Updated FAI script

-Do not break special chars in name and description values.
-We right now to write binary scripts too.

git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@18961 594d385d-05f5-0310-b6e9-bd551577e9d8

diff --git a/gosa-plugins/fai/admin/fai/class_faiScript.inc b/gosa-plugins/fai/admin/fai/class_faiScript.inc
index 7256d7298a9a36dd4b21893fb4ed8180352c7d08..7d47a226a36afd5692ef8a36341bd1812fc53af8 100644 (file)
--- a/gosa-plugins/fai/admin/fai/class_faiScript.inc
+++ b/gosa-plugins/fai/admin/fai/class_faiScript.inc
@@ -121,8 +121,6 @@ class faiScript extends plugin
           $var = $ldap->get_attribute($object['dn'], $attrs,$r_array=0);
         }
 
-        /* Fix slashes */
-        $var = addslashes($var);
         $object[$attrs] = $var;
       }
     }
@@ -284,11 +282,7 @@ class faiScript extends plugin
      * If we post the escaped strings they will be escaped again
      */
     foreach($this->attributes as $attrs){
-      if(get_magic_quotes_gpc()){
-        $smarty->assign($attrs,stripslashes($this->$attrs));
-      }else{
-        $smarty->assign($attrs,($this->$attrs));
-      }
+      $smarty->assign($attrs,htmlentities($this->$attrs, ENT_QUOTES, 'utf-8'));
     }
 
     $dn = $this->acl_base_for_current_object($this->dn);
@@ -306,33 +300,6 @@ class faiScript extends plugin
   }
 
 
-  /* Generate listbox friendly SubObject list
-   */
-  function getList($use_dns=false){
-    $a_return=array();
-    foreach($this->SubObjects as $obj){
-      if($obj['status'] != "delete"){
-
-        $cn   = stripslashes($obj['cn']);
-        $desc = "";
-
-        if((isset($obj['description']))&&(!empty($obj['description']))){
-          $desc = " [".stripslashes($obj['description'])."]";
-        }
-
-        if($use_dns){
-          $a_return[$obj['cn']]['name']= $cn.$desc;
-          $a_return[$obj['cn']]['dn']= $obj['dn'];
-          $a_return[$obj['cn']]['FAIpriority']= $obj['FAIpriority'];
-        }else{
-          $a_return[$obj['cn']] =  $cn.$desc;
-        }
-      }
-    }
-    return($a_return);
-  }
-
-
   /* Delete me, and all my subtrees
    */
   function remove_from_parent()
@@ -440,7 +407,7 @@ class faiScript extends plugin
     foreach($Objects as $name => $obj){
 
       foreach($this->sub64coded as $codeIt){
-        $obj[$codeIt]=base64_encode(stripslashes($obj[$codeIt]));
+        $obj[$codeIt]=base64_encode($obj[$codeIt]);
       }
 
       $tmp = array();
@@ -450,11 +417,7 @@ class faiScript extends plugin
         if($obj[$attrs] == ""){
           $obj[$attrs] = array();
         }
-        if(!is_array($obj[$attrs])){
-          $tmp[$attrs] = stripslashes($obj[$attrs]);
-        }else{
-          $tmp[$attrs] = $obj[$attrs];
-        }
+        $tmp[$attrs] = $obj[$attrs];
       }    
 
       $tmp['objectClass'] = $this->subClasses;

diff --git a/gosa-plugins/fai/admin/fai/class_faiScriptEntry.inc b/gosa-plugins/fai/admin/fai/class_faiScriptEntry.inc
index a0ba363c99bb006685447226502687eefeee6e2c..b4da90ddba78d8f8466c2a9f187cf4f792068b19 100644 (file)
--- a/gosa-plugins/fai/admin/fai/class_faiScriptEntry.inc
+++ b/gosa-plugins/fai/admin/fai/class_faiScriptEntry.inc
@@ -17,7 +17,7 @@ class faiScriptEntry extends plugin
   var $status        = "new";
   var $parent        = NULL;
   var $FAIstate      = "";
-  
+
   function faiScriptEntry (&$config, $dn= NULL,$object=false)
   {
     plugin::plugin ($config, NULL);
@@ -25,8 +25,7 @@ class faiScriptEntry extends plugin
       $this->orig_cn= $object['cn'];
       $this->dn=$object['dn'];
       foreach($object as $name=>$value){
-        $oname = $name;
-        $this->$oname=$value;
+        $this->$name=$value;
       }
     }else{
       if(is_array($object)&&count($object)){
@@ -39,7 +38,7 @@ class faiScriptEntry extends plugin
       }else{
 
         $this->status = "new";
-        $this->orig_cn       = false;
+        $this->orig_cn = false;
       }
     }
   }
@@ -61,25 +60,19 @@ class faiScriptEntry extends plugin
       if(($_FILES['ImportFile']['size']==0)){
         msg_dialog::display(_("Error"), msgPool::incorrectUpload(_("file is empty")), ERROR_DIALOG);
       }else{
-        $str = utf8_encode(addslashes(file_get_contents($_FILES['ImportFile']['tmp_name'])));
+        $str = file_get_contents($_FILES['ImportFile']['tmp_name']);
         $this->FAIscript = $str;
       }
     }
-  
-     /* Magic quotes GPC, escapes every ' " \, to solve some security risks
-     * If we post the escaped strings they will be escaped again
-     */
+ 
     foreach($this->attributes as $attrs){
-      if(get_magic_quotes_gpc()){
-        $smarty->assign($attrs,(stripslashes($this->$attrs)));
-      }else{
-        $smarty->assign($attrs,($this->$attrs));
-      }
+      $smarty->assign($attrs, htmlentities($this->$attrs, ENT_QUOTES, 'utf-8'));
     }
+    $smarty->assign('FAIscript', htmlentities($this->FAIscript));
 
     /* File download requested */
     if(isset($_POST['download'])){
-      send_binary_content(stripslashes($this->FAIscript),$this->cn.".FAIscript");
+      send_binary_content($this->FAIscript,$this->cn.".FAIscript");
     }
 
     /* Create download button*/
@@ -98,12 +91,6 @@ class faiScriptEntry extends plugin
       $acl = $this->getacl($name,preg_match("/freeze/i",$this->FAIstate));
       $smarty->assign($name."ACL",$acl);
     }
-
-    if(get_magic_quotes_gpc()){
-      $smarty->assign("FAIscript" , htmlentities(stripslashes($this->FAIscript)));
-    }else{
-      $smarty->assign("FAIscript" , htmlentities($this->FAIscript));
-    }
     $smarty->assign("FAIprioritys",$FAIprioritys);
     $display.= $smarty->fetch(get_template_path('faiScriptEntry.tpl', TRUE));
     return($display);
@@ -112,15 +99,17 @@ class faiScriptEntry extends plugin
   /* Save data to object */
   function save_object()
   {
+    return;
     if((isset($_POST['SubObjectFormSubmitted'])) && !preg_match("/freeze/", $this->FAIstate)){
       foreach($this->attributes as $attrs){
-        if($this->acl_is_writeable($attrs)){
-          if(isset($_POST[$attrs])){
-            $this->$attrs = $_POST[$attrs];
-          }else{
-            $this->$attrs = "";
+          if($this->acl_is_writeable($attrs)){
+
+              if(isset($_POST[$attrs])){
+                  $this->$attrs = get_binary_post($attrs);
+              }else{
+                  $this->$attrs = "";
+              }
           }
-        }
       }
     }
   }
@@ -158,9 +147,6 @@ class faiScriptEntry extends plugin
       $tmp[$attrs] = $this->$attrs;
     }
 
-    /* Strip out dos newlines */
-    $tmp['FAIscript']= strtr($this->FAIscript, array("\x0D" => ""));
-
     if(($this->orig_cn)&&($tmp['cn']!=$this->orig_cn)){
       $tmp['remove']['from']  = $this->orig_cn;
       $tmp['remove']['to']    = $tmp['cn'];

diff --git a/gosa-plugins/fai/admin/fai/faiScriptEntry.tpl b/gosa-plugins/fai/admin/fai/faiScriptEntry.tpl
index 66090f6241ae901d2fb6b418a76011520e7488e3..5f28a307ceea759cafcfd3c7be332c085d5cbdfb 100644 (file)
--- a/gosa-plugins/fai/admin/fai/faiScriptEntry.tpl
+++ b/gosa-plugins/fai/admin/fai/faiScriptEntry.tpl
@@ -1,4 +1,3 @@
-
 <input type="hidden" name="SubObjectFormSubmitted" value="1">
 <table width="100%" summary="{t}FAI script{/t}">
  <tr>
@@ -51,8 +50,8 @@
 <hr>
 <h3><LABEL for="FAIscript">{t}Script{/t}</LABEL>
 </h3>
-{render acl=$FAIscriptACL}<textarea name="FAIscript" style="width:100%;height:300px;" id="FAIscript"                           rows="20" cols="120">
- {$FAIscript}</textarea>
+{render acl=$FAIscriptACL}<textarea name="FAIscript" style="width:100%;height:300px;" id="FAIscript"
+    rows="20" cols="120">{$FAIscript}</textarea>
 {/render}
 <br>
 <div>
@@ -78,4 +77,4 @@
  <button type='submit' name='CancelSubObject'>
  {msgPool type=cancelButton}</button>
 </div><!-- Place cursor -->
-<script language="JavaScript" type="text/javascript"><!-- // First input field on page focus_field('cn','description');  --></script>
\ No newline at end of file
+<script language="JavaScript" type="text/javascript"><!-- // First input field on page focus_field('cn','description');  --></script>