![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6f130a5)
raw | patch | inline | side by side (parent: 6f130a5)
| author | hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8> | |
| Wed, 10 Mar 2010 10:35:45 +0000 (10:35 +0000) | ||
| committer | hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8> | |
| Wed, 10 Mar 2010 10:35:45 +0000 (10:35 +0000) |
git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@16374 594d385d-05f5-0310-b6e9-bd551577e9d8
| gosa-core/include/class_userFilterEditor.inc | patch | blob | history |
diff --git a/gosa-core/include/class_userFilterEditor.inc b/gosa-core/include/class_userFilterEditor.inc
index ffff3e658b3c6fff057b338f7aa93225212a9806..b3fddca9257c85e01a9cea09f8a7be1ab0b932b0 100644 (file)
{
plugin::execute();
$smarty = get_smarty();
- $smarty->assign('name', $this->name);
- $smarty->assign('filter', $this->filter);
+ $smarty->assign('name', htmlentities($this->name));
+ $smarty->assign('filter', htmlentities($this->filter));
$smarty->assign('share', $this->share);
$smarty->assign('enable', $this->enabled);
- $smarty->assign('description', $this->description);
+ $smarty->assign('description', htmlentities($this->description));
$smarty->assign('selectedCategories', $this->selectedCategories);
$smarty->assign('availableCategories', $this->availableCategories);
return($smarty->fetch(get_template_path('userFilterEditor.tpl', FALSE)));
if(isset($_POST['userFilterEditor'])){
// Get posted strings
- foreach(array('name','description','filter') as $attr){
+ foreach(array('name','description') as $attr){
if(isset($_POST[$attr])){
$this->$attr = get_post($attr);
}
}
+ // Filter needs special handling, it may contain charactes like < and >
+ // wich are stipped out by get_post() && validate()
+ if(isset($_POST['filter'])){
+ $f = $_POST['filter'];
+ if(get_magic_quotes_gpc()){
+ $f = stripcslashes($f);
+ }
+ $f = utf8_decode($f);
+ $this->filter = $f;
+ }
+
// Get posted flags
$this->share = isset($_POST['shareFilter']);
$this->enable = isset($_POST['enableFilter']);