From 95da2e8af250c25b99485fd5b000d30fcb4fa200 Mon Sep 17 00:00:00 2001
From: hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
Date: Wed, 10 Mar 2010 10:35:45 +0000
Subject: [PATCH] Allow to use special chars in filter definition

git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@16374 594d385d-05f5-0310-b6e9-bd551577e9d8
---
 gosa-core/include/class_userFilterEditor.inc | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/gosa-core/include/class_userFilterEditor.inc b/gosa-core/include/class_userFilterEditor.inc
index ffff3e658..b3fddca92 100644
--- a/gosa-core/include/class_userFilterEditor.inc
+++ b/gosa-core/include/class_userFilterEditor.inc
@@ -64,11 +64,11 @@ class userFilterEditor extends plugin
   {
     plugin::execute();
     $smarty = get_smarty();
-    $smarty->assign('name', $this->name);
-    $smarty->assign('filter', $this->filter);
+    $smarty->assign('name', htmlentities($this->name));
+    $smarty->assign('filter', htmlentities($this->filter));
     $smarty->assign('share', $this->share);
     $smarty->assign('enable', $this->enabled);
-    $smarty->assign('description', $this->description);
+    $smarty->assign('description', htmlentities($this->description));
     $smarty->assign('selectedCategories', $this->selectedCategories);
     $smarty->assign('availableCategories', $this->availableCategories);
     return($smarty->fetch(get_template_path('userFilterEditor.tpl', FALSE)));
@@ -82,12 +82,23 @@ class userFilterEditor extends plugin
     if(isset($_POST['userFilterEditor'])){
 
       // Get posted strings
-      foreach(array('name','description','filter') as $attr){
+      foreach(array('name','description') as $attr){
         if(isset($_POST[$attr])){
           $this->$attr = get_post($attr);
         }
       }
 
+      // Filter needs special handling, it may contain charactes like < and >
+      //  wich are stipped out by get_post() && validate()
+      if(isset($_POST['filter'])){
+        $f = $_POST['filter'];
+        if(get_magic_quotes_gpc()){
+          $f = stripcslashes($f);
+        }
+        $f = utf8_decode($f);
+        $this->filter = $f;
+      }
+
       // Get posted flags 
       $this->share = isset($_POST['shareFilter']);
       $this->enable = isset($_POST['enableFilter']);
-- 
2.30.2