WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

*** empty log message ***

This commit is contained in:
Roland Gruber 2009-08-14 18:06:15 +00:00
parent d4886bb03f
commit 4384b0a32a
5 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lam/lib/selfService.inc
View File

@ -159,8 +159,8 @@ function getSelfServiceProfiles() {
* @return selfServiceProfile true if file was readable * @return selfServiceProfile true if file was readable
*/ */
function loadSelfServiceProfile($name, $scope) { function loadSelfServiceProfile($name, $scope) {
if (!eregi("^[0-9a-z _-]+$", $name)) return false; if (!preg_match("/^[0-9a-z _-]+$/i", $name)) return false;
if (!eregi("^[0-9a-z _-]+$", $scope)) return false; if (!preg_match("/^[0-9a-z _-]+$/i", $scope)) return false;
$profile = new selfServiceProfile(); $profile = new selfServiceProfile();
$file = substr(__FILE__, 0, strlen(__FILE__) - 20) . "/config/selfService/" . $name . "." . $scope; $file = substr(__FILE__, 0, strlen(__FILE__) - 20) . "/config/selfService/" . $name . "." . $scope;
if (is_file($file) === True) { if (is_file($file) === True) {
@ -193,8 +193,8 @@ function loadSelfServiceProfile($name, $scope) {
*/ */
function saveSelfServiceProfile($name, $scope, $profile) { function saveSelfServiceProfile($name, $scope, $profile) {
// check profile name // check profile name
if (!eregi("^[0-9a-z _-]+$", $scope)) return false; if (!preg_match("/^[0-9a-z _-]+$/i", $scope)) return false;
if (!eregi("^[0-9a-z _-]+$", $name)) return false; if (!preg_match("/^[0-9a-z _-]+$/i", $name)) return false;
if (!get_class($profile) === 'selfServiceProfile') { if (!get_class($profile) === 'selfServiceProfile') {
return false; return false;
} }

2
lam/templates/config/conftypes.php
View File

@ -296,7 +296,7 @@ function checkInput() {
elseif (substr($key, 0, 5) == "attr_") { elseif (substr($key, 0, 5) == "attr_") {
$typeSettings[$key] = $_POST[$key]; $typeSettings[$key] = $_POST[$key];
$type = substr($postKeys[$i], 5); $type = substr($postKeys[$i], 5);
if (!is_string($_POST[$key]) || !eregi("^((#[^:;]+)|([^:;]*:[^:;]+))(;((#[^:;]+)|([^:;]*:[^:;]+)))*$", $_POST[$key])) { if (!is_string($_POST[$key]) || !preg_match("/^((#[^:;]+)|([^:;]*:[^:;]+))(;((#[^:;]+)|([^:;]*:[^:;]+)))*$/", $_POST[$key])) {
$errors[] = array("ERROR", _("List attributes are invalid!"), getTypeAlias($type)); $errors[] = array("ERROR", _("List attributes are invalid!"), getTypeAlias($type));
} }
} }

6
lam/templates/config/mainmanage.php
View File

@ -105,8 +105,8 @@ if (isset($_POST['submit'])) {
continue; continue;
} }
// check each line // check each line
$ipRegex = '^[0-9\\.\\*]+$'; $ipRegex = '/^[0-9\\.\\*]+$/';
if (!ereg($ipRegex, $allowedHostsList[$i]) || (strlen($allowedHostsList[$i]) > 15)) { if (!preg_match($ipRegex, $allowedHostsList[$i]) || (strlen($allowedHostsList[$i]) > 15)) {
$errors[] = sprintf(_("The IP address %s is invalid!"), $allowedHostsList[$i]); $errors[] = sprintf(_("The IP address %s is invalid!"), $allowedHostsList[$i]);
} }
} }
@ -120,7 +120,7 @@ if (isset($_POST['submit'])) {
if ($_POST['logDestination'] == "none") $cfg->logDestination = "NONE"; if ($_POST['logDestination'] == "none") $cfg->logDestination = "NONE";
elseif ($_POST['logDestination'] == "syslog") $cfg->logDestination = "SYSLOG"; elseif ($_POST['logDestination'] == "syslog") $cfg->logDestination = "SYSLOG";
else { else {
if (isset($_POST['logFile']) && ($_POST['logFile'] != "") && eregi("^[a-z0-9/\\\\:\\._-]+$", $_POST['logFile'])) { if (isset($_POST['logFile']) && ($_POST['logFile'] != "") && preg_match("/^[a-z0-9/\\\\:\\._-]+$/i", $_POST['logFile'])) {
$cfg->logDestination = $_POST['logFile']; $cfg->logDestination = $_POST['logFile'];
} }
else $errors[] = _("The log file is empty or contains invalid characters! Valid characters are: a-z, A-Z, 0-9, /, \\, ., :, _ and -."); else $errors[] = _("The log file is empty or contains invalid characters! Valid characters are: a-z, A-Z, 0-9, /, \\, ., :, _ and -.");

6
lam/templates/config/profmanage.php
View File

@ -73,7 +73,7 @@ if ($_POST['submit']) {
} }
// add new profile // add new profile
elseif ($_POST['action'] == "add") { elseif ($_POST['action'] == "add") {
if (eregi("^[a-z0-9_-]+$", $_POST['addprofile']) && !in_array($_POST['addprofile'], getConfigProfiles())) { if (preg_match("/^[a-z0-9_-]+$/i", $_POST['addprofile']) && !in_array($_POST['addprofile'], getConfigProfiles())) {
// check profile password // check profile password
if ($_POST['addpassword'] && $_POST['addpassword2'] && ($_POST['addpassword'] == $_POST['addpassword2'])) { if ($_POST['addpassword'] && $_POST['addpassword2'] && ($_POST['addpassword'] == $_POST['addpassword2'])) {
// create new profile file // create new profile file
@ -95,7 +95,7 @@ if ($_POST['submit']) {
} }
// rename profile // rename profile
elseif ($_POST['action'] == "rename") { elseif ($_POST['action'] == "rename") {
if (eregi("^[a-z0-9_-]+$", $_POST['renfilename']) && !in_array($_POST['renfilename'], getConfigProfiles())) { if (preg_match("/^[a-z0-9_-]+$/i", $_POST['renfilename']) && !in_array($_POST['renfilename'], getConfigProfiles())) {
if (rename("../../config/" . $_POST['oldfilename'] . ".conf", if (rename("../../config/" . $_POST['oldfilename'] . ".conf",
"../../config/" . $_POST['renfilename'] . ".conf")) { "../../config/" . $_POST['renfilename'] . ".conf")) {
$msg = _("Renamed profile."); $msg = _("Renamed profile.");
@ -106,7 +106,7 @@ if ($_POST['submit']) {
} }
// delete profile // delete profile
elseif ($_POST['action'] == "delete") { elseif ($_POST['action'] == "delete") {
if (eregi("^[a-z0-9_-]+$", $_POST['delfilename']) && @unlink("../../config/" . $_POST['delfilename'] . ".conf")) { if (preg_match("/^[a-z0-9_-]+$/i", $_POST['delfilename']) && @unlink("../../config/" . $_POST['delfilename'] . ".conf")) {
$msg = _("Profile deleted."); $msg = _("Profile deleted.");
} }
else $error = _("Unable to delete profile!"); else $error = _("Unable to delete profile!");

2
lam/templates/ou_edit.php
View File

@ -58,7 +58,7 @@ if (isset($_POST['createOU']) || isset($_POST['deleteOU'])) {
// new ou // new ou
if (isset($_POST['createOU'])) { if (isset($_POST['createOU'])) {
// create ou if valid // create ou if valid
if (eregi("^[a-z0-9 _\\-]+$", $_POST['newOU'])) { if (preg_match("/^[a-z0-9 _\\-]+$/i", $_POST['newOU'])) {
// check if ou already exists // check if ou already exists
$new_dn = "ou=" . $_POST['newOU'] . "," . $_POST['parentOU']; $new_dn = "ou=" . $_POST['newOU'] . "," . $_POST['parentOU'];
if (!in_array($new_dn, $_SESSION['ldap']->search_units($_POST['parentOU']))) { if (!in_array($new_dn, $_SESSION['ldap']->search_units($_POST['parentOU']))) {