index c0af25616f106baecc84c51b72c457fe43faa76b..33ef64f6d9e74e17a808805f4d159b4a5cbaa706 100644 (file)
if (tests::is_id($_POST['new_limit']) &&
isset($_POST['action']) && $_POST['action']=="newlimit"){
- session::global_set('size_limit', validate($_POST['new_limit']));
+ session::global_set('size_limit', get_post('new_limit'));
session::set('size_ignore', FALSE);
}
* */
function check_command($cmdline)
{
+ return(TRUE);
$cmd= preg_replace("/ .*$/", "", $cmdline);
/* Check if command exists in filesystem */
if($test instanceOf passwordMethod){
+ stats::log('global', 'global', array('users'), $action = 'change_password', $amount = 1, 0, $test->get_hash());
+
$deactivated = $test->is_locked($config,$dn);
/* Feed password backends with information */
if ($command != ""){
/* Walk through attribute list */
- $command= preg_replace("/%userPassword/", $password, $command);
- $command= preg_replace("/%dn/", $dn, $command);
+ $command= preg_replace("/%userPassword/", escapeshellarg($password), $command);
+ $command= preg_replace("/%dn/", escapeshellarg($dn), $command);
if (check_command($command)){
@DEBUG (DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__, $command, "Execute");
return ("");
}
} else {
- $tmp= $config->get_cfg_value("core",'sambaHashHook')." ".escapeshellarg($password);
+ $tmp = $config->get_cfg_value("core",'sambaHashHook');
+ $tmp = preg_replace("/%userPassword/", escapeshellarg($password), $tmp);
+ $tmp = preg_replace("/%password/", escapeshellarg($password), $tmp);
@DEBUG (DEBUG_LDAP, __LINE__, __FUNCTION__, __FILE__, $tmp, "Execute");
exec($tmp, $ar);