From c72401c680b1a200dde56b325d57b69aa53e63fb Mon Sep 17 00:00:00 2001
From: "rtucker@mozilla.com"
 <rtucker@mozilla.com@4eb1ac78-321c-0410-a911-ec516a8615a5>
Date: Thu, 19 Jun 2014 17:52:11 +0000
Subject: [PATCH] Patch to disallow people putting monkeys and other unwanted
 characters that break internal scripts into their cn

git-svn-id: http://svn.mozilla.org/projects/phonebook/trunk@129691 4eb1ac78-321c-0410-a911-ec516a8615a5
---
 constants.php | 1 +
 edit.php      | 8 ++++++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/constants.php b/constants.php
index 4cc3c91..d5fe3b1 100644
--- a/constants.php
+++ b/constants.php
@@ -69,3 +69,4 @@ $output_formats = array(
     'jsonp',
     'vcard',
 );
+$MONKEY_FREE_ARRAY = array('cn');
diff --git a/edit.php b/edit.php
index 14b1988..eb70135 100644
--- a/edit.php
+++ b/edit.php
@@ -18,12 +18,16 @@ if (isset($_REQUEST["edit_mail"]) && $is_admin) {
 
 $user_search = $search->query_users("mail=$edit_user", "dc=mozilla");
 $user_data = $user_search[0];
-
 if (!empty($_POST)) {
   $new_user_data = array();
   foreach ($editable_fields as $editable_field) {
     if (isset($_POST[$editable_field])) {
-      $new_user_data[$editable_field] = $_POST[$editable_field];
+        if(in_array($editable_field, $MONKEY_FREE_ARRAY)){
+            $update_data = preg_replace('/[^\p{L}\s]/u','', $_POST[$editable_field]);
+        } else {
+            $update_data = $_POST[$editable_field];
+        }
+        $new_user_data[$editable_field] = $update_data;
     }
   }