Code

Updated sudo
authorhickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
Thu, 10 Apr 2008 14:32:44 +0000 (14:32 +0000)
committerhickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
Thu, 10 Apr 2008 14:32:44 +0000 (14:32 +0000)
-Fixed command escaping

git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@10336 594d385d-05f5-0310-b6e9-bd551577e9d8

gosa-plugins/sudo/admin/sudo/class_sudoOption.inc

index 89dff7d1bc556b5587a23f6e3705720bec776190..bbac63d1be563ac04d330d76906d8af72eafdc7f 100644 (file)
@@ -144,8 +144,7 @@ class sudoOption extends plugin
             \, => ,
             \= => = 
          */
-        $value = preg_replace(array("/\\\\\\\\/","/\\\\,/","/\\\\:/","/\\\\=/"),
-                              array("\\",",",":","="),$value);
+        $value = $this->unescape_command($value);
 
         /* Check if the given value is part of our options list.
            If it is not, add it as type STRING and display a warning.  
@@ -398,7 +397,7 @@ class sudoOption extends plugin
         $option = "";
 
         /* Escape special chars */
-        $value = addcslashes($value,"\\:,:=");
+        $value = $this->escape_command($value);
 
         /****
           Save LISTS 
@@ -504,6 +503,40 @@ class sudoOption extends plugin
       $this->load_options();
     }
   }
+
+
+  /*!  \brief   Escape special chars in function parameters.
+       @param   String the string to that must be escaped.
+   */
+  private function escape_command($str)
+  {
+    /* Check if given value is a command (/[a-z]/ ..)
+     */
+    if(preg_match("/^\//",$str)){
+      $cmd = preg_replace("/^([^ ]*).*$/","\\1",$str);
+      $val = preg_replace("/^[^ ]*(.*)$/","\\1",$str);
+      $str = $cmd.addcslashes($val,":.,\\");
+    }
+    return($str);
+  }
+
+
+  /*!  \brief   Unescape special chars in function parameters.
+       @param   String the string to that must be unescaped.
+   */
+  private function unescape_command($str)
+  {
+    /* Check if given value is a command (/[a-z]/ ..)
+     */
+    if(preg_match("/^\//",$str)){
+      $cmd = preg_replace("/^([^ ]*).*$/","\\1",$str);
+      $val = preg_replace("/^[^ ]*(.*)$/","\\1",$str);
+      $val = preg_replace(array("/\\\\\\\\/","/\\\\,/","/\\\\:/","/\\\\=/"),
+                              array("\\",",",":","="),$val);
+      $str = $cmd.$val;
+    }
+    return($str);
+  }
 }
 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
 ?>