diff --git a/phpmyfaq/admin/group.php b/phpmyfaq/admin/group.php index df01845b88..d7e948ea5a 100644 --- a/phpmyfaq/admin/group.php +++ b/phpmyfaq/admin/group.php @@ -18,6 +18,7 @@ */ use phpMyFAQ\Filter; +use phpMyFAQ\Strings; use phpMyFAQ\User; use phpMyFAQ\User\CurrentUser; @@ -171,7 +172,7 @@

- "" + ""

@@ -226,8 +227,8 @@ $user = new User($faqConfig); $message = ''; $messages = []; - $groupName = Filter::filterInput(INPUT_POST, 'group_name', FILTER_UNSAFE_RAW, ''); - $groupDescription = Filter::filterInput(INPUT_POST, 'group_description', FILTER_UNSAFE_RAW, ''); + $groupName = Filter::filterInput(INPUT_POST, 'group_name', FILTER_SANITIZE_SPECIAL_CHARS, ''); + $groupDescription = Filter::filterInput(INPUT_POST, 'group_description', FILTER_SANITIZE_SPECIAL_CHARS, ''); $groupAutoJoin = Filter::filterInput(INPUT_POST, 'group_auto_join', FILTER_UNSAFE_RAW, ''); $csrfOkay = true; $csrfToken = Filter::filterInput(INPUT_POST, 'csrf', FILTER_UNSAFE_RAW); @@ -236,7 +237,7 @@ $csrfOkay = false; } // check group name - if ($groupName == '') { + if ($groupName === '') { $messages[] = $PMF_LANG['ad_group_error_noName']; } // ok, let's go @@ -336,60 +337,6 @@ perm->hasPermission($user->getUserId(), 'addgroup')) { - $user = new CurrentUser($faqConfig); - $message = ''; - $messages = []; - - // Temporary data - $groupName = 'LDAP Group'; - $groupDescription = 'This is a LDAP group import demo'; - $groupAutoJoin = false; - - $csrfOkay = true; - $csrfToken = Filter::filterInput(INPUT_POST, 'csrf', FILTER_UNSAFE_RAW); - - if (!isset($_SESSION['phpmyfaq_csrf_token']) || $_SESSION['phpmyfaq_csrf_token'] !== $csrfToken) { - $csrfOkay = false; - } - - // check group name - if ($groupName == '') { - $messages[] = $PMF_LANG['ad_group_error_noName']; - } - - // ok, let's go - if (count($messages) == 0 && $csrfOkay) { - // create group - $groupData = [ - 'name' => $groupName, - 'description' => $groupDescription, - 'auto_join' => $groupAutoJoin, - ]; - - if ($user->perm->addGroup($groupData) <= 0) { - $messages[] = $PMF_LANG['ad_adus_dberr']; - } - } - - // no errors, show list - if (count($messages) == 0) { - $groupAction = $defaultGroupAction; - $message = sprintf('

%s

', $PMF_LANG['ad_group_suc']); - // display error messages and show form again - } else { - $groupAction = 'import-ldap-groups'; - $message = '

'; - foreach ($messages as $err) { - $message .= $err . '
'; - } - $message .= '

'; - } -} -*/ - // show list of users if ('list' === $groupAction) { ?> @@ -416,20 +363,6 @@
- -