WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

return false if profile name is invalid, fixed regular expressions for profile names

This commit is contained in:
uid108615 2003-10-23 19:31:17 +00:00
parent 40aa825088
commit c72729730c
2 changed files with 22 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
lam/lib/profiles.inc
View File

@ -86,7 +86,7 @@ function getHostProfiles() {
// $profile: name of the profile (without .pru) // $profile: name of the profile (without .pru)
// the return value is an account object // the return value is an account object
function loadUserProfile($profile) { function loadUserProfile($profile) {
if (!eregi("^([0-9]|[a-z]|-|_)*$", $profile)) exit; if (!eregi("^[0-9a-z_\\-]+$", $profile)) return false;
$acc = new account(); $acc = new account();
$file = substr(__FILE__, 0, strlen(__FILE__) - 17) . "/config/profiles/users/" . $profile . ".pru"; $file = substr(__FILE__, 0, strlen(__FILE__) - 17) . "/config/profiles/users/" . $profile . ".pru";
if (is_file($file) == True) { if (is_file($file) == True) {
@ -262,7 +262,7 @@ function loadUserProfile($profile) {
// $profile: name of the group profile (without .prg) // $profile: name of the group profile (without .prg)
// the return value is an account object // the return value is an account object
function loadGroupProfile($profile) { function loadGroupProfile($profile) {
if (!eregi("^([0-9]|[a-z]|-|_)*$", $profile)) exit; if (!eregi("^[0-9a-z_\\-]+$", $profile)) return false;
$acc = new account(); $acc = new account();
$file = substr(__FILE__, 0, strlen(__FILE__) - 17) . "/config/profiles/groups/" . $profile . ".prg"; $file = substr(__FILE__, 0, strlen(__FILE__) - 17) . "/config/profiles/groups/" . $profile . ".prg";
if (is_file($file) == True) { if (is_file($file) == True) {
@ -329,7 +329,7 @@ function loadGroupProfile($profile) {
// $profile: name of the host profile (without .prh) // $profile: name of the host profile (without .prh)
// the return value is an account object // the return value is an account object
function loadHostProfile($profile) { function loadHostProfile($profile) {
if (!eregi("^([0-9]|[a-z]|-|_)*$", $profile)) exit; if (!eregi("^[0-9a-z_\\-]+$", $profile)) return false;
$acc = new account(); $acc = new account();
$file = substr(__FILE__, 0, strlen(__FILE__) - 17) . "/config/profiles/hosts/" . $profile . ".prh"; $file = substr(__FILE__, 0, strlen(__FILE__) - 17) . "/config/profiles/hosts/" . $profile . ".prh";
if (is_file($file) == True) { if (is_file($file) == True) {
@ -386,7 +386,8 @@ function loadHostProfile($profile) {
// $profile: name of the user profile (without .pru) // $profile: name of the user profile (without .pru)
// $account: account object which is saved // $account: account object which is saved
function saveUserProfile($account, $profile) { function saveUserProfile($account, $profile) {
if (!eregi("^([0-9]|[a-z]|-|_)*$", $profile)) exit; // check profile name
if (!eregi("^[0-9a-z_\\-]+$", $profile)) return false;
if (!is_object($account)) { if (!is_object($account)) {
StatusMessage("ERROR", "", _("saveUserProfile: account has wrong type!")); StatusMessage("ERROR", "", _("saveUserProfile: account has wrong type!"));
exit; exit;
@ -457,7 +458,8 @@ function saveUserProfile($account, $profile) {
// $profile: name of the group profile (without .prg) // $profile: name of the group profile (without .prg)
// $account: account object which is saved // $account: account object which is saved
function saveGroupProfile($account, $profile) { function saveGroupProfile($account, $profile) {
if (!eregi("^([0-9]|[a-z]|-|_)*$", $profile)) exit; // check profile name
if (!eregi("^[0-9a-z_\\-]+$", $profile)) return false;
if (!is_object($account)) { if (!is_object($account)) {
StatusMessage("ERROR", "", _("saveGroupProfile: account has wrong type!")); StatusMessage("ERROR", "", _("saveGroupProfile: account has wrong type!"));
exit; exit;
@ -490,7 +492,8 @@ function saveGroupProfile($account, $profile) {
// $profile: name of the host profile (without .prh) // $profile: name of the host profile (without .prh)
// $account: account object which is saved // $account: account object which is saved
function saveHostProfile($account, $profile) { function saveHostProfile($account, $profile) {
if (!eregi("^[0-9a-z\\-_]+$", $profile)) exit; // check profile name
if (!eregi("^[0-9a-z_\\-]+$", $profile)) return false;
if (!is_object($account)) { if (!is_object($account)) {
StatusMessage ("ERROR", "", _("saveHostProfile: account has wrong type!")); StatusMessage ("ERROR", "", _("saveHostProfile: account has wrong type!"));
exit; exit;
@ -513,7 +516,7 @@ function saveHostProfile($account, $profile) {
// deletes a user profile // deletes a user profile
function delUserProfile($file) { function delUserProfile($file) {
if (!eregi("^([0-9]|[a-z]|-|_)*$", $profile)) exit; if (!eregi("^[0-9a-z_\\-]+$", $profile)) exit;
$prof = substr(__FILE__, 0, strlen(__FILE__) - 16) . "config/profiles/users/".$file.".pru"; $prof = substr(__FILE__, 0, strlen(__FILE__) - 16) . "config/profiles/users/".$file.".pru";
if (is_file($prof)) { if (is_file($prof)) {
return @unlink($prof); return @unlink($prof);
@ -522,7 +525,7 @@ function delUserProfile($file) {
// deletes a group profile // deletes a group profile
function delGroupProfile($file) { function delGroupProfile($file) {
if (!eregi("^([0-9]|[a-z]|-|_)*$", $profile)) exit; if (!eregi("^[0-9a-z_\\-]+$", $profile)) exit;
$prof = substr(__FILE__, 0, strlen(__FILE__) - 16) . "config/profiles/groups/".$file.".prg"; $prof = substr(__FILE__, 0, strlen(__FILE__) - 16) . "config/profiles/groups/".$file.".prg";
if (is_file($prof)) { if (is_file($prof)) {
return @unlink($prof); return @unlink($prof);
@ -531,7 +534,7 @@ function delGroupProfile($file) {
// deletes a host profile // deletes a host profile
function delHostProfile($file) { function delHostProfile($file) {
if (!eregi("^([0-9]|[a-z]|-|_)*$", $profile)) exit; if (!eregi("^[0-9a-z_\\-]+$", $profile)) exit;
$prof = substr(__FILE__, 0, strlen(__FILE__) - 16) . "config/profiles/hosts/".$file.".prh"; $prof = substr(__FILE__, 0, strlen(__FILE__) - 16) . "config/profiles/hosts/".$file.".prh";
if (is_file($prof)) { if (is_file($prof)) {
return @unlink($prof); return @unlink($prof);

12
lam/templates/profedit/profilecreate.php
View File

@ -271,7 +271,7 @@ if ($_GET['type'] == "user") {
} }
} }
if ($_POST['profname'] && eregi("^[0-9a-z\\-_]+$", $_POST['profname'])) { if ($_POST['profname'] && eregi("^[0-9a-z_\\-]+$", $_POST['profname'])) {
$profname = $_POST['profname']; $profname = $_POST['profname'];
} }
else { else {
@ -336,7 +336,7 @@ elseif ($_GET['type'] == "group") {
} }
} }
if ($_POST['profname'] && eregi("^[0-9a-z\\-_]+$", $_POST['profname'])) { if ($_POST['profname'] && eregi("^[0-9a-z_\\-]+$", $_POST['profname'])) {
$profname = $_POST['profname']; $profname = $_POST['profname'];
} }
else { else {
@ -375,6 +375,14 @@ elseif ($_GET['type'] == "host") {
echo ("<br><br><a href=\"javascript:history.back()\">" . _("Back to Profile Editor") . "</a>"); echo ("<br><br><a href=\"javascript:history.back()\">" . _("Back to Profile Editor") . "</a>");
exit; exit;
} }
if ($_POST['profname'] && eregi("^[0-9a-z_\\-]+$", $_POST['profname'])) {
$profname = $_POST['profname'];
}
else {
StatusMessage("ERROR", _("Invalid profile name!"), $_POST['profname']);
echo ("<br><br><a href=\"javascript:history.back()\">" . _("Back to Profile Editor") . "</a>");
exit;
}
// save profile // save profile
if (saveHostProfile($acct, $profname)) { if (saveHostProfile($acct, $profname)) {
echo StatusMessage("INFO", _("Profile was saved."), $profname); echo StatusMessage("INFO", _("Profile was saved."), $profname);