Changeset 786 for trunk


Ignore:
Timestamp:
Apr 26, 2017, 1:14:35 PM (7 years ago)
Author:
autocommit@…
Message:

patch para tener input de variable mas seguro y sacamos la clave por defecto en ldap. Gracias Antoine

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/alternc/patches/class/m_mail_egw.php

    r785 r786  
    4242        // usamos
    4343        $mailinfos = $this->get_details($mail_id);
    44         $elmail= $mailinfos['address'] ."@" . $mailinfos['domain'];
     44        $elmail= escapeshellargs($mailinfos['address'] ."@" . $mailinfos['domain']);
    4545        $err->log("mail_egw", "tries to set password for", $elmail);
    4646
     
    5656                $adminclave = $L_EGW_ADMINCLAVE;
    5757                //$adminclave= "*******";
    58                 $account = $elmail;
    59 
    60                 $go= $admincli ." " .$command ." " .$adminuser ."," .$adminclave .",\"" .$account ."\"," .$pass ;
     58                $account = escapeshellargs($elmail);
     59
     60                $go= $admincli ." " .$command ." " .$adminuser ."," .$adminclave .",\"" .$account ."\"," .escapeshellargs($pass) ;
    6161
    6262                echo "<h3>Actualizamos la contrasena en la base ldap</h3>";
     
    107107                $firstname = $mail;                     // the left side of the email
    108108                $lastname= "-";                         // we have a generic lastname
    109                 $pass= "*****"; //TEMPORARY
    110                 $email = $account = $mail ."@" .$domain; // account and email are the same
     109                $pass= hash('sha1', rand()); // TEMPORARY
     110                $email = $account = escapeshellargs($mail ."@" .$domain); // account and email are the same
    111111                $expires= "never";
    112112                $canchangepw= "yes";
     
    119119                $loginshell = "/bin/bash";                // everyone can have a shell
    120120
    121                 $go= $admincli ." " .$command ." " .$adminuser ."," .$adminclave .",\"" .$account ."\"," .$firstname ."," .$lastname ."," .$pass .",\"" .$email ."\"," .$expires ."," .$canchangepw ."," .$anonuser ."," .$primarygroup ;
     121                $go= $admincli ." " .$command ." " .$adminuser ."," .$adminclave .",\"" .$account ."\"," .$firstname ."," .$lastname ."," .escapeshellargs($pass) .",\"" .$email ."\"," .$expires ."," .$canchangepw ."," .$anonuser ."," .$primarygroup ;
    122122       
    123123                if (isset($secondarygroup)) {
     
    157157        // usamos
    158158        $mailinfos = $this->get_details($mail_id);
    159         $elmail= $mailinfos['address'] ."@" . $mailinfos['domain'];
     159        $elmail= escapeshellargs($mailinfos['address'] ."@" . $mailinfos['domain']);
    160160        $err->log("mail_egw", "tries to delete", $elmail);
    161161
Note: See TracChangeset for help on using the changeset viewer.