diff --git a/gosa-core/include/class_userFilterEditor.inc b/gosa-core/include/class_userFilterEditor.inc
index ffff3e658b3c6fff057b338f7aa93225212a9806..90eefe1c336bb4d51a1ebd4c908f3e9ff7d43272 100644 (file)
{
plugin::execute();
$smarty = get_smarty();
- $smarty->assign('name', $this->name);
- $smarty->assign('filter', $this->filter);
+ $smarty->assign('name', htmlentities($this->name,ENT_COMPAT,'UTF-8'));
+ $smarty->assign('filter', htmlentities($this->filter,ENT_COMPAT,'UTF-8'));
$smarty->assign('share', $this->share);
$smarty->assign('enable', $this->enabled);
- $smarty->assign('description', $this->description);
+ $smarty->assign('description', htmlentities($this->description,ENT_COMPAT,'UTF-8'));
$smarty->assign('selectedCategories', $this->selectedCategories);
$smarty->assign('availableCategories', $this->availableCategories);
return($smarty->fetch(get_template_path('userFilterEditor.tpl', FALSE)));
if(isset($_POST['userFilterEditor'])){
// Get posted strings
- foreach(array('name','description','filter') as $attr){
+ foreach(array('name','description') as $attr){
if(isset($_POST[$attr])){
$this->$attr = get_post($attr);
}
}
+ // Filter needs special handling, it may contain charactes like < and >
+ // wich are stipped out by get_post() && validate()
+ if(isset($_POST['filter'])){
+ $f = $_POST['filter'];
+ if(get_magic_quotes_gpc()){
+ $f = stripcslashes($f);
+ }
+ $f = mb_convert_encoding($_POST['filter'], 'UTF-8');
+ $this->filter = $f;
+ }
+
// Get posted flags
$this->share = isset($_POST['shareFilter']);
$this->enable = isset($_POST['enableFilter']);