WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

additional checks

This commit is contained in:
Roland Gruber 2012-03-13 21:34:13 +00:00
parent e61324a599
commit 2662b3b4d1
4 changed files with 17 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lam/lib/config.inc
View File

@ -293,7 +293,7 @@ class LAMConfig {
*/ */
function __construct($file) { function __construct($file) {
if (empty($file) || !preg_match("/^[a-z0-9_-]+$/i", $file)) { if (empty($file) || !preg_match("/^[a-z0-9_-]+$/i", $file)) {
logNewMessage('ERROR', 'Invalid config file name: ' . $file); logNewMessage(LOG_ERR, 'Invalid config file name: ' . $file);
die(); die();
} }
// load first profile if none is given // load first profile if none is given

13
lam/templates/delete.php
View File

@ -62,7 +62,16 @@ if (!isset($_SESSION['loggedIn']) || ($_SESSION['loggedIn'] !== true)) {
// Set correct language, codepages, .... // Set correct language, codepages, ....
setlanguage(); setlanguage();
if (isset($_POST['type']) && !preg_match('/^[a-z0-9_]+$/i', $_POST['type'])) {
logNewMessage(LOG_ERR, 'Invalid type: ' . $_POST['type']);
die();
}
if (isset($_GET['type']) && isset($_SESSION['delete_dn'])) { if (isset($_GET['type']) && isset($_SESSION['delete_dn'])) {
if (!preg_match('/^[a-z0-9_]+$/i', $_GET['type'])) {
logNewMessage(LOG_ERR, 'Invalid type: ' . $_GET['type']);
die();
}
// Create account list // Create account list
foreach ($_SESSION['delete_dn'] as $dn) { foreach ($_SESSION['delete_dn'] as $dn) {
$start = strpos ($dn, "=")+1; $start = strpos ($dn, "=")+1;
@ -83,8 +92,8 @@ if (isset($_GET['type']) && isset($_SESSION['delete_dn'])) {
echo "<table border=0>\n"; echo "<table border=0>\n";
for ($i=0; $i<count($users); $i++) { for ($i=0; $i<count($users); $i++) {
echo "<tr>\n"; echo "<tr>\n";
echo "<td><b>" . _("Account name:") . "</b> $users[$i]</td>\n"; echo "<td><b>" . _("Account name:") . "</b> " . htmlspecialchars($users[$i]) . "</td>\n";
echo "<td>&nbsp;&nbsp;<b>" . _('DN') . ":</b> " . $_SESSION['delete_dn'][$i] . "</td>\n"; echo "<td>&nbsp;&nbsp;<b>" . _('DN') . ":</b> " . htmlspecialchars($_SESSION['delete_dn'][$i]) . "</td>\n";
$childCount = getChildCount($_SESSION['delete_dn'][$i]); $childCount = getChildCount($_SESSION['delete_dn'][$i]);
if ($childCount > 0) { if ($childCount > 0) {
echo "<td>&nbsp;&nbsp;<b>" . _('Number of child entries') . ":</b> " . $childCount . "</td>\n"; echo "<td>&nbsp;&nbsp;<b>" . _('Number of child entries') . ":</b> " . $childCount . "</td>\n";

4
lam/templates/lists/deletelink.php
View File

@ -45,6 +45,10 @@ setlanguage();
// get account name and type // get account name and type
$dn = $_GET['DN']; $dn = $_GET['DN'];
$type = $_GET['type']; $type = $_GET['type'];
if (!preg_match('/^[a-z0-9_]+$/i', $type)) {
logNewMessage(LOG_ERR, 'Invalid type: ' . $type);
die();
}
if (isset($dn) && isset($type)) { if (isset($dn) && isset($type)) {
$dn = str_replace("\\", '',$dn); $dn = str_replace("\\", '',$dn);

2
lam/templates/ou_edit.php
View File

@ -82,7 +82,7 @@ if (isset($_POST['createOU']) || isset($_POST['deleteOU'])) {
} }
// show errormessage if ou is invalid // show errormessage if ou is invalid
else { else {
$error = _("OU is invalid!") . "<br>" . $_POST['newOU']; $error = _("OU is invalid!") . "<br>" . htmlspecialchars($_POST['newOU']);
} }
} }
// delete ou, user was sure // delete ou, user was sure