[Pkg-owncloud-commits] [owncloud] 115/394: LDAP: Make update script escape all known DNs. Requires version bump.
David Prévot
taffit at alioth.debian.org
Fri Nov 8 23:11:41 UTC 2013
This is an automated email from the git hooks/post-receive script.
taffit pushed a commit to annotated tag v4.5.10
in repository owncloud.
commit fd71023dd6e2ce0fec4f890092bc67ec628316fe
Author: Arthur Schiwon <blizzz at owncloud.com>
Date: Sat Nov 17 00:03:35 2012 +0100
LDAP: Make update script escape all known DNs. Requires version bump.
---
apps/user_ldap/appinfo/update.php | 37 ++++++++++++++++++++++++++++++++-----
apps/user_ldap/appinfo/version | 2 +-
2 files changed, 33 insertions(+), 6 deletions(-)
diff --git a/apps/user_ldap/appinfo/update.php b/apps/user_ldap/appinfo/update.php
index e6e25ce..9b54ba1 100644
--- a/apps/user_ldap/appinfo/update.php
+++ b/apps/user_ldap/appinfo/update.php
@@ -34,22 +34,49 @@ $groupBE = new \OCA\user_ldap\GROUP_LDAP();
$groupBE->setConnector($connector);
foreach($objects as $object) {
- $fetchDNSql = 'SELECT `ldap_dn`, `owncloud_name` FROM `*PREFIX*ldap_'.$object.'_mapping` WHERE `directory_uuid` = \'\'';
- $updateSql = 'UPDATE `*PREFIX*ldap_'.$object.'_mapping` SET `ldap_DN` = ?, `directory_uuid` = ? WHERE `ldap_dn` = ?';
+ $fetchDNSql = '
+ SELECT `ldap_dn`, `owncloud_name`, `directory_uuid`
+ FROM `*PREFIX*ldap_'.$object.'_mapping`';
+ $updateSql = '
+ UPDATE `*PREFIX*ldap_'.$object.'_mapping`
+ SET `ldap_DN` = ?, `directory_uuid` = ?
+ WHERE `ldap_dn` = ?';
$query = OCP\DB::prepare($fetchDNSql);
$res = $query->execute();
$DNs = $res->fetchAll();
$updateQuery = OCP\DB::prepare($updateSql);
foreach($DNs as $dn) {
- $newDN = mb_strtolower($dn['ldap_dn'], 'UTF-8');
- if($object == 'user') {
+ $newDN = escapeDN(mb_strtolower($dn['ldap_dn'], 'UTF-8'));
+ if(!empty($dn['directory_uuid'])) {
+ $uuid = $dn['directory_uuid'];
+ } elseif($object == 'user') {
$uuid = $userBE->getUUID($newDN);
//fix home folder to avoid new ones depending on the configuration
$userBE->getHome($dn['owncloud_name']);
} else {
$uuid = $groupBE->getUUID($newDN);
}
- $updateQuery->execute(array($newDN, $uuid, $dn['ldap_dn']));
+ try {
+ $updateQuery->execute(array($newDN, $uuid, $dn['ldap_dn']));
+ } catch(Exception $e) {
+ \OCP\Util::writeLog('user_ldap', 'Could not update '.$object.' '.$dn['ldap_dn'].' in the mappings table. ', \OCP\Util::WARN);
+ }
+
+ }
+}
+
+function escapeDN($dn) {
+ $aDN = ldap_explode_dn($dn, false);
+ unset($aDN['count']);
+ foreach($aDN as $key => $part) {
+ $value = substr($part, strpos($part, '=')+1);
+ $escapedValue = strtr($value, Array(','=>'\2c', '='=>'\3d', '+'=>'\2b',
+ '<'=>'\3c', '>'=>'\3e', ';'=>'\3b', '\\'=>'\5c',
+ '"'=>'\22', '#'=>'\23'));
+ $part = str_replace($part, $value, $escapedValue);
}
+ $dn = implode(',', $aDN);
+
+ return $dn;
}
diff --git a/apps/user_ldap/appinfo/version b/apps/user_ldap/appinfo/version
index 73082a8..b1a5f47 100644
--- a/apps/user_ldap/appinfo/version
+++ b/apps/user_ldap/appinfo/version
@@ -1 +1 @@
-0.3.0.0
\ No newline at end of file
+0.3.0.1
\ No newline at end of file
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud.git
More information about the Pkg-owncloud-commits
mailing list