From b73f82565748161ce2b0f344f87bfbcc72f1f2ad Mon Sep 17 00:00:00 2001
From: Kevin McCarthy <kmccarth@redhat.com>
Date: Fri, 5 Oct 2007 15:25:58 -0700
Subject: [PATCH] Several escaping fixes: - illegal dn characters need to be
 escaped - null characters in search filters - dynamicedit.js was double html
 escaping (the python layer does it already)

---
 .../ipa-gui/ipagui/static/javascript/dynamicedit.js      | 6 +++---
 ipa-server/xmlrpc-server/funcs.py                        | 9 +++++++--
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/ipa-server/ipa-gui/ipagui/static/javascript/dynamicedit.js b/ipa-server/ipa-gui/ipagui/static/javascript/dynamicedit.js
index 1cb38f28c..5d157cb86 100644
--- a/ipa-server/ipa-gui/ipagui/static/javascript/dynamicedit.js
+++ b/ipa-server/ipa-gui/ipagui/static/javascript/dynamicedit.js
@@ -71,12 +71,12 @@ var dn_to_member_div_id = new Hash();
 function renderMemberInfo(newdiv, info) {
   if (info.type == "user") {
     newdiv.appendChild(document.createTextNode(
-      info.name.escapeHTML() + " " + info.descr.escapeHTML() + " "));
+      info.name + " " + info.descr + " "));
   } else if (info.type == "group") {
     ital = document.createElement('i');
     ital.appendChild(document.createTextNode(
-      info.name.escapeHTML() + " " + 
-      info.descr.escapeHTML() + " "));
+      info.name + " " + 
+      info.descr + " "));
     newdiv.appendChild(ital);
   }
 }
diff --git a/ipa-server/xmlrpc-server/funcs.py b/ipa-server/xmlrpc-server/funcs.py
index 8a6bbf910..52c382409 100644
--- a/ipa-server/xmlrpc-server/funcs.py
+++ b/ipa-server/xmlrpc-server/funcs.py
@@ -22,6 +22,7 @@ sys.path.append("/usr/share/ipa")
 
 import krbV
 import ldap
+import ldap.dn
 import ipaserver.dsinstance
 import ipaserver.ipaldap
 import ipa.ipautil
@@ -385,7 +386,8 @@ class IPAServer:
         if self.__is_user_unique(user['uid'], opts) == 0:
             raise ipaerror.gen_exception(ipaerror.LDAP_DUPLICATE)
 
-        dn="uid=%s,%s,%s" % (user['uid'], user_container,self.basedn)
+        dn="uid=%s,%s,%s" % (ldap.dn.escape_dn_chars(user['uid']),
+                             user_container,self.basedn)
         entry = ipaserver.ipaldap.Entry(dn)
 
         # FIXME: This should be dynamic and can include just about anything
@@ -688,7 +690,8 @@ class IPAServer:
         if self.__is_group_unique(group['cn'], opts) == 0:
             raise ipaerror.gen_exception(ipaerror.LDAP_DUPLICATE)
 
-        dn="cn=%s,%s,%s" % (group['cn'], group_container,self.basedn)
+        dn="cn=%s,%s,%s" % (ldap.dn.escape_dn_chars(group['cn']),
+                            group_container,self.basedn)
         entry = ipaserver.ipaldap.Entry(dn)
 
         # some required objectclasses
@@ -1055,5 +1058,7 @@ def ldap_search_escape(match):
     elif value == "*":
         # drop '*' from input.  search performs its own wildcarding
         return ""
+    elif value =='\x00':
+        return r'\00'
     else:
         return value