Hi, On 26/03/12 10:05, Petter Reinholdtsen wrote: > The fix for gosa.conf is not upgradable, so we need to come up with a > better idea.
The fix won't work. Using quotes in gosa.conf is no good if the %userPassword substitution could contain double quotes. As Samuel said, the correct fix is for GOsa to use escapeshellarg(), and while there I see no reason not to do the same for all the others, like %uid or %homeDirectory in case GOsa ever forgets to sanitise them (coding defensively in case of a bug elsewhere). After doing escapeshellarg(), the quotes in gosa.conf actually have to be removed, or else you are double-quoting and would get extra quotes (single) included within the password. Regards, -- Steven Chamberlain ste...@pyro.eu.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
