Issue when adding network printer in 0.32



  • When adding a network printer in FOG 0.32 extra backslashes are added to the alias field. For example \\server\printer would be added to the database when \server\printer should be added. This is due to the line $alias = mysql_real_escape_string( $_POST[“alias”] ); in printer.add.include.php by changing this line to $alias = $_POST[“alias”]; The printer is added correctly \server\printer but doing this leaves you open to SQL injection attacks and would not be recommended.



  • Windows Vista and up have some built in VB scripts now to handle printer installations. Perhaps a rewrite can be done to use those built in scripts? Here’s a sample of a local install script using those.

    [CODE]@ECHO OFF
    md C:\DRIVERS
    md C:\SCRIPTS
    xcopy "\server\e\PrinterDrivers\HP Universal Print Driver\pcl6-x64-5.7.0.16448*." C:\DRIVERS*. /e /h /r /k /c /I /y /D
    xcopy “\server\e\printersetup\scripts” C:\Scripts /e /h /r /k /c /I /y /D
    cscript “C:\Scripts\Prnmngr.vbs” -d -p "PRINTER NAME"
    Cscript “C:\Scripts\Prnport.vbs” -a -r IP_10.1.0.159 -h 10.1.0.159 -o raw -n 9100
    Cscript “C:\Scripts\Prndrvr.vbs” -a -m “HP Universal Printing PCL 6 (v5.7.0)” -i C:\DRIVERS\hpcu155u.inf -h C:\DRIVERS -e "Windows x64"
    Cscript “C:\Scripts\Prnmngr.vbs” -a -p “PRINTER NAME” -m “HP Universal Printing PCL 6 (v5.7.0)” -r IP_10.1.0.159
    rem rd C:\SCRIPTS /s /q
    rem rd C:\DRIVERS /s /q
    @pause
    [/CODE]

    Now this is a .bat which Copies the required script files (needed for XP/2000) and printer drivers locally, then installs the printer locally.
    Included is a .zip of the printer management scripts, but you can find them in the system32 folder of any version of windows vista and newer.

    [url="/_imported_xf_attachments/0/421_Printer.zip?:"]Printer.zip[/url]


  • Senior Developer

    I’m starting to wonder if this particular issue isn’t due to window’s due to the way, as I understand it, the printer manager sends the printer to the host.

    The specific line in question, I think is:
    [php]echo base64_encode($printer->getPort() . “|” .$print er->getInfFile() . “|” .$printer->getModel() . “|”.$printer->getAlias() . " |".$printer->getIp() . “|” . ($printer->isDefault() ? “1” : “0”) );[/php]

    It doesn’t matter what type of printer is being sent, which might be why windows is complaining about it.

    If it’s a network printer, it doesn’t require a port, file, model, or ip. However, it doesn’t matter, it tries to send the data anyway.
    If it’s an iPrint printer, it doesn’t require a file, model, or ip.

    Maybe it’s a FOG Service issue with dealing with all of those as null, maybe not. I don’t, yet, know how FOG is trying to install the printer, so maybe it needs to be sent in that particular fashion with | characters to separate the necessary area’s.



  • [quote=“aaronrus, post: 9276, member: 2756”]When adding a network printer in FOG 0.32 extra backslashes are added to the alias field. For example \\server\printer would be added to the database when \server\printer should be added. This is due to the line $alias = mysql_real_escape_string( $_POST[“alias”] ); in printer.add.include.php by changing this line to $alias = $_POST[“alias”]; The printer is added correctly \server\printer but doing this leaves you open to SQL injection attacks and would not be recommended.[/quote]

    [url]http://fogproject.org/forum/threads/printer-manager-windows-7-service.395/[/url]

    Looks like somewhat of the same issue. I’m getting this too with the ISDS. Injection isn’t a concern for us as Fog is an internal only server, I’ll give the rewrite a shot.

    [url="/_imported_xf_attachments/0/417_ISDS.JPG?:"]ISDS.JPG[/url]


Log in to reply
 

503
Online

39.3k
Users

11.0k
Topics

104.6k
Posts

Looks like your connection to FOG Project was lost, please wait while we try to reconnect.