Fixed magic_quotes_gpc escaping in faiTemplate faiTemplateEntry faiScript faiScriptEntry

git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@1521 594d385d-05f5-0310-b6e9-bd551577e9d8

diff --git a/plugins/admin/fai/class_faiScript.inc b/plugins/admin/fai/class_faiScript.inc
index 8d129f54ece544983331bade67fd617832ec0704..03f27c1997a52de33a5bb3ae8131b663976bb2ed 100644 (file)
--- a/plugins/admin/fai/class_faiScript.inc
+++ b/plugins/admin/fai/class_faiScript.inc
@@ -144,9 +144,16 @@ class faiScript extends plugin
 
     $smarty->assign("SubObjects",$this->getList());
     $smarty->assign("SubObjectKeys",array_flip($this->getList()));
-    /* Assign variables */
+     
+    /* Magic quotes GPC, escapes every ' " \, to solve some security risks
+    * If we post the escaped strings they will be escaped again
+    */
     foreach($this->attributes as $attrs){
-      $smarty->assign($attrs,$this->$attrs);
+      if(get_magic_quotes_gpc()){
+        $smarty->assign($attrs,stripslashes($this->$attrs));
+      }else{
+        $smarty->assign($attrs,($this->$attrs));
+      }
     }
 
     $display.= $smarty->fetch(get_template_path('faiScript.tpl', TRUE));

diff --git a/plugins/admin/fai/class_faiScriptEntry.inc b/plugins/admin/fai/class_faiScriptEntry.inc
index 9f93babfa4346dade117d9b4ee80462798b076ca..3dfe4013efff72104b7749e4f529d81aad320a59 100644 (file)
--- a/plugins/admin/fai/class_faiScriptEntry.inc
+++ b/plugins/admin/fai/class_faiScriptEntry.inc
@@ -56,9 +56,12 @@ class faiScriptEntry extends plugin
     }
 
   
-
     foreach($this->attributes as $attrs){
-      $smarty->assign($attrs,stripslashes($this->$attrs));
+      if(get_magic_quotes_gpc()){
+       $smarty->assign($attrs,stripslashes($this->$attrs));
+      }else{
+       $smarty->assign($attrs,($this->$attrs));
+      } 
     }
 
     for($i =1 ; $i <= 100 ; $i++){

diff --git a/plugins/admin/fai/class_faiTemplate.inc b/plugins/admin/fai/class_faiTemplate.inc
index f2950242bffcbc5afd4d1f8edb4ba0fa850b25ac..fd30c52e0204386f0fd2096d3695b4e62262815a 100644 (file)
--- a/plugins/admin/fai/class_faiTemplate.inc
+++ b/plugins/admin/fai/class_faiTemplate.inc
@@ -146,11 +146,19 @@ class faiTemplate extends plugin
 
     $smarty->assign("SubObjects",$this->getList());
     $smarty->assign("SubObjectKeys",array_flip($this->getList()));
-    /* Assign variables */
+
+     /* Magic quotes GPC, escapes every ' " \, to solve some security risks
+     * If we post the escaped strings they will be escaped again
+     */
     foreach($this->attributes as $attrs){
-      $smarty->assign($attrs,$this->$attrs);
+      if(get_magic_quotes_gpc()){
+        $smarty->assign($attrs,stripslashes($this->$attrs));
+      }else{
+        $smarty->assign($attrs,($this->$attrs));
+      }
     }
 
+
     $display.= $smarty->fetch(get_template_path('faiTemplate.tpl', TRUE));
     return($display);
   }

diff --git a/plugins/admin/fai/class_faiTemplateEntry.inc b/plugins/admin/fai/class_faiTemplateEntry.inc
index 7176ffbcdb3f1ca12e3d131deba76bc6145c99e8..200e0074a6ee3256942c140372d01e29b1c821f0 100644 (file)
--- a/plugins/admin/fai/class_faiTemplateEntry.inc
+++ b/plugins/admin/fai/class_faiTemplateEntry.inc
@@ -56,12 +56,19 @@ class faiTemplateEntry extends plugin
     }
     $smarty->assign("status",$status);
 
+    /* Magic quotes GPC, escapes every ' " \, to solve some security risks 
+     * If we post the escaped strings they will be escaped again
+     */
     foreach($this->attributes as $attrs){
-      $smarty->assign($attrs,stripslashes($this->$attrs));
+      if(get_magic_quotes_gpc()){
+        $smarty->assign($attrs,stripslashes($this->$attrs));
+      }else{
+        $smarty->assign($attrs,($this->$attrs));
+      }
     }
 
     $smarty->assign("Object_FAItemplateFile","");
-  
+
     for($i =1 ; $i <= 100 ; $i++){
       $Object_FAIprioritys[$i]=$i;
     }