From 9d9b7d9b69df65c5542157bbf1df42879dd8bc40 Mon Sep 17 00:00:00 2001 From: hickert Date: Mon, 31 Mar 2008 09:52:07 +0000 Subject: [PATCH] Fixed Script/Hook slash handling -Fixed download git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@10079 594d385d-05f5-0310-b6e9-bd551577e9d8 --- .../fai/admin/fai/class_faiHookEntry.inc | 2 +- .../fai/admin/fai/class_faiScript.inc | 35 ++++++++++--------- .../fai/admin/fai/class_faiScriptEntry.inc | 13 ++++--- 3 files changed, 27 insertions(+), 23 deletions(-) diff --git a/gosa-plugins/fai/admin/fai/class_faiHookEntry.inc b/gosa-plugins/fai/admin/fai/class_faiHookEntry.inc index 679e740b6..30caab263 100644 --- a/gosa-plugins/fai/admin/fai/class_faiHookEntry.inc +++ b/gosa-plugins/fai/admin/fai/class_faiHookEntry.inc @@ -76,7 +76,7 @@ class faiHookEntry extends plugin /* File download requested */ if(isset($_GET['getFAIHook'])){ - send_binary_content($this->FAIscript,$this->cn.".FAIhook"); + send_binary_content(stripslashes($this->FAIscript),$this->cn.".FAIhook"); } /* Create download button*/ diff --git a/gosa-plugins/fai/admin/fai/class_faiScript.inc b/gosa-plugins/fai/admin/fai/class_faiScript.inc index 068ac801f..ce8a710a4 100644 --- a/gosa-plugins/fai/admin/fai/class_faiScript.inc +++ b/gosa-plugins/fai/admin/fai/class_faiScript.inc @@ -164,10 +164,10 @@ class faiScript extends plugin /* File download requested */ if(isset($_GET['getFAIscript'])){ - if(isset($this->SubObjects[$_GET['getFAIscript']])){ - $obj = $this->SubObjects[$_GET['getFAIscript']]; + if(isset($this->SubObjects[base64_decode($_GET['getFAIscript'])])){ + $obj = $this->SubObjects[base64_decode($_GET['getFAIscript'])]; $obj = $this->get_object_attributes($obj,$this->sub_Load_Later); - send_binary_content($obj['FAIscript'],$obj['cn'].".FAIscript"); + send_binary_content(stripslashes($obj['FAIscript']),$obj['cn'].".FAIscript"); } } @@ -193,7 +193,7 @@ class faiScript extends plugin } if(isset($_GET['act']) && $_GET['act'] == "edit" && isset($_GET['id'])){ - $s_entry = $_GET['id']; + $s_entry = base64_decode($_GET['id']); if(isset($this->SubObjects[$s_entry])){ $s_action = "edit"; } @@ -368,7 +368,7 @@ class faiScript extends plugin if(($this->SubObjects[$key]['status'] == "new") || ($this->SubObjects[$key]['dn'] == "new") || !preg_match("/r/",$s_acl)){ $down = ""; }else{ - $down = " + $down = " "._("Download")." "; } @@ -376,7 +376,7 @@ class faiScript extends plugin /* Check if we are allowed to view this object */ $s_acl = $this->ui->get_permissions($dn,"fai/faiScriptEntry","cn") ; if(preg_match("/r/",$s_acl)){ - $divlist->AddEntry(array( array("string"=>"".$name['name'].""), + $divlist->AddEntry(array( array("string"=>"".$name['name'].""), array("string"=>$name['FAIpriority'] , "attach" => "style='width:100px;'"), array("string"=>$down , "attach" => "style='width:100px;'"), array("string"=>str_replace("%s",base64_encode($key),$act), @@ -385,7 +385,6 @@ class faiScript extends plugin } $smarty->assign("Entry_divlist",$divlist->DrawList()); - /* Magic quotes GPC, escapes every ' " \, to solve some security risks * If we post the escaped strings they will be escaped again */ @@ -411,32 +410,34 @@ class faiScript extends plugin return($display); } + /* Generate listbox friendly SubObject list */ function getList($use_dns=false){ $a_return=array(); foreach($this->SubObjects as $obj){ if($obj['status'] != "delete"){ + + $cn = stripslashes($obj['cn']); + $desc = ""; + + if((isset($obj['description']))&&(!empty($obj['description']))){ + $desc = " [".stripslashes($obj['description'])."]"; + } + if($use_dns){ - if((isset($obj['description']))&&(!empty($obj['description']))){ - $a_return[$obj['cn']]['name']= $obj['cn']." [".stripslashes($obj['description'])."]"; - }else{ - $a_return[$obj['cn']]['name']= $obj['cn']; - } + $a_return[$obj['cn']]['name']= $cn.$desc; $a_return[$obj['cn']]['dn']= $obj['dn']; $a_return[$obj['cn']]['FAIpriority']= $obj['FAIpriority']; }else{ - if((isset($obj['description']))&&(!empty($obj['description']))){ - $a_return[$obj['cn']]= $obj['cn']." [".stripslashes($obj['description'])."]"; - }else{ - $a_return[$obj['cn']]= $obj['cn']; - } + $a_return[$obj['cn']] = $cn.$desc; } } } return($a_return); } + /* Delete me, and all my subtrees */ function remove_from_parent() diff --git a/gosa-plugins/fai/admin/fai/class_faiScriptEntry.inc b/gosa-plugins/fai/admin/fai/class_faiScriptEntry.inc index cca08093d..51a426829 100644 --- a/gosa-plugins/fai/admin/fai/class_faiScriptEntry.inc +++ b/gosa-plugins/fai/admin/fai/class_faiScriptEntry.inc @@ -70,17 +70,20 @@ class faiScriptEntry extends plugin } } + /* Magic quotes GPC, escapes every ' " \, to solve some security risks + * If we post the escaped strings they will be escaped again + */ foreach($this->attributes as $attrs){ if(get_magic_quotes_gpc()){ - $smarty->assign($attrs,stripslashes($this->$attrs)); + $smarty->assign($attrs,(stripslashes($this->$attrs))); }else{ - $smarty->assign($attrs,($this->$attrs)); - } + $smarty->assign($attrs,($this->$attrs)); + } } /* File download requested */ if(isset($_GET['getFAIScript'])){ - send_binary_content($this->FAIscript,$this->cn.".FAIscript"); + send_binary_content(stripslashes($this->FAIscript),$this->cn.".FAIscript"); } /* Create download button*/ @@ -105,12 +108,12 @@ class faiScriptEntry extends plugin $smarty->assign($name."ACL",$acl); } - $smarty->assign("FAIprioritys",$FAIprioritys); if(get_magic_quotes_gpc()){ $smarty->assign("FAIscript" , htmlentities(stripslashes($this->FAIscript))); }else{ $smarty->assign("FAIscript" , htmlentities($this->FAIscript)); } + $smarty->assign("FAIprioritys",$FAIprioritys); $display.= $smarty->fetch(get_template_path('faiScriptEntry.tpl', TRUE)); return($display); } -- 2.30.2