#! /bin/sh /usr/share/dpatch/dpatch-run ## makefile.dpatch ## Patrick Winnertz --- lwat-0.13~pre0.14/lib/admin.php 2007-03-25 16:40:22.000000000 +0200 +++ lwat-0.13~pre0.14/lib/admin.php 2007-03-25 16:53:44.000000000 +0200 @@ -39,10 +39,10 @@ $result = ldap_search ($ldap, $base, $filter, $want); $entries = ldap_get_entries ($ldap, $result); if (empty ($automountbase)) - $automountbase = $entries[0]["dn"] ; + $automountbase = htmlspecialchars($entries[0]["dn"]) ; foreach ($entries as $key => $value) if (is_array ($value)) - $display[] = array ('level' => 0, 'base' => $value["dn"]) ; + $display[] = array ('level' => 0, 'base' => htmlspecialchars($value["dn"])) ; for ($i = 0 ; $i < count($display) ; $i++) { $level = $display[$i]["level"] ; $searchbase = $display[$i]["base"] ; @@ -125,10 +125,10 @@ $entries = ldap_get_entries ($ldap, $result); $count=$entries["count"] ; if ($count) { - $cn=$entries[0]["cn"][0]; - $domain=$entries[0]["associateddomain"][0]; - $ipAddress=$entries[0]["iphostnumber"][0]; - $macAddress=$entries[0]["macaddress"][0]; + $cn=htmlspecialchars($entries[0]["cn"][0]); + $domain=htmlspecialchars($entries[0]["associateddomain"][0]); + $ipAddress=htmlspecialchars($entries[0]["iphostnumber"][0]); + $macAddress=htmlspecialchars($entries[0]["macaddress"][0]); $smarty->assign ('cn', $cn) ; $smarty->assign ('domain', $domain) ; $smarty->assign ('ipAddress', $ipAddress) ; @@ -153,9 +153,9 @@ $entries = ldap_get_entries ($ldap, $result); for ($i = 0 ; $i < $entries["count"] ; $i++) { if (@in_array ('(' . $cn . ',-,-)', $entries[$i]["nisnetgrouptriple"])) - $memberOf[] = $entries[$i]['cn'][0] ; + $memberOf[] = htmlspecialchars($entries[$i]['cn'][0]) ; else - $notMemberOf[] = $entries[$i]['cn'][0] ; + $notMemberOf[] = htmlspecialchars($entries[$i]['cn'][0]) ; } } if ($authenticated) { @@ -183,8 +183,8 @@ $searchbase=$groupbase ; $result = ldap_search($ldap, $searchbase, $filter, $want); $entries = ldap_get_entries ($ldap, $result); - $groupdn=$entries[0]["dn"] ; - $cn=$entries[0]["cn"][0] ; + $groupdn=htmlspecialchars($entries[0]["dn"]) ; + $cn=htmlspecialchars($entries[0]["cn"][0]) ; $change = array (); $change["memberUid"][] = $uid ; @ldap_mod_del($ldap, $groupdn, $change) ; @@ -192,14 +192,14 @@ $filter="(&(member=*)(cn=" . $cn . "))"; $result = ldap_search($ldap, $base, $filter, $want); $entries = ldap_get_entries ($ldap, $result); - $groupdn=$entries[0]["dn"] ; + $groupdn=htmlspecialchars($entries[0]["dn"]) ; $change = array (); if ($entries[0]["member"][count]) { $want = array (); $filter="(&(objectClass=posixAccount)(uid=" . $uid ."))"; $result = ldap_search($ldap, $base, $filter, $want); $entries = ldap_get_entries ($ldap, $result) ; - $change["member"][] = $entries[0]["dn"] ; + $change["member"][] = htmlspecialchars($entries[0]["dn"]) ; ldap_mod_del($ldap, $groupdn, $change) ; } } @@ -212,10 +212,10 @@ $result = ldap_search($ldap, $searchbase, $filter, $want); $entries = ldap_get_entries ($ldap, $result); if (@in_array ('(' . $cn . ',-,-)', $entries[$i]["nisnetgrouptriple"]) === false ) { - $groupdn=$entries[0]["dn"] ; + $groupdn=htmlspecialchars($entries[0]["dn"]) ; $change = array () ; for ($i = 0 ; $i < $entries[0]["nisnetgrouptriple"][count] ; $i++) { - $change["nisNetgroupTriple"][] = $entries[0]["nisnetgrouptriple"][$i] ; + $change["nisNetgroupTriple"][] = htmlspecialchars($entries[0]["nisnetgrouptriple"][$i]) ; } $change["nisNetGroupTriple"][] = "(" . $cn . ",-,-)" ; ldap_modify($ldap, $groupdn, $change) ; @@ -230,12 +230,12 @@ $searchbase=$netgroupbase ; $result = ldap_search($ldap, $searchbase, $filter, $want); $entries = ldap_get_entries ($ldap, $result); - $groupdn=$entries[0]["dn"] ; + $groupdn=htmlspecialchars($entries[0]["dn"]) ; $change = array () ; $change["nisNetgroupTriple"] = array () ; for ($i = 0 ; $i < $entries[0]["nisnetgrouptriple"][count] ; $i++) { if ($entries[$i]["nisnetgrouptriple"][$i] <> '(' . $cn . ',-,-)') - $change["nisNetgroupTriple"][] = $entries[0]["nisnetgrouptriple"][$i] ; + $change["nisNetgroupTriple"][] = htmlspecialchars($entries[0]["nisnetgrouptriple"][$i]) ; } if (!ldap_modify($ldap, $groupdn, $change)) debug (array ('cn' => $cn, 'group' => $group, @@ -249,8 +249,8 @@ $searchbase=$groupbase ; $result = ldap_search($ldap, $searchbase, $filter, $want); $entries = ldap_get_entries ($ldap, $result); - $groupdn = $entries[0]["dn"] ; - $cn=$entries[0]["cn"][0] ; + $groupdn = htmlspecialchars($entries[0]["dn"]) ; + $cn=htmlspecialchars($entries[0]["cn"][0]) ; $change = array (); if ($description <> $entries[0]["description"][0]) { $change["description"][] = $description ; @@ -332,7 +332,7 @@ $entries = ldap_get_entries ($ldap, $result); if ($entries["count"] > 0) { printf (_("Sorry, there is already a group/user with the name %s") . "
", $cn ); - $gidNumber = $entries[0]["gidNumber"][0] ; + $gidNumber = htmlspecialchars($entries[0]["gidNumber"][0]) ; } else { $gidNumber = getnextid ($ldap, $base) ; $add = array (); @@ -397,7 +397,7 @@ if (ldap_count_entries ($ldap, $result)) $smarty->assign ('authentication', 'checked'); } - $memberUid=$entries[0]["memberuid"]; + $memberUid=htmlspecialchars($entries[0]["memberuid"]); $filter="" ; for ($i=0 ; $i < $memberUid["count"] ; $i++) { $filter .= "(uid=" . $memberUid[$i] . ")" ; @@ -410,8 +410,8 @@ $username = array () ; $display = array () ; for ($i=0 ; $i < $entries["count"] ; $i++) { - $username[] = $entries[$i]["uid"][0] ; - $display[] = $entries[$i]["cn"][0] ; + $username[] = htmlspecialchars($entries[$i]["uid"][0]) ; + $display[] = htmlspecialchars($entries[$i]["cn"][0]) ; } $smarty->assign('username', $username) ; $smarty->assign('display', $display) ; @@ -428,15 +428,15 @@ $entries = ldap_get_entries ($ldap, $result); $count=$entries["count"] ; if ($count) { - $cn=$entries[0]["cn"][0]; - $uidNumber=$entries[0]["uidnumber"][0]; - $gidNumber=$entries[0]["gidnumber"][0]; + $cn=htmlspecialchars($entries[0]["cn"][0]); + $uidNumber=htmlspecialchars($entries[0]["uidnumber"][0]); + $gidNumber=htmlspecialchars($entries[0]["gidnumber"][0]); $filter="(&(objectClass=posixGroup)(gidNumber=" . $gidNumber . ")(!(cn=nextID))(!(cn=lastID)))"; $want = array ("cn", "gidNumber") ; $searchbase=$base ; $result = ldap_search($ldap, $searchbase, $filter, $want); $entries = ldap_get_entries ($ldap, $result); - $userGroup=$entries[0]["cn"][0]; + $userGroup=htmlspecialchars($entries[0]["cn"][0]); $smarty->assign('uid', $uid) ; $smarty->assign('uidNumber', $uidNumber) ; $smarty->assign('cn', $cn) ; @@ -460,8 +460,8 @@ $result = ldap_search($ldap, $searchbase, $filter, $want); $entries = ldap_get_entries ($ldap, $result); for ($i=0 ; $i < $entries["count"] ; $i++) { - $memberValues[] = $entries[$i]["gidnumber"][0] ; - $memberDisplays[] = $entries[$i]["cn"][0] ; + $memberValues[] = htmlspecialchars($entries[$i]["gidnumber"][0]) ; + $memberDisplays[] = htmlspecialchars($entries[$i]["cn"][0]) ; } if ($useLisGroup) $filter="(&(objectClass=posixGroup)(!(groupType=private))(!(memberUid=" . $uid . ")))"; @@ -472,8 +472,8 @@ $result = ldap_search($ldap, $searchbase, $filter, $want); $entries = ldap_get_entries ($ldap, $result); for ($i=0 ; $i < $entries["count"] ; $i++) { - $nonMemberValues[] = $entries[$i]["gidnumber"][0] ; - $nonMemberDisplays[] = $entries[$i]["cn"][0] ; + $nonMemberValues[] = htmlspecialchars($entries[$i]["gidnumber"][0]) ; + $nonMemberDisplays[] = htmlspecialchars($entries[$i]["cn"][0]) ; } if ($authenticated) { $groupTarget='\'sub\'' ; @@ -544,9 +544,9 @@ printf (_("Too many entries, please narrow your search") . "
\n") ; elseif ($count) { for ($i=0 ; $i < $count ; $i++) { - $value[]=$entries[$i][$show][0] ; - $display[] = $entries[$i]['cn'][0] ; - $dn[] = $entries[$i]['dn'] ; + $value[]=htmlspecialchars($entries[$i][$show][0]) ; + $display[] = htmlspecialchars($entries[$i]['cn'][0]) ; + $dn[] = htmlspecialchars($entries[$i]['dn']) ; } $smarty->assign('searchDisabled', $searchDisabled) ; $smarty->assign('action', $action) ; @@ -747,7 +747,7 @@ $entries = ldap_get_entries ($ldap, $result) ; if ($entries[count]) for ($group = 0 ; $group < $entries[count] ; $group++) { - $members = $entries[$group]['memberuid'] ; + $members = htmlspecialchars($entries[$group]['memberuid']) ; for ($member = 0 ; $member < $members[count] ; $member++) { $memberUid .= '(uid=' . $members[$member] . ')' ; } @@ -762,7 +762,7 @@ $result = ldap_search ($ldap, $base, $filter, $want) ; $entries = ldap_get_entries ($ldap, $result) ; for ($dn = 0 ; $dn < $entries[count] ; $dn++) - $userToEnable[] =$entries[$dn]['dn'] ; + $userToEnable[] =htmlspecialchars($entries[$dn]['dn']) ; } if (empty ($userToEnable)) { printf (_("No users to enable")) ; @@ -800,7 +800,7 @@ $entries = ldap_get_entries ($ldap, $result) ; if ($entries[count]) for ($group = 0 ; $group < $entries[count] ; $group++) { - $members = $entries[$group]['memberuid'] ; + $members = htmlspecialchars($entries[$group]['memberuid']) ; for ($member = 0 ; $member < $members[count] ; $member++) { $memberUid .= '(uid=' . $members[$member] . ')' ; } @@ -815,7 +815,7 @@ $result = ldap_search ($ldap, $base, $filter, $want) ; $entries = ldap_get_entries ($ldap, $result) ; for ($dn = 0 ; $dn < $entries[count] ; $dn++) - $userToDisable[] =$entries[$dn]['dn'] ; + $userToDisable[] =htmlspecialchars($entries[$dn]['dn']) ; } if (empty ($userToDisable)) { printf (_("No users to disable")) ; @@ -853,7 +853,7 @@ $entries = ldap_get_entries ($ldap, $result) ; if ($entries[count]) for ($group = 0 ; $group < $entries[count] ; $group++) { - $members = $entries[$group]['memberuid'] ; + $members = htmlspecialchars($entries[$group]['memberuid']) ; for ($member = 0 ; $member < $members[count] ; $member++) { $memberUid .= '(uid=' . $members[$member] . ')' ; } @@ -868,7 +868,7 @@ $result = ldap_search ($ldap, $base, $filter, $want) ; $entries = ldap_get_entries ($ldap, $result) ; for ($dn = 0 ; $dn < $entries[count] ; $dn++) - $userToDelete[] =$entries[$dn]['dn'] ; + $userToDelete[] =htmlspecialchars($entries[$dn]['dn']) ; } if (empty ($userToDelete)) { printf (_("No users to delete")) ; @@ -1029,7 +1029,7 @@ $want = array () ; $result = ldap_search($ldap, $base, $filter, $want); $entries = ldap_get_entries ($ldap, $result); - $admindn = $entries[0]['dn'] ; + $admindn = htmlspecialchars($entries[0]['dn']) ; $adminpw=readKey('adminpw') ; $bind = @ldap_bind ($ldap, $admindn, $adminpw); if ($bind) {