From 633a0e87e3860c751b571c20eb0555c90db2da5f Mon Sep 17 00:00:00 2001 From: Roland Gruber Date: Mon, 16 Feb 2004 19:50:22 +0000 Subject: [PATCH] fixed bug with magic_quotes_gpc Off --- lam/templates/domain.php | 6 ++++-- lam/templates/initsuff.php | 6 ++++-- lam/templates/lists/userlink.php | 3 ++- lam/templates/profedit/profilemain.php | 4 ++-- 4 files changed, 12 insertions(+), 7 deletions(-) diff --git a/lam/templates/domain.php b/lam/templates/domain.php index d9d1310e..ad68d9b6 100644 --- a/lam/templates/domain.php +++ b/lam/templates/domain.php @@ -40,7 +40,8 @@ if (($_GET['action'] == "edit") || ($_GET['action'] == "new")) { $domsuff = $_SESSION['ldap']->search_units($_SESSION['config']->get_domainSuffix()); if ($_GET['action'] == "edit") { // remove "\'" - $_GET['DN'] = str_replace("\\'", "", $_GET['DN']); + $_GET['DN'] = str_replace("\\", "", $_GET['DN']); + $_GET['DN'] = str_replace("'", "", $_GET['DN']); // load attributes from domain for ($i = 0; $i < sizeof($domlist); $i++) { if ($domlist[$i]->dn == $_GET['DN']) { @@ -185,7 +186,8 @@ if (($_GET['action'] == "edit") || ($_GET['action'] == "new")) { // delete domain, ask if sure elseif ($_GET['action'] == "delete") { // remove "\'" and make array - $DNs = str_replace("\\'", "", $_GET['DN']); + $DNs = str_replace("\\", "", $_GET['DN']); + $DNs = str_replace("'", "", $DNs); $DNs = explode(";", $DNs); // display page echo $_SESSION['header']; diff --git a/lam/templates/initsuff.php b/lam/templates/initsuff.php index 30890fe6..dedad13b 100644 --- a/lam/templates/initsuff.php +++ b/lam/templates/initsuff.php @@ -39,7 +39,8 @@ if ($_POST['add_suff'] || $_POST['cancel']) { $fail = array(); $errors = array(); $new_suff = $_POST['new_suff']; - $new_suff = str_replace("\\'", "", $new_suff); + $new_suff = str_replace("\\", "", $new_suff); + $new_suff = str_replace("'", "", $new_suff); $new_suff = explode(";", $new_suff); // add entries for ($i = 0; $i < sizeof($new_suff); $i++) { @@ -176,7 +177,8 @@ if ($_POST['add_suff'] || $_POST['cancel']) { // first show of page $new_suff = $_GET['suffs']; -$new_suff = str_replace("\\'", "", $new_suff); +$new_suff = str_replace("\\", "", $new_suff); +$new_suff = str_replace("'", "", $new_suff); $new_suff = explode(";", $new_suff); echo $_SESSION['header']; diff --git a/lam/templates/lists/userlink.php b/lam/templates/lists/userlink.php index 106d37cb..f633ba02 100644 --- a/lam/templates/lists/userlink.php +++ b/lam/templates/lists/userlink.php @@ -34,7 +34,8 @@ setlanguage(); // get user name $user = $_GET['user']; -$user = str_replace("\'", '',$user); +$user = str_replace("\\", '',$user); +$user = str_replace("'", '',$user); // get DN of user $dn = $_SESSION['ldap']->search_username($user); diff --git a/lam/templates/profedit/profilemain.php b/lam/templates/profedit/profilemain.php index ff51da1c..3dd0e10e 100644 --- a/lam/templates/profedit/profilemain.php +++ b/lam/templates/profedit/profilemain.php @@ -49,11 +49,11 @@ if ($_POST['forward'] == "yes") { elseif ($_POST['submit']) { // create new user profile if ($_POST['profile'] == "newuser") { - metaRefresh("profileuser.php"); + metaRefresh("profilepage.php?type=user"); } // edit user profile elseif($_POST['profile'] == "edituser") { - metaRefresh("profileuser.php?edit=" . $_POST['e_user']); + metaRefresh("profileuser.php?type=user&edit=" . $_POST['e_user']); } // delete user profile elseif($_POST['profile'] == "deluser") {