function testCommaSubscriberName() { $bad = "Some, subscriber"; $this->assertEqual(Input::sanitizeOrgName($bad), "Some subscriber"); }
public function pre_process($person) { parent::pre_process($person); /* If user is not subscriber- or nren-admin, we stop here */ if (!$this->person->isNRENAdmin()) { return false; } /* are we running in grid-mode? We must check this before we do * any other processing */ if (Config::get_config('cert_product') == PRD_ESCIENCE) { $this->tpl->assign('confusa_grid_restrictions', true); } else { $this->tpl->assign('confusa_grid_restrictions', false); } /* if the function exists due to failed field validation, it should * display all affected fiels. Everything else is very annoying for * the user. */ $this->validationErrors = false; /* handle nren-flags */ if (isset($_POST['subscriber'])) { if (isset($_POST['id'])) { $id = Input::sanitizeID($_POST['id']); } if (isset($_POST['state'])) { $state = Input::sanitizeOrgState($_POST['state']); } if (isset($_POST['db_name'])) { $db_name_trim = trim($_POST['db_name']); $this->form_data['db_name'] = htmlentities($db_name_trim); if ($this->form_data['db_name'] != $db_name_trim) { $this->displayInvalidCharError($db_name_trim, $this->form_data['db_name'], 'l10n_heading_attnm'); $this->form_data['db_name'] = ""; $this->form_data['db_name_invalid'] = true; $this->validationErrors = true; } } /* db_name */ if (isset($_POST['dn_name'])) { $dn_name_trim = trim($_POST['dn_name']); /* personal certificates may have UTF-8 chars in the DN */ if (Config::get_config('cert_product') == PRD_PERSONAL) { $this->form_data['dn_name'] = mysql_real_escape_string($dn_name_trim); } else { $this->form_data['dn_name'] = Input::sanitizeOrgName($dn_name_trim); } /* warn user if characters got sanitized away */ if ($this->form_data['dn_name'] != $dn_name_trim) { $this->displayInvalidCharError($dn_name_trim, $this->form_data['dn_name'], 'l10n_heading_dnoname'); $this->form_data['dn_name'] = ""; $this->form_data['dn_name_invalid'] = true; $this->validationErrors = true; } } /* dn_name */ if (isset($_POST['subscr_email']) && $_POST['subscr_email'] != "") { $subscr_email_trim = trim($_POST['subscr_email']); $this->form_data['subscr_email'] = Input::sanitizeEmail($subscr_email_trim); if ($this->form_data['subscr_email'] != $subscr_email_trim) { $this->displayInvalidCharError($subscr_email_trim, $this->form_data['subscr_email'], 'l10n_label_contactemail'); $this->form_data['subscr_email'] = ""; $this->form_data['subscr_email_invalid'] = true; $this->validationErrors = true; } } /* subscr_email */ if (isset($_POST['subscr_phone']) && $_POST['subscr_phone'] != "") { $subscr_phone_trim = trim($_POST['subscr_phone']); $this->form_data['subscr_phone'] = Input::sanitizePhone($subscr_phone_trim); if ($this->form_data['subscr_phone'] != $subscr_phone_trim) { $this->displayInvalidCharError($subscr_phone_trim, $this->form_data['subscr_phone'], 'l10n_label_contactphone'); $this->form_data['subscr_phone'] = ""; $this->form_data['subscr_phone_invalid'] = true; $this->validationErrors = true; } } /* subscr_phone */ if (isset($_POST['subscr_responsible_name']) && $_POST['subscr_responsible_name'] != "") { $subscr_responsible_name_trim = trim($_POST['subscr_responsible_name']); $this->form_data['subscr_responsible_name'] = Input::sanitizePersonName($subscr_responsible_name_trim); if ($this->form_data['subscr_responsible_name'] != $subscr_responsible_name_trim) { $this->displayInvalidCharError($subscr_responsible_name_trim, $this->form_data['subscr_responsible_name'], 'l10n_heading_resppers'); $this->form_data['subscr_responsible_name'] = ""; $this->form_data['subscr_responsible_name_invalid'] = true; $this->validationErrors = true; } } /* subscr_responsible_name */ if (isset($_POST['subscr_responsible_email']) && $_POST['subscr_responsible_email'] != "") { $subscr_responsible_email_trim = trim($_POST['subscr_responsible_email']); $this->form_data['subscr_responsible_email'] = Input::sanitizeEmail($subscr_responsible_email_trim); if ($this->form_data['subscr_responsible_email'] != $subscr_responsible_email_trim) { $this->displayInvalidCharError($subscr_responsible_email_trim, $this->form_data['subscr_responsible_email'], 'l10n_label_respemail'); $this->validationErrors = true; } } /* subscr_responsible_email */ if (isset($_POST['subscr_comment']) && $_POST['subscr_comment'] != "") { $this->form_data['subscr_comment'] = Input::sanitizeText(trim($_POST['subscr_comment'])); } if (isset($_POST['subscr_help_url']) && $_POST['subscr_help_url'] != "") { $subscr_help_url_trim = trim($_POST['subscr_help_url']); $this->form_data['subscr_help_url'] = Input::sanitizeURL($subscr_help_url_trim); if ($this->form_data['subscr_help_url'] != $subscr_help_url_trim) { $this->displayInvalidCharError($subscr_help_url_trim, $this->form_data['subscr_help_url'], 'l10n_label_helpdeskurl'); $this->form_data['subscr_help_url'] = ""; $this->form_data['subscr_help_url_invalid'] = true; $this->validationErrors = true; } } /* subscr_help_url */ if (isset($_POST['subscr_help_email']) && $_POST['subscr_help_email'] != "") { $subscr_help_email_trim = trim($_POST['subscr_help_email']); $this->form_data['subscr_help_email'] = Input::sanitizeEmail($subscr_help_email_trim); if ($this->form_data['subscr_help_email'] != $subscr_help_email_trim) { $this->form_data['subscr_help_email'] = ""; $this->form_data['subscr_help_email_invalid'] = true; $this->displayInvalidCharError($subscr_help_email_trim, $this->form_data['subscr_help_email'], 'l10n_label_helpdeskemail'); $this->validationErrors = true; } } /* subscr_help_email */ /* don't continue, if data was stripped due to the field * sanitation */ if ($this->validationErrors) { return; } switch (htmlentities($_POST['subscriber'])) { case 'edit': $subscriber = null; if ($this->person->getSubscriber()->hasDBID($id)) { $subscriber = $this->person->getSubscriber(); } else { /* Other subscruber than user's * subscriber, must create new object * from DB */ $subscriber = Subscriber::getSubscriberByID($id, $this->person->getNREN()); } if (!is_null($subscriber)) { /* subscriber will clean input */ $update = $subscriber->setState($state); $update |= $subscriber->setEmail($this->form_data['subscr_email']); $update |= $subscriber->setPhone($this->form_data['subscr_phone']); $update |= $subscriber->setRespName($this->form_data['subscr_responsible_name']); $update |= $subscriber->setRespEmail($this->form_data['subscr_responsible_email']); $update |= $subscriber->setComment($this->form_data['subscr_comment']); $update |= $subscriber->setHelpURL($this->form_data['subscr_help_url']); $update |= $subscriber->setHelpEmail($this->form_data['subscr_help_email']); if ($update) { if (!$subscriber->save(true)) { Framework::error_output($this->translateTag('l10n_fail_editsubs1', 'nrenadmin')); } else { Framework::success_output($this->translateTag('l10n_suc_editsubs1', 'nrenadmin')); } } /* show info-list for subscriber */ $this->tpl->assign('subscr_details', Subscriber::getSubscriberByID($id, $this->person->GetNREN())->getInfo()); $this->tpl->assign('subscriber_details', true); $this->tpl->assign('subscriber_detail_id', $id); } break; case 'editState': $subscriber = null; if ($this->person->getSubscriber()->hasDBID($id)) { $subscriber = $this->person->getSubscriber(); } else { $subscriber = Subscriber::getSubscriberByID($id, $this->person->getNREN()); } if (!is_null($subscriber)) { if ($subscriber->setState($state)) { if (!$subscriber->save(true)) { Framework::error_output("Could not update state of subscriber. Is the database-layer broken?"); Framework::error_output($this->translateTag("l10n_fail_edit_subscr_state", "nrenadmin")); } } } break; case 'info': $this->tpl->assign('subscr_details', Subscriber::getSubscriberByID($id, $this->person->getNREN())->getInfo()); $this->tpl->assign('subscriber_details', true); $this->tpl->assign('subscriber_detail_id', $id); break; case 'add': if (!isset($this->form_data['db_name'])) { break; } $inheritUIDAttr = isset($_POST['inherit_uid_attr']); $subscriber = new Subscriber($this->form_data['db_name'], $this->person->getNREN()); if ($subscriber->isValid()) { Framework::error_output("Cannot create new, already existing."); break; } $update = $subscriber->setState($state); $update |= $subscriber->setOrgName($this->form_data['dn_name']); $update |= $subscriber->setEmail($this->form_data['subscr_email']); $update |= $subscriber->setPhone($this->form_data['subscr_phone']); $update |= $subscriber->setRespName($this->form_data['subscr_responsible_name']); $update |= $subscriber->setRespEmail($this->form_data['subscr_responsible_email']); $update |= $subscriber->setComment($this->form_data['subscr_comment']); $update |= $subscriber->setHelpURL($this->form_data['subscr_help_url']); $update |= $subscriber->setHelpEmail($this->form_data['subscr_help_email']); if ($update && $subscriber->create()) { Framework::success_output($this->translateTag('l10n_suc_addsubs1', 'nrenadmin') . " " . htmlentities($dn_name, ENT_COMPAT, "UTF-8") . " " . $this->translateTag('l10n_suc_addsubs2', 'nrenadmin')); } if (!$inheritUIDAttr) { $nren = $this->person->getNREN(); $nrenMap = $nren->getMap(); $uidAttr = Input::sanitizeAlpha($_POST['uid_attr']); $subscriber->saveMap($uidAttr, $nrenMap['cn'], $nrenMap['mail']); } break; case 'delete': $this->delSubscriber($id); break; } } /* isset($_POST['subscriber'] */ }
exit(0); } } /* personal certificates may have UTF-8 chars in the DN */ if (Config::get_config('cert_product') == PRD_PERSONAL) { $dn_name = mysql_real_escape_string($_POST['dn_name']); } else { $dn_name = Input::sanitizeOrgName($_POST['dn_name']); } switch ($res[0]) { case 'subscriber_name': $name = $res[1]; if (Config::get_config('cert_product') == PRD_PERSONAL) { $dn_name = mysql_real_escape_string($name); } else { $dn_name = Input::sanitizeOrgName($name); } if ($dn_name === $name) { echo "OK\n"; } else { echo "NOK\n"; } exit(0); default: print "NOK\n"; exit(0); } /* Find the type */ /* sanitize data based on type */ /* compare provided data with washed data */ /* if OK, return "OK", otherwase "NOK" */
public function setOrgName($org_name) { if (!is_null($org_name)) { if ($org_name === $this->org_name) { return false; } if (Config::get_config('cert_product') == PRD_ESCIENCE) { $this->org_name = Input::sanitizeOrgName($org_name); } else { $this->org_name = mysql_real_escape_string($org_name); } return true; } return false; }
/** * showAdminRevokeTable - Render a revocation interface for the sublime of users. * * For NREN admins it is planned to restrict the permission to revoke to an * incident response team. Revocation can either take place * by a wildcard-search for an ePPN or by uplading a CSV with ePPNs (or other * unique identifiers) which will be searched wrapped into wildcards */ private function showAdminRevokeTable() { if (!$this->person->isAdmin()) { Logger::log_event(LOG_ALERT, "User " . stripslashes($this->person->getX509ValidCN()) . " allowed to set admin-mode, but is not admin"); Framework::error_output("Impossible condition. NON-Admin user in admin-mode!"); return; } $common_name = ""; /* Get the right subscriber for which revocation should happen */ if ($this->person->isNRENAdmin()) { $subscribers = $this->getNRENSubscribers($this->person->getNREN()); if (isset($_POST['subscriber'])) { $subscriber = Input::sanitizeOrgName($_POST['subscriber']); $this->tpl->assign('active_subscriber', $subscriber); /* check if the given subscriber is a legitimate subscriber * for the given NREN */ $isNRENSubscriber = false; foreach ($subscribers as $nren_subscriber) { if ($subscriber === $nren_subscriber->getOrgName()) { $isNRENSubscriber = true; break; } } if ($isNRENSubscriber === false) { Logger::log_event(LOG_NOTICE, "[nadm] Administrator for NREN " . $this->person->getNREN() . ", contacting us from " . $_SERVER['REMOTE_ADDR'] . " tried to revoke certificates for " . "subscriber {$subscriber}, which is not part of the NREN!"); Framework::error_output("Subscriber " . htmlentities($subscriber) . " is not part of your NREN!"); return; } } else { /* if no preferred subscriber is set, use the * subscriber where the NREN-admin belongs. * If, for some strange reason, the NREN has no * Subscriber set, not even via the IdP, use the * first in the list. */ $subscriber = $this->person->getSubscriber(); if (is_null($subscriber)) { $subscriber = $subscribers[0]; } } if (!is_null($subscriber) && $subscriber instanceof Subscriber) { $this->tpl->assign('active_subscriber', $subscriber->getOrgName()); } if (!is_null($subscribers)) { $this->tpl->assign('subscribers', $subscribers); } else { $this->tpl->assign('subscribers', false); } } else { /* not specified any subscriber, use user's subscriber */ $subscriber = $this->person->getSubscriber()->getOrgName(); $this->tpl->assign('active_subscriber', $subscriber); } $this->tpl->assign('file_name', 'eppn_list'); /* No need to do processing */ if (!isset($_POST['revoke_operation'])) { $this->tpl->assign('search_string', $common_name); return; } /* Test for revoke-commands */ switch ($_POST['revoke_operation']) { /* when we want so search for a particular certificate * to revoke. */ case 'search_by_cn': $common_name = Input::sanitizeText($_POST['search']); $this->searchCertsDisplay($common_name, $subscriber); break; case 'search_by_list': $this->search_list_display('eppn_list', $subscriber); break; default: break; } $this->tpl->assign('search_string', $common_name); }