diff --git a/plugins/admin/groups/class_groupApplication.inc b/plugins/admin/groups/class_groupApplication.inc
index 6122cf25a39682013f1857305971b82a66a6f200..c899f0bff70e22847d848ea9c76660fc57f26132 100644 (file)
if((isset($_GET['act']))&&($_GET['act']=="depopen")){
$dep = base64_decode($_GET['depid']);
if(isset($this->config->idepartments[$dep])){
- $this->curbase = $dep;
+ $this->curbase =$dep;
}
}
if((isset($_GET['act']))&&($_GET['act']=="open")){
- $this->curCatDir = $_GET['id'];
+ $this->curCatDir = base64_decode($_GET['id']);
}
/* Do we need to flip is_account state? */
if((isset($_POST['AddCat']))&&(isset($_POST['CatName']))&&(!empty($_POST['CatName']))){
-
- if(preg_match("/[^0-9a-z,\.-;:_#\+\- ]/i",$_POST['CatName'])){
+
+ if(preg_match("/[\\\\\/]/i",$_POST['CatName'])){
print_red(_("Invalid character in category name."));
}elseif(!in_array($_POST['CatName'],$this->Categories)){
if(empty($this->curCatDir)){
$this->reload();
+ $only_once = false;
foreach($_POST as $name => $value){
- if(preg_match("/AddSep_/",$name)){
- $this->AddSeperator($value);
+
+ if((preg_match("/AddSep_/",$name))&&(!$only_once)){
+ $only_once = true;
+ $n = preg_replace("/AddSep_/","",$name);
+ $val= preg_replace("/_.*$/","",$n);
+ $this->AddSeperator($val);
}
-
- if(preg_match("/DelApp_/",$name)){
- $app = $value;
+ if((preg_match("/DelApp_/",$name))&&(!$only_once)){
+ $only_once = true;
+
+
+ if(preg_match("/DelApp___SEPARATOR__/",$name)) {
+ $n= preg_replace("/DelApp___SEPARATOR__/","",$name);
+ $val= "__SEPARATOR__".preg_replace("/_.*$/","",$n);
+ }else{
+ $n = preg_replace("/DelApp_/","",$name);
+ $val= preg_replace("/_.*$/","",$n);
+ }
foreach($this->gosaMemberApplication as $key => $cat){
foreach($cat as $key2 => $app){
- if($app['App'] == $value){
+ if($app['App'] == $val){
unset($this->gosaMemberApplication[$key][$key2]);
- if(isset($this->used_apps[$value])){
- unset($this->used_apps[$value]);
+ if(isset($this->used_apps[$val])){
+ unset($this->used_apps[$val]);
}
}
}
}
}
+
if(preg_match("/DelCat_/",$name)){
- $app = $value;
+ $n = preg_replace("/DelCat_/","",$name);
+ $app = base64_decode( preg_replace("/_.*$/","",$n));
foreach($this->Categories as $key => $cat){
- if($cat == $value){
+ if($cat == $app){
+ foreach($this->Categories as $p => $n){
+ if(preg_match("/^".$key."\/.*/",$p)){
+ unset($this->Categories[$p]);
+ }
+ }
unset($this->Categories[$key]);
}
}
}
- if(preg_match("/EdiApp_/",$name)){
+
+ if((preg_match("/EdiApp_/",$name))&&(!$only_once)){
+
+ $only_once = true;
$appname = $value;
+ $appname = preg_replace("/EdiApp_/","",$name);
+ $appname = preg_replace("/_.*$/","",$appname);
/* We've got the appname, get parameters from ldap */
$ldap= $this->config->get_ldap_link();
$ldap->cd($this->config->current['BASE']);
}
}
$this->reload();
-
/* Add group with post */
if((isset($_GET['act']))&&($_GET['act']=="add")){
$this->used_apps[$_GET['id']]= $_GET['id'];
if((isset($_GET['act']))&&(($_GET['act'] == "cat_up")||($_GET['act']=="cat_down"))){
if($_GET['act']=="cat_up"){
- $this->catUp($_GET['id']);
+ $this->catUp(base64_decode($_GET['id']));
}
if($_GET['act']=="cat_down"){
- $this->catDown($_GET['id']);
+ $this->catDown(base64_decode($_GET['id']));
}
}
$div2 = new DivSelectBox("appgroup");
$div2->SetHeight(400);
- $linkopen = "<img src='images/folder.png'> <a href='?plug=".$_GET['plug']."&act=open&id=%s'>%s</a>";
+ $linkopen = "<img src='images/folder.png' alt=\"\"> <a href='?plug=".$_GET['plug']."&act=open&id=%s'>%s</a>";
$catremove = " <input type='image' src='images/edittrash.png' title='"._("Delete entry")."' name='DelCat_%s' value='%s'>";
- $app = "<img src='images/select_application.png'> %s";
+ $app = "<img src='images/select_application.png' alt=\"\"> %s";
- $catupdown = "<a href='?plug=".$_GET['plug']."&act=cat_up&id=%s'>
- <img align='top' src='images/sort_up.png' border=0 title='"._("Move up")."'></a> <a href='?plug=".$_GET['plug']."&act=cat_down&id=%s'>
- <img src='images/sort_down.png' title='"._("Move down")."' border=0></a>";
+ $catupdown = "<a href='?plug=".$_GET['plug']."&act=cat_up&id=%s'>
+ <img align='top' alt=\"\" src='images/sort_up.png' border=0 title='"._("Move up")."'></a> <a href='?plug=".$_GET['plug']."&act=cat_down&id=%s'>
+ <img alt=\"\" src='images/sort_down.png' title='"._("Move down")."' border=0></a>";
if(empty($this->curCatDir)){
$cnt =0;
for($i = 0 ; $i < ($cnt -1 ) ; $i++){
$bbk .= $tmp[$i];
}
- $div2 ->AddEntry(array(array("string"=>sprintf($linkopen,$bbk,"..")),array("string"=>" ","attach"=>"style='border-right:0px;'")));
+ $div2 ->AddEntry(array(array("string"=>sprintf($linkopen,base64_encode($bbk),"..")),array("string"=>" ","attach"=>"style='border-right:0px;'")));
}
$this->GetSubdirs($this->curCatDir);
foreach($this->GetSubdirs($this->curCatDir) as $path => $name){
$div2 ->AddEntry(array(
- array("string"=>sprintf($linkopen,$path,$name)),
- array("string"=>preg_replace("/%s/",$path,$catupdown.$catremove),
+ array("string"=>sprintf($linkopen,base64_encode($path),$name)),
+ array("string"=>preg_replace("/%s/",base64_encode($path),$catupdown.$catremove),
"attach"=>"align='right' style='width:80px;border-right:0px;'")));
}
/* Append entries */
- $separator ="<hr height=1 size=1></hr>";
+ $separator ="<hr size=1>";
$sep = "<input type='image' src='images/back.png' title='"._("Insert seperator")."' value='%s' name='AddSep_%s'>";
- $upudown ="<a href='?plug=".$_GET['plug']."&act=one_up&id=%s'> <img align='top' src='images/sort_up.png' title='"._("Move up")."' border=0></a>".
- " <a href='?plug=".$_GET['plug']."&act=one_down&id=%s'> <img src='images/sort_down.png' title='"._("Move down")."' border=0></a>".
- " <input type='image' src='images/edittrash.png' title='"._("Delete entry")."' name='DelApp_%s' value='%s'>";
- $edit= " <input type='image' src='images/edit.png' title='"._("Edit entry")."' name='EdiApp_%s' value='%s'>";
+ $upudown ="<a href='?plug=".$_GET['plug']."&act=one_up&id=%s'> <img alt='{t}sort{/t}' align='top' src='images/sort_up.png' title='"._("Move up")."' border=0></a>".
+ " <a href='?plug=".$_GET['plug']."&act=one_down&id=%s'> <img alt='{t}sort{/t}' src='images/sort_down.png' title='"._("Move down")."' border=0></a>".
+ " <input type='image' src='images/edittrash.png' title='"._("Delete entry")."' name='DelApp_%s' value='%s' alt='{t}delete{/t}' >";
+ $edit= " <input type='image' src='images/edit.png' title='"._("Edit entry")."' name='EdiApp_%s' value='%s' alt='{t}edit{/t}' >";
if(isset($this->gosaMemberApplication[$this->curCatDir])){
foreach($this->gosaMemberApplication[$this->curCatDir] as $cat => $entry){
if(preg_match("/__SEPARATOR__/",$entry['App'])){
$div2 ->AddEntry(array(array("string"=>$separator),
- array("string"=>preg_replace("/\%s/",$entry['App'],$upudown),"attach"=>"align='right' style='border-right:0px;'")));
+ array("string"=>preg_replace("/\%s/",htmlentities($entry['App']),$upudown),"attach"=>"align='right' style='border-right:0px;'")));
}else{
$div2 ->AddEntry(array(array("string"=>sprintf($app,$entry['App'])),
- array("string"=>preg_replace("/\%s/",$entry['App'],$sep.$edit.$upudown),"attach"=>"align='right' style='border-right:0px;'")));
+ array("string"=>preg_replace("/\%s/",htmlentities($entry['App']),$sep.$edit.$upudown),"attach"=>"align='right' style='border-right:0px;'")));
}
}
}