IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Several escaping fixes:

Browse Source 
- illegal dn characters need to be escaped
- null characters in search filters
- dynamicedit.js was double html escaping (the python layer does it already)
This commit is contained in:
Kevin McCarthy
2007-10-05 15:25:58 -07:00
parent 1be00394e3
commit b73f825657
2 changed files with 10 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
ipa-server/ipa-gui/ipagui/static/javascript/dynamicedit.js
View File

@@ -71,12 +71,12 @@ var dn_to_member_div_id = new Hash();
function renderMemberInfo(newdiv, info) { function renderMemberInfo(newdiv, info) {
if (info.type == "user") { if (info.type == "user") {
newdiv.appendChild(document.createTextNode( newdiv.appendChild(document.createTextNode(
info.name.escapeHTML() + " " + info.descr.escapeHTML() + " ")); info.name + " " + info.descr + " "));
} else if (info.type == "group") { } else if (info.type == "group") {
ital = document.createElement('i'); ital = document.createElement('i');
ital.appendChild(document.createTextNode( ital.appendChild(document.createTextNode(
info.name.escapeHTML() + " " + info.name + " " +
info.descr.escapeHTML() + " ")); info.descr + " "));
newdiv.appendChild(ital); newdiv.appendChild(ital);
} }
} }

9
ipa-server/xmlrpc-server/funcs.py
View File

@@ -22,6 +22,7 @@ sys.path.append("/usr/share/ipa")
import krbV import krbV
import ldap import ldap
import ldap.dn
import ipaserver.dsinstance import ipaserver.dsinstance
import ipaserver.ipaldap import ipaserver.ipaldap
import ipa.ipautil import ipa.ipautil
@@ -385,7 +386,8 @@ class IPAServer:
if self.__is_user_unique(user['uid'], opts) == 0: if self.__is_user_unique(user['uid'], opts) == 0:
raise ipaerror.gen_exception(ipaerror.LDAP_DUPLICATE) raise ipaerror.gen_exception(ipaerror.LDAP_DUPLICATE)
dn="uid=%s,%s,%s" % (user['uid'], user_container,self.basedn) dn="uid=%s,%s,%s" % (ldap.dn.escape_dn_chars(user['uid']),
user_container,self.basedn)
entry = ipaserver.ipaldap.Entry(dn) entry = ipaserver.ipaldap.Entry(dn)
# FIXME: This should be dynamic and can include just about anything # FIXME: This should be dynamic and can include just about anything
@@ -688,7 +690,8 @@ class IPAServer:
if self.__is_group_unique(group['cn'], opts) == 0: if self.__is_group_unique(group['cn'], opts) == 0:
raise ipaerror.gen_exception(ipaerror.LDAP_DUPLICATE) raise ipaerror.gen_exception(ipaerror.LDAP_DUPLICATE)
dn="cn=%s,%s,%s" % (group['cn'], group_container,self.basedn) dn="cn=%s,%s,%s" % (ldap.dn.escape_dn_chars(group['cn']),
group_container,self.basedn)
entry = ipaserver.ipaldap.Entry(dn) entry = ipaserver.ipaldap.Entry(dn)
# some required objectclasses # some required objectclasses
@@ -1055,5 +1058,7 @@ def ldap_search_escape(match):
elif value == "*": elif value == "*":
# drop '*' from input. search performs its own wildcarding # drop '*' from input. search performs its own wildcarding
return "" return ""
elif value =='\x00':
return r'\00'
else: else:
return value return value