additional checks

This commit is contained in:
Roland Gruber 2012-03-18 18:24:25 +00:00
parent 2b26a46305
commit 6418d24cdd
5 changed files with 29 additions and 29 deletions

View File

@ -97,8 +97,7 @@ function displayHelp($helpEntry,$helpVariables) {
}
/* If no help number was submitted print error message */
if(!isset($_GET['HelpNumber']))
{
if (!isset($_GET['HelpNumber'])) {
$errorMessage = "Sorry no help number submitted.";
echoHTMLHead();
statusMessage("ERROR","",$errorMessage);
@ -119,8 +118,8 @@ if(isset($_GET['module']) && !($_GET['module'] == 'main') && !($_GET['module'] =
}
if (!$helpEntry) {
$variables = array();
array_push($variables,$_GET['HelpNumber']);
array_push($variables,$_GET['module']);
array_push($variables, htmlspecialchars($_GET['HelpNumber']));
array_push($variables, htmlspecialchars($_GET['module']));
$errorMessage = _("Sorry this help id ({bold}%s{endbold}) is not available for this module ({bold}%s{endbold}).");
echoHTMLHead();
statusMessage("ERROR","",$errorMessage,$variables);
@ -131,11 +130,10 @@ if(isset($_GET['module']) && !($_GET['module'] == 'main') && !($_GET['module'] =
// help entry in help.inc
else {
/* If submitted help number is not in help/help.inc print error message */
if(!array_key_exists($_GET['HelpNumber'],$helpArray))
{
if (!array_key_exists($_GET['HelpNumber'],$helpArray)) {
$variables = array();
array_push($variables,$_GET['HelpNumber']);
$errorMessage = _("Sorry this help number ({bold}%d{endbold}) is not available.");
array_push($variables, htmlspecialchars($_GET['HelpNumber']));
$errorMessage = _("Sorry this help number ({bold}%s{endbold}) is not available.");
echoHTMLHead();
statusMessage("ERROR","",$errorMessage,$variables);
echoHTMLFoot();
@ -151,7 +149,7 @@ $moreVariables = true;
$helpVariables = array();
while($moreVariables) {
if (isset($_GET['var' . $i])) {
array_push($helpVariables,$_GET['var' . $i]);
array_push($helpVariables, htmlspecialchars($_GET['var' . $i]));
$i++;
}
else {

View File

@ -148,7 +148,7 @@ if (isset($_POST['add_suff']) || isset($_POST['cancel'])) {
if (sizeof($fail) > 0) {
// print error messages
for ($i = 0; $i < sizeof($fail); $i++) {
StatusMessage("ERROR", _("Failed to create entry!") . "<br>" . $error[$i], $fail[$i]);
StatusMessage("ERROR", _("Failed to create entry!") . "<br>" . htmlspecialchars($error[$i]), htmlspecialchars($fail[$i]));
}
include 'main_footer.php';
}

View File

@ -87,7 +87,8 @@ if (isset($_GET['showldif'])) {
}
include 'main_header.php';
echo '<div class="' . $_POST['scope'] . 'list-bright smallPaddingContent">';
$scope = htmlspecialchars($_POST['scope']);
echo '<div class="' . $scope . 'list-bright smallPaddingContent">';
$selectedModules = explode(',', $_POST['selectedModules']);
if ($_FILES['inputfile'] && ($_FILES['inputfile']['size'] > 0)) {
@ -95,7 +96,7 @@ if ($_FILES['inputfile'] && ($_FILES['inputfile']['size'] > 0)) {
$data = array(); // input values without first row
$ids = array(); // <column name> => <column number for $data>
// get input fields from modules
$columns = getUploadColumns($_POST['scope'], $selectedModules);
$columns = getUploadColumns($scope, $selectedModules);
// read input file
$handle = fopen ($_FILES['inputfile']['tmp_name'], "r");
if (($head = fgetcsv($handle, 2000)) !== false ) { // head row
@ -158,15 +159,15 @@ if ($_FILES['inputfile'] && ($_FILES['inputfile']['size'] > 0)) {
// if input data is invalid just display error messages (max 50)
if (sizeof($errors) > 0) {
for ($i = 0; $i < sizeof($errors); $i++) StatusMessage("ERROR", $errors[$i][0], $errors[$i][1]);
massPrintBackButton($_POST['scope'], $selectedModules);
massPrintBackButton($scope, $selectedModules);
}
// let modules build accounts
else {
$accounts = buildUploadAccounts($_POST['scope'], $data, $ids, $selectedModules);
$accounts = buildUploadAccounts($scope, $data, $ids, $selectedModules);
if ($accounts != false) {
$rdnList = getRDNAttributes($_POST['scope'], $selectedModules);
$suffix = $_SESSION['config']->get_Suffix($_POST['scope']);
$rdnList = getRDNAttributes($scope, $selectedModules);
$suffix = $_SESSION['config']->get_Suffix($scope);
// set DN
for ($i = 0; $i < sizeof($accounts); $i++) {
// check against list of possible RDN attributes
@ -193,7 +194,7 @@ if ($_FILES['inputfile'] && ($_FILES['inputfile']['size'] > 0)) {
$_SESSION['mass_postActions'] = array();
$_SESSION['mass_data'] = $_SESSION['ldap']->encrypt(serialize($data));
$_SESSION['mass_ids'] = $ids;
$_SESSION['mass_scope'] = $_POST['scope'];
$_SESSION['mass_scope'] = $scope;
$_SESSION['mass_selectedModules'] = $selectedModules;
if (isset($_SESSION['mass_pdf'])) {
unset($_SESSION['mass_pdf']);
@ -225,13 +226,13 @@ if ($_FILES['inputfile'] && ($_FILES['inputfile']['size'] > 0)) {
}
}
else {
massPrintBackButton($_POST['scope'], $selectedModules);
massPrintBackButton($scope, $selectedModules);
}
}
}
else {
StatusMessage('ERROR', _('Please provide a file to upload.'));
massPrintBackButton($_POST['scope'], $selectedModules);
massPrintBackButton($scope, $selectedModules);
}
echo '</div>';

View File

@ -58,7 +58,8 @@ if (!isset($_SESSION['loggedIn']) || ($_SESSION['loggedIn'] !== true)) {
setlanguage();
include 'main_header.php';
echo '<div class="' . $_SESSION['mass_scope'] . 'list-bright smallPaddingContent">';
$scope = htmlspecialchars($_SESSION['mass_scope']);
echo '<div class="' . $scope . 'list-bright smallPaddingContent">';
// create accounts
$accounts = unserialize($_SESSION['ldap']->decrypt($_SESSION['mass_accounts']));
@ -120,12 +121,12 @@ if (($_SESSION['mass_counter'] < sizeof($accounts)) || !isset($_SESSION['mass_po
// do post upload actions after all accounts are created
if ($_SESSION['mass_counter'] >= sizeof($accounts)) {
$data = unserialize($_SESSION['ldap']->decrypt($_SESSION['mass_data']));
$return = doUploadPostActions($_SESSION['mass_scope'], $data, $_SESSION['mass_ids'], $_SESSION['mass_failed'], $_SESSION['mass_selectedModules'], $accounts);
$return = doUploadPostActions($scope, $data, $_SESSION['mass_ids'], $_SESSION['mass_failed'], $_SESSION['mass_selectedModules'], $accounts);
if ($return['status'] == 'finished') {
$_SESSION['mass_postActions']['finished'] = true;
}
for ($i = 0; $i < sizeof($return['errors']); $i++) $_SESSION['mass_errors'][] = $return['errors'][$i];
echo "<h1>" . _("Additional tasks for module:") . ' ' . getModuleAlias($return['module'], $_SESSION['mass_scope']) . "</h1>\n";
echo "<h1>" . _("Additional tasks for module:") . ' ' . getModuleAlias($return['module'], $scope) . "</h1>\n";
?>
<div id="progressbar<?php echo $return['module']; ?>"></div>
<script type="text/javascript">
@ -138,7 +139,7 @@ if (($_SESSION['mass_counter'] < sizeof($accounts)) || !isset($_SESSION['mass_po
<?php
flush();
while (!isset($_SESSION['mass_postActions']['finished']) && (($startTime + $maxTime) > time())) {
$return = doUploadPostActions($_SESSION['mass_scope'], $data, $_SESSION['mass_ids'], $_SESSION['mass_failed'], $_SESSION['mass_selectedModules'], $accounts);
$return = doUploadPostActions($scope, $data, $_SESSION['mass_ids'], $_SESSION['mass_failed'], $_SESSION['mass_selectedModules'], $accounts);
if ($return['status'] == 'finished') {
$_SESSION['mass_postActions']['finished'] = true;
}
@ -190,7 +191,7 @@ if (($_SESSION['mass_counter'] < sizeof($accounts)) || !isset($_SESSION['mass_po
}
}
// load account
$_SESSION['pdfAccount'] = new accountContainer($_SESSION['mass_scope'], 'pdfAccount');
$_SESSION['pdfAccount'] = new accountContainer($scope, 'pdfAccount');
$pdfErrors = $_SESSION['pdfAccount']->load_account($dn, $infoAttributes);
if (sizeof($pdfErrors) > 0) {
$_SESSION['mass_errors'] = array_merge($_SESSION['mass_errors'], $pdfErrors);
@ -233,7 +234,7 @@ else {
else {
// redirect to list if no errors occured
echo "<script type=\"text/javascript\">\n";
echo "top.location.href = \"lists/list.php?type=" . $_SESSION['mass_scope'] . "&uploadAllOk\";\n";
echo "top.location.href = \"lists/list.php?type=" . $scope . "&uploadAllOk\";\n";
echo "</script>\n";
}
}

View File

@ -84,7 +84,7 @@ $types = array_values($types);
// check if account specific page should be shown
if (isset($_POST['type'])) {
// get selected type
$scope = $_POST['type'];
$scope = htmlspecialchars($_POST['type']);
// get selected modules
$selectedModules = array();
$checkedBoxes = array_keys($_POST, 'on');