From a73b8777f23fd767f7479afdfdcb2d91367514e3 Mon Sep 17 00:00:00 2001
From: Roland Gruber <post@rolandgruber.de>
Date: Sun, 20 May 2018 08:22:51 +0200
Subject: [PATCH] support "," in DN

---
 lam/HISTORY                                |  1 +
 lam/lib/account.inc                        | 12 ++++++++++++
 lam/lib/modules.inc                        |  8 ++++----
 lam/templates/lists/deletelink.php         |  4 +---
 lam/templates/upload/massBuildAccounts.php |  2 +-
 5 files changed, 19 insertions(+), 8 deletions(-)

diff --git a/lam/HISTORY b/lam/HISTORY
index 45e6d39c..783530d0 100644
--- a/lam/HISTORY
+++ b/lam/HISTORY
@@ -4,6 +4,7 @@ June 2018 6.4
   - Personal/Windows: image cropping support
   - IMAP: create mailbox via file upload
   - PHP 7.2 support
+  - Support for "," in DN
   - LAM Pro:
    -> Better support for 389ds password expiration
   - Fixed bugs:
diff --git a/lam/lib/account.inc b/lam/lib/account.inc
index 2ca8e130..0c39143f 100644
--- a/lam/lib/account.inc
+++ b/lam/lib/account.inc
@@ -631,6 +631,18 @@ function escapeDN($dn) {
 	);
 }
 
+/**
+ * Escapes special characters in RDN part.
+ *
+ * @param string $rdn RDN
+ */
+function escapeRDN($rdn) {
+	return str_replace(
+		array(','),
+		array('\\2C'),
+		$rdn);
+}
+
 /**
  * Connects to an LDAP server using the given URL.
  *
diff --git a/lam/lib/modules.inc b/lam/lib/modules.inc
index 94647edd..6767fdc0 100644
--- a/lam/lib/modules.inc
+++ b/lam/lib/modules.inc
@@ -1802,28 +1802,28 @@ class accountContainer {
 		}
 		// build DN for new accounts and change it for existing ones if needed
 		if (isset($attributes[$this->dn_orig]['modify'][$this->rdn][0])) {
-			$this->finalDN = $this->rdn . '=' . $attributes[$this->dn_orig]['modify'][$this->rdn][0] . ',' . $this->dnSuffix;
+			$this->finalDN = $this->rdn . '=' . escapeRDN($attributes[$this->dn_orig]['modify'][$this->rdn][0]) . ',' . $this->dnSuffix;
 			if ($this->dn_orig != $this->finalDN) {
 				$attributes[$this->finalDN] = $attributes[$this->dn_orig];
 				unset($attributes[$this->dn_orig]);
 			}
 		}
 		elseif (isset($attributes[$this->dn_orig]['add'][$this->rdn][0])) {
-			$this->finalDN = $this->rdn . '=' . $attributes[$this->dn_orig]['add'][$this->rdn][0] . ',' . $this->dnSuffix;
+			$this->finalDN = $this->rdn . '=' . escapeRDN($attributes[$this->dn_orig]['add'][$this->rdn][0]) . ',' . $this->dnSuffix;
 			if ($this->dn_orig != $this->finalDN) {
 				$attributes[$this->finalDN] = $attributes[$this->dn_orig];
 				unset($attributes[$this->dn_orig]);
 			}
 		}
 		elseif (isset($attributes[$this->dn_orig]['remove'][$this->rdn][0]) && isset($attributes[$this->dn_orig]['notchanged'][$this->rdn][0])) {
-			$this->finalDN = $this->rdn . '=' . $attributes[$this->dn_orig]['notchanged'][$this->rdn][0] . ',' . $this->dnSuffix;
+			$this->finalDN = $this->rdn . '=' . escapeRDN($attributes[$this->dn_orig]['notchanged'][$this->rdn][0]) . ',' . $this->dnSuffix;
 			if ($this->dn_orig != $this->finalDN) {
 				$attributes[$this->finalDN] = $attributes[$this->dn_orig];
 				unset($attributes[$this->dn_orig]);
 			}
 		}
 		elseif (!$this->isNewAccount && (($this->dnSuffix != extractDNSuffix($this->dn_orig)) || ($this->rdn != extractRDNAttribute($this->dn_orig)))) {
-			$this->finalDN = $this->rdn . '=' . $attributes[$this->dn_orig]['notchanged'][$this->rdn][0] . ',' . $this->dnSuffix;
+			$this->finalDN = $this->rdn . '=' . escapeRDN($attributes[$this->dn_orig]['notchanged'][$this->rdn][0]) . ',' . $this->dnSuffix;
 			$attributes[$this->finalDN] = $attributes[$this->dn_orig];
 			unset($attributes[$this->dn_orig]);
 		}
diff --git a/lam/templates/lists/deletelink.php b/lam/templates/lists/deletelink.php
index 547224d9..f3cf5919 100644
--- a/lam/templates/lists/deletelink.php
+++ b/lam/templates/lists/deletelink.php
@@ -1,9 +1,8 @@
 <?php
 /*
-$Id$
 
   This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
-  Copyright (C) 2007 - 2017  Roland Gruber
+  Copyright (C) 2007 - 2018  Roland Gruber
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -52,7 +51,6 @@ if (!preg_match('/^[a-z0-9_]+$/i', $type)) {
 }
 
 if (isset($dn) && isset($type)) {
-	$dn = str_replace("\\", '',$dn);
 	if (substr($dn, 0, 1) === "'") {
 		$dn = substr($dn, 1);
 	}
diff --git a/lam/templates/upload/massBuildAccounts.php b/lam/templates/upload/massBuildAccounts.php
index 961a09ab..98aff7c4 100644
--- a/lam/templates/upload/massBuildAccounts.php
+++ b/lam/templates/upload/massBuildAccounts.php
@@ -209,7 +209,7 @@ if ($_FILES['inputfile'] && ($_FILES['inputfile']['size'] > 0)) {
 					$errors[] = array(_('Account %s:') . ' dn_rdn ' . $account[$data[$i][$ids['dn_rdn']]], _("Invalid RDN attribute!"), array($i));
 				}
 				else {
-					$account_dn = $data[$i][$ids['dn_rdn']] . "=" . $account[$data[$i][$ids['dn_rdn']]] . ",";
+					$account_dn = $data[$i][$ids['dn_rdn']] . "=" . escapeRDN($account[$data[$i][$ids['dn_rdn']]]) . ",";
 					if ($data[$i][$ids['dn_suffix']] == "") $account_dn = $account_dn . $suffix;
 					else $account_dn = $account_dn . $data[$i][$ids['dn_suffix']];
 					$accounts[$i]['dn'] = $account_dn;