gunnar: server/kolab-webadmin/kolab-webadmin/www/admin/addressbook addr.php.in, 1.11, 1.12
cvs at kolab.org
cvs at kolab.org
Mon Jan 11 10:30:13 CET 2010
Author: gunnar
Update of /kolabrepository/server/kolab-webadmin/kolab-webadmin/www/admin/addressbook
In directory doto:/tmp/cvs-serv970/kolab-webadmin/www/admin/addressbook
Modified Files:
addr.php.in
Log Message:
MFB: kolab/issue3499 (Kolab web admin does not use LDAP escaping)
Index: addr.php.in
===================================================================
RCS file: /kolabrepository/server/kolab-webadmin/kolab-webadmin/www/admin/addressbook/addr.php.in,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -d -r1.11 -r1.12
--- addr.php.in 14 May 2009 14:35:37 -0000 1.11
+++ addr.php.in 11 Jan 2010 09:30:11 -0000 1.12
@@ -163,7 +163,7 @@
if ($action == "save") {
if (!$errors) {
- if (!empty($ldap_object['cn'])) $newdn = "cn=".$ldap_object['cn'].",".$addressbook_root;
+ if (!empty($ldap_object['cn'])) $newdn = "cn=".$ldap->dn_escape($ldap_object['cn']).",".$addressbook_root;
else $newdn = $dn;
debug("action=save, dn=$dn, newdn=$newdn<br/>\n");
if (strcmp($dn,$newdn) != 0) {
@@ -185,7 +185,7 @@
foreach( $ldap_object as $k => $v ) if( $v == array() ) unset( $ldap_object[$k] );
// Try to rename the object
- if (!ldap_rename($ldap->connection, $dn, "cn=" . $ldap_object['cn'], $addressbook_root, true)) {
+ if (!ldap_rename($ldap->connection, $dn, "cn=" . $ldap->dn_escape($ldap_object['cn']), $addressbook_root, true)) {
array_push($errors, sprintf(_("LDAP Error: could not rename %s to %s: %s"), $dn,
$newdn, ldap_error($ldap->connection)));
}
@@ -221,7 +221,7 @@
}
} else {
if (!$errors) {
- $dn = "cn=".$ldap_object['cn'].",".$addressbook_root;
+ $dn = "cn=".$ldap->dn_escape($ldap_object['cn']).",".$addressbook_root;
foreach( $ldap_object as $k => $v ) if( $v == array() ) unset( $ldap_object[$k] );
if ($dn && !ldap_add($ldap->connection, $dn, $ldap_object)) {
array_push($errors, sprintf(_("LDAP Error: could not add object %s: %s"), $dn,
More information about the commits
mailing list