diff --git a/plugins/admin/fai/class_faiVariableEntry.inc b/plugins/admin/fai/class_faiVariableEntry.inc
index e972c420d8b2f405aebf6e7e5388e0a932866c2e..fa4bd2e5b7783c27ca78fcff5f9c84428fb96de3 100644 (file)
$this->dn=$object['dn'];
foreach($object as $name=>$value){
$oname = "Object_".$name;
- $this->$oname=$value;
+ $this->$oname=addslashes($value);
}
}else{
$this->Object_status = "new";
$smarty = get_smarty();
$display = "";
+ /* Magic quotes GPC, escapes every ' " \, to solve some security risks
+ * If we post the escaped strings they will be escaped again
+ */
foreach($this->attributes as $attrs){
- $smarty->assign($attrs,stripslashes($this->$attrs));
+ if(get_magic_quotes_gpc()){
+ $smarty->assign($attrs,htmlentities (stripslashes($this->$attrs)));
+ }else{
+ $smarty->assign($attrs,htmlentities (($this->$attrs)));
+ }
}
- for($i =1 ; $i <= 100 ; $i++){
- $Object_FAIprioritys[$i]=$i;
- }
- $smarty->assign("Object_FAIprioritys",$Object_FAIprioritys);
$display.= $smarty->fetch(get_template_path('faiVariableEntry.tpl', TRUE));
return($display);
}
$message[] = _("Please enter a name.");
}
- if(preg_match("/[^0-9a-z]/i",$this->Object_cn)){
+ if(preg_match("/[^0-9a-z_]/i",$this->Object_cn)){
$message[] = _("Please enter a valid name. Only a-Z 0-9 are allowed.");
}
$tmp=array();
foreach($this->attributes as $attrs){
$attr = preg_replace("/^Object_/","",$attrs);
- $tmp[$attr] = $this->$attrs;
+ $tmp[$attr] = stripslashes( $this->$attrs);
}
if(($this->orig_cn)&&($tmp['cn']!=$this->orig_cn)){