diff --git a/plugins/admin/fai/class_faiVariableEntry.inc b/plugins/admin/fai/class_faiVariableEntry.inc
index 44780047c8add96fad704f6aa30a5d4d81600586..fa4bd2e5b7783c27ca78fcff5f9c84428fb96de3 100644 (file)
$this->dn=$object['dn'];
foreach($object as $name=>$value){
$oname = "Object_".$name;
- $this->$oname=$value;
+ $this->$oname=addslashes($value);
}
}else{
$this->Object_status = "new";
*/
foreach($this->attributes as $attrs){
if(get_magic_quotes_gpc()){
- $smarty->assign($attrs,stripslashes($this->$attrs));
+ $smarty->assign($attrs,htmlentities (stripslashes($this->$attrs)));
}else{
- $smarty->assign($attrs,($this->$attrs));
+ $smarty->assign($attrs,htmlentities (($this->$attrs)));
}
}
- for($i =1 ; $i <= 100 ; $i++){
- $Object_FAIprioritys[$i]=$i;
- }
- $smarty->assign("Object_FAIprioritys",$Object_FAIprioritys);
$display.= $smarty->fetch(get_template_path('faiVariableEntry.tpl', TRUE));
return($display);
}
$message[] = _("Please enter a name.");
}
- if(preg_match("/[^0-9a-z]/i",$this->Object_cn)){
+ if(preg_match("/[^0-9a-z_]/i",$this->Object_cn)){
$message[] = _("Please enter a valid name. Only a-Z 0-9 are allowed.");
}
$tmp=array();
foreach($this->attributes as $attrs){
$attr = preg_replace("/^Object_/","",$attrs);
- $tmp[$attr] = $this->$attrs;
+ $tmp[$attr] = stripslashes( $this->$attrs);
}
if(($this->orig_cn)&&($tmp['cn']!=$this->orig_cn)){