WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

added check if object is in correct suffix

This commit is contained in:
Roland Gruber 2014-08-12 18:24:59 +00:00
parent f45c84b253
commit 0d9a99b22b
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lam/templates/account/edit.php
View File

@ -4,7 +4,7 @@ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2006 Tilo Lutz Copyright (C) 2003 - 2006 Tilo Lutz
2005 - 2013 Roland Gruber 2005 - 2014 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -74,6 +74,11 @@ if (isset($_GET['DN'])) {
$DN = substr($DN, 0, -1); $DN = substr($DN, 0, -1);
} }
} }
$suffix = $_SESSION['config']->get_Suffix($type);
if (strpos($DN, $suffix) !== (strlen($DN) - strlen($suffix))) {
logNewMessage(LOG_ERR, 'User tried to access entry of type ' . $type . ' outside suffix ' . $suffix);
die();
}
$_SESSION['account'] = new accountContainer($type, 'account'); $_SESSION['account'] = new accountContainer($type, 'account');
$result = $_SESSION['account']->load_account($DN); $result = $_SESSION['account']->load_account($DN);
if (sizeof($result) > 0) { if (sizeof($result) > 0) {