index 02d25dc00e61e860a851a9260f2b00d67f73a4d6..5ca3329b1550f2d7c50d21f0d97607efe6b51f97 100644 (file)
$smarty->assign("divlisthead" ,$listhead);
$smarty->assign("divlist" ,$divlist->DrawList());
- /* Assign variables */
+ /* Magic quotes GPC, escapes every ' " \, to solve some security risks
+ * If we post the escaped strings they will be escaped again
+ */
foreach($this->attributes as $attrs){
- $smarty->assign($attrs,$this->$attrs);
+ if(get_magic_quotes_gpc()){
+ $smarty->assign($attrs,stripslashes($this->$attrs));
+ }else{
+ $smarty->assign($attrs,($this->$attrs));
+ }
}
+
$display.= $smarty->fetch(get_template_path('faiProfile.tpl', TRUE));
return($display);
}
function check()
{
$message= array();
- $str = utf8_encode("üöä");
- if((empty($this->description))){
- $message[] =_("Please specify a description for this profile.");
- }
-
- if((preg_match("/[^a-z0-9".$str."\.,;:\-_\? ]/i",$this->description))){
- $message[]=_("Please enter a valid description.");
- }
if((empty($this->cn))||(preg_match("/[^a-z0-9]/i",$this->cn))){
$message[]=_("Please enter a valid name. Only 0-9 a-Z are allowed here.");
$ldap->modify($this->attrs);
}else{
/* Write FAIscript to ldap*/
- $ldap->cd(preg_replace('/^[^,]+,[^,]+,/', '', $this->dn));
+ $ldap->cd($this->config->current['BASE']);
$ldap->create_missing_trees(preg_replace('/^[^,]+,/', '', $this->dn));
$ldap->cd($this->dn);
$ldap->add($this->attrs);