From 68484bbbde92a7b5ccb0da16d29afda31aec0370 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Fri, 18 Jan 2013 21:26:31 +0100 Subject: Be sure to escape filters and DNs. --- lib/Fripost/Schema/Domain.pm | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'lib/Fripost/Schema/Domain.pm') diff --git a/lib/Fripost/Schema/Domain.pm b/lib/Fripost/Schema/Domain.pm index 0e1de49..c36cea8 100644 --- a/lib/Fripost/Schema/Domain.pm +++ b/lib/Fripost/Schema/Domain.pm @@ -18,7 +18,8 @@ use utf8; use parent 'Fripost::Schema'; use Fripost::Schema::Misc qw/concat get_perms explode - must_attrs email_valid/; + must_attrs email_valid + canonical_dn/; use Net::IDN::Encode qw/domain_to_ascii domain_to_unicode email_to_ascii email_to_unicode/; @@ -40,7 +41,7 @@ sub search { my $concat = $options{'-concat'}; my $domains = $self->ldap->search( - base => $self->suffix, + base => canonical_dn(@{$self->suffix}), scope => 'one', deref => 'never', filter => 'objectClass=FripostVirtualDomain', @@ -72,7 +73,7 @@ sub get { my $concat = $options{'-concat'}; my $domains = $self->ldap->search( - base => "fvd=$d,".$self->suffix, + base => canonical_dn({fvd => $d}, @{$self->suffix}), scope => 'base', deref => 'never', filter => 'objectClass=FripostVirtualDomain', @@ -129,8 +130,8 @@ sub replace { eval { &_is_valid($d); - my $mesg = $self->ldap->modify( - 'fvd='.$d->{domain}.','.$self->suffix, + my $dn = canonical_dn( {fvd => $d->{domain}}, @{$self->suffix} ); + my $mesg = $self->ldap->modify( $dn, replace => { fripostIsStatusActive => $d->{isactive} ? 'TRUE' : 'FALSE' , description => $d->{description} -- cgit v1.2.3