Updated generateLdif method

[gosa.git] / gosa-core / include / functions.inc

diff --git a/gosa-core/include/functions.inc b/gosa-core/include/functions.inc
index 9ac8c77550bf725d9bed74e1259781ef758b4abb..33ef64f6d9e74e17a808805f4d159b4a5cbaa706 100644 (file)
--- a/gosa-core/include/functions.inc
+++ b/gosa-core/include/functions.inc
@@ -3099,8 +3099,8 @@ function change_password ($dn, $password, $mode=0, $hash= "")
 
       if ($command != ""){
         /* Walk through attribute list */
-        $command= preg_replace("/%userPassword/", $password, $command);
-        $command= preg_replace("/%dn/", $dn, $command);
+        $command= preg_replace("/%userPassword/", escapeshellarg($password), $command);
+        $command= preg_replace("/%dn/", escapeshellarg($dn), $command);
 
         if (check_command($command)){
           @DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__, $command, "Execute");
@@ -3154,7 +3154,9 @@ function generate_smb_nt_hash($password)
       return ("");
     }
   } else {
-         $tmp= $config->get_cfg_value("core",'sambaHashHook')." ".escapeshellarg($password);
+         $tmp = $config->get_cfg_value("core",'sambaHashHook');
+      $tmp = preg_replace("/%userPassword/", escapeshellarg($password), $tmp);
+      $tmp = preg_replace("/%password/", escapeshellarg($password), $tmp);
          @DEBUG (DEBUG_LDAP, __LINE__, __FUNCTION__, __FILE__, $tmp, "Execute");
 
          exec($tmp, $ar);