From: kkalev <kkalev>
Date: Tue, 29 Jun 2004 10:09:26 +0000 (+0000)
Subject: * Escape special characters in the sql password. This closes bug #96
X-Git-Url: https://git.entuzijast.net/?a=commitdiff_plain;h=4a7741fb1897e0803cadc9d17b382cf0504ca199;p=freeradius-dialup-admin.git

* Escape special characters in the sql password. This closes bug #96
* Do an xlat for general_accounting_attrs_file and general_user_edit_attrs_file. That way we can
  have different mappings for each administrator.
---

diff --git a/Changelog b/Changelog
index f193a1f..5fb5d4a 100644
--- a/Changelog
+++ b/Changelog
@@ -10,6 +10,9 @@ Ver 1.72:
 * Add postgresql specific sql schema by apellido jr., wilfredo p. Move each sql schema to a
   separate directory (mysql and postgresql)
 * Change is_int to is_numeric. This closes Bug #90
+* Escape special characters in the sql password. This closes bug #96
+* Do an xlat for general_accounting_attrs_file and general_user_edit_attrs_file. That way we can
+  have different mappings for each administrator.
 Ver 1.70:
 * Add the /bin postgresql compatibility patch from Guy Fraser
 * Add ldap_userdn as a configuration directive. If set we use that for
diff --git a/bin/clean_radacct b/bin/clean_radacct
index 2dbd117..3789e49 100755
--- a/bin/clean_radacct
+++ b/bin/clean_radacct
@@ -29,6 +29,7 @@ die "sql_command directive is not set in admin.conf\n" if ($sqlcmd eq '');
 die "Could not find sql binary. Please make sure that the \$sqlcmd variable points to the right location\n" if (! -x $sqlcmd);
 
 $sql_password = ($sql_password eq '') ? '' : "-p$sql_password";
+$sql_password =~ s/(\W)/\\$1/g;
 
 ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime;
 $date = POSIX::strftime("%Y-%m-%d %T",$sec,$min,$hour,($mday - $back_days),$mon,$year,$wday,$yday,$isdst);
diff --git a/bin/log_badlogins b/bin/log_badlogins
index c88a400..1489f76 100755
--- a/bin/log_badlogins
+++ b/bin/log_badlogins
@@ -94,6 +94,7 @@ close CLIENTS;
 $realm_del = '@' if ($realm_del eq '');
 $realm_for = 'suffix' if ($realm_for eq '');
 $pass = ($sql_password ne '') ? "-p$sql_password" : '';
+$pass =~ s/(\W)/\\$1/g;
 die "SQL server not defined\n" if ($sql_server eq '');
 
 die "sql_command directive is not set in admin.conf\n" if ($sqlcmd eq '');
diff --git a/bin/monthly_tot_stats b/bin/monthly_tot_stats
index 533cc98..6d1ced6 100755
--- a/bin/monthly_tot_stats
+++ b/bin/monthly_tot_stats
@@ -30,6 +30,7 @@ die "sql_command directive is not set in admin.conf\n" if ($sqlcmd eq '');
 die "Could not find sql binary. Please make sure that the \$sqlcmd variable points to the right location\n" if (! -x $sqlcmd);
 
 $sql_password = ($sql_password == '') ? '' : "-p$sql_password";
+$sql_password =~ s/(\W)/\\$1/g;
 
 ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime;
 if ($mday == 1){
diff --git a/bin/tot_stats b/bin/tot_stats
index f3a3e07..82c53de 100755
--- a/bin/tot_stats
+++ b/bin/tot_stats
@@ -29,6 +29,7 @@ die "sql_command directive is not set in admin.conf\n" if ($sqlcmd eq '');
 die "Could not find sql binary. Please make sure that the \$sqlcmd variable points to the right location\n" if (! -x $sqlcmd);
 
 $sql_password = ($sql_password == '') ? '' : "-p$sql_password";
+$sql_password =~ s/(\W)/\\$1/g;
 
 ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime;
 $date_start = POSIX::strftime("%Y-%m-%d %T",0,0,0,($mday - 1),$mon,$year,$wday,$yday,$isdst);
diff --git a/bin/truncate_radacct b/bin/truncate_radacct
index 6df9e49..da82037 100755
--- a/bin/truncate_radacct
+++ b/bin/truncate_radacct
@@ -29,6 +29,7 @@ die "sql_command directive is not set in admin.conf\n" if ($sqlcmd eq '');
 die "Could not find sql binary. Please make sure that the \$sqlcmd variable points to the right location\n" if (! -x $sqlcmd);
 
 $sql_password = ($sql_password eq '') ? '' : "-p$sql_password";
+$sql_password =~ s/(\W)/\\$1/g;
 
 ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime;
 $date = POSIX::strftime("%Y-%m-%d %T",$sec,$min,$hour,($mday - $back_days),$mon,$year,$wday,$yday,$isdst);
diff --git a/lib/attrshow.php3 b/lib/attrshow.php3
index e837b60..945a5fd 100644
--- a/lib/attrshow.php3
+++ b/lib/attrshow.php3
@@ -1,7 +1,9 @@
 <?php
+include_once('../lib/xlat.php3');
 #Read user_edit attribute map
 if (!isset($show_attrs)){
-	$ARR = file($config[general_user_edit_attrs_file]);
+	$infile = xlat($config[general_user_edit_attrs_file],$login,$config);
+	$ARR = file($infile);
 	foreach($ARR as $val){
 		$val=chop($val);
 		if (ereg('^[[:space:]]*#',$val) || ereg('^[[:space:]]*$',$val))
@@ -13,7 +15,8 @@ if (!isset($show_attrs)){
 		session_register('show_attrs');
 }
 if (!isset($acct_attrs) && isset($config[general_accounting_attrs_file])){
-	$ARR = file($config[general_accounting_attrs_file]);
+	$infile = xlat($config[general_accounting_attrs_file],$login,$config);
+	$ARR = file($infile);
 	foreach ($ARR as $val){
 		$val=chop($val);
 		if (ereg('^[[:space:]]*#',$val) || ereg('^[[:space:]]*$',$val))