From: hickert Date: Fri, 7 Oct 2005 06:13:45 +0000 (+0000) Subject: Fixed magic_quotes_gpc escaping in faiTemplate faiTemplateEntry faiScript faiScriptEntry X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=49899e00578701e9a43eb950074551bb54116f5c;p=gosa.git Fixed magic_quotes_gpc escaping in faiTemplate faiTemplateEntry faiScript faiScriptEntry git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@1521 594d385d-05f5-0310-b6e9-bd551577e9d8 --- diff --git a/plugins/admin/fai/class_faiScript.inc b/plugins/admin/fai/class_faiScript.inc index 8d129f54e..03f27c199 100644 --- a/plugins/admin/fai/class_faiScript.inc +++ b/plugins/admin/fai/class_faiScript.inc @@ -144,9 +144,16 @@ class faiScript extends plugin $smarty->assign("SubObjects",$this->getList()); $smarty->assign("SubObjectKeys",array_flip($this->getList())); - /* Assign variables */ + + /* Magic quotes GPC, escapes every ' " \, to solve some security risks + * If we post the escaped strings they will be escaped again + */ foreach($this->attributes as $attrs){ - $smarty->assign($attrs,$this->$attrs); + if(get_magic_quotes_gpc()){ + $smarty->assign($attrs,stripslashes($this->$attrs)); + }else{ + $smarty->assign($attrs,($this->$attrs)); + } } $display.= $smarty->fetch(get_template_path('faiScript.tpl', TRUE)); diff --git a/plugins/admin/fai/class_faiScriptEntry.inc b/plugins/admin/fai/class_faiScriptEntry.inc index 9f93babfa..3dfe4013e 100644 --- a/plugins/admin/fai/class_faiScriptEntry.inc +++ b/plugins/admin/fai/class_faiScriptEntry.inc @@ -56,9 +56,12 @@ class faiScriptEntry extends plugin } - foreach($this->attributes as $attrs){ - $smarty->assign($attrs,stripslashes($this->$attrs)); + if(get_magic_quotes_gpc()){ + $smarty->assign($attrs,stripslashes($this->$attrs)); + }else{ + $smarty->assign($attrs,($this->$attrs)); + } } for($i =1 ; $i <= 100 ; $i++){ diff --git a/plugins/admin/fai/class_faiTemplate.inc b/plugins/admin/fai/class_faiTemplate.inc index f2950242b..fd30c52e0 100644 --- a/plugins/admin/fai/class_faiTemplate.inc +++ b/plugins/admin/fai/class_faiTemplate.inc @@ -146,11 +146,19 @@ class faiTemplate extends plugin $smarty->assign("SubObjects",$this->getList()); $smarty->assign("SubObjectKeys",array_flip($this->getList())); - /* Assign variables */ + + /* Magic quotes GPC, escapes every ' " \, to solve some security risks + * If we post the escaped strings they will be escaped again + */ foreach($this->attributes as $attrs){ - $smarty->assign($attrs,$this->$attrs); + if(get_magic_quotes_gpc()){ + $smarty->assign($attrs,stripslashes($this->$attrs)); + }else{ + $smarty->assign($attrs,($this->$attrs)); + } } + $display.= $smarty->fetch(get_template_path('faiTemplate.tpl', TRUE)); return($display); } diff --git a/plugins/admin/fai/class_faiTemplateEntry.inc b/plugins/admin/fai/class_faiTemplateEntry.inc index 7176ffbcd..200e0074a 100644 --- a/plugins/admin/fai/class_faiTemplateEntry.inc +++ b/plugins/admin/fai/class_faiTemplateEntry.inc @@ -56,12 +56,19 @@ class faiTemplateEntry extends plugin } $smarty->assign("status",$status); + /* Magic quotes GPC, escapes every ' " \, to solve some security risks + * If we post the escaped strings they will be escaped again + */ foreach($this->attributes as $attrs){ - $smarty->assign($attrs,stripslashes($this->$attrs)); + if(get_magic_quotes_gpc()){ + $smarty->assign($attrs,stripslashes($this->$attrs)); + }else{ + $smarty->assign($attrs,($this->$attrs)); + } } $smarty->assign("Object_FAItemplateFile",""); - + for($i =1 ; $i <= 100 ; $i++){ $Object_FAIprioritys[$i]=$i; }