![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: af970e5)
raw | patch | inline | side by side (parent: af970e5)
| author | hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8> | |
| Wed, 29 Nov 2006 11:08:54 +0000 (11:08 +0000) | ||
| committer | hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8> | |
| Wed, 29 Nov 2006 11:08:54 +0000 (11:08 +0000) |
Made base selection more secure
git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@5246 594d385d-05f5-0310-b6e9-bd551577e9d8
git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@5246 594d385d-05f5-0310-b6e9-bd551577e9d8
diff --git a/plugins/admin/applications/class_applicationGeneric.inc b/plugins/admin/applications/class_applicationGeneric.inc
index cbdd26c7abe9d52ad0a12cf5cd6801fe10cc0d94..cf00e07b52b6d76fbf08c97edb1ce0d00fd55cab 100644 (file)
$smarty->assign($name."ACL",$this->getacl($name));
}
- $baseACL = $this->getacl("base");
- if(!$this->acl_is_moveable()) {
- $baseACL = preg_replace("/w/","",$baseACL);
- }
- $smarty->assign("baseACL", $baseACL);
+ $smarty->assign("baseACL", $this->getacl("base"));
/* Do we represent a valid group? */
if (!$this->is_account && $this->parent == NULL){
if($this->dialog->isClosed()){
$this->dialog = false;
}elseif($this->dialog->isSelected()){
- $this->base = $this->dialog->isSelected();
+
+ $tmp = $this->get_allowed_bases();
+ if(isset($tmp[$this->dialog->isSelected()])){
+ $this->base = $this->dialog->isSelected();
+ }
$this->dialog= false;
}else{
return($this->dialog->execute());
/* Save data to object */
function save_object()
{
- if($this->isReleaseApplikation){
- $tmpBase = $this->base;
- }
-
if (isset($_POST['cn'])){
+ /* Create a base backup and reset the
+ base directly after calling plugin::save_object();
+ Base will be set seperatly a few lines below */
+ $base_tmp = $this->base;
+ plugin::save_object();
+ $this->base = $base_tmp;
+
/* Save attributes */
parent::save_object();
$this->set_picture($_FILES['picture_file']['tmp_name']);
}
- if(isset($_POST['base'])){
- $this->base= $_POST['base'];
+ if(!$this->isReleaseApplikation){
+ $tmp = $this->get_allowed_bases();
+ if(isset($_POST['base'])){
+ if(isset($tmp[$_POST['base']])){
+ $this->base= $_POST['base'];
+ }
+ }
}
}
-
- if($this->isReleaseApplikation){
- $this->base = $tmpBase;
- }
}
diff --git a/plugins/admin/departments/class_departmentGeneric.inc b/plugins/admin/departments/class_departmentGeneric.inc
index e5e21639cf9083b9e4950443d73f335be6b65e6c..ae6d5492bb14d620edc4cceaf89aa67067afab61 100644 (file)
$smarty= get_smarty();
/* Assign base ACL */
- $baseACL = $this->getacl("base");
- if(!$this->acl_is_moveable()) {
- $baseACL = preg_replace("/w/","",$baseACL);
- }
- $smarty->assign("baseACL", $baseACL);
-
+ $smarty->assign("baseACL", $this->getacl("base"));
+
$tmp = $this->plInfo();
foreach($tmp['plProvidedAcls'] as $name => $translation){
$smarty->assign($name."ACL",$this->getacl($name));
if($this->dialog->isClosed()){
$this->dialog = false;
}elseif($this->dialog->isSelected()){
- $this->base = $this->dialog->isSelected();
+
+ /* A new base was selected, check if it is a valid one */
+ $tmp = $this->get_allowed_bases();
+ if(isset($tmp[$this->dialog->isSelected()])){
+ $this->base = $this->dialog->isSelected();
+ }
+
$this->dialog= false;
}else{
return($this->dialog->execute());
function save_object()
{
if (isset($_POST['dep_generic_posted'])){
- plugin::save_object();
- /* Save base, since this is no LDAP attribute */
- if($this->acl_is_moveable() && isset($_POST['base'])){
- $this->base= $_POST['base'];
+ /* Create a base backup and reset the
+ base directly after calling plugin::save_object();
+ Base will be set seperatly a few lines below */
+ $base_tmp = $this->base;
+ plugin::save_object();
+ $this->base = $base_tmp;
+
+ /* Set new base if allowed */
+ $tmp = $this->get_allowed_bases();
+ if(isset($_POST['base'])){
+ if(isset($tmp[$_POST['base']])){
+ $this->base= $_POST['base'];
+ }
}
/* Save tagging flag */
diff --git a/plugins/admin/groups/class_groupGeneric.inc b/plugins/admin/groups/class_groupGeneric.inc
index bca62c1c1571377f8d0644f91e5dc85c453e3fbc..5c933cd658a9e908bd8ef9c366743659478656e2 100644 (file)
if($this->dialog->isClosed()){
$this->dialog = false;
}elseif($this->dialog->isSelected()){
- if($this->acl_is_moveable()){
+
+ /* Check if selected base is valid */
+ $tmp = $this->get_allowed_bases();
+ if(isset($tmp[$_POST['base']])){
$this->base = $this->dialog->isSelected();
}
$this->dialog= false;
}
/* Assign base ACL */
- $baseACL = $this->getacl("base");
- if(!$this->acl_is_moveable()) {
- $baseACL = preg_replace("/w/","",$baseACL);
- }
- $smarty->assign("baseACL", $baseACL);
+ $smarty->assign("baseACL", $this->getacl("base"));
/* Manage object add dialog */
if ($this->group_dialog){
return ($display);
}
- /* Bases / Departments */
- if (isset($_POST['base'])){
- $this->base= $_POST['base'];
- }
-
$smarty->assign("bases", $this->get_allowed_bases());
$smarty->assign("base_select", $this->base);
/* Save additional values for possible next step */
if (isset($_POST['groupedit'])){
+ /* Create a base backup and reset the
+ base directly after calling plugin::save_object();
+ Base will be set seperatly a few lines below */
+ $base_tmp = $this->base;
plugin::save_object();
+ $this->base = $base_tmp;
$this->force_gid= 0;
-
/* Only reset sambagroup flag if we are able to write this flag */
if($this->acl_is_writeable("sambaGroupType")){
$this->smbgroup = 0;
}
/* Get base selection */
- if($this->acl_is_moveable() && isset($_POST['base'])){
- $this->base = $_POST['base'];
+ if(isset($_POST['base'])){
+ $tmp = $this->get_allowed_bases();
+ if(isset($tmp[$_POST['base']])){
+ $this->base = $_POST['base'];
+ }
}
foreach (array(
diff --git a/plugins/admin/mimetypes/class_mimetypeGeneric.inc b/plugins/admin/mimetypes/class_mimetypeGeneric.inc
index f4bb14f11d0380202b8102115a764c538ba8221a..ed176f64ede603ef908e1dadc470c2dcfc53f969 100644 (file)
}
/* Assign base ACL */
- $baseACL = $this->getacl("base");
- if(!$this->acl_is_moveable()) {
- $baseACL = preg_replace("/w/","",$baseACL);
- }
- $smarty->assign("baseACL", $baseACL);
+ $smarty->assign("baseACL", $this->getacl("base"));
/* Base select dialog */
$once = true;
if($this->dialog->isClosed()){
$this->dialog = false;
}elseif($this->dialog->isSelected()){
- $this->base = $this->dialog->isSelected();
+
+ /* A new base was selected, check if it is a valid one */
+ $tmp = $this->get_allowed_bases();
+ if(isset($tmp[$this->dialog->isSelected()])){
+ $this->base = $this->dialog->isSelected();
+ }
+
$this->dialog= false;
}else{
return($this->dialog->execute());
function save_object()
{
if(isset($_POST['MimeGeneric'])){
+
+ /* Create a base backup and reset the
+ base directly after calling plugin::save_object();
+ Base will be set seperatly a few lines below */
+ $base_tmp = $this->base;
plugin::save_object();
+ $this->base = $base_tmp;
/* Only save base if we are not in release mode */
if(!$this->isReleaseMimeType){
+
+ /* Set new base if allowed */
+ $tmp = $this->get_allowed_bases();
if(isset($_POST['base'])){
- $this->base = $_POST['base'];
+ if(isset($tmp[$_POST['base']])){
+ $this->base= $_POST['base'];
+ }
}
+
}
/* Save radio buttons */
diff --git a/plugins/admin/systems/class_componentGeneric.inc b/plugins/admin/systems/class_componentGeneric.inc
index cd7004384d31ac89aec92209e5f76146d50b6e88..d05af5d6688623e5d42fd4b5f1ab8b433b013b2b 100644 (file)
if($this->dialog->isClosed()){
$this->dialog = false;
}elseif($this->dialog->isSelected()){
- $this->base = $this->dialog->isSelected();
+
+ /* A new base was selected, check if it is a valid one */
+ $tmp = $this->get_allowed_bases();
+ if(isset($tmp[$this->dialog->isSelected()])){
+ $this->base = $this->dialog->isSelected();
+ }
+
$this->dialog= false;
}else{
return($this->dialog->execute());
$smarty= get_smarty();
$smarty->assign("bases", $this->config->idepartments);
- /* Create base acls */
- $baseACL = $this->getacl("base");
- if(!$this->acl_is_moveable()) {
- $baseACL = preg_replace("/w/","",$baseACL);
- }
- $smarty->assign("baseACL", $baseACL);
-
/* Set acls */
$tmp = $this->plInfo();
foreach($tmp['plProvidedAcls'] as $name => $translation){
$smarty->assign("bases", $this->get_allowed_bases());
-
/* Assign attributes */
foreach ($this->attributes as $attr){
$smarty->assign("$attr", $this->$attr);
/* Save data to object */
function save_object()
{
+
+ /* Create a base backup and reset the
+ base directly after calling plugin::save_object();
+ Base will be set seperatly a few lines below */
+ $base_tmp = $this->base;
plugin::save_object();
+ $this->base = $base_tmp;
$this->netConfigDNS->save_object();
- /* Save base, since this is no LDAP attribute */
- if (isset($_POST['base']) && $this->acl_is_moveable()){
- $this->base= $_POST['base'];
+ /* Set new base if allowed */
+ $tmp = $this->get_allowed_bases();
+ if(isset($_POST['base'])){
+ if(isset($tmp[$_POST['base']])){
+ $this->base= $_POST['base'];
+ }
}
}
diff --git a/plugins/admin/systems/class_phoneGeneric.inc b/plugins/admin/systems/class_phoneGeneric.inc
index 0605974ebc3f59345cd240f03e07b8069a979d39..4305e79e2910774faa519f88d8f0a5adf9098cd6 100644 (file)
if($this->dialog->isClosed()){
$this->dialog = false;
}elseif($this->dialog->isSelected()){
- $this->base = $this->dialog->isSelected();
+
+ /* A new base was selected, check if it is a valid one */
+ $tmp = $this->get_allowed_bases();
+ if(isset($tmp[$this->dialog->isSelected()])){
+ $this->base = $this->dialog->isSelected();
+ }
+
$this->dialog= false;
}else{
return($this->dialog->execute());
/* Fill templating stuff */
$smarty= get_smarty();
- /* Assign base ACL */
- $baseACL = $this->getacl("base");
- if(!$this->acl_is_moveable()) {
- $baseACL = preg_replace("/w/","",$baseACL);
- }
- $smarty->assign("baseACL", $baseACL);
$smarty->assign("bases", $this->get_allowed_bases());
$tmp = $this->plInfo();
/* Save data to object */
function save_object()
{
+ /* Create a base backup and reset the
+ base directly after calling plugin::save_object();
+ Base will be set seperatly a few lines below */
+ $base_tmp = $this->base;
plugin::save_object();
+ $this->base = $base_tmp;
+
$this->netConfigDNS->save_object();
- /* Save base, since this is no LDAP attribute */
- if (isset($_POST['base']) && $this->acl_is_moveable()){
- $this->base= $_POST['base'];
+
+ /* Set new base if allowed */
+ $tmp = $this->get_allowed_bases();
+ if(isset($_POST['base'])){
+ if(isset($tmp[$_POST['base']])){
+ $this->base= $_POST['base'];
+ }
}
}
diff --git a/plugins/admin/systems/class_printGeneric.inc b/plugins/admin/systems/class_printGeneric.inc
index a253a2296e7d6e20439e9d8cc6f2a9428f7ff8ab..021c75f9d0f5b6864dbd6fbe27e31abb6d306aac 100644 (file)
$smarty->assign($name."ACL", $this->getacl($name));
}
- /* Create base acls */
- $baseACL = $this->getacl("base");
- if(!$this->acl_is_moveable()) {
- $baseACL = preg_replace("/w/","",$baseACL);
- }
- $smarty->assign("baseACL", $baseACL);
-
-
$display="";
/* Tell smarty if this is a standalone object or a terminal / WS depending printer */
$this->dialog = false;
$this->baseSelection = false;
}elseif($this->dialog->isSelected()){
- $this->base = $this->dialog->isSelected();
+
+ /* A new base was selected, check if it is a valid one */
+ $tmp = $this->get_allowed_bases();
+ if(isset($tmp[$this->dialog->isSelected()])){
+ $this->base = $this->dialog->isSelected();
+ }
+
$this->dialog= false;
$this->baseSelection = false;
}else{
/* Save data to object */
function save_object()
{
+ /* Create a base backup and reset the
+ base directly after calling plugin::save_object();
+ Base will be set seperatly a few lines below */
+ $base_tmp = $this->base;
plugin::save_object();
-
+ $this->base = $base_tmp;
+
if(is_object($this->netConfigDNS)){
$this->netConfigDNS->save_object();
}
-
- /* Save base, since this is no LDAP attribute */
- if((isset($_POST['base'])) && ($this->acl_is_moveable()) ) {
- $this->set_acl_base('dummy,'.$_POST['base']);
- if($this->acl_is_moveable()){
-
- if(isset($this->config->idepartments[$_POST['base']])){
- $this->base = $_POST['base'];
- if ($_POST['base'] != $this->base){
- $this->is_modified= TRUE;
- }
- }
- }else{
-
- print_red(sprintf(_("You are not allowed to move this object to '%s'."),LDAP::fix($_POST['base'])));
- $this->set_acl_base('dummy,'.$this->base);
+
+ /* Set new base if allowed */
+ $tmp = $this->get_allowed_bases();
+ if(isset($_POST['base'])){
+ if(isset($tmp[$_POST['base']])){
+ $this->base= $_POST['base'];
}
}
}
diff --git a/plugins/admin/systems/class_terminalGeneric.inc b/plugins/admin/systems/class_terminalGeneric.inc
index 8771847a00a67dd58b72144f122a5a15b21b2e95..b82f778be77766ce939f6e96356be17cc62f1377 100644 (file)
if($this->dialog->isClosed()){
$this->dialog = false;
}elseif($this->dialog->isSelected()){
- $this->base = $this->dialog->isSelected();
+
+ /* A new base was selected, check if it is a valid one */
+ $tmp = $this->get_allowed_bases();
+ if(isset($tmp[$this->dialog->isSelected()])){
+ $this->base = $this->dialog->isSelected();
+ }
$this->dialog= false;
}else{
return($this->dialog->execute());
/* Save data to object */
function save_object()
{
+ /* Create a base backup and reset the
+ base directly after calling plugin::save_object();
+ Base will be set seperatly a few lines below */
+ $base_tmp = $this->base;
plugin::save_object();
+ $this->base = $base_tmp;
+
+ /* Set new base if allowed */
+ $tmp = $this->get_allowed_bases();
+ if(isset($_POST['base'])){
+ if(isset($tmp[$_POST['base']])){
+ $this->base= $_POST['base'];
+ }
+ }
+
$this->netConfigDNS->save_object();
/* Save terminal path to parent since it is used by termstartup, too */
diff --git a/plugins/admin/systems/class_winGeneric.inc b/plugins/admin/systems/class_winGeneric.inc
index 844b6795dd3a674f0d4b70220495e38644ba35e9..fd57c3a642616bee194f02ab3f865e87bf9280c5 100644 (file)
if($this->dialog->isClosed()){
$this->dialog = false;
}elseif($this->dialog->isSelected()){
- $this->base = $this->dialog->isSelected();
+
+ /* A new base was selected, check if it is a valid one */
+ $tmp = $this->get_allowed_bases();
+ if(isset($tmp[$this->dialog->isSelected()])){
+ $this->base = $this->dialog->isSelected();
+ }
+
$this->dialog= false;
}else{
return($this->dialog->execute());
/* Save data to object */
function save_object()
{
+ /* Create a base backup and reset the
+ base directly after calling plugin::save_object();
+ Base will be set seperatly a few lines below */
+ $base_tmp = $this->base;
plugin::save_object();
+ $this->base = $base_tmp;
+
$this->netConfigDNS->save_object();
- /* Save base, since this is no LDAP attribute */
- if (isset($_POST['base']) && $this->acl_is_moveable()){
- $this->base= $_POST['base'];
+
+ /* Set new base if allowed */
+ $tmp = $this->get_allowed_bases();
+ if(isset($_POST['base'])){
+ if(isset($tmp[$_POST['base']])){
+ $this->base= $_POST['base'];
+ }
}
}
diff --git a/plugins/admin/systems/class_workstationGeneric.inc b/plugins/admin/systems/class_workstationGeneric.inc
index 365456b749ec12e226b69e37d2455ffcb0ee092e..0676dca180d9892edaeaf8b8bd4f921e98c95487 100644 (file)
$this->dialog = false;
}elseif($this->dialog->isSelected()){
$this->base = $this->dialog->isSelected();
+
+ /* A new base was selected, check if it is a valid one */
+ $tmp = $this->get_allowed_bases();
+ if(isset($tmp[$this->dialog->isSelected()])){
+ $this->base = $this->dialog->isSelected();
+ }
+
$this->dialog= false;
}else{
return($this->dialog->execute());
$smarty= get_smarty();
/* Create base acls */
- $baseACL = $this->getacl("base");
- if(!$this->acl_is_moveable()) {
- $baseACL = preg_replace("/w/","",$baseACL);
- }
- $smarty->assign("baseACL", $baseACL);
+ $smarty->assign("baseACL", $this->getacl("base"));
/* Set acls */
$tmp = $this->plInfo();
/* Save data to object */
function save_object()
{
+
+ /* Create a base backup and reset the
+ base directly after calling plugin::save_object();
+ Base will be set seperatly a few lines below */
+ $base_tmp = $this->base;
plugin::save_object();
+ $this->base = $base_tmp;
/* Save base, since this is no LDAP attribute */
- if((isset($_POST['base'])) && ($this->acl_is_moveable())){
- $this->set_acl_base('dummy,'.$_POST['base']);
- if($this->acl_is_moveable()){
-
- if(isset($this->config->idepartments[$_POST['base']])){
- $this->base = $_POST['base'];
- if ($_POST['base'] != $this->base){
- $this->is_modified= TRUE;
- }
- }
+ $tmp = $this->get_allowed_bases();
+ if(isset($_POST['base'])){
+ if(isset($tmp[$_POST['base']])){
+ $this->base= $_POST['base'];
}
}
+
$this->netConfigDNS->save_object();
/* Set inherit mode */
index 25ab27052167ff9eb9ac3ca9f6ffa90f0bd221a2..d2d8e9c25f47a3644192c448accd79c3708c005d 100644 (file)
if($this->dialog->isClosed()){
$this->dialog = false;
}elseif($this->dialog->isSelected()){
- $this->base = $this->dialog->isSelected();
+
+ /* check if selected base is allowed to move to / create a new object */
+ $tmp = $this->get_allowed_bases();
+ if(isset($tmp[$this->dialog->isSelected()])){
+ $this->base = $this->dialog->isSelected();
+ }
$this->dialog= false;
}else{
return($this->dialog->execute());
$smarty->assign("userPicture_is_readable", $this->acl_is_readable("userPicture",(!is_object($this->parent) && !isset($_SESSION['edit']))));
/* Create base acls */
- $baseACL = $this->getacl("base",(!is_object($this->parent) && !isset($_SESSION['edit'])));
- if($this->dn == "new" && !$this->acl_is_createable()) {
- $baseACL = preg_replace("/w/","",$baseACL);
- }elseif($this->dn != "new" && !$this->acl_is_moveable()) {
- $baseACL = preg_replace("/w/","",$baseACL);
- }
- $smarty->assign("baseACL", $baseACL);
+ $smarty->assign("baseACL",$this->getacl("base",(!is_object($this->parent) && !isset($_SESSION['edit']))));
@$smarty->assign("bases", $this->allowedBasesToMoveTo());
/* Save government mode attributes */
{
if (isset($_POST['generic'])){
+ /* Make a backup of the current selected base */
+ $base_tmp = $this->base;
+
/* Parents save function */
plugin::save_object ();
/* Save base and pw_storage, since these are no LDAP attributes */
if (isset($_POST['base'])){
- $this->set_acl_base('dummy,'.$_POST['base']);
- if($this->acl_is_moveable("base")){
-
- foreach(array("base") as $val){
- if(isset($_POST[$val])){
- $data= validate($_POST[$val]);
- if ($data != $this->$val){
- $this->is_modified= TRUE;
- }
- $this->$val= $data;
- }
+ $tmp = $this->get_allowed_bases();
+ if(isset($tmp[$_POST['base']])){
+ $base= validate($_POST['base']);
+ if ($base != $this->base){
+ $this->is_modified= TRUE;
}
+ $this->base= $base;
}else{
+ $this->base = $base_tmp;
print_red(sprintf(_("You are not allowed to move this object to '%s'."),LDAP::fix($_POST['base'])));
$this->set_acl_base('dummy,'.$this->base);
}