From 68484bbbde92a7b5ccb0da16d29afda31aec0370 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem.moulin@fripost.org>
Date: Fri, 18 Jan 2013 21:26:31 +0100
Subject: Be sure to escape filters and DNs.

---
 lib/Fripost/Schema/Misc.pm | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

(limited to 'lib/Fripost/Schema/Misc.pm')

diff --git a/lib/Fripost/Schema/Misc.pm b/lib/Fripost/Schema/Misc.pm
index 9ae8cdc..aec2618 100644
--- a/lib/Fripost/Schema/Misc.pm
+++ b/lib/Fripost/Schema/Misc.pm
@@ -14,9 +14,11 @@ use utf8;
 use Exporter 'import';
 our @EXPORT_OK = qw /concat get_perms explode
                      must_attrs email_valid
+                     canonical_dn ldap_explode_dn
                      split_addr/;
 use Email::Valid;
 use Net::IDN::Encode;
+use Net::LDAP::Util;
 use Encode;
 
 
@@ -58,14 +60,17 @@ sub explode {
 # - p:  postmaster
 sub get_perms {
     my ($entry, $dn) = @_;
+    my @dn = @{ldap_explode_dn ($dn)};
+    shift @dn;
+    my $dn2 = canonical_dn (@dn);
     my $perms = '';
 
     $perms .= 'a'
-        if grep { $dn eq $_  or  (split /,/,$dn,2)[1] eq $_ }
+        if grep { $dn eq $_  or  $dn2 eq $_ }
                 $entry->get_value ('fripostCanCreateAlias');
 
     $perms .= 'l'
-        if grep { $dn eq $_  or  (split /,/,$dn,2)[1] eq $_ }
+        if grep { $dn eq $_  or  $dn2 eq $_ }
                 $entry->get_value ('fripostCanCreateList');
 
     $perms = 'o'
@@ -116,6 +121,17 @@ sub email_valid {
     return $addr;
 }
 
+sub canonical_dn {
+    Net::LDAP::Util::canonical_dn(\@_, casefold => 'lower'
+                                     , mbcescape => 1
+                                     , reverse => 0
+                                     , separator => ',');
+};
+
+sub ldap_explode_dn {
+    Net::LDAP::Util::ldap_explode_dn( join (',', @_), casefold => 'lower' )
+}
+
 sub split_addr {
     my $addr = shift;
     my %options = @_;
-- 
cgit v1.2.3