check input
This commit is contained in:
Roland Gruber
parent
0f09b6c6d9
commit
16fc7f7e86
|
|
@ -100,7 +100,7 @@ if (get_request('meth','REQUEST') != 'ajax') {
|
||||||
echo '<input type="hidden" name="cmd" value="update" />';
|
echo '<input type="hidden" name="cmd" value="update" />';
|
||||||
|
|
||||||
printf('<input type="hidden" name="server_id" value="%s" />',$app['server']->getIndex());
|
printf('<input type="hidden" name="server_id" value="%s" />',$app['server']->getIndex());
|
||||||
printf('<input type="hidden" name="dn" value="%s" />',$request['dn']);
|
printf('<input type="hidden" name="dn" value="%s" />',htmlspecialchars($request['dn']));
|
||||||
echo '<input type="hidden" name="binary" value="true" />';
|
echo '<input type="hidden" name="binary" value="true" />';
|
||||||
|
|
||||||
echo '<select name="single_item_attr">';
|
echo '<select name="single_item_attr">';
|
||||||
|
|
|
||||||
|
|
@ -57,7 +57,7 @@ foreach ($ldap['attrs']['need'] as $index => $values)
|
||||||
$ldap['attrs']['need'][$index]->show();
|
$ldap['attrs']['need'][$index]->show();
|
||||||
|
|
||||||
if (count($ldap['attrs']['need']) > 0) {
|
if (count($ldap['attrs']['need']) > 0) {
|
||||||
$request['page']->drawTitle(sprintf(_('Add new object class to <b>%s</b>'),get_rdn($request['dn'])));
|
$request['page']->drawTitle(sprintf(_('Add new object class to <b>%s</b>'),htmlspecialchars(get_rdn($request['dn']))));
|
||||||
$request['page']->drawSubTitle();
|
$request['page']->drawSubTitle();
|
||||||
|
|
||||||
echo '<div style="text-align: center">';
|
echo '<div style="text-align: center">';
|
||||||
|
|
|
||||||
|
|
@ -25,12 +25,12 @@ $request['page']->setDN($request['dn']);
|
||||||
$request['page']->accept();
|
$request['page']->accept();
|
||||||
|
|
||||||
# Render the form
|
# Render the form
|
||||||
$request['page']->drawTitle(sprintf(_('Compare another DN with <b>%s</b>'),get_rdn($request['dn'])));
|
$request['page']->drawTitle(sprintf(_('Compare another DN with <b>%s</b>'),htmlspecialchars(get_rdn($request['dn']))));
|
||||||
$request['page']->drawSubTitle();
|
$request['page']->drawSubTitle();
|
||||||
|
|
||||||
printf('<script type="text/javascript" src="%sdnChooserPopup.js"></script>',JSDIR);
|
printf('<script type="text/javascript" src="%sdnChooserPopup.js"></script>',JSDIR);
|
||||||
echo '<div style="text-align: center;">';
|
echo '<div style="text-align: center;">';
|
||||||
printf('%s <b>%s</b> %s<br />',_('Compare'),get_rdn($request['dn']),_('with '));
|
printf('%s <b>%s</b> %s<br />',_('Compare'),htmlspecialchars(get_rdn($request['dn'])),_('with '));
|
||||||
echo '</div>';
|
echo '</div>';
|
||||||
|
|
||||||
echo '<form action="cmd.php" method="post" id="compare_form">';
|
echo '<form action="cmd.php" method="post" id="compare_form">';
|
||||||
|
|
|
||||||
|
|
@ -24,12 +24,12 @@ $request['page']->setDN($request['dn']);
|
||||||
$request['page']->accept();
|
$request['page']->accept();
|
||||||
|
|
||||||
# Render the form
|
# Render the form
|
||||||
$request['page']->drawTitle(sprintf('%s <b>%s</b>',_('Copy'),get_rdn($request['dn'])));
|
$request['page']->drawTitle(sprintf('%s <b>%s</b>',_('Copy'),htmlspecialchars(get_rdn($request['dn']))));
|
||||||
$request['page']->drawSubTitle();
|
$request['page']->drawSubTitle();
|
||||||
|
|
||||||
printf('<script type="text/javascript" src="%sdnChooserPopup.js"></script>',JSDIR);
|
printf('<script type="text/javascript" src="%sdnChooserPopup.js"></script>',JSDIR);
|
||||||
echo '<div style="text-align: center;">';
|
echo '<div style="text-align: center;">';
|
||||||
printf(_('Copy <b>%s</b> to a new object.') . '<br /><br />',get_rdn($request['dn']));
|
printf(_('Copy <b>%s</b> to a new object.') . '<br /><br />',htmlspecialchars(get_rdn($request['dn'])));
|
||||||
echo '</div>';
|
echo '</div>';
|
||||||
|
|
||||||
echo '<form action="cmd.php" method="post" id="copy_form">';
|
echo '<form action="cmd.php" method="post" id="copy_form">';
|
||||||
|
|
|
||||||
|
|
@ -29,12 +29,12 @@ if ($result) {
|
||||||
|
|
||||||
system_message(array(
|
system_message(array(
|
||||||
'title'=>_('Delete DN'),
|
'title'=>_('Delete DN'),
|
||||||
'body'=>sprintf('<b>' . _('Successfully deleted DN %s') . '</b>',$request['dn']),
|
'body'=>sprintf('<b>' . _('Successfully deleted DN %s') . '</b>',htmlspecialchars($request['dn'])),
|
||||||
'type'=>'info'),
|
'type'=>'info'),
|
||||||
sprintf('index.php?server_id=%s%s',$app['server']->getIndex(),$redirect_url));
|
sprintf('index.php?server_id=%s%s',$app['server']->getIndex(),$redirect_url));
|
||||||
} else
|
} else
|
||||||
system_message(array(
|
system_message(array(
|
||||||
'title'=>_('Could not delete the entry.').sprintf(' (%s)',pretty_print_dn($request['dn'])),
|
'title'=>_('Could not delete the entry.').sprintf(' (%s)',htmlspecialchars(pretty_print_dn($request['dn']))),
|
||||||
'body'=>ldap_error_msg($app['server']->getErrorMessage(null),$app['server']->getErrorNum(null)),
|
'body'=>ldap_error_msg($app['server']->getErrorMessage(null),$app['server']->getErrorNum(null)),
|
||||||
'type'=>'error'));
|
'type'=>'error'));
|
||||||
?>
|
?>
|
||||||
|
|
|
||||||
|
|
@ -24,15 +24,15 @@ $request['template'] = $request['page']->getTemplate();
|
||||||
if (! $request['dn'] || ! $app['server']->dnExists($request['dn']))
|
if (! $request['dn'] || ! $app['server']->dnExists($request['dn']))
|
||||||
system_message(array(
|
system_message(array(
|
||||||
'title'=>_('Entry does not exist'),
|
'title'=>_('Entry does not exist'),
|
||||||
'body'=>sprintf(_('The entry (%s) does not exist.'),$request['dn']),
|
'body'=>sprintf(_('The entry (%s) does not exist.'),htmlspecialchars($request['dn'])),
|
||||||
'type'=>'error'),'index.php');
|
'type'=>'error'),'index.php');
|
||||||
|
|
||||||
# We search all children, not only the visible children in the tree
|
# We search all children, not only the visible children in the tree
|
||||||
$request['children'] = $app['server']->getContainerContents($request['dn'],null,0,'(objectClass=*)',LDAP_DEREF_NEVER);
|
$request['children'] = $app['server']->getContainerContents($request['dn'],null,0,'(objectClass=*)',LDAP_DEREF_NEVER);
|
||||||
|
|
||||||
printf('<h3 class="title">%s %s</h3>',_('Delete'),htmlspecialchars(get_rdn($request['dn'])));
|
printf('<h3 class="title">%s %s</h3>',_('Delete'),htmlspecialchars(htmlspecialchars(get_rdn($request['dn']))));
|
||||||
printf('<h3 class="subtitle">%s: <b>%s</b></h3>',
|
printf('<h3 class="subtitle">%s: <b>%s</b></h3>',
|
||||||
_('DN'),$request['dn']);
|
_('DN'),htmlspecialchars($request['dn']));
|
||||||
echo "\n";
|
echo "\n";
|
||||||
|
|
||||||
echo '<center>';
|
echo '<center>';
|
||||||
|
|
@ -109,7 +109,7 @@ if (count($request['children'])) {
|
||||||
|
|
||||||
printf('<tr><td style="width: 10%%;">%s:</td><td colspan="3" style="width: 75%%;"><b>%s</b></td></tr>',_('Server'),$app['server']->getName());
|
printf('<tr><td style="width: 10%%;">%s:</td><td colspan="3" style="width: 75%%;"><b>%s</b></td></tr>',_('Server'),$app['server']->getName());
|
||||||
printf('<tr><td style="width: 10%%;"><acronym title="%s">%s</acronym></td><td colspan="3" style="width: 75%%;"><b>%s</b></td></tr>',
|
printf('<tr><td style="width: 10%%;"><acronym title="%s">%s</acronym></td><td colspan="3" style="width: 75%%;"><b>%s</b></td></tr>',
|
||||||
_('DN'),_('DN'),$request['dn']);
|
_('DN'),_('DN'),htmlspecialchars($request['dn']));
|
||||||
echo '<tr><td colspan="4"> </td></tr>';
|
echo '<tr><td colspan="4"> </td></tr>';
|
||||||
echo "\n";
|
echo "\n";
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -54,7 +54,7 @@ foreach ($app['server']->getBaseDN() as $base) {
|
||||||
|
|
||||||
usort($possible_values,'pla_compare_dns');
|
usort($possible_values,'pla_compare_dns');
|
||||||
|
|
||||||
$request['page']->drawTitle(sprintf('%s <b>%s</b>',_('Modify group'),get_rdn($request['dn'])));
|
$request['page']->drawTitle(sprintf('%s <b>%s</b>',_('Modify group'),htmlspecialchars(get_rdn($request['dn']))));
|
||||||
$request['page']->drawSubTitle();
|
$request['page']->drawSubTitle();
|
||||||
|
|
||||||
printf(_('There are <b>%s</b> members in group <b>%s</b>:'),
|
printf(_('There are <b>%s</b> members in group <b>%s</b>:'),
|
||||||
|
|
|
||||||
|
|
@ -44,7 +44,7 @@ foreach ($request['parent'] as $dn) {
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
system_message(array(
|
system_message(array(
|
||||||
'title'=>_('Could not delete the entry.').sprintf(' (%s)',pretty_print_dn($request['dn'])),
|
'title'=>_('Could not delete the entry.').sprintf(' (%s)',pretty_print_dn(htmlspecialchars($request['dn']))),
|
||||||
'body'=>ldap_error_msg($app['server']->getErrorMessage(null),$app['server']->getErrorNum(null)),
|
'body'=>ldap_error_msg($app['server']->getErrorMessage(null),$app['server']->getErrorNum(null)),
|
||||||
'type'=>'error'));
|
'type'=>'error'));
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -21,17 +21,17 @@ $request['page']->setDN($request['dn']);
|
||||||
$request['page']->accept();
|
$request['page']->accept();
|
||||||
|
|
||||||
# Render the form
|
# Render the form
|
||||||
$request['page']->drawTitle(sprintf('%s <b>%s</b>',_('Rename'),get_rdn($request['dn'])));
|
$request['page']->drawTitle(sprintf('%s <b>%s</b>',_('Rename'),htmlspecialchars(get_rdn($request['dn']))));
|
||||||
$request['page']->drawSubTitle();
|
$request['page']->drawSubTitle();
|
||||||
|
|
||||||
echo '<center>';
|
echo '<center>';
|
||||||
printf(_('Rename <b>%s</b> to a new object.') . '<br /><br />',get_rdn($request['dn']));
|
printf(_('Rename <b>%s</b> to a new object.') . '<br /><br />',htmlspecialchars(get_rdn($request['dn'])));
|
||||||
|
|
||||||
echo '<form action="cmd.php?cmd=rename" method="post" />';
|
echo '<form action="cmd.php?cmd=rename" method="post" />';
|
||||||
printf('<input type="hidden" name="server_id" value="%s" />',$app['server']->getIndex());
|
printf('<input type="hidden" name="server_id" value="%s" />',$app['server']->getIndex());
|
||||||
printf('<input type="hidden" name="dn" value="%s" />',rawurlencode($request['dn']));
|
printf('<input type="hidden" name="dn" value="%s" />',rawurlencode($request['dn']));
|
||||||
printf('<input type="hidden" name="template" value="%s" />',$request['template']);
|
printf('<input type="hidden" name="template" value="%s" />',htmlspecialchars($request['template']));
|
||||||
printf('<input type="text" name="new_rdn" size="30" value="%s" />',get_rdn($request['dn']));
|
printf('<input type="text" name="new_rdn" size="30" value="%s" />',htmlspecialchars(get_rdn($request['dn'])));
|
||||||
printf('<input type="submit" value="%s" />',_('Rename'));
|
printf('<input type="submit" value="%s" />',_('Rename'));
|
||||||
echo '</form>';
|
echo '</form>';
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -18,7 +18,7 @@ $request['dn'] = get_request('dn','GET');
|
||||||
$request['attr'] = strtolower(get_request('attr','GET',false,'jpegphoto'));
|
$request['attr'] = strtolower(get_request('attr','GET',false,'jpegphoto'));
|
||||||
$request['index'] = get_request('index','GET',false,0);
|
$request['index'] = get_request('index','GET',false,0);
|
||||||
$request['type'] = get_request('type','GET',false,'image/jpeg');
|
$request['type'] = get_request('type','GET',false,'image/jpeg');
|
||||||
$request['filename'] = get_request('filename','GET',false,sprintf('%s.jpg',get_rdn($request['dn'],true)));
|
$request['filename'] = get_request('filename','GET',false,sprintf('%s.jpg',htmlspecialchars(get_rdn($request['dn'],true))));
|
||||||
$request['location'] = get_request('location','GET',false,'ldap');
|
$request['location'] = get_request('location','GET',false,'ldap');
|
||||||
|
|
||||||
switch ($request['location']) {
|
switch ($request['location']) {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue