From 83362dc07202a5558a0554f017ed759bd9ad37ed Mon Sep 17 00:00:00 2001 From: hickert Date: Fri, 27 Aug 2010 12:47:06 +0000 Subject: [PATCH] Added escapeshellargs for security reasons git-svn-id: https://oss.gonicus.de/repositories/gosa/branches/2.6@19472 594d385d-05f5-0310-b6e9-bd551577e9d8 --- gosa-core/include/class_ldap.inc | 61 +++++++++++++++++++++++++------- 1 file changed, 49 insertions(+), 12 deletions(-) diff --git a/gosa-core/include/class_ldap.inc b/gosa-core/include/class_ldap.inc index e12a5478a..de41a1081 100644 --- a/gosa-core/include/class_ldap.inc +++ b/gosa-core/include/class_ldap.inc @@ -857,28 +857,65 @@ class LDAP{ } - /*! \brief Generates an ldif for all entries matching the filter settings, scope and limit. + /*! \brief Generates an ldif for all entries matching the filter settings, scope and limit. * @param $dn The entry to export. * @param $filter Limit the exported object to those maching this filter. - * @param $attributes Specify the attributes to export here, empty means all. * @param $scope 'base', 'sub' .. see manpage for 'ldapmodify' for details. * @param $limit Limits the result. */ - function generateLdif ($dn, $filter= "(objectClass=*)", $attributes= array(), $scope = 'sub', $limit=0) + function generateLdif ($dn, $filter= "(objectClass=*)", $attributes= array(),$scope = 'sub', $limit=0) { - $attrs = (count($attributes))?implode($attributes,' '):''; - $scope = (!empty($scope))?' -s '.$scope: ''; + + // Attributes are unused !! + $attrs = ''; + + // Ensure that limit is numeric if not skip here. + if(!empty($limit) && !is_numeric($limit)){ + trigger_error(sprintf("Invalid parameter for limit '%s', a numeric value is required."), $limit); + return(NULL); + } $limit = (!$limit)?'':' -z '.$limit; + + // Check scope values + $scope = trim($scope); + if(!empty($scope) && !in_array($scope, array('base', 'one', 'sub', 'children'))){ + trigger_error(sprintf("Invalid parameter for scope '%s', please use 'base', 'one', 'sub' or 'children'."), $scope); + return(NULL); + } + $scope = (!empty($scope))?' -s '.$scope: ''; + + // Prepare parameters to be valid for shell execution $dn = escapeshellarg($dn); + $pwd = $this->bindpw; + $host = escapeshellarg($this->hostname); $admin = escapeshellarg($this->binddn); - $pwd = escapeshellarg($this->bindpw); $filter = escapeshellarg($filter); - $host = escapeshellarg($this->hostname); - $cmd = "ldapsearch -x -LLLL -D {$admin} -w {$pwd} {$filter} {$limit} {$scope} -H {$host} -b {$dn} $attrs "; - ob_start(); - passthru($cmd); - $res=ob_get_contents(); - ob_end_clean(); + $cmd = "ldapsearch -x -LLLL -D {$admin} {$filter} {$limit} {$scope} -H {$host} -b {$dn} -W "; + + // Create list of process pipes + $descriptorspec = array( + 0 => array("pipe", "r"), // stdin + 1 => array("pipe", "w"), // stdout + 2 => array("pipe", "w")); // stderr + + // Try to open the process + $process = proc_open($cmd, $descriptorspec, $pipes); + if (is_resource($process)) { + + // Write the password to stdin + fwrite($pipes[0], $pwd); + fclose($pipes[0]); + + // Get results from stdout and stderr + $res = stream_get_contents($pipes[1]); + $err = stream_get_contents($pipes[2]); + fclose($pipes[1]); + + // Close the process and check its return value + if(proc_close($process) != 0){ + trigger_error($err); + } + } return($res); } -- 2.30.2