Peter M. Groen / knowledgetree

Commit 02a32f798cccc3e04b0a37fed3ebc4ae4bd4658a

Authored by kevin_fourie
1 parent 20a0e95f

KTS-2088 

"The " in the name of a Document Type, Transition or State does not reflect in Edit mode"
Fixed with lots of other similar issues.

Committed By: Kevin
Reviewed By: Conrad

git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/STABLE/trunk@6770 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 34 changed files with 131 additions and 94 deletions
lib/actions/bulkaction.php
  View file @02a32f7
@@ -41,6 +41,8 @@ require_once(KT_LIB_DIR . '/documentmanagement/documentutil.inc.php'); @@ -41,6 +41,8 @@ require_once(KT_LIB_DIR . '/documentmanagement/documentutil.inc.php');
41 41
42 require_once(KT_LIB_DIR . '/widgets/forms.inc.php'); 42 require_once(KT_LIB_DIR . '/widgets/forms.inc.php');
43 43
  44 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
  45 +
44 class KTBulkAction extends KTStandardDispatcher { 46 class KTBulkAction extends KTStandardDispatcher {
45 var $sName; 47 var $sName;
46 var $sDescription; 48 var $sDescription;
@@ -119,15 +121,15 @@ class KTBulkAction extends KTStandardDispatcher { @@ -119,15 +121,15 @@ class KTBulkAction extends KTStandardDispatcher {
119 } 121 }
120 122
121 function getName() { 123 function getName() {
122 - return $this->sName; 124 + return sanitizeForSQLtoHTML($this->sName);
123 } 125 }
124 126
125 function getDisplayName() { 127 function getDisplayName() {
126 - return $this->sDisplayName; 128 + return sanitizeForSQLtoHTML($this->sDisplayName);
127 } 129 }
128 130
129 function getDescription() { 131 function getDescription() {
130 - return $this->sDescription; 132 + return sanitizeForSQLtoHTML($this->sDescription);
131 } 133 }
132 134
133 function customiseInfo($aInfo) { 135 function customiseInfo($aInfo) {
lib/actions/documentaction.inc.php
  View file @02a32f7
@@ -33,6 +33,7 @@ require_once(KT_LIB_DIR . '/actions/actionregistry.inc.php'); @@ -33,6 +33,7 @@ require_once(KT_LIB_DIR . '/actions/actionregistry.inc.php');
33 require_once(KT_LIB_DIR . '/workflow/workflowutil.inc.php'); 33 require_once(KT_LIB_DIR . '/workflow/workflowutil.inc.php');
34 require_once(KT_LIB_DIR . '/dispatcher.inc.php'); 34 require_once(KT_LIB_DIR . '/dispatcher.inc.php');
35 require_once(KT_LIB_DIR . '/browse/browseutil.inc.php'); 35 require_once(KT_LIB_DIR . '/browse/browseutil.inc.php');
  36 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
36 37
37 class KTDocumentAction extends KTStandardDispatcher { 38 class KTDocumentAction extends KTStandardDispatcher {
38 var $sName; 39 var $sName;
@@ -147,17 +148,17 @@ class KTDocumentAction extends KTStandardDispatcher { @@ -147,17 +148,17 @@ class KTDocumentAction extends KTStandardDispatcher {
147 } 148 }
148 149
149 function getName() { 150 function getName() {
150 - return $this->sName; 151 + return sanitizeForSQLtoHTML($this->sName);
151 } 152 }
152 153
153 function getDisplayName() { 154 function getDisplayName() {
154 // Should be overridden by the i18nised display name 155 // Should be overridden by the i18nised display name
155 // This is here solely for backwards compatibility 156 // This is here solely for backwards compatibility
156 - return $this->sDisplayName; 157 + return sanitizeForSQLtoHTML($this->sDisplayName);
157 } 158 }
158 159
159 function getDescription() { 160 function getDescription() {
160 - return $this->sDescription; 161 + return sanitizeForSQLtoHTML($this->sDescription);
161 } 162 }
162 163
163 function customiseInfo($aInfo) { 164 function customiseInfo($aInfo) {
lib/actions/folderaction.inc.php
  View file @02a32f7
@@ -32,6 +32,7 @@ @@ -32,6 +32,7 @@
32 require_once(KT_LIB_DIR . '/dispatcher.inc.php'); 32 require_once(KT_LIB_DIR . '/dispatcher.inc.php');
33 require_once(KT_LIB_DIR . '/actions/actionregistry.inc.php'); 33 require_once(KT_LIB_DIR . '/actions/actionregistry.inc.php');
34 require_once(KT_LIB_DIR . '/browse/browseutil.inc.php'); 34 require_once(KT_LIB_DIR . '/browse/browseutil.inc.php');
  35 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
35 36
36 class KTFolderAction extends KTStandardDispatcher { 37 class KTFolderAction extends KTStandardDispatcher {
37 var $sName; 38 var $sName;
@@ -111,17 +112,17 @@ class KTFolderAction extends KTStandardDispatcher { @@ -111,17 +112,17 @@ class KTFolderAction extends KTStandardDispatcher {
111 } 112 }
112 113
113 function getName() { 114 function getName() {
114 - return $this->sName; 115 + return sanitizeForSQLtoHTML($this->sName);
115 } 116 }
116 117
117 function getDisplayName() { 118 function getDisplayName() {
118 // This should be overridden by the i18nised display name 119 // This should be overridden by the i18nised display name
119 // This implementation is only here for backwards compatibility 120 // This implementation is only here for backwards compatibility
120 - return $this->sDisplayName; 121 + return sanitizeForSQLtoHTML($this->sDisplayName);
121 } 122 }
122 123
123 function getDescription() { 124 function getDescription() {
124 - return $this->sDescription; 125 + return sanitizeForSQLtoHTML($this->sDescription);
125 } 126 }
126 127
127 function customiseInfo($aInfo) { 128 function customiseInfo($aInfo) {
lib/authentication/authenticationprovider.inc.php
  View file @02a32f7
@@ -30,6 +30,7 @@ @@ -30,6 +30,7 @@
30 */ 30 */
31 31
32 require_once(KT_LIB_DIR . '/dispatcher.inc.php'); 32 require_once(KT_LIB_DIR . '/dispatcher.inc.php');
  33 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
33 34
34 class KTAuthenticationProvider extends KTStandardDispatcher { 35 class KTAuthenticationProvider extends KTStandardDispatcher {
35 var $sName; 36 var $sName;
@@ -77,7 +78,7 @@ class KTAuthenticationProvider extends KTStandardDispatcher { @@ -77,7 +78,7 @@ class KTAuthenticationProvider extends KTStandardDispatcher {
77 } 78 }
78 79
79 function getName() { 80 function getName() {
80 - return $this->sName; 81 + return sanitizeForSQLtoHTML($this->sName);
81 } 82 }
82 function getNamespace() { 83 function getNamespace() {
83 return $this->sNamespace; 84 return $this->sNamespace;
lib/authentication/authenticationsource.inc.php
  View file @02a32f7
@@ -31,6 +31,7 @@ @@ -31,6 +31,7 @@
31 31
32 require_once(KT_LIB_DIR . '/users/User.inc'); 32 require_once(KT_LIB_DIR . '/users/User.inc');
33 require_once(KT_LIB_DIR . '/ktentity.inc'); 33 require_once(KT_LIB_DIR . '/ktentity.inc');
  34 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
34 35
35 class KTAuthenticationSource extends KTEntity { 36 class KTAuthenticationSource extends KTEntity {
36 var $sName; 37 var $sName;
@@ -52,13 +53,13 @@ class KTAuthenticationSource extends KTEntity { @@ -52,13 +53,13 @@ class KTAuthenticationSource extends KTEntity {
52 53
53 var $_bUsePearError = true; 54 var $_bUsePearError = true;
54 55
55 - function getName() { return $this->sName; } 56 + function getName() { return sanitizeForSQLtoHTML($this->sName); }
56 function getNamespace() { return $this->sNamespace; } 57 function getNamespace() { return $this->sNamespace; }
57 function getAuthenticationProvider() { return $this->sAuthenticationProvider; } 58 function getAuthenticationProvider() { return $this->sAuthenticationProvider; }
58 function getConfig() { return $this->sConfig; } 59 function getConfig() { return $this->sConfig; }
59 function getIsUserSource() { return $this->bIsUserSource; } 60 function getIsUserSource() { return $this->bIsUserSource; }
60 function getIsGroupSource() { return $this->bIsGroupSource; } 61 function getIsGroupSource() { return $this->bIsGroupSource; }
61 - function setName($sName) { $this->sName = $sName; } 62 + function setName($sName) { $this->sName = sanitizeForSQL($sName); }
62 function setNamespace($sNamespace) { $this->sNamespace = $sNamespace; } 63 function setNamespace($sNamespace) { $this->sNamespace = $sNamespace; }
63 function setAuthenticationProvider($sAuthenticationProvider) { $this->sAuthenticationProvider = $sAuthenticationProvider; } 64 function setAuthenticationProvider($sAuthenticationProvider) { $this->sAuthenticationProvider = $sAuthenticationProvider; }
64 function setConfig($sConfig) { $this->sConfig = $sConfig; } 65 function setConfig($sConfig) { $this->sConfig = $sConfig; }
lib/authentication/interceptor.inc.php
  View file @02a32f7
@@ -31,6 +31,7 @@ @@ -31,6 +31,7 @@
31 */ 31 */
32 32
33 require_once(KT_LIB_DIR . '/dispatcher.inc.php'); 33 require_once(KT_LIB_DIR . '/dispatcher.inc.php');
  34 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
34 35
35 class KTInterceptor extends KTStandardDispatcher { 36 class KTInterceptor extends KTStandardDispatcher {
36 var $sName; 37 var $sName;
@@ -48,7 +49,7 @@ class KTInterceptor extends KTStandardDispatcher { @@ -48,7 +49,7 @@ class KTInterceptor extends KTStandardDispatcher {
48 } 49 }
49 50
50 function getName() { 51 function getName() {
51 - return $this->sName; 52 + return sanitizeForSQLtoHTML($this->sName);
52 } 53 }
53 54
54 function getNamespace() { 55 function getNamespace() {
lib/authentication/interceptorinstances.inc.php
  View file @02a32f7
@@ -32,6 +32,7 @@ @@ -32,6 +32,7 @@
32 32
33 require_once(KT_LIB_DIR . '/users/User.inc'); 33 require_once(KT_LIB_DIR . '/users/User.inc');
34 require_once(KT_LIB_DIR . '/ktentity.inc'); 34 require_once(KT_LIB_DIR . '/ktentity.inc');
  35 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
35 36
36 class KTInterceptorInstance extends KTEntity { 37 class KTInterceptorInstance extends KTEntity {
37 var $sName; 38 var $sName;
@@ -48,10 +49,10 @@ class KTInterceptorInstance extends KTEntity { @@ -48,10 +49,10 @@ class KTInterceptorInstance extends KTEntity {
48 49
49 var $_bUsePearError = true; 50 var $_bUsePearError = true;
50 51
51 - function getName() { return $this->sName; } 52 + function getName() { return sanitizeForSQLtoHTML($this->sName); }
52 function getInterceptorNamespace() { return $this->sInterceptorNamespace; } 53 function getInterceptorNamespace() { return $this->sInterceptorNamespace; }
53 function getConfig() { return $this->sConfig; } 54 function getConfig() { return $this->sConfig; }
54 - function setName($sName) { $this->sName = $sName; } 55 + function setName($sName) { $this->sName = sanitizeForSQL($sName); }
55 function setInterceptorNamespace($mValue) { $this->sInterceptorNamespace = $mValue; } 56 function setInterceptorNamespace($mValue) { $this->sInterceptorNamespace = $mValue; }
56 function setConfig($sConfig) { $this->sConfig = $sConfig; } 57 function setConfig($sConfig) { $this->sConfig = $sConfig; }
57 58
lib/browse/Criteria.inc
  View file @02a32f7
@@ -43,6 +43,8 @@ require_once(KT_LIB_DIR . '/workflow/workflow.inc.php'); @@ -43,6 +43,8 @@ require_once(KT_LIB_DIR . '/workflow/workflow.inc.php');
43 43
44 require_once(KT_LIB_DIR . '/browse/criteriaregistry.php'); 44 require_once(KT_LIB_DIR . '/browse/criteriaregistry.php');
45 45
  46 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
  47 +
46 48
47 class BrowseCriterion { 49 class BrowseCriterion {
48 var $sDisplay; 50 var $sDisplay;
@@ -168,7 +170,7 @@ class BrowseCriterion { @@ -168,7 +170,7 @@ class BrowseCriterion {
168 170
169 171
170 function getName() { 172 function getName() {
171 - return $this->sDocumentField; 173 + return sanitizeForSQLtoHTML($this->sDocumentField);
172 } 174 }
173 175
174 function getID() { 176 function getID() {
lib/browse/advancedcolumns.inc.php
  View file @02a32f7
1 <?php 1 <?php
2 2
  3 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
  4 +
3 // more advanced, intelligent columns. 5 // more advanced, intelligent columns.
4 6
5 class AdvancedColumn { 7 class AdvancedColumn {
@@ -81,7 +83,7 @@ class AdvancedColumn { @@ -81,7 +83,7 @@ class AdvancedColumn {
81 function addToDocumentQuery() { return array(null, null, null); } 83 function addToDocumentQuery() { return array(null, null, null); }
82 84
83 function getName() { 85 function getName() {
84 - return $this->label; 86 + return sanitizeForSQLtoHTML($this->label);
85 } 87 }
86 88
87 function getEntryId() { 89 function getEntryId() {
lib/documentmanagement/DocumentField.inc
  View file @02a32f7
@@ -33,6 +33,7 @@ @@ -33,6 +33,7 @@
33 require_once(KT_LIB_DIR . '/documentmanagement/MetaData.inc'); 33 require_once(KT_LIB_DIR . '/documentmanagement/MetaData.inc');
34 require_once(KT_LIB_DIR . '/metadata/metadatautil.inc.php'); 34 require_once(KT_LIB_DIR . '/metadata/metadatautil.inc.php');
35 require_once(KT_LIB_DIR . '/documentmanagement/DocumentType.inc'); 35 require_once(KT_LIB_DIR . '/documentmanagement/DocumentType.inc');
  36 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
36 37
37 class DocumentField extends KTEntity { 38 class DocumentField extends KTEntity {
38 39
@@ -72,10 +73,10 @@ class DocumentField extends KTEntity { @@ -72,10 +73,10 @@ class DocumentField extends KTEntity {
72 } 73 }
73 74
74 function getID() { return $this->iId; } 75 function getID() { return $this->iId; }
75 - function getName() { return $this->sName; }  
76 - function setName($sNewValue) { $this->sName = $sNewValue; }  
77 - function setDescription($sNewValue) { $this->sDescription = $sNewValue; }  
78 - function getDescription() { return $this->sDescription; } 76 + function getName() { return sanitizeForSQLtoHTML($this->sName); }
  77 + function setName($sNewValue) { $this->sName = sanitizeForSQL($sNewValue); }
  78 + function setDescription($sNewValue) { $this->sDescription = sanitizeForSQL($sNewValue); }
  79 + function getDescription() { return sanitizeForSQLtoHTML($this->sDescription); }
79 function getDataType() { return $this->sDataType; } 80 function getDataType() { return $this->sDataType; }
80 function setDataType($sNewValue) { $this->sDataType = $sNewValue; } 81 function setDataType($sNewValue) { $this->sDataType = $sNewValue; }
81 function getIsGeneric() { return $this->bIsGeneric; } 82 function getIsGeneric() { return $this->bIsGeneric; }
lib/documentmanagement/DocumentFieldLink.inc
  View file @02a32f7
@@ -121,7 +121,7 @@ class DocumentFieldLink extends KTEntity { @@ -121,7 +121,7 @@ class DocumentFieldLink extends KTEntity {
121 * 121 *
122 */ 122 */
123 function getValue() { 123 function getValue() {
124 - return sanitizeForHTML($this->sValue); 124 + return sanitizeForSQLtoHTML($this->sValue);
125 } 125 }
126 126
127 /** 127 /**
lib/documentmanagement/DocumentTransactionType.inc.php
  View file @02a32f7
@@ -31,6 +31,7 @@ @@ -31,6 +31,7 @@
31 31
32 require_once(KT_LIB_DIR . "/ktentity.inc"); 32 require_once(KT_LIB_DIR . "/ktentity.inc");
33 require_once(KT_LIB_DIR . "/util/ktutil.inc"); 33 require_once(KT_LIB_DIR . "/util/ktutil.inc");
  34 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
34 35
35 class KTDocumentTransactionType extends KTEntity { 36 class KTDocumentTransactionType extends KTEntity {
36 /** primary key */ 37 /** primary key */
@@ -47,10 +48,10 @@ class KTDocumentTransactionType extends KTEntity { @@ -47,10 +48,10 @@ class KTDocumentTransactionType extends KTEntity {
47 var $_bUsePearError = true; 48 var $_bUsePearError = true;
48 49
49 function getID() { return $this->iId; } 50 function getID() { return $this->iId; }
50 - function getName() { return $this->sName; } 51 + function getName() { return sanitizeForSQLtoHTML($this->sName); }
51 function getNamespace() { return $this->sNamespace; } 52 function getNamespace() { return $this->sNamespace; }
52 function setID($iId) { $this->iId = $iId; } 53 function setID($iId) { $this->iId = $iId; }
53 - function setName($sName) { $this->sName = $sName; } 54 + function setName($sName) { $this->sName = sanitizeForSQL($sName); }
54 function setNamespace($sNamespace) { $this->sNamespace = $sNamespace; } 55 function setNamespace($sNamespace) { $this->sNamespace = $sNamespace; }
55 56
56 function _table () { 57 function _table () {
lib/documentmanagement/DocumentType.inc
  View file @02a32f7
@@ -30,6 +30,8 @@ @@ -30,6 +30,8 @@
30 * Contributor( s): ______________________________________ 30 * Contributor( s): ______________________________________
31 */ 31 */
32 32
  33 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
  34 +
33 class DocumentType extends KTEntity { 35 class DocumentType extends KTEntity {
34 36
35 /** primary key value */ 37 /** primary key value */
@@ -60,8 +62,8 @@ class DocumentType extends KTEntity { @@ -60,8 +62,8 @@ class DocumentType extends KTEntity {
60 } 62 }
61 63
62 function getID() { return $this->iId; } 64 function getID() { return $this->iId; }
63 - function getName() { return $this->sName; }  
64 - function setName($sNewValue) { $this->sName = $sNewValue; } 65 + function getName() { return sanitizeForSQLtoHTML($this->sName); }
  66 + function setName($sNewValue) { $this->sName = sanitizeForSQL($sNewValue); }
65 function getDisabled() { return $this->bDisabled; } 67 function getDisabled() { return $this->bDisabled; }
66 function setDisabled($bNewValue) { $this->bDisabled = ($bNewValue) ? true : false; } 68 function setDisabled($bNewValue) { $this->bDisabled = ($bNewValue) ? true : false; }
67 69
lib/documentmanagement/LinkType.inc
  View file @02a32f7
@@ -31,6 +31,7 @@ @@ -31,6 +31,7 @@
31 */ 31 */
32 32
33 require_once(KT_DIR . '/lib/ktentity.inc'); 33 require_once(KT_DIR . '/lib/ktentity.inc');
  34 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
34 35
35 class LinkType extends KTEntity { 36 class LinkType extends KTEntity {
36 var $sName; 37 var $sName;
@@ -49,25 +50,25 @@ class LinkType extends KTEntity { @@ -49,25 +50,25 @@ class LinkType extends KTEntity {
49 } 50 }
50 51
51 function getDescription() { 52 function getDescription() {
52 - return $this->sDescription; 53 + return sanitizeForSQLtoHTML($this->sDescription);
53 } 54 }
54 55
55 function setDescription($sNewValue) { 56 function setDescription($sNewValue) {
56 - $this->sDescription = $sNewValue; 57 + $this->sDescription = sanitizeForSQL($sNewValue);
57 } 58 }
58 59
59 function getName() { 60 function getName() {
60 - return $this->sName; 61 + return sanitizeForSQLtoHTML($this->sName);
61 } 62 }
62 63
63 function setName($sNewValue) { 64 function setName($sNewValue) {
64 - $this->sName = $sNewValue; 65 + $this->sName = sanitizeForSQL($sNewValue);
65 } 66 }
66 67
67 function _fieldValues () { 68 function _fieldValues () {
68 return array( 69 return array(
69 - 'name' => $this->sName,  
70 - 'description' => $this->sDescription, 70 + 'name' => sanitizeForSQLtoHTML($this->sName),
  71 + 'description' => sanitizeForSQLtoHTML($this->sDescription),
71 ); 72 );
72 } 73 }
73 74
lib/documentmanagement/MDTree.inc
  View file @02a32f7
@@ -33,6 +33,7 @@ require_once(KT_LIB_DIR . &quot;/ktentity.inc&quot;); @@ -33,6 +33,7 @@ require_once(KT_LIB_DIR . &quot;/ktentity.inc&quot;);
33 //require_once("../../../../../config/dmsDefaults.php"); // gak. 33 //require_once("../../../../../config/dmsDefaults.php"); // gak.
34 require_once(KT_LIB_DIR . "/documentmanagement/DocumentField.inc"); 34 require_once(KT_LIB_DIR . "/documentmanagement/DocumentField.inc");
35 require_once(KT_LIB_DIR . "/documentmanagement/MetaData.inc"); 35 require_once(KT_LIB_DIR . "/documentmanagement/MetaData.inc");
  36 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
36 37
37 class MDTreeNode extends KTEntity { 38 class MDTreeNode extends KTEntity {
38 /** boilerplate DB code. */ 39 /** boilerplate DB code. */
@@ -55,8 +56,8 @@ class MDTreeNode extends KTEntity { @@ -55,8 +56,8 @@ class MDTreeNode extends KTEntity {
55 function setID($iId) { $this->iId = $iId; } 56 function setID($iId) { $this->iId = $iId; }
56 function getFieldId() { return $this->iFieldId; } 57 function getFieldId() { return $this->iFieldId; }
57 function setFieldId($iFieldId) { $this->iFieldId = $iFieldId; } 58 function setFieldId($iFieldId) { $this->iFieldId = $iFieldId; }
58 - function getName() { return $this ->sName; }  
59 - function setName($sName) { $this->sName = $sName; } 59 + function getName() { return sanitizeForSQLtoHTML($this->sName); }
  60 + function setName($sName) { $this->sName = sanitizeForSQL($sName); }
60 function getParentNode() { return $this->iParentNode; } 61 function getParentNode() { return $this->iParentNode; }
61 function setParentNode($iNode) { $this->iParentNode = $iParentNode; } 62 function setParentNode($iNode) { $this->iParentNode = $iParentNode; }
62 63
lib/documentmanagement/MetaData.inc
  View file @02a32f7
@@ -29,6 +29,9 @@ @@ -29,6 +29,9 @@
29 * All Rights Reserved. 29 * All Rights Reserved.
30 * Contributor( s): ______________________________________ 30 * Contributor( s): ______________________________________
31 */ 31 */
  32 +
  33 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
  34 +
32 class MetaData extends KTEntity { 35 class MetaData extends KTEntity {
33 36
34 /** primary key value */ 37 /** primary key value */
@@ -71,8 +74,8 @@ class MetaData extends KTEntity { @@ -71,8 +74,8 @@ class MetaData extends KTEntity {
71 } 74 }
72 75
73 function getID() { return $this->iId; } 76 function getID() { return $this->iId; }
74 - function getName() { return $this->sName; }  
75 - function setName($sNewValue) { $this->sName = $sNewValue; } 77 + function getName() { return sanitizeForSQLtoHTML($this->sName); }
  78 + function setName($sNewValue) { $this->sName = sanitizeForSQL($sNewValue); }
76 function getDocFieldId() { return $this->iDocFieldId; } 79 function getDocFieldId() { return $this->iDocFieldId; }
77 function setDocFieldId($iNewValue) { $this->iDocFieldId = $iNewValue; } 80 function setDocFieldId($iNewValue) { $this->iDocFieldId = $iNewValue; }
78 function getTreeParent() { return $this->iTreeParent; } 81 function getTreeParent() { return $this->iTreeParent; }
lib/documentmanagement/documentmetadataversion.inc.php
  View file @02a32f7
@@ -30,6 +30,7 @@ @@ -30,6 +30,7 @@
30 */ 30 */
31 31
32 require_once(KT_LIB_DIR . '/ktentity.inc'); 32 require_once(KT_LIB_DIR . '/ktentity.inc');
  33 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
33 34
34 class KTDocumentMetadataVersion extends KTEntity { 35 class KTDocumentMetadataVersion extends KTEntity {
35 var $_bUsePearError = true; 36 var $_bUsePearError = true;
lib/foldermanagement/Folder.inc
  View file @02a32f7
@@ -32,6 +32,7 @@ @@ -32,6 +32,7 @@
32 32
33 require_once(KT_LIB_DIR . "/foldermanagement/PhysicalFolderManagement.inc"); 33 require_once(KT_LIB_DIR . "/foldermanagement/PhysicalFolderManagement.inc");
34 require_once(KT_LIB_DIR . "/documentmanagement/Document.inc"); 34 require_once(KT_LIB_DIR . "/documentmanagement/Document.inc");
  35 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
35 36
36 class Folder extends KTEntity { 37 class Folder extends KTEntity {
37 38
lib/groups/Group.inc
  View file @02a32f7
@@ -31,6 +31,7 @@ @@ -31,6 +31,7 @@
31 */ 31 */
32 32
33 require_once(KT_LIB_DIR . '/unitmanagement/Unit.inc'); 33 require_once(KT_LIB_DIR . '/unitmanagement/Unit.inc');
  34 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
34 35
35 class Group extends KTEntity { 36 class Group extends KTEntity {
36 37
@@ -89,8 +90,8 @@ class Group extends KTEntity { @@ -89,8 +90,8 @@ class Group extends KTEntity {
89 function setUnitAdmin($bNewValue) { $this->bIsUnitAdmin = $bNewValue; } 90 function setUnitAdmin($bNewValue) { $this->bIsUnitAdmin = $bNewValue; }
90 function getSysAdmin() { return $this->bIsSysAdmin; } 91 function getSysAdmin() { return $this->bIsSysAdmin; }
91 function setSysAdmin($bNewValue) { $this->bIsSysAdmin = $bNewValue; } 92 function setSysAdmin($bNewValue) { $this->bIsSysAdmin = $bNewValue; }
92 - function getName() { return $this->sName; }  
93 - function setName($sNewValue) { $this->sName = $sNewValue; } 93 + function getName() { return sanitizeForSQLtoHTML($this->sName); }
  94 + function setName($sNewValue) { $this->sName = sanitizeForSQL($sNewValue); }
94 function getUnitId() { return $this->iUnitId; } 95 function getUnitId() { return $this->iUnitId; }
95 function setUnitId($iNewValue) { $this->iUnitId = $iNewValue; } 96 function setUnitId($iNewValue) { $this->iUnitId = $iNewValue; }
96 function getAuthenticationDetails() { return $this->sAuthenticationDetails; } 97 function getAuthenticationDetails() { return $this->sAuthenticationDetails; }
lib/help/helpreplacement.inc.php
  View file @02a32f7
@@ -30,6 +30,7 @@ @@ -30,6 +30,7 @@
30 */ 30 */
31 31
32 require_once(KT_LIB_DIR . "/ktentity.inc"); 32 require_once(KT_LIB_DIR . "/ktentity.inc");
  33 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
33 34
34 class KTHelpReplacement extends KTEntity { 35 class KTHelpReplacement extends KTEntity {
35 /** primary key */ 36 /** primary key */
@@ -50,13 +51,13 @@ class KTHelpReplacement extends KTEntity { @@ -50,13 +51,13 @@ class KTHelpReplacement extends KTEntity {
50 var $_bUsePearError = true; 51 var $_bUsePearError = true;
51 52
52 function getID() { return $this->iId; } 53 function getID() { return $this->iId; }
53 - function getName() { return $this->sName; }  
54 - function getDescription() { return $this->sDescription; }  
55 - function getTitle() { return $this->sTitle; } 54 + function getName() { return sanitizeForSQLtoHTML($this->sName); }
  55 + function getDescription() { return sanitizeForSQLtoHTML($this->sDescription); }
  56 + function getTitle() { return sanitizeForSQLtoHTML($this->sTitle); }
56 function setID($iId) { $this->iId = $iId; } 57 function setID($iId) { $this->iId = $iId; }
57 - function setName($sName) { $this->sName = $sName; }  
58 - function setDescription($sDescription) { $this->sDescription = $sDescription; }  
59 - function setTitle($sTitle) { $this->sTitle= $sTitle; } 58 + function setName($sName) { $this->sName = sanitizeForSQL($sName); }
  59 + function setDescription($sDescription) { $this->sDescription = sanitizeForSQL($sDescription); }
  60 + function setTitle($sTitle) { $this->sTitle= sanitizeForSQL($sTitle); }
60 61
61 function _table () { 62 function _table () {
62 global $default; 63 global $default;
lib/metadata/fieldbehaviour.inc.php
  View file @02a32f7
@@ -33,6 +33,7 @@ @@ -33,6 +33,7 @@
33 */ 33 */
34 34
35 require_once(KT_LIB_DIR . "/ktentity.inc"); 35 require_once(KT_LIB_DIR . "/ktentity.inc");
  36 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
36 37
37 class KTFieldBehaviour extends KTEntity { 38 class KTFieldBehaviour extends KTEntity {
38 var $iId = -1; 39 var $iId = -1;
@@ -50,12 +51,12 @@ class KTFieldBehaviour extends KTEntity { @@ -50,12 +51,12 @@ class KTFieldBehaviour extends KTEntity {
50 var $_bUsePearError = true; 51 var $_bUsePearError = true;
51 52
52 function getID() { return $this->iId; } 53 function getID() { return $this->iId; }
53 - function getName() { return $this->sName; }  
54 - function getHumanName() { return $this->sHumanName; } 54 + function getName() { return sanitizeForSQLtoHTML($this->sName); }
  55 + function getHumanName() { return sanitizeForSQLtoHTML($this->sHumanName); }
55 function getFieldID() { return $this->iFieldID; } 56 function getFieldID() { return $this->iFieldID; }
56 function setID($iId) { $this->iId = $iId; } 57 function setID($iId) { $this->iId = $iId; }
57 - function setName($sName) { $this->sName = $sName; }  
58 - function setHumanName($sHumanName) { $this->sHumanName = $sHumanName; } 58 + function setName($sName) { $this->sName = sanitizeForSQL($sName); }
  59 + function setHumanName($sHumanName) { $this->sHumanName = sanitizeForSQL($sHumanName); }
59 function setFieldID($iFieldID) { $this->iFieldID = $iFieldID; } 60 function setFieldID($iFieldID) { $this->iFieldID = $iFieldID; }
60 61
61 function _table () { 62 function _table () {
lib/metadata/fieldset.inc.php
  View file @02a32f7
@@ -31,6 +31,7 @@ @@ -31,6 +31,7 @@
31 31
32 require_once(KT_LIB_DIR . "/ktentity.inc"); 32 require_once(KT_LIB_DIR . "/ktentity.inc");
33 require_once(KT_LIB_DIR . "/documentmanagement/DocumentField.inc"); 33 require_once(KT_LIB_DIR . "/documentmanagement/DocumentField.inc");
  34 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
34 35
35 /** 36 /**
36 * class KTFieldset 37 * class KTFieldset
@@ -67,10 +68,10 @@ class KTFieldset extends KTEntity { @@ -67,10 +68,10 @@ class KTFieldset extends KTEntity {
67 var $_bUsePearError = true; 68 var $_bUsePearError = true;
68 69
69 function getId() { return $this->iId; } 70 function getId() { return $this->iId; }
70 - function getName() { return $this->sName; }  
71 - function setDescription($sNewValue) { $this->sDescription = $sNewValue; }  
72 - function getDescription() { return $this->sDescription; }  
73 - function setName($sNewValue) { $this->sName = $sNewValue; } 71 + function getName() { return sanitizeForSQLtoHTML($this->sName); }
  72 + function setDescription($sNewValue) { $this->sDescription = sanitizeForSQL($sNewValue); }
  73 + function getDescription() { return sanitizeForSQLtoHTML($this->sDescription); }
  74 + function setName($sNewValue) { $this->sName = sanitizeForSQL($sNewValue); }
74 function getNamespace() { return $this->sNamespace; } 75 function getNamespace() { return $this->sNamespace; }
75 function setNamespace($sNewValue) { $this->sNamespace = $sNewValue; } 76 function setNamespace($sNewValue) { $this->sNamespace = $sNewValue; }
76 function getMandatory() { return $this->bMandatory; } 77 function getMandatory() { return $this->bMandatory; }
lib/permissions/permission.inc.php
  View file @02a32f7
@@ -30,6 +30,7 @@ @@ -30,6 +30,7 @@
30 */ 30 */
31 31
32 require_once(KT_LIB_DIR . "/ktentity.inc"); 32 require_once(KT_LIB_DIR . "/ktentity.inc");
  33 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
33 34
34 class KTPermission extends KTEntity { 35 class KTPermission extends KTEntity {
35 /** primary key */ 36 /** primary key */
@@ -51,12 +52,12 @@ class KTPermission extends KTEntity { @@ -51,12 +52,12 @@ class KTPermission extends KTEntity {
51 var $_bUsePearError = true; 52 var $_bUsePearError = true;
52 53
53 function getID() { return $this->iId; } 54 function getID() { return $this->iId; }
54 - function getName() { return $this->sName; }  
55 - function getHumanName() { return _kt($this->sHumanName); } 55 + function getName() { return sanitizeForSQLtoHTML($this->sName); }
  56 + function getHumanName() { return sanitizeForSQLtoHTML($this->sHumanName); }
56 function getBuiltIn() { return $this->bBuiltIn; } 57 function getBuiltIn() { return $this->bBuiltIn; }
57 function setID($iId) { $this->iId = $iId; } 58 function setID($iId) { $this->iId = $iId; }
58 - function setName($sName) { $this->sName = $sName; }  
59 - function setHumanName($sHumanName) { $this->sHumanName = $sHumanName; } 59 + function setName($sName) { $this->sName = sanitizeForSQL($sName); }
  60 + function setHumanName($sHumanName) { $this->sHumanName = sanitizeForSQL($sHumanName); }
60 function setBuiltIn($sBuiltIn) { $this->sBuiltIn = $sBuiltIn; } 61 function setBuiltIn($sBuiltIn) { $this->sBuiltIn = $sBuiltIn; }
61 62
62 function _table () { 63 function _table () {
lib/roles/Role.inc
  View file @02a32f7
@@ -32,6 +32,7 @@ @@ -32,6 +32,7 @@
32 32
33 require_once(KT_LIB_DIR . "/ktentity.inc"); 33 require_once(KT_LIB_DIR . "/ktentity.inc");
34 require_once(KT_LIB_DIR . "/util/ktutil.inc"); 34 require_once(KT_LIB_DIR . "/util/ktutil.inc");
  35 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
35 36
36 class Role extends KTEntity { 37 class Role extends KTEntity {
37 38
@@ -59,8 +60,8 @@ class Role extends KTEntity { @@ -59,8 +60,8 @@ class Role extends KTEntity {
59 var $_bUsePearError = true; 60 var $_bUsePearError = true;
60 61
61 function getId() { return $this->iId; } 62 function getId() { return $this->iId; }
62 - function getName() { return $this->sName; }  
63 - function setName($sNewValue) { $this->sName = $sNewValue; } 63 + function getName() { return sanitizeForSQLtoHTML($this->sName); }
  64 + function setName($sNewValue) { $this->sName = sanitizeForSQL($sNewValue); }
64 65
65 function _fieldValues () { return array( 66 function _fieldValues () { return array(
66 'name' => $this->sName, 67 'name' => $this->sName,
lib/search/savedsearch.inc.php
  View file @02a32f7
@@ -30,6 +30,7 @@ @@ -30,6 +30,7 @@
30 */ 30 */
31 31
32 require_once(KT_LIB_DIR . '/ktentity.inc'); 32 require_once(KT_LIB_DIR . '/ktentity.inc');
  33 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
33 34
34 /** 35 /**
35 * Saved searches allow for common searches to be saved. 36 * Saved searches allow for common searches to be saved.
@@ -110,14 +111,14 @@ class KTSavedSearch extends KTEntity { @@ -110,14 +111,14 @@ class KTSavedSearch extends KTEntity {
110 111
111 // {{{ getters/setters 112 // {{{ getters/setters
112 function getId() { return $this->iId; } 113 function getId() { return $this->iId; }
113 - function getName() { return $this->sName; } 114 + function getName() { return sanitizeForSQLtoHTML($this->sName); }
114 function getNamespace() { return $this->sNamespace; } 115 function getNamespace() { return $this->sNamespace; }
115 function getIsCondition() { return $this->bIsCondition; } 116 function getIsCondition() { return $this->bIsCondition; }
116 function getIsComplete() { return $this->bIsComplete; } 117 function getIsComplete() { return $this->bIsComplete; }
117 function getUserId() { return $this->iUserId; } 118 function getUserId() { return $this->iUserId; }
118 function getSearch() { return $this->aSearch; } 119 function getSearch() { return $this->aSearch; }
119 function setId($iId) { $this->iId = $iId; } 120 function setId($iId) { $this->iId = $iId; }
120 - function setName($sName) { $this->sName = $sName; } 121 + function setName($sName) { $this->sName = sanitizeForSQL($sName); }
121 function setNamespace($sNamespace) { $this->sNamespace = $sNamespace; } 122 function setNamespace($sNamespace) { $this->sNamespace = $sNamespace; }
122 function setIsCondition($bIsCondition) { $this->bIsCondition = $bIsCondition; } 123 function setIsCondition($bIsCondition) { $this->bIsCondition = $bIsCondition; }
123 function setIsComplete($bIsComplete) { $this->bIsComplete = $bIsComplete; } 124 function setIsComplete($bIsComplete) { $this->bIsComplete = $bIsComplete; }
lib/unitmanagement/Unit.inc
  View file @02a32f7
@@ -28,6 +28,8 @@ @@ -28,6 +28,8 @@
28 * Contributor( s): ______________________________________ 28 * Contributor( s): ______________________________________
29 */ 29 */
30 30
  31 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
  32 +
31 class Unit extends KTEntity { 33 class Unit extends KTEntity {
32 var $_bUsePearError = true; 34 var $_bUsePearError = true;
33 35
@@ -45,8 +47,8 @@ class Unit extends KTEntity { @@ -45,8 +47,8 @@ class Unit extends KTEntity {
45 return KTUtil::getTableName('units'); 47 return KTUtil::getTableName('units');
46 } 48 }
47 49
48 - function getName() { return $this->sName; }  
49 - function setName($sNewValue) { $this->sName = $sNewValue; } 50 + function getName() { return sanitizeForSQLtoHTML($this->sName); }
  51 + function setName($sNewValue) { $this->sName = sanitizeForSQL($sNewValue); }
50 function getFolderId() { return $this->iFolderId; } 52 function getFolderId() { return $this->iFolderId; }
51 function setFolderId($iNewValue) { $this->iFolderId = $iNewValue; } 53 function setFolderId($iNewValue) { $this->iFolderId = $iNewValue; }
52 54
lib/users/User.inc
  View file @02a32f7
@@ -32,6 +32,7 @@ @@ -32,6 +32,7 @@
32 32
33 require_once(KT_LIB_DIR . '/database/dbutil.inc'); 33 require_once(KT_LIB_DIR . '/database/dbutil.inc');
34 require_once(KT_LIB_DIR . '/ktentity.inc'); 34 require_once(KT_LIB_DIR . '/ktentity.inc');
  35 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
35 36
36 define('ADMIN_USER_ID', 1); 37 define('ADMIN_USER_ID', 1);
37 38
@@ -114,19 +115,19 @@ class User extends KTEntity { @@ -114,19 +115,19 @@ class User extends KTEntity {
114 } 115 }
115 116
116 117
117 - function getUserName() { return $this->sUserName; }  
118 - function setUserName($sNewValue) { $this->sUserName = $sNewValue; }  
119 - function getPassword() { return $this->sPassword; }  
120 - function setPassword($sNewValue) { $this->sPassword = $sNewValue; $this->bPasswordChanged = true; } 118 + function getUserName() { return sanitizeForSQLtoHTML($this->sUserName); }
  119 + function setUserName($sNewValue) { $this->sUserName = sanitizeForSQL($sNewValue); }
  120 + function getPassword() { return sanitizeForSQLtoHTML($this->sPassword); }
  121 + function setPassword($sNewValue) { $this->sPassword = sanitizeForSQL($sNewValue); $this->bPasswordChanged = true; }
121 function getQuotaMax() { return $this->iQuotaMax; } 122 function getQuotaMax() { return $this->iQuotaMax; }
122 function setQuotaMax($iNewValue) { $this->iQuotaMax = $iNewValue; } 123 function setQuotaMax($iNewValue) { $this->iQuotaMax = $iNewValue; }
123 - function setName($sNewValue) { $this->sName = $sNewValue; }  
124 - function getName() { return $this->sName; } 124 + function setName($sNewValue) { $this->sName = sanitizeForSQL($sNewValue); }
  125 + function getName() { return sanitizeForSQLtoHTML($this->sName); }
125 function getQuotaCurrent() { return $this->iQuotaCurrent; } 126 function getQuotaCurrent() { return $this->iQuotaCurrent; }
126 - function getEmail() { return $this->sEmail; }  
127 - function setEmail($sNewValue) { $this->sEmail = $sNewValue; }  
128 - function getMobile() { return $this->sMobile; }  
129 - function setMobile($sNewValue) { $this->sMobile = $sNewValue; } 127 + function getEmail() { return sanitizeForSQLtoHTML($this->sEmail); }
  128 + function setEmail($sNewValue) { $this->sEmail = sanitizeForSQL($sNewValue); }
  129 + function getMobile() { return sanitizeForSQLtoHTML($this->sMobile); }
  130 + function setMobile($sNewValue) { $this->sMobile = sanitizeForSQL($sNewValue); }
130 function getEmailNotification() { return $this->bEmailNotification; } 131 function getEmailNotification() { return $this->bEmailNotification; }
131 function setEmailNotification($bNewValue) { $this->bEmailNotification = KTUtil::anyToBool($bNewValue); } 132 function setEmailNotification($bNewValue) { $this->bEmailNotification = KTUtil::anyToBool($bNewValue); }
132 function getSmsNotification() { return $this->bSmsNotification; } 133 function getSmsNotification() { return $this->bSmsNotification; }
lib/workflow/workflow.inc.php
  View file @02a32f7
@@ -33,6 +33,7 @@ @@ -33,6 +33,7 @@
33 */ 33 */
34 34
35 require_once(KT_LIB_DIR . "/ktentity.inc"); 35 require_once(KT_LIB_DIR . "/ktentity.inc");
  36 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
36 37
37 class KTWorkflow extends KTEntity { 38 class KTWorkflow extends KTEntity {
38 var $iId = -1; 39 var $iId = -1;
@@ -52,13 +53,13 @@ class KTWorkflow extends KTEntity { @@ -52,13 +53,13 @@ class KTWorkflow extends KTEntity {
52 var $_bUsePearError = true; 53 var $_bUsePearError = true;
53 54
54 function getID() { return $this->iId; } 55 function getID() { return $this->iId; }
55 - function getName() { return $this->sName; }  
56 - function getHumanName() { return $this->sHumanName; } 56 + function getName() { return sanitizeForSQLtoHTML($this->sName); }
  57 + function getHumanName() { return sanitizeForSQLtoHTML($this->sHumanName); }
57 function getStartStateId() { return $this->iStartStateId; } 58 function getStartStateId() { return $this->iStartStateId; }
58 function getIsEnabled() { return ($this->bEnabled == true); } 59 function getIsEnabled() { return ($this->bEnabled == true); }
59 function setID($iId) { $this->iId = $iId; } 60 function setID($iId) { $this->iId = $iId; }
60 - function setName($sName) { $this->sName = $sName; }  
61 - function setHumanName($sHumanName) { $this->sHumanName = $sHumanName; } 61 + function setName($sName) { $this->sName = sanitizeForSQL($sName); }
  62 + function setHumanName($sHumanName) { $this->sHumanName = sanitizeForSQL($sHumanName); }
62 function setStartStateId($iStartStateId) { $this->iStartStateId = $iStartStateId; } 63 function setStartStateId($iStartStateId) { $this->iStartStateId = $iStartStateId; }
63 function setIsEnabled($mValue) { $this->bEnabled = ($mValue == true); } 64 function setIsEnabled($mValue) { $this->bEnabled = ($mValue == true); }
64 65
lib/workflow/workflowstate.inc.php
  View file @02a32f7
@@ -32,6 +32,7 @@ @@ -32,6 +32,7 @@
32 */ 32 */
33 33
34 require_once(KT_LIB_DIR . "/ktentity.inc"); 34 require_once(KT_LIB_DIR . "/ktentity.inc");
  35 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
35 36
36 class KTWorkflowState extends KTEntity { 37 class KTWorkflowState extends KTEntity {
37 var $iId = -1; 38 var $iId = -1;
@@ -50,13 +51,13 @@ class KTWorkflowState extends KTEntity { @@ -50,13 +51,13 @@ class KTWorkflowState extends KTEntity {
50 var $_bUsePearError = true; 51 var $_bUsePearError = true;
51 52
52 function getId() { return $this->iId; } 53 function getId() { return $this->iId; }
53 - function getName() { return $this->sName; }  
54 - function getHumanName() { return $this->sHumanName; } 54 + function getName() { return sanitizeForSQLtoHTML($this->sName); }
  55 + function getHumanName() { return sanitizeForSQLtoHTML($this->sHumanName); }
55 function getWorkflowId() { return $this->iWorkflowId; } 56 function getWorkflowId() { return $this->iWorkflowId; }
56 function getInformDescriptorId() { return $this->iInformDescriptorId; } 57 function getInformDescriptorId() { return $this->iInformDescriptorId; }
57 function setId($iId) { $this->iId = $iId; } 58 function setId($iId) { $this->iId = $iId; }
58 - function setName($sName) { $this->sName = $sName; }  
59 - function setHumanName($sHumanName) { $this->sHumanName = $sHumanName; } 59 + function setName($sName) { $this->sName = sanitizeForSQL($sName); }
  60 + function setHumanName($sHumanName) { $this->sHumanName = sanitizeForSQL($sHumanName); }
60 function setWorkflowId($iWorkflowId) { $this->iWorkflowId = $iWorkflowId; } 61 function setWorkflowId($iWorkflowId) { $this->iWorkflowId = $iWorkflowId; }
61 function setInformDescriptorId($iInformDescriptorId) { $this->iInformDescriptorId = $iInformDescriptorId; } 62 function setInformDescriptorId($iInformDescriptorId) { $this->iInformDescriptorId = $iInformDescriptorId; }
62 63
lib/workflow/workflowtransition.inc.php
  View file @02a32f7
@@ -33,6 +33,7 @@ @@ -33,6 +33,7 @@
33 33
34 require_once(KT_LIB_DIR . "/ktentity.inc"); 34 require_once(KT_LIB_DIR . "/ktentity.inc");
35 require_once(KT_LIB_DIR . "/workflow/workflowutil.inc.php"); 35 require_once(KT_LIB_DIR . "/workflow/workflowutil.inc.php");
  36 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
36 37
37 class KTWorkflowTransition extends KTEntity { 38 class KTWorkflowTransition extends KTEntity {
38 var $iId = -1; 39 var $iId = -1;
@@ -60,8 +61,8 @@ class KTWorkflowTransition extends KTEntity { @@ -60,8 +61,8 @@ class KTWorkflowTransition extends KTEntity {
60 var $_bUsePearError = true; 61 var $_bUsePearError = true;
61 62
62 function getId() { return $this->iId; } 63 function getId() { return $this->iId; }
63 - function getName() { return $this->sName; }  
64 - function getHumanName() { return $this->sHumanName; } 64 + function getName() { return sanitizeForSQLtoHTML($this->sName); }
  65 + function getHumanName() { return sanitizeForSQLtoHTML($this->sHumanName); }
65 function getWorkflowId() { return $this->iWorkflowId; } 66 function getWorkflowId() { return $this->iWorkflowId; }
66 function getTargetStateId() { return $this->iTargetStateId; } 67 function getTargetStateId() { return $this->iTargetStateId; }
67 function getGuardPermissionId() { return $this->iGuardPermissionId; } 68 function getGuardPermissionId() { return $this->iGuardPermissionId; }
@@ -70,8 +71,8 @@ class KTWorkflowTransition extends KTEntity { @@ -70,8 +71,8 @@ class KTWorkflowTransition extends KTEntity {
70 function getGuardConditionId() { return $this->iGuardConditionId; } 71 function getGuardConditionId() { return $this->iGuardConditionId; }
71 72
72 function setId($iId) { $this->iId = $iId; } 73 function setId($iId) { $this->iId = $iId; }
73 - function setName($sName) { $this->sName = $sName; }  
74 - function setHumanName($sHumanName) { $this->sHumanName = $sHumanName; } 74 + function setName($sName) { $this->sName = sanitizeForSQL($sName); }
  75 + function setHumanName($sHumanName) { $this->sHumanName = sanitizeForSQL($sHumanName); }
75 function setWorkflowId($iWorkflowId) { $this->iWorkflowId = $iWorkflowId; } 76 function setWorkflowId($iWorkflowId) { $this->iWorkflowId = $iWorkflowId; }
76 function setTargetStateId($iTargetStateId) { $this->iTargetStateId = $iTargetStateId; } 77 function setTargetStateId($iTargetStateId) { $this->iTargetStateId = $iTargetStateId; }
77 function setGuardPermissionId($iGuardPermissionId) { $this->iGuardPermissionId = $iGuardPermissionId; } 78 function setGuardPermissionId($iGuardPermissionId) { $this->iGuardPermissionId = $iGuardPermissionId; }
lib/workflow/workflowtrigger.inc.php
  View file @02a32f7
@@ -36,6 +36,7 @@ @@ -36,6 +36,7 @@
36 */ 36 */
37 37
38 //require_once(KT_LIB_DIR . '/workflow/workflowtriggerinstance'); 38 //require_once(KT_LIB_DIR . '/workflow/workflowtriggerinstance');
  39 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
39 40
40 class KTWorkflowTrigger { 41 class KTWorkflowTrigger {
41 var $sNamespace = 'ktcore.workflowtriggers.abstractbase'; 42 var $sNamespace = 'ktcore.workflowtriggers.abstractbase';
@@ -72,7 +73,7 @@ class KTWorkflowTrigger { @@ -72,7 +73,7 @@ class KTWorkflowTrigger {
72 ); 73 );
73 } 74 }
74 75
75 - function getName() { return $this->sFriendlyName; } 76 + function getName() { return sanitizeForSQLtoHTML($this->sFriendlyName); }
76 function getNamespace() { return $this->sNamespace; } 77 function getNamespace() { return $this->sNamespace; }
77 function getConfigId() { return $this->oTriggerInstance->getId(); } 78 function getConfigId() { return $this->oTriggerInstance->getId(); }
78 79
plugins/ktcore/KTDocumentActions.php
  View file @02a32f7
@@ -882,7 +882,7 @@ class KTDocumentMoveAction extends KTDocumentAction { @@ -882,7 +882,7 @@ class KTDocumentMoveAction extends KTDocumentAction {
882 $oForm->addWidget( 882 $oForm->addWidget(
883 array('ktcore.widgets.string', array( 883 array('ktcore.widgets.string', array(
884 'label' => _kt('Document Title'), 884 'label' => _kt('Document Title'),
885 - 'value' => $this->oDocument->getName(), 885 + 'value' => sanitizeForHTML($this->oDocument->getName()),
886 'important_description' => _kt('Please indicate a new title to use to resolve any title conflicts.'), 886 'important_description' => _kt('Please indicate a new title to use to resolve any title conflicts.'),
887 'name' => 'name', 887 'name' => 'name',
888 'required' => true, 888 'required' => true,
@@ -898,7 +898,7 @@ class KTDocumentMoveAction extends KTDocumentAction { @@ -898,7 +898,7 @@ class KTDocumentMoveAction extends KTDocumentAction {
898 $oForm->addWidget( 898 $oForm->addWidget(
899 array('ktcore.widgets.string', array( 899 array('ktcore.widgets.string', array(
900 'label' => _kt('Filename'), 900 'label' => _kt('Filename'),
901 - 'value' => $this->oDocument->getFilename(), 901 + 'value' => sanitizeForHTML($this->oDocument->getFilename()),
902 'important_description' => _kt('Please indicate a new filename to use to resolve any conflicts.'), 902 'important_description' => _kt('Please indicate a new filename to use to resolve any conflicts.'),
903 'name' => 'filename', 903 'name' => 'filename',
904 'required' => true, 904 'required' => true,
@@ -1083,7 +1083,7 @@ class KTDocumentCopyAction extends KTDocumentAction { @@ -1083,7 +1083,7 @@ class KTDocumentCopyAction extends KTDocumentAction {
1083 $oForm->addWidget( 1083 $oForm->addWidget(
1084 array('ktcore.widgets.string', array( 1084 array('ktcore.widgets.string', array(
1085 'label' => _kt('Document Title'), 1085 'label' => _kt('Document Title'),
1086 - 'value' => $this->oDocument->getName(), 1086 + 'value' => sanitizeForHTML($this->oDocument->getName()),
1087 'important_description' => _kt('Please indicate a new title to use to resolve any title conflicts.'), 1087 'important_description' => _kt('Please indicate a new title to use to resolve any title conflicts.'),
1088 'name' => 'name', 1088 'name' => 'name',
1089 'required' => true, 1089 'required' => true,
@@ -1099,7 +1099,7 @@ class KTDocumentCopyAction extends KTDocumentAction { @@ -1099,7 +1099,7 @@ class KTDocumentCopyAction extends KTDocumentAction {
1099 $oForm->addWidget( 1099 $oForm->addWidget(
1100 array('ktcore.widgets.string', array( 1100 array('ktcore.widgets.string', array(
1101 'label' => _kt('Filename'), 1101 'label' => _kt('Filename'),
1102 - 'value' => $this->oDocument->getFilename(), 1102 + 'value' => sanitizeForHTML($this->oDocument->getFilename()),
1103 'important_description' => _kt('Please indicate a new filename to use to resolve any conflicts.'), 1103 'important_description' => _kt('Please indicate a new filename to use to resolve any conflicts.'),
1104 'name' => 'filename', 1104 'name' => 'filename',
1105 'required' => true, 1105 'required' => true,
plugins/ktcore/admin/workflowsv2.php
  View file @02a32f7
@@ -422,7 +422,7 @@ class KTWorkflowAdminV2 extends KTAdminDispatcher { @@ -422,7 +422,7 @@ class KTWorkflowAdminV2 extends KTAdminDispatcher {
422 'description' => _kt("Each workflow must have a unique name."), 422 'description' => _kt("Each workflow must have a unique name."),
423 'name' => 'workflow_name', 423 'name' => 'workflow_name',
424 'required' => true, 424 'required' => true,
425 - 'value' => $this->oWorkflow->getName(), 425 + 'value' => sanitizeForHTML($this->oWorkflow->getName()),
426 )), 426 )),
427 array('ktcore.widgets.entityselection', array( 427 array('ktcore.widgets.entityselection', array(
428 'label' => _kt("Starting State"), 428 'label' => _kt("Starting State"),
@@ -911,7 +911,7 @@ class KTWorkflowAdminV2 extends KTAdminDispatcher { @@ -911,7 +911,7 @@ class KTWorkflowAdminV2 extends KTAdminDispatcher {
911 'label' => _kt('State Name'), 911 'label' => _kt('State Name'),
912 'description' => _kt('As documents progress through their lifecycle, they pass through a number of <strong>states</strong>. These states describe a step in the process the document must follow. Examples of states include "reviewed","submitted" or "pending". State names must be unique, and this includes states already in this workflow.'), 912 'description' => _kt('As documents progress through their lifecycle, they pass through a number of <strong>states</strong>. These states describe a step in the process the document must follow. Examples of states include "reviewed","submitted" or "pending". State names must be unique, and this includes states already in this workflow.'),
913 'required' => true, 913 'required' => true,
914 - 'value' => $oState->getName(), 914 + 'value' => sanitizeForHTML($oState->getName()),
915 )), 915 )),
916 )); 916 ));
917 917
@@ -1002,7 +1002,7 @@ class KTWorkflowAdminV2 extends KTAdminDispatcher { @@ -1002,7 +1002,7 @@ class KTWorkflowAdminV2 extends KTAdminDispatcher {
1002 'label' => _kt('Transition Name'), 1002 'label' => _kt('Transition Name'),
1003 'description' => _kt('In order to move between states, users will cause "transitions" to occur. These transitions represent processes followed, e.g. "review document", "distribute invoice" or "publish". Transition names must be unique within the workflow (e.g. within this workflow, you can only have one transition called "publish")'), 1003 'description' => _kt('In order to move between states, users will cause "transitions" to occur. These transitions represent processes followed, e.g. "review document", "distribute invoice" or "publish". Transition names must be unique within the workflow (e.g. within this workflow, you can only have one transition called "publish")'),
1004 'required' => true, 1004 'required' => true,
1005 - 'value' => $oTransition->getName(), 1005 + 'value' => sanitizeForHTML($oTransition->getName()),
1006 )), 1006 )),
1007 )); 1007 ));
1008 1008
preferences.php
  View file @02a32f7
@@ -70,14 +70,14 @@ class PreferencesDispatcher extends KTStandardDispatcher { @@ -70,14 +70,14 @@ class PreferencesDispatcher extends KTStandardDispatcher {
70 'description' => _kt('Your full name. This is shown in reports and listings. e.g. <strong>John Smith</strong>'), 70 'description' => _kt('Your full name. This is shown in reports and listings. e.g. <strong>John Smith</strong>'),
71 'required' => true, 71 'required' => true,
72 'name' => 'name', 72 'name' => 'name',
73 - 'value' => $this->oUser->getName(), 73 + 'value' => sanitizeForHTML($this->oUser->getName()),
74 'autocomplete' => false)), 74 'autocomplete' => false)),
75 array('ktcore.widgets.string', array( 75 array('ktcore.widgets.string', array(
76 'label' => _kt('Email Address'), 76 'label' => _kt('Email Address'),
77 'description' => _kt('Your email address. Notifications and alerts are mailed to this address if <strong>email notifications</strong> is set below. e.g. <strong>jsmith@acme.com</strong>'), 77 'description' => _kt('Your email address. Notifications and alerts are mailed to this address if <strong>email notifications</strong> is set below. e.g. <strong>jsmith@acme.com</strong>'),
78 'required' => false, 78 'required' => false,
79 'name' => 'email_address', 79 'name' => 'email_address',
80 - 'value' => $this->oUser->getEmail(), 80 + 'value' => sanitizeForHTML($this->oUser->getEmail()),
81 'autocomplete' => false)), 81 'autocomplete' => false)),
82 array('ktcore.widgets.boolean', array( 82 array('ktcore.widgets.boolean', array(
83 'label' => _kt('Email Notifications'), 83 'label' => _kt('Email Notifications'),