don't apply preventXSS on 'filter' parameters in export and search (#168)

fixes #98

Author: bendem

htdocs/copy.php

@@ -41,7 +41,7 @@
 $request['remove'] = (get_request('remove') == 'yes') ? true : false;
 
 if ($request['recursive']) {
-	$filter = get_request('filter','POST',false,'(objectClass=*)');
+	$filter = get_request('filter','POST',false,'(objectClass=*)',false);
 
 	# Build a tree similar to that of the tree browser to give to r_copy_dn
 	$ldap['tree'] = array();

htdocs/export_form.php

@@ -17,7 +17,7 @@
 $request['format'] = get_request('format','GET',false,get_line_end_format());
 $request['scope'] = get_request('scope','GET',false,'base');
 $request['exporter_id'] = get_request('exporter_id','GET',false,'LDIF');
-$request['filter'] = get_request('filter','GET',false,'(objectClass=*)');
+$request['filter'] = get_request('filter','GET',false,'(objectClass=*)',false);
 $request['attr'] = get_request('attributes','GET',false,'*');
 $request['sys_attr'] = get_request('sys_attr','GET') ? true: false;
 

lib/Query.php

@@ -134,7 +134,7 @@ public function accept() {
 		# If this is a custom search, we need to populate are paramters
 		if ($this->getID() == 'none') {
 			$bases = get_request('base','REQUEST',false,null);
-			$query['filter'] = get_request('filter','REQUEST',false,'objectClass=*');
+			$query['filter'] = get_request('filter','REQUEST',false,'objectClass=*',false);
 			$query['scope'] = get_request('scope','REQUEST',false,'sub');
 			$attrs = get_request('display_attrs','REQUEST',false,'');
 

lib/export_functions.php

@@ -125,7 +125,7 @@ public function accept() {
 		$query = array();
 		$base = get_request('dn','REQUEST');
 		$query['baseok'] = true;
-		$query['filter'] = get_request('filter','REQUEST',false,'objectclass=*');
+		$query['filter'] = get_request('filter','REQUEST',false,'objectclass=*',false);
 		$query['scope'] = get_request('scope','REQUEST',false,'base');
 		$query['deref'] = $_SESSION[APPCONFIG]->getValue('deref','export');
 		$query['size_limit'] = 0;