check request values
This commit is contained in:
		
							parent
							
								
									a5f9412ee3
								
							
						
					
					
						commit
						f1d7aec5fc
					
				|  | @ -17,7 +17,7 @@ $request['dn'] = get_request('dn','GET'); | ||||||
| 
 | 
 | ||||||
| # Check if the entry exists.
 | # Check if the entry exists.
 | ||||||
| if (! $request['dn'] || ! $app['server']->dnExists($request['dn'])) | if (! $request['dn'] || ! $app['server']->dnExists($request['dn'])) | ||||||
| 	error(sprintf(_('The entry (%s) does not exist.'),$request['dn']),'error','index.php'); | 	error(sprintf(_('The entry (%s) does not exist.'),htmlspecialchars($request['dn'])),'error','index.php'); | ||||||
| 
 | 
 | ||||||
| $request['page'] = new TemplateRender($app['server']->getIndex(),get_request('template','REQUEST',false,null)); | $request['page'] = new TemplateRender($app['server']->getIndex(),get_request('template','REQUEST',false,null)); | ||||||
| $request['page']->setDN($request['dn']); | $request['page']->setDN($request['dn']); | ||||||
|  |  | ||||||
|  | @ -21,7 +21,7 @@ $request['dn'] = get_request('dn','REQUEST',true); | ||||||
| 
 | 
 | ||||||
| # Check if the entry exists.
 | # Check if the entry exists.
 | ||||||
| if (! $request['dn'] || ! $app['server']->dnExists($request['dn'])) | if (! $request['dn'] || ! $app['server']->dnExists($request['dn'])) | ||||||
| 	error(sprintf(_('The entry (%s) does not exist.'),$request['dn']),'error','index.php'); | 	error(sprintf(_('The entry (%s) does not exist.'),htmlspecialchars($request['dn'])),'error','index.php'); | ||||||
| 
 | 
 | ||||||
| $request['page'] = new TemplateRender($app['server']->getIndex(),get_request('template','REQUEST',false,null)); | $request['page'] = new TemplateRender($app['server']->getIndex(),get_request('template','REQUEST',false,null)); | ||||||
| $request['page']->setDN($request['dn']); | $request['page']->setDN($request['dn']); | ||||||
|  |  | ||||||
|  | @ -19,7 +19,7 @@ $request['attr'] = get_request('attr','GET',true); | ||||||
| 
 | 
 | ||||||
| # Check if the entry exists.
 | # Check if the entry exists.
 | ||||||
| if (! $request['dn'] || ! $app['server']->dnExists($request['dn'])) | if (! $request['dn'] || ! $app['server']->dnExists($request['dn'])) | ||||||
| 	error(sprintf(_('The entry (%s) does not exist.'),$request['dn']),'error','index.php'); | 	error(sprintf(_('The entry (%s) does not exist.'),htmlspecialchars($request['dn'])),'error','index.php'); | ||||||
| 
 | 
 | ||||||
| $request['page'] = new TemplateRender($app['server']->getIndex(),get_request('template','REQUEST',false,null)); | $request['page'] = new TemplateRender($app['server']->getIndex(),get_request('template','REQUEST',false,null)); | ||||||
| $request['page']->setDN($request['dn']); | $request['page']->setDN($request['dn']); | ||||||
|  |  | ||||||
|  | @ -21,10 +21,10 @@ $ldap['SRC'] = $_SESSION[APPCONFIG]->getServer(get_request('server_id_src')); | ||||||
| $ldap['DST'] = $_SESSION[APPCONFIG]->getServer(get_request('server_id_dst')); | $ldap['DST'] = $_SESSION[APPCONFIG]->getServer(get_request('server_id_dst')); | ||||||
| 
 | 
 | ||||||
| if (! $ldap['SRC']->dnExists($request['dnSRC'])) | if (! $ldap['SRC']->dnExists($request['dnSRC'])) | ||||||
| 	error(sprintf('%s (%s)',_('No such entry.'),pretty_print_dn($request['dnSRC'])),'error','index.php'); | 	error(sprintf('%s (%s)',_('No such entry.'),pretty_print_dn(htmlspecialchars($request['dnSRC']))),'error','index.php'); | ||||||
| 
 | 
 | ||||||
| if (! $ldap['DST']->dnExists($request['dnDST'])) | if (! $ldap['DST']->dnExists($request['dnDST'])) | ||||||
| 	error(sprintf('%s (%s)',_('No such entry.'),pretty_print_dn($request['dnDST'])),'error','index.php'); | 	error(sprintf('%s (%s)',_('No such entry.'),pretty_print_dn(htmlspecialchars($request['dnDST']))),'error','index.php'); | ||||||
| 
 | 
 | ||||||
| $request['pageSRC'] = new PageRender($ldap['SRC']->getIndex(),get_request('template','REQUEST',false,'none')); | $request['pageSRC'] = new PageRender($ldap['SRC']->getIndex(),get_request('template','REQUEST',false,'none')); | ||||||
| $request['pageSRC']->setDN($request['dnSRC']); | $request['pageSRC']->setDN($request['dnSRC']); | ||||||
|  |  | ||||||
|  | @ -18,7 +18,7 @@ $request['dn'] = get_request('dn','GET'); | ||||||
| 
 | 
 | ||||||
| # Check if the entry exists.
 | # Check if the entry exists.
 | ||||||
| if (! $request['dn'] || ! $app['server']->dnExists($request['dn'])) | if (! $request['dn'] || ! $app['server']->dnExists($request['dn'])) | ||||||
| 	error(sprintf(_('The entry (%s) does not exist.'),$request['dn']),'error','index.php'); | 	error(sprintf(_('The entry (%s) does not exist.'),htmlspecialchars($request['dn'])),'error','index.php'); | ||||||
| 
 | 
 | ||||||
| $request['page'] = new PageRender($app['server']->getIndex(),get_request('template','REQUEST',false,'none')); | $request['page'] = new PageRender($app['server']->getIndex(),get_request('template','REQUEST',false,'none')); | ||||||
| $request['page']->setDN($request['dn']); | $request['page']->setDN($request['dn']); | ||||||
|  |  | ||||||
|  | @ -28,11 +28,11 @@ if ($ldap['DST']->isReadOnly()) | ||||||
| 	error(('Destination server is currently READ-ONLY.'),'error','index.php'); | 	error(('Destination server is currently READ-ONLY.'),'error','index.php'); | ||||||
| 
 | 
 | ||||||
| if ($ldap['DST']->dnExists($request['dnDST'])) | if ($ldap['DST']->dnExists($request['dnDST'])) | ||||||
| 	error(sprintf(_('The destination entry (%s) already exists.'),pretty_print_dn($request['dnDST'])),'error','index.php'); | 	error(sprintf(_('The destination entry (%s) already exists.'),pretty_print_dn(htmlspecialchars($request['dnDST']))),'error','index.php'); | ||||||
| 
 | 
 | ||||||
| if (! $ldap['DST']->dnExists($ldap['DST']->getContainer($request['dnDST']))) | if (! $ldap['DST']->dnExists($ldap['DST']->getContainer($request['dnDST']))) | ||||||
| 	error(sprintf(_('The container you specified (%s) does not exist. Please try again.'), | 	error(sprintf(_('The container you specified (%s) does not exist. Please try again.'), | ||||||
| 		pretty_print_dn($ldap['DST']->getContainer($request['dnDST']))),'error','index.php'); | 		pretty_print_dn(htmlspecialchars($ldap['DST']->getContainer($request['dnDST'])))),'error','index.php'); | ||||||
| 
 | 
 | ||||||
| if (pla_compare_dns($request['dnSRC'],$request['dnDST']) == 0 && $ldap['SRC']->getIndex() == $ldap['DST']->getIndex()) | if (pla_compare_dns($request['dnSRC'],$request['dnDST']) == 0 && $ldap['SRC']->getIndex() == $ldap['DST']->getIndex()) | ||||||
| 	error(_('The source and destination DN are the same.'),'error','index.php'); | 	error(_('The source and destination DN are the same.'),'error','index.php'); | ||||||
|  |  | ||||||
|  | @ -17,7 +17,7 @@ $request['dn'] = get_request('dn','GET'); | ||||||
| 
 | 
 | ||||||
| # Check if the entry exists.
 | # Check if the entry exists.
 | ||||||
| if (! $request['dn'] || ! $app['server']->dnExists($request['dn'])) | if (! $request['dn'] || ! $app['server']->dnExists($request['dn'])) | ||||||
| 	error(sprintf(_('The entry (%s) does not exist.'),$request['dn']),'error','index.php'); | 	error(sprintf(_('The entry (%s) does not exist.'),htmlspecialchars($request['dn'])),'error','index.php'); | ||||||
| 
 | 
 | ||||||
| $request['page'] = new PageRender($app['server']->getIndex(),get_request('template','REQUEST',false,'none')); | $request['page'] = new PageRender($app['server']->getIndex(),get_request('template','REQUEST',false,'none')); | ||||||
| $request['page']->setDN($request['dn']); | $request['page']->setDN($request['dn']); | ||||||
|  |  | ||||||
|  | @ -16,7 +16,7 @@ $request = array(); | ||||||
| $request['dn'] = get_request('dn','REQUEST',true); | $request['dn'] = get_request('dn','REQUEST',true); | ||||||
| 
 | 
 | ||||||
| if (! $app['server']->dnExists($request['dn'])) | if (! $app['server']->dnExists($request['dn'])) | ||||||
| 	error(sprintf('%s (%s)',_('No such entry.'),'<b>'.pretty_print_dn($request['dn']).'</b>'),'error','index.php'); | 	error(sprintf('%s (%s)',_('No such entry.'),'<b>'.pretty_print_dn(htmlspecialchars($request['dn'])).'</b>'),'error','index.php'); | ||||||
| 
 | 
 | ||||||
| # Delete the entry.
 | # Delete the entry.
 | ||||||
| $result = $app['server']->delete($request['dn']); | $result = $app['server']->delete($request['dn']); | ||||||
|  |  | ||||||
|  | @ -17,7 +17,7 @@ $request['attr'] = get_request('attr','REQUEST',true); | ||||||
| $request['index'] = get_request('index','REQUEST',true); | $request['index'] = get_request('index','REQUEST',true); | ||||||
| 
 | 
 | ||||||
| if ($app['server']->isAttrReadOnly($request['attr'])) | if ($app['server']->isAttrReadOnly($request['attr'])) | ||||||
| 	error(sprintf(('The attribute "%s" is flagged as read-only in the phpLDAPadmin configuration.'),$request['attr']),'error','index.php'); | 	error(sprintf(('The attribute "%s" is flagged as read-only in the phpLDAPadmin configuration.'),htmlspecialchars($request['attr'])),'error','index.php'); | ||||||
| 
 | 
 | ||||||
| $update_array = array(); | $update_array = array(); | ||||||
| $update_array[$request['attr']] = $app['server']->getDNAttrValue($request['dn'],$request['attr']); | $update_array[$request['attr']] = $app['server']->getDNAttrValue($request['dn'],$request['attr']); | ||||||
|  |  | ||||||
|  | @ -21,7 +21,7 @@ $request['type'] = get_request('type','GET',false,'octet-stream'); | ||||||
| $request['filename'] = get_request('filename','GET',false,sprintf('%s:%s.bin',get_rdn($request['dn'],true),$request['attr'])); | $request['filename'] = get_request('filename','GET',false,sprintf('%s:%s.bin',get_rdn($request['dn'],true),$request['attr'])); | ||||||
| 
 | 
 | ||||||
| if (! $app['server']->dnExists($request['dn'])) | if (! $app['server']->dnExists($request['dn'])) | ||||||
| 	error(sprintf(_('The entry (%s) does not exist.'),$request['dn']),'error','index.php'); | 	error(sprintf(_('The entry (%s) does not exist.'),htmlspecialchars($request['dn'])),'error','index.php'); | ||||||
| 
 | 
 | ||||||
| $search = $app['server']->getDNAttrValues($request['dn'],null,LDAP_DEREF_NEVER,array($request['attr'])); | $search = $app['server']->getDNAttrValues($request['dn'],null,LDAP_DEREF_NEVER,array($request['attr'])); | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -42,7 +42,7 @@ $request['page'] = new TemplateRender($app['server']->getIndex(),get_request('te | ||||||
| # If we have a DN, then this is to edit the entry.
 | # If we have a DN, then this is to edit the entry.
 | ||||||
| if ($request['dn']) { | if ($request['dn']) { | ||||||
| 	$app['server']->dnExists($request['dn']) | 	$app['server']->dnExists($request['dn']) | ||||||
| 		or error(sprintf('%s (%s)',_('No such entry'),pretty_print_dn($request['dn'])),'error','index.php'); | 		or error(sprintf('%s (%s)',_('No such entry'),pretty_print_dn(htmlspecialchars($request['dn']))),'error','index.php'); | ||||||
| 
 | 
 | ||||||
| 	$request['page']->setDN($request['dn']); | 	$request['page']->setDN($request['dn']); | ||||||
| 	$request['page']->accept(); | 	$request['page']->accept(); | ||||||
|  |  | ||||||
|  | @ -24,7 +24,7 @@ if (get_request('cancel','REQUEST')) { | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| if (! $request['dn'] || ! $app['server']->dnExists($request['dn'])) | if (! $request['dn'] || ! $app['server']->dnExists($request['dn'])) | ||||||
| 	error(sprintf(_('The entry (%s) does not exist.'),$request['dn']),'error','index.php'); | 	error(sprintf(_('The entry (%s) does not exist.'),htmlspecialchars($request['dn'])),'error','index.php'); | ||||||
| 
 | 
 | ||||||
| $request['page'] = new PageRender($app['server']->getIndex(),get_request('template','REQUEST',false,'none')); | $request['page'] = new PageRender($app['server']->getIndex(),get_request('template','REQUEST',false,'none')); | ||||||
| $request['page']->setDN($request['dn']); | $request['page']->setDN($request['dn']); | ||||||
|  |  | ||||||
|  | @ -20,7 +20,7 @@ $request = array(); | ||||||
| $request['dn'] = get_request('dn','REQUEST',true); | $request['dn'] = get_request('dn','REQUEST',true); | ||||||
| 
 | 
 | ||||||
| if (! $request['dn'] || ! $app['server']->dnExists($request['dn'])) | if (! $request['dn'] || ! $app['server']->dnExists($request['dn'])) | ||||||
| 	error(sprintf(_('The entry (%s) does not exist.'),$request['dn']),'error','index.php'); | 	error(sprintf(_('The entry (%s) does not exist.'),htmlspecialchars($request['dn'])),'error','index.php'); | ||||||
| 
 | 
 | ||||||
| $request['page'] = new PageRender($app['server']->getIndex(),get_request('template','REQUEST',false,'none')); | $request['page'] = new PageRender($app['server']->getIndex(),get_request('template','REQUEST',false,'none')); | ||||||
| $request['page']->setDN($request['dn']); | $request['page']->setDN($request['dn']); | ||||||
|  |  | ||||||
		Loading…
	
		Reference in New Issue