}
}
+sub FixParams {
+ my $query = shift;
+ my $key;
+ my @names = $query->param;
+
+ foreach $key (@names) { # web security is a joke ... <sigh>
+ $_ = $query->param($key);
+ s/&/&/g;
+ s/[<\x8B]/</g;
+ s/[>\x9B]/>/g;
+
+ $query->param($key, $_);
+ }
+}
+
+
+sub LDAPUpdate {
+ my $ldap = shift;
+ my $dn = shift;
+ my $attr = shift;
+ my $val = shift;
+ my $mesg;
+
+ if (!$val) {
+ $mesg = $ldap->modify($dn, delete => { $attr => [] });
+ } else {
+ $val = [ $val ] if (!ref($val));
+ $mesg = $ldap->modify($dn, replace => { $attr => $val });
+ $mesg->code && &Util::HTMLError("error updating $attr: ".$mesg->error);
+ }
+}
+
###################
# Config file stuff
sub ReadConfigFile {
return %config;
}
-sub LDAPUpdate {
- my $ldap = shift;
- my $dn = shift;
- my $attr = shift;
- my $val = shift;
- my $mesg;
-
- if (!$val) {
- $mesg = $ldap->modify($dn, delete => { $attr => [] });
- } else {
- $val = [ $val ] if (!ref($val));
- $mesg = $ldap->modify($dn, replace => { $attr => $val });
- $mesg->code && &Util::HTMLError("error updating $attr: ".$mesg->error);
- }
-}
-
1;
#!/usr/bin/perl
-# $Id: update.cgi,v 1.7 2000/05/06 06:10:05 tausq Exp $
+# $Id: update.cgi,v 1.8 2000/05/13 18:39:05 tausq Exp $
# (c) 1999 Randolph Chung. Licensed under the GPL. <tausq@debian.org>
use lib '.';
# Actually update stuff...
my ($newpassword, $newstaddress);
+ &Util::FixParams($query);
+
if (($query->param('labeledurl')) &&
($query->param('labeledurl') !~ /^https?:\/\//i)) {
&Util::HTMLError("Your homepage URL is invalid");