From 37b9ba6c41c1a84cbbd4da1b57e9af9667743e4d Mon Sep 17 00:00:00 2001
From: hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
Date: Fri, 7 Oct 2005 06:19:28 +0000
Subject: [PATCH] Added magic_quotes fix for Profile

git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@1523 594d385d-05f5-0310-b6e9-bd551577e9d8
---
 plugins/admin/fai/class_faiProfile.inc      | 11 +++++++++--
 plugins/admin/fai/class_faiProfileEntry.inc | 10 ++++++++--
 2 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/plugins/admin/fai/class_faiProfile.inc b/plugins/admin/fai/class_faiProfile.inc
index 4b2d26df9..5ca3329b1 100644
--- a/plugins/admin/fai/class_faiProfile.inc
+++ b/plugins/admin/fai/class_faiProfile.inc
@@ -170,11 +170,18 @@ class faiProfile extends plugin
     $smarty->assign("divlisthead" ,$listhead);
     $smarty->assign("divlist"     ,$divlist->DrawList());
 
-    /* Assign variables */
+     /* Magic quotes GPC, escapes every ' " \, to solve some security risks
+     * If we post the escaped strings they will be escaped again
+     */
     foreach($this->attributes as $attrs){
-      $smarty->assign($attrs,$this->$attrs);
+      if(get_magic_quotes_gpc()){
+        $smarty->assign($attrs,stripslashes($this->$attrs));
+      }else{
+        $smarty->assign($attrs,($this->$attrs));
+      }
     }
 
+
     $display.= $smarty->fetch(get_template_path('faiProfile.tpl', TRUE));
     return($display);
   }
diff --git a/plugins/admin/fai/class_faiProfileEntry.inc b/plugins/admin/fai/class_faiProfileEntry.inc
index b38614e3b..24298a312 100644
--- a/plugins/admin/fai/class_faiProfileEntry.inc
+++ b/plugins/admin/fai/class_faiProfileEntry.inc
@@ -117,9 +117,15 @@ class faiProfileEntry extends plugin
     $objTypes['FAIpackages']        = "<image src='images/fai_packages.png' title='"._("Package bundle")."' alt=''>&nbsp;";
     $objTypes['FAIpartitionTable']  = "<image src='images/fai_partitionTable.png' title='"._("Partition table")."' alt=''>&nbsp;";
 
-    /* assign basic attributes */
+    /* Magic quotes GPC, escapes every ' " \, to solve some security risks
+     * If we post the escaped strings they will be escaped again
+     */
     foreach($this->attributes as $attrs){
-      $smarty->assign($attrs,stripslashes($this->$attrs));
+      if(get_magic_quotes_gpc()){
+        $smarty->assign($attrs,stripslashes($this->$attrs));
+      }else{
+        $smarty->assign($attrs,($this->$attrs));
+      }
     }
 
     /* Assign all filter attributes to smarty */
-- 
2.30.2