Added magic_quotes fix for Profile

author hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>

Fri, 7 Oct 2005 06:19:28 +0000 (06:19 +0000)

committer hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>

Fri, 7 Oct 2005 06:19:28 +0000 (06:19 +0000)
author hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
Fri, 7 Oct 2005 06:19:28 +0000 (06:19 +0000)
committer hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
Fri, 7 Oct 2005 06:19:28 +0000 (06:19 +0000)
diff --git a/plugins/admin/fai/class_faiProfile.inc b/plugins/admin/fai/class_faiProfile.inc

index 4b2d26df9ab93da4723c647cfa347adae104f0a3..5ca3329b1550f2d7c50d21f0d97607efe6b51f97 100644 (file)
--- a/plugins/admin/fai/class_faiProfile.inc
+++ b/plugins/admin/fai/class_faiProfile.inc
@@ -170,11 +170,18 @@ class faiProfile extends plugin
      $smarty->assign("divlisthead" ,$listhead);
      $smarty->assign("divlist"     ,$divlist->DrawList());
  
-    /* Assign variables */
+     /* Magic quotes GPC, escapes every ' " \, to solve some security risks
+     * If we post the escaped strings they will be escaped again
+     */
      foreach($this->attributes as $attrs){
-      $smarty->assign($attrs,$this->$attrs);
+      if(get_magic_quotes_gpc()){
+        $smarty->assign($attrs,stripslashes($this->$attrs));
+      }else{
+        $smarty->assign($attrs,($this->$attrs));
+      }
      }
  
+
      $display.= $smarty->fetch(get_template_path('faiProfile.tpl', TRUE));
      return($display);
    }
diff --git a/plugins/admin/fai/class_faiProfileEntry.inc b/plugins/admin/fai/class_faiProfileEntry.inc

index b38614e3b19389a00b23c6b0b10415c273c0a2c4..24298a312be0b5a69d463fd9cb928ea66028ab13 100644 (file)
--- a/plugins/admin/fai/class_faiProfileEntry.inc
+++ b/plugins/admin/fai/class_faiProfileEntry.inc
@@ -117,9 +117,15 @@ class faiProfileEntry extends plugin
      $objTypes['FAIpackages']        = "<image src='images/fai_packages.png' title='"._("Package bundle")."' alt=''>&nbsp;";
      $objTypes['FAIpartitionTable']  = "<image src='images/fai_partitionTable.png' title='"._("Partition table")."' alt=''>&nbsp;";
  
-    /* assign basic attributes */
+    /* Magic quotes GPC, escapes every ' " \, to solve some security risks
+     * If we post the escaped strings they will be escaped again
+     */
      foreach($this->attributes as $attrs){
-      $smarty->assign($attrs,stripslashes($this->$attrs));
+      if(get_magic_quotes_gpc()){
+        $smarty->assign($attrs,stripslashes($this->$attrs));
+      }else{
+        $smarty->assign($attrs,($this->$attrs));
+      }
      }
  
      /* Assign all filter attributes to smarty */
author	hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
	Fri, 7 Oct 2005 06:19:28 +0000 (06:19 +0000)
committer	hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
	Fri, 7 Oct 2005 06:19:28 +0000 (06:19 +0000)
plugins/admin/fai/class_faiProfile.inc		patch \| blob \| history
plugins/admin/fai/class_faiProfileEntry.inc		patch \| blob \| history