![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f7486c4)
raw | patch | inline | side by side (parent: f7486c4)
| author | hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8> | |
| Mon, 31 Mar 2008 09:52:07 +0000 (09:52 +0000) | ||
| committer | hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8> | |
| Mon, 31 Mar 2008 09:52:07 +0000 (09:52 +0000) |
-Fixed download
git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@10079 594d385d-05f5-0310-b6e9-bd551577e9d8
git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@10079 594d385d-05f5-0310-b6e9-bd551577e9d8
diff --git a/gosa-plugins/fai/admin/fai/class_faiHookEntry.inc b/gosa-plugins/fai/admin/fai/class_faiHookEntry.inc
index 679e740b61cedf3581dd62014edc10c72fe2916a..30caab263e1cb696d671c70ff508902b27ce632a 100644 (file)
/* File download requested */
if(isset($_GET['getFAIHook'])){
- send_binary_content($this->FAIscript,$this->cn.".FAIhook");
+ send_binary_content(stripslashes($this->FAIscript),$this->cn.".FAIhook");
}
/* Create download button*/
diff --git a/gosa-plugins/fai/admin/fai/class_faiScript.inc b/gosa-plugins/fai/admin/fai/class_faiScript.inc
index 068ac801fbe7ce7b9d7b33be857d7d2bcc5b7489..ce8a710a4f6ae59f2dd49e004811aae98a799996 100644 (file)
/* File download requested */
if(isset($_GET['getFAIscript'])){
- if(isset($this->SubObjects[$_GET['getFAIscript']])){
- $obj = $this->SubObjects[$_GET['getFAIscript']];
+ if(isset($this->SubObjects[base64_decode($_GET['getFAIscript'])])){
+ $obj = $this->SubObjects[base64_decode($_GET['getFAIscript'])];
$obj = $this->get_object_attributes($obj,$this->sub_Load_Later);
- send_binary_content($obj['FAIscript'],$obj['cn'].".FAIscript");
+ send_binary_content(stripslashes($obj['FAIscript']),$obj['cn'].".FAIscript");
}
}
}
if(isset($_GET['act']) && $_GET['act'] == "edit" && isset($_GET['id'])){
- $s_entry = $_GET['id'];
+ $s_entry = base64_decode($_GET['id']);
if(isset($this->SubObjects[$s_entry])){
$s_action = "edit";
}
if(($this->SubObjects[$key]['status'] == "new") || ($this->SubObjects[$key]['dn'] == "new") || !preg_match("/r/",$s_acl)){
$down = "";
}else{
- $down = "<a href='?plug=".$_GET['plug']."&getFAIscript=".$key."'>
+ $down = "<a href='?plug=".$_GET['plug']."&getFAIscript=".base64_encode($key)."'>
<img src='images/save.png' alt='"._("Download")."' title='"._("Download")."' border=0>
</a>";
}
/* Check if we are allowed to view this object */
$s_acl = $this->ui->get_permissions($dn,"fai/faiScriptEntry","cn") ;
if(preg_match("/r/",$s_acl)){
- $divlist->AddEntry(array( array("string"=>"<a href='?plug=".$_GET['plug']."&act=edit&id=".$key."'>".$name['name']."</a>"),
+ $divlist->AddEntry(array( array("string"=>"<a href='?plug=".$_GET['plug']."&act=edit&id=".base64_decode($key)."'>".$name['name']."</a>"),
array("string"=>$name['FAIpriority'] , "attach" => "style='width:100px;'"),
array("string"=>$down , "attach" => "style='width:100px;'"),
array("string"=>str_replace("%s",base64_encode($key),$act),
}
$smarty->assign("Entry_divlist",$divlist->DrawList());
-
/* Magic quotes GPC, escapes every ' " \, to solve some security risks
* If we post the escaped strings they will be escaped again
*/
return($display);
}
+
/* Generate listbox friendly SubObject list
*/
function getList($use_dns=false){
$a_return=array();
foreach($this->SubObjects as $obj){
if($obj['status'] != "delete"){
+
+ $cn = stripslashes($obj['cn']);
+ $desc = "";
+
+ if((isset($obj['description']))&&(!empty($obj['description']))){
+ $desc = " [".stripslashes($obj['description'])."]";
+ }
+
if($use_dns){
- if((isset($obj['description']))&&(!empty($obj['description']))){
- $a_return[$obj['cn']]['name']= $obj['cn']." [".stripslashes($obj['description'])."]";
- }else{
- $a_return[$obj['cn']]['name']= $obj['cn'];
- }
+ $a_return[$obj['cn']]['name']= $cn.$desc;
$a_return[$obj['cn']]['dn']= $obj['dn'];
$a_return[$obj['cn']]['FAIpriority']= $obj['FAIpriority'];
}else{
- if((isset($obj['description']))&&(!empty($obj['description']))){
- $a_return[$obj['cn']]= $obj['cn']." [".stripslashes($obj['description'])."]";
- }else{
- $a_return[$obj['cn']]= $obj['cn'];
- }
+ $a_return[$obj['cn']] = $cn.$desc;
}
}
}
return($a_return);
}
+
/* Delete me, and all my subtrees
*/
function remove_from_parent()
diff --git a/gosa-plugins/fai/admin/fai/class_faiScriptEntry.inc b/gosa-plugins/fai/admin/fai/class_faiScriptEntry.inc
index cca08093d7dee93c0a1f9e3bbb8ef3db8a4a88f0..51a42682906c548f0e93a7e915b89c9fc3fa272c 100644 (file)
}
}
+ /* Magic quotes GPC, escapes every ' " \, to solve some security risks
+ * If we post the escaped strings they will be escaped again
+ */
foreach($this->attributes as $attrs){
if(get_magic_quotes_gpc()){
- $smarty->assign($attrs,stripslashes($this->$attrs));
+ $smarty->assign($attrs,(stripslashes($this->$attrs)));
}else{
- $smarty->assign($attrs,($this->$attrs));
- }
+ $smarty->assign($attrs,($this->$attrs));
+ }
}
/* File download requested */
if(isset($_GET['getFAIScript'])){
- send_binary_content($this->FAIscript,$this->cn.".FAIscript");
+ send_binary_content(stripslashes($this->FAIscript),$this->cn.".FAIscript");
}
/* Create download button*/
$smarty->assign($name."ACL",$acl);
}
- $smarty->assign("FAIprioritys",$FAIprioritys);
if(get_magic_quotes_gpc()){
$smarty->assign("FAIscript" , htmlentities(stripslashes($this->FAIscript)));
}else{
$smarty->assign("FAIscript" , htmlentities($this->FAIscript));
}
+ $smarty->assign("FAIprioritys",$FAIprioritys);
$display.= $smarty->fetch(get_template_path('faiScriptEntry.tpl', TRUE));
return($display);
}