diff options
| author | jim-p <jimp@pfsense.org> | 2013-07-17 10:52:25 -0400 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2013-07-17 10:52:25 -0400 |
| commit | bcf4b8ccf6661a3e2f8e7202814fb1bd80814a4c (patch) | |
| tree | c9e6b885b887a9beec5a56547e5e7929abcb52ec /etc/inc/xmlparse.inc | |
| parent | a5cd1c5a4286062b84caf32df860f2e2f2e204aa (diff) | |
| download | pfsense-bcf4b8ccf6661a3e2f8e7202814fb1bd80814a4c.zip pfsense-bcf4b8ccf6661a3e2f8e7202814fb1bd80814a4c.tar.gz | |
Don't blow up the config if someone enters int'l chars in an LDAP attribute/DN field. Ticket #2227
Diffstat (limited to 'etc/inc/xmlparse.inc')
| -rw-r--r-- | etc/inc/xmlparse.inc | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/etc/inc/xmlparse.inc b/etc/inc/xmlparse.inc index d7ccc29..4254ec3 100644 --- a/etc/inc/xmlparse.inc +++ b/etc/inc/xmlparse.inc @@ -232,7 +232,13 @@ function dump_xml_config_sub($arr, $indent) { $xmlconfig .= str_repeat("\t", $indent); if((is_bool($cval) && $cval == true) || ($cval === "")) { $xmlconfig .= "<$ent/>\n"; - } else if ((substr($ent, 0, 5) == "descr") || (substr($ent, 0, 6) == "detail")) { + } else if ((substr($ent, 0, 5) == "descr") + || (substr($ent, 0, 6) == "detail") + || (substr($ent, 0, 9) == "ldap_attr") + || (substr($ent, 0, 9) == "ldap_bind") + || (substr($ent, 0, 11) == "ldap_basedn") + || (substr($ent, 0, 18) == "ldap_authcn") + || (substr($ent, 0, 19) == "ldap_extended_query")) { $xmlconfig .= "<$ent><![CDATA[" . htmlentities($cval) . "]]></$ent>\n"; } else { $xmlconfig .= "<$ent>" . htmlentities($cval) . "</$ent>\n"; @@ -256,7 +262,13 @@ function dump_xml_config_sub($arr, $indent) { $xmlconfig .= "<$ent/>\n"; } else if (!is_bool($val)) { $xmlconfig .= str_repeat("\t", $indent); - if ((substr($ent, 0, 5) == "descr") || (substr($ent, 0, 6) == "detail")) + if ((substr($ent, 0, 5) == "descr") + || (substr($ent, 0, 6) == "detail") + || (substr($ent, 0, 9) == "ldap_attr") + || (substr($ent, 0, 9) == "ldap_bind") + || (substr($ent, 0, 11) == "ldap_basedn") + || (substr($ent, 0, 18) == "ldap_authcn") + || (substr($ent, 0, 19) == "ldap_extended_query")) $xmlconfig .= "<$ent><![CDATA[" . htmlentities($val) . "]]></$ent>\n"; else $xmlconfig .= "<$ent>" . htmlentities($val) . "</$ent>\n"; |
