gunnar: server/kolab-webadmin/kolab-webadmin/www/admin/addressbook addr.php.in, 1.10.2.1, 1.10.2.2

cvs at kolab.org cvs at kolab.org
Thu Dec 3 22:08:30 CET 2009


Author: gunnar

Update of /kolabrepository/server/kolab-webadmin/kolab-webadmin/www/admin/addressbook
In directory doto:/tmp/cvs-serv754/kolab-webadmin/www/admin/addressbook

Modified Files:
      Tag: kolab_2_2_branch
	addr.php.in 
Log Message:
 kolab/issue3499 (Kolab web admin does not use LDAP escaping)

Index: addr.php.in
===================================================================
RCS file: /kolabrepository/server/kolab-webadmin/kolab-webadmin/www/admin/addressbook/addr.php.in,v
retrieving revision 1.10.2.1
retrieving revision 1.10.2.2
diff -u -d -r1.10.2.1 -r1.10.2.2
--- addr.php.in	14 May 2009 14:36:02 -0000	1.10.2.1
+++ addr.php.in	3 Dec 2009 21:08:28 -0000	1.10.2.2
@@ -163,7 +163,7 @@
 
 		if ($action == "save") {
 		  if (!$errors) {
-			if (!empty($ldap_object['cn'])) $newdn = "cn=".$ldap_object['cn'].",".$addressbook_root;
+			if (!empty($ldap_object['cn'])) $newdn = "cn=".$ldap->dn_escape($ldap_object['cn']).",".$addressbook_root;
 			else $newdn = $dn;
 			debug("action=save, dn=$dn, newdn=$newdn<br/>\n");
 			if (strcmp($dn,$newdn) != 0) {
@@ -185,7 +185,7 @@
 				  foreach( $ldap_object as $k => $v ) if( $v == array() ) unset( $ldap_object[$k] );
 
 				  // Try to rename the object
-				  if (!ldap_rename($ldap->connection, $dn, "cn=" . $ldap_object['cn'], $addressbook_root, true)) {
+				  if (!ldap_rename($ldap->connection, $dn, "cn=" . $ldap->dn_escape($ldap_object['cn']), $addressbook_root, true)) {
 					array_push($errors, sprintf(_("LDAP Error: could not rename %s to %s: %s"), $dn,
 												$newdn, ldap_error($ldap->connection)));
 				  }
@@ -221,7 +221,7 @@
 		  } 
 		} else {
 		  if (!$errors) {
-			$dn = "cn=".$ldap_object['cn'].",".$addressbook_root;
+			$dn = "cn=".$ldap->dn_escape($ldap_object['cn']).",".$addressbook_root;
 			foreach( $ldap_object as $k => $v ) if( $v == array() ) unset( $ldap_object[$k] );
 			if ($dn && !ldap_add($ldap->connection, $dn, $ldap_object)) {
 			  array_push($errors, sprintf(_("LDAP Error: could not add object %s: %s"), $dn,





More information about the commits mailing list