b1d087c Resolves: bug 472092

Authored and Committed by rmeggins 12 years ago
    Resolves: bug 472092
    Bug Description:  DSGW password corruption
    Reviewed by: nkinder (Thanks!)
    Fix Description: 1) By default, all of the get/post parameters have the html entities escaped, so we can be sure that they are displayed to the user escaped, to avoid XSS issues.  However, values sent to LDAP must be unescaped.  The doauth code is used to authenticate directory manager and ordinary users, so we have to unescape the password explicitly there.  The domodify code is used when data is added or modified in the directory server.  It's easier to just fix all of the values before sending to the directory server.
    2) The entity code has been moved to adminutil, so use the adminutil functions instead of the dsgw functions.  This will require adminutil 1.1.8.
    3) Clean up various compiler warnings.
    Platforms tested: RHEL5
    Flag Day: no
    Doc impact: no
    
        
file modified
+1 -1
file modified
+2 -2
file modified
+3 -0
file modified
+1 -2
file modified
+3 -0
file modified
+18 -10
file modified
+0 -3
file modified
+0 -2
file modified
+1 -0
file modified
+2 -1
file modified
+2 -2
file modified
+1 -93
file modified
+4 -1
file modified
+3 -1
file modified
+1 -1