exists($attr,$skip_array))
unset($update_array[$attr]);
else
foreach ($val as $i => $v)
foreach ($val as $i => $v) {
if (is_dn_string($v) || $ldapserver->isDNAttr($attr))
$v=dn_escape($v);
$update_array[$attr][$i] = $v;
}
}
}
run_hook ('pre_update',array('server_id'=>$ldapserver->server_id,'dn'=>$dn,'update_array'=>$update_array));
#die();
/* Call the custom callback for each attribute modification
and verify that it should be modified.*/

View File

@ -1,5 +1,5 @@
<?php
// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/update_confirm.php,v 1.43.2.12 2007/03/18 03:16:06 wurley Exp $
// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/update_confirm.php,v 1.43.2.13 2008/11/28 14:21:37 wurley Exp $
/**
* Takes the results of clicking "Save" in template_engine.php and determines which
@ -151,15 +151,15 @@ if (count($update_array) > 0) {
if (obfuscate_password_display(get_enc_type($old_values[$attr][$key])))
echo preg_replace('/./','*',$old_values[$attr][$key]).'<br />';
else
echo nl2br(htmlspecialchars($old_values[$attr][$key])).'<br />';
echo nl2br(htmlspecialchars(dn_unescape($old_values[$attr][$key]))).'<br />';
}
} elseif (is_array($old_values[$attr]))
foreach ($old_values[$attr] as $v)
echo nl2br(htmlspecialchars($v)).'<br />';
echo nl2br(htmlspecialchars(dn_unescape($v))).'<br />';
else
echo nl2br(htmlspecialchars($old_values[$attr])).'<br />';
echo nl2br(htmlspecialchars(dn_unescape($old_values[$attr]))).'<br />';
echo '</span></td>';
echo '<td><span style="white-space: nowrap;">';
@ -172,7 +172,7 @@ if (count($update_array) > 0) {
if (obfuscate_password_display(get_enc_type($new_val[$key])))
echo preg_replace('/./','*',$new_val[$key]).'<br />';
else
echo htmlspecialchars($new_val[$key]).'<br />';
echo htmlspecialchars(dn_unescape($new_val[$key])).'<br />';
}
}
@ -185,7 +185,7 @@ if (count($update_array) > 0) {
$update_array[$attr] = array_values($update_array[$attr]);
} else {
echo nl2br(htmlspecialchars($v)).'<br />';
echo nl2br(htmlspecialchars(dn_unescape($v))).'<br />';
}
}
}

View File

@ -1,5 +1,5 @@
<?php
// $Header: /cvsroot/phpldapadmin/phpldapadmin/lib/functions.php,v 1.283.2.39 2007/03/18 03:12:10 wurley Exp $
// $Header: /cvsroot/phpldapadmin/phpldapadmin/lib/functions.php,v 1.283.2.42 2008/11/28 14:21:37 wurley Exp $
/**
* A collection of functions used throughout phpLDAPadmin.
@ -316,6 +316,10 @@ function pla_compare_dns($dn1,$dn2) {
$dn1_parts = pla_explode_dn(pla_reverse_dn($dn1));
$dn2_parts = pla_explode_dn(pla_reverse_dn($dn2));
if (! $dn1_parts || ! $dn2_parts)
return;
assert(is_array($dn1_parts));
assert(is_array($dn2_parts));
@ -1688,23 +1692,45 @@ function pla_explode_dn($dn,$with_attributes=0) {
}
/**
* Parse a DN and escape any special characters
* Parse a DN and escape any special characters (rfc2253)
*/
function dn_escape($dn) {
$olddn = $dn;
# Check if the RDN has a comma and escape it.
while (preg_match('/([^\\\\]),(\s*[^=]*\s*),/',$dn))
$dn = preg_replace('/([^\\\\]),(\s*[^=]*\s*),/','$1\\\\2C$2,',$dn);
$dn = preg_replace('/([^\\\\]),(\s*[^=]*\s*)([^,])$/','$1\\\\2C$2$3',$dn);
#
# http://rfc.net/rfc2253.html
# special = '"' / "," / "=" / "+" / "<" / ">" / "#" / ";"
# Check if the RDN has special chars escape them.
# - only simplest cases are dealt with
# TODO: '=' unhandled
# ';' may be used instead of ',' but its use is discouraged
while (preg_match('/([^\\\\])[;,](\s*[^=]*\s*)([;,]|$)/',$dn)) {
$dn = preg_replace('/([^\\\\]),(\s*[^=]*\s*)([;,]|$)/','$1\\\\2c$2$3',$dn);
$dn = preg_replace('/([^\\\\]);(\s*[^=]*\s*)([;,]|$)/','$1\\\\3b$2$3',$dn);
}
$dn = preg_replace('/([^\\\\])\+/','$1\\\\2b',$dn);
$dn = preg_replace('/([^\\\\])"/','$1\\\\22',$dn);
$dn = preg_replace('/([^\\\\])#([^0-9a-f]|$)/i','$1\\\\23$2',$dn);
$dn = preg_replace('/([^\\\\])>/','$1\\\\3e',$dn);
$dn = preg_replace('/([^\\\\])</','$1\\\\3c',$dn);
if (DEBUG_ENABLED)
debug_log('dn_escape(): Entered with (%s), Returning (%s)',1,$olddn,$dn);
return $dn;
}
/**
* Parse a DN and escape any special characters for use in javascript selection
*/
function dn_js_escape($dn) {
$olddn = $dn;
#
$dn = preg_replace('/([^\\\\])\'/','$1\\\\\'',$dn);
if (DEBUG_ENABLED)
debug_log('dn_js_escape(): Entered with (%s), Returning (%s)',1,$olddn,$dn);
return $dn;
}
/**
* Parse a DN and unescape any special characters
*/
@ -1835,6 +1861,7 @@ function pla_reverse_dn($dn) {
if (DEBUG_ENABLED)
debug_log('pla_reverse_dn(): Entered with (%s)',1,$dn);
$rev = '';
foreach (pla_explode_dn($dn) as $key => $branch) {
// pla_expode_dn returns the array with an extra count attribute, we can ignore that.
@ -2274,8 +2301,8 @@ function shadow_date( $attrs, $attr) {
if (DEBUG_ENABLED)
debug_log('shadow_date(): Entered with (%s,%s)',1,$attrs,$attr);
$shadowLastChange = isset($attrs['shadowLastChange']) ? $attrs['shadowLastChange'][0] : null;
$shadowMax = isset($attrs['shadowMax']) ? $attrs['shadowMax'][0] : null;
$shadowLastChange = isset($attrs['shadowLastChange']) ? $attrs['shadowLastChange'] : null;
$shadowMax = isset($attrs['shadowMax']) ? $attrs['shadowMax'] : null;
if( 0 == strcasecmp( $attr, 'shadowLastChange' ) && $shadowLastChange)
$shadow_date = $shadowLastChange;

View File

@ -1,5 +1,5 @@
<?php
/* $Header: /cvsroot/phpldapadmin/phpldapadmin/lib/server_functions.php,v 1.34.2.32 2007/03/18 01:57:18 wurley Exp $ */
/* $Header: /cvsroot/phpldapadmin/phpldapadmin/lib/server_functions.php,v 1.34.2.33 2008/11/28 14:21:37 wurley Exp $ */
/**
* Classes and functions for LDAP server configuration and capability
@ -1698,16 +1698,16 @@ class LDAPserver {
switch ($scope) {
case 'base':
$search = @ldap_read($resource,$base_dn,$filter,$attrs,0,$size_limit,0,$deref);
$search = @ldap_read($resource,dn_escape($base_dn),$filter,$attrs,0,$size_limit,0,$deref);
break;
case 'one':
$search = @ldap_list($resource,$base_dn,$filter,$attrs,0,$size_limit,0,$deref);
$search = @ldap_list($resource,dn_escape($base_dn),$filter,$attrs,0,$size_limit,0,$deref);
break;
case 'sub':
default:
$search = @ldap_search($resource,$base_dn,$filter,$attrs,0,$size_limit,0,$deref);
$search = @ldap_search($resource,dn_escape($base_dn),$filter,$attrs,0,$size_limit,0,$deref);
break;
}

View File

@ -1,5 +1,5 @@
<?php
// $Header: /cvsroot/phpldapadmin/phpldapadmin/lib/tree_functions.php,v 1.20.2.23 2007/03/18 03:21:18 wurley Exp $
// $Header: /cvsroot/phpldapadmin/phpldapadmin/lib/Attic/tree_functions.php,v 1.20.2.23 2007/03/18 03:21:18 wurley Exp $
/**
* @package phpLDAPadmin

View File

@ -1,5 +1,5 @@
<?php
// $Header: /cvsroot/phpldapadmin/phpldapadmin/templates/creation/custom.php,v 1.43.2.6 2006/03/01 01:04:05 wurley Exp $
// $Header: /cvsroot/phpldapadmin/phpldapadmin/templates/creation/Attic/custom.php,v 1.43.2.6 2006/03/01 01:04:05 wurley Exp $
$rdn = isset($_POST['rdn']) ? $_POST['rdn'] : null;
$container = $_POST['container'];

View File

@ -1,5 +1,5 @@
<?php
// $Header: /cvsroot/phpldapadmin/phpldapadmin/templates/template_header.php,v 1.6.4.7 2007/03/18 03:23:26 wurley Exp $
// $Header: /cvsroot/phpldapadmin/phpldapadmin/templates/Attic/template_header.php,v 1.6.4.7 2007/03/18 03:23:26 wurley Exp $
/**
* Header page for engine.