From ca3f00b23e088e05ace1f2493ca412f1eccf949c Mon Sep 17 00:00:00 2001 From: hickert Date: Thu, 8 Jul 2010 11:10:47 +0000 Subject: [PATCH] Updated FAI script -Do not break special chars in name and description values. -We right now to write binary scripts too. git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@18961 594d385d-05f5-0310-b6e9-bd551577e9d8 --- .../fai/admin/fai/class_faiScript.inc | 43 ++--------------- .../fai/admin/fai/class_faiScriptEntry.inc | 46 +++++++------------ gosa-plugins/fai/admin/fai/faiScriptEntry.tpl | 7 ++- 3 files changed, 22 insertions(+), 74 deletions(-) diff --git a/gosa-plugins/fai/admin/fai/class_faiScript.inc b/gosa-plugins/fai/admin/fai/class_faiScript.inc index 7256d7298..7d47a226a 100644 --- a/gosa-plugins/fai/admin/fai/class_faiScript.inc +++ b/gosa-plugins/fai/admin/fai/class_faiScript.inc @@ -121,8 +121,6 @@ class faiScript extends plugin $var = $ldap->get_attribute($object['dn'], $attrs,$r_array=0); } - /* Fix slashes */ - $var = addslashes($var); $object[$attrs] = $var; } } @@ -284,11 +282,7 @@ class faiScript extends plugin * If we post the escaped strings they will be escaped again */ foreach($this->attributes as $attrs){ - if(get_magic_quotes_gpc()){ - $smarty->assign($attrs,stripslashes($this->$attrs)); - }else{ - $smarty->assign($attrs,($this->$attrs)); - } + $smarty->assign($attrs,htmlentities($this->$attrs, ENT_QUOTES, 'utf-8')); } $dn = $this->acl_base_for_current_object($this->dn); @@ -306,33 +300,6 @@ class faiScript extends plugin } - /* Generate listbox friendly SubObject list - */ - function getList($use_dns=false){ - $a_return=array(); - foreach($this->SubObjects as $obj){ - if($obj['status'] != "delete"){ - - $cn = stripslashes($obj['cn']); - $desc = ""; - - if((isset($obj['description']))&&(!empty($obj['description']))){ - $desc = " [".stripslashes($obj['description'])."]"; - } - - if($use_dns){ - $a_return[$obj['cn']]['name']= $cn.$desc; - $a_return[$obj['cn']]['dn']= $obj['dn']; - $a_return[$obj['cn']]['FAIpriority']= $obj['FAIpriority']; - }else{ - $a_return[$obj['cn']] = $cn.$desc; - } - } - } - return($a_return); - } - - /* Delete me, and all my subtrees */ function remove_from_parent() @@ -440,7 +407,7 @@ class faiScript extends plugin foreach($Objects as $name => $obj){ foreach($this->sub64coded as $codeIt){ - $obj[$codeIt]=base64_encode(stripslashes($obj[$codeIt])); + $obj[$codeIt]=base64_encode($obj[$codeIt]); } $tmp = array(); @@ -450,11 +417,7 @@ class faiScript extends plugin if($obj[$attrs] == ""){ $obj[$attrs] = array(); } - if(!is_array($obj[$attrs])){ - $tmp[$attrs] = stripslashes($obj[$attrs]); - }else{ - $tmp[$attrs] = $obj[$attrs]; - } + $tmp[$attrs] = $obj[$attrs]; } $tmp['objectClass'] = $this->subClasses; diff --git a/gosa-plugins/fai/admin/fai/class_faiScriptEntry.inc b/gosa-plugins/fai/admin/fai/class_faiScriptEntry.inc index a0ba363c9..b4da90ddb 100644 --- a/gosa-plugins/fai/admin/fai/class_faiScriptEntry.inc +++ b/gosa-plugins/fai/admin/fai/class_faiScriptEntry.inc @@ -17,7 +17,7 @@ class faiScriptEntry extends plugin var $status = "new"; var $parent = NULL; var $FAIstate = ""; - + function faiScriptEntry (&$config, $dn= NULL,$object=false) { plugin::plugin ($config, NULL); @@ -25,8 +25,7 @@ class faiScriptEntry extends plugin $this->orig_cn= $object['cn']; $this->dn=$object['dn']; foreach($object as $name=>$value){ - $oname = $name; - $this->$oname=$value; + $this->$name=$value; } }else{ if(is_array($object)&&count($object)){ @@ -39,7 +38,7 @@ class faiScriptEntry extends plugin }else{ $this->status = "new"; - $this->orig_cn = false; + $this->orig_cn = false; } } } @@ -61,25 +60,19 @@ class faiScriptEntry extends plugin if(($_FILES['ImportFile']['size']==0)){ msg_dialog::display(_("Error"), msgPool::incorrectUpload(_("file is empty")), ERROR_DIALOG); }else{ - $str = utf8_encode(addslashes(file_get_contents($_FILES['ImportFile']['tmp_name']))); + $str = file_get_contents($_FILES['ImportFile']['tmp_name']); $this->FAIscript = $str; } } - - /* Magic quotes GPC, escapes every ' " \, to solve some security risks - * If we post the escaped strings they will be escaped again - */ + foreach($this->attributes as $attrs){ - if(get_magic_quotes_gpc()){ - $smarty->assign($attrs,(stripslashes($this->$attrs))); - }else{ - $smarty->assign($attrs,($this->$attrs)); - } + $smarty->assign($attrs, htmlentities($this->$attrs, ENT_QUOTES, 'utf-8')); } + $smarty->assign('FAIscript', htmlentities($this->FAIscript)); /* File download requested */ if(isset($_POST['download'])){ - send_binary_content(stripslashes($this->FAIscript),$this->cn.".FAIscript"); + send_binary_content($this->FAIscript,$this->cn.".FAIscript"); } /* Create download button*/ @@ -98,12 +91,6 @@ class faiScriptEntry extends plugin $acl = $this->getacl($name,preg_match("/freeze/i",$this->FAIstate)); $smarty->assign($name."ACL",$acl); } - - if(get_magic_quotes_gpc()){ - $smarty->assign("FAIscript" , htmlentities(stripslashes($this->FAIscript))); - }else{ - $smarty->assign("FAIscript" , htmlentities($this->FAIscript)); - } $smarty->assign("FAIprioritys",$FAIprioritys); $display.= $smarty->fetch(get_template_path('faiScriptEntry.tpl', TRUE)); return($display); @@ -112,15 +99,17 @@ class faiScriptEntry extends plugin /* Save data to object */ function save_object() { + return; if((isset($_POST['SubObjectFormSubmitted'])) && !preg_match("/freeze/", $this->FAIstate)){ foreach($this->attributes as $attrs){ - if($this->acl_is_writeable($attrs)){ - if(isset($_POST[$attrs])){ - $this->$attrs = $_POST[$attrs]; - }else{ - $this->$attrs = ""; + if($this->acl_is_writeable($attrs)){ + + if(isset($_POST[$attrs])){ + $this->$attrs = get_binary_post($attrs); + }else{ + $this->$attrs = ""; + } } - } } } } @@ -158,9 +147,6 @@ class faiScriptEntry extends plugin $tmp[$attrs] = $this->$attrs; } - /* Strip out dos newlines */ - $tmp['FAIscript']= strtr($this->FAIscript, array("\x0D" => "")); - if(($this->orig_cn)&&($tmp['cn']!=$this->orig_cn)){ $tmp['remove']['from'] = $this->orig_cn; $tmp['remove']['to'] = $tmp['cn']; diff --git a/gosa-plugins/fai/admin/fai/faiScriptEntry.tpl b/gosa-plugins/fai/admin/fai/faiScriptEntry.tpl index 66090f624..5f28a307c 100644 --- a/gosa-plugins/fai/admin/fai/faiScriptEntry.tpl +++ b/gosa-plugins/fai/admin/fai/faiScriptEntry.tpl @@ -1,4 +1,3 @@ - @@ -51,8 +50,8 @@

-{render acl=$FAIscriptACL} +{render acl=$FAIscriptACL} {/render}
@@ -78,4 +77,4 @@
- \ No newline at end of file + -- 2.30.2