From 2662b3b4d158fb925dcbc44023edb732f5d51e06 Mon Sep 17 00:00:00 2001
From: Roland Gruber <post@rolandgruber.de>
Date: Tue, 13 Mar 2012 21:34:13 +0000
Subject: [PATCH] additional checks

---
 lam/lib/config.inc                 |  2 +-
 lam/templates/delete.php           | 13 +++++++++++--
 lam/templates/lists/deletelink.php |  4 ++++
 lam/templates/ou_edit.php          |  2 +-
 4 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/lam/lib/config.inc b/lam/lib/config.inc
index d97e1d7d..4a53e8e3 100644
--- a/lam/lib/config.inc
+++ b/lam/lib/config.inc
@@ -293,7 +293,7 @@ class LAMConfig {
 	*/
 	function __construct($file) {
 		if (empty($file) || !preg_match("/^[a-z0-9_-]+$/i", $file)) {
-			logNewMessage('ERROR', 'Invalid config file name: ' . $file);
+			logNewMessage(LOG_ERR, 'Invalid config file name: ' . $file);
 			die();
 		}
 		// load first profile if none is given
diff --git a/lam/templates/delete.php b/lam/templates/delete.php
index f9b8044d..dc353df7 100644
--- a/lam/templates/delete.php
+++ b/lam/templates/delete.php
@@ -62,7 +62,16 @@ if (!isset($_SESSION['loggedIn']) || ($_SESSION['loggedIn'] !== true)) {
 // Set correct language, codepages, ....
 setlanguage();
 
+if (isset($_POST['type']) && !preg_match('/^[a-z0-9_]+$/i', $_POST['type'])) {
+	logNewMessage(LOG_ERR, 'Invalid type: ' . $_POST['type']);
+	die();
+}
+
 if (isset($_GET['type']) && isset($_SESSION['delete_dn'])) {
+	if (!preg_match('/^[a-z0-9_]+$/i', $_GET['type'])) {
+		logNewMessage(LOG_ERR, 'Invalid type: ' . $_GET['type']);
+		die();
+	}
 	// Create account list
 	foreach ($_SESSION['delete_dn'] as $dn) {
 		$start = strpos ($dn, "=")+1;
@@ -83,8 +92,8 @@ if (isset($_GET['type']) && isset($_SESSION['delete_dn'])) {
 	echo "<table border=0>\n";
 	for ($i=0; $i<count($users); $i++) {
 		echo "<tr>\n";
-		echo "<td><b>" . _("Account name:") . "</b> $users[$i]</td>\n";
-		echo "<td>&nbsp;&nbsp;<b>" . _('DN') . ":</b> " . $_SESSION['delete_dn'][$i] . "</td>\n";
+		echo "<td><b>" . _("Account name:") . "</b> " . htmlspecialchars($users[$i]) . "</td>\n";
+		echo "<td>&nbsp;&nbsp;<b>" . _('DN') . ":</b> " . htmlspecialchars($_SESSION['delete_dn'][$i]) . "</td>\n";
 		$childCount = getChildCount($_SESSION['delete_dn'][$i]);
 		if ($childCount > 0) {
 			echo "<td>&nbsp;&nbsp;<b>" . _('Number of child entries') . ":</b> " . $childCount . "</td>\n";
diff --git a/lam/templates/lists/deletelink.php b/lam/templates/lists/deletelink.php
index 14c46d25..a33d4390 100644
--- a/lam/templates/lists/deletelink.php
+++ b/lam/templates/lists/deletelink.php
@@ -45,6 +45,10 @@ setlanguage();
 // get account name and type
 $dn = $_GET['DN'];
 $type = $_GET['type'];
+if (!preg_match('/^[a-z0-9_]+$/i', $type)) {
+	logNewMessage(LOG_ERR, 'Invalid type: ' . $type);
+	die();
+}
 
 if (isset($dn) && isset($type)) {
 	$dn = str_replace("\\", '',$dn);
diff --git a/lam/templates/ou_edit.php b/lam/templates/ou_edit.php
index ff6093ab..1872feac 100644
--- a/lam/templates/ou_edit.php
+++ b/lam/templates/ou_edit.php
@@ -82,7 +82,7 @@ if (isset($_POST['createOU']) || isset($_POST['deleteOU'])) {
 		}
 		// show errormessage if ou is invalid
 		else {
-			$error = _("OU is invalid!") . "<br>" . $_POST['newOU'];
+			$error = _("OU is invalid!") . "<br>" . htmlspecialchars($_POST['newOU']);
 		}
 	}
 	// delete ou, user was sure