diff --git a/gosa-core/include/class_userFilterEditor.inc b/gosa-core/include/class_userFilterEditor.inc
index 5719106bb021058caeac5dcf09b843c73ed27668..90eefe1c336bb4d51a1ebd4c908f3e9ff7d43272 100644 (file)
{
plugin::execute();
$smarty = get_smarty();
- $smarty->assign('name', $this->name);
- $smarty->assign('filter', $this->filter);
+ $smarty->assign('name', htmlentities($this->name,ENT_COMPAT,'UTF-8'));
+ $smarty->assign('filter', htmlentities($this->filter,ENT_COMPAT,'UTF-8'));
$smarty->assign('share', $this->share);
$smarty->assign('enable', $this->enabled);
- $smarty->assign('description', $this->description);
+ $smarty->assign('description', htmlentities($this->description,ENT_COMPAT,'UTF-8'));
$smarty->assign('selectedCategories', $this->selectedCategories);
$smarty->assign('availableCategories', $this->availableCategories);
return($smarty->fetch(get_template_path('userFilterEditor.tpl', FALSE)));
if(isset($_POST['userFilterEditor'])){
// Get posted strings
- foreach(array('name','description','filter') as $attr){
+ foreach(array('name','description') as $attr){
if(isset($_POST[$attr])){
$this->$attr = get_post($attr);
}
}
+ // Filter needs special handling, it may contain charactes like < and >
+ // wich are stipped out by get_post() && validate()
+ if(isset($_POST['filter'])){
+ $f = $_POST['filter'];
+ if(get_magic_quotes_gpc()){
+ $f = stripcslashes($f);
+ }
+ $f = mb_convert_encoding($_POST['filter'], 'UTF-8');
+ $this->filter = $f;
+ }
+
// Get posted flags
$this->share = isset($_POST['shareFilter']);
$this->enable = isset($_POST['enableFilter']);
$msgs[] = msgPool::invalid(_("Name"), $this->name,"/[a-z0-9\-_ ]/i");
}
+ // Count the number of opening and closing brackets - exclude escaped ones.
+ $f = preg_replace('/\\\\[\(\)]/',"",$this->filter);
+ $o = substr_count($f, '(');
+ $c = substr_count($f, ')');
+ if($o != $c){
+ $msgs[] = sprintf(_("Please check your filter, you have '%s' opening and '%s' closing brackets!"), $o, $c);
+ }
+
return($msgs);
}