diff --git a/html/index.php b/html/index.php
index 3dbed1db7eb4259e692bf527dde9284a3ecb75a7..241398cf197964102f025d3a804f00481672322b 100644
--- a/html/index.php
+++ b/html/index.php
@@ -433,7 +433,7 @@ class Index {
$verify_attr = explode(',', $config->get_cfg_value('loginAttribute', 'uid'));
$filter = '';
foreach ($verify_attr as $attr) {
- $filter .= '('.$attr.'='.self::$username.')';
+ $filter .= '('.$attr.'='.ldap_escape_f(self::$username).')';
}
$ldap->search('(&(|'.$filter.')(objectClass=inetOrgPerson))');
$attrs = $ldap->fetch();
diff --git a/include/class_filter.inc b/include/class_filter.inc
index f09247ea3f64c626f7622780ead924c0b3e82de1..aac3ec5e8c7e7ab098f3ea0a867526571c5040a9 100644
--- a/include/class_filter.inc
+++ b/include/class_filter.inc
@@ -466,11 +466,11 @@ class filter
// Do not replace escaped \$ - This is required to be able to search for e.g. windows machines.
if ($this->elementValues[$tag] == "") {
- $e_unset = preg_replace('/([^\\\\])\$/', '${1}'.normalizeLdap($this->elementValues[$tag]), $e_unset);
+ $e_unset = preg_replace('/([^\\\\])\$/', '${1}'.ldap_escape_f($this->elementValues[$tag]), $e_unset);
$e_unset = preg_replace('/\\\\\$/', '$', $e_unset);
$filter = preg_replace("/\\$$tag/", $e_unset, $filter);
} else {
- $e_set = preg_replace('/([^\\\\])\$/', '${1}'.normalizeLdap($this->elementValues[$tag]), $e_set);
+ $e_set = preg_replace('/([^\\\\])\$/', '${1}'.ldap_escape_f($this->elementValues[$tag]), $e_set);
$e_set = preg_replace('/\\\\\$/', '$', $e_set);
$filter = preg_replace("/\\$$tag/", $e_set, $filter);
}
@@ -566,7 +566,7 @@ class filter
}
// Make filter
- $filter = preg_replace("/\\$$tag/", normalizeLdap($value), $filter);
+ $filter = preg_replace("/\\$$tag/", ldap_escape_f($value), $filter);
if (isset($config['base']) && isset($config['scope']) && isset($config['category'])) {
$result = call_user_func(array($backend, 'query'), $this, $config['base'], $config['scope'], $filter, $attributes,
$config["category"], $config["objectStorage"]);
diff --git a/include/class_ldap.inc b/include/class_ldap.inc
index 72484f261013c63cd98e84645834cbfa819a685c..7e1f6bd23b72ed4ee92249d90906875a48fd4541 100644
--- a/include/class_ldap.inc
+++ b/include/class_ldap.inc
@@ -167,8 +167,8 @@ class LDAP
*/
static function prepare4filter($dn)
{
- $fixed = normalizeLdap(str_replace('\\\\', '\\\\\\', LDAP::fix($dn)));
- return str_replace('\\,', '\\\\,', $fixed);
+ trigger_error('deprecated, use ldap_escape_f instead');
+ return ldap_escape_f($dn);
}
/*!
diff --git a/include/class_plugin.inc b/include/class_plugin.inc
index 76a089a958e43c22d88b3eb8c470d3863d73a9b8..e47ed7d920d63d5e7fc116897b12bd8dd9d5c518 100644
--- a/include/class_plugin.inc
+++ b/include/class_plugin.inc
@@ -1009,7 +1009,7 @@ class plugin
$base = preg_replace('/^,*/', '', $base);
/* Try to use plain entry first */
- $dn = $attribute.'='.ldap_escape($this->$attribute, '', LDAP_ESCAPE_DN).','.$base;
+ $dn = $attribute.'='.ldap_escape_dn($this->$attribute).','.$base;
if ($dn == $this->orig_dn) {
return $dn;
}
@@ -1024,7 +1024,7 @@ class plugin
continue;
}
- $dn = "$attribute=".ldap_escape($this->$attribute, '', LDAP_ESCAPE_DN)."+$attr=".ldap_escape($this->$attr, '', LDAP_ESCAPE_DN).",$base";
+ $dn = $attribute.'='.ldap_escape_dn($this->$attribute).'+'.$attr.'='.ldap_escape_dn($this->$attr).','.$base;
if ($dn == $this->orig_dn) {
return $dn;
}
diff --git a/include/class_userinfo.inc b/include/class_userinfo.inc
index bdfc43f2db9c9348b9b352fe05faf9c681b57e6d..e7833755cb3b2bfd4d62c15c8cb3bff89cb3d6d9 100644
--- a/include/class_userinfo.inc
+++ b/include/class_userinfo.inc
@@ -107,13 +107,13 @@ class userinfo
$ldap->cd($this->config->current['BASE']);
/* Get member groups... */
- $ldap->search('(&(objectClass=posixGroup)(memberUid='.$this->uid.'))', array('dn'));
+ $ldap->search('(&(objectClass=posixGroup)(memberUid='.ldap_escape_f($this->uid).'))', array('dn'));
while ($attrs = $ldap->fetch()) {
$this->groups[$attrs['dn']] = $attrs['dn'];
}
/* Get member roles... */
- $ldap->search('(&(objectClass=organizationalRole)(roleOccupant='.$this->dn.'))', array('dn'));
+ $ldap->search('(&(objectClass=organizationalRole)(roleOccupant='.ldap_escape_f($this->dn).'))', array('dn'));
while ($attrs = $ldap->fetch()) {
$this->roles[$attrs['dn']] = $attrs['dn'];
}
diff --git a/include/functions.inc b/include/functions.inc
index e1dde756682226d2a9956da95a79caba0c2d5563..bd97a2708e169fe564f275e8dd33058ca3f05286 100644
--- a/include/functions.inc
+++ b/include/functions.inc
@@ -654,8 +654,8 @@ function add_lock($object, $user)
/* Check for existing entries in lock area */
$ldap = $config->get_ldap_link();
$ldap->cd(get_ou('lockRDN').get_ou('fusiondirectoryRDN').$config->current['BASE']);
- $ldap->search("(&(objectClass=gosaLockEntry)(gosaUser=$user)(gosaObject=".base64_encode($object)."))",
- array("gosaUser"));
+ $ldap->search('(&(objectClass=gosaLockEntry)(gosaUser='.ldap_escape_f($user).')(gosaObject='.base64_encode($object).'))',
+ array('gosaUser'));
if (!$ldap->success()) {
msg_dialog::display(_("Configuration error"), sprintf(_("Cannot create locking information in LDAP tree. Please contact your administrator!")."<br><br>"._('LDAP server returned: %s'), "<br><br><i>".$ldap->get_error()."</i>"), ERROR_DIALOG);
return;
@@ -744,7 +744,7 @@ function del_user_locks($userdn)
$ldap->cd(get_ou('lockRDN').get_ou('fusiondirectoryRDN').$config->current['BASE']);
/* Remove all objects of this user, drop errors silently in this case. */
- $ldap->search("(&(objectClass=gosaLockEntry)(gosaUser=$userdn))", array("gosaUser"));
+ $ldap->search('(&(objectClass=gosaLockEntry)(gosaUser='.ldap_escape_f($userdn).'))', array('gosaUser'));
while ($attrs = $ldap->fetch()) {
$ldap->rmdir($attrs['dn']);
}
@@ -778,7 +778,7 @@ function get_lock ($object)
$user = "";
$ldap = $config->get_ldap_link();
$ldap->cd(get_ou('lockRDN').get_ou('fusiondirectoryRDN').$config->current['BASE']);
- $ldap->search("(&(objectClass=gosaLockEntry)(gosaObject=".base64_encode($object)."))", array("gosaUser"));
+ $ldap->search('(&(objectClass=gosaLockEntry)(gosaObject='.base64_encode($object).'))', array('gosaUser'));
if (!$ldap->success()) {
msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), "", LDAP_SEARCH), LDAP_ERROR);
return "";
@@ -2000,7 +2000,7 @@ function gen_uids($rule, $attributes)
}
$res = preg_replace('/{id(:|!)\d+}/', $number, $uid);
- $ldap->search("(uid=".preg_replace('/[{}]/', '', $res).")", array('dn'));
+ $ldap->search('(uid='.ldap_escape_f(preg_replace('/[{}]/', '', $res)).')', array('dn'));
if ($ldap->count() == 0) {
$uid = $res;
break;
@@ -2018,7 +2018,7 @@ function gen_uids($rule, $attributes)
mt_srand((double)microtime() * 1000000);
$number = sprintf("%0".$size."d", mt_rand(0, pow(10, $size) - 1));
$res = preg_replace('/{id#(\d+)}/', $number, $uid);
- $ldap->search("(uid=".preg_replace('/[{}]/', '', $res).")", array('dn'));
+ $ldap->search('(uid='.ldap_escape_f(preg_replace('/[{}]/', '', $res)).')', array('dn'));
if ($ldap->count() == 0) {
$uid = $res;
break;
@@ -2030,7 +2030,7 @@ function gen_uids($rule, $attributes)
}
/* Don't assign used ones */
- $ldap->search("(uid=".preg_replace('/[{}]/', '', $uid).")", array('dn'));
+ $ldap->search('(uid='.ldap_escape_f(preg_replace('/[{}]/', '', $uid)).')', array('dn'));
if ($ldap->count() == 0) {
/* Add uid, but remove {} first. These are invalid anyway. */
$uid = preg_replace('/[{}]/', '', $uid);
@@ -2439,6 +2439,7 @@ function array_differs_recursive($src, $dst)
*/
function normalizeLdap($input)
{
+ trigger_error('deprecated, use ldap_escape_f');
return addcslashes($input, '*()\\/');
}
@@ -2960,9 +2961,9 @@ function update_accessTo($from, $to)
global $config;
$ldap = $config->get_ldap_link();
$ldap->cd($config->current['BASE']);
- $ldap->search("(&(objectClass=trustAccount)(accessTo=".$from."))", array("objectClass","accessTo"));
+ $ldap->search('(&(objectClass=trustAccount)(accessTo='.ldap_escape_f($from).'))', array('objectClass','accessTo'));
while ($attrs = $ldap->fetch()) {
- $new_attrs = array("accessTo" => array());
+ $new_attrs = array('accessTo' => array());
$dn = $attrs['dn'];
for ($i = 0; $i < $attrs['objectClass']['count']; $i++) {
$new_attrs['objectClass'][] = $attrs['objectClass'][$i];
@@ -3410,4 +3411,14 @@ if (!function_exists('ldap_escape')) {
return $result;
}
}
+
+function ldap_escape_f($str, $ignore = '')
+{
+ return ldap_escape($str, $ignore, LDAP_ESCAPE_FILTER);
+}
+
+function ldap_escape_dn($str, $ignore = '')
+{
+ return ldap_escape($str, $ignore, LDAP_ESCAPE_DN);
+}
?>
diff --git a/include/simpleplugin/class_attribute.inc b/include/simpleplugin/class_attribute.inc
index 386f7df58bcda8399a38e95293fc8b63cf6b5e4e..a52f3de7a3e2ef2eb7f00ea977e33eb90d542a90 100644
--- a/include/simpleplugin/class_attribute.inc
+++ b/include/simpleplugin/class_attribute.inc
@@ -440,9 +440,9 @@ class Attribute
}
$ldap->cd($base);
if (is_array($value)) {
- $filter = '(|('.$this->getLdapName().'='.join(')('.$this->getLdapName().'=', $value).'))';
+ $filter = '(|('.$this->getLdapName().'='.join(')('.$this->getLdapName().'=', array_map('ldap_escape_f', $value)).'))';
} else {
- $filter = '('.$this->getLdapName().'='.$value.')';
+ $filter = '('.$this->getLdapName().'='.ldap_escape_f($value).')';
}
$infos = pluglist::pluginInfos(get_class($this->plugin));
$filters = array_map(
diff --git a/include/simpleplugin/class_dialogAttributes.inc b/include/simpleplugin/class_dialogAttributes.inc
index 763f9b1792c11317b78fa16fc2aff6b75d3eb1cb..c000331f484deb8ca74a7d6c45378d5e118eef65 100644
--- a/include/simpleplugin/class_dialogAttributes.inc
+++ b/include/simpleplugin/class_dialogAttributes.inc
@@ -349,7 +349,7 @@ class GenericDialogAttribute extends DialogAttribute
$ldap->cat($value, $this->ldapAttributesToGet());
} else {
$ldap->cd($this->plugin->config->current['BASE']);
- $ldap->search('('.$this->store_attr.'='.$value.')', $this->ldapAttributesToGet());
+ $ldap->search('('.$this->store_attr.'='.ldap_escape_f($value).')', $this->ldapAttributesToGet());
}
$this->fillDisplayValueFrom($i, $ldap->fetch());
}
diff --git a/include/simpleplugin/class_simplePlugin.inc b/include/simpleplugin/class_simplePlugin.inc
index 7f75be988e7d543d257d0f1cfb1a930288af2235..c7e6a471ab9518455e4d373b99dffc17646f0806 100644
--- a/include/simpleplugin/class_simplePlugin.inc
+++ b/include/simpleplugin/class_simplePlugin.inc
@@ -135,9 +135,9 @@ class simplePlugin extends plugin
$ldap->cd($this->config->current['BASE']);
foreach ($this->inheritance as $oc => $at) {
if ($this->mainTab) {
- $filter = "(&(objectClass=$oc)($at=".LDAP::prepare4filter($this->dn)."))";
+ $filter = '(&(objectClass='.$oc.')('.$at.'='.ldap_escape_f($this->dn).'))';
} else {
- $filter = "(&(objectClass=$oc)".$this->getObjectClassFilter()."($at=".LDAP::prepare4filter($this->dn)."))";
+ $filter = '(&(objectClass='.$oc.')'.$this->getObjectClassFilter().'('.$at.'='.ldap_escape_f($this->dn).'))';
}
$ldap->search($filter, $this->attributes);
if ($ldap->count() == 1) {
@@ -295,10 +295,10 @@ class simplePlugin extends plugin
$base = $config->current['BASE'];
}
if ($this->is_template) {
- $dn = 'cn='.ldap_escape($this->_template_cn, '', LDAP_ESCAPE_DN).',ou=templates,'.$ou.$base;
+ $dn = 'cn='.ldap_escape_dn($this->_template_cn).',ou=templates,'.$ou.$base;
return $dn;
}
- return $attr.'='.ldap_escape($this->attributesAccess[$attr]->computeLdapValue(), '', LDAP_ESCAPE_DN).','.$ou.$base;
+ return $attr.'='.ldap_escape_dn($this->attributesAccess[$attr]->computeLdapValue()).','.$ou.$base;
}
function getRequiredAttributes()
diff --git a/include/simpleplugin/class_simpleTabs.inc b/include/simpleplugin/class_simpleTabs.inc
index f090895e64c0b25aa3a2787965563577d758027e..a57a5127d5832e8d30af80ab344f7ac23c9c3390 100644
--- a/include/simpleplugin/class_simpleTabs.inc
+++ b/include/simpleplugin/class_simpleTabs.inc
@@ -346,7 +346,7 @@ class simpleTabs
if ($this->getBaseObject()->is_template) {
$ldap = $config->get_ldap_link();
$ldap->cd($config->current['BASE']);
- $filter = '(&(objectClass=fdTemplate)(cn='.$this->getBaseObject()->_template_cn.'))';
+ $filter = '(&(objectClass=fdTemplate)(cn='.ldap_escape_f($this->getBaseObject()->_template_cn).'))';
$ldap->search($filter, array('dn'));
while ($attrs = $ldap->fetch()) {
if ($attrs['dn'] != $this->getBaseObject()->dn) {
diff --git a/plugins/addons/dashboard/class_dashBoardUsers.inc b/plugins/addons/dashboard/class_dashBoardUsers.inc
index e8713466f1e450be58782d86c3796fe79c856196..b659948500a63c7087f466b6c43d22f339c12746 100644
--- a/plugins/addons/dashboard/class_dashBoardUsers.inc
+++ b/plugins/addons/dashboard/class_dashBoardUsers.inc
@@ -3,17 +3,17 @@
This code is part of FusionDirectory (http://www.fusiondirectory.org)
Copyright (C) 2010 Antoine Gallavardin
Copyright (C) 2011-2016 FusionDirectory project
-
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
@@ -67,7 +67,7 @@ class dashboardUsers extends simplePlugin
/* User statistics */
$ldap = $this->config->get_ldap_link();
$ldap->cd($this->config->current['BASE']);
- $ldap->search("(objectClass=inetOrgPerson)", array("userPassword"));
+ $ldap->search('(objectClass=inetOrgPerson)', array('userPassword'));
$nb_accounts = $ldap->count();
$nb_locked_accounts = 0;
while ($attrs = $ldap->fetch()) {
diff --git a/plugins/personal/generic/class_user.inc b/plugins/personal/generic/class_user.inc
index 86a559ee0406cf24a78601b54fb63624211fbac5..1c78d68d2710e9e6ab1bf48fd718303430ddb90d 100644
--- a/plugins/personal/generic/class_user.inc
+++ b/plugins/personal/generic/class_user.inc
@@ -461,7 +461,7 @@ class user extends simplePlugin
function compute_dn()
{
if ($this->is_template) {
- $dn = 'cn='.ldap_escape($this->_template_cn, '', LDAP_ESCAPE_DN).',ou=templates,'.get_ou('userRDN').$this->base;
+ $dn = 'cn='.ldap_escape_dn($this->_template_cn).',ou=templates,'.get_ou('userRDN').$this->base;
return $dn;
}
diff --git a/plugins/personal/posix/class_posixAccount.inc b/plugins/personal/posix/class_posixAccount.inc
index 1a433eb688db7c7c681b6c7323727ab2518baf1d..4c427e4ed1315020266b6380b3149bc6b86ccf23 100644
--- a/plugins/personal/posix/class_posixAccount.inc
+++ b/plugins/personal/posix/class_posixAccount.inc
@@ -334,13 +334,13 @@ class posixAccount extends simplePlugin
} else {
/* Groups handling */
$ldap->cd($this->config->current['BASE']);
- $ldap->search("(&(objectClass=posixGroup)(memberUid=".$this->getUid()."))", array("cn", "description"));
+ $ldap->search('(&(objectClass=posixGroup)(memberUid='.ldap_escape_f($this->getUid()).'))', array('cn', 'description'));
$groupMembership = array();
while ($attrs = $ldap->fetch()) {
- if (!isset($attrs["description"][0])) {
- $entry = $attrs["cn"][0];
+ if (!isset($attrs['description'][0])) {
+ $entry = $attrs['cn'][0];
} else {
- $entry = $attrs["cn"][0]." [".$attrs["description"][0]."]";
+ $entry = $attrs['cn'][0].' ['.$attrs['description'][0].']';
}
$groupMembership[$ldap->getDN()] = $entry;
}
@@ -377,7 +377,7 @@ class posixAccount extends simplePlugin
$ldap = $this->config->get_ldap_link();
$ldap->cd($this->config->current['BASE']);
- $ldap->search("(&(objectClass=posixGroup)(gidNumber=".$this->gidNumber.")(cn=".$this->getUid()."))", array("cn","gidNumber"));
+ $ldap->search('(&(objectClass=posixGroup)(gidNumber='.ldap_escape_f($this->gidNumber).')(cn='.ldap_escape_f($this->getUid()).'))', array('cn','gidNumber'));
if ($ldap->count() > 0) {
/* The copied user had its own group */
@@ -385,10 +385,10 @@ class posixAccount extends simplePlugin
}
$this->force_ids = FALSE;
- $this->attributesAccess['uidNumber']->setInitialValue("");
- $this->attributesAccess['gidNumber']->setInitialValue("");
- $this->uidNumber = "";
- $this->gidNumber = "";
+ $this->attributesAccess['uidNumber']->setInitialValue('');
+ $this->attributesAccess['gidNumber']->setInitialValue('');
+ $this->uidNumber = '';
+ $this->gidNumber = '';
}
function check()
@@ -488,9 +488,9 @@ class posixAccount extends simplePlugin
/* Are we forced to use a special gidNumber? */
if ($this->force_ids) {
- $ldap->search('(&(objectClass=posixGroup)(gidNumber='.$this->gidNumber.'))', array('cn','gidNumber'));
+ $ldap->search('(&(objectClass=posixGroup)(gidNumber='.ldap_escape_f($this->gidNumber).'))', array('cn','gidNumber'));
} else {
- $ldap->search('(&(objectClass=posixGroup)(gidNumber=*)(cn='.$this->getUid().'))', array('cn','gidNumber'));
+ $ldap->search('(&(objectClass=posixGroup)(gidNumber=*)(cn='.ldap_escape_f($this->getUid()).'))', array('cn','gidNumber'));
}
/* No primary group found, create a new one */
@@ -505,11 +505,11 @@ class posixAccount extends simplePlugin
/* If forced gidNumber could not be found, then check if the given group name already exists.
*/
$cnt = 0;
- $ldap->search('(&(objectClass=posixGroup)(cn='.$groupcn.'))', array('cn'));
+ $ldap->search('(&(objectClass=posixGroup)(cn='.ldap_escape_f($groupcn).'))', array('cn'));
while ($ldap->count() && ($cnt < 100)) {
$cnt++;
$groupcn = $this->getUid().'_'.$cnt;
- $ldap->search('(&(objectClass=posixGroup)(cn='.$groupcn.'))', array('cn'));
+ $ldap->search('(&(objectClass=posixGroup)(cn='.ldap_escape_f($groupcn).'))', array('cn'));
}
/* Create new primary group and enforce the new gidNumber */
@@ -638,7 +638,7 @@ class posixAccount extends simplePlugin
/* Delete group only if cn is uid and there are no other members inside */
$ldap = $this->config->get_ldap_link();
$ldap->cd ($this->config->current['BASE']);
- $ldap->search ('(&(objectClass=posixGroup)(gidNumber='.$this->gidNumber.')(cn='.$this->getUid().'))', array('cn', 'memberUid'));
+ $ldap->search ('(&(objectClass=posixGroup)(gidNumber='.ldap_escape_f($this->gidNumber).')(cn='.ldap_escape_f($this->getUid()).'))', array('cn', 'memberUid'));
if ($ldap->count() != 0) {
$attrs = $ldap->fetch();
if ($attrs['cn'][0] == $this->getUid() && !isset($this->attrs['memberUid'])) {
diff --git a/setup/class_setupStep_Migrate.inc b/setup/class_setupStep_Migrate.inc
index 557db7970ed9509900d87ca1544a93137cfc4742..399ec92e309e5aa12adb1f27ffa808ac0e1549e3 100644
--- a/setup/class_setupStep_Migrate.inc
+++ b/setup/class_setupStep_Migrate.inc
@@ -1142,7 +1142,7 @@ class Step_Migrate extends setupStep
$entry['ldif'] = _('Entry will be moved from').":<br/>\t".($ldap->fix($dn)).'<br/>'._('to').":<br/>\t".($ldap->fix($d_dn));
/* Check if there are references to this object */
- $ldap->search('(&(member='.LDAP::prepare4filter($dn).')(|(objectClass=gosaGroupOfNames)(objectClass=groupOfNames)))', array('dn'));
+ $ldap->search('(&(member='.ldap_escape_f($dn).')(|(objectClass=gosaGroupOfNames)(objectClass=groupOfNames)))', array('dn'));
$refs = '';
while ($attrs = $ldap->fetch()) {
$ref_dn = $attrs['dn'];