~ubuntu-branches/ubuntu/oneiric/phpldapadmin/oneiric-security

Viewing changes to htdocs/delete_form.php

Committer: Bazaar Package Importer
Author(s): Fabio Tranchitella
Date: 2006-05-13 22:04:36 UTC
mfrom: (1.1.4 upstream)
Revision ID: james.westby@ubuntu.com-20060513220436-rasikdyi9diovfsf

Tags: 0.9.8.3-1

http://bugs.debian.org/365313

http://bugs.debian.org/35722

http://bugs.debian.org/357219

* New upstream release.
* Fixes multiple xss vulnerabilities. (Closes: #365313)
* pla_error: now the bug report button is really below the message.
(Closes: #35722)
* The bug report form is not inside phpldapadmin: it is just a link
to sourceforge. This is not a real bug, let's close it. (Closes: #357219)
* Standards-Version: 3.7.2, no changes necessary.

Show diffs side-by-side

added added

removed removed

htdocs/delete_form.php

<?php

// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/delete_form.php,v 1.20.4.5 2005/12/11 08:21:03 wurley Exp $

// $Header: /cvsroot/phpldapadmin/phpldapadmin/htdocs/delete_form.php,v 1.20.4.6 2006/04/29 04:05:14 wurley Exp $

/**

* delete_form.php

echo '<body>';

printf('<h3 class="title">'._('Delete %s').'</h3>',htmlspecialchars(get_rdn($dn)));

printf('<h3 class="subtitle">%s: <b>%s</b>     %s: <b>%s</b></h3>',

_('Server'),$ldapserver->name,_('Distinguished Name'),htmlspecialchars(($dn)));

_('Server'),$ldapserver->name,_('Distinguished Name'),htmlspecialchars($dn));

echo "\n";

echo '<center>';

if ($has_children) {

echo '<center>';

printf('<b>%s</b><br /><br />',_('Permanently delete all children also?'));

flush();

# get the total number of child objects (whole sub-tree)

$s = $ldapserver->search(null,dn_escape($dn),'objectClass=*',array('dn'));

$sub_tree_count = count($s);

echo '<table class="delete_confirm">';

echo '<tr>';

echo '<td><p>';

printf(_('This entry is the root of a sub-tree containing %s entries.'),$sub_tree_count);

printf('<small>(<a href="search.php?search=true&server_id=%s&filter=%s&base_dn=%s&form=advanced&scope=sub">%s</a>)</small>',

$ldapserver->server_id,rawurlencode('objectClass=*'),rawurlencode($dn),_('view entries'));

echo '<br /><br />';

printf(_('phpLDAPadmin can recursively delete this entry and all %s of its children. See below for a list of all the entries that this action will delete. Do you want to do this?'),($sub_tree_count-1));

echo '<br /><br />';

printf('<small>%s</small>',

_('Note: this is potentially very dangerous and you do this at your own risk. This operation cannot be undone. Take into consideration aliases, referrals, and other things that may cause problems.'));

echo '<br /><br />';

echo "\n";

echo '<table width="100%">';

echo '<tr>';

echo '<td><center>';

echo '<form action="rdelete.php" method="post">';

printf('<input type="hidden" name="dn" value="%s" />',htmlspecialchars($dn));

printf('<input type="hidden" name="server_id" value="%s" />',$ldapserver->server_id);

printf('<input type="submit" class="scary" value="%s" />',sprintf(_('Delete all %s objects'),$sub_tree_count));

echo '</form>';

echo '</center></td>';

echo '<td><center>';

echo '<form action="template_engine.php" method="get">';

printf('<input type="hidden" name="dn" value="%s" />',htmlspecialchars($dn));

printf('<input type="hidden" name="server_id" value="%s" />',$ldapserver->server_id);

printf('<input type="submit" name="submit" value="%s" class="cancel" />',_('Cancel'));

echo '</form>';

echo '</center></td>';

echo '</tr>';

echo '</table>';

echo "\n";

echo '</td>';

echo '</tr>';

echo '</table>';

echo "\n";

flush();

echo '<br /><br />';

echo _('List of entries to be deleted:');

echo '<br />';

printf('<select size="%s" multiple disabled style="background:white; color:black;width:500px" >',min(10,$sub_tree_count));

$i=0;

foreach ($s as $dn => $junk) {

$i++;

printf('<option>%s. %s</option>',$i,htmlspecialchars(dn_unescape($dn)));

100

}

101

echo '</select>';

102

echo "\n";

103

104

} else {

105

echo '<table class="delete_confirm">';

106

echo '<tr>';

107

108

echo '<td nowrap>';

109

echo _('Are you sure you want to permanently delete this object?');

110

echo '<br /><br />';

111

112

printf('<acronym title="%s">%s</acronym>: <b>%s</b>',_('Distinguished Name'),_('DN'),pretty_print_dn($dn));

113

echo '<br />';

114

printf('%s: <b>%s</b>',_('Server'),htmlspecialchars($ldapserver->name));

115

echo '<br /><br />';

116

echo "\n";

117

118

echo '<table width="100%">';

119

echo '<tr>';

120

121

echo '<td><center>';

122

echo '<form action="delete.php" method="post">';

123

printf('<input type="hidden" name="dn" value="%s" />',htmlspecialchars($dn));

124

printf('<input type="hidden" name="server_id" value="%s" />',$ldapserver->server_id);

125

printf('<input type="submit" name="submit" value="%s" class="scary" />',_('Delete'));

126

echo '</form>';

127

128

echo '</center></td>';

129

130

echo '<td><center>';

131

echo '<form action="template_engine.php" method="get">';

132

printf('<input type="hidden" name="dn" value="%s" />',htmlspecialchars($dn));

133

printf('<input type="hidden" name="server_id" value="%s" />',$ldapserver->server_id);

134

printf('<input type="submit" name="submit" value="%s" class="cancel" />',_('Cancel'));

135

echo '</form>';

136

137

echo '</center></td>';

138

echo '</tr>';

139

echo '</table>';

140

echo "\n";

141

142

echo '</td>';

143

echo '</tr>';

144

echo '</table>';

145

echo "\n";

146

147

}

148

149

echo '</center>';

150

echo '<br />';

151

echo '</body>';

152

echo '</html>';

153

<tr>

<td>

<p>

<?php printf(_('This entry is the root of a sub-tree containing %s entries.'),$sub_tree_count); ?>

<small>(<a href="search.php?search=true&server_id=<?php echo $ldapserver->server_id; ?>&filter=<?php echo rawurlencode('objectClass=*'); ?>&base_dn=<?php echo rawurlencode($dn); ?>&form=advanced&scope=sub"><?php echo _('view entries'); ?></a>)</small>

<br />

<?php printf(_('phpLDAPadmin can recursively delete this entry and all %s of its children. See below for a list of all the entries that this action will delete. Do you want to do this?'),($sub_tree_count-1)); ?><br />

<br />

<br />

<tr>

<td>

<input type="hidden" name="server_id" value="<?php echo $ldapserver->server_id; ?>" />

</form>

</center>

</td>

<td>

<input type="hidden" name="server_id" value="<?php echo $ldapserver->server_id; ?>" />

<input type="submit" name="submit" value="<?php echo _('Cancel'); ?>" class="cancel" />

</form>

</center>

</td>

</tr>

</table>

</td>

</tr>

</table>

<?php flush(); ?>

<br />

<?php echo _('List of entries to be deleted:'); ?><br />

<select size="<?php echo min(10,$sub_tree_count);?>" multiple disabled style="background:white; color:black;width:500px" >

<?php $i=0;

foreach ($s as $dn => $junk) {

$i++; ?>

<?php } ?>

100

</select>

101

</center>

102

103

<br />

104

105

<?php } else { ?>

106

107

108

109

<tr>

110

<td>

111

<?php echo _('Are you sure you want to permanently delete this object?'); ?><br />

112

<br />

113

114

115

<br />

116

117

118

<tr>

119

<td>

120

121

122

123

<input type="hidden" name="server_id" value="<?php echo $ldapserver->server_id; ?>" />

124

<input type="submit" name="submit" value="<?php echo _('Delete'); ?>" class="scary" />

125

</form>

126

</center>

127

</td>

128

129

<td>

130

131

132

133

<input type="hidden" name="server_id" value="<?php echo $ldapserver->server_id; ?>" />

134

<input type="submit" name="submit" value="<?php echo _('Cancel'); ?>" class="cancel" />

135

</form>

136

</center>

137

</td>

138

</tr>

139

</table>

140

</td>

141

</tr>

142

</table>

143

</center>

144

145

<?php } ?>

146

147

</body>

148

</html>

Older »