gunnar: server/kolab-webadmin/kolab-webadmin/www/admin/user user.php.in, 1.28, 1.29

cvs at kolab.org cvs at kolab.org
Mon Jan 11 10:30:13 CET 2010 

Author: gunnar

Update of /kolabrepository/server/kolab-webadmin/kolab-webadmin/www/admin/user
In directory doto:/tmp/cvs-serv970/kolab-webadmin/www/admin/user

Modified Files:
	user.php.in 
Log Message:
MFB: kolab/issue3499 (Kolab web admin does not use LDAP escaping)

Index: user.php.in
===================================================================
RCS file: /kolabrepository/server/kolab-webadmin/kolab-webadmin/www/admin/user/user.php.in,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -d -r1.28 -r1.29
--- user.php.in	4 Mar 2008 18:12:03 -0000	1.28
+++ user.php.in	11 Jan 2010 09:30:11 -0000	1.29
@@ -613,7 +613,7 @@
 
 			   if ( !$errors ) {
 				 // Try to rename the object
-				 if (!ldap_rename($ldap->connection, $dn, "cn=" . $ldap_object['cn'], $domain_dn, true)) {
+				 if (!ldap_rename($ldap->connection, $dn, "cn=" . $ldap->dn_escape($ldap_object['cn']), $domain_dn, true)) {
 				   array_push($errors, sprintf(_("LDAP Error: could not rename %s to %s: %s"), $dn,
 											   $newdn, ldap_error($ldap->connection)));
 				 }
@@ -656,7 +656,7 @@
 			 if( $ldap->countMail( $_SESSION['base_dn'], $alias, $dn ) > 0 ) {
 			   // Ups!!!
 			   $alias = $ldap_object['alias'][$i];
-			   $newalias = md5sum( $dn.$alias ).'@'.substr( $alias, 0, strpos( $alias, '@' ) );
+			   $newalias = md5( $dn.$alias ).'@'.substr( $alias, 0, strpos( $alias, '@' ) );
 			   $ldap_object['alias'][$i] = $newalias;
 			   if (!ldap_modify($ldap->connection, $dn, $ldap_object)) {
 				 $errors[] = sprintf(_("LDAP Error: Could not modify object %s: %s"), $dn, 
@@ -693,7 +693,7 @@
 		   if( $ldap->countMail( $_SESSION['base_dn'], $ldap_object['mail'], $dn ) > 0 ) {
 			 // Ups!!!
 			 $mail = $ldap_object['mail'];
-			 $newmail = md5sum( $dn.$mail ).'@'.substr( $mail, 0, strpos( $mail, '@' ) );
+			 $newmail = md5( $dn.$mail ).'@'.substr( $mail, 0, strpos( $mail, '@' ) );
 			 $ldap_object['uid'] = $ldap_object['mail'] = $newmail;
 			 if (!ldap_modify($ldap->connection, $dn, $ldap_object)) {
 			   $errors[] = sprintf(_("LDAP Error: Could not modify object %s: %s"), $dn, 
@@ -708,7 +708,7 @@
 			 if( $ldap->countMail( $_SESSION['base_dn'], $alias, $dn ) > 0 ) {
 			   // Ups!!!
 			   $alias = $ldap_object['alias'][$i];
-			   $newalias = md5sum( $dn.$alias ).'@'.substr( $alias, 0, strpos( $alias, '@' ) );
+			   $newalias = md5( $dn.$alias ).'@'.substr( $alias, 0, strpos( $alias, '@' ) );
 			   $ldap_object['alias'][$i] = $newalias;
 			   if (!ldap_modify($ldap->connection, $dn, $ldap_object)) {
 				 $errors[] = sprintf(_("LDAP Error: Could not modify object %s: %s"), $dn,

More information about the commits mailing list