* Escape special characters in the sql password. This closes bug #96

* Do an xlat for general_accounting_attrs_file and general_user_edit_attrs_file. That way we can
  have different mappings for each administrator.

diff --git a/Changelog b/Changelog
index f193a1fcb064f1dc2a6cb2b9d4ed8002535f46b2..5fb5d4af14e7c97adad7407e57b8dd07fb96a68b 100644 (file)
--- a/Changelog
+++ b/Changelog
@@ -10,6 +10,9 @@ Ver 1.72:
 * Add postgresql specific sql schema by apellido jr., wilfredo p. Move each sql schema to a
   separate directory (mysql and postgresql)
 * Change is_int to is_numeric. This closes Bug #90
+* Escape special characters in the sql password. This closes bug #96
+* Do an xlat for general_accounting_attrs_file and general_user_edit_attrs_file. That way we can
+  have different mappings for each administrator.
 Ver 1.70:
 * Add the /bin postgresql compatibility patch from Guy Fraser
 * Add ldap_userdn as a configuration directive. If set we use that for

diff --git a/bin/clean_radacct b/bin/clean_radacct
index 2dbd11799cd9e67a151e2b0eee3b039dca9bc4c6..3789e49aef2a84dd5dc547c55cbad3bc83632b6c 100755 (executable)
--- a/bin/clean_radacct
+++ b/bin/clean_radacct
@@ -29,6 +29,7 @@ die "sql_command directive is not set in admin.conf\n" if ($sqlcmd eq '');
 die "Could not find sql binary. Please make sure that the \$sqlcmd variable points to the right location\n" if (! -x $sqlcmd);
 
 $sql_password = ($sql_password eq '') ? '' : "-p$sql_password";
+$sql_password =~ s/(\W)/\\$1/g;
 
 ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime;
 $date = POSIX::strftime("%Y-%m-%d %T",$sec,$min,$hour,($mday - $back_days),$mon,$year,$wday,$yday,$isdst);

diff --git a/bin/log_badlogins b/bin/log_badlogins
index c88a4000e3d63514d975798c70bcdd443cdf81de..1489f76c8e2dee482b0f8164728573ad7a735342 100755 (executable)
--- a/bin/log_badlogins
+++ b/bin/log_badlogins
@@ -94,6 +94,7 @@ close CLIENTS;
 $realm_del = '@' if ($realm_del eq '');
 $realm_for = 'suffix' if ($realm_for eq '');
 $pass = ($sql_password ne '') ? "-p$sql_password" : '';
+$pass =~ s/(\W)/\\$1/g;
 die "SQL server not defined\n" if ($sql_server eq '');
 
 die "sql_command directive is not set in admin.conf\n" if ($sqlcmd eq '');

diff --git a/bin/monthly_tot_stats b/bin/monthly_tot_stats
index 533cc98d813b808685b4d5495e54b8caff7cc28b..6d1ced629105b007a435cc93f5b8545e90595085 100755 (executable)
--- a/bin/monthly_tot_stats
+++ b/bin/monthly_tot_stats
@@ -30,6 +30,7 @@ die "sql_command directive is not set in admin.conf\n" if ($sqlcmd eq '');
 die "Could not find sql binary. Please make sure that the \$sqlcmd variable points to the right location\n" if (! -x $sqlcmd);
 
 $sql_password = ($sql_password == '') ? '' : "-p$sql_password";
+$sql_password =~ s/(\W)/\\$1/g;
 
 ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime;
 if ($mday == 1){

diff --git a/bin/tot_stats b/bin/tot_stats
index f3a3e07599e520b336f8d9b211fd2b4c063249ef..82c53de0a269618e494ac26adbf0ba9f4713983b 100755 (executable)
--- a/bin/tot_stats
+++ b/bin/tot_stats
@@ -29,6 +29,7 @@ die "sql_command directive is not set in admin.conf\n" if ($sqlcmd eq '');
 die "Could not find sql binary. Please make sure that the \$sqlcmd variable points to the right location\n" if (! -x $sqlcmd);
 
 $sql_password = ($sql_password == '') ? '' : "-p$sql_password";
+$sql_password =~ s/(\W)/\\$1/g;
 
 ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime;
 $date_start = POSIX::strftime("%Y-%m-%d %T",0,0,0,($mday - 1),$mon,$year,$wday,$yday,$isdst);

diff --git a/bin/truncate_radacct b/bin/truncate_radacct
index 6df9e49d906794cf0ed97bdf2f15cd09c0849c2e..da8203746da54108eb86cc1a1cf19986062c51e7 100755 (executable)
--- a/bin/truncate_radacct
+++ b/bin/truncate_radacct
@@ -29,6 +29,7 @@ die "sql_command directive is not set in admin.conf\n" if ($sqlcmd eq '');
 die "Could not find sql binary. Please make sure that the \$sqlcmd variable points to the right location\n" if (! -x $sqlcmd);
 
 $sql_password = ($sql_password eq '') ? '' : "-p$sql_password";
+$sql_password =~ s/(\W)/\\$1/g;
 
 ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime;
 $date = POSIX::strftime("%Y-%m-%d %T",$sec,$min,$hour,($mday - $back_days),$mon,$year,$wday,$yday,$isdst);

diff --git a/lib/attrshow.php3 b/lib/attrshow.php3
index e837b6013734e4fa6d38c3236225f71ad61f29e5..945a5fdaad9e1eb32eca2ce2b7473a74a0735335 100644 (file)
--- a/lib/attrshow.php3
+++ b/lib/attrshow.php3
@@ -1,7 +1,9 @@
 <?php
+include_once('../lib/xlat.php3');
 #Read user_edit attribute map
 if (!isset($show_attrs)){
-       $ARR = file($config[general_user_edit_attrs_file]);
+       $infile = xlat($config[general_user_edit_attrs_file],$login,$config);
+       $ARR = file($infile);
        foreach($ARR as $val){
                $val=chop($val);
                if (ereg('^[[:space:]]*#',$val) || ereg('^[[:space:]]*$',$val))
@@ -13,7 +15,8 @@ if (!isset($show_attrs)){
                session_register('show_attrs');
 }
 if (!isset($acct_attrs) && isset($config[general_accounting_attrs_file])){
-       $ARR = file($config[general_accounting_attrs_file]);
+       $infile = xlat($config[general_accounting_attrs_file],$login,$config);
+       $ARR = file($infile);
        foreach ($ARR as $val){
                $val=chop($val);
                if (ereg('^[[:space:]]*#',$val) || ereg('^[[:space:]]*$',$val))