![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
diff --git a/plugins/admin/fai/class_faiVariableEntry.inc b/plugins/admin/fai/class_faiVariableEntry.inc
index d3a19ebbe5d01662672a429d3b9daa4bb466979c..fa4bd2e5b7783c27ca78fcff5f9c84428fb96de3 100644 (file)
$this->dn=$object['dn'];
foreach($object as $name=>$value){
$oname = "Object_".$name;
- $this->$oname=$value;
+ $this->$oname=addslashes($value);
}
}else{
$this->Object_status = "new";
$smarty = get_smarty();
$display = "";
+ /* Magic quotes GPC, escapes every ' " \, to solve some security risks
+ * If we post the escaped strings they will be escaped again
+ */
foreach($this->attributes as $attrs){
- $smarty->assign($attrs,stripslashes($this->$attrs));
+ if(get_magic_quotes_gpc()){
+ $smarty->assign($attrs,htmlentities (stripslashes($this->$attrs)));
+ }else{
+ $smarty->assign($attrs,htmlentities (($this->$attrs)));
+ }
}
- for($i =1 ; $i <= 100 ; $i++){
- $Object_FAIprioritys[$i]=$i;
- }
- $smarty->assign("Object_FAIprioritys",$Object_FAIprioritys);
$display.= $smarty->fetch(get_template_path('faiVariableEntry.tpl', TRUE));
return($display);
}
$message[]=_("Please specify a value for the attribute 'content'.");
}
- if(empty($this->Object_description)){
- $message[] = _("Please enter a description.");
- }
-
if(empty($this->Object_cn)){
$message[] = _("Please enter a name.");
}
- if(preg_match("/[^0-9a-z]/i",$this->Object_cn)){
+ if(preg_match("/[^0-9a-z_]/i",$this->Object_cn)){
$message[] = _("Please enter a valid name. Only a-Z 0-9 are allowed.");
}
$tmp=array();
foreach($this->attributes as $attrs){
$attr = preg_replace("/^Object_/","",$attrs);
- $tmp[$attr] = $this->$attrs;
+ $tmp[$attr] = stripslashes( $this->$attrs);
}
if(($this->orig_cn)&&($tmp['cn']!=$this->orig_cn)){