support "," in DN

lam/HISTORY

@@ -4,6 +4,7 @@ June 2018 6.4
   - Personal/Windows: image cropping support
   - IMAP: create mailbox via file upload
   - PHP 7.2 support
+  - Support for "," in DN
   - LAM Pro:
    -> Better support for 389ds password expiration
   - Fixed bugs:

lam/lib/account.inc

@@ -631,6 +631,18 @@ function escapeDN($dn) {
 	);
 }
 
+/**
+ * Escapes special characters in RDN part.
+ *
+ * @param string $rdn RDN
+ */
+function escapeRDN($rdn) {
+	return str_replace(
+		array(','),
+		array('\\2C'),
+		$rdn);
+}
+
 /**
  * Connects to an LDAP server using the given URL.
  *

lam/lib/modules.inc

@@ -1802,28 +1802,28 @@ class accountContainer {
 		}
 		// build DN for new accounts and change it for existing ones if needed
 		if (isset($attributes[$this->dn_orig]['modify'][$this->rdn][0])) {
-			$this->finalDN = $this->rdn . '=' . $attributes[$this->dn_orig]['modify'][$this->rdn][0] . ',' . $this->dnSuffix;
+			$this->finalDN = $this->rdn . '=' . escapeRDN($attributes[$this->dn_orig]['modify'][$this->rdn][0]) . ',' . $this->dnSuffix;
 			if ($this->dn_orig != $this->finalDN) {
 				$attributes[$this->finalDN] = $attributes[$this->dn_orig];
 				unset($attributes[$this->dn_orig]);
 			}
 		}
 		elseif (isset($attributes[$this->dn_orig]['add'][$this->rdn][0])) {
-			$this->finalDN = $this->rdn . '=' . $attributes[$this->dn_orig]['add'][$this->rdn][0] . ',' . $this->dnSuffix;
+			$this->finalDN = $this->rdn . '=' . escapeRDN($attributes[$this->dn_orig]['add'][$this->rdn][0]) . ',' . $this->dnSuffix;
 			if ($this->dn_orig != $this->finalDN) {
 				$attributes[$this->finalDN] = $attributes[$this->dn_orig];
 				unset($attributes[$this->dn_orig]);
 			}
 		}
 		elseif (isset($attributes[$this->dn_orig]['remove'][$this->rdn][0]) && isset($attributes[$this->dn_orig]['notchanged'][$this->rdn][0])) {
-			$this->finalDN = $this->rdn . '=' . $attributes[$this->dn_orig]['notchanged'][$this->rdn][0] . ',' . $this->dnSuffix;
+			$this->finalDN = $this->rdn . '=' . escapeRDN($attributes[$this->dn_orig]['notchanged'][$this->rdn][0]) . ',' . $this->dnSuffix;
 			if ($this->dn_orig != $this->finalDN) {
 				$attributes[$this->finalDN] = $attributes[$this->dn_orig];
 				unset($attributes[$this->dn_orig]);
 			}
 		}
 		elseif (!$this->isNewAccount && (($this->dnSuffix != extractDNSuffix($this->dn_orig)) || ($this->rdn != extractRDNAttribute($this->dn_orig)))) {
-			$this->finalDN = $this->rdn . '=' . $attributes[$this->dn_orig]['notchanged'][$this->rdn][0] . ',' . $this->dnSuffix;
+			$this->finalDN = $this->rdn . '=' . escapeRDN($attributes[$this->dn_orig]['notchanged'][$this->rdn][0]) . ',' . $this->dnSuffix;
 			$attributes[$this->finalDN] = $attributes[$this->dn_orig];
 			unset($attributes[$this->dn_orig]);
 		}

lam/templates/lists/deletelink.php

@@ -1,9 +1,8 @@
 <?php
 /*
-$Id$
 
   This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
-  Copyright (C) 2007 - 2017  Roland Gruber
+  Copyright (C) 2007 - 2018  Roland Gruber
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -52,7 +51,6 @@ if (!preg_match('/^[a-z0-9_]+$/i', $type)) {
 }
 
 if (isset($dn) && isset($type)) {
-	$dn = str_replace("\\", '',$dn);
 	if (substr($dn, 0, 1) === "'") {
 		$dn = substr($dn, 1);
 	}

lam/templates/upload/massBuildAccounts.php

@@ -209,7 +209,7 @@ if ($_FILES['inputfile'] && ($_FILES['inputfile']['size'] > 0)) {
 					$errors[] = array(_('Account %s:') . ' dn_rdn ' . $account[$data[$i][$ids['dn_rdn']]], _("Invalid RDN attribute!"), array($i));
 				}
 				else {
-					$account_dn = $data[$i][$ids['dn_rdn']] . "=" . $account[$data[$i][$ids['dn_rdn']]] . ",";
+					$account_dn = $data[$i][$ids['dn_rdn']] . "=" . escapeRDN($account[$data[$i][$ids['dn_rdn']]]) . ",";
 					if ($data[$i][$ids['dn_suffix']] == "") $account_dn = $account_dn . $suffix;
 					else $account_dn = $account_dn . $data[$i][$ids['dn_suffix']];
 					$accounts[$i]['dn'] = $account_dn;