From 1ff07a51310b2506c89ac8370d2e7fbed6deaa88 Mon Sep 17 00:00:00 2001
From: hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
Date: Thu, 10 Apr 2008 14:32:44 +0000
Subject: [PATCH] Updated sudo -Fixed command escaping

git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@10336 594d385d-05f5-0310-b6e9-bd551577e9d8
---
 .../sudo/admin/sudo/class_sudoOption.inc      | 39 +++++++++++++++++--
 1 file changed, 36 insertions(+), 3 deletions(-)

diff --git a/gosa-plugins/sudo/admin/sudo/class_sudoOption.inc b/gosa-plugins/sudo/admin/sudo/class_sudoOption.inc
index 89dff7d1b..bbac63d1b 100644
--- a/gosa-plugins/sudo/admin/sudo/class_sudoOption.inc
+++ b/gosa-plugins/sudo/admin/sudo/class_sudoOption.inc
@@ -144,8 +144,7 @@ class sudoOption extends plugin
             \, => ,
             \= => = 
          */
-        $value = preg_replace(array("/\\\\\\\\/","/\\\\,/","/\\\\:/","/\\\\=/"),
-                              array("\\",",",":","="),$value);
+        $value = $this->unescape_command($value);
 
         /* Check if the given value is part of our options list.
            If it is not, add it as type STRING and display a warning.  
@@ -398,7 +397,7 @@ class sudoOption extends plugin
         $option = "";
 
         /* Escape special chars */
-        $value = addcslashes($value,"\\:,:=");
+        $value = $this->escape_command($value);
 
         /****
           Save LISTS 
@@ -504,6 +503,40 @@ class sudoOption extends plugin
       $this->load_options();
     }
   }
+
+
+  /*!  \brief   Escape special chars in function parameters.
+       @param   String the string to that must be escaped.
+   */
+  private function escape_command($str)
+  {
+    /* Check if given value is a command (/[a-z]/ ..)
+     */
+    if(preg_match("/^\//",$str)){
+      $cmd = preg_replace("/^([^ ]*).*$/","\\1",$str);
+      $val = preg_replace("/^[^ ]*(.*)$/","\\1",$str);
+      $str = $cmd.addcslashes($val,":.,\\");
+    }
+    return($str);
+  }
+
+
+  /*!  \brief   Unescape special chars in function parameters.
+       @param   String the string to that must be unescaped.
+   */
+  private function unescape_command($str)
+  {
+    /* Check if given value is a command (/[a-z]/ ..)
+     */
+    if(preg_match("/^\//",$str)){
+      $cmd = preg_replace("/^([^ ]*).*$/","\\1",$str);
+      $val = preg_replace("/^[^ ]*(.*)$/","\\1",$str);
+      $val = preg_replace(array("/\\\\\\\\/","/\\\\,/","/\\\\:/","/\\\\=/"),
+                              array("\\",",",":","="),$val);
+      $str = $cmd.$val;
+    }
+    return($str);
+  }
 }
 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
 ?>
-- 
2.30.2