check request values

This commit is contained in:
Roland Gruber 2018-03-12 19:08:39 +01:00
parent a5f9412ee3
commit f1d7aec5fc
13 changed files with 18 additions and 18 deletions

View File

@ -17,7 +17,7 @@ $request['dn'] = get_request('dn','GET');
# Check if the entry exists.
if (! $request['dn'] || ! $app['server']->dnExists($request['dn']))
error(sprintf(_('The entry (%s) does not exist.'),$request['dn']),'error','index.php');
error(sprintf(_('The entry (%s) does not exist.'),htmlspecialchars($request['dn'])),'error','index.php');
$request['page'] = new TemplateRender($app['server']->getIndex(),get_request('template','REQUEST',false,null));
$request['page']->setDN($request['dn']);

View File

@ -21,7 +21,7 @@ $request['dn'] = get_request('dn','REQUEST',true);
# Check if the entry exists.
if (! $request['dn'] || ! $app['server']->dnExists($request['dn']))
error(sprintf(_('The entry (%s) does not exist.'),$request['dn']),'error','index.php');
error(sprintf(_('The entry (%s) does not exist.'),htmlspecialchars($request['dn'])),'error','index.php');
$request['page'] = new TemplateRender($app['server']->getIndex(),get_request('template','REQUEST',false,null));
$request['page']->setDN($request['dn']);

View File

@ -19,7 +19,7 @@ $request['attr'] = get_request('attr','GET',true);
# Check if the entry exists.
if (! $request['dn'] || ! $app['server']->dnExists($request['dn']))
error(sprintf(_('The entry (%s) does not exist.'),$request['dn']),'error','index.php');
error(sprintf(_('The entry (%s) does not exist.'),htmlspecialchars($request['dn'])),'error','index.php');
$request['page'] = new TemplateRender($app['server']->getIndex(),get_request('template','REQUEST',false,null));
$request['page']->setDN($request['dn']);
@ -105,7 +105,7 @@ if (! strcasecmp($request['attr'],'objectclass') || get_request('meth','REQUEST'
foreach ($socs as $name => $oclass) {
# Exclude any structural ones, that are not in the heirachy, as they'll only generate an LDAP_OBJECT_CLASS_VIOLATION
if (($oclass->getType() == 'structural') && ! $oclass->isRelated($request['attribute']->getValues()))
continue;
continue;
printf('<option value="%s">%s</option>',$oclass->getName(false),$oclass->getName(false));
}

View File

@ -21,10 +21,10 @@ $ldap['SRC'] = $_SESSION[APPCONFIG]->getServer(get_request('server_id_src'));
$ldap['DST'] = $_SESSION[APPCONFIG]->getServer(get_request('server_id_dst'));
if (! $ldap['SRC']->dnExists($request['dnSRC']))
error(sprintf('%s (%s)',_('No such entry.'),pretty_print_dn($request['dnSRC'])),'error','index.php');
error(sprintf('%s (%s)',_('No such entry.'),pretty_print_dn(htmlspecialchars($request['dnSRC']))),'error','index.php');
if (! $ldap['DST']->dnExists($request['dnDST']))
error(sprintf('%s (%s)',_('No such entry.'),pretty_print_dn($request['dnDST'])),'error','index.php');
error(sprintf('%s (%s)',_('No such entry.'),pretty_print_dn(htmlspecialchars($request['dnDST']))),'error','index.php');
$request['pageSRC'] = new PageRender($ldap['SRC']->getIndex(),get_request('template','REQUEST',false,'none'));
$request['pageSRC']->setDN($request['dnSRC']);

View File

@ -18,7 +18,7 @@ $request['dn'] = get_request('dn','GET');
# Check if the entry exists.
if (! $request['dn'] || ! $app['server']->dnExists($request['dn']))
error(sprintf(_('The entry (%s) does not exist.'),$request['dn']),'error','index.php');
error(sprintf(_('The entry (%s) does not exist.'),htmlspecialchars($request['dn'])),'error','index.php');
$request['page'] = new PageRender($app['server']->getIndex(),get_request('template','REQUEST',false,'none'));
$request['page']->setDN($request['dn']);

View File

@ -28,11 +28,11 @@ if ($ldap['DST']->isReadOnly())
error(('Destination server is currently READ-ONLY.'),'error','index.php');
if ($ldap['DST']->dnExists($request['dnDST']))
error(sprintf(_('The destination entry (%s) already exists.'),pretty_print_dn($request['dnDST'])),'error','index.php');
error(sprintf(_('The destination entry (%s) already exists.'),pretty_print_dn(htmlspecialchars($request['dnDST']))),'error','index.php');
if (! $ldap['DST']->dnExists($ldap['DST']->getContainer($request['dnDST'])))
error(sprintf(_('The container you specified (%s) does not exist. Please try again.'),
pretty_print_dn($ldap['DST']->getContainer($request['dnDST']))),'error','index.php');
pretty_print_dn(htmlspecialchars($ldap['DST']->getContainer($request['dnDST'])))),'error','index.php');
if (pla_compare_dns($request['dnSRC'],$request['dnDST']) == 0 && $ldap['SRC']->getIndex() == $ldap['DST']->getIndex())
error(_('The source and destination DN are the same.'),'error','index.php');

View File

@ -17,7 +17,7 @@ $request['dn'] = get_request('dn','GET');
# Check if the entry exists.
if (! $request['dn'] || ! $app['server']->dnExists($request['dn']))
error(sprintf(_('The entry (%s) does not exist.'),$request['dn']),'error','index.php');
error(sprintf(_('The entry (%s) does not exist.'),htmlspecialchars($request['dn'])),'error','index.php');
$request['page'] = new PageRender($app['server']->getIndex(),get_request('template','REQUEST',false,'none'));
$request['page']->setDN($request['dn']);

View File

@ -16,7 +16,7 @@ $request = array();
$request['dn'] = get_request('dn','REQUEST',true);
if (! $app['server']->dnExists($request['dn']))
error(sprintf('%s (%s)',_('No such entry.'),'<b>'.pretty_print_dn($request['dn']).'</b>'),'error','index.php');
error(sprintf('%s (%s)',_('No such entry.'),'<b>'.pretty_print_dn(htmlspecialchars($request['dn'])).'</b>'),'error','index.php');
# Delete the entry.
$result = $app['server']->delete($request['dn']);

View File

@ -17,7 +17,7 @@ $request['attr'] = get_request('attr','REQUEST',true);
$request['index'] = get_request('index','REQUEST',true);
if ($app['server']->isAttrReadOnly($request['attr']))
error(sprintf(('The attribute "%s" is flagged as read-only in the phpLDAPadmin configuration.'),$request['attr']),'error','index.php');
error(sprintf(('The attribute "%s" is flagged as read-only in the phpLDAPadmin configuration.'),htmlspecialchars($request['attr'])),'error','index.php');
$update_array = array();
$update_array[$request['attr']] = $app['server']->getDNAttrValue($request['dn'],$request['attr']);

View File

@ -21,13 +21,13 @@ $request['type'] = get_request('type','GET',false,'octet-stream');
$request['filename'] = get_request('filename','GET',false,sprintf('%s:%s.bin',get_rdn($request['dn'],true),$request['attr']));
if (! $app['server']->dnExists($request['dn']))
error(sprintf(_('The entry (%s) does not exist.'),$request['dn']),'error','index.php');
error(sprintf(_('The entry (%s) does not exist.'),htmlspecialchars($request['dn'])),'error','index.php');
$search = $app['server']->getDNAttrValues($request['dn'],null,LDAP_DEREF_NEVER,array($request['attr']));
# Dump the binary data to the browser
$obStatus = ob_get_status();
if (isset($obStatus['type']) && $obStatus['type'] && $obStatus['status'])
if (isset($obStatus['type']) && $obStatus['type'] && $obStatus['status'])
ob_end_clean();
if (! isset($search[$request['attr']][$request['index']])) {

View File

@ -12,7 +12,7 @@ The template engine has the following responsibilities:
* If we are passed a DN, then we are editing an existing entry
* If we are not passed a DN, then we are passed a container (and creating a new entry in that container)
In both cases, we are optionally passed a template ID.
In both cases, we are optionally passed a template ID.
* If we have a template ID, then we'll render the creation/editing using that template
* If we are not passed a template ID, then we'll either:
* Present a list of available templates,
@ -42,7 +42,7 @@ $request['page'] = new TemplateRender($app['server']->getIndex(),get_request('te
# If we have a DN, then this is to edit the entry.
if ($request['dn']) {
$app['server']->dnExists($request['dn'])
or error(sprintf('%s (%s)',_('No such entry'),pretty_print_dn($request['dn'])),'error','index.php');
or error(sprintf('%s (%s)',_('No such entry'),pretty_print_dn(htmlspecialchars($request['dn']))),'error','index.php');
$request['page']->setDN($request['dn']);
$request['page']->accept();

View File

@ -24,7 +24,7 @@ if (get_request('cancel','REQUEST')) {
}
if (! $request['dn'] || ! $app['server']->dnExists($request['dn']))
error(sprintf(_('The entry (%s) does not exist.'),$request['dn']),'error','index.php');
error(sprintf(_('The entry (%s) does not exist.'),htmlspecialchars($request['dn'])),'error','index.php');
$request['page'] = new PageRender($app['server']->getIndex(),get_request('template','REQUEST',false,'none'));
$request['page']->setDN($request['dn']);

View File

@ -20,7 +20,7 @@ $request = array();
$request['dn'] = get_request('dn','REQUEST',true);
if (! $request['dn'] || ! $app['server']->dnExists($request['dn']))
error(sprintf(_('The entry (%s) does not exist.'),$request['dn']),'error','index.php');
error(sprintf(_('The entry (%s) does not exist.'),htmlspecialchars($request['dn'])),'error','index.php');
$request['page'] = new PageRender($app['server']->getIndex(),get_request('template','REQUEST',false,'none'));
$request['page']->setDN($request['dn']);