X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=web%2FUtil.pm;h=cb6cf8212a8acf07b51661d948a17e393ec3e31d;hb=fa5376db2dfc333147d1b672a954742cf98733c5;hp=6117a4e6b9b60515dc462df53678ac30e2177b72;hpb=48e9b9e737e6760ce7b7a36a1a289f0de03fb011;p=mirror%2Fuserdir-ldap.git

diff --git a/web/Util.pm b/web/Util.pm
index 6117a4e..cb6cf82 100644
--- a/web/Util.pm
+++ b/web/Util.pm
@@ -51,7 +51,9 @@ sub Encrypt {
   my $input = shift;
   my ($pos, $output);
 
-  $input .= " " x ($blocksize - (length($input) % $blocksize)) if (length($input % $blocksize));
+  # prepend a length byte */
+  $input = chr(length($input)).$input;
+  $input .= "\001" x ($blocksize - (length($input) % $blocksize)) if (length($input % $blocksize));
 
   for ($pos = 0; $pos < length($input); $pos += $blocksize) {    
     $output .= unpack("H16", $cipher->encrypt(substr($input, $pos, $blocksize))) if ($hascryptix);
@@ -64,7 +66,7 @@ sub Decrypt {
   # trailing spaces are unimportant.
   my $cipher = shift;
   my $input = shift;
-  my ($pos, $portion, $output);
+  my ($pos, $portion, $output, $len);
   
   ((length($input) % $blocksize) == 0) || &HTMLError("Password corrupted"); # should always be true...
 
@@ -72,8 +74,10 @@ sub Decrypt {
     $portion = pack("H16", substr($input, $pos, $blocksize*2));
     $output .= $cipher->decrypt($portion) if ($hascryptix);
   }
-    
-  $output =~ s/ +$//;
+  
+  # check length byte, discard junk
+  $len = substr($output, 0, 1);
+  $output = substr($output, 1, ord($len));
   return $output;
 }
 
@@ -274,6 +278,38 @@ sub CheckLatLong {
   }
 }
 
+sub FixParams {
+  my $query = shift;
+  my $key;
+  my @names = $query->param;
+
+  foreach $key (@names) { # web security is a joke ... <sigh>
+    $_ = $query->param($key);
+    s/&/&amp;/g; 
+    s/[<\x8B]/&lt;/g;
+    s/[>\x9B]/&gt;/g;
+
+    $query->param($key, $_);
+  }
+}   
+
+  
+sub LDAPUpdate {
+  my $ldap = shift;
+  my $dn = shift;
+  my $attr = shift;
+  my $val = shift;
+  my $mesg;
+  
+  if (!$val) {
+    $mesg = $ldap->modify($dn, delete => { $attr => [] });
+  } else {
+    $val = [ $val ] if (!ref($val));
+    $mesg = $ldap->modify($dn, replace => { $attr => $val });
+    $mesg->code && &Util::HTMLError("error updating $attr: ".$mesg->error);
+  }
+}
+
 ###################
 # Config file stuff
 sub ReadConfigFile {