gunnar: server/kolab-webadmin/kolab-webadmin/www/admin/administrator admin.php.in, 1.8, 1.9

cvs at kolab.org cvs at kolab.org
Mon Jan 11 10:30:13 CET 2010


Author: gunnar

Update of /kolabrepository/server/kolab-webadmin/kolab-webadmin/www/admin/administrator
In directory doto:/tmp/cvs-serv970/kolab-webadmin/www/admin/administrator

Modified Files:
	admin.php.in 
Log Message:
MFB: kolab/issue3499 (Kolab web admin does not use LDAP escaping)

Index: admin.php.in
===================================================================
RCS file: /kolabrepository/server/kolab-webadmin/kolab-webadmin/www/admin/administrator/admin.php.in,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -d -r1.8 -r1.9
--- admin.php.in	21 Nov 2007 18:11:37 -0000	1.8
+++ admin.php.in	11 Jan 2010 09:30:11 -0000	1.9
@@ -197,7 +197,7 @@
 	   
        if ($action == "save") {
 		 if (!$errors) {
-		   if (!empty($ldap_object['cn'])) $newdn = "cn=".$ldap_object['cn'].",cn=internal,".$domain_dn;
+		   if (!empty($ldap_object['cn'])) $newdn = "cn=".$ldap->dn_escape($ldap_object['cn']).",cn=internal,".$domain_dn;
 		   else $newdn = $dn;
 		   if (!$visible && !strstr($newdn,$dn_add)) {
 			 list($cn,$rest) = split(',', $newdn, 2); 
@@ -212,7 +212,7 @@
 				 $ldap_object['userPassword'] = $oldattrs['userPassword'][0];
 
 			   // Try to rename the object
-			   if (!ldap_rename($ldap->connection, $dn, "cn=" . $ldap_object['cn'], "cn=internal,".$domain_dn, true)) {
+			   if (!ldap_rename($ldap->connection, $dn, "cn=" . $ldap->dn_escape($ldap_object['cn']), "cn=internal,".$domain_dn, true)) {
 				 array_push($errors, sprintf(_("LDAP Error: could not rename %s to %s: %s"), $dn,
 											 $newdn, ldap_error($ldap->connection)));
 			   }
@@ -249,7 +249,7 @@
        } else {
 		 // firstsave
 		 if (!$errors) {
-		   $dn = "cn=".$ldap_object['cn'].",cn=internal,".$domain_dn;
+		   $dn = "cn=".$ldap->dn_escape($ldap_object['cn']).",cn=internal,".$domain_dn;
 		   debug("Calling ldap_add with dn=$dn");
 		   // Add object to db
 		   if ($dn && !ldap_add($ldap->connection, $dn, $ldap_object)) 





More information about the commits mailing list