From f1bd23b1e51ac01fa4f4e757b7a7890e39b7a792 Mon Sep 17 00:00:00 2001 From: Roland Gruber Date: Thu, 4 Sep 2008 17:43:53 +0000 Subject: [PATCH] escape DNs --- lam/lib/account.inc | 2 +- lam/lib/cache.inc | 2 +- lam/lib/ldap.inc | 2 +- lam/lib/lists.inc | 2 +- lam/lib/modules.inc | 2 +- lam/lib/modules/kolabUser.inc | 2 +- lam/lib/types/group.inc | 2 +- lam/lib/types/user.inc | 4 ++-- lam/templates/delete.php | 2 +- lam/templates/initsuff.php | 4 ++-- lam/templates/lists/userlink.php | 2 +- lam/templates/main.php | 2 +- 12 files changed, 14 insertions(+), 14 deletions(-) diff --git a/lam/lib/account.inc b/lam/lib/account.inc index 3b20024f..02b6fcad 100644 --- a/lam/lib/account.inc +++ b/lam/lib/account.inc @@ -305,7 +305,7 @@ function search_domains() { $ret = array(); $attr = array("DN", "sambaDomainName", "sambaSID", "sambaNextRid", "sambaNextGroupRid", "sambaNextUserRid", "sambaAlgorithmicRidBase"); - $sr = @ldap_search($_SESSION['ldap']->server(), $suffix, "objectClass=sambaDomain", $attr); + $sr = @ldap_search($_SESSION['ldap']->server(), escapeDN($suffix), "objectClass=sambaDomain", $attr); if ($sr) { $units = ldap_get_entries($_SESSION['ldap']->server(), $sr); // delete count entry diff --git a/lam/lib/cache.inc b/lam/lib/cache.inc index b1bf97d5..d25b6202 100644 --- a/lam/lib/cache.inc +++ b/lam/lib/cache.inc @@ -183,7 +183,7 @@ class cache { // Get Data from ldap $search = $this->attributes[$scope]; $search[] = 'objectClass'; - $result = @ldap_search($_SESSION['ldap']->server(), $suffix, 'objectClass=*', $search, 0); + $result = @ldap_search($_SESSION['ldap']->server(), escapeDN($suffix), 'objectClass=*', $search, 0); if ($result) { // Write search result in array $entry = @ldap_first_entry($_SESSION['ldap']->server(), $result); diff --git a/lam/lib/ldap.inc b/lam/lib/ldap.inc index 08448a14..525ab042 100644 --- a/lam/lib/ldap.inc +++ b/lam/lib/ldap.inc @@ -134,7 +134,7 @@ class Ldap{ */ function search_units($suffix) { $ret = array(); - $sr = @ldap_search($this->server(), $suffix, "objectClass=organizationalunit", array("DN")); + $sr = @ldap_search($this->server(), escapeDN($suffix), "objectClass=organizationalunit", array("DN")); if ($sr) { $units = ldap_get_entries($this->server, $sr); unset($units['count']); diff --git a/lam/lib/lists.inc b/lam/lib/lists.inc index f9d657f7..096ffda5 100644 --- a/lam/lib/lists.inc +++ b/lam/lib/lists.inc @@ -830,7 +830,7 @@ class lamList { $module_filter = get_ldap_filter($this->type); // basic filter is provided by modules $filter = "(&" . $module_filter . ")"; $attrs = $this->attrArray; - $sr = @ldap_search($_SESSION["ldap"]->server(), $this->suffix, $filter, $attrs); + $sr = @ldap_search($_SESSION["ldap"]->server(), escapeDN($this->suffix), $filter, $attrs); if (ldap_errno($_SESSION["ldap"]->server()) == 4) { StatusMessage("WARN", _("LDAP sizelimit exceeded, not all entries are shown."), _("See README.openldap.txt to solve this problem.")); } diff --git a/lam/lib/modules.inc b/lam/lib/modules.inc index ffa08d02..1d89a769 100644 --- a/lam/lib/modules.inc +++ b/lam/lib/modules.inc @@ -1435,7 +1435,7 @@ class accountContainer { $this->module = array(); $modules = $_SESSION['config']->get_AccountModules($this->type); $search = substr($dn, 0, strpos($dn, ',')); - $result = @ldap_search($_SESSION['ldap']->server(), $dn, $search); + $result = @ldap_search($_SESSION['ldap']->server(), escapeDN($dn), escapeDN($search)); if (!$result) { return array(array("ERROR", _("Unable to load LDAP entry:") . " " . $dn, ldap_error($_SESSION['ldap']->server()))); } diff --git a/lam/lib/modules/kolabUser.inc b/lam/lib/modules/kolabUser.inc index 18c39ad8..f709dc7b 100644 --- a/lam/lib/modules/kolabUser.inc +++ b/lam/lib/modules/kolabUser.inc @@ -841,7 +841,7 @@ class kolabUser extends baseModule { // delegates if (in_array('kolabDelegate', $fields)) { $delegates = array(); - $sr = @ldap_search($_SESSION['ldapHandle'], $this->selfServiceSettings['kolabUser_suffix'][0], '(&(objectClass=inetOrgPerson)(mail=*))', array('mail')); + $sr = @ldap_search($_SESSION['ldapHandle'], escapeDN($this->selfServiceSettings['kolabUser_suffix'][0]), '(&(objectClass=inetOrgPerson)(mail=*))', array('mail')); if ($sr) { $result = ldap_get_entries($_SESSION['ldapHandle'], $sr); for ($i = 0; $i < $result['count']; $i++) { diff --git a/lam/lib/types/group.inc b/lam/lib/types/group.inc index f70a7801..618d5fdb 100644 --- a/lam/lib/types/group.inc +++ b/lam/lib/types/group.inc @@ -233,7 +233,7 @@ class lamGroupList extends lamList { for ($i = 0; $i < sizeof($this->entries); $i++) { $gid = $this->entries[$i]['gidnumber'][0]; $filter = "(&(&" . $module_filter . ")(gidNumber=" . $gid . "))"; - $sr = @ldap_search($_SESSION["ldap"]->server(), $module_suffix, $filter, $attrs); + $sr = @ldap_search($_SESSION["ldap"]->server(), escapeDN($module_suffix), $filter, $attrs); if (ldap_errno($_SESSION["ldap"]->server()) == 4) { StatusMessage("WARN", _("LDAP sizelimit exceeded, not all entries are shown."), _("See README.openldap.txt to solve this problem.")); $this->refresh_primary = true; diff --git a/lam/lib/types/user.inc b/lam/lib/types/user.inc index 77cb9fd0..1a27d40c 100644 --- a/lam/lib/types/user.inc +++ b/lam/lib/types/user.inc @@ -158,7 +158,7 @@ class lamUserList extends lamList { $grp_suffix = $_SESSION['config']->get_Suffix('group'); $filter = "objectClass=posixGroup"; $attrs = array("cn", "gidNumber"); - $sr = @ldap_search($_SESSION["ldap"]->server(), $grp_suffix, $filter, $attrs); + $sr = @ldap_search($_SESSION["ldap"]->server(), escapeDN($grp_suffix), $filter, $attrs); if ($sr) { $info = @ldap_get_entries($_SESSION["ldap"]->server(), $sr); unset($info['count']); // delete count entry @@ -191,7 +191,7 @@ class lamUserList extends lamList { elseif ($attribute == "jpegphoto") { if (sizeof($entry[$attribute][0]) < 100) { // looks like we have read broken binary data, reread photo - $result = @ldap_search($_SESSION['ldap']->server(), $entry['dn'], $attribute . "=*", array($attribute)); + $result = @ldap_search($_SESSION['ldap']->server(), escapeDN($entry['dn']), $attribute . "=*", array($attribute)); if ($result) { $tempEntry = @ldap_first_entry($_SESSION['ldap']->server(), $result); if ($tempEntry) { diff --git a/lam/templates/delete.php b/lam/templates/delete.php index 424a6a6c..e99c47fb 100644 --- a/lam/templates/delete.php +++ b/lam/templates/delete.php @@ -255,7 +255,7 @@ if ($_POST['delete']) { */ function getChildCount($dn) { $return = 0; - $sr = @ldap_search($_SESSION['ldap']->server(), $dn, 'objectClass=*', array('dn'), 0); + $sr = @ldap_search($_SESSION['ldap']->server(), escapeDN($dn), 'objectClass=*', array('dn'), 0); if ($sr) { $entries = ldap_get_entries($_SESSION['ldap']->server(), $sr); $return = $entries['count'] - 1; diff --git a/lam/templates/initsuff.php b/lam/templates/initsuff.php index 8b221ee6..13c617da 100644 --- a/lam/templates/initsuff.php +++ b/lam/templates/initsuff.php @@ -58,7 +58,7 @@ if ($_POST['add_suff'] || $_POST['cancel']) { // add entries for ($i = 0; $i < sizeof($new_suff); $i++) { // check if entry is already present - $info = @ldap_search($_SESSION['ldap']->server(), $new_suff[$i], "", array()); + $info = @ldap_search($_SESSION['ldap']->server(), escapeDN($new_suff[$i]), "", array()); $res = @ldap_get_entries($_SESSION['ldap']->server(), $info); if ($res) continue; $suff = $new_suff[$i]; @@ -100,7 +100,7 @@ if ($_POST['add_suff'] || $_POST['cancel']) { // create missing entries for ($k = sizeof($subsuffs) - 1; $k >= 0; $k--) { // check if subsuffix is present - $info = @ldap_search($_SESSION['ldap']->server(), $subsuffs[$k], "", array()); + $info = @ldap_search($_SESSION['ldap']->server(), escapeDN($subsuffs[$k]), "", array()); $res = @ldap_get_entries($_SESSION['ldap']->server(), $info); if (!$res) { $suffarray = explode(",", $subsuffs[$k]); diff --git a/lam/templates/lists/userlink.php b/lam/templates/lists/userlink.php index 944519f9..a58a331c 100644 --- a/lam/templates/lists/userlink.php +++ b/lam/templates/lists/userlink.php @@ -77,7 +77,7 @@ else { function search_username($name) { $filter = "(uid=$name)"; $attrs = array(); - $sr = @ldap_search($_SESSION['ldap']->server(), $_SESSION['config']->get_Suffix('user'), $filter, $attrs); + $sr = @ldap_search($_SESSION['ldap']->server(), escapeDN($_SESSION['config']->get_Suffix('user')), $filter, $attrs); if ($sr) { $info = ldap_get_entries($_SESSION['ldap']->server(), $sr); // return only first DN entry diff --git a/lam/templates/main.php b/lam/templates/main.php index e2d35e1a..cc239df6 100644 --- a/lam/templates/main.php +++ b/lam/templates/main.php @@ -49,7 +49,7 @@ $new_suffs = array(); // get list of active types $types = $_SESSION['config']->get_ActiveTypes(); for ($i = 0; $i < sizeof($types); $i++) { - $info = @ldap_search($_SESSION['ldap']->server(), $conf->get_Suffix($types[$i]), "(objectClass=*)", array('objectClass')); + $info = @ldap_search($_SESSION['ldap']->server(), escapeDN($conf->get_Suffix($types[$i])), "(objectClass=*)", array('objectClass')); $res = @ldap_get_entries($_SESSION['ldap']->server(), $info); if (!$res && !in_array($conf->get_Suffix($types[$i]), $new_suffs)) $new_suffs[] = $conf->get_Suffix($types[$i]); }