From ab8d5ed502fee088ffe17b11b25bb77d54bb3a76 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Fri, 2 Sep 2022 08:03:54 +0200 Subject: [PATCH 1/2] run output through htmlspecialchars() --- views/bootstrap/class.ImportUsers.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/views/bootstrap/class.ImportUsers.php b/views/bootstrap/class.ImportUsers.php index 69ea90d73..6d5eef3a5 100644 --- a/views/bootstrap/class.ImportUsers.php +++ b/views/bootstrap/class.ImportUsers.php @@ -95,7 +95,7 @@ class SeedDMS_View_ImportUsers extends SeedDMS_Theme_Style { foreach($newusers as $uhash=>$newuser) { foreach($colmap as $i=>$coldata) { echo ""; - echo call_user_func($colmap[$i][1], $colmap[$i][2], $newuser); + echo htmlspecialchars(call_user_func($colmap[$i][1], $colmap[$i][2], $newuser)); echo "\n"; } echo ""; From 3f6755e7e505cfce394ab4459ba73665e01f6f51 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Fri, 2 Sep 2022 08:04:15 +0200 Subject: [PATCH 2/2] add function renderQuotaData(), import hidden and disabled field --- op/op.ImportUsers.php | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/op/op.ImportUsers.php b/op/op.ImportUsers.php index de10c8527..29315235a 100644 --- a/op/op.ImportUsers.php +++ b/op/op.ImportUsers.php @@ -35,6 +35,15 @@ function renderBaseData($colname, $objdata) { /* {{{ */ return $objdata[$colname]; } /* }}} */ +function getBooleanData($colname, $coldata, $objdata) { /* {{{ */ + $objdata[$colname] = $coldata == '1'; + return $objdata; +} /* }}} */ + +function renderBooleanData($colname, $objdata) { /* {{{ */ + return $objdata[$colname] ? '1' : '0'; +} /* }}} */ + function getPasswordPlainData($colname, $coldata, $objdata) { /* {{{ */ $objdata['passenc'] = seed_pass_hash($coldata); return $objdata; @@ -49,6 +58,10 @@ function getQuotaData($colname, $coldata, $objdata) { /* {{{ */ return $objdata; } /* }}} */ +function renderQuotaData($colname, $objdata) { /* {{{ */ + return SeedDMS_Core_File::format_filesize($objdata[$colname]); +} /* }}} */ + function getFolderData($colname, $coldata, $objdata) { /* {{{ */ global $dms; if($coldata) { @@ -173,6 +186,8 @@ if (isset($_FILES['userdata']) && $_FILES['userdata']['error'] == 0) { $colmap[$i] = array("getPasswordPlainData", "renderPasswordPlainData", 'passenc'); } elseif(in_array($colname, array('login', 'name', 'passenc', 'email', 'comment', 'group'))) { $colmap[$i] = array("getBaseData", "renderBaseData", $colname); + } elseif(in_array($colname, array('disabled', 'hidden'))) { + $colmap[$i] = array("getBooleanData", "renderBooleanData", $colname); } elseif(substr($colname, 0, 5) == 'attr:') { $kk = explode(':', $colname, 2); if(($attrdef = $dms->getAttributeDefinitionByName($kk[1])) || ($attrdef = $dms->getAttributeDefinition((int) $kk[1]))) { @@ -209,7 +224,7 @@ if (isset($_FILES['userdata']) && $_FILES['userdata']['error'] == 0) { $newusers[$md['login']] = $md; } } -// echo "
";print_r($newusers);echo "
"; +// echo "
";print_r($newusers);echo "
";exit; $makeupdate = !empty($_POST['update']); foreach($newusers as $uhash=>$u) { $log[$uhash] = []; @@ -244,6 +259,16 @@ if (isset($_FILES['userdata']) && $_FILES['userdata']['error'] == 0) { if($makeupdate) $eu->setQuota($u['quota']); } + if(isset($u['disabled']) && $u['disabled'] != $eu->isDisabled()) { + $log[$uhash][] = array('id'=>$eu->getLogin(), 'type'=>'success', 'msg'=> "Disabled flag of user updated. '".$u['disabled']."' != '".$eu->isDisabled()."'"); + if($makeupdate) + $eu->setDisabled($u['disabled']); + } + if(isset($u['hidden']) && $u['hidden'] != $eu->isHidden()) { + $log[$uhash][] = array('id'=>$eu->getLogin(), 'type'=>'success', 'msg'=> "Hidden flag of user updated. '".$u['hidden']."' != '".$eu->isHidden()."'"); + if($makeupdate) + $eu->setHidden($u['hidden']); + } if(isset($u['homefolder']) && $u['homefolder']->getId() != $eu->getHomeFolder()) { $log[$uhash][] = array('id'=>$eu->getLogin(), 'type'=>'success', 'msg'=> "Homefolder of user updated. '".(is_object($u['homefolder']) ? $u['homefolder']->getId() : '')."' != '".($eu->getHomeFolder() ? $eu->getHomeFolder() : '')."'"); if($makeupdate) @@ -286,10 +311,12 @@ if (isset($_FILES['userdata']) && $_FILES['userdata']['error'] == 0) { $tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME'])); $view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user)); +$accessop = new SeedDMS_AccessOperation($dms, null, $user, $settings); if($view) { $view->setParam('log', $log); $view->setParam('newusers', $newusers); $view->setParam('colmap', $colmap); + $view->setParam('accessobject', $accessop); $view($_GET); exit; }