2017-07-06 Fred Gleason <fredg@paravelsystems.com>

* Added an 'RDEscapeShellString()' function in 'lib/rdescape_string.h' and 'lib/rdescape_string.cpp'. * Fixed a bug in 'lib/rduser.cpp' that caused PAM authentication of accounts with a password containing one or more '$' characters to fail.
2025-10-10 16:43:35 +02:00 · 2017-07-17 12:05:58 -04:00
parent 4d6187bb61
commit 095ee50edc
4 changed files with 16 additions and 79 deletions
--- a/5
+++ b/5
@@ -15891,3 +15891,8 @@
 	* Removed RD_MAX_STATIONS from 'lib/rd.h'.
 2017-07-06 Fred Gleason <fredg@paravelsystems.com>
 	* Incremented the package version to 2.16.0int06.
 2017-07-06 Fred Gleason <fredg@paravelsystems.com>
 	* Added an 'RDEscapeShellString()' function in 'lib/rdescape_string.h'
 	and 'lib/rdescape_string.cpp'.
 	* Fixed a bug in 'lib/rduser.cpp' that caused PAM authentication of
 	accounts with a password containing one or more '$' characters to fail.
--- a/lib/rdescape_string.cpp
+++ b/lib/rdescape_string.cpp
@@ -2,7 +2,7 @@
 //
 // Escape non-valid characters in a string.
 //
-//   (C) Copyright 2002-2005,2016 Fred Gleason <fredg@paravelsystems.com>
+//   (C) Copyright 2002-2005,2016-2017 Fred Gleason <fredg@paravelsystems.com>
 //
 //   This program is free software; you can redistribute it and/or modify
 //   it under the terms of the GNU General Public License version 2 as
@@ -147,80 +147,11 @@ QString RDEscapeString(QString const &str)
    }
  }
  /*
  for(unsigned i=0;i<str.length();i++) {
    switch(((const char *)str)[i]) {
 	case '(':
 	  res+=QString("\\\(");
 	  break;
 	case ')':
 	  res+=QString("\\)");
 	  break;
 	case '{':
 	  res+=QString("\\\{");
 	  break;
 	case '"':
 	  res+=QString("\\\"");
 	  break;
 	case '´':
 	  res+=QString("\\´");
 	  break;
 	case '`':
 	  res+=QString("\\`");
 	  break;
 	case '[':
 	  res+=QString("\\\[");
 	  break;
 	case '\'':
 	  res+=QString("\\\'");
 	  break;
 	case '\\':
 	  res+=QString("\\");
 	  res+=QString("\\");
 	  break;
 	case '?':
 	  res+=QString("\\\?");
 	  break;
 	case ' ':
 	  res+=QString("\\ ");
 	  break;
 	case '&':
 	  res+=QString("\\&");
 	  break;
        case ';':
 	  res+=QString("\\;");
 	  break;
        case '<':
 	  res+=QString("\\<");
 	  break;
        case '>':
 	  res+=QString("\\>");
 	  break;
        case '|':
 	  res+=QString("\\|");
 	  break;
 	default:
 	  res+=((const char *)str)[i];
 	  break;
    }
  }
  */
  return res;
 }
 QString RDEscapeShellString(QString str)
 {
  return "\""+str.replace("$","\\$")+"\"";
 }
--- a/lib/rdescape_string.h
+++ b/lib/rdescape_string.h
@@ -2,7 +2,7 @@
 //
 // Escape non-valid characters in a string.
 //
-//   (C) Copyright 2002-2005,2016 Fred Gleason <fredg@paravelsystems.com>
+//   (C) Copyright 2002-2005,2016-2017 Fred Gleason <fredg@paravelsystems.com>
 //
 //   This program is free software; you can redistribute it and/or modify
 //   it under the terms of the GNU General Public License version 2 as
@@ -28,7 +28,7 @@ QString RDCheckDateTime(const QTime &time, const QString &format);
 QString RDCheckDateTime(const QDateTime &datetime, const QString &format);
 QString RDCheckDateTime(const QDate &date, const QString &format);
 QString RDEscapeString(const QString &str);
-
+QString RDEscapeShellString(QString str);
 #endif  // RDESCAPE_STRING_H
--- a/lib/rduser.cpp
+++ b/lib/rduser.cpp
@@ -70,7 +70,8 @@ bool RDUser::authenticated(bool webuser) const
 #ifndef WIN32
  else {
    QString cmd=
-      "rdauth "+pamService()+" \""+user_name+"\" \""+user_password+"\"";
+      "rdauth "+pamService()+" "+RDEscapeShellString(user_name)+" "+
      RDEscapeShellString(user_password);
    int exitcode=system(cmd);
    return WEXITSTATUS(exitcode)==0;
  }