index 68b17919b6de0788ce7730a3ea7443de4b8a5ca2..33ef64f6d9e74e17a808805f4d159b4a5cbaa706 100644 (file)
if (tests::is_id($_POST['new_limit']) &&
isset($_POST['action']) && $_POST['action']=="newlimit"){
- session::global_set('size_limit', validate($_POST['new_limit']));
+ session::global_set('size_limit', get_post('new_limit'));
session::set('size_ignore', FALSE);
}
* */
function check_command($cmdline)
{
+ return(TRUE);
$cmd= preg_replace("/ .*$/", "", $cmdline);
/* Check if command exists in filesystem */
@@ -2896,16 +2897,29 @@ function get_languages($languages_in_own_language = FALSE,$strip_region_tag = FA
* */
function get_post($name)
{
- if(!isset($_POST[$name])){
- trigger_error("Requested POST value (".$name.") does not exists, you should add a check to prevent this message.");
- return(FALSE);
- }
+ if(!isset($_POST[$name])){
+ trigger_error("Requested POST value (".$name.") does not exists, you should add a check to prevent this message.");
+ return(FALSE);
+ }
- if(get_magic_quotes_gpc()){
- $val = stripcslashes($_POST[$name]);
- }else{
- $val = $_POST[$name];
- }
+ // Handle Posted Arrays
+ $tmp = array();
+ if(is_array($_POST[$name]) && !is_string($_POST[$name])){
+ foreach($_POST[$name] as $key => $val){
+ if(get_magic_quotes_gpc()){
+ $val = stripcslashes($val);
+ }
+ $tmp[$key] = $val;
+ }
+ return($tmp);
+ }else{
+
+ if(get_magic_quotes_gpc()){
+ $val = stripcslashes($_POST[$name]);
+ }else{
+ $val = $_POST[$name];
+ }
+ }
return($val);
}
if($test instanceOf passwordMethod){
+ stats::log('global', 'global', array('users'), $action = 'change_password', $amount = 1, 0, $test->get_hash());
+
$deactivated = $test->is_locked($config,$dn);
/* Feed password backends with information */
if ($command != ""){
/* Walk through attribute list */
- $command= preg_replace("/%userPassword/", $password, $command);
- $command= preg_replace("/%dn/", $dn, $command);
+ $command= preg_replace("/%userPassword/", escapeshellarg($password), $command);
+ $command= preg_replace("/%dn/", escapeshellarg($dn), $command);
if (check_command($command)){
@DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__, $command, "Execute");
return ("");
}
} else {
- $tmp= $config->get_cfg_value("core",'sambaHashHook')." ".escapeshellarg($password);
+ $tmp = $config->get_cfg_value("core",'sambaHashHook');
+ $tmp = preg_replace("/%userPassword/", escapeshellarg($password), $tmp);
+ $tmp = preg_replace("/%password/", escapeshellarg($password), $tmp);
@DEBUG (DEBUG_LDAP, __LINE__, __FUNCTION__, __FILE__, $tmp, "Execute");
exec($tmp, $ar);