WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

handle quotes in DN

This commit is contained in:
Roland Gruber 2013-11-04 16:32:10 +00:00
parent a4d87bfcc1
commit 75322829ae
2 changed files with 15 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
lam/templates/account/edit.php
View File

@ -66,7 +66,14 @@ if (isset($_GET['DN'])) {
logNewMessage(LOG_ERR, 'User tried to access hidden account type: ' . $type); logNewMessage(LOG_ERR, 'User tried to access hidden account type: ' . $type);
die(); die();
} }
if ($_GET['DN'] == $DN) $DN = str_replace("'", '',$_GET['DN']); if ($_GET['DN'] == $DN) {
if (substr($DN, 0, 1) === "'") {
$DN = substr($DN, 1);
}
if (substr($DN, -1, 1) === "'") {
$DN = substr($DN, 0, -1);
}
}
$_SESSION['account'] = new accountContainer($type, 'account'); $_SESSION['account'] = new accountContainer($type, 'account');
$result = $_SESSION['account']->load_account($DN); $result = $_SESSION['account']->load_account($DN);
if (sizeof($result) > 0) { if (sizeof($result) > 0) {

9
lam/templates/lists/deletelink.php
View File

@ -3,7 +3,7 @@
$Id$ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2007 - 2010 Roland Gruber Copyright (C) 2007 - 2013 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -52,7 +52,12 @@ if (!preg_match('/^[a-z0-9_]+$/i', $type)) {
if (isset($dn) && isset($type)) { if (isset($dn) && isset($type)) {
$dn = str_replace("\\", '',$dn); $dn = str_replace("\\", '',$dn);
$dn = str_replace("'", '',$dn); if (substr($dn, 0, 1) === "'") {
$dn = substr($dn, 1);
}
if (substr($dn, -1, 1) === "'") {
$dn = substr($dn, 0, -1);
}
$_SESSION['delete_dn'] = array($dn); $_SESSION['delete_dn'] = array($dn);
// redirect to delete.php // redirect to delete.php
metaRefresh("../delete.php?type=" . htmlspecialchars($type)); metaRefresh("../delete.php?type=" . htmlspecialchars($type));