check request values
This commit is contained in:
parent
a5f9412ee3
commit
f1d7aec5fc
|
@ -17,7 +17,7 @@ $request['dn'] = get_request('dn','GET');
|
||||||
|
|
||||||
# Check if the entry exists.
|
# Check if the entry exists.
|
||||||
if (! $request['dn'] || ! $app['server']->dnExists($request['dn']))
|
if (! $request['dn'] || ! $app['server']->dnExists($request['dn']))
|
||||||
error(sprintf(_('The entry (%s) does not exist.'),$request['dn']),'error','index.php');
|
error(sprintf(_('The entry (%s) does not exist.'),htmlspecialchars($request['dn'])),'error','index.php');
|
||||||
|
|
||||||
$request['page'] = new TemplateRender($app['server']->getIndex(),get_request('template','REQUEST',false,null));
|
$request['page'] = new TemplateRender($app['server']->getIndex(),get_request('template','REQUEST',false,null));
|
||||||
$request['page']->setDN($request['dn']);
|
$request['page']->setDN($request['dn']);
|
||||||
|
|
|
@ -21,7 +21,7 @@ $request['dn'] = get_request('dn','REQUEST',true);
|
||||||
|
|
||||||
# Check if the entry exists.
|
# Check if the entry exists.
|
||||||
if (! $request['dn'] || ! $app['server']->dnExists($request['dn']))
|
if (! $request['dn'] || ! $app['server']->dnExists($request['dn']))
|
||||||
error(sprintf(_('The entry (%s) does not exist.'),$request['dn']),'error','index.php');
|
error(sprintf(_('The entry (%s) does not exist.'),htmlspecialchars($request['dn'])),'error','index.php');
|
||||||
|
|
||||||
$request['page'] = new TemplateRender($app['server']->getIndex(),get_request('template','REQUEST',false,null));
|
$request['page'] = new TemplateRender($app['server']->getIndex(),get_request('template','REQUEST',false,null));
|
||||||
$request['page']->setDN($request['dn']);
|
$request['page']->setDN($request['dn']);
|
||||||
|
|
|
@ -19,7 +19,7 @@ $request['attr'] = get_request('attr','GET',true);
|
||||||
|
|
||||||
# Check if the entry exists.
|
# Check if the entry exists.
|
||||||
if (! $request['dn'] || ! $app['server']->dnExists($request['dn']))
|
if (! $request['dn'] || ! $app['server']->dnExists($request['dn']))
|
||||||
error(sprintf(_('The entry (%s) does not exist.'),$request['dn']),'error','index.php');
|
error(sprintf(_('The entry (%s) does not exist.'),htmlspecialchars($request['dn'])),'error','index.php');
|
||||||
|
|
||||||
$request['page'] = new TemplateRender($app['server']->getIndex(),get_request('template','REQUEST',false,null));
|
$request['page'] = new TemplateRender($app['server']->getIndex(),get_request('template','REQUEST',false,null));
|
||||||
$request['page']->setDN($request['dn']);
|
$request['page']->setDN($request['dn']);
|
||||||
|
@ -105,7 +105,7 @@ if (! strcasecmp($request['attr'],'objectclass') || get_request('meth','REQUEST'
|
||||||
foreach ($socs as $name => $oclass) {
|
foreach ($socs as $name => $oclass) {
|
||||||
# Exclude any structural ones, that are not in the heirachy, as they'll only generate an LDAP_OBJECT_CLASS_VIOLATION
|
# Exclude any structural ones, that are not in the heirachy, as they'll only generate an LDAP_OBJECT_CLASS_VIOLATION
|
||||||
if (($oclass->getType() == 'structural') && ! $oclass->isRelated($request['attribute']->getValues()))
|
if (($oclass->getType() == 'structural') && ! $oclass->isRelated($request['attribute']->getValues()))
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
printf('<option value="%s">%s</option>',$oclass->getName(false),$oclass->getName(false));
|
printf('<option value="%s">%s</option>',$oclass->getName(false),$oclass->getName(false));
|
||||||
}
|
}
|
||||||
|
|
|
@ -21,10 +21,10 @@ $ldap['SRC'] = $_SESSION[APPCONFIG]->getServer(get_request('server_id_src'));
|
||||||
$ldap['DST'] = $_SESSION[APPCONFIG]->getServer(get_request('server_id_dst'));
|
$ldap['DST'] = $_SESSION[APPCONFIG]->getServer(get_request('server_id_dst'));
|
||||||
|
|
||||||
if (! $ldap['SRC']->dnExists($request['dnSRC']))
|
if (! $ldap['SRC']->dnExists($request['dnSRC']))
|
||||||
error(sprintf('%s (%s)',_('No such entry.'),pretty_print_dn($request['dnSRC'])),'error','index.php');
|
error(sprintf('%s (%s)',_('No such entry.'),pretty_print_dn(htmlspecialchars($request['dnSRC']))),'error','index.php');
|
||||||
|
|
||||||
if (! $ldap['DST']->dnExists($request['dnDST']))
|
if (! $ldap['DST']->dnExists($request['dnDST']))
|
||||||
error(sprintf('%s (%s)',_('No such entry.'),pretty_print_dn($request['dnDST'])),'error','index.php');
|
error(sprintf('%s (%s)',_('No such entry.'),pretty_print_dn(htmlspecialchars($request['dnDST']))),'error','index.php');
|
||||||
|
|
||||||
$request['pageSRC'] = new PageRender($ldap['SRC']->getIndex(),get_request('template','REQUEST',false,'none'));
|
$request['pageSRC'] = new PageRender($ldap['SRC']->getIndex(),get_request('template','REQUEST',false,'none'));
|
||||||
$request['pageSRC']->setDN($request['dnSRC']);
|
$request['pageSRC']->setDN($request['dnSRC']);
|
||||||
|
|
|
@ -18,7 +18,7 @@ $request['dn'] = get_request('dn','GET');
|
||||||
|
|
||||||
# Check if the entry exists.
|
# Check if the entry exists.
|
||||||
if (! $request['dn'] || ! $app['server']->dnExists($request['dn']))
|
if (! $request['dn'] || ! $app['server']->dnExists($request['dn']))
|
||||||
error(sprintf(_('The entry (%s) does not exist.'),$request['dn']),'error','index.php');
|
error(sprintf(_('The entry (%s) does not exist.'),htmlspecialchars($request['dn'])),'error','index.php');
|
||||||
|
|
||||||
$request['page'] = new PageRender($app['server']->getIndex(),get_request('template','REQUEST',false,'none'));
|
$request['page'] = new PageRender($app['server']->getIndex(),get_request('template','REQUEST',false,'none'));
|
||||||
$request['page']->setDN($request['dn']);
|
$request['page']->setDN($request['dn']);
|
||||||
|
|
|
@ -28,11 +28,11 @@ if ($ldap['DST']->isReadOnly())
|
||||||
error(('Destination server is currently READ-ONLY.'),'error','index.php');
|
error(('Destination server is currently READ-ONLY.'),'error','index.php');
|
||||||
|
|
||||||
if ($ldap['DST']->dnExists($request['dnDST']))
|
if ($ldap['DST']->dnExists($request['dnDST']))
|
||||||
error(sprintf(_('The destination entry (%s) already exists.'),pretty_print_dn($request['dnDST'])),'error','index.php');
|
error(sprintf(_('The destination entry (%s) already exists.'),pretty_print_dn(htmlspecialchars($request['dnDST']))),'error','index.php');
|
||||||
|
|
||||||
if (! $ldap['DST']->dnExists($ldap['DST']->getContainer($request['dnDST'])))
|
if (! $ldap['DST']->dnExists($ldap['DST']->getContainer($request['dnDST'])))
|
||||||
error(sprintf(_('The container you specified (%s) does not exist. Please try again.'),
|
error(sprintf(_('The container you specified (%s) does not exist. Please try again.'),
|
||||||
pretty_print_dn($ldap['DST']->getContainer($request['dnDST']))),'error','index.php');
|
pretty_print_dn(htmlspecialchars($ldap['DST']->getContainer($request['dnDST'])))),'error','index.php');
|
||||||
|
|
||||||
if (pla_compare_dns($request['dnSRC'],$request['dnDST']) == 0 && $ldap['SRC']->getIndex() == $ldap['DST']->getIndex())
|
if (pla_compare_dns($request['dnSRC'],$request['dnDST']) == 0 && $ldap['SRC']->getIndex() == $ldap['DST']->getIndex())
|
||||||
error(_('The source and destination DN are the same.'),'error','index.php');
|
error(_('The source and destination DN are the same.'),'error','index.php');
|
||||||
|
|
|
@ -17,7 +17,7 @@ $request['dn'] = get_request('dn','GET');
|
||||||
|
|
||||||
# Check if the entry exists.
|
# Check if the entry exists.
|
||||||
if (! $request['dn'] || ! $app['server']->dnExists($request['dn']))
|
if (! $request['dn'] || ! $app['server']->dnExists($request['dn']))
|
||||||
error(sprintf(_('The entry (%s) does not exist.'),$request['dn']),'error','index.php');
|
error(sprintf(_('The entry (%s) does not exist.'),htmlspecialchars($request['dn'])),'error','index.php');
|
||||||
|
|
||||||
$request['page'] = new PageRender($app['server']->getIndex(),get_request('template','REQUEST',false,'none'));
|
$request['page'] = new PageRender($app['server']->getIndex(),get_request('template','REQUEST',false,'none'));
|
||||||
$request['page']->setDN($request['dn']);
|
$request['page']->setDN($request['dn']);
|
||||||
|
|
|
@ -16,7 +16,7 @@ $request = array();
|
||||||
$request['dn'] = get_request('dn','REQUEST',true);
|
$request['dn'] = get_request('dn','REQUEST',true);
|
||||||
|
|
||||||
if (! $app['server']->dnExists($request['dn']))
|
if (! $app['server']->dnExists($request['dn']))
|
||||||
error(sprintf('%s (%s)',_('No such entry.'),'<b>'.pretty_print_dn($request['dn']).'</b>'),'error','index.php');
|
error(sprintf('%s (%s)',_('No such entry.'),'<b>'.pretty_print_dn(htmlspecialchars($request['dn'])).'</b>'),'error','index.php');
|
||||||
|
|
||||||
# Delete the entry.
|
# Delete the entry.
|
||||||
$result = $app['server']->delete($request['dn']);
|
$result = $app['server']->delete($request['dn']);
|
||||||
|
|
|
@ -17,7 +17,7 @@ $request['attr'] = get_request('attr','REQUEST',true);
|
||||||
$request['index'] = get_request('index','REQUEST',true);
|
$request['index'] = get_request('index','REQUEST',true);
|
||||||
|
|
||||||
if ($app['server']->isAttrReadOnly($request['attr']))
|
if ($app['server']->isAttrReadOnly($request['attr']))
|
||||||
error(sprintf(('The attribute "%s" is flagged as read-only in the phpLDAPadmin configuration.'),$request['attr']),'error','index.php');
|
error(sprintf(('The attribute "%s" is flagged as read-only in the phpLDAPadmin configuration.'),htmlspecialchars($request['attr'])),'error','index.php');
|
||||||
|
|
||||||
$update_array = array();
|
$update_array = array();
|
||||||
$update_array[$request['attr']] = $app['server']->getDNAttrValue($request['dn'],$request['attr']);
|
$update_array[$request['attr']] = $app['server']->getDNAttrValue($request['dn'],$request['attr']);
|
||||||
|
|
|
@ -21,13 +21,13 @@ $request['type'] = get_request('type','GET',false,'octet-stream');
|
||||||
$request['filename'] = get_request('filename','GET',false,sprintf('%s:%s.bin',get_rdn($request['dn'],true),$request['attr']));
|
$request['filename'] = get_request('filename','GET',false,sprintf('%s:%s.bin',get_rdn($request['dn'],true),$request['attr']));
|
||||||
|
|
||||||
if (! $app['server']->dnExists($request['dn']))
|
if (! $app['server']->dnExists($request['dn']))
|
||||||
error(sprintf(_('The entry (%s) does not exist.'),$request['dn']),'error','index.php');
|
error(sprintf(_('The entry (%s) does not exist.'),htmlspecialchars($request['dn'])),'error','index.php');
|
||||||
|
|
||||||
$search = $app['server']->getDNAttrValues($request['dn'],null,LDAP_DEREF_NEVER,array($request['attr']));
|
$search = $app['server']->getDNAttrValues($request['dn'],null,LDAP_DEREF_NEVER,array($request['attr']));
|
||||||
|
|
||||||
# Dump the binary data to the browser
|
# Dump the binary data to the browser
|
||||||
$obStatus = ob_get_status();
|
$obStatus = ob_get_status();
|
||||||
if (isset($obStatus['type']) && $obStatus['type'] && $obStatus['status'])
|
if (isset($obStatus['type']) && $obStatus['type'] && $obStatus['status'])
|
||||||
ob_end_clean();
|
ob_end_clean();
|
||||||
|
|
||||||
if (! isset($search[$request['attr']][$request['index']])) {
|
if (! isset($search[$request['attr']][$request['index']])) {
|
||||||
|
|
|
@ -12,7 +12,7 @@ The template engine has the following responsibilities:
|
||||||
* If we are passed a DN, then we are editing an existing entry
|
* If we are passed a DN, then we are editing an existing entry
|
||||||
* If we are not passed a DN, then we are passed a container (and creating a new entry in that container)
|
* If we are not passed a DN, then we are passed a container (and creating a new entry in that container)
|
||||||
|
|
||||||
In both cases, we are optionally passed a template ID.
|
In both cases, we are optionally passed a template ID.
|
||||||
* If we have a template ID, then we'll render the creation/editing using that template
|
* If we have a template ID, then we'll render the creation/editing using that template
|
||||||
* If we are not passed a template ID, then we'll either:
|
* If we are not passed a template ID, then we'll either:
|
||||||
* Present a list of available templates,
|
* Present a list of available templates,
|
||||||
|
@ -42,7 +42,7 @@ $request['page'] = new TemplateRender($app['server']->getIndex(),get_request('te
|
||||||
# If we have a DN, then this is to edit the entry.
|
# If we have a DN, then this is to edit the entry.
|
||||||
if ($request['dn']) {
|
if ($request['dn']) {
|
||||||
$app['server']->dnExists($request['dn'])
|
$app['server']->dnExists($request['dn'])
|
||||||
or error(sprintf('%s (%s)',_('No such entry'),pretty_print_dn($request['dn'])),'error','index.php');
|
or error(sprintf('%s (%s)',_('No such entry'),pretty_print_dn(htmlspecialchars($request['dn']))),'error','index.php');
|
||||||
|
|
||||||
$request['page']->setDN($request['dn']);
|
$request['page']->setDN($request['dn']);
|
||||||
$request['page']->accept();
|
$request['page']->accept();
|
||||||
|
|
|
@ -24,7 +24,7 @@ if (get_request('cancel','REQUEST')) {
|
||||||
}
|
}
|
||||||
|
|
||||||
if (! $request['dn'] || ! $app['server']->dnExists($request['dn']))
|
if (! $request['dn'] || ! $app['server']->dnExists($request['dn']))
|
||||||
error(sprintf(_('The entry (%s) does not exist.'),$request['dn']),'error','index.php');
|
error(sprintf(_('The entry (%s) does not exist.'),htmlspecialchars($request['dn'])),'error','index.php');
|
||||||
|
|
||||||
$request['page'] = new PageRender($app['server']->getIndex(),get_request('template','REQUEST',false,'none'));
|
$request['page'] = new PageRender($app['server']->getIndex(),get_request('template','REQUEST',false,'none'));
|
||||||
$request['page']->setDN($request['dn']);
|
$request['page']->setDN($request['dn']);
|
||||||
|
|
|
@ -20,7 +20,7 @@ $request = array();
|
||||||
$request['dn'] = get_request('dn','REQUEST',true);
|
$request['dn'] = get_request('dn','REQUEST',true);
|
||||||
|
|
||||||
if (! $request['dn'] || ! $app['server']->dnExists($request['dn']))
|
if (! $request['dn'] || ! $app['server']->dnExists($request['dn']))
|
||||||
error(sprintf(_('The entry (%s) does not exist.'),$request['dn']),'error','index.php');
|
error(sprintf(_('The entry (%s) does not exist.'),htmlspecialchars($request['dn'])),'error','index.php');
|
||||||
|
|
||||||
$request['page'] = new PageRender($app['server']->getIndex(),get_request('template','REQUEST',false,'none'));
|
$request['page'] = new PageRender($app['server']->getIndex(),get_request('template','REQUEST',false,'none'));
|
||||||
$request['page']->setDN($request['dn']);
|
$request['page']->setDN($request['dn']);
|
||||||
|
|
Loading…
Reference in New Issue