my $input = shift;
my ($pos, $output);
- $input .= " " x ($blocksize - (length($input) % $blocksize)) if (length($input % $blocksize));
+ # prepend a length byte */
+ $input = chr(length($input)).$input;
+ $input .= "\001" x ($blocksize - (length($input) % $blocksize)) if (length($input % $blocksize));
for ($pos = 0; $pos < length($input); $pos += $blocksize) {
$output .= unpack("H16", $cipher->encrypt(substr($input, $pos, $blocksize))) if ($hascryptix);
# trailing spaces are unimportant.
my $cipher = shift;
my $input = shift;
- my ($pos, $portion, $output);
+ my ($pos, $portion, $output, $len);
((length($input) % $blocksize) == 0) || &HTMLError("Password corrupted"); # should always be true...
$portion = pack("H16", substr($input, $pos, $blocksize*2));
$output .= $cipher->decrypt($portion) if ($hascryptix);
}
-
- $output =~ s/ +$//;
+
+ # check length byte, discard junk
+ $len = substr($output, 0, 1);
+ $output = substr($output, 1, ord($len));
return $output;
}
}
}
+sub FixParams {
+ my $query = shift;
+ my $key;
+ my @names = $query->param;
+
+ foreach $key (@names) { # web security is a joke ... <sigh>
+ $_ = $query->param($key);
+ s/&/&/g;
+ s/[<\x8B]/</g;
+ s/[>\x9B]/>/g;
+
+ $query->param($key, $_);
+ }
+}
+
+
+sub LDAPUpdate {
+ my $ldap = shift;
+ my $dn = shift;
+ my $attr = shift;
+ my $val = shift;
+ my $mesg;
+
+ if (!$val) {
+ $mesg = $ldap->modify($dn, delete => { $attr => [] });
+ } else {
+ $val = [ $val ] if (!ref($val));
+ $mesg = $ldap->modify($dn, replace => { $attr => $val });
+ $mesg->code && &Util::HTMLError("error updating $attr: ".$mesg->error);
+ }
+}
+
###################
# Config file stuff
sub ReadConfigFile {