diff options
author | jim-p <jimp@pfsense.org> | 2013-07-17 10:52:25 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2013-07-17 10:53:21 -0400 |
commit | dc3fc54a081841d11bed9bbfba324c77827b70da (patch) | |
tree | e300849f281a7716a7ccc9ec31e7e7e4aa82f967 /etc | |
parent | 298020b2b6efa75c863bafef9a078c285a2b9ed6 (diff) | |
download | pfsense-dc3fc54a081841d11bed9bbfba324c77827b70da.zip pfsense-dc3fc54a081841d11bed9bbfba324c77827b70da.tar.gz |
Don't blow up the config if someone enters int'l chars in an LDAP attribute/DN field. Ticket #2227
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/xmlparse.inc | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/etc/inc/xmlparse.inc b/etc/inc/xmlparse.inc index d7ccc29..4254ec3 100644 --- a/etc/inc/xmlparse.inc +++ b/etc/inc/xmlparse.inc @@ -232,7 +232,13 @@ function dump_xml_config_sub($arr, $indent) { $xmlconfig .= str_repeat("\t", $indent); if((is_bool($cval) && $cval == true) || ($cval === "")) { $xmlconfig .= "<$ent/>\n"; - } else if ((substr($ent, 0, 5) == "descr") || (substr($ent, 0, 6) == "detail")) { + } else if ((substr($ent, 0, 5) == "descr") + || (substr($ent, 0, 6) == "detail") + || (substr($ent, 0, 9) == "ldap_attr") + || (substr($ent, 0, 9) == "ldap_bind") + || (substr($ent, 0, 11) == "ldap_basedn") + || (substr($ent, 0, 18) == "ldap_authcn") + || (substr($ent, 0, 19) == "ldap_extended_query")) { $xmlconfig .= "<$ent><![CDATA[" . htmlentities($cval) . "]]></$ent>\n"; } else { $xmlconfig .= "<$ent>" . htmlentities($cval) . "</$ent>\n"; @@ -256,7 +262,13 @@ function dump_xml_config_sub($arr, $indent) { $xmlconfig .= "<$ent/>\n"; } else if (!is_bool($val)) { $xmlconfig .= str_repeat("\t", $indent); - if ((substr($ent, 0, 5) == "descr") || (substr($ent, 0, 6) == "detail")) + if ((substr($ent, 0, 5) == "descr") + || (substr($ent, 0, 6) == "detail") + || (substr($ent, 0, 9) == "ldap_attr") + || (substr($ent, 0, 9) == "ldap_bind") + || (substr($ent, 0, 11) == "ldap_basedn") + || (substr($ent, 0, 18) == "ldap_authcn") + || (substr($ent, 0, 19) == "ldap_extended_query")) $xmlconfig .= "<$ent><![CDATA[" . htmlentities($val) . "]]></$ent>\n"; else $xmlconfig .= "<$ent>" . htmlentities($val) . "</$ent>\n"; |