X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=plugins%2Fadmin%2Fgroups%2Fclass_groupApplication.inc;h=05c1160e498545005e44e40f08e595ad7c17ed84;hb=875a3f2fab1278394aa011b5998a1943d346d885;hp=6122cf25a39682013f1857305971b82a66a6f200;hpb=8975ffb5d0b2d49bedb485da3760fe255c4b7b6b;p=gosa.git

diff --git a/plugins/admin/groups/class_groupApplication.inc b/plugins/admin/groups/class_groupApplication.inc
index 6122cf25a..05c1160e4 100644
--- a/plugins/admin/groups/class_groupApplication.inc
+++ b/plugins/admin/groups/class_groupApplication.inc
@@ -275,12 +275,12 @@ class appgroup extends plugin
     if((isset($_GET['act']))&&($_GET['act']=="depopen")){
       $dep = base64_decode($_GET['depid']);  
       if(isset($this->config->idepartments[$dep])){
-        $this->curbase = $dep;
+        $this->curbase =$dep;
       }
     }
 
     if((isset($_GET['act']))&&($_GET['act']=="open")){
-      $this->curCatDir = $_GET['id'];
+      $this->curCatDir = base64_decode($_GET['id']);
     }
 
     /* Do we need to flip is_account state? */
@@ -313,8 +313,8 @@ class appgroup extends plugin
   
     
     if((isset($_POST['AddCat']))&&(isset($_POST['CatName']))&&(!empty($_POST['CatName']))){
-      
-      if(preg_match("/[^0-9a-z,\.-;:_#\+\- ]/i",$_POST['CatName'])){
+
+      if(preg_match("/[\\\\\/]/i",$_POST['CatName'])){
         print_red(_("Invalid character in category name."));
       }elseif(!in_array($_POST['CatName'],$this->Categories)){ 
         if(empty($this->curCatDir)){
@@ -329,40 +329,65 @@ class appgroup extends plugin
 
 
     $this->reload();
+    $only_once = false;
     foreach($_POST as $name => $value){
-      if(preg_match("/AddSep_/",$name)){
-        $this->AddSeperator($value);
+      
+      if((preg_match("/AddSep_/",$name))&&(!$only_once)){
+        $only_once = true;
+        $n = preg_replace("/AddSep_/","",$name);
+        $val= preg_replace("/_.*$/","",$n);
+        $this->AddSeperator($val);
       }
-    
 
-      if(preg_match("/DelApp_/",$name)){
-        $app = $value; 
+      if((preg_match("/DelApp_/",$name))&&(!$only_once)){
+        $only_once = true;
+   
+
+        if(preg_match("/DelApp___SEPARATOR__/",$name)) {
+          $n=  preg_replace("/DelApp___SEPARATOR__/","",$name);
+          $val= "__SEPARATOR__".preg_replace("/_.*$/","",$n);
+        }else{
+          $n = preg_replace("/DelApp_/","",$name);
+          $val= preg_replace("/_.*$/","",$n);
+        }
 
         foreach($this->gosaMemberApplication as $key =>  $cat){
           foreach($cat as $key2 => $app){
-            if($app['App'] == $value){
+            if($app['App'] == $val){
               unset($this->gosaMemberApplication[$key][$key2]);
-              if(isset($this->used_apps[$value])){
-                unset($this->used_apps[$value]);
+              if(isset($this->used_apps[$val])){
+                unset($this->used_apps[$val]);
               }
             }
           }
         }
       }
+  
       if(preg_match("/DelCat_/",$name)){
-        $app = $value; 
+        $n = preg_replace("/DelCat_/","",$name);
+        $app = base64_decode( preg_replace("/_.*$/","",$n));
         foreach($this->Categories as $key =>  $cat){
-          if($cat == $value){
+          if($cat == $app){
+            foreach($this->Categories as $p => $n){
+              if(preg_match("/^".$key."\/.*/",$p)){
+                unset($this->Categories[$p]);    
+              }
+            }
             unset($this->Categories[$key]);
           }
         }
       }
-      if(preg_match("/EdiApp_/",$name)){
+      
+      if((preg_match("/EdiApp_/",$name))&&(!$only_once)){
+
+        $only_once = true;
         $appname = $value;
+        $appname = preg_replace("/EdiApp_/","",$name);  
+        $appname = preg_replace("/_.*$/","",$appname);
         /* We've got the appname, get parameters from ldap */
         $ldap= $this->config->get_ldap_link();
         $ldap->cd($this->config->current['BASE']);
-        $ldap->search("(&(objectClass=gosaApplication)(cn=$appname))");
+        $ldap->search("(&(objectClass=gosaApplication)(cn=$appname))",array("gosaApplicationParameter"));
         if ($ldap->count() != 1){
           print_red (_("The selected application name is not uniq. Please check your LDAP."));
         } else {
@@ -406,7 +431,6 @@ class appgroup extends plugin
       }
     }
     $this->reload();
-
     /* Add group with post */
     if((isset($_GET['act']))&&($_GET['act']=="add")){
       $this->used_apps[$_GET['id']]= $_GET['id'];
@@ -508,10 +532,10 @@ class appgroup extends plugin
 
     if((isset($_GET['act']))&&(($_GET['act'] == "cat_up")||($_GET['act']=="cat_down"))){
       if($_GET['act']=="cat_up"){
-        $this->catUp($_GET['id']);
+        $this->catUp(base64_decode($_GET['id']));
       }
       if($_GET['act']=="cat_down"){
-        $this->catDown($_GET['id']);
+        $this->catDown(base64_decode($_GET['id']));
       }
     }
 
@@ -531,13 +555,13 @@ class appgroup extends plugin
     $div2 = new DivSelectBox("appgroup");
     $div2->SetHeight(400);
 
-    $linkopen       = "<img src='images/folder.png'>&nbsp;<a href='?plug=".$_GET['plug']."&amp;act=open&amp;id=%s'>%s</a>";
+    $linkopen       = "<img src='images/folder.png' alt=\"\">&nbsp;<a href='?plug=".$_GET['plug']."&amp;act=open&amp;id=%s'>%s</a>";
     $catremove      = "&nbsp;<input type='image' src='images/edittrash.png' title='"._("Delete entry")."' name='DelCat_%s' value='%s'>";
-    $app            = "<img src='images/select_application.png'>&nbsp;%s";
+    $app            = "<img src='images/select_application.png' alt=\"\">&nbsp;%s";
     
-    $catupdown        = "<a href='?plug=".$_GET['plug']."&amp;act=cat_up&id=%s'>
-                       <img align='top' src='images/sort_up.png' border=0 title='"._("Move up")."'></a>&nbsp;<a href='?plug=".$_GET['plug']."&amp;act=cat_down&id=%s'> 
-                       <img src='images/sort_down.png' title='"._("Move down")."' border=0></a>";
+    $catupdown        = "<a href='?plug=".$_GET['plug']."&amp;act=cat_up&amp;id=%s'>
+                       <img align='top' alt=\"\" src='images/sort_up.png' border=0 title='"._("Move up")."'></a>&nbsp;<a href='?plug=".$_GET['plug']."&amp;act=cat_down&amp;id=%s'> 
+                       <img alt=\"\" src='images/sort_down.png' title='"._("Move down")."' border=0></a>";
 
     if(empty($this->curCatDir)){
       $cnt =0;
@@ -548,37 +572,37 @@ class appgroup extends plugin
       for($i = 0 ; $i < ($cnt -1 ) ; $i++){
         $bbk .= $tmp[$i];
       }
-      $div2 ->AddEntry(array(array("string"=>sprintf($linkopen,$bbk,"..")),array("string"=>"&nbsp;","attach"=>"style='border-right:0px;'")));
+      $div2 ->AddEntry(array(array("string"=>sprintf($linkopen,base64_encode($bbk),"..")),array("string"=>"&nbsp;","attach"=>"style='border-right:0px;'")));
     }
 
     $this->GetSubdirs($this->curCatDir);
 
     foreach($this->GetSubdirs($this->curCatDir) as $path => $name){
       $div2 ->AddEntry(array( 
-            array("string"=>sprintf($linkopen,$path,$name)),
-            array("string"=>preg_replace("/%s/",$path,$catupdown.$catremove),
+            array("string"=>sprintf($linkopen,base64_encode($path),$name)),
+            array("string"=>preg_replace("/%s/",base64_encode($path),$catupdown.$catremove),
               "attach"=>"align='right' style='width:80px;border-right:0px;'"))); 
     }
 
     /* Append entries */
 
-    $separator ="<hr height=1  size=1></hr>"; 
+    $separator ="<hr size=1>"; 
 
     $sep = "<input type='image' src='images/back.png' title='"._("Insert seperator")."' value='%s' name='AddSep_%s'>";
   
-    $upudown ="<a href='?plug=".$_GET['plug']."&amp;act=one_up&id=%s'>   <img align='top' src='images/sort_up.png' title='"._("Move up")."' border=0></a>".
-      "&nbsp;<a href='?plug=".$_GET['plug']."&amp;act=one_down&id=%s'> <img src='images/sort_down.png' title='"._("Move down")."' border=0></a>".
-      "&nbsp;<input type='image' src='images/edittrash.png' title='"._("Delete entry")."' name='DelApp_%s' value='%s'>";
-    $edit=      "&nbsp;<input type='image' src='images/edit.png' title='"._("Edit entry")."' name='EdiApp_%s' value='%s'>";
+    $upudown ="<a href='?plug=".$_GET['plug']."&amp;act=one_up&amp;id=%s'>   <img alt='{t}sort{/t}' align='top' src='images/sort_up.png' title='"._("Move up")."' border=0></a>".
+      "&nbsp;<a href='?plug=".$_GET['plug']."&amp;act=one_down&amp;id=%s'> <img alt='{t}sort{/t}' src='images/sort_down.png' title='"._("Move down")."' border=0></a>".
+      "&nbsp;<input type='image' src='images/edittrash.png' title='"._("Delete entry")."' name='DelApp_%s' value='%s' alt='{t}delete{/t}' >";
+    $edit=      "&nbsp;<input type='image' src='images/edit.png' title='"._("Edit entry")."' name='EdiApp_%s' value='%s' alt='{t}edit{/t}' >";
 
     if(isset($this->gosaMemberApplication[$this->curCatDir])){
       foreach($this->gosaMemberApplication[$this->curCatDir] as $cat => $entry){
         if(preg_match("/__SEPARATOR__/",$entry['App'])){
           $div2 ->AddEntry(array(array("string"=>$separator),
-                array("string"=>preg_replace("/\%s/",$entry['App'],$upudown),"attach"=>"align='right' style='border-right:0px;'")));
+                array("string"=>preg_replace("/\%s/",htmlentities($entry['App']),$upudown),"attach"=>"align='right' style='border-right:0px;'")));
         }else{
           $div2 ->AddEntry(array(array("string"=>sprintf($app,$entry['App'])),
-                array("string"=>preg_replace("/\%s/",$entry['App'],$sep.$edit.$upudown),"attach"=>"align='right' style='border-right:0px;'")));
+                array("string"=>preg_replace("/\%s/",htmlentities($entry['App']),$sep.$edit.$upudown),"attach"=>"align='right' style='border-right:0px;'")));
         }
       }
     }