From 68484bbbde92a7b5ccb0da16d29afda31aec0370 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem.moulin@fripost.org>
Date: Fri, 18 Jan 2013 21:26:31 +0100
Subject: Be sure to escape filters and DNs.

---
 lib/Fripost/Schema/Alias.pm | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

(limited to 'lib/Fripost/Schema/Alias.pm')

diff --git a/lib/Fripost/Schema/Alias.pm b/lib/Fripost/Schema/Alias.pm
index f575b4c..d121929 100644
--- a/lib/Fripost/Schema/Alias.pm
+++ b/lib/Fripost/Schema/Alias.pm
@@ -18,7 +18,7 @@ use utf8;
 
 use parent 'Fripost::Schema';
 use Fripost::Schema::Misc qw/concat explode must_attrs email_valid
-                             split_addr/;
+                             split_addr canonical_dn/;
 use Net::IDN::Encode qw/domain_to_ascii
                         email_to_ascii email_to_unicode/;
 
@@ -41,7 +41,7 @@ sub search {
     my $concat = $options{'-concat'};
 
     my $aliases = $self->ldap->search(
-                      base => "fvd=$domain,".$self->suffix,
+                      base => canonical_dn( {fvd => $domain}, @{$self->suffix} ),
                       scope => 'one',
                       deref => 'never',
                       filter => 'objectClass=FripostVirtualAlias',
@@ -83,7 +83,7 @@ sub replace {
         my ($l,$d) = split_addr( $a->{alias}, -encoding => 'ascii' );
         &_is_valid($a);
         my $mesg = $self->ldap->modify(
-                       "fva=$l,fvd=$d,".$self->suffix,
+                       canonical_dn({fva => $l}, {fvd => $d}, @{$self->suffix}),
                        replace => { fripostIsStatusActive => $a->{isactive} ?
                                         'TRUE' : 'FALSE'
                                   , description => $a->{description}
@@ -126,8 +126,8 @@ sub add {
         $attrs{description} = $a->{description}
             if defined $a->{description} and @{$a->{description}};
 
-        my $mesg = $self->ldap->add( "fva=$l,fvd=$d,".$self->suffix,
-                                     attrs => [ %attrs ] );
+        my $dn = canonical_dn({fva => $l}, {fvd => $d}, @{$self->suffix});
+        my $mesg = $self->ldap->add( $dn, attrs => [ %attrs ] );
         if ($mesg->code) {
             die $options{'-die'}."\n" if defined $options{'-die'};
             die $mesg->error."\n";
@@ -148,7 +148,8 @@ sub delete {
     my ($l,$d) = split_addr( shift, -encoding => 'ascii' );
     my %options = @_;
 
-    my $mesg = $self->ldap->delete( "fva=$l,fvd=$d,".$self->suffix );
+    my $mesg = $self->ldap->delete( canonical_dn( {fva => $l}, {fvd => $d},
+                                                  @{$self->suffix} ) );
     if ($mesg->code) {
         if (defined $options{'-die'}) {
             return $mesg->error unless $options{'-die'};
-- 
cgit v1.2.3