From c3713350e292137d7f5143eacc9a25526606340e Mon Sep 17 00:00:00 2001 From: Deon George Date: Tue, 30 Jun 2009 20:28:51 +1000 Subject: [PATCH] RELEASE 0.9.8.5 --- htdocs/create_form.php | 2 +- htdocs/css/style.css | 24 ++++++++--------- htdocs/entry_chooser.php | 6 +++-- htdocs/help.php | 2 +- htdocs/login_form.php | 18 +++++++------ htdocs/rename.php | 6 ++--- htdocs/template_engine.php | 49 ++++++++++++++++++++++++++++++----- htdocs/tree.php | 2 +- htdocs/update.php | 25 +++++++++++------- htdocs/update_confirm.php | 12 ++++----- lib/functions.php | 49 +++++++++++++++++++++++++++-------- lib/server_functions.php | 8 +++--- lib/tree_functions.php | 2 +- templates/creation/custom.php | 2 +- templates/template_header.php | 2 +- 15 files changed, 141 insertions(+), 68 deletions(-) diff --git a/htdocs/create_form.php b/htdocs/create_form.php index 4228cc8..2ed0dd6 100644 --- a/htdocs/create_form.php +++ b/htdocs/create_form.php @@ -1,5 +1,5 @@ ', $ldapserver->server_id,$return_form_element,$rdn,rawurlencode($dn)); diff --git a/htdocs/help.php b/htdocs/help.php index 8aa6af6..77d9840 100644 --- a/htdocs/help.php +++ b/htdocs/help.php @@ -1,5 +1,5 @@
-isAnonBindAllowed() ) { ?> - - - - - - +
diff --git a/htdocs/rename.php b/htdocs/rename.php index 37f3f7f..ea1a663 100644 --- a/htdocs/rename.php +++ b/htdocs/rename.php @@ -1,5 +1,5 @@ $ldapserver->server_id,'old_dn'=>$dn,'new_dn'=>$new_dn_value)); +$success = run_hook('pre_rename_entry',array('server_id'=>$ldapserver->server_id,'old_dn'=>dn_escape($dn),'new_dn'=>dn_escape($new_dn_value))); if ($success) { $success = false; $deleteoldrdn = $old_dn_attr == $new_dn_attr; - $success = $ldapserver->rename($dn,$new_rdn,$container,$deleteoldrdn); + $success = $ldapserver->rename(dn_escape($dn),dn_escape($new_rdn),$container,$deleteoldrdn); } else { pla_error(_('Could not rename the entry') ); diff --git a/htdocs/template_engine.php b/htdocs/template_engine.php index 05226f6..2f64b37 100644 --- a/htdocs/template_engine.php +++ b/htdocs/template_engine.php @@ -1,5 +1,5 @@ haveAuthInfo()) pla_error(_('Not enough information to login to server. Please check your configuration.')); - $ldapserver->dnExists($dn) + $ldapserver->dnExists(dn_escape($dn)) or pla_error(sprintf(_('No such entry: %s'),pretty_print_dn($dn))); $rdn = get_rdn($dn); @@ -870,15 +870,46 @@ foreach ($template['attrs'] as $attr => $vals) { echo ''; - } else + } else { + if (is_dn_string($val) || $ldapserver->isDNAttr($attr)) + + if ($ldapserver->dnExists($val)) { + printf('Go %s ', + htmlspecialchars($val),$ldapserver->server_id, + rawurlencode($val),dn_unescape($val)); + } else { + printf('N/E %s ', + htmlspecialchars($val),$ldapserver->server_id, + rawurlencode($val),dn_unescape($val)); + } + + elseif (is_mail_string($val)) + printf('Mail %s ', + htmlspecialchars($val),$val); + + elseif (is_url_string($val)) + printf(' %s ', + htmlspecialchars($val),$val); + + else echo htmlspecialchars($val).'
'; + + } } } if (! strcasecmp($attr,'userPassword') && isset($user_password)) printf('%s',base64_encode($user_password),_('Check password...')); - if (preg_match("/^${attr}=/",$rdn)) + if (preg_match("/^${attr}=/",$rdn) && + !($ldapserver->isReadOnly() || $ldapserver->isAttrReadOnly($attr))) printf('(%s)',$rename_href,_('rename')); echo ''; @@ -1038,9 +1069,9 @@ foreach ($template['attrs'] as $attr => $vals) { printf('URL ',htmlspecialchars($val)); if ($ldapserver->isMultiLineAttr($attr,$val)) - printf('',$input_name,$input_id,htmlspecialchars($val)); + printf('',$input_name,$input_id,htmlspecialchars(dn_unescape($val))); else - printf(' ',$input_name,$input_id,htmlspecialchars($val)); + printf(' ',$input_name,$input_id,htmlspecialchars(dn_unescape($val))); /* draw a link for popping up the entry browser if this is the type of attribute that houses DNs. */ @@ -1071,8 +1102,12 @@ foreach ($template['attrs'] as $attr => $vals) { $description = isset($group['description']) ? $group['description'] : null; - if ($description) + if (is_array($description)) { + foreach ($description as $item) + printf(' (%s)',htmlspecialchars($item)); + } else { printf(' (%s)',htmlspecialchars($description)); + } echo ''; } diff --git a/htdocs/tree.php b/htdocs/tree.php index 8488954..9ed9a68 100644 --- a/htdocs/tree.php +++ b/htdocs/tree.php @@ -1,5 +1,5 @@ $ldapserver->server_id,'dn'=>$dn,'update_array'=>$update_array)); # Check for delete attributes (indicated by the attribute entry appearing like this: attr => '' -foreach ($update_array as $attr => $val) - if (! is_array($val)) +foreach ($update_array as $attr => $val) { + if (! is_array($val)) { if (array_key_exists($attr,$skip_array)) unset($update_array[$attr]); - elseif ($val == '') $update_array[$attr] = array(); # Skip change - else + else { + if (is_dn_string($val) || $ldapserver->isDNAttr($attr)) + $val=dn_escape($val); $update_array[$attr] = $val; - - else + } + } else { if (array_key_exists($attr,$skip_array)) unset($update_array[$attr]); else - foreach ($val as $i => $v) + foreach ($val as $i => $v) { + if (is_dn_string($v) || $ldapserver->isDNAttr($attr)) + $v=dn_escape($v); $update_array[$attr][$i] = $v; + } + } +} +run_hook ('pre_update',array('server_id'=>$ldapserver->server_id,'dn'=>$dn,'update_array'=>$update_array)); +#die(); /* Call the custom callback for each attribute modification and verify that it should be modified.*/ diff --git a/htdocs/update_confirm.php b/htdocs/update_confirm.php index c50b5ff..03ca4af 100644 --- a/htdocs/update_confirm.php +++ b/htdocs/update_confirm.php @@ -1,5 +1,5 @@ 0) { if (obfuscate_password_display(get_enc_type($old_values[$attr][$key]))) echo preg_replace('/./','*',$old_values[$attr][$key]).'
'; else - echo nl2br(htmlspecialchars($old_values[$attr][$key])).'
'; + echo nl2br(htmlspecialchars(dn_unescape($old_values[$attr][$key]))).'
'; } } elseif (is_array($old_values[$attr])) foreach ($old_values[$attr] as $v) - echo nl2br(htmlspecialchars($v)).'
'; + echo nl2br(htmlspecialchars(dn_unescape($v))).'
'; else - echo nl2br(htmlspecialchars($old_values[$attr])).'
'; + echo nl2br(htmlspecialchars(dn_unescape($old_values[$attr]))).'
'; echo ''; echo ''; @@ -172,7 +172,7 @@ if (count($update_array) > 0) { if (obfuscate_password_display(get_enc_type($new_val[$key]))) echo preg_replace('/./','*',$new_val[$key]).'
'; else - echo htmlspecialchars($new_val[$key]).'
'; + echo htmlspecialchars(dn_unescape($new_val[$key])).'
'; } } @@ -185,7 +185,7 @@ if (count($update_array) > 0) { $update_array[$attr] = array_values($update_array[$attr]); } else { - echo nl2br(htmlspecialchars($v)).'
'; + echo nl2br(htmlspecialchars(dn_unescape($v))).'
'; } } } diff --git a/lib/functions.php b/lib/functions.php index 1d67faa..abb726b 100644 --- a/lib/functions.php +++ b/lib/functions.php @@ -1,5 +1,5 @@ " / "#" / ";" + # Check if the RDN has special chars escape them. + # - only simplest cases are dealt with + # TODO: '=' unhandled + # ';' may be used instead of ',' but its use is discouraged + while (preg_match('/([^\\\\])[;,](\s*[^=]*\s*)([;,]|$)/',$dn)) { + $dn = preg_replace('/([^\\\\]),(\s*[^=]*\s*)([;,]|$)/','$1\\\\2c$2$3',$dn); + $dn = preg_replace('/([^\\\\]);(\s*[^=]*\s*)([;,]|$)/','$1\\\\3b$2$3',$dn); + } + $dn = preg_replace('/([^\\\\])\+/','$1\\\\2b',$dn); + $dn = preg_replace('/([^\\\\])"/','$1\\\\22',$dn); + $dn = preg_replace('/([^\\\\])#([^0-9a-f]|$)/i','$1\\\\23$2',$dn); + $dn = preg_replace('/([^\\\\])>/','$1\\\\3e',$dn); + $dn = preg_replace('/([^\\\\]) $branch) { // pla_expode_dn returns the array with an extra count attribute, we can ignore that. @@ -2274,8 +2301,8 @@ function shadow_date( $attrs, $attr) { if (DEBUG_ENABLED) debug_log('shadow_date(): Entered with (%s,%s)',1,$attrs,$attr); - $shadowLastChange = isset($attrs['shadowLastChange']) ? $attrs['shadowLastChange'][0] : null; - $shadowMax = isset($attrs['shadowMax']) ? $attrs['shadowMax'][0] : null; + $shadowLastChange = isset($attrs['shadowLastChange']) ? $attrs['shadowLastChange'] : null; + $shadowMax = isset($attrs['shadowMax']) ? $attrs['shadowMax'] : null; if( 0 == strcasecmp( $attr, 'shadowLastChange' ) && $shadowLastChange) $shadow_date = $shadowLastChange; diff --git a/lib/server_functions.php b/lib/server_functions.php index 49868d3..b4f60a9 100644 --- a/lib/server_functions.php +++ b/lib/server_functions.php @@ -1,5 +1,5 @@