additional checks
This commit is contained in:
Roland Gruber
parent
e61324a599
commit
2662b3b4d1
|
|
@ -293,7 +293,7 @@ class LAMConfig {
|
|||
*/
|
||||
function __construct($file) {
|
||||
if (empty($file) || !preg_match("/^[a-z0-9_-]+$/i", $file)) {
|
||||
logNewMessage('ERROR', 'Invalid config file name: ' . $file);
|
||||
logNewMessage(LOG_ERR, 'Invalid config file name: ' . $file);
|
||||
die();
|
||||
}
|
||||
// load first profile if none is given
|
||||
|
|
|
|||
|
|
@ -62,7 +62,16 @@ if (!isset($_SESSION['loggedIn']) || ($_SESSION['loggedIn'] !== true)) {
|
|||
// Set correct language, codepages, ....
|
||||
setlanguage();
|
||||
|
||||
if (isset($_POST['type']) && !preg_match('/^[a-z0-9_]+$/i', $_POST['type'])) {
|
||||
logNewMessage(LOG_ERR, 'Invalid type: ' . $_POST['type']);
|
||||
die();
|
||||
}
|
||||
|
||||
if (isset($_GET['type']) && isset($_SESSION['delete_dn'])) {
|
||||
if (!preg_match('/^[a-z0-9_]+$/i', $_GET['type'])) {
|
||||
logNewMessage(LOG_ERR, 'Invalid type: ' . $_GET['type']);
|
||||
die();
|
||||
}
|
||||
// Create account list
|
||||
foreach ($_SESSION['delete_dn'] as $dn) {
|
||||
$start = strpos ($dn, "=")+1;
|
||||
|
|
@ -83,8 +92,8 @@ if (isset($_GET['type']) && isset($_SESSION['delete_dn'])) {
|
|||
echo "<table border=0>\n";
|
||||
for ($i=0; $i<count($users); $i++) {
|
||||
echo "<tr>\n";
|
||||
echo "<td><b>" . _("Account name:") . "</b> $users[$i]</td>\n";
|
||||
echo "<td> <b>" . _('DN') . ":</b> " . $_SESSION['delete_dn'][$i] . "</td>\n";
|
||||
echo "<td><b>" . _("Account name:") . "</b> " . htmlspecialchars($users[$i]) . "</td>\n";
|
||||
echo "<td> <b>" . _('DN') . ":</b> " . htmlspecialchars($_SESSION['delete_dn'][$i]) . "</td>\n";
|
||||
$childCount = getChildCount($_SESSION['delete_dn'][$i]);
|
||||
if ($childCount > 0) {
|
||||
echo "<td> <b>" . _('Number of child entries') . ":</b> " . $childCount . "</td>\n";
|
||||
|
|
|
|||
|
|
@ -45,6 +45,10 @@ setlanguage();
|
|||
// get account name and type
|
||||
$dn = $_GET['DN'];
|
||||
$type = $_GET['type'];
|
||||
if (!preg_match('/^[a-z0-9_]+$/i', $type)) {
|
||||
logNewMessage(LOG_ERR, 'Invalid type: ' . $type);
|
||||
die();
|
||||
}
|
||||
|
||||
if (isset($dn) && isset($type)) {
|
||||
$dn = str_replace("\\", '',$dn);
|
||||
|
|
|
|||
|
|
@ -82,7 +82,7 @@ if (isset($_POST['createOU']) || isset($_POST['deleteOU'])) {
|
|||
}
|
||||
// show errormessage if ou is invalid
|
||||
else {
|
||||
$error = _("OU is invalid!") . "<br>" . $_POST['newOU'];
|
||||
$error = _("OU is invalid!") . "<br>" . htmlspecialchars($_POST['newOU']);
|
||||
}
|
||||
}
|
||||
// delete ou, user was sure
|
||||
|
|
|
|||
Loading…
Reference in New Issue