summaryrefslogtreecommitdiff
path: root/www/admin
diff options
context:
space:
mode:
authorGunnar Wrobel <wrobel@pardus.de>2010-01-11 09:30:11 (GMT)
committerGunnar Wrobel <wrobel@pardus.de>2010-01-11 09:30:11 (GMT)
commitd90a77e0495d85fb95747859646624cf78108985 (patch)
treef8629d2d47db18f07543f1b95c9bf007e3141aa8 /www/admin
parent1bec83373c38efe400a1a56c0e6c334f753f99d9 (diff)
downloadkolab-webadmin-d90a77e0495d85fb95747859646624cf78108985.tar.gz
MFB: kolab/issue3499 (Kolab web admin does not use LDAP escaping)
Diffstat (limited to 'www/admin')
-rw-r--r--www/admin/addressbook/addr.php.in6
-rw-r--r--www/admin/administrator/admin.php.in6
-rw-r--r--www/admin/distributionlist/list.php.in8
-rw-r--r--www/admin/domainmaintainer/domainmaintainer.php.in6
-rw-r--r--www/admin/maintainer/maintainer.php.in6
-rw-r--r--www/admin/sharedfolder/sf.php.in6
-rw-r--r--www/admin/user/user.php.in8
7 files changed, 23 insertions, 23 deletions
diff --git a/www/admin/addressbook/addr.php.in b/www/admin/addressbook/addr.php.in
index 84f0c27..bb70ecf 100644
--- a/www/admin/addressbook/addr.php.in
+++ b/www/admin/addressbook/addr.php.in
@@ -163,7 +163,7 @@ if( !$errors ) {
if ($action == "save") {
if (!$errors) {
- if (!empty($ldap_object['cn'])) $newdn = "cn=".$ldap_object['cn'].",".$addressbook_root;
+ if (!empty($ldap_object['cn'])) $newdn = "cn=".$ldap->dn_escape($ldap_object['cn']).",".$addressbook_root;
else $newdn = $dn;
debug("action=save, dn=$dn, newdn=$newdn<br/>\n");
if (strcmp($dn,$newdn) != 0) {
@@ -185,7 +185,7 @@ if( !$errors ) {
foreach( $ldap_object as $k => $v ) if( $v == array() ) unset( $ldap_object[$k] );
// Try to rename the object
- if (!ldap_rename($ldap->connection, $dn, "cn=" . $ldap_object['cn'], $addressbook_root, true)) {
+ if (!ldap_rename($ldap->connection, $dn, "cn=" . $ldap->dn_escape($ldap_object['cn']), $addressbook_root, true)) {
array_push($errors, sprintf(_("LDAP Error: could not rename %s to %s: %s"), $dn,
$newdn, ldap_error($ldap->connection)));
}
@@ -221,7 +221,7 @@ if( !$errors ) {
}
} else {
if (!$errors) {
- $dn = "cn=".$ldap_object['cn'].",".$addressbook_root;
+ $dn = "cn=".$ldap->dn_escape($ldap_object['cn']).",".$addressbook_root;
foreach( $ldap_object as $k => $v ) if( $v == array() ) unset( $ldap_object[$k] );
if ($dn && !ldap_add($ldap->connection, $dn, $ldap_object)) {
array_push($errors, sprintf(_("LDAP Error: could not add object %s: %s"), $dn,
diff --git a/www/admin/administrator/admin.php.in b/www/admin/administrator/admin.php.in
index 1c2aced..74ed95b 100644
--- a/www/admin/administrator/admin.php.in
+++ b/www/admin/administrator/admin.php.in
@@ -197,7 +197,7 @@ switch( $action ) {
if ($action == "save") {
if (!$errors) {
- if (!empty($ldap_object['cn'])) $newdn = "cn=".$ldap_object['cn'].",cn=internal,".$domain_dn;
+ if (!empty($ldap_object['cn'])) $newdn = "cn=".$ldap->dn_escape($ldap_object['cn']).",cn=internal,".$domain_dn;
else $newdn = $dn;
if (!$visible && !strstr($newdn,$dn_add)) {
list($cn,$rest) = split(',', $newdn, 2);
@@ -212,7 +212,7 @@ switch( $action ) {
$ldap_object['userPassword'] = $oldattrs['userPassword'][0];
// Try to rename the object
- if (!ldap_rename($ldap->connection, $dn, "cn=" . $ldap_object['cn'], "cn=internal,".$domain_dn, true)) {
+ if (!ldap_rename($ldap->connection, $dn, "cn=" . $ldap->dn_escape($ldap_object['cn']), "cn=internal,".$domain_dn, true)) {
array_push($errors, sprintf(_("LDAP Error: could not rename %s to %s: %s"), $dn,
$newdn, ldap_error($ldap->connection)));
}
@@ -249,7 +249,7 @@ switch( $action ) {
} else {
// firstsave
if (!$errors) {
- $dn = "cn=".$ldap_object['cn'].",cn=internal,".$domain_dn;
+ $dn = "cn=".$ldap->dn_escape($ldap_object['cn']).",cn=internal,".$domain_dn;
debug("Calling ldap_add with dn=$dn");
// Add object to db
if ($dn && !ldap_add($ldap->connection, $dn, $ldap_object))
diff --git a/www/admin/distributionlist/list.php.in b/www/admin/distributionlist/list.php.in
index 58ea132..8b38c6b 100644
--- a/www/admin/distributionlist/list.php.in
+++ b/www/admin/distributionlist/list.php.in
@@ -184,7 +184,7 @@ if( !$errors ) {
if ($action == "save") {
if (!$errors) {
- if (!empty($ldap_object['cn'])) $newdn = "cn=".$ldap_object['cn'].",".$dl_root;
+ if (!empty($ldap_object['cn'])) $newdn = "cn=".$ldap->dn_escape($ldap_object['cn']).",".$dl_root;
else $newdn = $dn;
if (strcmp($dn,$newdn) != 0) {
if (($result=ldap_read($ldap->connection,$dn,"(objectclass=*)")) &&
@@ -192,7 +192,7 @@ if( !$errors ) {
($oldattrs=ldap_get_attributes($ldap->connection,$entry))) {
// Try to rename the object
- if (!ldap_rename($ldap->connection, $dn, "cn=" . $ldap_object['cn'], $dl_root, true)) {
+ if (!ldap_rename($ldap->connection, $dn, "cn=" . $ldap->dn_escape($ldap_object['cn']), $dl_root, true)) {
array_push($errors, sprintf(_("LDAP Error: could not rename %s to %s: %s"), $dn,
$newdn, ldap_error($ldap->connection)));
}
@@ -226,7 +226,7 @@ if( !$errors ) {
// firstsave
if (!$errors) {
if( !$ldap_object['member'] ) unset($ldap_object['member']);
- $dn = "cn=".$ldap_object['cn'].",".$dl_root;
+ $dn = "cn=".$ldap->dn_escape($ldap_object['cn']).",".$dl_root;
if ($dn && !ldap_add($ldap->connection, $dn, $ldap_object)) {
array_push($errors, sprintf( _("LDAP Error: Could not add object %s: %s"), $dn,
ldap_error($ldap->connection)));
@@ -242,7 +242,7 @@ if( !$errors ) {
if( $ldap->countMail( $_SESSION['base_dn'], $ldap_object['cn'].'@'.$domain, $dn ) > 0 ) {
// Ups!!!
$cn = $ldap_object['cn'];
- $newcn = md5sum( $dn.$cn );
+ $newcn = md5( $dn.$cn );
$ldap_object['cn'] = $newcn;
$ldap_object['dn'] = 'cn='.$ldap->escape($newcn).','.$dl_root;
if (!ldap_rename($ldap->connection, $dn, 'cn='.$ldap->escape($newcn), $dl_root,true)) {
diff --git a/www/admin/domainmaintainer/domainmaintainer.php.in b/www/admin/domainmaintainer/domainmaintainer.php.in
index a48fb9c..13d7e26 100644
--- a/www/admin/domainmaintainer/domainmaintainer.php.in
+++ b/www/admin/domainmaintainer/domainmaintainer.php.in
@@ -181,7 +181,7 @@ switch( $action ) {
if ($action == "save") {
if (!$errors) {
- if (!empty($ldap_object['cn'])) $newdn = "cn=".$ldap_object['cn'].",cn=internal,".$domain_dn;
+ if (!empty($ldap_object['cn'])) $newdn = "cn=".$ldap->dn_escape($ldap_object['cn']).",cn=internal,".$domain_dn;
else $newdn = $dn;
if (!$visible && !strstr($newdn,$dn_add)) {
list($cn,$rest) = split(',', $newdn, 2);
@@ -196,7 +196,7 @@ switch( $action ) {
$ldap_object['userPassword'] = $oldattrs['userPassword'][0];
// Try to rename the object
- if (!ldap_rename($ldap->connection, $dn, "cn=" . $ldap_object['cn'], "cn=internal,".$domain_dn, true)) {
+ if (!ldap_rename($ldap->connection, $dn, "cn=" . $ldap->dn_escape($ldap_object['cn']), "cn=internal,".$domain_dn, true)) {
array_push($errors, sprintf(_("LDAP Error: could not rename %s to %s: %s"), $dn,
$newdn, ldap_error($ldap->connection)));
}
@@ -255,7 +255,7 @@ switch( $action ) {
} else {
// firstsave
if (!$errors) {
- $dn = "cn=".$ldap_object['cn'].",cn=internal,".$domain_dn;
+ $dn = "cn=".$ldap->dn_escape($ldap_object['cn']).",cn=internal,".$domain_dn;
debug("Calling ldap_add with dn=$dn");
if ($dn && !ldap_add($ldap->connection, $dn, $ldap_object))
array_push($errors, sprintf(_("LDAP Error: could not add object %s: %s"), $dn,
diff --git a/www/admin/maintainer/maintainer.php.in b/www/admin/maintainer/maintainer.php.in
index 853962e..35b521e 100644
--- a/www/admin/maintainer/maintainer.php.in
+++ b/www/admin/maintainer/maintainer.php.in
@@ -194,7 +194,7 @@ switch( $action ) {
if ($action == "save") {
if (!$errors) {
- if (!empty($ldap_object['cn'])) $newdn = "cn=".$ldap_object['cn'].",cn=internal,".$domain_dn;
+ if (!empty($ldap_object['cn'])) $newdn = "cn=".$ldap->dn_escape($ldap_object['cn']).",cn=internal,".$domain_dn;
else $newdn = $dn;
if (!$visible && !strstr($newdn,$dn_add)) {
list($cn,$rest) = split(',', $newdn, 2);
@@ -209,7 +209,7 @@ switch( $action ) {
$ldap_object['userPassword'] = $oldattrs['userPassword'][0];
// Try to rename the object
- if (!ldap_rename($ldap->connection, $dn, "cn=" . $ldap_object['cn'], "cn=internal,".$domain_dn, true)) {
+ if (!ldap_rename($ldap->connection, $dn, "cn=" . $ldap->dn_escape($ldap_object['cn']), "cn=internal,".$domain_dn, true)) {
array_push($errors, sprintf(_("LDAP Error: could not rename %s to %s: %s"), $dn,
$newdn, ldap_error($ldap->connection)));
}
@@ -251,7 +251,7 @@ switch( $action ) {
} else {
// firstsave
if (!$errors) {
- $dn = "cn=".$ldap_object['cn'].",cn=internal,".$domain_dn;
+ $dn = "cn=".$ldap->dn_escape($ldap_object['cn']).",cn=internal,".$domain_dn;
debug("Calling ldap_add with dn=$dn");
if ($dn && !ldap_add($ldap->connection, $dn, $ldap_object))
array_push($errors, sprintf( _("LDAP Error: could not add object %s: %s"), $dn,
diff --git a/www/admin/sharedfolder/sf.php.in b/www/admin/sharedfolder/sf.php.in
index 018726b..38757dc 100644
--- a/www/admin/sharedfolder/sf.php.in
+++ b/www/admin/sharedfolder/sf.php.in
@@ -215,7 +215,7 @@ if( !$errors ) {
if ($action == "save") {
if (!$errors) {
- if (!empty($ldap_object['cn'])) $newdn = "cn=".$ldap_object['cn'].",".$sf_root;
+ if (!empty($ldap_object['cn'])) $newdn = "cn=".$ldap->dn_escape($ldap_object['cn']).",".$sf_root;
else $newdn = $dn;
if (strcmp($dn,$newdn) != 0) {
if (($result=ldap_read($ldap->connection,$dn,"(objectclass=*)")) &&
@@ -223,7 +223,7 @@ if( !$errors ) {
($oldattrs=ldap_get_attributes($ldap->connection,$entry))) {
// Try to rename the object
- if (!ldap_rename($ldap->connection, $dn, "cn=" . $ldap_object['cn'], $sf_root, true)) {
+ if (!ldap_rename($ldap->connection, $dn, "cn=" . $ldap->dn_escape($ldap_object['cn']), $sf_root, true)) {
array_push($errors, sprintf(_("LDAP Error: could not rename %s to %s: %s"), $dn,
$newdn, ldap_error($ldap->connection)));
}
@@ -255,7 +255,7 @@ if( !$errors ) {
}
} else {
if (!$errors) {
- $dn = "cn=".$ldap_object['cn'].",".$sf_root;
+ $dn = "cn=".$ldap->dn_escape($ldap_object['cn']).",".$sf_root;
$ldap_object['kolabHomeServer'] = trim($_POST['kolabhomeserver']);
if ($dn && !ldap_add($ldap->connection, $dn, $ldap_object))
array_push($errors, sprintf(_("LDAP Error: could not add object %s: %s"), $dn,
diff --git a/www/admin/user/user.php.in b/www/admin/user/user.php.in
index a950a88..3c48400 100644
--- a/www/admin/user/user.php.in
+++ b/www/admin/user/user.php.in
@@ -613,7 +613,7 @@ switch( $action ) {
if ( !$errors ) {
// Try to rename the object
- if (!ldap_rename($ldap->connection, $dn, "cn=" . $ldap_object['cn'], $domain_dn, true)) {
+ if (!ldap_rename($ldap->connection, $dn, "cn=" . $ldap->dn_escape($ldap_object['cn']), $domain_dn, true)) {
array_push($errors, sprintf(_("LDAP Error: could not rename %s to %s: %s"), $dn,
$newdn, ldap_error($ldap->connection)));
}
@@ -656,7 +656,7 @@ switch( $action ) {
if( $ldap->countMail( $_SESSION['base_dn'], $alias, $dn ) > 0 ) {
// Ups!!!
$alias = $ldap_object['alias'][$i];
- $newalias = md5sum( $dn.$alias ).'@'.substr( $alias, 0, strpos( $alias, '@' ) );
+ $newalias = md5( $dn.$alias ).'@'.substr( $alias, 0, strpos( $alias, '@' ) );
$ldap_object['alias'][$i] = $newalias;
if (!ldap_modify($ldap->connection, $dn, $ldap_object)) {
$errors[] = sprintf(_("LDAP Error: Could not modify object %s: %s"), $dn,
@@ -693,7 +693,7 @@ switch( $action ) {
if( $ldap->countMail( $_SESSION['base_dn'], $ldap_object['mail'], $dn ) > 0 ) {
// Ups!!!
$mail = $ldap_object['mail'];
- $newmail = md5sum( $dn.$mail ).'@'.substr( $mail, 0, strpos( $mail, '@' ) );
+ $newmail = md5( $dn.$mail ).'@'.substr( $mail, 0, strpos( $mail, '@' ) );
$ldap_object['uid'] = $ldap_object['mail'] = $newmail;
if (!ldap_modify($ldap->connection, $dn, $ldap_object)) {
$errors[] = sprintf(_("LDAP Error: Could not modify object %s: %s"), $dn,
@@ -708,7 +708,7 @@ switch( $action ) {
if( $ldap->countMail( $_SESSION['base_dn'], $alias, $dn ) > 0 ) {
// Ups!!!
$alias = $ldap_object['alias'][$i];
- $newalias = md5sum( $dn.$alias ).'@'.substr( $alias, 0, strpos( $alias, '@' ) );
+ $newalias = md5( $dn.$alias ).'@'.substr( $alias, 0, strpos( $alias, '@' ) );
$ldap_object['alias'][$i] = $newalias;
if (!ldap_modify($ldap->connection, $dn, $ldap_object)) {
$errors[] = sprintf(_("LDAP Error: Could not modify object %s: %s"), $dn,