From 02a32f798cccc3e04b0a37fed3ebc4ae4bd4658a Mon Sep 17 00:00:00 2001 From: kevin_fourie Date: Wed, 13 Jun 2007 10:34:34 +0000 Subject: [PATCH] KTS-2088 "The " in the name of a Document Type, Transition or State does not reflect in Edit mode" Fixed with lots of other similar issues. --- lib/actions/bulkaction.php | 8 +++++--- lib/actions/documentaction.inc.php | 7 ++++--- lib/actions/folderaction.inc.php | 7 ++++--- lib/authentication/authenticationprovider.inc.php | 3 ++- lib/authentication/authenticationsource.inc.php | 5 +++-- lib/authentication/interceptor.inc.php | 3 ++- lib/authentication/interceptorinstances.inc.php | 5 +++-- lib/browse/Criteria.inc | 4 +++- lib/browse/advancedcolumns.inc.php | 4 +++- lib/documentmanagement/DocumentField.inc | 9 +++++---- lib/documentmanagement/DocumentFieldLink.inc | 2 +- lib/documentmanagement/DocumentTransactionType.inc.php | 5 +++-- lib/documentmanagement/DocumentType.inc | 6 ++++-- lib/documentmanagement/LinkType.inc | 13 +++++++------ lib/documentmanagement/MDTree.inc | 5 +++-- lib/documentmanagement/MetaData.inc | 7 +++++-- lib/documentmanagement/documentmetadataversion.inc.php | 1 + lib/foldermanagement/Folder.inc | 1 + lib/groups/Group.inc | 5 +++-- lib/help/helpreplacement.inc.php | 13 +++++++------ lib/metadata/fieldbehaviour.inc.php | 9 +++++---- lib/metadata/fieldset.inc.php | 9 +++++---- lib/permissions/permission.inc.php | 9 +++++---- lib/roles/Role.inc | 5 +++-- lib/search/savedsearch.inc.php | 5 +++-- lib/unitmanagement/Unit.inc | 6 ++++-- lib/users/User.inc | 21 +++++++++++---------- lib/workflow/workflow.inc.php | 9 +++++---- lib/workflow/workflowstate.inc.php | 9 +++++---- lib/workflow/workflowtransition.inc.php | 9 +++++---- lib/workflow/workflowtrigger.inc.php | 3 ++- plugins/ktcore/KTDocumentActions.php | 8 ++++---- plugins/ktcore/admin/workflowsv2.php | 6 +++--- preferences.php | 4 ++-- 34 files changed, 131 insertions(+), 94 deletions(-) diff --git a/lib/actions/bulkaction.php b/lib/actions/bulkaction.php index 8083f58..a35374b 100644 --- a/lib/actions/bulkaction.php +++ b/lib/actions/bulkaction.php @@ -41,6 +41,8 @@ require_once(KT_LIB_DIR . '/documentmanagement/documentutil.inc.php'); require_once(KT_LIB_DIR . '/widgets/forms.inc.php'); +require_once(KT_LIB_DIR . "/util/sanitize.inc"); + class KTBulkAction extends KTStandardDispatcher { var $sName; var $sDescription; @@ -119,15 +121,15 @@ class KTBulkAction extends KTStandardDispatcher { } function getName() { - return $this->sName; + return sanitizeForSQLtoHTML($this->sName); } function getDisplayName() { - return $this->sDisplayName; + return sanitizeForSQLtoHTML($this->sDisplayName); } function getDescription() { - return $this->sDescription; + return sanitizeForSQLtoHTML($this->sDescription); } function customiseInfo($aInfo) { diff --git a/lib/actions/documentaction.inc.php b/lib/actions/documentaction.inc.php index 63468a7..208804b 100644 --- a/lib/actions/documentaction.inc.php +++ b/lib/actions/documentaction.inc.php @@ -33,6 +33,7 @@ require_once(KT_LIB_DIR . '/actions/actionregistry.inc.php'); require_once(KT_LIB_DIR . '/workflow/workflowutil.inc.php'); require_once(KT_LIB_DIR . '/dispatcher.inc.php'); require_once(KT_LIB_DIR . '/browse/browseutil.inc.php'); +require_once(KT_LIB_DIR . "/util/sanitize.inc"); class KTDocumentAction extends KTStandardDispatcher { var $sName; @@ -147,17 +148,17 @@ class KTDocumentAction extends KTStandardDispatcher { } function getName() { - return $this->sName; + return sanitizeForSQLtoHTML($this->sName); } function getDisplayName() { // Should be overridden by the i18nised display name // This is here solely for backwards compatibility - return $this->sDisplayName; + return sanitizeForSQLtoHTML($this->sDisplayName); } function getDescription() { - return $this->sDescription; + return sanitizeForSQLtoHTML($this->sDescription); } function customiseInfo($aInfo) { diff --git a/lib/actions/folderaction.inc.php b/lib/actions/folderaction.inc.php index 4152d86..d4c6d67 100644 --- a/lib/actions/folderaction.inc.php +++ b/lib/actions/folderaction.inc.php @@ -32,6 +32,7 @@ require_once(KT_LIB_DIR . '/dispatcher.inc.php'); require_once(KT_LIB_DIR . '/actions/actionregistry.inc.php'); require_once(KT_LIB_DIR . '/browse/browseutil.inc.php'); +require_once(KT_LIB_DIR . "/util/sanitize.inc"); class KTFolderAction extends KTStandardDispatcher { var $sName; @@ -111,17 +112,17 @@ class KTFolderAction extends KTStandardDispatcher { } function getName() { - return $this->sName; + return sanitizeForSQLtoHTML($this->sName); } function getDisplayName() { // This should be overridden by the i18nised display name // This implementation is only here for backwards compatibility - return $this->sDisplayName; + return sanitizeForSQLtoHTML($this->sDisplayName); } function getDescription() { - return $this->sDescription; + return sanitizeForSQLtoHTML($this->sDescription); } function customiseInfo($aInfo) { diff --git a/lib/authentication/authenticationprovider.inc.php b/lib/authentication/authenticationprovider.inc.php index 7589498..923042b 100644 --- a/lib/authentication/authenticationprovider.inc.php +++ b/lib/authentication/authenticationprovider.inc.php @@ -30,6 +30,7 @@ */ require_once(KT_LIB_DIR . '/dispatcher.inc.php'); +require_once(KT_LIB_DIR . "/util/sanitize.inc"); class KTAuthenticationProvider extends KTStandardDispatcher { var $sName; @@ -77,7 +78,7 @@ class KTAuthenticationProvider extends KTStandardDispatcher { } function getName() { - return $this->sName; + return sanitizeForSQLtoHTML($this->sName); } function getNamespace() { return $this->sNamespace; diff --git a/lib/authentication/authenticationsource.inc.php b/lib/authentication/authenticationsource.inc.php index 9d8f705..5bbb9b2 100644 --- a/lib/authentication/authenticationsource.inc.php +++ b/lib/authentication/authenticationsource.inc.php @@ -31,6 +31,7 @@ require_once(KT_LIB_DIR . '/users/User.inc'); require_once(KT_LIB_DIR . '/ktentity.inc'); +require_once(KT_LIB_DIR . "/util/sanitize.inc"); class KTAuthenticationSource extends KTEntity { var $sName; @@ -52,13 +53,13 @@ class KTAuthenticationSource extends KTEntity { var $_bUsePearError = true; - function getName() { return $this->sName; } + function getName() { return sanitizeForSQLtoHTML($this->sName); } function getNamespace() { return $this->sNamespace; } function getAuthenticationProvider() { return $this->sAuthenticationProvider; } function getConfig() { return $this->sConfig; } function getIsUserSource() { return $this->bIsUserSource; } function getIsGroupSource() { return $this->bIsGroupSource; } - function setName($sName) { $this->sName = $sName; } + function setName($sName) { $this->sName = sanitizeForSQL($sName); } function setNamespace($sNamespace) { $this->sNamespace = $sNamespace; } function setAuthenticationProvider($sAuthenticationProvider) { $this->sAuthenticationProvider = $sAuthenticationProvider; } function setConfig($sConfig) { $this->sConfig = $sConfig; } diff --git a/lib/authentication/interceptor.inc.php b/lib/authentication/interceptor.inc.php index 9bbcd60..a1f0ad9 100644 --- a/lib/authentication/interceptor.inc.php +++ b/lib/authentication/interceptor.inc.php @@ -31,6 +31,7 @@ */ require_once(KT_LIB_DIR . '/dispatcher.inc.php'); +require_once(KT_LIB_DIR . "/util/sanitize.inc"); class KTInterceptor extends KTStandardDispatcher { var $sName; @@ -48,7 +49,7 @@ class KTInterceptor extends KTStandardDispatcher { } function getName() { - return $this->sName; + return sanitizeForSQLtoHTML($this->sName); } function getNamespace() { diff --git a/lib/authentication/interceptorinstances.inc.php b/lib/authentication/interceptorinstances.inc.php index b70d22b..42a7bcb 100644 --- a/lib/authentication/interceptorinstances.inc.php +++ b/lib/authentication/interceptorinstances.inc.php @@ -32,6 +32,7 @@ require_once(KT_LIB_DIR . '/users/User.inc'); require_once(KT_LIB_DIR . '/ktentity.inc'); +require_once(KT_LIB_DIR . "/util/sanitize.inc"); class KTInterceptorInstance extends KTEntity { var $sName; @@ -48,10 +49,10 @@ class KTInterceptorInstance extends KTEntity { var $_bUsePearError = true; - function getName() { return $this->sName; } + function getName() { return sanitizeForSQLtoHTML($this->sName); } function getInterceptorNamespace() { return $this->sInterceptorNamespace; } function getConfig() { return $this->sConfig; } - function setName($sName) { $this->sName = $sName; } + function setName($sName) { $this->sName = sanitizeForSQL($sName); } function setInterceptorNamespace($mValue) { $this->sInterceptorNamespace = $mValue; } function setConfig($sConfig) { $this->sConfig = $sConfig; } diff --git a/lib/browse/Criteria.inc b/lib/browse/Criteria.inc index 22534a8..be1d26e 100644 --- a/lib/browse/Criteria.inc +++ b/lib/browse/Criteria.inc @@ -43,6 +43,8 @@ require_once(KT_LIB_DIR . '/workflow/workflow.inc.php'); require_once(KT_LIB_DIR . '/browse/criteriaregistry.php'); +require_once(KT_LIB_DIR . "/util/sanitize.inc"); + class BrowseCriterion { var $sDisplay; @@ -168,7 +170,7 @@ class BrowseCriterion { function getName() { - return $this->sDocumentField; + return sanitizeForSQLtoHTML($this->sDocumentField); } function getID() { diff --git a/lib/browse/advancedcolumns.inc.php b/lib/browse/advancedcolumns.inc.php index f43f274..f7f6f31 100644 --- a/lib/browse/advancedcolumns.inc.php +++ b/lib/browse/advancedcolumns.inc.php @@ -1,5 +1,7 @@ label; + return sanitizeForSQLtoHTML($this->label); } function getEntryId() { diff --git a/lib/documentmanagement/DocumentField.inc b/lib/documentmanagement/DocumentField.inc index 74cce52..5598cda 100644 --- a/lib/documentmanagement/DocumentField.inc +++ b/lib/documentmanagement/DocumentField.inc @@ -33,6 +33,7 @@ require_once(KT_LIB_DIR . '/documentmanagement/MetaData.inc'); require_once(KT_LIB_DIR . '/metadata/metadatautil.inc.php'); require_once(KT_LIB_DIR . '/documentmanagement/DocumentType.inc'); +require_once(KT_LIB_DIR . "/util/sanitize.inc"); class DocumentField extends KTEntity { @@ -72,10 +73,10 @@ class DocumentField extends KTEntity { } function getID() { return $this->iId; } - function getName() { return $this->sName; } - function setName($sNewValue) { $this->sName = $sNewValue; } - function setDescription($sNewValue) { $this->sDescription = $sNewValue; } - function getDescription() { return $this->sDescription; } + function getName() { return sanitizeForSQLtoHTML($this->sName); } + function setName($sNewValue) { $this->sName = sanitizeForSQL($sNewValue); } + function setDescription($sNewValue) { $this->sDescription = sanitizeForSQL($sNewValue); } + function getDescription() { return sanitizeForSQLtoHTML($this->sDescription); } function getDataType() { return $this->sDataType; } function setDataType($sNewValue) { $this->sDataType = $sNewValue; } function getIsGeneric() { return $this->bIsGeneric; } diff --git a/lib/documentmanagement/DocumentFieldLink.inc b/lib/documentmanagement/DocumentFieldLink.inc index 5d8ca20..e885ddb 100644 --- a/lib/documentmanagement/DocumentFieldLink.inc +++ b/lib/documentmanagement/DocumentFieldLink.inc @@ -121,7 +121,7 @@ class DocumentFieldLink extends KTEntity { * */ function getValue() { - return sanitizeForHTML($this->sValue); + return sanitizeForSQLtoHTML($this->sValue); } /** diff --git a/lib/documentmanagement/DocumentTransactionType.inc.php b/lib/documentmanagement/DocumentTransactionType.inc.php index 0b58f76..c643a58 100644 --- a/lib/documentmanagement/DocumentTransactionType.inc.php +++ b/lib/documentmanagement/DocumentTransactionType.inc.php @@ -31,6 +31,7 @@ require_once(KT_LIB_DIR . "/ktentity.inc"); require_once(KT_LIB_DIR . "/util/ktutil.inc"); +require_once(KT_LIB_DIR . "/util/sanitize.inc"); class KTDocumentTransactionType extends KTEntity { /** primary key */ @@ -47,10 +48,10 @@ class KTDocumentTransactionType extends KTEntity { var $_bUsePearError = true; function getID() { return $this->iId; } - function getName() { return $this->sName; } + function getName() { return sanitizeForSQLtoHTML($this->sName); } function getNamespace() { return $this->sNamespace; } function setID($iId) { $this->iId = $iId; } - function setName($sName) { $this->sName = $sName; } + function setName($sName) { $this->sName = sanitizeForSQL($sName); } function setNamespace($sNamespace) { $this->sNamespace = $sNamespace; } function _table () { diff --git a/lib/documentmanagement/DocumentType.inc b/lib/documentmanagement/DocumentType.inc index a67971e..519fc20 100644 --- a/lib/documentmanagement/DocumentType.inc +++ b/lib/documentmanagement/DocumentType.inc @@ -30,6 +30,8 @@ * Contributor( s): ______________________________________ */ +require_once(KT_LIB_DIR . "/util/sanitize.inc"); + class DocumentType extends KTEntity { /** primary key value */ @@ -60,8 +62,8 @@ class DocumentType extends KTEntity { } function getID() { return $this->iId; } - function getName() { return $this->sName; } - function setName($sNewValue) { $this->sName = $sNewValue; } + function getName() { return sanitizeForSQLtoHTML($this->sName); } + function setName($sNewValue) { $this->sName = sanitizeForSQL($sNewValue); } function getDisabled() { return $this->bDisabled; } function setDisabled($bNewValue) { $this->bDisabled = ($bNewValue) ? true : false; } diff --git a/lib/documentmanagement/LinkType.inc b/lib/documentmanagement/LinkType.inc index 789b2d2..70a1e04 100644 --- a/lib/documentmanagement/LinkType.inc +++ b/lib/documentmanagement/LinkType.inc @@ -31,6 +31,7 @@ */ require_once(KT_DIR . '/lib/ktentity.inc'); +require_once(KT_LIB_DIR . "/util/sanitize.inc"); class LinkType extends KTEntity { var $sName; @@ -49,25 +50,25 @@ class LinkType extends KTEntity { } function getDescription() { - return $this->sDescription; + return sanitizeForSQLtoHTML($this->sDescription); } function setDescription($sNewValue) { - $this->sDescription = $sNewValue; + $this->sDescription = sanitizeForSQL($sNewValue); } function getName() { - return $this->sName; + return sanitizeForSQLtoHTML($this->sName); } function setName($sNewValue) { - $this->sName = $sNewValue; + $this->sName = sanitizeForSQL($sNewValue); } function _fieldValues () { return array( - 'name' => $this->sName, - 'description' => $this->sDescription, + 'name' => sanitizeForSQLtoHTML($this->sName), + 'description' => sanitizeForSQLtoHTML($this->sDescription), ); } diff --git a/lib/documentmanagement/MDTree.inc b/lib/documentmanagement/MDTree.inc index 232fa01..8db7ba2 100644 --- a/lib/documentmanagement/MDTree.inc +++ b/lib/documentmanagement/MDTree.inc @@ -33,6 +33,7 @@ require_once(KT_LIB_DIR . "/ktentity.inc"); //require_once("../../../../../config/dmsDefaults.php"); // gak. require_once(KT_LIB_DIR . "/documentmanagement/DocumentField.inc"); require_once(KT_LIB_DIR . "/documentmanagement/MetaData.inc"); +require_once(KT_LIB_DIR . "/util/sanitize.inc"); class MDTreeNode extends KTEntity { /** boilerplate DB code. */ @@ -55,8 +56,8 @@ class MDTreeNode extends KTEntity { function setID($iId) { $this->iId = $iId; } function getFieldId() { return $this->iFieldId; } function setFieldId($iFieldId) { $this->iFieldId = $iFieldId; } - function getName() { return $this ->sName; } - function setName($sName) { $this->sName = $sName; } + function getName() { return sanitizeForSQLtoHTML($this->sName); } + function setName($sName) { $this->sName = sanitizeForSQL($sName); } function getParentNode() { return $this->iParentNode; } function setParentNode($iNode) { $this->iParentNode = $iParentNode; } diff --git a/lib/documentmanagement/MetaData.inc b/lib/documentmanagement/MetaData.inc index b0b641a..a89cc99 100644 --- a/lib/documentmanagement/MetaData.inc +++ b/lib/documentmanagement/MetaData.inc @@ -29,6 +29,9 @@ * All Rights Reserved. * Contributor( s): ______________________________________ */ + +require_once(KT_LIB_DIR . "/util/sanitize.inc"); + class MetaData extends KTEntity { /** primary key value */ @@ -71,8 +74,8 @@ class MetaData extends KTEntity { } function getID() { return $this->iId; } - function getName() { return $this->sName; } - function setName($sNewValue) { $this->sName = $sNewValue; } + function getName() { return sanitizeForSQLtoHTML($this->sName); } + function setName($sNewValue) { $this->sName = sanitizeForSQL($sNewValue); } function getDocFieldId() { return $this->iDocFieldId; } function setDocFieldId($iNewValue) { $this->iDocFieldId = $iNewValue; } function getTreeParent() { return $this->iTreeParent; } diff --git a/lib/documentmanagement/documentmetadataversion.inc.php b/lib/documentmanagement/documentmetadataversion.inc.php index 621587f..3c2c9fe 100644 --- a/lib/documentmanagement/documentmetadataversion.inc.php +++ b/lib/documentmanagement/documentmetadataversion.inc.php @@ -30,6 +30,7 @@ */ require_once(KT_LIB_DIR . '/ktentity.inc'); +require_once(KT_LIB_DIR . "/util/sanitize.inc"); class KTDocumentMetadataVersion extends KTEntity { var $_bUsePearError = true; diff --git a/lib/foldermanagement/Folder.inc b/lib/foldermanagement/Folder.inc index c129c15..bc0dfe5 100644 --- a/lib/foldermanagement/Folder.inc +++ b/lib/foldermanagement/Folder.inc @@ -32,6 +32,7 @@ require_once(KT_LIB_DIR . "/foldermanagement/PhysicalFolderManagement.inc"); require_once(KT_LIB_DIR . "/documentmanagement/Document.inc"); +require_once(KT_LIB_DIR . "/util/sanitize.inc"); class Folder extends KTEntity { diff --git a/lib/groups/Group.inc b/lib/groups/Group.inc index 47288fa..411d44a 100644 --- a/lib/groups/Group.inc +++ b/lib/groups/Group.inc @@ -31,6 +31,7 @@ */ require_once(KT_LIB_DIR . '/unitmanagement/Unit.inc'); +require_once(KT_LIB_DIR . "/util/sanitize.inc"); class Group extends KTEntity { @@ -89,8 +90,8 @@ class Group extends KTEntity { function setUnitAdmin($bNewValue) { $this->bIsUnitAdmin = $bNewValue; } function getSysAdmin() { return $this->bIsSysAdmin; } function setSysAdmin($bNewValue) { $this->bIsSysAdmin = $bNewValue; } - function getName() { return $this->sName; } - function setName($sNewValue) { $this->sName = $sNewValue; } + function getName() { return sanitizeForSQLtoHTML($this->sName); } + function setName($sNewValue) { $this->sName = sanitizeForSQL($sNewValue); } function getUnitId() { return $this->iUnitId; } function setUnitId($iNewValue) { $this->iUnitId = $iNewValue; } function getAuthenticationDetails() { return $this->sAuthenticationDetails; } diff --git a/lib/help/helpreplacement.inc.php b/lib/help/helpreplacement.inc.php index 61cd15e..018e0f7 100644 --- a/lib/help/helpreplacement.inc.php +++ b/lib/help/helpreplacement.inc.php @@ -30,6 +30,7 @@ */ require_once(KT_LIB_DIR . "/ktentity.inc"); +require_once(KT_LIB_DIR . "/util/sanitize.inc"); class KTHelpReplacement extends KTEntity { /** primary key */ @@ -50,13 +51,13 @@ class KTHelpReplacement extends KTEntity { var $_bUsePearError = true; function getID() { return $this->iId; } - function getName() { return $this->sName; } - function getDescription() { return $this->sDescription; } - function getTitle() { return $this->sTitle; } + function getName() { return sanitizeForSQLtoHTML($this->sName); } + function getDescription() { return sanitizeForSQLtoHTML($this->sDescription); } + function getTitle() { return sanitizeForSQLtoHTML($this->sTitle); } function setID($iId) { $this->iId = $iId; } - function setName($sName) { $this->sName = $sName; } - function setDescription($sDescription) { $this->sDescription = $sDescription; } - function setTitle($sTitle) { $this->sTitle= $sTitle; } + function setName($sName) { $this->sName = sanitizeForSQL($sName); } + function setDescription($sDescription) { $this->sDescription = sanitizeForSQL($sDescription); } + function setTitle($sTitle) { $this->sTitle= sanitizeForSQL($sTitle); } function _table () { global $default; diff --git a/lib/metadata/fieldbehaviour.inc.php b/lib/metadata/fieldbehaviour.inc.php index 10b9820..a00fd80 100644 --- a/lib/metadata/fieldbehaviour.inc.php +++ b/lib/metadata/fieldbehaviour.inc.php @@ -33,6 +33,7 @@ */ require_once(KT_LIB_DIR . "/ktentity.inc"); +require_once(KT_LIB_DIR . "/util/sanitize.inc"); class KTFieldBehaviour extends KTEntity { var $iId = -1; @@ -50,12 +51,12 @@ class KTFieldBehaviour extends KTEntity { var $_bUsePearError = true; function getID() { return $this->iId; } - function getName() { return $this->sName; } - function getHumanName() { return $this->sHumanName; } + function getName() { return sanitizeForSQLtoHTML($this->sName); } + function getHumanName() { return sanitizeForSQLtoHTML($this->sHumanName); } function getFieldID() { return $this->iFieldID; } function setID($iId) { $this->iId = $iId; } - function setName($sName) { $this->sName = $sName; } - function setHumanName($sHumanName) { $this->sHumanName = $sHumanName; } + function setName($sName) { $this->sName = sanitizeForSQL($sName); } + function setHumanName($sHumanName) { $this->sHumanName = sanitizeForSQL($sHumanName); } function setFieldID($iFieldID) { $this->iFieldID = $iFieldID; } function _table () { diff --git a/lib/metadata/fieldset.inc.php b/lib/metadata/fieldset.inc.php index c787dc4..a8216b8 100644 --- a/lib/metadata/fieldset.inc.php +++ b/lib/metadata/fieldset.inc.php @@ -31,6 +31,7 @@ require_once(KT_LIB_DIR . "/ktentity.inc"); require_once(KT_LIB_DIR . "/documentmanagement/DocumentField.inc"); +require_once(KT_LIB_DIR . "/util/sanitize.inc"); /** * class KTFieldset @@ -67,10 +68,10 @@ class KTFieldset extends KTEntity { var $_bUsePearError = true; function getId() { return $this->iId; } - function getName() { return $this->sName; } - function setDescription($sNewValue) { $this->sDescription = $sNewValue; } - function getDescription() { return $this->sDescription; } - function setName($sNewValue) { $this->sName = $sNewValue; } + function getName() { return sanitizeForSQLtoHTML($this->sName); } + function setDescription($sNewValue) { $this->sDescription = sanitizeForSQL($sNewValue); } + function getDescription() { return sanitizeForSQLtoHTML($this->sDescription); } + function setName($sNewValue) { $this->sName = sanitizeForSQL($sNewValue); } function getNamespace() { return $this->sNamespace; } function setNamespace($sNewValue) { $this->sNamespace = $sNewValue; } function getMandatory() { return $this->bMandatory; } diff --git a/lib/permissions/permission.inc.php b/lib/permissions/permission.inc.php index 171b9d3..308a974 100644 --- a/lib/permissions/permission.inc.php +++ b/lib/permissions/permission.inc.php @@ -30,6 +30,7 @@ */ require_once(KT_LIB_DIR . "/ktentity.inc"); +require_once(KT_LIB_DIR . "/util/sanitize.inc"); class KTPermission extends KTEntity { /** primary key */ @@ -51,12 +52,12 @@ class KTPermission extends KTEntity { var $_bUsePearError = true; function getID() { return $this->iId; } - function getName() { return $this->sName; } - function getHumanName() { return _kt($this->sHumanName); } + function getName() { return sanitizeForSQLtoHTML($this->sName); } + function getHumanName() { return sanitizeForSQLtoHTML($this->sHumanName); } function getBuiltIn() { return $this->bBuiltIn; } function setID($iId) { $this->iId = $iId; } - function setName($sName) { $this->sName = $sName; } - function setHumanName($sHumanName) { $this->sHumanName = $sHumanName; } + function setName($sName) { $this->sName = sanitizeForSQL($sName); } + function setHumanName($sHumanName) { $this->sHumanName = sanitizeForSQL($sHumanName); } function setBuiltIn($sBuiltIn) { $this->sBuiltIn = $sBuiltIn; } function _table () { diff --git a/lib/roles/Role.inc b/lib/roles/Role.inc index df31ca4..7ed7f90 100644 --- a/lib/roles/Role.inc +++ b/lib/roles/Role.inc @@ -32,6 +32,7 @@ require_once(KT_LIB_DIR . "/ktentity.inc"); require_once(KT_LIB_DIR . "/util/ktutil.inc"); +require_once(KT_LIB_DIR . "/util/sanitize.inc"); class Role extends KTEntity { @@ -59,8 +60,8 @@ class Role extends KTEntity { var $_bUsePearError = true; function getId() { return $this->iId; } - function getName() { return $this->sName; } - function setName($sNewValue) { $this->sName = $sNewValue; } + function getName() { return sanitizeForSQLtoHTML($this->sName); } + function setName($sNewValue) { $this->sName = sanitizeForSQL($sNewValue); } function _fieldValues () { return array( 'name' => $this->sName, diff --git a/lib/search/savedsearch.inc.php b/lib/search/savedsearch.inc.php index 297bce4..498495d 100644 --- a/lib/search/savedsearch.inc.php +++ b/lib/search/savedsearch.inc.php @@ -30,6 +30,7 @@ */ require_once(KT_LIB_DIR . '/ktentity.inc'); +require_once(KT_LIB_DIR . "/util/sanitize.inc"); /** * Saved searches allow for common searches to be saved. @@ -110,14 +111,14 @@ class KTSavedSearch extends KTEntity { // {{{ getters/setters function getId() { return $this->iId; } - function getName() { return $this->sName; } + function getName() { return sanitizeForSQLtoHTML($this->sName); } function getNamespace() { return $this->sNamespace; } function getIsCondition() { return $this->bIsCondition; } function getIsComplete() { return $this->bIsComplete; } function getUserId() { return $this->iUserId; } function getSearch() { return $this->aSearch; } function setId($iId) { $this->iId = $iId; } - function setName($sName) { $this->sName = $sName; } + function setName($sName) { $this->sName = sanitizeForSQL($sName); } function setNamespace($sNamespace) { $this->sNamespace = $sNamespace; } function setIsCondition($bIsCondition) { $this->bIsCondition = $bIsCondition; } function setIsComplete($bIsComplete) { $this->bIsComplete = $bIsComplete; } diff --git a/lib/unitmanagement/Unit.inc b/lib/unitmanagement/Unit.inc index 9f28d46..7710686 100644 --- a/lib/unitmanagement/Unit.inc +++ b/lib/unitmanagement/Unit.inc @@ -28,6 +28,8 @@ * Contributor( s): ______________________________________ */ +require_once(KT_LIB_DIR . "/util/sanitize.inc"); + class Unit extends KTEntity { var $_bUsePearError = true; @@ -45,8 +47,8 @@ class Unit extends KTEntity { return KTUtil::getTableName('units'); } - function getName() { return $this->sName; } - function setName($sNewValue) { $this->sName = $sNewValue; } + function getName() { return sanitizeForSQLtoHTML($this->sName); } + function setName($sNewValue) { $this->sName = sanitizeForSQL($sNewValue); } function getFolderId() { return $this->iFolderId; } function setFolderId($iNewValue) { $this->iFolderId = $iNewValue; } diff --git a/lib/users/User.inc b/lib/users/User.inc index 65608b5..8bda0c9 100644 --- a/lib/users/User.inc +++ b/lib/users/User.inc @@ -32,6 +32,7 @@ require_once(KT_LIB_DIR . '/database/dbutil.inc'); require_once(KT_LIB_DIR . '/ktentity.inc'); +require_once(KT_LIB_DIR . "/util/sanitize.inc"); define('ADMIN_USER_ID', 1); @@ -114,19 +115,19 @@ class User extends KTEntity { } - function getUserName() { return $this->sUserName; } - function setUserName($sNewValue) { $this->sUserName = $sNewValue; } - function getPassword() { return $this->sPassword; } - function setPassword($sNewValue) { $this->sPassword = $sNewValue; $this->bPasswordChanged = true; } + function getUserName() { return sanitizeForSQLtoHTML($this->sUserName); } + function setUserName($sNewValue) { $this->sUserName = sanitizeForSQL($sNewValue); } + function getPassword() { return sanitizeForSQLtoHTML($this->sPassword); } + function setPassword($sNewValue) { $this->sPassword = sanitizeForSQL($sNewValue); $this->bPasswordChanged = true; } function getQuotaMax() { return $this->iQuotaMax; } function setQuotaMax($iNewValue) { $this->iQuotaMax = $iNewValue; } - function setName($sNewValue) { $this->sName = $sNewValue; } - function getName() { return $this->sName; } + function setName($sNewValue) { $this->sName = sanitizeForSQL($sNewValue); } + function getName() { return sanitizeForSQLtoHTML($this->sName); } function getQuotaCurrent() { return $this->iQuotaCurrent; } - function getEmail() { return $this->sEmail; } - function setEmail($sNewValue) { $this->sEmail = $sNewValue; } - function getMobile() { return $this->sMobile; } - function setMobile($sNewValue) { $this->sMobile = $sNewValue; } + function getEmail() { return sanitizeForSQLtoHTML($this->sEmail); } + function setEmail($sNewValue) { $this->sEmail = sanitizeForSQL($sNewValue); } + function getMobile() { return sanitizeForSQLtoHTML($this->sMobile); } + function setMobile($sNewValue) { $this->sMobile = sanitizeForSQL($sNewValue); } function getEmailNotification() { return $this->bEmailNotification; } function setEmailNotification($bNewValue) { $this->bEmailNotification = KTUtil::anyToBool($bNewValue); } function getSmsNotification() { return $this->bSmsNotification; } diff --git a/lib/workflow/workflow.inc.php b/lib/workflow/workflow.inc.php index b854bcd..1725ff2 100644 --- a/lib/workflow/workflow.inc.php +++ b/lib/workflow/workflow.inc.php @@ -33,6 +33,7 @@ */ require_once(KT_LIB_DIR . "/ktentity.inc"); +require_once(KT_LIB_DIR . "/util/sanitize.inc"); class KTWorkflow extends KTEntity { var $iId = -1; @@ -52,13 +53,13 @@ class KTWorkflow extends KTEntity { var $_bUsePearError = true; function getID() { return $this->iId; } - function getName() { return $this->sName; } - function getHumanName() { return $this->sHumanName; } + function getName() { return sanitizeForSQLtoHTML($this->sName); } + function getHumanName() { return sanitizeForSQLtoHTML($this->sHumanName); } function getStartStateId() { return $this->iStartStateId; } function getIsEnabled() { return ($this->bEnabled == true); } function setID($iId) { $this->iId = $iId; } - function setName($sName) { $this->sName = $sName; } - function setHumanName($sHumanName) { $this->sHumanName = $sHumanName; } + function setName($sName) { $this->sName = sanitizeForSQL($sName); } + function setHumanName($sHumanName) { $this->sHumanName = sanitizeForSQL($sHumanName); } function setStartStateId($iStartStateId) { $this->iStartStateId = $iStartStateId; } function setIsEnabled($mValue) { $this->bEnabled = ($mValue == true); } diff --git a/lib/workflow/workflowstate.inc.php b/lib/workflow/workflowstate.inc.php index 4744d26..6dc27f3 100644 --- a/lib/workflow/workflowstate.inc.php +++ b/lib/workflow/workflowstate.inc.php @@ -32,6 +32,7 @@ */ require_once(KT_LIB_DIR . "/ktentity.inc"); +require_once(KT_LIB_DIR . "/util/sanitize.inc"); class KTWorkflowState extends KTEntity { var $iId = -1; @@ -50,13 +51,13 @@ class KTWorkflowState extends KTEntity { var $_bUsePearError = true; function getId() { return $this->iId; } - function getName() { return $this->sName; } - function getHumanName() { return $this->sHumanName; } + function getName() { return sanitizeForSQLtoHTML($this->sName); } + function getHumanName() { return sanitizeForSQLtoHTML($this->sHumanName); } function getWorkflowId() { return $this->iWorkflowId; } function getInformDescriptorId() { return $this->iInformDescriptorId; } function setId($iId) { $this->iId = $iId; } - function setName($sName) { $this->sName = $sName; } - function setHumanName($sHumanName) { $this->sHumanName = $sHumanName; } + function setName($sName) { $this->sName = sanitizeForSQL($sName); } + function setHumanName($sHumanName) { $this->sHumanName = sanitizeForSQL($sHumanName); } function setWorkflowId($iWorkflowId) { $this->iWorkflowId = $iWorkflowId; } function setInformDescriptorId($iInformDescriptorId) { $this->iInformDescriptorId = $iInformDescriptorId; } diff --git a/lib/workflow/workflowtransition.inc.php b/lib/workflow/workflowtransition.inc.php index 996098d..beeb1db 100644 --- a/lib/workflow/workflowtransition.inc.php +++ b/lib/workflow/workflowtransition.inc.php @@ -33,6 +33,7 @@ require_once(KT_LIB_DIR . "/ktentity.inc"); require_once(KT_LIB_DIR . "/workflow/workflowutil.inc.php"); +require_once(KT_LIB_DIR . "/util/sanitize.inc"); class KTWorkflowTransition extends KTEntity { var $iId = -1; @@ -60,8 +61,8 @@ class KTWorkflowTransition extends KTEntity { var $_bUsePearError = true; function getId() { return $this->iId; } - function getName() { return $this->sName; } - function getHumanName() { return $this->sHumanName; } + function getName() { return sanitizeForSQLtoHTML($this->sName); } + function getHumanName() { return sanitizeForSQLtoHTML($this->sHumanName); } function getWorkflowId() { return $this->iWorkflowId; } function getTargetStateId() { return $this->iTargetStateId; } function getGuardPermissionId() { return $this->iGuardPermissionId; } @@ -70,8 +71,8 @@ class KTWorkflowTransition extends KTEntity { function getGuardConditionId() { return $this->iGuardConditionId; } function setId($iId) { $this->iId = $iId; } - function setName($sName) { $this->sName = $sName; } - function setHumanName($sHumanName) { $this->sHumanName = $sHumanName; } + function setName($sName) { $this->sName = sanitizeForSQL($sName); } + function setHumanName($sHumanName) { $this->sHumanName = sanitizeForSQL($sHumanName); } function setWorkflowId($iWorkflowId) { $this->iWorkflowId = $iWorkflowId; } function setTargetStateId($iTargetStateId) { $this->iTargetStateId = $iTargetStateId; } function setGuardPermissionId($iGuardPermissionId) { $this->iGuardPermissionId = $iGuardPermissionId; } diff --git a/lib/workflow/workflowtrigger.inc.php b/lib/workflow/workflowtrigger.inc.php index ac82fc7..f9c15a0 100644 --- a/lib/workflow/workflowtrigger.inc.php +++ b/lib/workflow/workflowtrigger.inc.php @@ -36,6 +36,7 @@ */ //require_once(KT_LIB_DIR . '/workflow/workflowtriggerinstance'); +require_once(KT_LIB_DIR . "/util/sanitize.inc"); class KTWorkflowTrigger { var $sNamespace = 'ktcore.workflowtriggers.abstractbase'; @@ -72,7 +73,7 @@ class KTWorkflowTrigger { ); } - function getName() { return $this->sFriendlyName; } + function getName() { return sanitizeForSQLtoHTML($this->sFriendlyName); } function getNamespace() { return $this->sNamespace; } function getConfigId() { return $this->oTriggerInstance->getId(); } diff --git a/plugins/ktcore/KTDocumentActions.php b/plugins/ktcore/KTDocumentActions.php index 87cdf00..32fb262 100644 --- a/plugins/ktcore/KTDocumentActions.php +++ b/plugins/ktcore/KTDocumentActions.php @@ -882,7 +882,7 @@ class KTDocumentMoveAction extends KTDocumentAction { $oForm->addWidget( array('ktcore.widgets.string', array( 'label' => _kt('Document Title'), - 'value' => $this->oDocument->getName(), + 'value' => sanitizeForHTML($this->oDocument->getName()), 'important_description' => _kt('Please indicate a new title to use to resolve any title conflicts.'), 'name' => 'name', 'required' => true, @@ -898,7 +898,7 @@ class KTDocumentMoveAction extends KTDocumentAction { $oForm->addWidget( array('ktcore.widgets.string', array( 'label' => _kt('Filename'), - 'value' => $this->oDocument->getFilename(), + 'value' => sanitizeForHTML($this->oDocument->getFilename()), 'important_description' => _kt('Please indicate a new filename to use to resolve any conflicts.'), 'name' => 'filename', 'required' => true, @@ -1083,7 +1083,7 @@ class KTDocumentCopyAction extends KTDocumentAction { $oForm->addWidget( array('ktcore.widgets.string', array( 'label' => _kt('Document Title'), - 'value' => $this->oDocument->getName(), + 'value' => sanitizeForHTML($this->oDocument->getName()), 'important_description' => _kt('Please indicate a new title to use to resolve any title conflicts.'), 'name' => 'name', 'required' => true, @@ -1099,7 +1099,7 @@ class KTDocumentCopyAction extends KTDocumentAction { $oForm->addWidget( array('ktcore.widgets.string', array( 'label' => _kt('Filename'), - 'value' => $this->oDocument->getFilename(), + 'value' => sanitizeForHTML($this->oDocument->getFilename()), 'important_description' => _kt('Please indicate a new filename to use to resolve any conflicts.'), 'name' => 'filename', 'required' => true, diff --git a/plugins/ktcore/admin/workflowsv2.php b/plugins/ktcore/admin/workflowsv2.php index f3cf3dc..9023d40 100644 --- a/plugins/ktcore/admin/workflowsv2.php +++ b/plugins/ktcore/admin/workflowsv2.php @@ -422,7 +422,7 @@ class KTWorkflowAdminV2 extends KTAdminDispatcher { 'description' => _kt("Each workflow must have a unique name."), 'name' => 'workflow_name', 'required' => true, - 'value' => $this->oWorkflow->getName(), + 'value' => sanitizeForHTML($this->oWorkflow->getName()), )), array('ktcore.widgets.entityselection', array( 'label' => _kt("Starting State"), @@ -911,7 +911,7 @@ class KTWorkflowAdminV2 extends KTAdminDispatcher { 'label' => _kt('State Name'), 'description' => _kt('As documents progress through their lifecycle, they pass through a number of states. These states describe a step in the process the document must follow. Examples of states include "reviewed","submitted" or "pending". State names must be unique, and this includes states already in this workflow.'), 'required' => true, - 'value' => $oState->getName(), + 'value' => sanitizeForHTML($oState->getName()), )), )); @@ -1002,7 +1002,7 @@ class KTWorkflowAdminV2 extends KTAdminDispatcher { 'label' => _kt('Transition Name'), 'description' => _kt('In order to move between states, users will cause "transitions" to occur. These transitions represent processes followed, e.g. "review document", "distribute invoice" or "publish". Transition names must be unique within the workflow (e.g. within this workflow, you can only have one transition called "publish")'), 'required' => true, - 'value' => $oTransition->getName(), + 'value' => sanitizeForHTML($oTransition->getName()), )), )); diff --git a/preferences.php b/preferences.php index 1341015..0f13f6c 100644 --- a/preferences.php +++ b/preferences.php @@ -70,14 +70,14 @@ class PreferencesDispatcher extends KTStandardDispatcher { 'description' => _kt('Your full name. This is shown in reports and listings. e.g. John Smith'), 'required' => true, 'name' => 'name', - 'value' => $this->oUser->getName(), + 'value' => sanitizeForHTML($this->oUser->getName()), 'autocomplete' => false)), array('ktcore.widgets.string', array( 'label' => _kt('Email Address'), 'description' => _kt('Your email address. Notifications and alerts are mailed to this address if email notifications is set below. e.g. jsmith@acme.com'), 'required' => false, 'name' => 'email_address', - 'value' => $this->oUser->getEmail(), + 'value' => sanitizeForHTML($this->oUser->getEmail()), 'autocomplete' => false)), array('ktcore.widgets.boolean', array( 'label' => _kt('Email Notifications'), -- libgit2 0.21.4