Don't blow up the config if someone enters int'l chars in an LDAP attribute/DN field. Ticket #2227

1 files changed, 14 insertions, 2 deletions

diff --git a/etc/inc/xmlparse.inc b/etc/inc/xmlparse.inc
index d7ccc29..4254ec3 100644
--- a/etc/inc/xmlparse.inc
+++ b/etc/inc/xmlparse.inc
@@ -232,7 +232,13 @@ function dump_xml_config_sub($arr, $indent) {
 						$xmlconfig .= str_repeat("\t", $indent);
 						if((is_bool($cval) && $cval == true) || ($cval === "")) {
 							$xmlconfig .= "<$ent/>\n";
-						} else if ((substr($ent, 0, 5) == "descr") || (substr($ent, 0, 6) == "detail")) {
+						} else if ((substr($ent, 0, 5) == "descr")
+							|| (substr($ent, 0, 6) == "detail")
+							|| (substr($ent, 0, 9) == "ldap_attr")
+							|| (substr($ent, 0, 9) == "ldap_bind")
+							|| (substr($ent, 0, 11) == "ldap_basedn")
+							|| (substr($ent, 0, 18) == "ldap_authcn")
+							|| (substr($ent, 0, 19) == "ldap_extended_query")) {
 							$xmlconfig .= "<$ent><![CDATA[" . htmlentities($cval) . "]]></$ent>\n";
 						} else {
 							$xmlconfig .= "<$ent>" . htmlentities($cval) . "</$ent>\n";
@@ -256,7 +262,13 @@ function dump_xml_config_sub($arr, $indent) {
 				$xmlconfig .= "<$ent/>\n";
 			} else if (!is_bool($val)) {
 				$xmlconfig .= str_repeat("\t", $indent);
-				if ((substr($ent, 0, 5) == "descr") || (substr($ent, 0, 6) == "detail"))
+				if ((substr($ent, 0, 5) == "descr")
+				|| (substr($ent, 0, 6) == "detail")
+				|| (substr($ent, 0, 9) == "ldap_attr")
+				|| (substr($ent, 0, 9) == "ldap_bind")
+				|| (substr($ent, 0, 11) == "ldap_basedn")
+				|| (substr($ent, 0, 18) == "ldap_authcn")
+				|| (substr($ent, 0, 19) == "ldap_extended_query"))
 					$xmlconfig .= "<$ent><![CDATA[" . htmlentities($val) . "]]></$ent>\n";
 				else
 					$xmlconfig .= "<$ent>" . htmlentities($val) . "</$ent>\n";