Updated generateLdif method

[gosa.git] / gosa-core / include / functions.inc

diff --git a/gosa-core/include/functions.inc b/gosa-core/include/functions.inc
index 993fc46c389b9fda3dd9648fa89ea9c08a4cfbc5..33ef64f6d9e74e17a808805f4d159b4a5cbaa706 100644 (file)
--- a/gosa-core/include/functions.inc
+++ b/gosa-core/include/functions.inc
@@ -1298,7 +1298,7 @@ function eval_sizelimit()
     if (tests::is_id($_POST['new_limit']) &&
         isset($_POST['action']) && $_POST['action']=="newlimit"){
 
-      session::global_set('size_limit', validate($_POST['new_limit']));
+      session::global_set('size_limit', get_post('new_limit'));
       session::set('size_ignore', FALSE);
     }
 
@@ -1743,6 +1743,7 @@ function dn2base($dn)
  * */
 function check_command($cmdline)
 {
+  return(TRUE);  
   $cmd= preg_replace("/ .*$/", "", $cmdline);
 
   /* Check if command exists in filesystem */
@@ -2895,19 +2896,75 @@ function get_languages($languages_in_own_language = FALSE,$strip_region_tag = FA
  * \return string
  * */
 function get_post($name)
+{
+    if(!isset($_POST[$name])){
+        trigger_error("Requested POST value (".$name.") does not exists, you should add a check to prevent this message.");
+        return(FALSE);
+    }
+
+    // Handle Posted Arrays
+    $tmp = array();
+    if(is_array($_POST[$name]) && !is_string($_POST[$name])){
+        foreach($_POST[$name] as $key => $val){
+            if(get_magic_quotes_gpc()){
+                $val = stripcslashes($val);
+            }
+            $tmp[$key] = $val;
+        } 
+        return($tmp);
+    }else{
+
+        if(get_magic_quotes_gpc()){
+            $val = stripcslashes($_POST[$name]);
+        }else{
+            $val = $_POST[$name];
+        }
+    }
+  return($val);
+}
+
+
+/*! \brief Returns contents of the given POST variable and check magic quotes settings
+ *
+ * Depending on the magic quotes settings this returns a stripclashed'ed version of
+ * a certain POST variable.
+ *
+ * \param string 'name' the POST var to return ($_POST[$name])
+ * \return string
+ * */
+function get_binary_post($name)
 {
   if(!isset($_POST[$name])){
     trigger_error("Requested POST value (".$name.") does not exists, you should add a check to prevent this message.");
     return(FALSE);
   }
 
+  $p = str_replace('\0', '', $_POST[$name]);
   if(get_magic_quotes_gpc()){
-    return(stripcslashes(validate($_POST[$name])));
+    return(stripcslashes($p));
   }else{
-    return(validate($_POST[$name]));
+    return($_POST[$p]);
   }
 }
 
+function set_post($value)
+{
+    // Take care of array, recursivly convert each array entry.
+    if(is_array($value)){
+        foreach($value as $key => $val){
+            $value[$key] = set_post($val);
+        }
+        return($value);
+    }
+    
+    // Do not touch boolean values, we may break them.
+    if($value === TRUE || $value === FALSE ) return($value);
+
+    // Return a fixed string which can then be used in HTML fields without 
+    //  breaking the layout or the values. This allows to use '"<> in input fields.
+    return(htmlentities($value, ENT_QUOTES, 'utf-8'));
+}
+
 
 /*! \brief Return class name in correct case */
 function get_correct_class_name($cls)
@@ -2981,6 +3038,8 @@ function change_password ($dn, $password, $mode=0, $hash= "")
 
   if($test instanceOf passwordMethod){
 
+    stats::log('global', 'global', array('users'),  $action = 'change_password', $amount = 1, 0, $test->get_hash());
+
     $deactivated = $test->is_locked($config,$dn);
 
     /* Feed password backends with information */
@@ -3001,12 +3060,17 @@ function change_password ($dn, $password, $mode=0, $hash= "")
 
     // Not for groups
     if ($mode == 0){
-      // Create SMB Password
-      $attrs= generate_smb_nt_hash($password);
 
-      if ($shadow != 0){
-        $attrs['shadowLastChange']= $shadow;
-      }
+        $tmp = $config->get_cfg_value('core','sambaHashHook');
+        if(!empty($tmp)){
+
+            // Create SMB Password
+            $attrs= generate_smb_nt_hash($password);
+
+            if ($shadow != 0){
+                $attrs['shadowLastChange']= $shadow;
+            }
+        }
     }
 
     $attrs['userPassword']= array();
@@ -3035,8 +3099,8 @@ function change_password ($dn, $password, $mode=0, $hash= "")
 
       if ($command != ""){
         /* Walk through attribute list */
-        $command= preg_replace("/%userPassword/", $password, $command);
-        $command= preg_replace("/%dn/", $dn, $command);
+        $command= preg_replace("/%userPassword/", escapeshellarg($password), $command);
+        $command= preg_replace("/%dn/", escapeshellarg($dn), $command);
 
         if (check_command($command)){
           @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__, $command, "Execute");
@@ -3090,7 +3154,9 @@ function generate_smb_nt_hash($password)
       return ("");
     }
   } else {
-         $tmp= $config->get_cfg_value("core",'sambaHashHook')." ".escapeshellarg($password);
+         $tmp = $config->get_cfg_value("core",'sambaHashHook');
+      $tmp = preg_replace("/%userPassword/", escapeshellarg($password), $tmp);
+      $tmp = preg_replace("/%password/", escapeshellarg($password), $tmp);
          @DEBUG (DEBUG_LDAP, __LINE__, __FUNCTION__, __FILE__, $tmp, "Execute");
 
          exec($tmp, $ar);