gunnar: server/kolab-webadmin/kolab-webadmin/php/admin/include ldap.class.php.in, 1.1.2.3, 1.1.2.4
cvs at kolab.org
cvs at kolab.org
Thu Dec 3 22:08:30 CET 2009
Author: gunnar
Update of /kolabrepository/server/kolab-webadmin/kolab-webadmin/php/admin/include
In directory doto:/tmp/cvs-serv754/kolab-webadmin/php/admin/include
Modified Files:
Tag: kolab_2_2_branch
ldap.class.php.in
Log Message:
kolab/issue3499 (Kolab web admin does not use LDAP escaping)
Index: ldap.class.php.in
===================================================================
RCS file: /kolabrepository/server/kolab-webadmin/kolab-webadmin/php/admin/include/ldap.class.php.in,v
retrieving revision 1.1.2.3
retrieving revision 1.1.2.4
diff -u -d -r1.1.2.3 -r1.1.2.4
--- ldap.class.php.in 3 Dec 2009 20:34:31 -0000 1.1.2.3
+++ ldap.class.php.in 3 Dec 2009 21:08:28 -0000 1.1.2.4
@@ -96,21 +96,53 @@
return $str;
}
- function dn_escape( $str ) {
- /*
- DN component escaping as described in RFC-2253
- */
- $str = str_replace( '\\', '\\\\', $str );
- $str = str_replace( ',', '\\,', $str );
- $str = str_replace( '+', '\\,', $str );
- $str = str_replace( '<', '\\<', $str );
- $str = str_replace( '>', '\\>', $str );
- $str = str_replace( ';', '\\;', $str );
- if( $str[0] == '#' ) $str = '\\'.$str;
- // PENDING(steffen): Escape leading/trailing spaces
- return $str;
+ // Taken from PEAR_Net_LDAP2
+ public function dn_escape($val)
+ {
+ // Escaping of filter meta characters
+ $val = str_replace('\\', '\\\\', $val);
+ $val = str_replace(',', '\,', $val);
+ $val = str_replace('+', '\+', $val);
+ $val = str_replace('"', '\"', $val);
+ $val = str_replace('<', '\<', $val);
+ $val = str_replace('>', '\>', $val);
+ $val = str_replace(';', '\;', $val);
+ $val = str_replace('#', '\#', $val);
+ $val = str_replace('=', '\=', $val);
+
+ // ASCII < 32 escaping
+ $val = KolabLDAP::asc2hex32($val);
+
+ // Convert all leading and trailing spaces to sequences of \20.
+ if (preg_match('/^(\s*)(.+?)(\s*)$/', $val, $matches)) {
+ $val = $matches[2];
+ for ($i = 0; $i < strlen($matches[1]); $i++) {
+ $val = '\20'.$val;
+ }
+ for ($i = 0; $i < strlen($matches[3]); $i++) {
+ $val = $val.'\20';
+ }
+ }
+
+ if (null === $val) $val = '\0'; // apply escaped "null" if string is empty
+
+ return $val;
}
-
+
+ // Taken from PEAR_Net_LDAP2
+ public function asc2hex32($string)
+ {
+ for ($i = 0; $i < strlen($string); $i++) {
+ $char = substr($string, $i, 1);
+ if (ord($char) < 32) {
+ $hex = dechex(ord($char));
+ if (strlen($hex) == 1) $hex = '0'.$hex;
+ $string = str_replace($char, '\\'.$hex, $string);
+ }
+ }
+ return $string;
+ }
+
// Taken from PEAR_Net_LDAP2
function unescape_dn_value($val)
More information about the commits
mailing list