Peter M. Groen / knowledgetree

Commit 03c98e980f0dc14fa4bbdd7eb2991c8a0fa0502e

Authored by kevin_fourie
1 parent c0664039

Merged in from DEV trunk... 

KTS-2178
"cross site scripting"
Implemented.

Committed By: Conrad Vermeulen
Reviewed By: Kevin Fourie

git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/STABLE/trunk@6966 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 67 changed files with 1378 additions and 1288 deletions
lib/browse/BrowseColumns.inc.php
  View file @03c98e9
... ... @@ -6,7 +6,7 @@
6 6 * License Version 1.1.2 ("License"); You may not use this file except in
7 7 * compliance with the License. You may obtain a copy of the License at
8 8 * http://www.knowledgetree.com/KPL
9   - *
  9 + *
10 10 * Software distributed under the License is distributed on an "AS IS"
11 11 * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied.
12 12 * See the License for the specific language governing rights and
... ... @@ -17,9 +17,9 @@
17 17 * (ii) the KnowledgeTree copyright notice
18 18 * in the same form as they appear in the distribution. See the License for
19 19 * requirements.
20   - *
  20 + *
21 21 * The Original Code is: KnowledgeTree Open Source
22   - *
  22 + *
23 23 * The Initial Developer of the Original Code is The Jam Warehouse Software
24 24 * (Pty) Ltd, trading as KnowledgeTree.
25 25 * Portions created by The Jam Warehouse Software (Pty) Ltd are Copyright
... ... @@ -30,17 +30,17 @@
30 30 */
31 31  
32 32 /** BrowserColumns
33   - *
  33 + *
34 34 * Presentation and render logic for the different columns. Each has two
35 35 * major methods:
36 36 *
37 37 * function renderHeader($sReturnURL)
38 38 * function renderData($aDataRow)
39   - *
  39 + *
40 40 * renderHeader returns the _content_ of the header row.
41 41 * renderData returns the _content_ of the body row.
42 42 */
43   -
  43 +
44 44 require_once(KT_LIB_DIR . '/database/dbutil.inc');
45 45 require_once(KT_LIB_DIR . '/users/User.inc');
46 46  
... ... @@ -53,36 +53,36 @@ class BrowseColumn {
53 53 var $sort_on = false;
54 54 var $sort_direction = 'asc';
55 55 var $name = '-';
56   -
57   - function BrowseColumn($sLabel, $sName) {
58   - $this->label = $sLabel;
59   - $this->name = $sName;
  56 +
  57 + function BrowseColumn($sLabel, $sName) {
  58 + $this->label = $sLabel;
  59 + $this->name = $sName;
60 60 }
61 61 // FIXME is it _really_ worth using a template here?
62   - function renderHeader($sReturnURL) {
63   - $text = _kt('Abstract') . ': ' . $this->label;
  62 + function renderHeader($sReturnURL) {
  63 + $text = _kt('Abstract') . ': ' . $this->label;
64 64 $href = $sReturnURL . '&sort_on=' . $this->name . '&sort_order=';
65 65 if ($this->sort_on) {
66 66 $href .= $this->sort_direction == 'asc' ? 'desc' : 'asc' ;
67 67 } else {
68 68 $href .= $this->sort_direction = 'asc';
69 69 }
70   -
71   - return '<a href="' . $href . '">'.$text.'</a>';
  70 +
  71 + return '<a href="' . $href . '">'.$text.'</a>';
72 72 }
73   -
74   - function renderData($aDataRow) {
  73 +
  74 + function renderData($aDataRow) {
75 75 if ($aDataRow['type'] == 'folder') {
76   - return $this->name . ': '. print_r($aDataRow['folder']->getName(), true);
  76 + return $this->name . ': '. print_r($aDataRow['folder']->getName(), true);
77 77 } else {
78   - return $this->name . ': '. print_r($aDataRow['document']->getName(), true);
  78 + return $this->name . ': '. print_r($aDataRow['document']->getName(), true);
79 79 }
80 80 }
81 81 function setSortedOn($bIsSortedOn) { $this->sort_on = $bIsSortedOn; }
82 82 function getSortedOn() { return $this->sort_on; }
83 83 function setSortDirection($sSortDirection) { $this->sort_direction = $sSortDirection; }
84 84 function getSortDirection() { return $this->sort_direction; }
85   -
  85 +
86 86 function addToFolderQuery() { return array(null, null, null); }
87 87 function addToDocumentQuery() { return array(null, null, null); }
88 88 }
... ... @@ -95,7 +95,7 @@ class TitleColumn extends BrowseColumn {
95 95 $this->aOptions = $aOptions;
96 96 }
97 97 // unlike others, this DOESN'T give its name.
98   - function renderHeader($sReturnURL) {
  98 + function renderHeader($sReturnURL) {
99 99 $text = _kt('Title');
100 100 $href = $sReturnURL . '&sort_on=' . $this->name . '&sort_order=';
101 101 if ($this->sort_on) {
... ... @@ -103,9 +103,9 @@ class TitleColumn extends BrowseColumn {
103 103 } else {
104 104 $href .= $this->sort_direction = 'asc';
105 105 }
106   -
  106 +
107 107 return '<a href="' . $href . '">'.$text.'</a>';
108   -
  108 +
109 109 }
110 110  
111 111 function renderFolderLink($aDataRow) {
... ... @@ -116,7 +116,7 @@ class TitleColumn extends BrowseColumn {
116 116 }
117 117  
118 118 function renderDocumentLink($aDataRow) {
119   - $outStr = '<a href="' . $this->buildDocumentLink($aDataRow) . '" title="' . $aDataRow['document']->getFilename().'">';
  119 + $outStr = '<a href="' . $this->buildDocumentLink($aDataRow) . '" title="' . htmlentities($aDataRow['document']->getFilename(), ENT_NOQUOTES, 'UTF-8').'">';
120 120 $outStr .= htmlentities($aDataRow['document']->getName(), ENT_NOQUOTES, 'UTF-8');
121 121 $outStr .= '</a>';
122 122 return $outStr;
... ... @@ -133,14 +133,14 @@ class TitleColumn extends BrowseColumn {
133 133 return KTBrowseUtil::getUrlForFolder($aDataRow['folder']);
134 134 }
135 135 }
136   -
  136 +
137 137 // use inline, since its just too heavy to even _think_ about using smarty.
138   - function renderData($aDataRow) {
  138 + function renderData($aDataRow) {
139 139 $outStr = '';
140 140 if ($aDataRow['type'] == 'folder') {
141 141 $outStr .= '<span class="contenttype folder">';
142 142 $outStr .= $this->renderFolderLink($aDataRow);
143   - $outStr .= '</span>';
  143 + $outStr .= '</span>';
144 144 } else {
145 145 $outStr .= '<span class="contenttype '.$this->_mimeHelper($aDataRow['document']->getMimeTypeId()).'">';
146 146 $outStr .= $this->renderDocumentLink($aDataRow);
... ... @@ -149,11 +149,11 @@ class TitleColumn extends BrowseColumn {
149 149 }
150 150 return $outStr;
151 151 }
152   -
  152 +
153 153 function prettySize($size) {
154 154 $finalSize = $size;
155 155 $label = 'b';
156   -
  156 +
157 157 if ($finalSize > 1000) { $label='Kb'; $finalSize = floor($finalSize/1000); }
158 158 if ($finalSize > 1000) { $label='Mb'; $finalSize = floor($finalSize/1000); }
159 159 return $finalSize . $label;
... ... @@ -169,15 +169,15 @@ class TitleColumn extends BrowseColumn {
169 169  
170 170 class DateColumn extends BrowseColumn {
171 171 var $field_function;
172   -
  172 +
173 173 // $sDocumentFieldFunction is _called_ on the document.
174 174 function DateColumn($sLabel, $sName, $sDocumentFieldFunction) {
175 175 $this->field_function = $sDocumentFieldFunction;
176 176 parent::BrowseColumn($sLabel, $sName);
177   -
  177 +
178 178 }
179   -
180   - function renderHeader($sReturnURL) {
  179 +
  180 + function renderHeader($sReturnURL) {
181 181 $text = $this->label;
182 182 $href = $sReturnURL . '&sort_on=' . $this->name . '&sort_order=';
183 183 if ($this->sort_on) {
... ... @@ -185,31 +185,31 @@ class DateColumn extends BrowseColumn {
185 185 } else {
186 186 $href .= $this->sort_direction = 'asc';
187 187 }
188   -
  188 +
189 189 return '<a href="' . $href . '">'.$text.'</a>';
190   -
  190 +
191 191 }
192   -
  192 +
193 193 // use inline, since its just too heavy to even _think_ about using smarty.
194   - function renderData($aDataRow) {
  194 + function renderData($aDataRow) {
195 195 $outStr = '';
196 196 if ($aDataRow['type'] == 'folder') {
197 197 $outStr = '&nbsp;'; // no-op on folders.
198 198 } else {
199 199 $fn = $this->field_function;
200 200 $dColumnDate = strtotime($aDataRow['document']->$fn());
201   -
  201 +
202 202 // now reformat this into something "pretty"
203 203 $outStr = date('Y-m-d H:i', $dColumnDate);
204 204 }
205 205 return $outStr;
206 206 }
207   -
  207 +
208 208 function _mimeHelper($iMimeTypeId) {
209 209 // FIXME lazy cache this.
210 210 $sQuery = 'SELECT icon_path FROM mime_types WHERE id = ?';
211 211 $res = DBUtil::getOneResult(array($sQuery, array($iMimeTypeId)));
212   -
  212 +
213 213 if ($res[0] !== null) {
214 214 return $res[0];
215 215 } else {
... ... @@ -228,15 +228,15 @@ class DateColumn extends BrowseColumn {
228 228  
229 229 class UserColumn extends BrowseColumn {
230 230 var $field_function;
231   -
  231 +
232 232 // $sDocumentFieldFunction is _called_ on the document.
233 233 function UserColumn($sLabel, $sName, $sDocumentFieldFunction) {
234 234 $this->field_function = $sDocumentFieldFunction;
235 235 parent::BrowseColumn($sLabel, $sName);
236   -
  236 +
237 237 }
238   -
239   - function renderHeader($sReturnURL) {
  238 +
  239 + function renderHeader($sReturnURL) {
240 240 $text = $this->label;
241 241 $href = $sReturnURL . '&sort_on=' . $this->name . '&sort_order=';
242 242 if ($this->sort_on) {
... ... @@ -244,13 +244,13 @@ class UserColumn extends BrowseColumn {
244 244 } else {
245 245 $href .= $this->sort_direction = 'asc';
246 246 }
247   -
  247 +
248 248 return '<a href="' . $href . '">'.$text.'</a>';
249   -
  249 +
250 250 }
251   -
  251 +
252 252 // use inline, since its just too heavy to even _think_ about using smarty.
253   - function renderData($aDataRow) {
  253 + function renderData($aDataRow) {
254 254 $outStr = '';
255 255 $fn = $this->field_function;
256 256 $iUserId = null;
... ... @@ -294,36 +294,36 @@ class SelectionColumn extends BrowseColumn {
294 294 parent::BrowseColumn($sLabel, $sName);
295 295 }
296 296  
297   - function renderHeader($sReturnURL) {
  297 + function renderHeader($sReturnURL) {
298 298 // FIXME clean up access to oPage.
299 299 global $main;
300 300 $main->requireJSResource('resources/js/toggleselect.js');
301   -
  301 +
302 302 return '<input type="checkbox" title="toggle all" onclick="toggleSelectFor(this, \''.$this->name.'\')">';
303   -
  303 +
304 304 }
305   -
  305 +
306 306 // only include the _f or _d IF WE HAVE THE OTHER TYPE.
307   - function renderData($aDataRow) {
  307 + function renderData($aDataRow) {
308 308 $localname = $this->name;
309   -
310   - if (($aDataRow['type'] === 'folder') && ($this->show_folders)) {
  309 +
  310 + if (($aDataRow['type'] === 'folder') && ($this->show_folders)) {
311 311 if ($this->show_documents) {
312   - $localname .= '_f[]';
  312 + $localname .= '_f[]';
313 313 }
314   - $v = $aDataRow['folderid'];
315   - } else if (($aDataRow['type'] === 'document') && $this->show_documents) {
  314 + $v = $aDataRow['folderid'];
  315 + } else if (($aDataRow['type'] === 'document') && $this->show_documents) {
316 316 if ($this->show_folders) {
317   - $localname .= '_d[]';
  317 + $localname .= '_d[]';
318 318 }
319   - $v = $aDataRow['docid'];
320   - } else {
321   - return '&nbsp;';
  319 + $v = $aDataRow['docid'];
  320 + } else {
  321 + return '&nbsp;';
322 322 }
323   -
  323 +
324 324 return '<input type="checkbox" name="' . $localname . '" onclick="activateRow(this)" value="' . $v . '"/>';
325 325 }
326   -
  326 +
327 327 }
328 328  
329 329  
... ... @@ -337,58 +337,58 @@ class SingleSelectionColumn extends SelectionColumn {
337 337 parent::BrowseColumn($sLabel, $sName);
338 338 }
339 339  
340   - function renderHeader($sReturnURL) {
  340 + function renderHeader($sReturnURL) {
341 341 global $main;
342 342 }
343   -
  343 +
344 344 // only include the _f or _d IF WE HAVE THE OTHER TYPE.
345   - function renderData($aDataRow) {
  345 + function renderData($aDataRow) {
346 346 $localname = $this->name;
347   -
348   - if (($aDataRow['type'] === 'folder') && ($this->show_folders)) {
  347 +
  348 + if (($aDataRow['type'] === 'folder') && ($this->show_folders)) {
349 349 if ($this->show_documents) {
350   - $localname .= '_f';
  350 + $localname .= '_f';
351 351 }
352   - $v = $aDataRow['folderid'];
353   - } else if (($aDataRow['type'] === 'document') && $this->show_documents) {
  352 + $v = $aDataRow['folderid'];
  353 + } else if (($aDataRow['type'] === 'document') && $this->show_documents) {
354 354 if ($this->show_folders) {
355   - $localname .= '_d';
  355 + $localname .= '_d';
356 356 }
357   - $v = $aDataRow['docid'];
358   - } else {
359   - return '&nbsp;';
  357 + $v = $aDataRow['docid'];
  358 + } else {
  359 + return '&nbsp;';
360 360 }
361   -
  361 +
362 362 return '<input type="radio" name="' . $localname . '" value="' . $v . '"/>';
363 363 }
364   -
  364 +
365 365 }
366 366  
367 367  
368 368 class WorkflowColumn extends BrowseColumn {
369 369  
370   - function renderHeader($sReturnURL) {
371   - $text = $this->label;
  370 + function renderHeader($sReturnURL) {
  371 + $text = $this->label;
372 372 $href = $sReturnURL . '&sort_on=' . $this->name . '&sort_order=';
373 373 if ($this->sort_on) {
374 374 $href .= $this->sort_direction == 'asc' ? 'desc' : 'asc' ;
375 375 } else {
376 376 $href .= $this->sort_direction = 'asc';
377 377 }
378   -
  378 +
379 379 return '<a href="' . $href . '">'.$text.'</a>';
380 380 }
381   -
  381 +
382 382 // use inline, since its just too heavy to even _think_ about using smarty.
383   - function renderData($aDataRow) {
  383 + function renderData($aDataRow) {
384 384 $localname = $this->name;
385 385  
386   -
  386 +
387 387 // only _ever_ show this folder documents.
388   - if ($aDataRow['type'] === 'folder') {
  388 + if ($aDataRow['type'] === 'folder') {
389 389 return '&nbsp;';
390 390 }
391   -
  391 +
392 392 $oWorkflow = KTWorkflowUtil::getWorkflowForDocument($aDataRow['document']);
393 393 $oState = KTWorkflowUtil::getWorkflowStateForDocument($aDataRow['document']);
394 394 if (($oState == null) || ($oWorkflow == null)) {
... ... @@ -400,23 +400,23 @@ class WorkflowColumn extends BrowseColumn {
400 400 }
401 401  
402 402 class DownloadColumn extends BrowseColumn {
403   -
404   - function renderHeader($sReturnURL) {
405   - $text = '&nbsp;';
406   -
  403 +
  404 + function renderHeader($sReturnURL) {
  405 + $text = '&nbsp;';
  406 +
407 407 return $text;
408 408 }
409   -
410 409  
411   - function renderData($aDataRow) {
  410 +
  411 + function renderData($aDataRow) {
412 412 $localname = $this->name;
413 413  
414   -
  414 +
415 415 // only _ever_ show this folder documents.
416   - if ($aDataRow['type'] === 'folder') {
  416 + if ($aDataRow['type'] === 'folder') {
417 417 return '&nbsp;';
418 418 }
419   -
  419 +
420 420 // FIXME at some point we may want to hide this if the user doens't have the download action, but its OK for now.
421 421 $link = KTUtil::ktLink('action.php','ktcore.actions.document.view', 'fDocumentId=' . $aDataRow['document']->getId());
422 422 $outStr = sprintf('<a href="%s" class="ktAction ktDownload" title="%s">%s</a>', $link, _kt('Download Document'), _kt('Download Document'));
... ...
lib/browse/Criteria.inc
  View file @03c98e9
... ... @@ -8,7 +8,7 @@
8 8 * License Version 1.1.2 ("License"); You may not use this file except in
9 9 * compliance with the License. You may obtain a copy of the License at
10 10 * http://www.knowledgetree.com/KPL
11   - *
  11 + *
12 12 * Software distributed under the License is distributed on an "AS IS"
13 13 * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied.
14 14 * See the License for the specific language governing rights and
... ... @@ -19,9 +19,9 @@
19 19 * (ii) the KnowledgeTree copyright notice
20 20 * in the same form as they appear in the distribution. See the License for
21 21 * requirements.
22   - *
  22 + *
23 23 * The Original Code is: KnowledgeTree Open Source
24   - *
  24 + *
25 25 * The Initial Developer of the Original Code is The Jam Warehouse Software
26 26 * (Pty) Ltd, trading as KnowledgeTree.
27 27 * Portions created by The Jam Warehouse Software (Pty) Ltd are Copyright
... ... @@ -92,7 +92,7 @@ class BrowseCriterion {
92 92 }
93 93  
94 94 function parameterDisplay($aData) {
95   - return sprintf("%s %s", $this->baseParameterDisplay(), $aData[$this->getWidgetBase()]);
  95 + return sprintf("%s %s", $this->baseParameterDisplay(), htmlentities($aData[$this->getWidgetBase()],ENT_QUOTES, 'UTF-8'));
96 96 }
97 97  
98 98 function folderQuery ($iParentID, $sSortDirection) {
... ... @@ -144,7 +144,7 @@ class BrowseCriterion {
144 144 // $sSortField = $this->getSortField();
145 145 $documentQuery .= "ORDER BY " . $this->getSortField() . " " . $sSortDirection;
146 146 }
147   -
  147 +
148 148 return array($documentQuery, $aParams);
149 149 }
150 150  
... ... @@ -176,7 +176,7 @@ class BrowseCriterion {
176 176 function getID() {
177 177 return $this->iID;
178 178 }
179   -
  179 +
180 180 function getNameSpace() {
181 181 return $this->sNamespace;
182 182 }
... ... @@ -203,10 +203,10 @@ class BrowseCriterion {
203 203 return $this->getNotWidget($aPreValue) . "<input type=\"text\" size=\"50\" name=\"" . $this->getWidgetBase() . "\" />";
204 204 }
205 205 }
206   -
  206 +
207 207 function getNotWidget($aPreValue=null) {
208 208 if (!$this->bHandleNot) { return ''; }
209   -
  209 +
210 210 // not perfect, but acceptable.
211 211 $form_name = $this->getWidgetBase() . '_not';
212 212 $pos_select = '';
... ... @@ -229,7 +229,7 @@ class BrowseCriterion {
229 229 $is_string = _kt('is');
230 230 } else {
231 231 $not_string = _kt('does not contain');
232   - $is_string = _kt('contains');
  232 + $is_string = _kt('contains');
233 233 }
234 234 $widget = sprintf('<select name="%s"><option value="0"%s>%s</option><option value="1"%s>%s</option></select>&nbsp;', $form_name, $pos_select, $is_string, $neg_select, $not_string);
235 235 return $widget;
... ... @@ -254,14 +254,14 @@ class BrowseCriterion {
254 254 // handle the boolean "not" stuff UNLESS our caller is doing so already.
255 255 if ($handle_not) {
256 256 $want_invert = KTUtil::arrayGet($aRequest, $this->getWidgetBase() . '_not');
257   -
  257 +
258 258 if (is_null($want_invert) || ($want_invert == "0")) { // use explicit "0" check
259 259 return $val;
260 260 } else {
261 261 $val[0] = '(NOT (' . $val[0] . '))';
262 262 }
263 263 }
264   -
  264 +
265 265 return $val;
266 266 }
267 267  
... ... @@ -276,7 +276,7 @@ class NameCriterion extends BrowseCriterion {
276 276 var $bString = true;
277 277 var $sSearchTable = "DC";
278 278 var $bContains = true;
279   -
  279 +
280 280 var $sDocumentField = 'filename';
281 281 var $sSortField = 'filename';
282 282 var $sNamespace = 'ktcore.criteria.name';
... ... @@ -343,7 +343,7 @@ class TitleCriterion extends BrowseCriterion {
343 343 function TitleCriterion() {
344 344 $this->sDisplay = _kt('Document Title');
345 345 }
346   -
  346 +
347 347 function documentDisplay ($oDocument) {
348 348 return $oDocument->getName();
349 349 }
... ... @@ -370,7 +370,7 @@ class CreatorCriterion extends BrowseCriterion {
370 370 function CreatorCriterion() {
371 371 $this->sDisplay = _kt('Creator');
372 372 }
373   -
  373 +
374 374 function documentDisplay ($oDocument) {
375 375 $oCreator = User::get($oDocument->getCreatorID());
376 376 if ($oCreator) {
... ... @@ -388,7 +388,7 @@ class CreatorCriterion extends BrowseCriterion {
388 388 $oUser =& User::get($aData[$this->getWidgetBase()]);
389 389 if(PEAR::isError($oUser)) {
390 390 return $sBase . 'unknown user';
391   - }
  391 + }
392 392 return $sBase . $oUser->getName();
393 393 }
394 394  
... ... @@ -434,7 +434,7 @@ class DateCreatedCriterion extends BrowseCriterion {
434 434  
435 435 if($sStart) {
436 436 $sDisp .= _kt('after ') .$sStart;
437   - }
  437 + }
438 438 if($sStart && $sEnd) {
439 439 $sDisp .= _kt(' and ');
440 440 }
... ... @@ -449,9 +449,9 @@ class DateCreatedCriterion extends BrowseCriterion {
449 449 }
450 450 function searchWidget ($aRequest, $aPreValue = null) {
451 451 global $default;
452   -
  452 +
453 453 // IMPORTANT: this requires the presence of kt3-calendar.js
454   -
  454 +
455 455 $sStartWidget = $this->getWidgetBase() . "_start";
456 456 $sEndWidget = $this->getWidgetBase() . "_end";
457 457 /* // legacy code.
... ... @@ -480,8 +480,8 @@ class DateCreatedCriterion extends BrowseCriterion {
480 480 } else {
481 481 $sEnd = $aRequest[$this->getWidgetBase() . "_end"];
482 482 }
483   -
484   -
  483 +
  484 +
485 485 $val = null;
486 486 if ($sStart && $sEnd) {
487 487 $val = array($this->getSearchTable() . "." . $this->getSearchField() . " BETWEEN ? AND ?", array($sStart, $sEnd));
... ... @@ -491,17 +491,17 @@ class DateCreatedCriterion extends BrowseCriterion {
491 491 $val = array($this->getSearchTable() . "." . $this->getSearchField() . " < ?", array($sEnd));
492 492 } else {
493 493 return null;
494   - }
495   -
  494 + }
  495 +
496 496 // handle the boolean "not" stuff.
497 497 $want_invert = KTUtil::arrayGet($aRequest, $this->getWidgetBase() . '_not');
498   -
  498 +
499 499 if (is_null($want_invert) || ($want_invert == "0")) {
500 500 return $val;
501 501 } else {
502 502 $val[0] = '(NOT (' . $val[0] . '))';
503 503 }
504   -
  504 +
505 505 // finally
506 506 return $val;
507 507 }
... ... @@ -636,15 +636,15 @@ class GenericMetadataCriterion extends BrowseCriterion {
636 636 $p = parent::searchSQL($aRequest, false); // handle not ourselves.
637 637 $p[0] = join(' AND ', array($p[0], "$this->sSearchTable.document_field_id = ?"));
638 638 $p[1] = array_merge($p[1], array($this->iID));
639   -
  639 +
640 640 // handle the boolean "not" stuff.
641 641 $want_invert = KTUtil::arrayGet($aRequest, $this->getWidgetBase() . '_not');
642 642 if (is_null($want_invert) || ($want_invert == "0")) {
643 643 return $p;
644 644 } else {
645 645 $p[0] = '(NOT (' . $p[0] . '))';
646   - }
647   -
  646 + }
  647 +
648 648 return $p;
649 649 }
650 650  
... ... @@ -671,9 +671,9 @@ class GeneralMetadataCriterion extends BrowseCriterion {
671 671 {
672 672 $this->sDisplay = _kt('General Metadata');
673 673 }
674   -
  674 +
675 675 function documentDisplay ($oDocument) {
676   -
  676 +
677 677 return 'General Metadata';
678 678 }
679 679  
... ... @@ -682,11 +682,11 @@ class GeneralMetadataCriterion extends BrowseCriterion {
682 682 return $this->aLookup['field'];
683 683 }
684 684  
685   -
  685 +
686 686 function searchSQL ($aRequest) {
687   - $val = array('('.$this->getSearchTable() . "." . $this->getSearchField() . " LIKE '%!%' OR DM.name LIKE '%!%' )",
688   - array(DBUtil::escapeSimple($aRequest[$this->getWidgetBase()]),DBUtil::escapeSimple($aRequest[$this->getWidgetBase()])));
689   -
  687 + $val = array('('.$this->getSearchTable() . "." . $this->getSearchField() . " LIKE '%!%' OR DM.name LIKE '%!%' )",
  688 + array(DBUtil::escapeSimple($aRequest[$this->getWidgetBase()]),DBUtil::escapeSimple($aRequest[$this->getWidgetBase()])));
  689 +
690 690 return $val;
691 691 }
692 692  
... ... @@ -736,7 +736,7 @@ class SizeCriterion extends BrowseCriterion {
736 736 function SizeCriterion() {
737 737 $this->sDisplay = _kt('File Size');
738 738 }
739   -
  739 +
740 740 function documentDisplay ($oDocument) {
741 741 return $oDocument->getFileSize();
742 742 }
... ... @@ -747,7 +747,7 @@ class SizeCriterion extends BrowseCriterion {
747 747  
748 748 function parameterDisplay($aData) {
749 749 $sBase = $this->getWidgetBase();
750   - return sprintf("%s %s %s %s", $this->baseParameterDisplay(), $this->aCmps[$aData[$sBase.'_not']], $aData[$sBase.'_num'], $this->aTypes[$aData[$sBase.'_type']]);
  750 + return sprintf("%s %s %s %s", $this->baseParameterDisplay(), $this->aCmps[$aData[$sBase.'_not']], htmlentities($aData[$sBase.'_num'],ENT_QUOTES,'UTF-8'), $this->aTypes[$aData[$sBase.'_type']]);
751 751 }
752 752  
753 753 function searchWidget ($aRequest, $aPreValue = null) {
... ... @@ -763,7 +763,7 @@ class SizeCriterion extends BrowseCriterion {
763 763  
764 764 // build number
765 765 $sNumInput = sprintf('<input type="text" name="%s" value="%s"/>', $sNumWidget, KTUtil::arrayGet($aPreValue, $sNumWidget, ''));
766   -
  766 +
767 767  
768 768 // build type selection widget
769 769 $sTypeSelect = '<select name="'.$sTypeWidget.'">';
... ... @@ -802,8 +802,8 @@ class ContentCriterion extends BrowseCriterion {
802 802  
803 803 function ContentCriterion() {
804 804 $this->sDisplay = _kt('Document Text');
805   - }
806   -
  805 + }
  806 +
807 807 function documentDisplay ($oDocument) {
808 808 return "Document Text";
809 809 }
... ... @@ -812,7 +812,7 @@ class ContentCriterion extends BrowseCriterion {
812 812 }
813 813 function getSearchField () {
814 814 return "document_text";
815   - }
  815 + }
816 816  
817 817 function searchSQL ($aRequest) {
818 818 $oKTConfig =& KTConfig::getSingleton();
... ... @@ -840,8 +840,8 @@ class ContentCriterion extends BrowseCriterion {
840 840 return $p;
841 841 } else {
842 842 $p[0] = '(NOT (' . $p[0] . '))';
843   - }
844   -
  843 + }
  844 +
845 845 return $p;
846 846 }
847 847  
... ... @@ -859,8 +859,8 @@ class WorkflowStateCriterion extends BrowseCriterion {
859 859  
860 860 function WorkflowStateCriterion() {
861 861 $this->sDisplay = _kt('Workflow State');
862   - }
863   -
  862 + }
  863 +
864 864 function documentDisplay ($oDocument) {
865 865 $oState =& KTWorkflowState::getByDocument($oDocument);
866 866 if ($oState) {
... ... @@ -894,14 +894,14 @@ class WorkflowStateCriterion extends BrowseCriterion {
894 894 $p = array();
895 895 $p[0] = "DM.workflow_state_id = ?";
896 896 $p[1] = $aRequest[$this->getWidgetBase()];
897   -
  897 +
898 898 // handle the boolean "not" stuff.
899 899 $want_invert = KTUtil::arrayGet($aRequest, $this->getWidgetBase() . '_not');
900 900 if (is_null($want_invert) || ($want_invert == "0")) {
901 901 return $p;
902 902 } else {
903 903 $p[0] = '(NOT (' . $p[0] . '))';
904   - }
  904 + }
905 905 return $p;
906 906 }
907 907  
... ... @@ -920,7 +920,7 @@ class WorkflowStateCriterion extends BrowseCriterion {
920 920 foreach ($aStates as $oState) {
921 921 $oWorkflow =& KTWorkflow::get($oState->getWorkflowId());
922 922 $sSelStr = '';
923   - if ($preval == $oState->getId()) { $sSelStr = ' selected="true"'; }
  923 + if ($preval == $oState->getId()) { $sSelStr = ' selected="true"'; }
924 924 $sRet .= "<option value=\"" . $oState->getId() . "\"" . $sSelStr . ">" . $oWorkflow->getName() . " - " . $oState->getName() . "</option>\n";
925 925 }
926 926 $sRet .= "</select>\n";
... ... @@ -937,9 +937,9 @@ class DiscussionTextCriterion extends BrowseCriterion {
937 937  
938 938 function DiscussionTextCriterion() {
939 939 $this->sDisplay = _kt('Discussion Threads');
940   - }
941   -
942   -
  940 + }
  941 +
  942 +
943 943 function documentDisplay ($oDocument) {
944 944 return "Discussion Threads";
945 945 }
... ... @@ -959,15 +959,15 @@ class DiscussionTextCriterion extends BrowseCriterion {
959 959 $p = array();
960 960 $p[0] = "MATCH(DDCT.body) AGAINST (? $boolean_mode)";
961 961 $p[1] = KTUtil::phraseQuote($aRequest[$this->getWidgetBase()]);
962   -
  962 +
963 963 // handle the boolean "not" stuff.
964 964 $want_invert = KTUtil::arrayGet($aRequest, $this->getWidgetBase() . '_not');
965 965 if (is_null($want_invert) || ($want_invert == "0")) {
966 966 return $p;
967 967 } else {
968 968 $p[0] = '(NOT (' . $p[0] . '))';
969   - }
970   -
  969 + }
  970 +
971 971 return $p;
972 972 }
973 973  
... ... @@ -989,8 +989,8 @@ class SearchableTextCriterion extends BrowseCriterion {
989 989  
990 990 function SearchableTextCriterion() {
991 991 $this->sDisplay = _kt('Simple Search Text');
992   - }
993   -
  992 + }
  993 +
994 994 function documentDisplay ($oDocument) {
995 995 return "Simple search text";
996 996 }
... ... @@ -1000,7 +1000,7 @@ class SearchableTextCriterion extends BrowseCriterion {
1000 1000  
1001 1001 function getSearchField () {
1002 1002 return "document_text";
1003   - }
  1003 + }
1004 1004  
1005 1005 function searchSQL ($aRequest) {
1006 1006 $oKTConfig =& KTConfig::getSingleton();
... ... @@ -1015,11 +1015,11 @@ class SearchableTextCriterion extends BrowseCriterion {
1015 1015 } else {
1016 1016 $boolean_mode = "";
1017 1017 }
1018   -
  1018 +
1019 1019 $p = array();
1020 1020 $temp = str_replace('%', '', $aRequest[$this->getWidgetBase()]);
1021 1021 $keywords = explode(' ', $temp);
1022   -
  1022 +
1023 1023 for($i=0; $i<count($keywords); $i++){
1024 1024 if($keywords[$i] == ' ' or $keywords[$i] == ''){
1025 1025 continue;
... ... @@ -1036,7 +1036,7 @@ class SearchableTextCriterion extends BrowseCriterion {
1036 1036 continue;
1037 1037 }
1038 1038 $keywords[$i] = '%'.$keywords[$i].'%';
1039   - }
  1039 + }
1040 1040 $p[0] = "DST.document_text LIKE ? AND DST.document_text LIKE ? ";
1041 1041 $p[1] = $keywords;
1042 1042 }else{
... ... @@ -1050,8 +1050,8 @@ class SearchableTextCriterion extends BrowseCriterion {
1050 1050 return $p;
1051 1051 } else {
1052 1052 $p[0] = '(NOT (' . $p[0] . '))';
1053   - }
1054   -
  1053 + }
  1054 +
1055 1055 return $p;
1056 1056 }
1057 1057  
... ... @@ -1071,8 +1071,8 @@ class TransactionTextCriterion extends BrowseCriterion {
1071 1071  
1072 1072 function TransactionTextCriterion() {
1073 1073 $this->sDisplay = _kt('Transaction Text');
1074   - }
1075   -
  1074 + }
  1075 +
1076 1076 function documentDisplay ($oDocument) {
1077 1077 return "Transaction text";
1078 1078 }
... ... @@ -1092,15 +1092,15 @@ class TransactionTextCriterion extends BrowseCriterion {
1092 1092 $p = array();
1093 1093 $p[0] = "MATCH(DTT.document_text) AGAINST (? $boolean_mode)";
1094 1094 $p[1] = KTUtil::phraseQuote($aRequest[$this->getWidgetBase()]);
1095   -
  1095 +
1096 1096 // handle the boolean "not" stuff.
1097 1097 $want_invert = KTUtil::arrayGet($aRequest, $this->getWidgetBase() . '_not');
1098 1098 if (is_null($want_invert) || ($want_invert == "0")) {
1099 1099 return $p;
1100 1100 } else {
1101 1101 $p[0] = '(NOT (' . $p[0] . '))';
1102   - }
1103   -
  1102 + }
  1103 +
1104 1104 return $p;
1105 1105 }
1106 1106  
... ... @@ -1118,11 +1118,11 @@ class TagCloudCriterion extends BrowseCriterion {
1118 1118 var $sSortField = 'tag';
1119 1119 var $sNamespace = 'ktcore.criteria.tagcloud';
1120 1120 var $sSearchTable = "TWS" ;
1121   -
  1121 +
1122 1122 function TagCloudCriterion() {
1123 1123 $this->sDisplay = _kt('Tag Cloud');
1124   - }
1125   -
  1124 + }
  1125 +
1126 1126 function documentDisplay ($oDocument) {
1127 1127 return "Tag Cloud";
1128 1128 }
... ... @@ -1132,16 +1132,16 @@ class TagCloudCriterion extends BrowseCriterion {
1132 1132  
1133 1133 function searchSQL ($aRequest) {
1134 1134 $p = parent::searchSQL($aRequest, false); // handle not ourselves.
1135   -
  1135 +
1136 1136 // handle the boolean "not" stuff.
1137 1137 $want_invert = KTUtil::arrayGet($aRequest, $this->getWidgetBase() . '_not');
1138 1138 if (is_null($want_invert) || ($want_invert == "0")) {
1139 1139 return $p;
1140 1140 } else {
1141 1141 $p[0] = '(NOT (' . $p[0] . '))';
1142   - }
1143   -
1144   - return $p;
  1142 + }
  1143 +
  1144 + return $p;
1145 1145 }
1146 1146  
1147 1147 function searchJoinSQL () {
... ... @@ -1163,14 +1163,14 @@ class DateCreatedDeltaCriterion extends DateCreatedCriterion {
1163 1163  
1164 1164 function DateCreatedDeltaCriterion() {
1165 1165 $this->sDisplay = _kt('Date Created Delta');
1166   - }
  1166 + }
1167 1167  
1168   - function parameterDisplay($aData) {
  1168 + function parameterDisplay($aData) {
1169 1169 $sNum = KTUtil::arrayGet($aData, $this->getWidgetBase() . '_num');
1170 1170 $sType = KTUtil::arrayGet($aData, $this->getWidgetBase() . '_type');
1171 1171 return sprintf('%s %s %s', $this->baseParameterDisplay(), $sNum, $this->aTypes[$sType]);
1172 1172 }
1173   -
  1173 +
1174 1174 function searchWidget ($aRequest, $aPreValue = null) {
1175 1175 $sNumWidget = $this->getWidgetBase() . '_num';
1176 1176 $sTypeWidget = $this->getWidgetBase() . '_type';
... ... @@ -1196,7 +1196,7 @@ class DateCreatedDeltaCriterion extends DateCreatedCriterion {
1196 1196 $sType = KTUtil::arrayGet($aRequest, $this->getWidgetBase() . '_type');
1197 1197  
1198 1198 $val = array($this->getSearchTable() . "." . $this->getSearchField() . " > SUBDATE(NOW(), INTERVAL ? {$sType})", array($sNum));
1199   -
  1199 +
1200 1200 $want_invert = KTUtil::arrayGet($aRequest, $this->getWidgetBase() . '_not');
1201 1201 if (is_null($want_invert) || ($want_invert == "0")) {
1202 1202 return $val;
... ... @@ -1215,8 +1215,8 @@ class DateModifiedDeltaCriterion extends DateCreatedDeltaCriterion {
1215 1215  
1216 1216 function DateModifiedDeltaCriterion() {
1217 1217 $this->sDisplay = _kt('Date Modified Delta');
1218   - }
1219   -
  1218 + }
  1219 +
1220 1220 function documentDisplay ($oDocument) {
1221 1221 return $oDocument->getLastModifiedDate();
1222 1222 }
... ...
lib/browse/DocumentCollection.inc.php
  View file @03c98e9
... ... @@ -6,7 +6,7 @@
6 6 * License Version 1.1.2 ("License"); You may not use this file except in
7 7 * compliance with the License. You may obtain a copy of the License at
8 8 * http://www.knowledgetree.com/KPL
9   - *
  9 + *
10 10 * Software distributed under the License is distributed on an "AS IS"
11 11 * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied.
12 12 * See the License for the specific language governing rights and
... ... @@ -17,9 +17,9 @@
17 17 * (ii) the KnowledgeTree copyright notice
18 18 * in the same form as they appear in the distribution. See the License for
19 19 * requirements.
20   - *
  20 + *
21 21 * The Original Code is: KnowledgeTree Open Source
22   - *
  22 + *
23 23 * The Initial Developer of the Original Code is The Jam Warehouse Software
24 24 * (Pty) Ltd, trading as KnowledgeTree.
25 25 * Portions created by The Jam Warehouse Software (Pty) Ltd are Copyright
... ... @@ -29,9 +29,9 @@
29 29 *
30 30 */
31 31  
32   -require_once(KT_LIB_DIR . '/templating/templating.inc.php');
33   -require_once(KT_LIB_DIR . '/documentmanagement/Document.inc');
34   -require_once(KT_LIB_DIR . '/foldermanagement/Folder.inc');
  32 +require_once(KT_LIB_DIR . '/templating/templating.inc.php');
  33 +require_once(KT_LIB_DIR . '/documentmanagement/Document.inc');
  34 +require_once(KT_LIB_DIR . '/foldermanagement/Folder.inc');
35 35 require_once(KT_LIB_DIR . '/browse/PartialQuery.inc.php');
36 36  
37 37 class DocumentCollection {
... ... @@ -43,90 +43,90 @@ class DocumentCollection {
43 43 var $_aDocumentJoinParams = null;
44 44 var $_sDocumentSortField = null;
45 45 var $_queryObj = null;
46   -
  46 +
47 47 // current documents (in _this_ batch.)
48 48 var $activeset = null;
49 49  
50 50 var $_documentData = array(); // [docid] => array();
51 51 var $_folderData = array(); // [folderid] => array();
52 52 var $columns = array(); // the columns in use
53   -
  53 +
54 54 var $returnURL = null;
55   -
  55 +
56 56 var $folderCount = 0;
57 57 var $documentCount = 0;
58   - var $itemCount = 0;
  58 + var $itemCount = 0;
59 59 var $batchStart = 0; // if batch specified a "start".
60 60 var $batchPage = 0;
61 61 var $batchSize = 20; // size of the batch // FIXME make this configurable.
62   -
63   -
  62 +
  63 +
64 64 var $sort_column;
65 65 var $sort_order;
66   -
  66 +
67 67 var $is_advanced = false;
68   -
  68 +
69 69 var $empty_message;
70   -
  70 +
71 71 /* initialisation */
72   -
  72 +
73 73 function DocumentCollection() {
74   - $this->empty_message = _kt('No folders or documents in this location.');
  74 + $this->empty_message = _kt('No folders or documents in this location.');
75 75 }
76   -
  76 +
77 77 // columns should be added in the "correct" order (e.g. display order)
78   - function addColumn($oBrowseColumn) { array_push($this->columns, $oBrowseColumn); }
79   - function setQueryObject($oQueryObj) { $this->_queryObj = $oQueryObj; }
  78 + function addColumn($oBrowseColumn) { array_push($this->columns, $oBrowseColumn); }
  79 + function setQueryObject($oQueryObj) { $this->_queryObj = $oQueryObj; }
  80 +
  81 + /* fetch cycle */
80 82  
81   - /* fetch cycle */
82   -
83 83 // FIXME this needs to be handled by US, not browse / search.
84   -
  84 +
85 85 function setBatching($sReturnURL, $iBatchPage, $iBatchSize) {
86 86 $this->returnURL = $sReturnURL;
87   - $this->batchPage = $iBatchPage;
88   - $this->batchSize = $iBatchSize;
89   - $this->batchStart = $this->batchPage * $this->batchSize;
90   - }
91   -
  87 + $this->batchPage = $iBatchPage;
  88 + $this->batchSize = $iBatchSize;
  89 + $this->batchStart = $this->batchPage * $this->batchSize;
  90 + }
  91 +
92 92 // column is the label of the column.
93   -
94   - function setSorting($sSortColumn, $sSortOrder) {
  93 +
  94 + function setSorting($sSortColumn, $sSortOrder) {
95 95 // FIXME affect the column based on this.
96   -
  96 +
97 97 // defaults
98 98 $this->_sDocumentSortField = 'DM.name';
99 99 $this->_sFolderSortField = 'F.name';
100   -
  100 +
101 101 // then we start.
102   - $this->sort_column = $sSortColumn;
103   - $this->sort_order = $sSortOrder;
104   -
105   -
  102 + $this->sort_column = $sSortColumn;
  103 + $this->sort_order = $sSortOrder;
  104 +
  105 +
106 106 // this is O(n). Do this only after adding all columns.
107   - foreach ($this->columns as $key => $oColumn) {
108   - if ($oColumn->name == $sSortColumn) {
  107 + foreach ($this->columns as $key => $oColumn) {
  108 + if ($oColumn->name == $sSortColumn) {
109 109 // nb: don't use $oColumn - its a different object (?)
110 110 $this->columns[$key]->setSortedOn(true);
111 111 $this->columns[$key]->setSortDirection($sSortOrder);
112   -
  112 +
113 113 // get the join params from the object.
114 114 $aFQ = $this->columns[$key]->addToFolderQuery();
115 115 $aDQ = $this->columns[$key]->addToDocumentQuery();
116   -
  116 +
117 117 $this->_sFolderJoinClause = $aFQ[0];
118 118 $this->_aFolderJoinParams = $aFQ[1];
119 119 if ($aFQ[2]) { $this->_sFolderSortField = $aFQ[2]; }
120 120 $this->_sDocumentJoinClause = $aDQ[0];
121 121 $this->_aDocumentJoinParams = $aDQ[1];
122 122 if ($aDQ[2]) { $this->_sDocumentSortField = $aDQ[2]; }
123   -
  123 +
124 124 } else {
125 125 $oColumn->setSortedOn(false);
126 126 }
127   -
  127 +
128 128 }
129   -
  129 +
130 130 }
131 131  
132 132 // finally, generate the results. either (documents or folders) could be null/empty
... ... @@ -144,14 +144,14 @@ class DocumentCollection {
144 144 $this->documentCount = 0;
145 145 }
146 146 $this->itemCount = $this->documentCount + $this->folderCount;
147   -
  147 +
148 148 // now we need the active set: this is based on the batchsize,
149 149 // batchstart. this is divided into folders/documents. (_no_ intermingling).
150 150 $folderSet = null;
151 151 $documentSet = null;
152 152  
153 153 // assume we have not documents. This impacts "where" our documents start.
154   - //
  154 + //
155 155 $no_folders = true;
156 156 $documents_to_get = $this->batchSize;
157 157 $folders_to_get = 0;
... ... @@ -165,10 +165,10 @@ class DocumentCollection {
165 165 } else {
166 166 $documents_to_get -= $folders_to_get; // batch-size less the folders.
167 167 }
168   -
  168 +
169 169 }
170   -
171   -
  170 +
  171 +
172 172 if ($no_folders) {
173 173 $this->batchStart -= $this->folderCount;
174 174 $documentSet = $this->_queryObj->getDocuments($documents_to_get, $this->batchStart, $this->_sDocumentSortField, $this->sort_order, $this->_sDocumentJoinClause, $this->_aDocumentJoinParams);
... ... @@ -177,7 +177,7 @@ class DocumentCollection {
177 177 if ($documents_to_get > 0) {
178 178 $documentSet = $this->_queryObj->getDocuments($documents_to_get, 0, $this->_sDocumentSortField, $this->sort_order, $this->_sDocumentJoinClause, $this->_aDocumentJoinParams);
179 179 }
180   -
  180 +
181 181 }
182 182 //var_dump($folderSet);
183 183 $this->activeset = array(
... ... @@ -186,49 +186,49 @@ class DocumentCollection {
186 186 );
187 187 }
188 188  
189   - // stub: fetch all relevant information about a document (that will reasonably be fetched).
190   - function getDocumentInfo($iDocumentId) {
  189 + // stub: fetch all relevant information about a document (that will reasonably be fetched).
  190 + function getDocumentInfo($iDocumentId) {
191 191 if (array_key_exists($iDocumentId, $this->_documentData)) {
192   - return $this->_documentData[$iDocumentId];
  192 + return $this->_documentData[$iDocumentId];
193 193 } else {
194 194 $this->_documentData[$iDocumentId] = $this->_retrieveDocumentInfo($iDocumentId);
195 195 return $this->_documentData[$iDocumentId];
196 196 }
197   - }
198   - function _retrieveDocumentInfo($iDocumentId) {
  197 + }
  198 + function _retrieveDocumentInfo($iDocumentId) {
199 199 $row_info = array('docid' => $iDocumentId);
200 200 $row_info['type'] = 'document';
201 201 $row_info['document'] =& Document::get($iDocumentId);
202   -
  202 +
203 203 return $row_info;
204 204 }
205   -
  205 +
206 206 // FIXME get more document info.
207   - function getFolderInfo($iFolderId) {
  207 + function getFolderInfo($iFolderId) {
208 208 if (array_key_exists($iFolderId, $this->_folderData)) {
209   - return $this->_folderData[$iFolderId];
  209 + return $this->_folderData[$iFolderId];
210 210 } else {
211 211 $this->_folderData[$iFolderId] = $this->_retrieveFolderInfo($iFolderId);
212 212 return $this->_folderData[$iFolderId];
213   - }
214   - }
215   -
  213 + }
  214 + }
  215 +
216 216 // FIXME get more folder info.
217   - function _retrieveFolderInfo($iFolderId) {
  217 + function _retrieveFolderInfo($iFolderId) {
218 218 $row_info = array('folderid' => $iFolderId);
219 219 $row_info['type'] = 'folder';
220   - $row_info['folder'] =& Folder::get($iFolderId);
221   -
  220 + $row_info['folder'] =& Folder::get($iFolderId);
  221 +
222 222 return $row_info;
223 223 }
224   -
  224 +
225 225 // render a particular row.
226 226 function renderRow($iDocumentId) { ; }
227 227 // link url for a particular page.
228   - function pageLink($iPageNumber) {
229   - return $this->returnURL . '&page=' . $iPageNumber . '&sort_on=' . $this->sort_column . '&sort_order=' . $this->sort_order;
  228 + function pageLink($iPageNumber) {
  229 + return $this->returnURL . '&page=' . $iPageNumber . '&sort_on=' . $this->sort_column . '&sort_order=' . $this->sort_order;
230 230 }
231   -
  231 +
232 232 function render() {
233 233 // sort out the batch
234 234 $pagecount = (int) floor($this->itemCount / $this->batchSize);
... ... @@ -236,7 +236,7 @@ class DocumentCollection {
236 236 $pagecount += 1;
237 237 }
238 238 // FIXME expose the current set of rows to the document.
239   -
  239 +
240 240 $oTemplating =& KTTemplating::getSingleton();
241 241 $oTemplate = $oTemplating->loadTemplate('kt3/document_collection');
242 242 $aTemplateData = array(
... ... @@ -246,7 +246,7 @@ class DocumentCollection {
246 246 'returnURL' => $this->returnURL,
247 247 'columncount' => count($this->columns),
248 248 );
249   -
  249 +
250 250 // in order to allow OTHER things than batch to move us around, we do:
251 251 return $oTemplate->render($aTemplateData);
252 252 }
... ... @@ -272,52 +272,52 @@ class AdvancedCollection {
272 272 var $_queryObj = null;
273 273 var $sort_column;
274 274 var $sort_order;
275   -
  275 +
276 276 // current documents (in _this_ batch.)
277   - var $activeset = null;
  277 + var $activeset = null;
278 278  
279 279 var $_documentData = array(); // [docid] => array();
280 280 var $_folderData = array(); // [folderid] => array();
281 281 var $columns = array(); // the columns in use
282   -
  282 +
283 283 var $returnURL = null;
284   -
  284 +
285 285 var $folderCount = 0;
286 286 var $documentCount = 0;
287   - var $itemCount = 0;
  287 + var $itemCount = 0;
288 288 var $batchStart = 0; // if batch specified a "start".
289 289 var $batchPage = 0;
290 290 var $batchSize = 20; // size of the batch // FIXME make this configurable.
291   -
  291 +
292 292 var $aOptions = array();
293 293 var $bShowFolders = true;
294 294 var $bShowDocuments = true;
295   -
296   - var $_gotData = false;
  295 +
  296 + var $_gotData = false;
297 297 var $_sorted = false;
298   -
  298 +
299 299 var $is_browse = false;
300   -
  300 +
301 301 var $empty_message;
302 302  
303 303 /* initialisation */
304 304 function setOptions($aOptions) {
305   - $this->aOptions = $aOptions;
306   -
  305 + $this->aOptions = $aOptions;
  306 +
307 307 // batching
308   - $this->batchPage = KTUtil::arrayGet($aOptions, 'batch_page', 0);
309   - $this->batchSize = KTUtil::arrayGet($aOptions, 'batch_size', 25);
310   - $this->batchStart = $this->batchPage * $this->batchSize;
311   -
  308 + $this->batchPage = KTUtil::arrayGet($aOptions, 'batch_page', 0);
  309 + $this->batchSize = KTUtil::arrayGet($aOptions, 'batch_size', 25);
  310 + $this->batchStart = $this->batchPage * $this->batchSize;
  311 +
312 312 // visibility
313   - $this->bShowFolders = KTUtil::arrayGet($aOptions, 'show_folders', true, false);
  313 + $this->bShowFolders = KTUtil::arrayGet($aOptions, 'show_folders', true, false);
314 314 $this->bShowDocuments = KTUtil::arrayGet($aOptions, 'show_documents', true, false);
315   -
  315 +
316 316 $this->is_browse = KTUtil::arrayGet($aOptions, 'is_browse', false);
317   -
  317 +
318 318 // sorting
319   - $this->sort_column = KTUtil::arrayGet($aOptions, 'sort_on', 'ktcore.columns.title');
320   - $this->sort_order = KTUtil::arrayGet($aOptions, 'sort_order', 'asc');
  319 + $this->sort_column = KTUtil::arrayGet($aOptions, 'sort_on', 'ktcore.columns.title');
  320 + $this->sort_order = KTUtil::arrayGet($aOptions, 'sort_order', 'asc');
321 321  
322 322 // url options
323 323 $sURL = KTUtil::arrayGet($aOptions, 'return_url', false);
... ... @@ -325,19 +325,19 @@ class AdvancedCollection {
325 325 $sURL = KTUtil::arrayGet($aOptions, 'result_url', $_SERVER['PHP_SELF']);
326 326 }
327 327 $this->returnURL = $sURL;
328   -
  328 +
329 329 $this->empty_message = KTUtil::arrayGet($aOptions, 'empty_message', _kt('No folders or documents in this location.'));
330   - }
331   -
332   -
  330 + }
  331 +
  332 +
333 333 // we use a lot of standard variable names for these (esp. in columns.)
334 334 // no need to replicate the code everywhere.
335 335 function getEnvironOptions() {
336 336 $aNewOptions = array();
337   -
  337 +
338 338 // batching
339 339 $aNewOptions['batch_page'] = (int) KTUtil::arrayGet($_REQUEST, 'page', 0);
340   -
  340 +
341 341 // evil with cookies.
342 342 $batch_size = KTUtil::arrayGet($_REQUEST, 'page_size');
343 343 if (empty($batch_size)) {
... ... @@ -347,28 +347,28 @@ class AdvancedCollection {
347 347 setcookie('__kt_batch_size', $batch_size);
348 348 }
349 349 $aNewOptions['batch_size'] = (int) $batch_size;
350   -
  350 +
351 351 // ordering. (direction and column)
352   - $aNewOptions['sort_on'] = KTUtil::arrayGet($_REQUEST, 'sort_on', 'ktcore.columns.title');
353   - $displayOrder = KTUtil::arrayGet($_REQUEST, 'sort_order', 'asc');
  352 + $aNewOptions['sort_on'] = KTUtil::arrayGet($_REQUEST, 'sort_on', 'ktcore.columns.title');
  353 + $displayOrder = KTUtil::arrayGet($_REQUEST, 'sort_order', 'asc');
354 354 if ($displayOrder !== 'asc') { $displayOrder = 'desc'; }
355 355 $aNewOptions['sort_order'] = $displayOrder;
356   -
357   - // probably URL
358   - $aNewOptions['result_url'] = $_SERVER['PHP_SELF'];
359   -
  356 +
  357 + // probably URL
  358 + $aNewOptions['result_url'] = $_SERVER['PHP_SELF'];
  359 +
360 360 // return the environ options
361 361 return $aNewOptions;
362 362 }
363   -
  363 +
364 364 function setColumnOptions($sColumnNamespace, $aOptions) {
365 365 foreach ($this->columns as $key => $oColumn) {
366 366 if ($oColumn->namespace == $sColumnNamespace) {
367   - $this->columns[$key]->setOptions($aOptions);
  367 + $this->columns[$key]->setOptions($aOptions);
368 368 }
369 369 }
370 370 }
371   -
  371 +
372 372 function getColumnOptions($sColumnNamespace) {
373 373 foreach ($this->columns as $key => $oColumn) {
374 374 if ($oColumn->namespace == $sColumnNamespace) {
... ... @@ -376,59 +376,59 @@ class AdvancedCollection {
376 376 }
377 377 }
378 378 }
379   -
  379 +
380 380 // columns should be added in the "correct" order (e.g. display order)
381   - function addColumn($oBrowseColumn) { array_push($this->columns, $oBrowseColumn); }
  381 + function addColumn($oBrowseColumn) { array_push($this->columns, $oBrowseColumn); }
382 382 function addColumns($aColumns) { $this->columns = kt_array_merge($this->columns, $aColumns); }
383   - function setQueryObject($oQueryObj) { $this->_queryObj = $oQueryObj; }
  383 + function setQueryObject($oQueryObj) { $this->_queryObj = $oQueryObj; }
  384 +
  385 + /* fetch cycle */
  386 + function setSorting() {
  387 +
  388 + $this->_sorted = true;
384 389  
385   - /* fetch cycle */
386   - function setSorting() {
387   -
388   - $this->_sorted = true;
389   -
390 390 // defaults
391 391 $this->_sDocumentSortField = 'DM.name';
392   - $this->_sFolderSortField = 'F.name';
393   -
394   - foreach ($this->columns as $key => $oColumn) {
395   - if ($oColumn->namespace == $this->sort_column) {
  392 + $this->_sFolderSortField = 'F.name';
  393 +
  394 + foreach ($this->columns as $key => $oColumn) {
  395 + if ($oColumn->namespace == $this->sort_column) {
396 396 $this->columns[$key]->setSortedOn(true);
397 397 $this->columns[$key]->setSortDirection($this->sort_order);
398 398  
399 399 // get the join params from the object.
400 400 $aFQ = $this->columns[$key]->addToFolderQuery();
401 401 $aDQ = $this->columns[$key]->addToDocumentQuery();
402   -
  402 +
403 403 $this->_sFolderJoinClause = $aFQ[0];
404 404 $this->_aFolderJoinParams = $aFQ[1];
405   -
  405 +
406 406 if ($aFQ[2]) { $this->_sFolderSortField = $aFQ[2]; }
407 407 $this->_sDocumentJoinClause = $aDQ[0];
408   - $this->_aDocumentJoinParams = $aDQ[1];
409   -
410   - if ($aDQ[2]) {
  408 + $this->_aDocumentJoinParams = $aDQ[1];
  409 +
  410 + if ($aDQ[2]) {
411 411 $this->_sDocumentSortField = $aDQ[2]; }
412 412 } else {
413 413 $oColumn->setSortedOn(false);
414 414 }
415 415 }
416 416 }
417   -
  417 +
418 418  
419 419 // finally, generate the results. either (documents or folders) could be null/empty
420 420 // FIXME handle column-for-sorting (esp. md?)
421 421 function getResults() {
422   -
  422 +
423 423 if ($this->_gotInfo == true) {
424   - return;
425   - }
426   -
  424 + return;
  425 + }
  426 +
427 427 // this impacts the query used.
428 428 if (!$this->_sorted) {
429 429 $this->setSorting();
430   - }
431   -
  430 + }
  431 +
432 432 // work out how many of each item type we're going to expect.
433 433 if ($this->bShowFolders) {
434 434 $this->folderCount = $this->_queryObj->getFolderCount();
... ... @@ -439,9 +439,9 @@ class AdvancedCollection {
439 439 } else {
440 440 $this->folderCount = 0;
441 441 }
442   -
  442 +
443 443 if ($this->bShowDocuments) {
444   - $this->documentCount = $this->_queryObj->getDocumentCount();
  444 + $this->documentCount = $this->_queryObj->getDocumentCount();
445 445 if (PEAR::isError($this->documentCount)) {
446 446 $_SESSION['KTErrorMessage'][] = $this->documentCount->toString();
447 447 $this->documentCount = 0;
... ... @@ -449,21 +449,21 @@ class AdvancedCollection {
449 449 } else {
450 450 $this->documentCount = 0;
451 451 }
452   -
  452 +
453 453 $this->itemCount = $this->documentCount + $this->folderCount;
454   -
  454 +
455 455 // now we need the active set: this is based on the batchsize,
456 456 // batchstart. this is divided into folders/documents. (_no_ intermingling).
457 457 $folderSet = null;
458 458 $documentSet = null;
459 459  
460 460 // assume we have not documents. This impacts "where" our documents start.
461   - //
  461 + //
462 462 $no_folders = true;
463 463 if ($this->bShowDocuments) {
464 464 $documents_to_get = $this->batchSize;
465 465 } else {
466   - $documents_to_get = 0;
  466 + $documents_to_get = 0;
467 467 }
468 468 $folders_to_get = 0;
469 469  
... ... @@ -480,27 +480,27 @@ class AdvancedCollection {
480 480  
481 481 if ($no_folders) {
482 482 $this->batchStart -= $this->folderCount;
483   - $documentSet = $this->_queryObj->getDocuments($documents_to_get,
484   - $this->batchStart,
485   - $this->_sDocumentSortField,
486   - $this->sort_order,
487   - $this->_sDocumentJoinClause,
  483 + $documentSet = $this->_queryObj->getDocuments($documents_to_get,
  484 + $this->batchStart,
  485 + $this->_sDocumentSortField,
  486 + $this->sort_order,
  487 + $this->_sDocumentJoinClause,
488 488 $this->_aDocumentJoinParams);
489 489 } else {
490   - $folderSet = $this->_queryObj->getFolders($folders_to_get,
491   - $this->batchStart,
492   - $this->_sFolderSortField,
493   - $this->sort_order,
494   - $this->_sFolderJoinQuery,
  490 + $folderSet = $this->_queryObj->getFolders($folders_to_get,
  491 + $this->batchStart,
  492 + $this->_sFolderSortField,
  493 + $this->sort_order,
  494 + $this->_sFolderJoinQuery,
495 495 $this->_aFolderJoinParams);
496 496  
497   - // if we're getting -any- documents this round, then get some.
  497 + // if we're getting -any- documents this round, then get some.
498 498 if ($documents_to_get > 0) {
499   - $documentSet = $this->_queryObj->getDocuments($documents_to_get,
500   - 0,
501   - $this->_sDocumentSortField,
502   - $this->sort_order,
503   - $this->_sDocumentJoinClause,
  499 + $documentSet = $this->_queryObj->getDocuments($documents_to_get,
  500 + 0,
  501 + $this->_sDocumentSortField,
  502 + $this->sort_order,
  503 + $this->_sDocumentJoinClause,
504 504 $this->_aDocumentJoinParams);
505 505 }
506 506 }
... ... @@ -516,11 +516,11 @@ class AdvancedCollection {
516 516 //var_dump($documentSet); exit(0);
517 517 $documentSet = array();
518 518 $this->documentCount = 0;
519   -
  519 +
520 520 }
521   -
522   - $this->itemCount = $this->documentCount + $this->folderCount;
523   -
  521 +
  522 + $this->itemCount = $this->documentCount + $this->folderCount;
  523 +
524 524 $this->activeset = array(
525 525 'folders' => $folderSet,
526 526 'documents' => $documentSet,
... ... @@ -529,72 +529,72 @@ class AdvancedCollection {
529 529 $this->_gotInfo = true; // don't do this twice ...
530 530 }
531 531  
532   - // stub: fetch all relevant information about a document (that will reasonably be fetched).
533   - function getDocumentInfo($iDocumentId) {
  532 + // stub: fetch all relevant information about a document (that will reasonably be fetched).
  533 + function getDocumentInfo($iDocumentId) {
534 534 if (array_key_exists($iDocumentId, $this->_documentData)) {
535   - return $this->_documentData[$iDocumentId];
  535 + return $this->_documentData[$iDocumentId];
536 536 } else {
537 537 $this->_documentData[$iDocumentId] = $this->_retrieveDocumentInfo($iDocumentId);
538 538 return $this->_documentData[$iDocumentId];
539 539 }
540 540 }
541   -
542   - function _retrieveDocumentInfo($iDocumentId) {
  541 +
  542 + function _retrieveDocumentInfo($iDocumentId) {
543 543 $row_info = array('docid' => $iDocumentId);
544 544 $row_info['type'] = 'document';
545 545 $row_info['document'] =& Document::get($iDocumentId);
546 546 return $row_info;
547 547 }
548   -
  548 +
549 549 // FIXME get more document info.
550   - function getFolderInfo($iFolderId) {
  550 + function getFolderInfo($iFolderId) {
551 551 if (array_key_exists($iFolderId, $this->_folderData)) {
552   - return $this->_folderData[$iFolderId];
  552 + return $this->_folderData[$iFolderId];
553 553 } else {
554 554 $this->_folderData[$iFolderId] = $this->_retrieveFolderInfo($iFolderId);
555 555 return $this->_folderData[$iFolderId];
556   - }
  556 + }
557 557 }
558   -
  558 +
559 559 // FIXME get more folder info.
560   - function _retrieveFolderInfo($iFolderId) {
  560 + function _retrieveFolderInfo($iFolderId) {
561 561 $row_info = array('folderid' => $iFolderId);
562 562 $row_info['type'] = 'folder';
563   - $row_info['folder'] =& Folder::get($iFolderId);
564   -
  563 + $row_info['folder'] =& Folder::get($iFolderId);
  564 +
565 565 return $row_info;
566 566 }
567   -
  567 +
568 568 // render a particular row.
569 569 function renderRow($iDocumentId) { ; }
570   -
  570 +
571 571 // link url for a particular page.
572   - function pageLink($iPageNumber) {
573   - $qs = sprintf('page=%s&sort_on=%s&sort_order=%s', $iPageNumber, $this->sort_column, $this->sort_order);
574   - return KTUtil::addQueryString($this->returnURL, $qs);
  572 + function pageLink($iPageNumber) {
  573 + $qs = sprintf('page=%s&sort_on=%s&sort_order=%s', $iPageNumber, $this->sort_column, $this->sort_order);
  574 + return KTUtil::addQueryString($this->returnURL, $qs);
575 575 }
576   -
577   - function render() {
  576 +
  577 + function render() {
578 578 $this->setSorting();
579   - $this->getResults();
580   -
  579 + $this->getResults();
  580 +
581 581 // ensure all columns use the correct url
582 582 //var_dump($this->returnURL); exit(0);
583 583 $aOpt = array('return_url' => $this->returnURL);
584 584 foreach ($this->columns as $k => $v) {
585 585 $this->columns[$k]->setOptions($aOpt);
586 586 }
587   -
  587 +
588 588 // sort out the batch
589 589 $pagecount = (int) floor($this->itemCount / $this->batchSize);
590 590 if (($this->itemCount % $this->batchSize) != 0) {
591 591 $pagecount += 1;
592 592 }
593   -
  593 +
594 594 // ick.
595 595 global $main;
596 596 $main->requireJSResource('resources/js/browsehelper.js');
597   -
  597 +
598 598 $oTemplating =& KTTemplating::getSingleton();
599 599 $oTemplate = $oTemplating->loadTemplate('kt3/document_collection');
600 600 $aTemplateData = array(
... ... @@ -603,10 +603,10 @@ class AdvancedCollection {
603 603 'currentpage' => $this->batchPage,
604 604 'returnURL' => $this->returnURL,
605 605 'columncount' => count($this->columns),
606   - 'bIsBrowseCollection' => $this->is_browse,
  606 + 'bIsBrowseCollection' => $this->is_browse,
607 607 'batch_size' => $this->batchSize,
608 608 );
609   -
  609 +
610 610 // in order to allow OTHER things than batch to move us around, we do:
611 611 return $oTemplate->render($aTemplateData);
612 612 }
... ...
lib/documentmanagement/Document.inc
  View file @03c98e9
... ... @@ -6,7 +6,7 @@
6 6 * License Version 1.1.2 ("License"); You may not use this file except in
7 7 * compliance with the License. You may obtain a copy of the License at
8 8 * http://www.knowledgetree.com/KPL
9   - *
  9 + *
10 10 * Software distributed under the License is distributed on an "AS IS"
11 11 * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied.
12 12 * See the License for the specific language governing rights and
... ... @@ -17,9 +17,9 @@
17 17 * (ii) the KnowledgeTree copyright notice
18 18 * in the same form as they appear in the distribution. See the License for
19 19 * requirements.
20   - *
  20 + *
21 21 * The Original Code is: KnowledgeTree Open Source
22   - *
  22 + *
23 23 * The Initial Developer of the Original Code is The Jam Warehouse Software
24 24 * (Pty) Ltd, trading as KnowledgeTree.
25 25 * Portions created by The Jam Warehouse Software (Pty) Ltd are Copyright
... ... @@ -42,76 +42,76 @@ require_once(KT_LIB_DIR . &#39;/documentmanagement/documentmetadataversion.inc.php&#39;)
42 42  
43 43 class Document {
44 44 var $iId;
45   -
  45 +
46 46 var $_oDocumentCore = null;
47 47 var $_oDocumentContentVersion = null;
48 48 var $_oDocumentMetadataVersion = null;
49   -
  49 +
50 50 var $iCurrentMetadataVersionId = null;
51 51  
52 52 // {{{ getters/setters
53 53  
54 54 // locally stored info.
55   -
  55 +
56 56 function getId() { return $this->iId; }
57   -
  57 +
58 58 // Document Core
59   -
  59 +
60 60 function getFolderID() { return $this->_oDocumentCore->getFolderId(); }
61 61 function setFolderID($iNewValue) { $this->_oDocumentCore->setFolderId($iNewValue); }
62 62  
63 63 function getFullPath() { return $this->_oDocumentCore->getFullPath(); }
64   -
  64 +
65 65 function getCreatorID() { return $this->_oDocumentCore->getCreatorId(); }
66 66 function setCreatorID($iNewValue) { $this->_oDocumentCore->setCreatorId($iNewValue); }
67   -
  67 +
68 68 function getOwnerID() { return $this->_oDocumentCore->getOwnerId(); }
69 69 function setOwnerID($iNewValue) { $this->_oDocumentCore->setOwnerId($iNewValue); }
70   -
  70 +
71 71 function getLastModifiedDate() { return $this->_oDocumentCore->getLastModifiedDate(); }
72 72 function setLastModifiedDate($dNewValue) { $this->_oDocumentCore->setLastModifiedDate($dNewValue); }
73   -
  73 +
74 74 function getCreatedDateTime() { return $this->_oDocumentCore->getCreatedDateTime(); }
75   -
  75 +
76 76 function getIsCheckedOut() { return $this->_oDocumentCore->getIsCheckedOut(); }
77 77 function setIsCheckedOut($bNewValue) { $this->_oDocumentCore->setIsCheckedOut(KTUtil::anyToBool($bNewValue)); }
78   -
  78 +
79 79 function getCheckedOutUserID() { return $this->_oDocumentCore->getCheckedOutUserId(); }
80 80 function setCheckedOutUserID($iNewValue) { $this->_oDocumentCore->setCheckedOutUserId($iNewValue); }
81   -
  81 +
82 82 function getPermissionObjectID() { return $this->_oDocumentCore->getPermissionObjectId(); }
83 83 function setPermissionObjectID($iNewValue) { $this->_oDocumentCore->setPermissionObjectId($iNewValue); }
84   -
  84 +
85 85 function getPermissionLookupID() { return $this->_oDocumentCore->getPermissionLookupId(); }
86 86 function setPermissionLookupID($iNewValue) { $this->_oDocumentCore->setPermissionLookupId($iNewValue); }
87   -
  87 +
88 88 function getModifiedUserId() { return $this->_oDocumentCore->getModifiedUserId(); }
89 89 function setModifiedUserId($iNewValue) { $this->_oDocumentCore->setModifiedUserId($iNewValue); }
90 90  
91 91 function getImmutable() { return $this->_oDocumentCore->getImmutable(); }
92 92 function setImmutable($mValue) { $this->_oDocumentCore->setImmutable($mValue); }
93   -
  93 +
94 94 function getRestoreFolderId() { return $this->_oDocumentCore->getRestoreFolderId(); }
95   - function setRestoreFolderId($iValue) { $this->_oDocumentCore->setRestoreFolderId($iValue); }
  95 + function setRestoreFolderId($iValue) { $this->_oDocumentCore->setRestoreFolderId($iValue); }
96 96  
97 97 function getRestoreFolderPath() { return $this->_oDocumentCore->getRestoreFolderPath(); }
98   - function setRestoreFolderPath($sValue) { $this->_oDocumentCore->setRestoreFolderPath($sValue); }
99   -
100   -
  98 + function setRestoreFolderPath($sValue) { $this->_oDocumentCore->setRestoreFolderPath($sValue); }
  99 +
  100 +
101 101 // Document Metadata Items
102   -
  102 +
103 103 function getDocumentTypeID() { return $this->_oDocumentMetadataVersion->getDocumentTypeId(); }
104 104 function setDocumentTypeID($sNewValue) { $this->_oDocumentMetadataVersion->setDocumentTypeId($sNewValue); }
105   -
  105 +
106 106 function getName() { return $this->_oDocumentMetadataVersion->getName(); }
107 107 function setName($sNewValue) { $this->_oDocumentMetadataVersion->setName($sNewValue); }
108 108  
109 109 function getDescription() { return $this->_oDocumentMetadataVersion->getDescription(); }
110 110 function setDescription($sNewValue) { $this->_oDocumentMetadataVersion->setDescription($sNewValue); }
111   -
  111 +
112 112 function getStatusID() { return $this->_oDocumentCore->getStatusId(); }
113 113 function setStatusID($iNewValue) { $this->_oDocumentMetadataVersion->setStatusId($iNewValue); $this->_oDocumentCore->setStatusId($iNewValue); }
114   -
  114 +
115 115 function getMetadataVersion() { return $this->_oDocumentMetadataVersion->getMetadataVersion(); }
116 116 function setMetadataVersion($iNewValue) { $this->_oDocumentMetadataVersion->getMetadataVersion($iNewValue); }
117 117  
... ... @@ -120,7 +120,7 @@ class Document {
120 120  
121 121 function getContentVersionId() { return $this->_oDocumentMetadataVersion->getContentVersionId(); }
122 122 function setContentVersionId($iNewValue) { $this->_oDocumentMetadataVersion->setContentVersionId($iNewValue); }
123   -
  123 +
124 124 function getVersionCreated() { return $this->_oDocumentMetadataVersion->getVersionCreated(); }
125 125 function getVersionCreatorId() { return $this->_oDocumentMetadataVersion->getVersionCreatorId(); }
126 126  
... ... @@ -129,29 +129,29 @@ class Document {
129 129 function getWorkflowStateId() { return $this->_oDocumentMetadataVersion->getWorkflowStateId(); }
130 130 function setWorkflowStateId($mValue) { $this->_oDocumentMetadataVersion->setWorkflowStateId($mValue); }
131 131  
132   - // Document Content Version
133   -
  132 + // Document Content Version
  133 +
134 134 function getFileName() { return $this->_oDocumentContentVersion->getFileName(); }
135 135 function setFileName($sNewValue) { $this->_oDocumentContentVersion->setFileName($sNewValue); }
136   -
  136 +
137 137 function getFileSize() { return $this->_oDocumentContentVersion->getSize(); }
138 138 function setFileSize($iNewValue) { $this->_oDocumentContentVersion->setSize($iNewValue); }
139   -
  139 +
140 140 function getSize() { return $this->_oDocumentContentVersion->getSize(); }
141 141 function setSize($iNewValue) { $this->_oDocumentContentVersion->setSize($iNewValue); }
142   -
  142 +
143 143 function getMimeTypeID() { return $this->_oDocumentContentVersion->getMimeTypeId(); }
144 144 function setMimeTypeID($iNewValue) { $this->_oDocumentContentVersion->setMimeTypeId($iNewValue); }
145   -
  145 +
146 146 function getMajorVersionNumber() { return $this->_oDocumentContentVersion->getMajorVersionNumber(); }
147 147 function setMajorVersionNumber($iNewValue) { $this->_oDocumentContentVersion->setMajorVersionNumber($iNewValue); }
148   -
  148 +
149 149 function getMinorVersionNumber() { return $this->_oDocumentContentVersion->getMinorVersionNumber(); }
150 150 function setMinorVersionNumber($iNewValue) { $this->_oDocumentContentVersion->setMinorVersionNumber($iNewValue); }
151 151  
152 152 function getStoragePath() { return $this->_oDocumentContentVersion->getStoragePath(); }
153 153 function setStoragePath($sNewValue) { $this->_oDocumentContentVersion->setStoragePath($sNewValue); }
154   -
  154 +
155 155 // }}}
156 156  
157 157 // {{{ getParentID
... ... @@ -190,10 +190,10 @@ class Document {
190 190 function update($bPathMove = false) {
191 191 $res = $this->_oDocumentCore->update($bPathMove);
192 192 if (PEAR::isError($res)) { var_dump($res); return $res; }
193   -
  193 +
194 194 $res = $this->_oDocumentContentVersion->update($bPathMove);
195 195 if (PEAR::isError($res)) { var_dump($res); return $res; }
196   -
  196 +
197 197 $res = $this->_oDocumentMetadataVersion->update($bPathMove);
198 198 if (PEAR::isError($res)) { var_dump($res); return $res; }
199 199  
... ... @@ -209,7 +209,7 @@ class Document {
209 209 $iId = (int)$iId;
210 210 $oDocument = new Document();
211 211 $res = $oDocument->load($iId, $iMetadataVersion);
212   - if (PEAR::isError($res)) {
  212 + if (PEAR::isError($res)) {
213 213 return $res;
214 214 }
215 215 return $oDocument;
... ... @@ -221,21 +221,21 @@ class Document {
221 221 $this->iId = $iId;
222 222 $this->_oDocumentCore = KTDocumentCore::get($iId);
223 223 if (PEAR::isError($this->_oDocumentCore)) { return $this->_oDocumentCore; }
224   -
  224 +
225 225 // FIXME add error $res if MDV > $_oDC->getMDV
226   - if (is_null($iMetadataVersionId)) {
227   - $this->_oDocumentMetadataVersion = KTDocumentMetadataVersion::get($this->_oDocumentCore->getMetadataVersionId());
  226 + if (is_null($iMetadataVersionId)) {
  227 + $this->_oDocumentMetadataVersion = KTDocumentMetadataVersion::get($this->_oDocumentCore->getMetadataVersionId());
228 228 $this->iCurrentMetadataVersionId = $this->_oDocumentCore->getMetadataVersionId();
229 229 } else {
230 230 $this->_oDocumentMetadataVersion = KTDocumentMetadataVersion::get($iMetadataVersionId);
231 231 $this->iCurrentMetadataVersionId = $iMetadataVersionId;
232 232 }
233   - if (PEAR::isError($this->_oDocumentMetadataVersion))
234   - {
235   - // var_dump($this->_oDocumentMetadataVersion);
236   - return $this->_oDocumentMetadataVersion;
  233 + if (PEAR::isError($this->_oDocumentMetadataVersion))
  234 + {
  235 + // var_dump($this->_oDocumentMetadataVersion);
  236 + return $this->_oDocumentMetadataVersion;
237 237 }
238   -
  238 +
239 239 $this->_oDocumentContentVersion = KTDocumentContentVersion::get($this->_oDocumentMetadataVersion->getContentVersionId());
240 240 if (PEAR::isError($this->_oDocumentContentVersion)) { return $this->_oDocumentContentVersion; }
241 241 }
... ... @@ -278,7 +278,7 @@ class Document {
278 278 $sFolderPath = Folder::getFolderDisplayPath($this->getFolderID());
279 279 // #3425 for consistency
280 280 return ($bDisplayIcon ? $this->getIcon() : "") .
281   - ($sFolderPath == "" ? "Deleted Folder" : $sFolderPath) . " &raquo; " . $this->getName();
  281 + ($sFolderPath == "" ? "Deleted Folder" : $sFolderPath) . " &raquo; " . sanitizeForHTML($this->getName());
282 282 }
283 283 // }}}
284 284  
... ... @@ -308,7 +308,7 @@ class Document {
308 308 return true;
309 309 }
310 310 // }}}
311   -
  311 +
312 312 function &getByFilenameAndFolder($sFileName, $iFolderID) {
313 313 $sD = KTUtil::getTableName('documents');
314 314 $sDM = KTUtil::getTableName('document_metadata_version');
... ... @@ -319,7 +319,7 @@ class Document {
319 319 WHERE DC.filename = ? AND D.folder_id = ?";
320 320 $aParams = array($sFileName, $iFolderID);
321 321 $id = DBUtil::getOneResultKey(array($sQuery, $aParams), 'id');
322   - return Document::get($id);
  322 + return Document::get($id);
323 323 }
324 324  
325 325 // {{{ nameExists
... ... @@ -359,7 +359,7 @@ class Document {
359 359 WHERE DM.name = ? AND D.folder_id = ?";
360 360 $aParams = array($sName, $iFolderID);
361 361 $id = DBUtil::getOneResultKey(array($sQuery, $aParams), 'id');
362   - return Document::get($id);
  362 + return Document::get($id);
363 363 }
364 364  
365 365 // {{{ getDocumentDisplayPath
... ... @@ -384,7 +384,7 @@ class Document {
384 384 // FIXME this appears to be deprecated, or at least should be
385 385 $sTable = KTUtil::getTableName('document_text');
386 386 $sQuery = "DELETE FROM $sTable WHERE document_id = ?";
387   - $aParams = array($iDocumentID);
  387 + $aParams = array($iDocumentID);
388 388 $res = DBUtil::runQuery(array($sQuery, $aParams));
389 389 return $res;
390 390 }
... ... @@ -397,7 +397,7 @@ class Document {
397 397 'permission_lookup_id' => $iLookupID,
398 398 'status_id' => LIVE,
399 399 ), array('multi' => true, 'ids' => true));
400   -
  400 +
401 401 $aList = array();
402 402 foreach ($aIds as $iId) {
403 403 $aList[] = Document::get($iId);
... ... @@ -418,7 +418,7 @@ class Document {
418 418  
419 419 $aParams = array($iStateId);
420 420 $aIds = DBUtil::getResultArrayKey(array($sQuery, $aParams), 'document_id');
421   -
  421 +
422 422 $aList = array();
423 423 foreach ($aIds as $iId) {
424 424 $aList[] = Document::get($iId);
... ... @@ -442,19 +442,19 @@ class Document {
442 442 */
443 443 $oDocument = new Document();
444 444 $aOptions = array_change_key_case($aOptions);
445   -
446   -
  445 +
  446 +
447 447 $aCoreKeys = array(
448 448 "CreatorId",
449 449 "Created",
450 450 "ModifiedUserId",
451 451 "Modified",
452   - "FolderId",
  452 + "FolderId",
453 453 "StatusId",
454   - "RestoreFolderId",
  454 + "RestoreFolderId",
455 455 "RestoreFolderPath",
456 456 );
457   -
  457 +
458 458 $aCore = array();
459 459 foreach ($aCoreKeys as $sKey) {
460 460 $sKey = strtolower($sKey);
... ... @@ -463,7 +463,7 @@ class Document {
463 463 $aCore[$sKey] = $sValue;
464 464 }
465 465 }
466   -
  466 +
467 467 $aMetadataVersionKeys = array(
468 468 "MetadataVersion",
469 469 "ContentVersionId",
... ... @@ -474,7 +474,7 @@ class Document {
474 474 "VersionCreated",
475 475 "VersionCreatorId",
476 476 );
477   -
  477 +
478 478 $aMetadataVersion = array();
479 479 foreach ($aMetadataVersionKeys as $sKey) {
480 480 $sKey = strtolower($sKey);
... ... @@ -484,7 +484,7 @@ class Document {
484 484 }
485 485 }
486 486 $aMetadataVersion['VersionCreatorId'] = $aCore['creatorid'];
487   -
  487 +
488 488 $aContentKeys = array(
489 489 "Filename",
490 490 "Size",
... ... @@ -493,7 +493,7 @@ class Document {
493 493 "MinorVersion",
494 494 "StoragePath",
495 495 );
496   -
  496 +
497 497 $aContentVersion = array();
498 498 foreach ($aContentKeys as $sKey) {
499 499 $sKey = strtolower($sKey);
... ... @@ -501,8 +501,8 @@ class Document {
501 501 if (!is_null($sValue)) {
502 502 $aContentVersion[$sKey] = $sValue;
503 503 }
504   - }
505   -
  504 + }
  505 +
506 506 $oDocument->_oDocumentCore = KTDocumentCore::createFromArray($aCore);
507 507 if (PEAR::isError($oDocument->_oDocumentCore)) {
508 508 return $oDocument->_oDocumentCore;
... ... @@ -592,11 +592,11 @@ class Document {
592 592 // }}}
593 593  
594 594 function clearAllCaches() {
595   -
  595 +
596 596 KTEntityUtil::clearAllCaches('KTDocumentCore');
597 597 KTEntityUtil::clearAllCaches('KTDocumentContentVersion');
598 598 KTEntityUtil::clearAllCaches('KTDocumentMetadataVersion');
599   -
  599 +
600 600 return KTEntityUtil::clearAllCaches('Document');
601 601 }
602 602  
... ... @@ -606,7 +606,7 @@ class Document {
606 606  
607 607 $sQuery = sprintf("SELECT comment FROM %s
608 608 WHERE transaction_namespace = ? AND document_id = ?
609   - ORDER BY datetime DESC",
  609 + ORDER BY datetime DESC",
610 610 $sDocumentTransactionTable, $sDocumentMetadataTable);
611 611  
612 612 $aParams = array($sTransactionNamespace, $this->getId());
... ... @@ -628,10 +628,10 @@ class Document {
628 628 $aComment = explode(':', $sComment);
629 629 return trim($aComment[1]);
630 630 }
631   -
632 631  
633 632  
634 633  
635   -
  634 +
  635 +
636 636 }
637 637 ?>
... ...
lib/foldermanagement/Folder.inc
  View file @03c98e9
... ... @@ -8,7 +8,7 @@
8 8 * License Version 1.1.2 ("License"); You may not use this file except in
9 9 * compliance with the License. You may obtain a copy of the License at
10 10 * http://www.knowledgetree.com/KPL
11   - *
  11 + *
12 12 * Software distributed under the License is distributed on an "AS IS"
13 13 * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied.
14 14 * See the License for the specific language governing rights and
... ... @@ -19,9 +19,9 @@
19 19 * (ii) the KnowledgeTree copyright notice
20 20 * in the same form as they appear in the distribution. See the License for
21 21 * requirements.
22   - *
  22 + *
23 23 * The Original Code is: KnowledgeTree Open Source
24   - *
  24 + *
25 25 * The Initial Developer of the Original Code is The Jam Warehouse Software
26 26 * (Pty) Ltd, trading as KnowledgeTree.
27 27 * Portions created by The Jam Warehouse Software (Pty) Ltd are Copyright
... ... @@ -35,7 +35,7 @@ require_once(KT_LIB_DIR . &quot;/documentmanagement/Document.inc&quot;);
35 35 require_once(KT_LIB_DIR . "/util/sanitize.inc");
36 36  
37 37 class Folder extends KTEntity {
38   -
  38 +
39 39 /** folder primary key */
40 40 var $iId;
41 41 /** folder name */
... ... @@ -45,7 +45,7 @@ class Folder extends KTEntity {
45 45 /** folder parent primary key */
46 46 var $iParentID;
47 47 /** primary key of user who created folder */
48   - var $iCreatorID;
  48 + var $iCreatorID;
49 49 /** public status of folder */
50 50 var $bIsPublic = false;
51 51 /** comma deliminated string of parent ids */
... ... @@ -74,12 +74,12 @@ class Folder extends KTEntity {
74 74 'bRestrictDocumentTypes' => 'restrict_document_types',
75 75 );
76 76 // }}}
77   -
  77 +
78 78 function getID() { return $this->iId; }
79 79 function getName() { return sanitizeForSQLtoHTML($this->sName); }
80 80 function setName($sNewValue) { $this->sName = sanitizeForSQL($sNewValue); }
81   - function getDescription() { return sanitizeForSQLtoHTML($this->sDescription); }
82   - function setDescription($sNewValue) { $this->sDescription = sanitizeForSQL($sNewValue); }
  81 + function getDescription() { return sanitizeForSQLtoHTML($this->sDescription); }
  82 + function setDescription($sNewValue) { $this->sDescription = sanitizeForSQL($sNewValue); }
83 83 function getParentID() { return $this->iParentID; }
84 84 function setParentID($iNewValue) { $this->iParentID = $iNewValue; }
85 85 function getCreatorID() { return $this->iCreatorID; }
... ... @@ -111,7 +111,7 @@ class Folder extends KTEntity {
111 111  
112 112 /**
113 113 * Returns a comma delimited string containing the parent folder ids, strips leading /
114   - *
  114 + *
115 115 * @return String comma delimited string containing the parent folder ids
116 116 */
117 117 function generateFolderIDs($iFolderId) {
... ... @@ -136,13 +136,13 @@ class Folder extends KTEntity {
136 136 }
137 137 return sprintf('%s,%s,%s', $sParentFolderParentFolderIds, $iParentId, $oFolder->getId());
138 138 }
139   -
  139 +
140 140 /**
141 141 * Recursively generates forward slash deliminated string giving full path of document
142 142 * from file system root url
143 143 */
144 144 function generateFullFolderPath($iFolderId) {
145   - //if the folder is not the root folder
  145 + //if the folder is not the root folder
146 146 if ($iFolderId == 0) {
147 147 return;
148 148 }
... ... @@ -167,13 +167,13 @@ class Folder extends KTEntity {
167 167 }
168 168 return sprintf('%s/%s', $res, $oFolder->getName());
169 169 }
170   -
  170 +
171 171 /**
172 172 * Returns a forward slash deliminated string giving full path of document, strips leading /
173   - */
  173 + */
174 174 function generateFolderPath($iFolderID) {
175 175 $sPath = Folder::generateFullFolderPath($iFolderID);
176   - return $sPath;
  176 + return $sPath;
177 177 }
178 178  
179 179 function _fieldValues () {
... ... @@ -197,7 +197,7 @@ class Folder extends KTEntity {
197 197 global $default;
198 198 return $default->folders_table;
199 199 }
200   -
  200 +
201 201 /**
202 202 * Update the current folder values in the database
203 203 *
... ... @@ -206,7 +206,7 @@ class Folder extends KTEntity {
206 206 function update($bPathChange = false) {
207 207 $res = parent::update();
208 208 if ($res === true) {
209   - if ($bPathChange) {
  209 + if ($bPathChange) {
210 210 // XXX: TransactionCheckPoint
211 211 $this->updateChildPaths($this->iId);
212 212 $this->updateDocumentPaths($this->iId);
... ... @@ -214,15 +214,15 @@ class Folder extends KTEntity {
214 214 }
215 215 return $res;
216 216 }
217   -
  217 +
218 218 function renameFolder($sOldPath) {
219 219 PhysicalFolderManagement::renameFolder($sOldPath, $default->documentRoot . "/" . $this->sFullPath . "/" . $this->sName);
220 220 }
221   -
  221 +
222 222 /**
223 223 * When a folder is renamed, we must update
224 224 * the paths of the children in the database
225   - *
  225 + *
226 226 */
227 227 function updateChildPaths($iId) {
228 228 global $default;
... ... @@ -230,7 +230,7 @@ class Folder extends KTEntity {
230 230 $sql = $default->db;
231 231 $aFolders =& Folder::getByParentId($iId);
232 232 foreach ($aFolders as $oFolder) {
233   - $oFolder->update(true);
  233 + $oFolder->update(true);
234 234 }
235 235 return;
236 236 }
... ... @@ -256,7 +256,7 @@ class Folder extends KTEntity {
256 256 }
257 257 return true;
258 258 }
259   -
  259 +
260 260 /**
261 261 * Returns the documents in this folder
262 262 */
... ... @@ -270,7 +270,7 @@ class Folder extends KTEntity {
270 270 }
271 271 return implode(',', $res);
272 272 }
273   -
  273 +
274 274 function &get($iFolderID) {
275 275 return KTEntityUtil::get('Folder', $iFolderID);
276 276 }
... ... @@ -288,7 +288,7 @@ class Folder extends KTEntity {
288 288 }
289 289 return ($res != 0); // handle pre-existing duplicates gracefully.
290 290 }
291   -
  291 +
292 292 /**
293 293 * Static function
294 294 * Get a list of Documents
... ... @@ -304,13 +304,13 @@ class Folder extends KTEntity {
304 304 /**
305 305 * Static function.
306 306 * Get the full path for a folder
307   - *
308   - * @param Primary key of folder to generate path for
  307 + *
  308 + * @param Primary key of folder to generate path for
309 309 *
310 310 * @return String full path of folder
311 311 */
312 312 function getFolderPath($iFolderID) {
313   - global $default;
  313 + global $default;
314 314 $oFolder = Folder::get($iFolderID);
315 315 $sPath = $default->documentRoot . "/" . $oFolder->getFullPath() . "/" . $oFolder->getName() . "/";
316 316 return $sPath;
... ... @@ -319,18 +319,18 @@ class Folder extends KTEntity {
319 319 /**
320 320 * Static function.
321 321 * Get the full path for a folder as an array
322   - *
323   - * @param int primary key of folder to generate path for
  322 + *
  323 + * @param int primary key of folder to generate path for
324 324 *
325 325 * @return array full path of folder as an array of folderIDs
326 326 */
327 327 function getFolderPathNamesAsArray($iFolderID) {
328 328 global $default;
329 329 $oFolder = Folder::get($iFolderID);
330   - $aPathArray = array();
  330 + $aPathArray = array();
331 331 if ($oFolder) {
332 332 if (strlen($oFolder->getFullPath()) > 0) {
333   - if (strlen($oFolder->getFullPath()) > 1) {
  333 + if (strlen($oFolder->getFullPath()) > 1) {
334 334 $aPathArray = explode("/",$oFolder->getFullPath());
335 335 } else {
336 336 $aPathArray = array($oFolder->getFullPath());
... ... @@ -348,17 +348,17 @@ class Folder extends KTEntity {
348 348 return Folder::getFolderPathNamesAsArray($this->getID());
349 349 }
350 350 // }}}
351   -
  351 +
352 352 /**
353 353 * Static function.
354 354 * Get the full path for a folder as an array
355   - *
356   - * @param int primary key of folder to generate path for
  355 + *
  356 + * @param int primary key of folder to generate path for
357 357 *
358 358 * @return array full path of folder as an array of folderIDs
359 359 */
360 360 function getFolderPathAsArray($iFolderID) {
361   - global $default;
  361 + global $default;
362 362 $oFolder = Folder::get($iFolderID);
363 363 if ($oFolder === false) {
364 364 return false;
... ... @@ -366,36 +366,41 @@ class Folder extends KTEntity {
366 366 if (strlen($oFolder->getParentFolderIDs()) > 0) {
367 367 if ($oFolder->iParentID == 0) {
368 368 $aPathArray = array();
369   - } else if (strlen($oFolder->getParentFolderIDs()) > 1) {
  369 + } else if (strlen($oFolder->getParentFolderIDs()) > 1) {
370 370 $aPathArray = explode(",",$oFolder->getParentFolderIDs());
371 371 } else {
372 372 $aPathArray = array($oFolder->getParentFolderIDs());
373 373 }
374 374 $aPathArray[count($aPathArray)] = $oFolder->getID();
375   - } else {
  375 + } else {
376 376 $aPathArray = array($oFolder->getID());
377   - }
  377 + }
378 378 return $aPathArray;
379 379 }
380   -
  380 +
381 381 /**
382 382 * Static function.
383 383 * Get the path for a folder that will be displated to the user
384   - *
385   - * @param Primary key of folder to generate path for
  384 + *
  385 + * @param Primary key of folder to generate path for
386 386 *
387 387 * @return String full path of folder
388 388 */
389 389 function getFolderDisplayPath($iFolderID) {
390 390 global $default;
391 391 $aPathNamesArray = Folder::getFolderPathNamesAsArray($iFolderID);
  392 +
  393 + foreach($aPathNamesArray as $k=>$v)
  394 + {
  395 + $aPathNamesArray[$k] = sanitizeForHTML($v);
  396 + }
392 397 if (count($aPathNamesArray) > 0) {
393 398 return implode(" &raquo; ", $aPathNamesArray);
394 399 } else {
395 400 return "";
396 401 }
397 402 }
398   -
  403 +
399 404 /**
400 405 * Static function
401 406 * Get the primary key of the parent folder
... ... @@ -404,14 +409,14 @@ class Folder extends KTEntity {
404 409 *
405 410 * @return integer primary key of parent folder
406 411 */
407   - function getParentFolderID($iFolderID) {
  412 + function getParentFolderID($iFolderID) {
408 413 if ($iFolderID != 0) {
409 414 $oFolder = Folder::get($iFolderID);
410 415 return $oFolder->getParentFolderID();
411 416 }
412 417 return 0;
413 418 }
414   -
  419 +
415 420 /**
416 421 * Static function
417 422 * Checks if a given folder already exists using the folder name
... ... @@ -431,7 +436,7 @@ class Folder extends KTEntity {
431 436 }
432 437 return false;
433 438 }
434   -
  439 +
435 440 /**
436 441 * Checks if a given folder already exists using the folder name
437 442 *
... ... @@ -441,13 +446,13 @@ class Folder extends KTEntity {
441 446 */
442 447 function folderExistsID($iFolderID) {
443 448 $oFolder = Folder::get($iFolderID);
444   - if (PEAR::isError($oFolder)) {
  449 + if (PEAR::isError($oFolder)) {
445 450 return false; // no such folder, or bad ID
446 451 } else {
447 452 return true;
448 453 }
449 454 }
450   -
  455 +
451 456 /**
452 457 * Get the folder name using the primary key
453 458 *
... ... @@ -463,15 +468,15 @@ class Folder extends KTEntity {
463 468 return $oFolder->getName();
464 469 }
465 470 }
466   -
467   -
  471 +
  472 +
468 473 function getByParentIDAndLookupID($iParentID, $iLookupID) {
469 474 return KTEntityUtil::getByDict('Folder', array(
470 475 'parent_id' => $iParentID,
471 476 'permission_lookup_id' => $iLookupID,
472 477 ), array('multi' => true));
473 478 }
474   -
  479 +
475 480 function getByParentId($iParentID) {
476 481 return KTEntityUtil::getByDict('Folder', array(
477 482 'parent_id' => $iParentID,
... ...
lib/widgets/forms.inc.php
  View file @03c98e9
1 1 <?php
2 2 /**
3 3 * $Id$
4   - *
  4 + *
5 5 * The contents of this file are subject to the KnowledgeTree Public
6 6 * License Version 1.1.2 ("License"); You may not use this file except in
7 7 * compliance with the License. You may obtain a copy of the License at
8 8 * http://www.knowledgetree.com/KPL
9   - *
  9 + *
10 10 * Software distributed under the License is distributed on an "AS IS"
11 11 * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied.
12 12 * See the License for the specific language governing rights and
... ... @@ -17,9 +17,9 @@
17 17 * (ii) the KnowledgeTree copyright notice
18 18 * in the same form as they appear in the distribution. See the License for
19 19 * requirements.
20   - *
  20 + *
21 21 * The Original Code is: KnowledgeTree Open Source
22   - *
  22 + *
23 23 * The Initial Developer of the Original Code is The Jam Warehouse Software
24 24 * (Pty) Ltd, trading as KnowledgeTree.
25 25 * Portions created by The Jam Warehouse Software (Pty) Ltd are Copyright
... ... @@ -31,7 +31,7 @@
31 31 /* handle basic machinery for form handling, including working with
32 32 * widgets, sessions and validation
33 33 */
34   -
  34 +
35 35 require_once(KT_LIB_DIR . "/widgets/widgetfactory.inc.php");
36 36 require_once(KT_LIB_DIR . "/validation/validatorfactory.inc.php");
37 37  
... ... @@ -39,11 +39,11 @@ class KTForm {
39 39 // serialisation info
40 40 var $_kt_form_name;
41 41 var $sIdentifier; // a simple identifier.
42   -
  42 +
43 43 // visual options
44 44 var $sLabel;
45 45 var $sDescription;
46   -
  46 +
47 47 // core storage options
48 48 var $_widgets; // what widgets get stored
49 49 var $_validators; // validators
... ... @@ -59,12 +59,12 @@ class KTForm {
59 59 var $_errors;
60 60 var $_method;
61 61 var $_noframe;
62   -
  62 +
63 63 var $_oVF;
64 64 var $_oWF;
65 65  
66   -
67   -
  66 +
  67 +
68 68 // we don't use a constructor here, rather use aOptions
69 69 function setOptions($aOptions) {
70 70 // we grab the "context" dispatcher(ish) object here
... ... @@ -72,16 +72,16 @@ class KTForm {
72 72 $this->_context =& $context;
73 73  
74 74 // form identifier (namespace)
75   - $this->sIdentifier = KTUtil::arrayGet($aOptions, 'identifier','kt.default');
  75 + $this->sIdentifier = KTUtil::arrayGet($aOptions, 'identifier','kt.default');
76 76 // form name
77   - $this->_kt_form_name = KTUtil::arrayGet($aOptions, '_kt_form_name',
  77 + $this->_kt_form_name = KTUtil::arrayGet($aOptions, '_kt_form_name',
78 78 $this->generateFormName($this->sIdentifier), false);
79 79  
80   -
  80 +
81 81 // form labelling
82 82 $this->sLabel = KTUtil::arrayGet($aOptions, 'label');
83 83 $this->sDescription = KTUtil::arrayGet($aOptions, 'description');
84   -
  84 +
85 85 // actions
86 86 $this->_action = KTUtil::arrayGet($aOptions, 'action');
87 87 $qs = KTUtil::arrayGet($aOptions, 'actionparams','');
... ... @@ -91,7 +91,7 @@ class KTForm {
91 91 $this->_enctype="multipart/form-data";
92 92 }
93 93 }
94   -
  94 +
95 95 $targeturl = KTUtil::arrayGet($aOptions, 'targeturl', false);
96 96 if($targeturl === false) {
97 97 $this->_actionurl = KTUtil::addQueryStringSelf($qs);
... ... @@ -114,43 +114,43 @@ class KTForm {
114 114 }
115 115  
116 116 $this->_noframe = KTUtil::arrayGet($aOptions, 'noframe', false);
117   -
  117 +
118 118 // cancel
119 119 // there are a few options here:
120 120 // 1. cancel_action
121 121 // 2. cancel_url
122 122 $cancel_action = KTUtil::arrayGet($aOptions, 'cancel_action');
123 123 $cancel_url = KTUtil::arrayGet($aOptions, 'cancel_url');
124   -
  124 +
125 125 if (!empty($cancel_action)) {
126   - $this->bCancel = true;
  126 + $this->bCancel = true;
127 127 // there are two cases here - if we have a context, we can
128 128 // use the meldPersistQuery to create the url.
129 129 if (!is_null($context)) {
130   - $sQuery = $context->meldPersistQuery("",
  130 + $sQuery = $context->meldPersistQuery("",
131 131 $cancel_action);
132   - $this->_cancelurl =
  132 + $this->_cancelurl =
133 133 KTUtil::addQueryString($_SERVER['PHP_SELF'], $sQuery);
134 134 } else {
135 135 // give it a try using addQSSelf
136 136 $this->_cancelurl = KTUtil::addQueryStringSelf(
137   - sprintf('%s=%s', $this->_event, $cancel_action));
  137 + sprintf('%s=%s', $this->_event, $cancel_action));
138 138 }
139   -
140   -
  139 +
  140 +
141 141 } else if (!empty($cancel_url)) {
142   - $this->bCancel = true;
  142 + $this->bCancel = true;
143 143 $this->_cancelurl = $cancel_url;
144 144 } else {
145 145 $this->bCancel = false;
146 146 }
147   -
  147 +
148 148 // FIXME process extra arguments more intelligently
149 149 $default_args = array();
150 150 if (!is_null($this->_context)) {
151 151 $default_args = $this->_context->meldPersistQuery("","",true);
152 152 }
153   - $this->_extraargs = KTUtil::arrayGet($aOptions,
  153 + $this->_extraargs = KTUtil::arrayGet($aOptions,
154 154 'extraargs', $default_args);
155 155  
156 156 // method
... ... @@ -158,7 +158,7 @@ class KTForm {
158 158  
159 159 $this->_extraargs['postReceived'] = 1;
160 160 }
161   -
  161 +
162 162 function getWidget(&$aInfo) {
163 163 if (is_null($this->_oWF)) {
164 164 $this->_oWF =& KTWidgetFactory::getSingleton();
... ... @@ -167,13 +167,13 @@ class KTForm {
167 167 if (is_null($aInfo)) {
168 168 $widget = null;
169 169 } else if (is_object($aInfo)) {
170   -
  170 +
171 171 // assume this is a fully configured object
172 172 $widget =& $aInfo;
173 173 } else {
174 174 $namespaceOrObject = $aInfo[0];
175 175 $config = (array) $aInfo[1];
176   -
  176 +
177 177 $widget =& $this->_oWF->get($namespaceOrObject, $config);
178 178 }
179 179  
... ... @@ -183,10 +183,10 @@ class KTForm {
183 183 function getValidator($aInfo) {
184 184 if (is_null($this->_oVF)) {
185 185 $this->_oVF =& KTValidatorFactory::getSingleton();
186   - }
187   -
  186 + }
  187 +
188 188 $validator = null;
189   -
  189 +
190 190 // we don't want to expose the factory stuff to the user - its an
191 191 // arbitrary distinction to the user. Good point from NBM ;)
192 192 if (is_null($aInfo)) {
... ... @@ -197,29 +197,29 @@ class KTForm {
197 197 } else {
198 198 $namespaceOrObject = $aInfo[0];
199 199 $config = (array) $aInfo[1];
200   -
  200 +
201 201 $validator =& $this->_oVF->get($namespaceOrObject, $config);
202 202 }
203   -
  203 +
204 204 return $validator;
205 205 }
206   -
  206 +
207 207 // set the "form widgets" that will be used.
208 208 // these are pushed into the "data" component
209 209 function setWidgets($aWidgets) {
210 210 $this->_widgets = array();
211   -
  211 +
212 212 if (is_null($this->_oWF)) {
213 213 $this->_oWF =& KTWidgetFactory::getSingleton();
214 214 }
215   -
  215 +
216 216 $this->addWidgets($aWidgets);
217 217 }
218   -
  218 +
219 219 function addWidgets($aWidgets) {
220   - foreach ($aWidgets as $aInfo) {
  220 + foreach ($aWidgets as $aInfo) {
221 221 $widget = $this->getWidget($aInfo);
222   -
  222 +
223 223 if (is_null($widget)) {
224 224 continue;
225 225 } else {
... ... @@ -227,51 +227,51 @@ class KTForm {
227 227 }
228 228 }
229 229 }
230   -
  230 +
231 231 function setValidators($aValidators) {
232 232 $this->_validators = array();
233   -
  233 +
234 234 if (is_null($this->_oVF)) {
235 235 $this->_oVF =& KTValidatorFactory::getSingleton();
236   - }
237   -
  236 + }
  237 +
238 238 $this->addValidators($aValidators);
239 239 }
240   -
  240 +
241 241 function addValidators($aValidators) {
242 242 // we don't want to expose the factory stuff to the user - its an
243 243 // arbitrary distinction to the user. Good point from NBM ;)
244 244 foreach ($aValidators as $aInfo) {
245 245 $validator = $this->getValidator($aInfo);
246   -
  246 +
247 247 if (is_null($validator)) {
248 248 continue;
249 249 } else {
250 250 $this->_validators[] = $validator;
251 251 }
252   - }
  252 + }
253 253 }
254   -
  254 +
255 255 function addValidator($aInfo) {
256 256 $validator = $this->getValidator($aInfo);
257   -
  257 +
258 258 if (is_null($validator)) {
259 259 return false;
260 260 } else {
261 261 $this->_validators[] =& $validator;
262   - }
  262 + }
263 263 }
264   -
  264 +
265 265 function addWidget($aInfo) {
266 266 $widget = $this->getWidget($aInfo);
267   -
  267 +
268 268 if (is_null($widget)) {
269 269 return false;
270 270 } else {
271 271 $this->_widgets[] =& $widget;
272   - }
273   - }
274   -
  272 + }
  273 + }
  274 +
275 275 function addInitializedWidget($oWidget) {
276 276 $this->_widgets[] = $oWidget;
277 277 }
... ... @@ -279,10 +279,10 @@ class KTForm {
279 279 function render() {
280 280 $sWidgets = $this->renderWidgets();
281 281 $sButtons = $this->renderButtons();
282   -
  282 +
283 283 return $this->renderContaining($sWidgets . ' ' . $sButtons);
284 284 }
285   -
  285 +
286 286 function renderPage($sTitle = null, $sDescription = null) {
287 287 if ($sTitle == null) {
288 288 $sTitle = $this->sLabel;
... ... @@ -292,35 +292,35 @@ class KTForm {
292 292 if (!is_null($sDescription)) {
293 293 $sHelpText = sprintf('<p class="descriptiveText">%s</p>', $sDescription);
294 294 }
295   - return sprintf('<h2>%s</h2> %s %s', $sTitle, $sHelpText, $pageval);
296   - }
297   -
  295 + return sprintf('<h2>%s</h2> %s %s', sanitizeForHTML($sTitle), $sHelpText, $pageval);
  296 + }
  297 +
298 298 function getErrors() {
299 299 $aErrors = array();
300   - $old_data = KTUtil::arrayGet((array) $_SESSION['_kt_old_data'],
  300 + $old_data = KTUtil::arrayGet((array) $_SESSION['_kt_old_data'],
301 301 $this->_kt_form_name, array());
302 302 if (KTUtil::arrayGet($old_data, 'identifier') == $this->sIdentifier) {
303 303 $aErrors = (array) unserialize(KTUtil::arrayGet($old_data, 'errors'));
304   - }
  304 + }
305 305 return $aErrors;
306 306 }
307   -
  307 +
308 308 function renderWidgets() {
309 309 if (empty($this->_widgets)) {
310 310 return '&nbsp;';
311 311 }
312   -
  312 +
313 313 // do this all at the *last* possible moment
314 314 // now we need to do two things:
315 315 //
316   - // 1. inform each "widget" that it needs to wrap itself inside
  316 + // 1. inform each "widget" that it needs to wrap itself inside
317 317 // the "data" var
318   - // 2. replace the widget's default values with the ones from the
  318 + // 2. replace the widget's default values with the ones from the
319 319 // failed request, as appropriate.
320 320 $bUseOld = false;
321 321 $aOldData = array();
322 322 $aErrors = array();
323   - $old_data = KTUtil::arrayGet((array) $_SESSION['_kt_old_data'],
  323 + $old_data = KTUtil::arrayGet((array) $_SESSION['_kt_old_data'],
324 324 $this->_kt_form_name, array());
325 325 if (KTUtil::arrayGet($old_data, 'identifier') == $this->sIdentifier) {
326 326 $bUseOld = true;
... ... @@ -331,7 +331,7 @@ class KTForm {
331 331 }
332 332 $aErrors = (array) unserialize(KTUtil::arrayGet($old_data, 'errors'));
333 333 }
334   -
  334 +
335 335 foreach ($this->_widgets as $k => $v) {
336 336 if (PEAR::isError($v)) {
337 337 continue; // error, handle it in render.
... ... @@ -339,16 +339,16 @@ class KTForm {
339 339 $widget =& $this->_widgets[$k]; // reference needed since we're changing them
340 340 $widget->wrapName('data');
341 341 if ($bUseOld) {
342   - $widget->setDefault(KTUtil::arrayGet($aOldData, $widget->getBasename(),
  342 + $widget->setDefault(KTUtil::arrayGet($aOldData, $widget->getBasename(),
343 343 $widget->getDefault(), false));
344 344 $widget->setErrors(KTUtil::arrayGet($aErrors, $widget->getBasename()));
345 345 }
346 346 }
347   -
  347 +
348 348 // too much overhead by half to use a template here
349 349 // so we do it the "old fashioned" way.
350 350 $rendered = array();
351   -
  351 +
352 352 foreach ($this->_widgets as $v) {
353 353 if (PEAR::isError($v)) {
354 354 $rendered[] = sprintf(_kt('<div class="ktError"><p>Unable to show widget &mdash; %s</p></div>'), $v->getMessage());
... ... @@ -356,45 +356,45 @@ class KTForm {
356 356 $rendered[] = $v->render();
357 357 }
358 358 }
359   -
  359 +
360 360 return implode(' ', $rendered);
361 361 }
362   -
  362 +
363 363 function renderButtons() {
364 364 $oKTTemplating =& KTTemplating::getSingleton();
365 365 $oTemplate = $oKTTemplating->loadTemplate('ktcore/forms/buttons');
366   -
  366 +
367 367 // now do the render.
368 368 $oTemplate->setData(array(
369   - 'context' => &$this,
  369 + 'context' => &$this,
370 370 ));
371   -
  371 +
372 372 return $oTemplate->render();
373 373 }
374   -
  374 +
375 375 function renderContaining() {
376   -
  376 +
377 377 $args = func_get_args();
378 378 $sInner = implode(' ', $args);
379   -
  379 +
380 380 $oKTTemplating =& KTTemplating::getSingleton();
381 381 $oTemplate = $oKTTemplating->loadTemplate('ktcore/forms/outerform');
382   -
  382 +
383 383 // remove inner "action" var from extraargs
384 384 // if its there at all.
385 385 unset($this->_extraargs[$this->_event]);
386 386 $this->_extraargs['_kt_form_name'] = $this->_kt_form_name;
387   -
  387 +
388 388 // now do the render.
389 389 $oTemplate->setData(array(
390   - 'context' => &$this,
  390 + 'context' => &$this,
391 391 'inner' => $sInner,
392 392 ));
393   -
  393 +
394 394 return $oTemplate->render();
395 395 }
396   -
397   - function generateFormName($sIdentifier = null) {
  396 +
  397 + function generateFormName($sIdentifier = null) {
398 398 if (!is_null($sIdentifier)) {
399 399 // try use the existing one from the request.
400 400 $existing = KTUtil::arrayGet($_REQUEST, '_kt_form_name');
... ... @@ -409,62 +409,62 @@ class KTForm {
409 409 }
410 410 return KTUtil::randomString(32); // unique 32 char string
411 411 }
412   -
  412 +
413 413 function validate() {
414 414 // we first ask each widget to pull its data out.
415 415 // while we do that, we create the storage set for the session
416 416 // that widgets can call on later.
417   -
  417 +
418 418 $raw_data = KTUtil::arrayGet($_REQUEST, 'data');
419 419 $processed_data = array();
420 420 foreach ($this->_widgets as $oWidget) {
421 421 if (PEAR::isError($oWidget)) {
422 422 continue;
423 423 }
424   -
425   - // widgets are expected to place their data in the "basename"
  424 +
  425 + // widgets are expected to place their data in the "basename"
426 426 // entry in the processed data area
427 427 //
428 428 // they should also be able to reconstruct their inputs from this
429 429 // since its what they get later.
430   -
  430 +
431 431 $res = $oWidget->process($raw_data);
432 432 $processed_data = kt_array_merge($processed_data, $res);
433 433 }
434   -
  434 +
435 435 // before we validate ANYTHING we store data into the session
436 436  
437 437 $store_data = array(); // we only want to store serialized values here
438 438 foreach ($processed_data as $k => $v) {
439 439 $store_data[$k] = serialize($v);
440 440 }
441   -
  441 +
442 442 $_SESSION['_kt_old_data'][$this->_kt_form_name]['data'] = serialize($store_data);
443   - $_SESSION['_kt_old_data'][$this->_kt_form_name]['identifier'] =
444   - $this->sIdentifier;
445   - $_SESSION['_kt_old_data'][$this->_kt_form_name]['created'] =
  443 + $_SESSION['_kt_old_data'][$this->_kt_form_name]['identifier'] =
  444 + $this->sIdentifier;
  445 + $_SESSION['_kt_old_data'][$this->_kt_form_name]['created'] =
446 446 getCurrentDateTime();
447   -
  447 +
448 448 $results = array();
449 449 $errors = array();
450   -
  450 +
451 451 // some things can be checked by the actual widgets involved. These
452 452 // are obvious (e.g. required) and shouldn't require the developer to
453 453 // think about them.
454 454 //
455 455 // to accomplish this, we call each widget's "getValidators" method.
456   - //
  456 + //
457 457 // note that autovalidation can be turned off for a widget by passing
458 458 // "autovalidate" => "false" in the widget's config.
459   -
  459 +
460 460 $extra_validators = array();
461 461 foreach ($this->_widgets as $oWidget) {
462   - if (PEAR::isError($oWidget)) {
  462 + if (PEAR::isError($oWidget)) {
463 463 continue;
464 464 }
465   -
  465 +
466 466 $res = $oWidget->getValidators();
467   -
  467 +
468 468 if (!is_null($res)) {
469 469 if (is_array($res)) {
470 470 $extra_validators = kt_array_merge($extra_validators, $res);
... ... @@ -473,23 +473,23 @@ class KTForm {
473 473 }
474 474 }
475 475 }
476   -
  476 +
477 477 $validators = kt_array_merge($extra_validators, $this->_validators);
478   -
  478 +
479 479 foreach ($validators as $oValidator) {
480 480 if (PEAR::isError($oValidator)) {
481 481 // don't bother with broken validators, but warn the user/dev
482 482 $errors['_kt_global'][] = $oValidator->getMessage();
483   - continue;
  483 + continue;
484 484 }
485   -
  485 +
486 486 $res = $oValidator->validate($processed_data);
487   -
  487 +
488 488 // results comes out with a set of names and values.
489 489 // these *shouldn't* overlap, so just merge them
490 490 $extra_results = KTUtil::arrayGet($res, 'results', array());
491 491 $results = kt_array_merge($results, $extra_results);
492   -
  492 +
493 493 // errors *can* overlap
494 494 // the format is:
495 495 // basename => array(errors)
... ... @@ -501,27 +501,27 @@ class KTForm {
501 501 $extra_errors = KTUtil::arrayGet($res, 'errors', array());
502 502 foreach ($extra_errors as $varname => $aErrors) {
503 503 if (is_string($aErrors)) {
504   - $errors[$varname][] = $aErrors;
  504 + $errors[$varname][] = $aErrors;
505 505 } else {
506 506 $errors[$varname] = kt_array_merge($errors[$varname], $aErrors);
507 507 }
508 508 }
509 509 }
510   -
  510 +
511 511 $this->_errors = $errors; // store for later use without unserialising
512 512 if (!empty($errors)) {
513   - $_SESSION['_kt_old_data'][$this->_kt_form_name]['errors'] =
  513 + $_SESSION['_kt_old_data'][$this->_kt_form_name]['errors'] =
514 514 serialize($errors);
515   - }
516   -
  515 + }
  516 +
517 517 //var_dump($errors); exit(0);
518   -
  518 +
519 519 return array(
520 520 'errors' => $errors,
521 521 'results' => $results,
522 522 );
523 523 }
524   -
  524 +
525 525 function handleError($sGlobalError = null, $aSimplerErrors = null) {
526 526 if (!is_null($sGlobalError)) {
527 527 $this->_errors['_kt_global'][] = $sGlobalError;
... ... @@ -531,23 +531,23 @@ class KTForm {
531 531 $this->_errors[$k] = kt_array_merge($this->_errors[$k], $v);
532 532 }
533 533 // since we've changed them, update the stored version
534   - $_SESSION['_kt_old_data'][$this->_kt_form_name]['errors'] =
535   - serialize($this->_errors);
  534 + $_SESSION['_kt_old_data'][$this->_kt_form_name]['errors'] =
  535 + serialize($this->_errors);
536 536 }
537 537 if (is_array($this->_errors)) {
538 538 $global_errors = KTUtil::arrayGet($this->_errors, '_kt_global', array());
539 539 $_SESSION['KTErrorMessage'] = kt_array_merge($_SESSION['KTErrorMessage'], $global_errors);
540 540 }
541   -
  541 +
542 542 if (!empty($this->_failaction) && !is_null($this->_context)) {
543   - $this->_context->errorRedirectTo($this->_failaction,
544   - _kt("Please correct the errors indicated."),
  543 + $this->_context->errorRedirectTo($this->_failaction,
  544 + _kt("Please correct the errors indicated."),
545 545 sprintf("_kt_form_name=%s",$this->_kt_form_name));
546 546 exit(0);
547 547 } else if ($this->_failurl){
548 548 redirect(KTUtil::addQueryString($this->_failurl,
549   - sprintf("_kt_form_name=%s",$this->_kt_form_name)));
550   - exit(0);
  549 + sprintf("_kt_form_name=%s",$this->_kt_form_name)));
  550 + exit(0);
551 551 } else {
552 552 return '<div class="ktError"><p>' . _kt("An error occured, and no error handlers were configured.") . '</p></div>';
553 553 exit(0);
... ...
plugins/browseabledashlet/templates/browseabledashlet/dashlet.smarty
  View file @03c98e9
... ... @@ -11,7 +11,7 @@
11 11 {foreach from=$folders item=oFolder}
12 12 <tr class="browse_column {cycle values=odd,even}"><td><span
13 13 class="contenttype folder"><a {capture assign=fid}{$oFolder->getId()}{/capture}
14   - href="{ktLink base="browse.php" query="fFolderId=`$fid`"}">{$oFolder->getName()}</a> </span>
  14 + href="{ktLink base="browse.php" query="fFolderId=`$fid`"}">{$oFolder->getName()|sanitize}</a> </span>
15 15 </td></tr>
16 16 {/foreach}
17 17 </tbody>
... ...
plugins/ktcore/KTColumns.inc.php
  View file @03c98e9
1 1 <?php
2 2 /**
3 3 * $Id$
4   - *
  4 + *
5 5 * The contents of this file are subject to the KnowledgeTree Public
6 6 * License Version 1.1.2 ("License"); You may not use this file except in
7 7 * compliance with the License. You may obtain a copy of the License at
8 8 * http://www.knowledgetree.com/KPL
9   - *
  9 + *
10 10 * Software distributed under the License is distributed on an "AS IS"
11 11 * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied.
12 12 * See the License for the specific language governing rights and
... ... @@ -17,9 +17,9 @@
17 17 * (ii) the KnowledgeTree copyright notice
18 18 * in the same form as they appear in the distribution. See the License for
19 19 * requirements.
20   - *
  20 + *
21 21 * The Original Code is: KnowledgeTree Open Source
22   - *
  22 + *
23 23 * The Initial Developer of the Original Code is The Jam Warehouse Software
24 24 * (Pty) Ltd, trading as KnowledgeTree.
25 25 * Portions created by The Jam Warehouse Software (Pty) Ltd are Copyright
... ... @@ -41,40 +41,40 @@ class AdvancedTitleColumn extends AdvancedColumn {
41 41 var $link_folders = true;
42 42 var $link_documents = true;
43 43  
44   - function setOptions($aOptions) {
  44 + function setOptions($aOptions) {
45 45 $this->link_folders = KTUtil::arrayGet($aOptions, 'link_folders', $this->link_folders, false);
46   - $this->link_documents = KTUtil::arrayGet($aOptions, 'link_documents', $this->link_documents, false);
  46 + $this->link_documents = KTUtil::arrayGet($aOptions, 'link_documents', $this->link_documents, false);
47 47 parent::setOptions($aOptions);
48 48 }
49   -
  49 +
50 50 function AdvancedTitleColumn() {
51 51 $this->label = _kt("Title");
52   - }
53   -
54   - // what is used for sorting
  52 + }
  53 +
  54 + // what is used for sorting
55 55 // query addition is:
56 56 // [0] => join claus
57 57 // [1] => join params
58   - // [2] => ORDER
59   -
60   - function addToFolderQuery() {
61   - return array(null,
62   - null,
  58 + // [2] => ORDER
  59 +
  60 + function addToFolderQuery() {
  61 + return array(null,
  62 + null,
63 63 "F.name",
64   - );
  64 + );
65 65 }
66   - function addToDocumentQuery() {
67   - return array(null,
68   - null,
  66 + function addToDocumentQuery() {
  67 + return array(null,
  68 + null,
69 69 "DM.name"
70   - );
  70 + );
71 71 }
72 72  
73   -
  73 +
74 74 function renderFolderLink($aDataRow) {
75 75 /* this check has to be done so that any titles longer than 40 characters is not displayed incorrectly.
76 76 as mozilla cannot wrap text without white spaces */
77   - if (mb_strlen($aDataRow["folder"]->getName(), 'UTF-8') > 40) {
  77 + if (mb_strlen($aDataRow["folder"]->getName(), 'UTF-8') > 40) {
78 78 mb_internal_encoding("UTF-8");
79 79 $outStr = htmlentities(mb_substr($aDataRow["folder"]->getName(), 0, 40, 'UTF-8')."...", ENT_NOQUOTES, 'UTF-8');
80 80 }else{
... ... @@ -90,15 +90,15 @@ class AdvancedTitleColumn extends AdvancedColumn {
90 90 function renderDocumentLink($aDataRow) {
91 91 /* this check has to be done so that any titles longer than 40 characters is not displayed incorrectly.
92 92 as mozilla cannot wrap text without white spaces */
93   - if (mb_strlen($aDataRow["document"]->getName(), 'UTF-8') > 40) {
  93 + if (mb_strlen($aDataRow["document"]->getName(), 'UTF-8') > 40) {
94 94 mb_internal_encoding("UTF-8");
95 95 $outStr = htmlentities(mb_substr($aDataRow["document"]->getName(), 0, 40, 'UTF-8')."...", ENT_NOQUOTES, 'UTF-8');
96 96 }else{
97 97 $outStr = htmlentities($aDataRow["document"]->getName(), ENT_NOQUOTES, 'UTF-8');
98 98 }
99   -
  99 +
100 100 if($this->link_documents) {
101   - $outStr = '<a href="' . $this->buildDocumentLink($aDataRow) . '" title="' . $aDataRow["document"]->getFilename().'">' .
  101 + $outStr = '<a href="' . $this->buildDocumentLink($aDataRow) . '" title="' . htmlentities($aDataRow["document"]->getFilename(), ENT_QUOTES, 'UTF-8').'">' .
102 102 $outStr . '</a>';
103 103 }
104 104 return $outStr;
... ... @@ -116,7 +116,7 @@ class AdvancedTitleColumn extends AdvancedColumn {
116 116 function buildFolderLink($aDataRow) {
117 117 if (is_null(KTUtil::arrayGet($this->aOptions, 'direct_folder'))) {
118 118 $dest = KTUtil::arrayGet($this->aOptions, 'folder_link');
119   - $params = kt_array_merge(KTUtil::arrayGet($this->aOptions, 'qs_params', array()),
  119 + $params = kt_array_merge(KTUtil::arrayGet($this->aOptions, 'qs_params', array()),
120 120 array('fFolderId' => $aDataRow['folder']->getId()));
121 121  
122 122 if (empty($dest)) {
... ... @@ -129,9 +129,9 @@ class AdvancedTitleColumn extends AdvancedColumn {
129 129 return KTBrowseUtil::getUrlForFolder($aDataRow['folder']);
130 130 }
131 131 }
132   -
  132 +
133 133 // use inline, since its just too heavy to even _think_ about using smarty.
134   - function renderData($aDataRow) {
  134 + function renderData($aDataRow) {
135 135 if ($aDataRow["type"] == "folder") {
136 136 $contenttype = 'folder';
137 137 $link = $this->renderFolderLink($aDataRow);
... ... @@ -143,11 +143,11 @@ class AdvancedTitleColumn extends AdvancedColumn {
143 143 return sprintf('<span class="contenttype %s">%s (%s)</span>', $contenttype, $link, $size);
144 144 }
145 145 }
146   -
  146 +
147 147 function prettySize($size) {
148 148 $finalSize = $size;
149 149 $label = 'b';
150   -
  150 +
151 151 if ($finalSize > 1000) { $label='Kb'; $finalSize = floor($finalSize/1000); }
152 152 if ($finalSize > 1000) { $label='Mb'; $finalSize = floor($finalSize/1000); }
153 153 return $finalSize . $label;
... ... @@ -159,7 +159,7 @@ class AdvancedTitleColumn extends AdvancedColumn {
159 159 }
160 160 }
161 161  
162   -/*
  162 +/*
163 163 * Column to handle dates
164 164 */
165 165  
... ... @@ -168,17 +168,17 @@ class AdvancedDateColumn extends AdvancedColumn {
168 168  
169 169 var $document_field_function;
170 170 var $folder_field_function;
171   - var $sortable = true;
  171 + var $sortable = true;
172 172 var $document_sort_column;
173 173 var $folder_sort_column;
174 174 var $namespace = 'ktcore.columns.genericdate';
175   -
  175 +
176 176 function AdvancedDateColumn() {
177 177 $this->label = _kt('Generic Date Function');
178 178 }
179 179  
180 180 // use inline, since its just too heavy to even _think_ about using smarty.
181   - function renderData($aDataRow) {
  181 + function renderData($aDataRow) {
182 182 $outStr = '';
183 183 if (($aDataRow["type"] == "folder") && (!is_null($this->folder_field_function))) {
184 184 $res = call_user_func(array($aDataRow["folder"], $this->folder_field_function));
... ... @@ -186,7 +186,7 @@ class AdvancedDateColumn extends AdvancedColumn {
186 186  
187 187 // now reformat this into something "pretty"
188 188 return date("Y-m-d H:i", $dColumnDate);
189   -
  189 +
190 190 } else if (($aDataRow["type"] == "document") && (!is_null($this->document_field_function))) {
191 191 $res = call_user_func(array($aDataRow["document"], $this->document_field_function));
192 192 $dColumnDate = strtotime($res);
... ... @@ -210,11 +210,11 @@ class AdvancedDateColumn extends AdvancedColumn {
210 210 class CreationDateColumn extends AdvancedDateColumn {
211 211 var $document_field_function = 'getCreatedDateTime';
212 212 var $folder_field_function = null;
213   -
  213 +
214 214 var $document_sort_column = "D.created";
215 215 var $folder_sort_column = null;
216 216 var $namespace = 'ktcore.columns.creationdate';
217   -
  217 +
218 218 function CreationDateColumn() {
219 219 $this->label = _kt('Created');
220 220 }
... ... @@ -223,11 +223,11 @@ class CreationDateColumn extends AdvancedDateColumn {
223 223 class ModificationDateColumn extends AdvancedDateColumn {
224 224 var $document_field_function = 'getLastModifiedDate';
225 225 var $folder_field_function = null;
226   -
  226 +
227 227 var $document_sort_column = "D.modified";
228 228 var $folder_sort_column = null;
229 229 var $namespace = 'ktcore.columns.modificationdate';
230   -
  230 +
231 231 function ModificationDateColumn() {
232 232 $this->label = _kt('Modified');
233 233 }
... ... @@ -236,25 +236,25 @@ class ModificationDateColumn extends AdvancedDateColumn {
236 236 class AdvancedUserColumn extends AdvancedColumn {
237 237 var $document_field_function;
238 238 var $folder_field_function;
239   - var $sortable = false; // by default
  239 + var $sortable = false; // by default
240 240 var $document_sort_column;
241 241 var $folder_sort_column;
242 242 var $namespace = 'ktcore.columns.genericuser';
243   -
  243 +
244 244 function AdvancedUserColumn() {
245   - $this->label = null; // abstract.
  245 + $this->label = null; // abstract.
246 246 }
247   -
  247 +
248 248 // use inline, since its just too heavy to even _think_ about using smarty.
249   - function renderData($aDataRow) {
  249 + function renderData($aDataRow) {
250 250 $iUserId = null;
251 251 if (($aDataRow["type"] == "folder") && (!is_null($this->folder_field_function))) {
252 252 if (method_exists($aDataRow['folder'], $this->folder_field_function)) {
253   - $iUserId = call_user_func(array($aDataRow['folder'], $this->folder_field_function));
  253 + $iUserId = call_user_func(array($aDataRow['folder'], $this->folder_field_function));
254 254 }
255 255 } else if (($aDataRow["type"] == "document") && (!is_null($this->document_field_function))) {
256 256 if (method_exists($aDataRow['document'], $this->document_field_function)) {
257   - $iUserId = call_user_func(array($aDataRow['document'], $this->document_field_function));
  257 + $iUserId = call_user_func(array($aDataRow['document'], $this->document_field_function));
258 258 }
259 259 }
260 260 if (is_null($iUserId)) {
... ... @@ -271,7 +271,7 @@ class AdvancedUserColumn extends AdvancedColumn {
271 271 function addToFolderQuery() {
272 272 return array(null, null, null);
273 273 }
274   -
  274 +
275 275 function addToDocumentQuery() {
276 276 return array(null, null, null);
277 277 }
... ... @@ -280,20 +280,20 @@ class AdvancedUserColumn extends AdvancedColumn {
280 280 class CreatorColumn extends AdvancedUserColumn {
281 281 var $document_field_function = "getCreatorID";
282 282 var $folder_field_function = "getCreatorID";
283   - var $sortable = true; // by default
  283 + var $sortable = true; // by default
284 284 var $namespace = 'ktcore.columns.creator';
285   -
  285 +
286 286 function CreatorColumn() {
287   - $this->label = _kt("Creator"); // abstract.
  287 + $this->label = _kt("Creator"); // abstract.
288 288 }
289 289 }
290 290  
291 291 class AdvancedSelectionColumn extends AdvancedColumn {
292 292 var $rangename = null;
293 293 var $show_folders = true;
294   - var $show_documents = true;
295   -
296   - var $namespace = "ktcore.columns.selection";
  294 + var $show_documents = true;
  295 +
  296 + var $namespace = "ktcore.columns.selection";
297 297  
298 298 function AdvancedSelectionColumn() {
299 299 $this->label = '';
... ... @@ -302,40 +302,40 @@ class AdvancedSelectionColumn extends AdvancedColumn {
302 302 function setOptions($aOptions) {
303 303 AdvancedColumn::setOptions($aOptions);
304 304 $this->rangename = KTUtil::arrayGet($this->aOptions, 'rangename', $this->rangename);
305   - $this->show_folders = KTUtil::arrayGet($this->aOptions, 'show_folders', $this->show_folders, false);
306   - $this->show_documents = KTUtil::arrayGet($this->aOptions, 'show_documents', $this->show_documents, false);
  305 + $this->show_folders = KTUtil::arrayGet($this->aOptions, 'show_folders', $this->show_folders, false);
  306 + $this->show_documents = KTUtil::arrayGet($this->aOptions, 'show_documents', $this->show_documents, false);
307 307 }
308 308  
309   - function renderHeader($sReturnURL) {
  309 + function renderHeader($sReturnURL) {
310 310 global $main;
311 311 $main->requireJSResource("resources/js/toggleselect.js");
312   -
  312 +
313 313 return sprintf('<input type="checkbox" title="toggle all" onclick="toggleSelectFor(this, \'%s\')" />', $this->rangename);
314   -
  314 +
315 315 }
316   -
  316 +
317 317 // only include the _f or _d IF WE HAVE THE OTHER TYPE.
318   - function renderData($aDataRow) {
319   - $localname = $this->rangename;
320   -
321   - if (($aDataRow["type"] === "folder") && ($this->show_folders)) {
  318 + function renderData($aDataRow) {
  319 + $localname = htmlentities($this->rangename,ENT_QUOTES,'UTF-8');
  320 +
  321 + if (($aDataRow["type"] === "folder") && ($this->show_folders)) {
322 322 if ($this->show_documents) {
323   - $localname .= "_f[]";
  323 + $localname .= "_f[]";
324 324 }
325   - $v = $aDataRow["folderid"];
326   - } else if (($aDataRow["type"] === "document") && $this->show_documents) {
  325 + $v = $aDataRow["folderid"];
  326 + } else if (($aDataRow["type"] === "document") && $this->show_documents) {
327 327 if ($this->show_folders) {
328   - $localname .= "_d[]";
  328 + $localname .= "_d[]";
329 329 }
330   - $v = $aDataRow["docid"];
331   - } else {
332   - return '&nbsp;';
  330 + $v = $aDataRow["docid"];
  331 + } else {
  332 + return '&nbsp;';
333 333 }
334   -
  334 +
335 335 return sprintf('<input type="checkbox" name="%s" onclick="activateRow(this)" value="%s"/>', $localname, $v);
336 336 }
337   -
338   -
  337 +
  338 +
339 339 // no label, but we do have a title
340 340 function getName() {
341 341 return _kt("Multiple Selection");
... ... @@ -350,36 +350,36 @@ class AdvancedSingleSelectionColumn extends AdvancedSelectionColumn {
350 350 parent::AdvancedSelectionColumn();
351 351 $this->label = null;
352 352 }
353   -
  353 +
354 354 function renderHeader() {
355   - return '&nbsp;';
  355 + return '&nbsp;';
356 356 }
357   -
  357 +
358 358 // only include the _f or _d IF WE HAVE THE OTHER TYPE.
359   - function renderData($aDataRow) {
  359 + function renderData($aDataRow) {
360 360 $localname = $this->rangename;
361   -
362   - if (($aDataRow["type"] === "folder") && ($this->show_folders)) {
  361 +
  362 + if (($aDataRow["type"] === "folder") && ($this->show_folders)) {
363 363 if ($this->show_documents) {
364   - $localname .= "_f";
  364 + $localname .= "_f";
365 365 }
366   - $v = $aDataRow["folderid"];
367   - } else if (($aDataRow["type"] === "document") && $this->show_documents) {
  366 + $v = $aDataRow["folderid"];
  367 + } else if (($aDataRow["type"] === "document") && $this->show_documents) {
368 368 if ($this->show_folders) {
369   - $localname .= "_d";
  369 + $localname .= "_d";
370 370 }
371   - $v = $aDataRow["docid"];
372   - } else {
373   - return '&nbsp;';
  371 + $v = $aDataRow["docid"];
  372 + } else {
  373 + return '&nbsp;';
374 374 }
375   -
  375 +
376 376 return '<input type="radio" name="' . $localname . '" value="' . $v . '"/>';
377 377 }
378 378  
379 379 // no label, but we do have a title
380 380 function getName() {
381 381 return _kt("Single Selection");
382   - }
  382 + }
383 383 }
384 384  
385 385  
... ... @@ -389,16 +389,16 @@ class AdvancedWorkflowColumn extends AdvancedColumn {
389 389  
390 390 function AdvancedWorkflowColumn() {
391 391 $this->label = _kt("Workflow State");
392   - $this->sortable = false;
  392 + $this->sortable = false;
393 393 }
394   -
  394 +
395 395 // use inline, since its just too heavy to even _think_ about using smarty.
396   - function renderData($aDataRow) {
  396 + function renderData($aDataRow) {
397 397 // only _ever_ show this for documents.
398   - if ($aDataRow["type"] === "folder") {
  398 + if ($aDataRow["type"] === "folder") {
399 399 return '&nbsp;';
400 400 }
401   -
  401 +
402 402 $oWorkflow = KTWorkflowUtil::getWorkflowForDocument($aDataRow['document']);
403 403 $oState = KTWorkflowUtil::getWorkflowStateForDocument($aDataRow['document']);
404 404 if (($oState == null) || ($oWorkflow == null)) {
... ... @@ -415,21 +415,21 @@ class AdvancedWorkflowColumn extends AdvancedColumn {
415 415 class AdvancedDownloadColumn extends AdvancedColumn {
416 416  
417 417 var $namespace = 'ktcore.columns.download';
418   -
  418 +
419 419 function AdvancedDownloadColumn() {
420 420 $this->label = null;
421 421 }
422 422  
423   - function renderData($aDataRow) {
  423 + function renderData($aDataRow) {
424 424 // only _ever_ show this for documents.
425   - if ($aDataRow["type"] === "folder") {
  425 + if ($aDataRow["type"] === "folder") {
426 426 return '&nbsp;';
427 427 }
428   -
  428 +
429 429 $link = KTUtil::ktLink('action.php','ktcore.actions.document.view', 'fDocumentId=' . $aDataRow['document']->getId());
430 430 return sprintf('<a href="%s" class="ktAction ktDownload" title="%s">%s</a>', $link, _kt('Download Document'), _kt('Download Document'));
431 431 }
432   -
  432 +
433 433 function getName() { return _kt('Download'); }
434 434 }
435 435  
... ... @@ -437,17 +437,17 @@ class AdvancedDownloadColumn extends AdvancedColumn {
437 437 class DocumentIDColumn extends AdvancedColumn {
438 438 var $bSortable = false;
439 439 var $namespace = 'ktcore.columns.docid';
440   -
  440 +
441 441 function DocumentIDColumn() {
442 442 $this->label = _kt("Document ID");
443 443 }
444 444  
445   - function renderData($aDataRow) {
  445 + function renderData($aDataRow) {
446 446 // only _ever_ show this for documents.
447   - if ($aDataRow["type"] === "folder") {
  447 + if ($aDataRow["type"] === "folder") {
448 448 return '&nbsp;';
449 449 }
450   -
  450 +
451 451 return htmlentities($aDataRow['document']->getId(), ENT_NOQUOTES, 'UTF-8');
452 452 }
453 453 }
... ... @@ -455,21 +455,21 @@ class DocumentIDColumn extends AdvancedColumn {
455 455 class ContainingFolderColumn extends AdvancedColumn {
456 456  
457 457 var $namespace = 'ktcore.columns.containing_folder';
458   -
  458 +
459 459 function ContainingFolderColumn() {
460 460 $this->label = _kt("View Folder");
461 461 }
462 462  
463   - function renderData($aDataRow) {
  463 + function renderData($aDataRow) {
464 464 // only _ever_ show this for documents.
465   - if ($aDataRow["type"] === "folder") {
  465 + if ($aDataRow["type"] === "folder") {
466 466 return '&nbsp;';
467 467 }
468   -
  468 +
469 469 $link = KTBrowseUtil::getUrlForFolder($aDataRow['document']->getFolderId());
470 470 return sprintf('<a href="%s" class="ktAction ktMoveUp" title="%s">%s</a>', $link, _kt('View Folder'), _kt('View Folder'));
471 471 }
472   -
  472 +
473 473 function getName() { return _kt('Opening Containing Folder'); }
474 474 }
475 475  
... ...
plugins/ktcore/KTDocumentActions.php
  View file @03c98e9
... ... @@ -6,7 +6,7 @@
6 6 * License Version 1.1.2 ("License"); You may not use this file except in
7 7 * compliance with the License. You may obtain a copy of the License at
8 8 * http://www.knowledgetree.com/KPL
9   - *
  9 + *
10 10 * Software distributed under the License is distributed on an "AS IS"
11 11 * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied.
12 12 * See the License for the specific language governing rights and
... ... @@ -17,9 +17,9 @@
17 17 * (ii) the KnowledgeTree copyright notice
18 18 * in the same form as they appear in the distribution. See the License for
19 19 * requirements.
20   - *
  20 + *
21 21 * The Original Code is: KnowledgeTree Open Source
22   - *
  22 + *
23 23 * The Initial Developer of the Original Code is The Jam Warehouse Software
24 24 * (Pty) Ltd, trading as KnowledgeTree.
25 25 * Portions created by The Jam Warehouse Software (Pty) Ltd are Copyright
... ... @@ -42,7 +42,7 @@ require_once(KT_LIB_DIR . &#39;/browse/PartialQuery.inc.php&#39;);
42 42  
43 43 require_once(KT_LIB_DIR . '/widgets/forms.inc.php');
44 44  
45   -// {{{ KTDocumentDetailsAction
  45 +// {{{ KTDocumentDetailsAction
46 46 class KTDocumentDetailsAction extends KTDocumentAction {
47 47 var $sName = 'ktcore.actions.document.displaydetails';
48 48  
... ... @@ -143,7 +143,7 @@ class KTDocumentVersionHistoryAction extends KTDocumentAction {
143 143 );
144 144 return $oTemplate->render($aTemplateData);
145 145 }
146   -
  146 +
147 147 function do_startComparison() {
148 148 $comparison_version = KTUtil::arrayGet($_REQUEST, 'fComparisonVersion');
149 149  
... ... @@ -151,7 +151,7 @@ class KTDocumentVersionHistoryAction extends KTDocumentAction {
151 151 if (PEAR::isError($oDocument)) {
152 152 return $this->redirectToMain(_kt('The document you selected was invalid'));
153 153 }
154   -
  154 +
155 155 if (!Permission::userHasDocumentReadPermission($oDocument)) {
156 156 return $this->errorRedirectToMain(_kt('You are not allowed to view this document'));
157 157 }
... ... @@ -176,7 +176,7 @@ class KTDocumentVersionHistoryAction extends KTDocumentAction {
176 176 );
177 177 return $oTemplate->render($aTemplateData);
178 178 }
179   -
  179 +
180 180 function do_viewComparison() {
181 181 // this is just a redirector
182 182 $QS = array(
... ... @@ -185,22 +185,22 @@ class KTDocumentVersionHistoryAction extends KTDocumentAction {
185 185 'fBaseVersion' => $_REQUEST['fBaseVersion'],
186 186 'fComparisonVersion' => $_REQUEST['fComparisonVersion'],
187 187 );
188   -
  188 +
189 189 $frag = array();
190   -
  190 +
191 191 foreach ($QS as $k => $v) {
192 192 $frag[] = sprintf('%s=%s', urlencode($k), urlencode($v));
193 193 }
194   -
  194 +
195 195 redirect(KTUtil::ktLink('view.php',null,implode('&', $frag)));
196 196 }
197   -
198   -
  197 +
  198 +
199 199 function getUserForId($iUserId) {
200 200 $u = User::get($iUserId);
201 201 if (PEAR::isError($u) || ($u == false)) { return _kt('User no longer exists'); }
202 202 return $u->getName();
203   - }
  203 + }
204 204 }
205 205 // }}}
206 206  
... ... @@ -208,7 +208,7 @@ class KTDocumentVersionHistoryAction extends KTDocumentAction {
208 208 // {{{ KTDocumentViewAction
209 209 class KTDocumentViewAction extends KTDocumentAction {
210 210 var $sName = 'ktcore.actions.document.view';
211   - var $sIconClass = 'download';
  211 + var $sIconClass = 'download';
212 212  
213 213 function getDisplayName() {
214 214 return _kt('Download');
... ... @@ -230,13 +230,13 @@ class KTDocumentViewAction extends KTDocumentAction {
230 230 } else {
231 231 $res = $oStorage->download($this->oDocument);
232 232 }
233   -
  233 +
234 234 if ($res === false) {
235 235 $this->addErrorMessage(_kt('The file you requested is not available - please contact the system administrator if this is incorrect.'));
236 236 redirect(generateControllerLink('viewDocument',sprintf(_kt('fDocumentId=%d'),$this->oDocument->getId())));
237   - exit(0);
  237 + exit(0);
238 238 }
239   -
  239 +
240 240 $oDocumentTransaction = & new DocumentTransaction($this->oDocument, _kt('Document downloaded'), 'ktcore.transactions.download', $aOptions);
241 241 $oDocumentTransaction->create();
242 242 exit(0);
... ... @@ -258,7 +258,7 @@ class KTDocumentCheckOutAction extends KTDocumentAction {
258 258 return _kt('Checkout');
259 259 }
260 260  
261   - function getInfo() {
  261 + function getInfo() {
262 262 if ($this->oDocument->getIsCheckedOut()) {
263 263 return null;
264 264 }
... ... @@ -272,10 +272,10 @@ class KTDocumentCheckOutAction extends KTDocumentAction {
272 272 return $res;
273 273 }
274 274 // since we actually check the doc out, then download it ...
275   - if (($_REQUEST[$this->event_var] == 'checkout_final') && ($this->oDocument->getCheckedOutUserID() == $_SESSION['userID'])) {
276   - return true;
  275 + if (($_REQUEST[$this->event_var] == 'checkout_final') && ($this->oDocument->getCheckedOutUserID() == $_SESSION['userID'])) {
  276 + return true;
277 277 }
278   -
  278 +
279 279 // "normal".
280 280 if ($this->oDocument->getIsCheckedOut()) {
281 281 $_SESSION['KTErrorMessage'][] = _kt('This document is already checked out');
... ... @@ -317,9 +317,9 @@ class KTDocumentCheckOutAction extends KTDocumentAction {
317 317 array('ktcore.validators.boolean', array(
318 318 'test' => 'download_file',
319 319 'output' => 'download_file',
320   - )),
  320 + )),
321 321 ));
322   -
  322 +
323 323 return $oForm;
324 324 }
325 325  
... ... @@ -337,13 +337,13 @@ class KTDocumentCheckOutAction extends KTDocumentAction {
337 337 }
338 338  
339 339 function do_checkout() {
340   -
  340 +
341 341 $oForm = $this->form_checkout();
342 342 $res = $oForm->validate();
343 343 if (!empty($res['errors'])) {
344 344 return $oForm->handleError();
345 345 }
346   -
  346 +
347 347 $data = $res['results'];
348 348  
349 349 $oTemplate =& $this->oValidator->validateTemplate('ktcore/action/checkout_final');
... ... @@ -354,17 +354,17 @@ class KTDocumentCheckOutAction extends KTDocumentAction {
354 354 if (PEAR::isError($res)) {
355 355 return $this->errorRedirectToMain(sprintf(_kt('Failed to check out the document: %s'), $res->getMessage()));
356 356 }
357   -
358 357  
359   -
  358 +
  359 +
360 360 $this->commitTransaction();
361   -
  361 +
362 362 if (!$data['download_file']) {
363 363 $this->addInfoMessage(_kt('Document checked out.'));
364 364 redirect(KTBrowseUtil::getUrlForDocument($this->oDocument));
365 365 exit(0);
366 366 }
367   -
  367 +
368 368 $oTemplate->setData(array(
369 369 'context' => &$this,
370 370 'reason' => $sReason,
... ... @@ -376,7 +376,7 @@ class KTDocumentCheckOutAction extends KTDocumentAction {
376 376 $sReason = KTUtil::arrayGet($_REQUEST, 'reason');
377 377 $this->oValidator->notEmpty($sReason);
378 378  
379   -
  379 +
380 380 $oStorage =& KTStorageManagerUtil::getSingleton();
381 381 $oStorage->download($this->oDocument, true);
382 382 exit(0);
... ... @@ -446,33 +446,33 @@ class KTDocumentCheckInAction extends KTDocumentAction {
446 446 'context' => &$this,
447 447 'file_upload' => true, // otherwise the post is not received.
448 448 ));
449   -
  449 +
450 450 $major_inc = sprintf('%d.%d', $this->oDocument->getMajorVersionNumber()+1, 0);
451   - $minor_inc = sprintf('%d.%d', $this->oDocument->getMajorVersionNumber(), $this->oDocument->getMinorVersionNumber()+1);
452   -
  451 + $minor_inc = sprintf('%d.%d', $this->oDocument->getMajorVersionNumber(), $this->oDocument->getMinorVersionNumber()+1);
  452 +
453 453 $oForm->setWidgets(array(
454 454 array('ktcore.widgets.file', array(
455 455 'label' => _kt('File'),
456   - 'description' => sprintf(_kt('Please specify the file you wish to upload. Unless you also indicate that you are changing its filename (see "Force Original Filename" below), this will need to be called <strong>%s</strong>'), $this->oDocument->getFilename()),
  456 + 'description' => sprintf(_kt('Please specify the file you wish to upload. Unless you also indicate that you are changing its filename (see "Force Original Filename" below), this will need to be called <strong>%s</strong>'), htmlentities($this->oDocument->getFilename(),ENT_QUOTES,'UTF-8')),
457 457 'name' => 'file',
458 458 'basename' => 'file',
459 459 'required' => true,
460 460 )),
461 461 array('ktcore.widgets.boolean',array(
462   - 'label' => _kt('Major Update'),
463   - 'description' => sprintf(_kt('If this is checked, then the document\'s version number will be increased to %s. Otherwise, it will be considered a minor update, and the version number will be %s.'), $major_inc, $minor_inc),
464   - 'name' => 'major_update',
  462 + 'label' => _kt('Major Update'),
  463 + 'description' => sprintf(_kt('If this is checked, then the document\'s version number will be increased to %s. Otherwise, it will be considered a minor update, and the version number will be %s.'), $major_inc, $minor_inc),
  464 + 'name' => 'major_update',
465 465 'value' => false,
466   - )),
  466 + )),
467 467 array('ktcore.widgets.reason', array(
468 468 'label' => _kt('Reason'),
469 469 'description' => _kt('Please describe the changes you made to the document. Bear in mind that you can use a maximum of <strong>250</strong> characters.'),
470 470 'name' => 'reason',
471 471 )),
472 472 array('ktcore.widgets.boolean',array(
473   - 'label' => _kt('Force Original Filename'),
474   - 'description' => sprintf(_kt('If this is checked, the uploaded document must have the same filename as the original: <strong>%s</strong>'), $this->oDocument->getFilename()),
475   - 'name' => 'forcefilename',
  473 + 'label' => _kt('Force Original Filename'),
  474 + 'description' => sprintf(_kt('If this is checked, the uploaded document must have the same filename as the original: <strong>%s</strong>'), htmlentities($this->oDocument->getFilename(),ENT_QUOTES,'UTF-8')),
  475 + 'name' => 'forcefilename',
476 476 'value' => true,
477 477 )),
478 478 ));
... ... @@ -485,17 +485,17 @@ class KTDocumentCheckInAction extends KTDocumentAction {
485 485 array('ktcore.validators.boolean', array(
486 486 'test' => 'major_update',
487 487 'output' => 'major_update',
488   - )),
  488 + )),
489 489 array('ktcore.validators.file', array(
490 490 'test' => 'file',
491 491 'output' => 'file',
492   - )),
  492 + )),
493 493 array('ktcore.validators.boolean', array(
494 494 'test' => 'forcefilename',
495 495 'output' => 'forcefilename',
496   - )),
  496 + )),
497 497 ));
498   -
  498 +
499 499 return $oForm;
500 500 }
501 501  
... ... @@ -503,7 +503,7 @@ class KTDocumentCheckInAction extends KTDocumentAction {
503 503 function do_main() {
504 504 $this->oPage->setBreadcrumbDetails(_kt('Checkin'));
505 505 $oTemplate =& $this->oValidator->validateTemplate('ktcore/action/checkin');
506   -
  506 +
507 507 $oForm = $this->form_main();
508 508  
509 509 $oTemplate->setData(array(
... ... @@ -517,24 +517,24 @@ class KTDocumentCheckInAction extends KTDocumentAction {
517 517 $oForm = $this->form_main();
518 518 $res = $oForm->validate();
519 519 $data = $res['results'];
520   -
  520 +
521 521 $extra_errors = array();
522   -
  522 +
523 523 if ($data['forcefilename'] && ($data['file']['name'] != $this->oDocument->getFilename())) {
524   - $extra_errors['file'] = sprintf(_kt('The file you uploaded was not called "%s". If you wish to change the filename, please set "Force Original Filename" below to false. '), $this->oDocument->getFilename());
  524 + $extra_errors['file'] = sprintf(_kt('The file you uploaded was not called "%s". If you wish to change the filename, please set "Force Original Filename" below to false. '), htmlentities($this->oDocument->getFilename(),ENT_QUOTES,'UTF-8'));
525 525 }
526   -
  526 +
527 527 if (!empty($res['errors']) || !empty($extra_errors)) {
528 528 return $oForm->handleError(null, $extra_errors);
529 529 }
530   -
  530 +
531 531 $sReason = $data['reason'];
532   -
  532 +
533 533 $sCurrentFilename = $this->oDocument->getFileName();
534 534 $sNewFilename = $data['file']['name'];
535 535  
536 536 $aOptions = array();
537   -
  537 +
538 538 if ($data['major_update']) {
539 539 $aOptions['major_update'] = true;
540 540 }
... ... @@ -542,7 +542,7 @@ class KTDocumentCheckInAction extends KTDocumentAction {
542 542 if ($sCurrentFilename != $sNewFilename) {
543 543 $aOptions['newfilename'] = $sNewFilename;
544 544 }
545   -
  545 +
546 546 $res = KTDocumentUtil::checkin($this->oDocument, $data['file']['tmp_name'], $sReason, $this->oUser, $aOptions);
547 547 if (PEAR::isError($res)) {
548 548 $this->errorRedirectToMain(_kt('An error occurred while trying to check in the document'), 'fDocumentId=' . $this->oDocument->getId() . '&reason=' . $sReason);
... ... @@ -561,7 +561,7 @@ class KTDocumentCancelCheckOutAction extends KTDocumentAction {
561 561 var $_sShowPermission = 'ktcore.permissions.write';
562 562 var $bAllowInAdminMode = true;
563 563 var $bInAdminMode = null;
564   - var $sIconClass = 'cancel_checkout';
  564 + var $sIconClass = 'cancel_checkout';
565 565  
566 566 function getDisplayName() {
567 567 return _kt('Cancel Checkout');
... ... @@ -573,10 +573,10 @@ class KTDocumentCancelCheckOutAction extends KTDocumentAction {
573 573 }
574 574 if (is_null($this->bInAdminMode)) {
575 575 $oFolder = Folder::get($this->oDocument->getFolderId());
576   - if (KTBrowseUtil::inAdminMode($this->oUser, $oFolder)) {
  576 + if (KTBrowseUtil::inAdminMode($this->oUser, $oFolder)) {
577 577 $this->bAdminMode = true;
578   - return parent::getInfo();
579   - }
  578 + return parent::getInfo();
  579 + }
580 580 } else if ($this->bInAdminMode == true) {
581 581 return parent::getInfo();
582 582 }
... ... @@ -588,7 +588,7 @@ class KTDocumentCancelCheckOutAction extends KTDocumentAction {
588 588  
589 589 function check() {
590 590 $res = parent::check();
591   -
  591 +
592 592 if ($res !== true) {
593 593 return $res;
594 594 }
... ... @@ -600,10 +600,10 @@ class KTDocumentCancelCheckOutAction extends KTDocumentAction {
600 600 // hard override if we're in admin mode for this doc.
601 601 if (is_null($this->bInAdminMode)) {
602 602 $oFolder = Folder::get($this->oDocument->getFolderId());
603   - if (KTBrowseUtil::inAdminMode($this->oUser, $oFolder)) {
  603 + if (KTBrowseUtil::inAdminMode($this->oUser, $oFolder)) {
604 604 $this->bAdminMode = true;
605   - return true;
606   - }
  605 + return true;
  606 + }
607 607 } else if ($this->bInAdminMode == true) {
608 608 return true;
609 609 }
... ... @@ -639,16 +639,16 @@ class KTDocumentCancelCheckOutAction extends KTDocumentAction {
639 639 'output' => 'reason',
640 640 )),
641 641 ));
642   -
  642 +
643 643 return $oForm;
644 644 }
645 645  
646 646 function do_main() {
647 647 $this->oPage->setBreadcrumbDetails(_kt('cancel checkout'));
648 648 $oTemplate =& $this->oValidator->validateTemplate('ktcore/action/cancel_checkout');
649   -
  649 +
650 650 $oForm = $this->form_main();
651   -
  651 +
652 652 $oTemplate->setData(array(
653 653 'context' => &$this,
654 654 'form' => $oForm,
... ... @@ -663,9 +663,9 @@ class KTDocumentCancelCheckOutAction extends KTDocumentAction {
663 663 if (!empty($res['errors'])) {
664 664 return $oForm->handleError();
665 665 }
666   -
  666 +
667 667 $data = $res['results'];
668   -
  668 +
669 669 $this->startTransaction();
670 670 // actually do the checkin.
671 671 $this->oDocument->setIsCheckedOut(0);
... ... @@ -675,7 +675,7 @@ class KTDocumentCancelCheckOutAction extends KTDocumentAction {
675 675 $this->rollbackTransaction();
676 676 return $this->errorRedirectToMain(_kt('Failed to force the document\'s checkin.'),sprintf('fDocumentId=%d'),$this->oDocument->getId());
677 677 }
678   -
  678 +
679 679 // checkout cancelled transaction
680 680 $oDocumentTransaction = & new DocumentTransaction($this->oDocument, $data['reason'], 'ktcore.transactions.force_checkin');
681 681 $res = $oDocumentTransaction->create();
... ... @@ -683,7 +683,7 @@ class KTDocumentCancelCheckOutAction extends KTDocumentAction {
683 683 $this->rollbackTransaction();
684 684 return $this->errorRedirectToMain(_kt('Failed to force the document\'s checkin.'),sprintf('fDocumentId=%d'),$this->oDocument->getId());
685 685 }
686   - $this->commitTransaction();
  686 + $this->commitTransaction();
687 687 redirect(KTBrowseUtil::getUrlForDocument($this->oDocument));
688 688 }
689 689 }
... ... @@ -746,7 +746,7 @@ class KTDocumentDeleteAction extends KTDocumentAction {
746 746 'output' => 'reason',
747 747 )),
748 748 ));
749   -
  749 +
750 750 return $oForm;
751 751 }
752 752  
... ... @@ -770,17 +770,17 @@ class KTDocumentDeleteAction extends KTDocumentAction {
770 770 if (!empty($res['errors'])) {
771 771 return $oForm->handleError();
772 772 }
773   -
  773 +
774 774 $sReason = $data['reason'];
775   -
  775 +
776 776 $fFolderId = $this->oDocument->getFolderId();
777 777 $res = KTDocumentUtil::delete($this->oDocument, $sReason);
778 778 if (PEAR::isError($res)) {
779 779 $this->errorRedirectToMain(sprintf(_kt('Unexpected failure deleting document: %s'), $res->getMessage()));
780   - }
  780 + }
781 781  
782 782 $_SESSION['KTInfoMessage'][] = sprintf(_kt('Document "%s" Deleted.'),$this->oDocument->getName());
783   -
  783 +
784 784 controllerRedirect('browse', 'fFolderId=' . $fFolderId);
785 785 exit(0);
786 786 }
... ... @@ -838,15 +838,15 @@ class KTDocumentMoveAction extends KTDocumentAction {
838 838 'cancel_url' => KTBrowseUtil::getUrlForDocument($this->oDocument),
839 839 'fail_action' => 'main',
840 840 'context' => $this,
841   - ));
  841 + ));
842 842  
843 843 /*
844 844 * This is somewhat more complex than most forms, since the "filename"
845 845 * and title shouldn't appear unless there's a clash.
846 846 *
847 847 * This is still not the most elegant solution.
848   - */
849   -
  848 + */
  849 +
850 850 $oForm->setWidgets(array(
851 851 array('ktcore.widgets.foldercollection', array(
852 852 'label' => _kt('Target Folder'),
... ... @@ -861,8 +861,8 @@ class KTDocumentMoveAction extends KTDocumentAction {
861 861 'name' => 'reason',
862 862 )),
863 863 ));
864   -
865   -
  864 +
  865 +
866 866 $oForm->setValidators(array(
867 867 array('ktcore.validators.string', array(
868 868 'test' => 'reason',
... ... @@ -874,10 +874,10 @@ class KTDocumentMoveAction extends KTDocumentAction {
874 874 'test' => 'browse',
875 875 'output' => 'browse',
876 876 )),
877   - ));
878   -
  877 + ));
  878 +
879 879 // here's the ugly bit.
880   -
  880 +
881 881 $err = $oForm->getErrors();
882 882 if (!empty($err['name']) || !empty($err['filename'])) {
883 883 $oForm->addWidget(
... ... @@ -914,7 +914,7 @@ class KTDocumentMoveAction extends KTDocumentAction {
914 914 }
915 915 return $oForm;
916 916 }
917   -
  917 +
918 918 function do_move() {
919 919 $oForm = $this->form_move();
920 920 $res = $oForm->validate();
... ... @@ -926,59 +926,59 @@ class KTDocumentMoveAction extends KTDocumentAction {
926 926 if ($data['browse']->getId() == $this->oDocument->getFolderID()) {
927 927 $extra_errors['browse'] = _kt('You cannot move the document within the same folder.');
928 928 } else {
929   - $bNameClash = KTDocumentUtil::nameExists($data['browse'], $this->oDocument->getName());
  929 + $bNameClash = KTDocumentUtil::nameExists($data['browse'], $this->oDocument->getName());
930 930 if ($bNameClash && isset($data['name'])) {
931 931 $name = $data['name'];
932   - $bNameClash = KTDocumentUtil::nameExists($data['browse'], $name);
  932 + $bNameClash = KTDocumentUtil::nameExists($data['browse'], $name);
933 933 } else {
934 934 $name = $this->oDocument->getName();
935 935 }
936 936 if ($bNameClash) {
937 937 $extra_errors['name'] = _kt('A document with this title already exists in your chosen folder. Please choose a different folder, or specify a new title for the copied document.');
938 938 }
939   -
940   - $bFileClash = KTDocumentUtil::fileExists($data['browse'], $this->oDocument->getFilename());
  939 +
  940 + $bFileClash = KTDocumentUtil::fileExists($data['browse'], $this->oDocument->getFilename());
941 941 if ($bFileClash && isset($data['filename'])) {
942 942 $filename = $data['filename'];
943   - $bFileClash = KTDocumentUtil::fileExists($data['browse'], $filename);
  943 + $bFileClash = KTDocumentUtil::fileExists($data['browse'], $filename);
944 944 } else {
945 945 $filename = $this->oDocument->getFilename();
946   - }
  946 + }
947 947 if ($bFileClash) {
948 948 $extra_errors['filename'] = _kt('A document with this filename already exists in your chosen folder. Please choose a different folder, or specify a new filename for the copied document.');
949 949 }
950   -
  950 +
951 951 if (!Permission::userHasFolderWritePermission($data['browse'])) {
952 952 $extra_errors['browse'] = _kt('You do not have permission to create new documents in that folder.');
953 953 }
954 954 }
955 955 }
956   -
  956 +
957 957 if (!empty($errors) || !empty($extra_errors)) {
958   - return $oForm->handleError(null, $extra_errors);
  958 + return $oForm->handleError(null, $extra_errors);
959 959 }
960   -
  960 +
961 961 $this->startTransaction();
962 962 // now try update it.
963   -
  963 +
964 964 $res = KTDocumentUtil::move($this->oDocument, $data['browse'], $this->oUser, $sReason);
965 965 if (PEAR::isError($oNewDoc)) {
966 966 $this->errorRedirectTo('main', _kt('Failed to move document: ') . $oNewDoc->getMessage());
967 967 exit(0);
968 968 }
969   -
  969 +
970 970 $this->oDocument->setName($name); // if needed.
971 971 $this->oDocument->setFilename($filename); // if needed.
972   -
  972 +
973 973 $res = $this->oDocument->update();
974 974 if (PEAR::isError($res)) {
975 975 return $this->errorRedirectTo('main', _kt('Failed to move document: ') . $res->getMessage());
976 976 }
977 977  
978 978 $this->commitTransaction();
979   -
  979 +
980 980 controllerRedirect('viewDocument', 'fDocumentId=' . $this->oDocument->getId());
981   - exit(0);
  981 + exit(0);
982 982 }
983 983  
984 984 }
... ... @@ -1009,7 +1009,7 @@ class KTDocumentCopyAction extends KTDocumentAction {
1009 1009 if ($this->oDocument->getIsCheckedOut()) {
1010 1010 return null;
1011 1011 }
1012   -
  1012 +
1013 1013 return parent::getInfo();
1014 1014 }
1015 1015  
... ... @@ -1028,7 +1028,7 @@ class KTDocumentCopyAction extends KTDocumentAction {
1028 1028 $this->oDocumentFolder = $this->oValidator->validateFolder($this->oDocument->getFolderId());
1029 1029 return true;
1030 1030 }
1031   -
  1031 +
1032 1032 function form_copyselection() {
1033 1033 $oForm = new KTForm;
1034 1034 $oForm->setOptions(array(
... ... @@ -1039,15 +1039,15 @@ class KTDocumentCopyAction extends KTDocumentAction {
1039 1039 'cancel_url' => KTBrowseUtil::getUrlForDocument($this->oDocument),
1040 1040 'fail_action' => 'main',
1041 1041 'context' => $this,
1042   - ));
  1042 + ));
1043 1043  
1044 1044 /*
1045 1045 * This is somewhat more complex than most forms, since the "filename"
1046 1046 * and title shouldn't appear unless there's a clash.
1047 1047 *
1048 1048 * This is still not the most elegant solution.
1049   - */
1050   -
  1049 + */
  1050 +
1051 1051 $oForm->setWidgets(array(
1052 1052 array('ktcore.widgets.foldercollection', array(
1053 1053 'label' => _kt('Target Folder'),
... ... @@ -1062,8 +1062,8 @@ class KTDocumentCopyAction extends KTDocumentAction {
1062 1062 'name' => 'reason',
1063 1063 )),
1064 1064 ));
1065   -
1066   -
  1065 +
  1066 +
1067 1067 $oForm->setValidators(array(
1068 1068 array('ktcore.validators.string', array(
1069 1069 'test' => 'reason',
... ... @@ -1075,10 +1075,10 @@ class KTDocumentCopyAction extends KTDocumentAction {
1075 1075 'test' => 'browse',
1076 1076 'output' => 'browse',
1077 1077 )),
1078   - ));
1079   -
  1078 + ));
  1079 +
1080 1080 // here's the ugly bit.
1081   -
  1081 +
1082 1082 $err = $oForm->getErrors();
1083 1083 if (!empty($err['name']) || !empty($err['filename'])) {
1084 1084 $oForm->addWidget(
... ... @@ -1122,7 +1122,7 @@ class KTDocumentCopyAction extends KTDocumentAction {
1122 1122 return $oForm->renderPage(_kt('Copy Document') . ': ' . $this->oDocument->getName());
1123 1123 }
1124 1124  
1125   - function do_copy() {
  1125 + function do_copy() {
1126 1126 $oForm = $this->form_copyselection();
1127 1127 $res = $oForm->validate();
1128 1128 $errors = $res['errors'];
... ... @@ -1131,59 +1131,59 @@ class KTDocumentCopyAction extends KTDocumentAction {
1131 1131  
1132 1132  
1133 1133 if (!is_null($data['browse'])) {
1134   - $bNameClash = KTDocumentUtil::nameExists($data['browse'], $this->oDocument->getName());
  1134 + $bNameClash = KTDocumentUtil::nameExists($data['browse'], $this->oDocument->getName());
1135 1135 if ($bNameClash && isset($data['name'])) {
1136 1136 $name = $data['name'];
1137   - $bNameClash = KTDocumentUtil::nameExists($data['browse'], $name);
  1137 + $bNameClash = KTDocumentUtil::nameExists($data['browse'], $name);
1138 1138 } else {
1139 1139 $name = $this->oDocument->getName();
1140 1140 }
1141 1141 if ($bNameClash) {
1142 1142 $extra_errors['name'] = _kt('A document with this title already exists in your chosen folder. Please choose a different folder, or specify a new title for the copied document.');
1143 1143 }
1144   -
1145   - $bFileClash = KTDocumentUtil::fileExists($data['browse'], $this->oDocument->getFilename());
  1144 +
  1145 + $bFileClash = KTDocumentUtil::fileExists($data['browse'], $this->oDocument->getFilename());
1146 1146  
1147 1147 if ($bFileClash && isset($data['filename'])) {
1148 1148 $filename = $data['filename'];
1149   - $bFileClash = KTDocumentUtil::fileExists($data['browse'], $filename);
  1149 + $bFileClash = KTDocumentUtil::fileExists($data['browse'], $filename);
1150 1150 } else {
1151 1151 $filename = $this->oDocument->getFilename();
1152   - }
  1152 + }
1153 1153 if ($bFileClash) {
1154 1154 $extra_errors['filename'] = _kt('A document with this filename already exists in your chosen folder. Please choose a different folder, or specify a new filename for the copied document.');
1155 1155 }
1156   -
  1156 +
1157 1157 if (!Permission::userHasFolderWritePermission($data['browse'])) {
1158 1158 $extra_errors['browse'] = _kt('You do not have permission to create new documents in that folder.');
1159 1159 }
1160 1160 }
1161   -
  1161 +
1162 1162 if (!empty($errors) || !empty($extra_errors)) {
1163   - return $oForm->handleError(null, $extra_errors);
  1163 + return $oForm->handleError(null, $extra_errors);
1164 1164 }
1165   -
  1165 +
1166 1166 // FIXME agree on document-duplication rules re: naming, etc.
1167   -
  1167 +
1168 1168 $this->startTransaction();
1169 1169 // now try update it.
1170   -
  1170 +
1171 1171 $oNewDoc = KTDocumentUtil::copy($this->oDocument, $data['browse'], $sReason);
1172 1172 if (PEAR::isError($oNewDoc)) {
1173 1173 $this->errorRedirectTo('main', _kt('Failed to copy document: ') . $oNewDoc->getMessage(), sprintf('fDocumentId=%d&fFolderId=%d', $this->oDocument->getId(), $this->oFolder->getId()));
1174 1174 exit(0);
1175 1175 }
1176   -
  1176 +
1177 1177 $oNewDoc->setName($name);
1178 1178 $oNewDoc->setFilename($filename);
1179   -
  1179 +
1180 1180 $res = $oNewDoc->update();
1181 1181 if (PEAR::isError($res)) {
1182 1182 return $this->errorRedirectTo('main', _kt('Failed to copy document: ') . $res->getMessage(), sprintf('fDocumentId=%d&fFolderId=%d', $this->oDocument->getId(), $this->oFolder->getId()));
1183 1183 }
1184 1184  
1185 1185 $this->commitTransaction();
1186   -
  1186 +
1187 1187 // FIXME do we need to refactor all trigger usage into the util function?
1188 1188 $oKTTriggerRegistry = KTTriggerRegistry::getSingleton();
1189 1189 $aTriggers = $oKTTriggerRegistry->getTriggers('copyDocument', 'postValidate');
... ... @@ -1198,13 +1198,13 @@ class KTDocumentCopyAction extends KTDocumentAction {
1198 1198 $oTrigger->setInfo($aInfo);
1199 1199 $ret = $oTrigger->postValidate();
1200 1200 }
1201   -
  1201 +
1202 1202 //$aOptions = array('user' => $oUser);
1203 1203 //$oDocumentTransaction = & new DocumentTransaction($oNewDoc, 'Document copied from old version.', 'ktcore.transactions.create', $aOptions);
1204 1204 //$res = $oDocumentTransaction->create();
1205   -
  1205 +
1206 1206 $_SESSION['KTInfoMessage'][] = _kt('Document copied.');
1207   -
  1207 +
1208 1208 controllerRedirect('viewDocument', 'fDocumentId=' . $oNewDoc->getId());
1209 1209 exit(0);
1210 1210 }
... ... @@ -1252,10 +1252,10 @@ class KTDocumentArchiveAction extends KTDocumentAction {
1252 1252 'output' => 'reason',
1253 1253 )),
1254 1254 ));
1255   -
  1255 +
1256 1256 return $oForm;
1257 1257 }
1258   -
  1258 +
1259 1259 function do_main() {
1260 1260 $this->oPage->setBreadcrumbDetails(_kt('Archive Document'));
1261 1261 $oTemplate =& $this->oValidator->validateTemplate('ktcore/action/archive');
... ... @@ -1270,16 +1270,16 @@ class KTDocumentArchiveAction extends KTDocumentAction {
1270 1270 }
1271 1271  
1272 1272 function do_archive() {
1273   -
  1273 +
1274 1274 $oForm = $this->form_main();
1275 1275 $res = $oForm->validate();
1276 1276 $data = $res['results'];
1277 1277 if (!empty($res['errors'])) {
1278 1278 return $oForm->handleError();
1279 1279 }
1280   -
  1280 +
1281 1281 $sReason = $data['reason'];
1282   -
  1282 +
1283 1283 $this->startTransaction();
1284 1284 $this->oDocument->setStatusID(ARCHIVED);
1285 1285 $res = $this->oDocument->update();
... ... @@ -1290,7 +1290,7 @@ class KTDocumentArchiveAction extends KTDocumentAction {
1290 1290 }
1291 1291 $oDocumentTransaction = & new DocumentTransaction($this->oDocument, sprintf(_kt('Document archived: %s'), $sReason), 'ktcore.transactions.update');
1292 1292 $oDocumentTransaction->create();
1293   -
  1293 +
1294 1294 $this->commitTransaction();
1295 1295  
1296 1296 $oKTTriggerRegistry = KTTriggerRegistry::getSingleton();
... ... @@ -1320,11 +1320,11 @@ class KTDocumentArchiveAction extends KTDocumentAction {
1320 1320 class KTDocumentWorkflowAction extends KTDocumentAction {
1321 1321 var $sName = 'ktcore.actions.document.workflow';
1322 1322 var $_sShowPermission = 'ktcore.permissions.read';
1323   -
1324   - var $sHelpPage = 'ktcore/user/workflow.html';
  1323 +
  1324 + var $sHelpPage = 'ktcore/user/workflow.html';
1325 1325  
1326 1326 function predispatch() {
1327   - $this->persistParams(array('fTransitionId'));
  1327 + $this->persistParams(array('fTransitionId'));
1328 1328 }
1329 1329  
1330 1330 function getDisplayName() {
... ... @@ -1350,7 +1350,7 @@ class KTDocumentWorkflowAction extends KTDocumentAction {
1350 1350 }
1351 1351  
1352 1352 $fieldErrors = null;
1353   -
  1353 +
1354 1354 $transition_fields = array();
1355 1355 if ($aTransitions) {
1356 1356 $aVocab = array();
... ... @@ -1364,8 +1364,8 @@ class KTDocumentWorkflowAction extends KTDocumentAction {
1364 1364 $fieldOptions = array('vocab' => $aVocab);
1365 1365 $transition_fields[] = new KTLookupWidget(_kt('Transition to perform'), _kt('The transition listed will cause the document to change from its current state to the listed destination state.'), 'fTransitionId', null, $this->oPage, true, null, $fieldErrors, $fieldOptions);
1366 1366 $transition_fields[] = new KTTextWidget(
1367   - _kt('Reason for transition'), _kt('Describe why this document qualifies to be changed from its current state to the destination state of the transition chosen.'),
1368   - 'fComments', '',
  1367 + _kt('Reason for transition'), _kt('Describe why this document qualifies to be changed from its current state to the destination state of the transition chosen.'),
  1368 + 'fComments', '',
1369 1369 $this->oPage, true, null, null,
1370 1370 array('cols' => 80, 'rows' => 4));
1371 1371 }
... ... @@ -1399,7 +1399,7 @@ class KTDocumentWorkflowAction extends KTDocumentAction {
1399 1399  
1400 1400 function do_performTransition() {
1401 1401 $oDocument =& $this->oValidator->validateDocument($_REQUEST['fDocumentId']);
1402   - $oTransition =& $this->oValidator->validateWorkflowTransition($_REQUEST['fTransitionId']);
  1402 + $oTransition =& $this->oValidator->validateWorkflowTransition($_REQUEST['fTransitionId']);
1403 1403  
1404 1404 $aErrorOptions = array(
1405 1405 'redirect_to' => array('main', sprintf('fDocumentId=%d', $_REQUEST['fDocumentId'])),
... ... @@ -1407,7 +1407,7 @@ class KTDocumentWorkflowAction extends KTDocumentAction {
1407 1407 );
1408 1408  
1409 1409 $sComments =& $this->oValidator->validateString($_REQUEST['fComments'], $aErrorOptions);
1410   -
  1410 +
1411 1411 $oUser =& User::get($_SESSION['userID']);
1412 1412 $res = KTWorkflowUtil::performTransitionOnDocument($oTransition, $oDocument, $oUser, $sComments);
1413 1413  
... ... @@ -1420,7 +1420,7 @@ class KTDocumentWorkflowAction extends KTDocumentAction {
1420 1420 array('fDocumentId' => $oDocument->getId()));
1421 1421 }
1422 1422 }
1423   -
  1423 +
1424 1424 function form_quicktransition() {
1425 1425  
1426 1426 $oForm = new KTForm;
... ... @@ -1446,36 +1446,36 @@ class KTDocumentWorkflowAction extends KTDocumentAction {
1446 1446 'test' => 'reason',
1447 1447 'max_length' => 250,
1448 1448 'output' => 'reason',
1449   - )),
  1449 + )),
1450 1450 ));
1451   -
  1451 +
1452 1452 return $oForm;
1453 1453 }
1454 1454  
1455 1455 function do_quicktransition() {
1456 1456 // make sure this gets through.
1457 1457 $this->persistParams(array('fTransitionId'));
1458   -
  1458 +
1459 1459 $transition_id = $_REQUEST['fTransitionId'];
1460 1460 $oTransition = KTWorkflowTransition::get($transition_id);
1461   -
  1461 +
1462 1462 $oForm = $this->form_quicktransition();
1463 1463 return $oForm->renderPage(sprintf(_kt('Perform Transition: %s'), $oTransition->getName()));
1464 1464 }
1465   -
  1465 +
1466 1466 function do_performquicktransition() {
1467 1467 $oForm = $this->form_quicktransition();
1468 1468 $res = $oForm->validate();
1469   -
  1469 +
1470 1470 if (!empty($res['errors'])) {
1471 1471 return $oForm->handleError();
1472   - }
1473   -
  1472 + }
  1473 +
1474 1474 $this->startTransaction();
1475   -
  1475 +
1476 1476 $data = $res['results'];
1477 1477 $oTransition = KTWorkflowTransition::get($_REQUEST['fTransitionId']);
1478   -
  1478 +
1479 1479 $res = KTWorkflowUtil::performTransitionOnDocument($oTransition, $this->oDocument, $this->oUser, $data['reason']);
1480 1480  
1481 1481 if(!Permission::userHasDocumentReadPermission($this->oDocument)) {
... ... @@ -1483,10 +1483,10 @@ class KTDocumentWorkflowAction extends KTDocumentAction {
1483 1483 $_SESSION['KTInfoMessage'][] = _kt('Transition performed') . '. ' . _kt('You no longer have permission to view this document');
1484 1484 controllerRedirect('browse', sprintf('fFolderId=%d', $this->oDocument->getFolderId()));
1485 1485 } else {
1486   - $this->commitTransaction();
  1486 + $this->commitTransaction();
1487 1487 $_SESSION['KTInfoMessage'][] = _kt('Transition performed');
1488 1488 controllerRedirect('viewDocument', sprintf('fDocumentId=%d', $this->oDocument->getId()));
1489   - }
  1489 + }
1490 1490 }
1491 1491  
1492 1492 }
... ... @@ -1499,7 +1499,7 @@ class KTOwnershipChangeAction extends KTDocumentAction {
1499 1499 function getDisplayName() {
1500 1500 return _kt('Change Document Ownership');
1501 1501 }
1502   -
  1502 +
1503 1503 function form_owner() {
1504 1504 $oForm = new KTForm;
1505 1505 $oForm->setOptions(array(
... ... @@ -1529,49 +1529,49 @@ class KTOwnershipChangeAction extends KTDocumentAction {
1529 1529 'output' => 'user',
1530 1530 )),
1531 1531 ));
1532   -
  1532 +
1533 1533 return $oForm;
1534 1534 }
1535 1535  
1536   - function do_main() {
  1536 + function do_main() {
1537 1537 $this->oPage->setBreadcrumbDetails(_kt('Changing Ownership'));
1538 1538 $oTemplate =& $this->oValidator->validateTemplate('ktcore/document/ownershipchangeaction');
1539   -
  1539 +
1540 1540 $change_form = $this->form_owner();
1541   -
  1541 +
1542 1542 $oTemplate->setData(array(
1543 1543 'context' => $this,
1544 1544 'form' => $change_form,
1545   - ));
  1545 + ));
1546 1546 return $oTemplate->render();
1547 1547 }
1548   -
  1548 +
1549 1549 function do_reown() {
1550 1550 $oForm = $this->form_owner();
1551 1551 $res = $oForm->validate();
1552 1552 $data = $res['results'];
1553 1553 $errors = $res['errors'];
1554   -
  1554 +
1555 1555 if (!empty($errors)) {
1556   - return $oForm->handleError();
  1556 + return $oForm->handleError();
1557 1557 }
1558 1558  
1559 1559 $oUser = $data['user'];
1560   -
  1560 +
1561 1561 $this->startTransaction();
1562   -
  1562 +
1563 1563 $this->oDocument->setOwnerID($oUser->getId());
1564 1564 $res = $this->oDocument->update();
1565 1565 if (PEAR::isError($res)) {
1566 1566 $this->errorRedirectToMain(sprintf(_kt('Failed to update document: %s'), $res->getMessage()), sprintf('fDocumentId=%d', $this->oDocument->getId()));
1567 1567 }
1568   -
  1568 +
1569 1569 $res = KTPermissionUtil::updatePermissionLookup($this->oDocument);
1570   -
  1570 +
1571 1571 if (PEAR::isError($res)) {
1572 1572 $this->errorRedirectToMain(sprintf(_kt('Failed to update document: %s'), $res->getMessage()), sprintf('fDocumentId=%d', $this->oDocument->getId()));
1573 1573 }
1574   -
  1574 +
1575 1575 $this->successRedirectToMain(_kt('Ownership changed.'), sprintf('fDocumentId=%d', $this->oDocument->getId()));
1576 1576 }
1577 1577 }
... ...
plugins/ktcore/KTPermissions.php
  View file @03c98e9
... ... @@ -6,7 +6,7 @@
6 6 * License Version 1.1.2 ("License"); You may not use this file except in
7 7 * compliance with the License. You may obtain a copy of the License at
8 8 * http://www.knowledgetree.com/KPL
9   - *
  9 + *
10 10 * Software distributed under the License is distributed on an "AS IS"
11 11 * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied.
12 12 * See the License for the specific language governing rights and
... ... @@ -17,9 +17,9 @@
17 17 * (ii) the KnowledgeTree copyright notice
18 18 * in the same form as they appear in the distribution. See the License for
19 19 * requirements.
20   - *
  20 + *
21 21 * The Original Code is: KnowledgeTree Open Source
22   - *
  22 + *
23 23 * The Initial Developer of the Original Code is The Jam Warehouse Software
24 24 * (Pty) Ltd, trading as KnowledgeTree.
25 25 * Portions created by The Jam Warehouse Software (Pty) Ltd are Copyright
... ... @@ -64,21 +64,21 @@ class KTDocumentPermissionsAction extends KTDocumentAction {
64 64 function do_main() {
65 65 $this->oPage->setBreadcrumbDetails(_kt("Document Permissions"));
66 66 $oTemplate = $this->oValidator->validateTemplate("ktcore/document/document_permissions");
67   -
  67 +
68 68 $oPL = KTPermissionLookup::get($this->oDocument->getPermissionLookupID());
69 69 $aPermissions = KTPermission::getList();
70 70 $aMapPermissionGroup = array();
71   - $aMapPermissionRole = array();
72   - $aMapPermissionUser = array();
73   -
  71 + $aMapPermissionRole = array();
  72 + $aMapPermissionUser = array();
  73 +
74 74 $aAllGroups = Group::getList(); // probably small enough
75 75 $aAllRoles = Role::getList(); // probably small enough.
76 76 // users are _not_ fetched this way.
77   -
  77 +
78 78 $aActiveGroups = array();
79 79 $aActiveUsers = array();
80 80 $aActiveRoles = array();
81   -
  81 +
82 82 foreach ($aPermissions as $oPermission) {
83 83 $oPLA = KTPermissionLookupAssignment::getByPermissionAndLookup($oPermission, $oPL);
84 84 if (PEAR::isError($oPLA)) {
... ... @@ -97,15 +97,15 @@ class KTDocumentPermissionsAction extends KTDocumentAction {
97 97 foreach ($aIds as $iId) {
98 98 $aMapPermissionRole[$iPermissionID][$iId] = true;
99 99 $aActiveRoles[$iId] = true;
100   - }
  100 + }
101 101 $aIds = $oDescriptor->getUsers();
102 102 $aMapPermissionUser[$iPermissionID] = array();
103 103 foreach ($aIds as $iId) {
104 104 $aMapPermissionUser[$iPermissionID][$iId] = true;
105 105 $aActiveUsers[$iId] = true;
106   - }
  106 + }
107 107 }
108   -
  108 +
109 109 // now we constitute the actual sets.
110 110 $users = array();
111 111 $groups = array();
... ... @@ -117,19 +117,19 @@ class KTDocumentPermissionsAction extends KTDocumentAction {
117 117 $users[$oUser->getName()] = $oUser;
118 118 }
119 119 asort($users); // ascending, per convention.
120   -
  120 +
121 121 foreach ($aActiveGroups as $id => $marker) {
122 122 $oGroup = Group::get($id);
123 123 $groups[$oGroup->getName()] = $oGroup;
124 124 }
125 125 asort($groups);
126   -
  126 +
127 127 foreach ($aActiveRoles as $id => $marker) {
128 128 $oRole = Role::get($id);
129 129 $roles[$oRole->getName()] = $oRole;
130 130 }
131 131 asort($roles);
132   -
  132 +
133 133 $bEdit = KTPermissionUtil::userHasPermissionOnItem($this->oUser, $this->_sEditShowPermission, $this->oDocument);
134 134 $sInherited = '';
135 135  
... ... @@ -151,7 +151,7 @@ class KTDocumentPermissionsAction extends KTDocumentAction {
151 151 }
152 152 }
153 153 }
154   - }
  154 + }
155 155 }
156 156  
157 157  
... ... @@ -163,7 +163,7 @@ class KTDocumentPermissionsAction extends KTDocumentAction {
163 163 $aWorkflowControls[$oAssignment->getPermissionId()] = true;
164 164 unset($aDynamicControls[$oAssignment->getPermissionId()]);
165 165 }
166   - }
  166 + }
167 167  
168 168  
169 169 $aTemplateData = array(
... ... @@ -171,15 +171,15 @@ class KTDocumentPermissionsAction extends KTDocumentAction {
171 171 "permissions" => $aPermissions,
172 172 "groups" => $groups,
173 173 "users" => $users,
174   - "roles" => $roles,
  174 + "roles" => $roles,
175 175 "iDocumentID" => $_REQUEST['fDocumentID'],
176 176 "aMapPermissionGroup" => $aMapPermissionGroup,
177   - "aMapPermissionRole" => $aMapPermissionRole,
  177 + "aMapPermissionRole" => $aMapPermissionRole,
178 178 "aMapPermissionUser" => $aMapPermissionUser,
179 179 "edit" => $bEdit,
180 180 "inherited" => $sInherited,
181 181 'workflow_controls' => $aWorkflowControls,
182   - 'conditions_control' => $aDynamicControls,
  182 + 'conditions_control' => $aDynamicControls,
183 183 );
184 184 return $oTemplate->render($aTemplateData);
185 185 }
... ... @@ -245,7 +245,7 @@ class KTDocumentPermissionsAction extends KTDocumentAction {
245 245 }
246 246 }
247 247 }
248   - }
  248 + }
249 249 }
250 250  
251 251  
... ... @@ -257,7 +257,7 @@ class KTDocumentPermissionsAction extends KTDocumentAction {
257 257 $aWorkflowControls[$oAssignment->getPermissionId()] = true;
258 258 unset($aDynamicControls[$oAssignment->getPermissionId()]);
259 259 }
260   - }
  260 + }
261 261  
262 262  
263 263 $aTemplateData = array(
... ... @@ -273,7 +273,7 @@ class KTDocumentPermissionsAction extends KTDocumentAction {
273 273 "edit" => $bEdit,
274 274 "inherited" => $sInherited,
275 275 'workflow_controls' => $aWorkflowControls,
276   - 'conditions_control' => $aDynamicControls,
  276 + 'conditions_control' => $aDynamicControls,
277 277 );
278 278 return $oTemplate->render($aTemplateData);
279 279 }
... ... @@ -295,19 +295,19 @@ class KTRoleAllocationPlugin extends KTFolderAction {
295 295 $this->oPage->setBreadcrumbDetails(_kt("Allocate Roles"));
296 296 $oTemplating =& KTTemplating::getSingleton();
297 297 $oTemplate = $oTemplating->loadTemplate("ktcore/folder/roles");
298   -
  298 +
299 299 // we need to have:
300 300 // - a list of roles
301 301 // - with their users / groups
302 302 // - and that allocation id
303 303 $aRoles = array(); // stores data for display.
304   -
  304 +
305 305 $aRoleList = Role::getList('id > 0');
306 306 foreach ($aRoleList as $oRole) {
307 307 $iRoleId = $oRole->getId();
308 308 $aRoles[$iRoleId] = array("name" => $oRole->getName());
309 309 $oRoleAllocation = RoleAllocation::getAllocationsForFolderAndRole($this->oFolder->getId(), $iRoleId);
310   -
  310 +
311 311 $u = array();
312 312 $g = array();
313 313 $aid = null;
... ... @@ -335,15 +335,15 @@ class KTRoleAllocationPlugin extends KTFolderAction {
335 335 $aRoles[$iRoleId]['allocation_id'] = $aid;
336 336 $aRoles[$iRoleId]['real_allocation_id'] = $raid;
337 337 }
338   -
  338 +
339 339 /*
340 340 print '<pre>';
341 341 var_dump($aRoles);
342 342 print '</pre>';
343 343 */
344   -
345 344  
346   -
  345 +
  346 +
347 347 // FIXME this is test data.
348 348 /*
349 349 $aRoles = array(
... ... @@ -352,10 +352,10 @@ class KTRoleAllocationPlugin extends KTFolderAction {
352 352 3 => array('name' => 'Inherited', 'users' => array(), 'groups' => array(1), 'allocation_id' => null),
353 353 );
354 354 */
355   -
356   -
  355 +
  356 +
357 357 // final step.
358   -
  358 +
359 359 // map to users, groups.
360 360 foreach ($aRoles as $key => $role) {
361 361 $_users = array();
... ... @@ -366,11 +366,11 @@ class KTRoleAllocationPlugin extends KTFolderAction {
366 366 }
367 367 }
368 368 if (empty($_users)) {
369   - $aRoles[$key]['users'] = '<span class="descriptiveText"> ' . _kt('no users') . '</span>';
  369 + $aRoles[$key]['users'] = '<span class="descriptiveText"> ' . _kt('no users') . '</span>';
370 370 } else {
371 371 $aRoles[$key]['users'] = join(', ',$_users);
372 372 }
373   -
  373 +
374 374 $_groups = array();
375 375 foreach ($aRoles[$key]['groups'] as $iGroupId) {
376 376 $oGroup = Group::get($iGroupId);
... ... @@ -379,22 +379,23 @@ class KTRoleAllocationPlugin extends KTFolderAction {
379 379 }
380 380 }
381 381 if (empty($_groups)) {
382   - $aRoles[$key]['groups'] = '<span class="descriptiveText"> ' . _kt('no groups') . '</span>';
  382 + $aRoles[$key]['groups'] = '<span class="descriptiveText"> ' . _kt('no groups') . '</span>';
383 383 } else {
384 384 $aRoles[$key]['groups'] = join(', ',$_groups);
385 385 }
386 386 }
387   -
  387 +
388 388 $aTemplateData = array(
389 389 'context' => &$this,
390 390 'roles' => $aRoles,
  391 + 'folderName'=>$this->oFolder->getName(),
391 392 'is_root' => ($this->oFolder->getId() == 1),
392 393 );
393 394 return $oTemplate->render($aTemplateData);
394 395 }
395   -
396   -
397   -
  396 +
  397 +
  398 +
398 399 function do_overrideParent() {
399 400 $role_id = KTUtil::arrayGet($_REQUEST, 'role_id', null);
400 401 $oRole = Role::get($role_id);
... ... @@ -405,20 +406,20 @@ class KTRoleAllocationPlugin extends KTFolderAction {
405 406 $oRoleAllocation = new RoleAllocation();
406 407 $oRoleAllocation->setFolderId($this->oFolder->getId());
407 408 $oRoleAllocation->setRoleId($role_id);
408   -
409   - // create a new permission descriptor.
  409 +
  410 + // create a new permission descriptor.
410 411 // FIXME we really want to duplicate the original (if it exists)
411   -
  412 +
412 413 $aAllowed = array(); // no-op, for now.
413 414 $this->startTransaction();
414   -
  415 +
415 416 $oRoleAllocation->setAllowed($aAllowed);
416 417 $res = $oRoleAllocation->create();
417   -
  418 +
418 419 if (PEAR::isError($res) || ($res == false)) {
419 420 $this->errorRedirectToMain(_kt('Failed to create the role allocation.') . print_r($res, true), sprintf('fFolderId=%d', $this->oFolder->getId()));
420 421 }
421   -
  422 +
422 423 $oTransaction = KTFolderTransaction::createFromArray(array(
423 424 'folderid' => $this->oFolder->getId(),
424 425 'comment' => _kt('Override parent allocation'),
... ... @@ -452,42 +453,42 @@ class KTRoleAllocationPlugin extends KTFolderAction {
452 453  
453 454 $oRoleAllocation->setAllowed($aAllowed);
454 455 $res = $oRoleAllocation->update();
455   -
456   - if (PEAR::isError($res) || ($res == false))
  456 +
  457 + if (PEAR::isError($res) || ($res == false))
457 458 {
458 459 $this->errorRedirectToMain(_kt('Failed to create the role allocation.') . print_r($res, true), sprintf('fFolderId=%d', $this->oFolder->getId()));
459 460 }
460 461 }
461   -
  462 +
462 463 // regenerate permissions
463   -
  464 +
464 465 $this->renegeratePermissionsForRole($oRoleAllocation->getRoleId());
465 466  
466 467 $this->successRedirectToMain(_kt('Role allocation created.'), sprintf('fFolderId=%d', $this->oFolder->getId()));
467 468 }
468   -
469   - function do_useParent() {
  469 +
  470 + function do_useParent() {
470 471 $role_id = KTUtil::arrayGet($_REQUEST, 'role_id', null);
471 472 $oRole = Role::get($role_id);
472 473 if (PEAR::isError($oRole)) {
473   - $this->errorRedirectToMain(_kt('Invalid Role.'), sprintf('fFolderId=%d',$this->oFolder->getId()));
  474 + $this->errorRedirectToMain(_kt('Invalid Role.'), sprintf('fFolderId=%d',$this->oFolder->getId()));
474 475 }
475 476 $role_id = $oRole->getId(); // numeric, for various testing purposes.
476   -
  477 +
477 478 $oRoleAllocation = RoleAllocation::getAllocationsForFolderAndRole($this->oFolder->getId(), $role_id);
478   -
  479 +
479 480 if ($oRoleAllocation->getFolderId() != $this->oFolder->getId()) {
480   - $this->errorRedirectToMain(_kt('Already using a different descriptor.'), sprintf('fFolderId=%d',$this->oFolder->getId()));
481   - }
  481 + $this->errorRedirectToMain(_kt('Already using a different descriptor.'), sprintf('fFolderId=%d',$this->oFolder->getId()));
  482 + }
482 483 $this->startTransaction();
483   -
  484 +
484 485 $res = $oRoleAllocation->delete();
485   -
  486 +
486 487 if (PEAR::isError($res) || ($res == false)) {
487   - $this->errorRedirectToMain(_kt('Unable to change role allocation.') . print_r($res, true), sprintf('fFolderId=%d',$this->oFolder->getId()));
  488 + $this->errorRedirectToMain(_kt('Unable to change role allocation.') . print_r($res, true), sprintf('fFolderId=%d',$this->oFolder->getId()));
488 489 exit(0);
489 490 }
490   -
  491 +
491 492 $oTransaction = KTFolderTransaction::createFromArray(array(
492 493 'folderid' => $this->oFolder->getId(),
493 494 'comment' => _kt('Use parent allocation'),
... ... @@ -503,34 +504,34 @@ class KTRoleAllocationPlugin extends KTFolderAction {
503 504  
504 505 $this->renegeratePermissionsForRole($oRoleAllocation->getRoleId());
505 506  
506   - $this->successRedirectToMain(_kt('Role now uses parent.'), sprintf('fFolderId=%d',$this->oFolder->getId()));
  507 + $this->successRedirectToMain(_kt('Role now uses parent.'), sprintf('fFolderId=%d',$this->oFolder->getId()));
507 508 }
508   -
  509 +
509 510 function rootoverride($role_id) {
510 511 if ($this->oFolder->getId() != 1) {
511 512 $this->errorRedirectToMain(_kt("Cannot create allocation for non-root locations."));
512 513 }
513   -
  514 +
514 515 $oRoleAllocation = new RoleAllocation();
515 516 $oRoleAllocation->setFolderId($this->oFolder->getId());
516 517 $oRoleAllocation->setRoleId($role_id);
517   -
518   - // create a new permission descriptor.
  518 +
  519 + // create a new permission descriptor.
519 520 // FIXME we really want to duplicate the original (if it exists)
520   -
  521 +
521 522 $aAllowed = array(); // no-op, for now.
522 523 $this->startTransaction();
523   -
  524 +
524 525 $oRoleAllocation->setAllowed($aAllowed);
525 526 $res = $oRoleAllocation->create();
526   -
  527 +
527 528 if (PEAR::isError($res) || ($res == false)) {
528 529 $this->errorRedirectToMain(_kt('Failed to create the role allocation.') . print_r($res, true), sprintf('fFolderId=%d', $this->oFolder->getId()));
529 530 }
530   -
  531 +
531 532 return $oRoleAllocation;
532 533 }
533   -
  534 +
534 535 function do_editRoleUsers() {
535 536  
536 537 $role_allocation_id = KTUtil::arrayGet($_REQUEST, 'alloc_id');
... ... @@ -542,22 +543,22 @@ class KTRoleAllocationPlugin extends KTFolderAction {
542 543 if ((PEAR::isError($oRoleAllocation)) || ($oRoleAllocation=== false)) {
543 544 $this->errorRedirectToMain(_kt('No such role allocation.'), sprintf('fFolderId=%d',$this->oFolder->getId()));
544 545 }
545   -
546   -
  546 +
  547 +
547 548 $this->oPage->setBreadcrumbDetails(_kt('Manage Users for Role'));
548 549 $this->oPage->setTitle(sprintf(_kt('Manage Users for Role')));
549   -
  550 +
550 551 $initJS = 'var optGroup = new OptionTransfer("userSelect","chosenUsers"); ' .
551 552 'function startTrans() { var f = getElement("userroleform"); ' .
552 553 ' optGroup.saveNewRightOptions("userFinal"); ' .
553 554 ' optGroup.init(f); }; ' .
554   - ' addLoadEvent(startTrans); ';
  555 + ' addLoadEvent(startTrans); ';
555 556 $this->oPage->requireJSStandalone($initJS);
556   -
  557 +
557 558 $aInitialUsers = $oRoleAllocation->getUsers();
558 559 $aAllUsers = User::getList();
559   -
560   -
  560 +
  561 +
561 562 // FIXME this is massively non-performant for large userbases..
562 563 $aRoleUsers = array();
563 564 $aFreeUsers = array();
... ... @@ -569,8 +570,8 @@ class KTRoleAllocationPlugin extends KTFolderAction {
569 570 $aFreeUsers[$oUser->getId()] = $oUser;
570 571 }
571 572 }
572   -
573   - $oTemplating =& KTTemplating::getSingleton();
  573 +
  574 + $oTemplating =& KTTemplating::getSingleton();
574 575 $oTemplate = $oTemplating->loadTemplate("ktcore/folder/roles_manageusers");
575 576 $aTemplateData = array(
576 577 "context" => $this,
... ... @@ -580,8 +581,8 @@ class KTRoleAllocationPlugin extends KTFolderAction {
580 581 );
581 582 return $oTemplate->render($aTemplateData);
582 583 }
583   -
584   - function do_editRoleGroups() {
  584 +
  585 + function do_editRoleGroups() {
585 586  
586 587 $role_allocation_id = KTUtil::arrayGet($_REQUEST, 'alloc_id');
587 588 if (($this->oFolder->getId() == 1) && is_null($role_allocation_id)) {
... ... @@ -592,22 +593,22 @@ class KTRoleAllocationPlugin extends KTFolderAction {
592 593 if ((PEAR::isError($oRoleAllocation)) || ($oRoleAllocation=== false)) {
593 594 $this->errorRedirectToMain(_kt('No such role allocation.'), sprintf('fFolderId=%d',$this->oFolder->getId()));
594 595 }
595   -
596   - $oRole = Role::get($oRoleAllocation->getRoleId());
  596 +
  597 + $oRole = Role::get($oRoleAllocation->getRoleId());
597 598 $this->oPage->setBreadcrumbDetails(_kt('Manage Groups for Role'));
598 599 $this->oPage->setTitle(sprintf(_kt('Manage Groups for Role "%s"'), $oRole->getName()));
599   -
  600 +
600 601 $initJS = 'var optGroup = new OptionTransfer("groupSelect","chosenGroups"); ' .
601 602 'function startTrans() { var f = getElement("grouproleform"); ' .
602 603 ' optGroup.saveNewRightOptions("groupFinal"); ' .
603 604 ' optGroup.init(f); }; ' .
604   - ' addLoadEvent(startTrans); ';
  605 + ' addLoadEvent(startTrans); ';
605 606 $this->oPage->requireJSStandalone($initJS);
606   -
  607 +
607 608 $aInitialUsers = $oRoleAllocation->getGroups();
608 609 $aAllUsers = Group::getList();
609   -
610   -
  610 +
  611 +
611 612 // FIXME this is massively non-performant for large userbases..
612 613 $aRoleUsers = array();
613 614 $aFreeUsers = array();
... ... @@ -619,10 +620,10 @@ class KTRoleAllocationPlugin extends KTFolderAction {
619 620 $aFreeUsers[$oGroup->getId()] = $oGroup;
620 621 }
621 622 }
622   -
623   -
624   -
625   - $oTemplating =& KTTemplating::getSingleton();
  623 +
  624 +
  625 +
  626 + $oTemplating =& KTTemplating::getSingleton();
626 627 $oTemplate = $oTemplating->loadTemplate("ktcore/folder/roles_managegroups");
627 628 $aTemplateData = array(
628 629 "context" => $this,
... ... @@ -633,7 +634,7 @@ class KTRoleAllocationPlugin extends KTFolderAction {
633 634 );
634 635 return $oTemplate->render($aTemplateData);
635 636 }
636   -
  637 +
637 638 function do_setRoleUsers() {
638 639  
639 640 $role_allocation_id = KTUtil::arrayGet($_REQUEST, 'allocation_id');
... ... @@ -653,24 +654,24 @@ class KTRoleAllocationPlugin extends KTFolderAction {
653 654 }
654 655 }
655 656 if (empty($aFinalUserIds)) { $aFinalUserIds = null; }
656   -
  657 +
657 658 // hack straight in.
658 659 $oPD = $oRoleAllocation->getPermissionDescriptor();
659   - $aAllowed = $oPD->getAllowed();
660   -
661   -
662   -
  660 + $aAllowed = $oPD->getAllowed();
  661 +
  662 +
  663 +
663 664 // now, grab the existing allowed and modify.
664 665  
665 666 $aAllowed['user'] = $aFinalUserIds;
666   -
  667 +
667 668 $oRoleAllocation->setAllowed($aAllowed);
668 669 $res = $oRoleAllocation->update();
669   -
  670 +
670 671 if (PEAR::isError($res) || ($res == false)) {
671 672 $this->errorRedirectToMain(_kt('Failed to change the role allocation.') . print_r($res, true), sprintf('fFolderId=%d', $this->oFolder->getId()));
672 673 }
673   -
  674 +
674 675 $oTransaction = KTFolderTransaction::createFromArray(array(
675 676 'folderid' => $this->oFolder->getId(),
676 677 'comment' => _kt('Set role users'),
... ... @@ -685,12 +686,12 @@ class KTRoleAllocationPlugin extends KTFolderAction {
685 686 $this->oValidator->notErrorFalse($oTransaction, $aOptions);
686 687  
687 688 $this->renegeratePermissionsForRole($oRoleAllocation->getRoleId());
688   -
689   - $this->successRedirectToMain(_kt('Allocation changed.'), sprintf('fFolderId=%d',$this->oFolder->getId()));
  689 +
  690 + $this->successRedirectToMain(_kt('Allocation changed.'), sprintf('fFolderId=%d',$this->oFolder->getId()));
690 691 }
691   -
  692 +
692 693 function do_setRoleGroups() {
693   -
  694 +
694 695 $role_allocation_id = KTUtil::arrayGet($_REQUEST, 'allocation_id');
695 696 $oRoleAllocation = RoleAllocation::get($role_allocation_id);
696 697 if ((PEAR::isError($oRoleAllocation)) || ($oRoleAllocation=== false)) {
... ... @@ -708,24 +709,24 @@ class KTRoleAllocationPlugin extends KTFolderAction {
708 709 }
709 710 }
710 711 if (empty($aFinalGroupIds)) { $aFinalGroupIds = null; }
711   -
  712 +
712 713 // hack straight in.
713 714 $oPD = $oRoleAllocation->getPermissionDescriptor();
714   - $aAllowed = $oPD->getAllowed();
715   -
716   -
717   -
  715 + $aAllowed = $oPD->getAllowed();
  716 +
  717 +
  718 +
718 719 // now, grab the existing allowed and modify.
719 720  
720 721 $aAllowed['group'] = $aFinalGroupIds;
721   -
  722 +
722 723 $oRoleAllocation->setAllowed($aAllowed);
723 724 $res = $oRoleAllocation->update();
724   -
  725 +
725 726 if (PEAR::isError($res) || ($res == false)) {
726 727 $this->errorRedirectToMain(_kt('Failed to change the role allocation.') . print_r($res, true), sprintf('fFolderId=%d', $this->oFolder->getId()));
727 728 }
728   -
  729 +
729 730 $oTransaction = KTFolderTransaction::createFromArray(array(
730 731 'folderid' => $this->oFolder->getId(),
731 732 'comment' => _kt('Set role groups'),
... ... @@ -740,14 +741,14 @@ class KTRoleAllocationPlugin extends KTFolderAction {
740 741 $this->oValidator->notErrorFalse($oTransaction, $aOptions);
741 742  
742 743 $this->renegeratePermissionsForRole($oRoleAllocation->getRoleId());
743   -
744   - $this->successRedirectToMain(_kt('Allocation changed.'), sprintf('fFolderId=%d',$this->oFolder->getId()));
  744 +
  745 + $this->successRedirectToMain(_kt('Allocation changed.'), sprintf('fFolderId=%d',$this->oFolder->getId()));
745 746 }
746   -
  747 +
747 748 function renegeratePermissionsForRole($iRoleId) {
748 749 $iStartFolderId = $this->oFolder->getId();
749   - /*
750   - * 1. find all folders & documents "below" this one which use the role
  750 + /*
  751 + * 1. find all folders & documents "below" this one which use the role
751 752 * definition _active_ (not necessarily present) at this point.
752 753 * 2. tell permissionutil to regen their permissions.
753 754 *
... ... @@ -755,7 +756,7 @@ class KTRoleAllocationPlugin extends KTFolderAction {
755 756 *
756 757 * folder_queue <- (iStartFolderId)
757 758 * while folder_queue is not empty:
758   - * active_folder =
  759 + * active_folder =
759 760 * for each folder in the active_folder:
760 761 * find folders in _this_ folder without a role-allocation on the iRoleId
761 762 * add them to the folder_queue
... ... @@ -763,38 +764,38 @@ class KTRoleAllocationPlugin extends KTFolderAction {
763 764 * find documents in this folder:
764 765 * update their permissions.
765 766 */
766   -
  767 +
767 768 $sRoleAllocTable = KTUtil::getTableName('role_allocations');
768 769 $sFolderTable = KTUtil::getTableName('folders');
769 770 $sQuery = sprintf('SELECT f.id as id FROM %s AS f LEFT JOIN %s AS ra ON (f.id = ra.folder_id) WHERE ra.id IS NULL AND f.parent_id = ?', $sFolderTable, $sRoleAllocTable);
770   -
771   -
  771 +
  772 +
772 773 $folder_queue = array($iStartFolderId);
773 774 while (!empty($folder_queue)) {
774 775 $active_folder = array_pop($folder_queue);
775   -
776   - $aParams = array($active_folder);
777   -
  776 +
  777 + $aParams = array($active_folder);
  778 +
778 779 $aNewFolders = DBUtil::getResultArrayKey(array($sQuery, $aParams), 'id');
779 780 if (PEAR::isError($aNewFolders)) {
780 781 $this->errorRedirectToMain(_kt('Failure to generate folderlisting.'));
781 782 }
782 783 $folder_queue = kt_array_merge ($folder_queue, (array) $aNewFolders); // push.
783 784  
784   -
  785 +
785 786 // update the folder.
786 787 $oFolder =& Folder::get($active_folder);
787 788 if (PEAR::isError($oFolder) || ($oFolder == false)) {
788 789 $this->errorRedirectToMain(_kt('Unable to locate folder: ') . $active_folder);
789 790 }
790   -
  791 +
791 792 KTPermissionUtil::updatePermissionLookup($oFolder);
792 793 $aDocList =& Document::getList(array('folder_id = ?', $active_folder));
793 794 if (PEAR::isError($aDocList) || ($aDocList === false)) {
794 795 $this->errorRedirectToMain(sprintf(_kt('Unable to get documents in folder %s: %s'), $active_folder, $aDocList->getMessage()));
795 796 }
796   -
797   - foreach ($aDocList as $oDoc) {
  797 +
  798 + foreach ($aDocList as $oDoc) {
798 799 if (!PEAR::isError($oDoc)) {
799 800 KTPermissionUtil::updatePermissionLookup($oDoc);
800 801 }
... ... @@ -818,13 +819,13 @@ class KTDocumentRolesAction extends KTDocumentAction {
818 819 $this->oPage->setBreadcrumbDetails(_kt("View Roles"));
819 820 $oTemplating = new KTTemplating;
820 821 $oTemplate = $oTemplating->loadTemplate("ktcore/action/view_roles");
821   -
  822 +
822 823 // we need to have:
823 824 // - a list of roles
824 825 // - with their users / groups
825 826 // - and that allocation id
826 827 $aRoles = array(); // stores data for display.
827   -
  828 +
828 829 $aRoleList = Role::getList();
829 830 foreach ($aRoleList as $oRole) {
830 831 $iRoleId = $oRole->getId();
... ... @@ -833,7 +834,7 @@ class KTDocumentRolesAction extends KTDocumentAction {
833 834 if (is_null($oRoleAllocation)) {
834 835 $oRoleAllocation = RoleAllocation::getAllocationsForFolderAndRole($this->oDocument->getFolderID(), $iRoleId);
835 836 }
836   -
  837 +
837 838 $u = array();
838 839 $g = array();
839 840 $aid = null;
... ... @@ -855,12 +856,12 @@ class KTDocumentRolesAction extends KTDocumentAction {
855 856 $aRoles[$iRoleId]['users'] = $u;
856 857 $aRoles[$iRoleId]['groups'] = $g;
857 858 $aRoles[$iRoleId]['real_allocation_id'] = $raid;
858   - }
859   -
  859 + }
  860 +
860 861 // final step.
861   -
  862 +
862 863 // map to users, groups.
863   - foreach ($aRoles as $key => $role) {
  864 + foreach ($aRoles as $key => $role) {
864 865 $_users = array();
865 866 foreach ($aRoles[$key]['users'] as $iUserId) {
866 867 $oUser = User::get($iUserId);
... ... @@ -869,11 +870,11 @@ class KTDocumentRolesAction extends KTDocumentAction {
869 870 }
870 871 }
871 872 if (empty($_users)) {
872   - $aRoles[$key]['users'] = '<span class="descriptiveText"> ' . _kt('no users') . '</span>';
  873 + $aRoles[$key]['users'] = '<span class="descriptiveText"> ' . _kt('no users') . '</span>';
873 874 } else {
874 875 $aRoles[$key]['users'] = implode(', ',$_users);
875   - }
876   -
  876 + }
  877 +
877 878 $_groups = array();
878 879 foreach ($aRoles[$key]['groups'] as $iGroupId) {
879 880 $oGroup = Group::get($iGroupId);
... ... @@ -882,12 +883,12 @@ class KTDocumentRolesAction extends KTDocumentAction {
882 883 }
883 884 }
884 885 if (empty($_groups)) {
885   - $aRoles[$key]['groups'] = '<span class="descriptiveText"> ' . _kt('no groups') . '</span>';
  886 + $aRoles[$key]['groups'] = '<span class="descriptiveText"> ' . _kt('no groups') . '</span>';
886 887 } else {
887 888 $aRoles[$key]['groups'] = implode(', ',$_groups);
888 889 }
889 890 }
890   -
  891 +
891 892 $aTemplateData = array(
892 893 'context' => &$this,
893 894 'roles' => $aRoles,
... ...
plugins/ktstandard/KTDocumentLinksColumns.php
  View file @03c98e9
... ... @@ -7,7 +7,7 @@
7 7 * License Version 1.1.2 ("License"); You may not use this file except in
8 8 * compliance with the License. You may obtain a copy of the License at
9 9 * http://www.knowledgetree.com/KPL
10   - *
  10 + *
11 11 * Software distributed under the License is distributed on an "AS IS"
12 12 * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied.
13 13 * See the License for the specific language governing rights and
... ... @@ -18,9 +18,9 @@
18 18 * (ii) the KnowledgeTree copyright notice
19 19 * in the same form as they appear in the distribution. See the License for
20 20 * requirements.
21   - *
  21 + *
22 22 * The Original Code is: KnowledgeTree Open Source
23   - *
  23 + *
24 24 * The Initial Developer of the Original Code is The Jam Warehouse Software
25 25 * (Pty) Ltd, trading as KnowledgeTree.
26 26 * Portions created by The Jam Warehouse Software (Pty) Ltd are Copyright
... ... @@ -48,13 +48,13 @@ $oCR-&gt;getColumn(&#39;ktcore.columns.title&#39;);
48 48 class KTDocumentLinkTitle extends AdvancedTitleColumn {
49 49 var $namespace = 'ktdocumentlinks.columns.title';
50 50  
51   - function renderDocumentLink($aDataRow) {
  51 + function renderDocumentLink($aDataRow) {
52 52 $aOptions = $this->getOptions();
53 53 $fParentDocId = KTUtil::arrayGet(KTUtil::arrayGet($aOptions, 'qs_params', array()),
54 54 'fDocumentId', False);
55 55  
56 56 if ((int)$aDataRow["document"]->getId() === (int)$fParentDocId) {
57   - return $aDataRow["document"]->getName() .
  57 + return htmlentities($aDataRow["document"]->getName(),ENT_QUOTES, 'UTF-8') .
58 58 ' <span class="descriptiveText">(' . _kt('you cannot link to the source document') . ')';
59 59 } else {
60 60 return parent::renderDocumentLink($aDataRow);
... ...
plugins/rssplugin/KTrss.inc.php
  View file @03c98e9
... ... @@ -4,7 +4,7 @@
4 4 * License Version 1.1.2 ("License"); You may not use this file except in
5 5 * compliance with the License. You may obtain a copy of the License at
6 6 * http://www.knowledgetree.com/KPL
7   - *
  7 + *
8 8 * Software distributed under the License is distributed on an "AS IS"
9 9 * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied.
10 10 * See the License for the specific language governing rights and
... ... @@ -15,9 +15,9 @@
15 15 * (ii) the KnowledgeTree copyright notice
16 16 * in the same form as they appear in the distribution. See the License for
17 17 * requirements.
18   - *
  18 + *
19 19 * The Original Code is: KnowledgeTree Open Source
20   - *
  20 + *
21 21 * The Initial Developer of the Original Code is The Jam Warehouse Software
22 22 * (Pty) Ltd, trading as KnowledgeTree.
23 23 * Portions created by The Jam Warehouse Software (Pty) Ltd are Copyright
... ... @@ -52,7 +52,7 @@ class KTrss{
52 52 $sQuery = "SELECT id, url, title FROM plugin_rss WHERE user_id = ?";
53 53 $aParams = array($iUserId);
54 54 $aFeeds = DBUtil::getResultArray(array($sQuery, $aParams));
55   -
  55 +
56 56 if (PEAR::isError($aFeeds)) {
57 57 // XXX: log error
58 58 return false;
... ... @@ -61,7 +61,7 @@ class KTrss{
61 61 return $aFeeds;
62 62 }
63 63 }
64   -
  64 +
65 65 // Gets full listing of data of documents and folders subscribed to
66 66 function getInternalFeed($iUserId){
67 67 $documents=KTrss::getDocuments($iUserId);
... ... @@ -75,13 +75,13 @@ class KTrss{
75 75 }
76 76 return $response;
77 77 }
78   -
  78 +
79 79 // Get list of document subscriptions
80 80 function getDocumentList($iUserId){
81 81 $sQuery = "SELECT document_id as id FROM document_subscriptions WHERE user_id = ?";
82 82 $aParams = array($iUserId);
83 83 $aDocumentList = DBUtil::getResultArrayKey(array($sQuery, $aParams), 'id');
84   -
  84 +
85 85 if (PEAR::isError($aDocumentList)) {
86 86 // XXX: log error
87 87 return false;
... ... @@ -90,13 +90,13 @@ class KTrss{
90 90 return $aDocumentList;
91 91 }
92 92 }
93   -
  93 +
94 94 // Get list of folder subscriptions
95 95 function getFolderList($iUserId){
96 96 $sQuery = "SELECT folder_id as id, is_tree as tree FROM folder_subscriptions WHERE user_id = ?";
97 97 $aParams = array($iUserId);
98 98 $aFolderList = DBUtil::getResultArray(array($sQuery, $aParams));
99   -
  99 +
100 100 if (PEAR::isError($aFolderList)) {
101 101 // XXX: log error
102 102 return false;
... ... @@ -105,14 +105,14 @@ class KTrss{
105 105 return $aFolderList;
106 106 }
107 107 }
108   -
  108 +
109 109 // Get data for all documents subscribed to
110 110 function getDocuments($iUserId){
111 111 $aDList = KTrss::getDocumentList($iUserId);
112 112 if($aDList){
113 113 foreach($aDList as $document_id){
114 114 $document = KTrss::getOneDocument($document_id, $iUserId);
115   - if($document){
  115 + if($document){
116 116 $aDocuments[] = $document;
117 117 }
118 118 }
... ... @@ -125,7 +125,7 @@ class KTrss{
125 125 return $aDocuments;
126 126 }
127 127 }
128   -
  128 +
129 129 // Get data for all folders subscribed to
130 130 function getFolders($iUserId){
131 131 $aFList = KTrss::getFolderList($iUserId);
... ... @@ -139,7 +139,7 @@ class KTrss{
139 139 }
140 140 }
141 141 }
142   -
  142 +
143 143 if (PEAR::isError($aFolders)) {
144 144 // XXX: log error
145 145 return false;
... ... @@ -148,13 +148,13 @@ class KTrss{
148 148 return $aFolders;
149 149 }
150 150 }
151   -
  151 +
152 152 function getChildrenFolderTransactions($iParentFolderId, $depth = '1'){
153 153 if($depth == '1'){
154 154 $sQuery = "SELECT id from folders WHERE parent_folder_ids LIKE ?";
155 155 $aParams = array('%'.$iParentFolderId);
156 156 }//else
157   -
  157 +
158 158 $aFolderList = DBUtil::getResultArray(array($sQuery, $aParams));
159 159 if (PEAR::isError($aFolderList)) {
160 160 // XXX: log error
... ... @@ -162,7 +162,7 @@ class KTrss{
162 162 }
163 163 if ($aFolderList) {
164 164 foreach($aFolderList as $folderElement){
165   - $folder_id = $folderElement['id'];
  165 + $folder_id = $folderElement['id'];
166 166 $aFolderTransactions = array_merge($aFolderTransactions, KTrss::getFolderTransactions($folder_id));
167 167 }
168 168 }
... ... @@ -170,13 +170,13 @@ class KTrss{
170 170 return $aFolderTransactions;
171 171 }
172 172 }
173   -
  173 +
174 174 function getChildrenDocumentTransactions($iParentFolderId, $depth = '1'){
175 175 if($depth == '1'){
176 176 $sQuery = "SELECT id from documents WHERE parent_folder_ids LIKE ? ";
177 177 $aParams = array('%'.$iParentFolderId);
178 178 }//else
179   -
  179 +
180 180 $aDocumentList = DBUtil::getResultArray(array($sQuery, $aParams));
181 181  
182 182 if (PEAR::isError($aDocumentList)) {
... ... @@ -185,7 +185,7 @@ class KTrss{
185 185 }
186 186 if ($aDocumentList) {
187 187 foreach($aDocumentList as $documentElement){
188   - $document_id = $documentElement['id'];
  188 + $document_id = $documentElement['id'];
189 189 $aDocumentTransactions = array_merge($aDocumentTransactions, KTrss::getDocumentTransactions($document_id));
190 190 }
191 191 }
... ... @@ -193,19 +193,19 @@ class KTrss{
193 193 return $aDocumentTransactions;
194 194 }
195 195 }
196   -
  196 +
197 197 // get information on document
198 198 function getOneDocument($iDocumentId, $iUserId){
199 199 $aDData = KTrss::getDocumentData($iUserId, $iDocumentId);
200 200 $aDTransactions = KTrss::getDocumentTransactions($iDocumentId);
201 201 if($aDData){
202 202 $aDData['itemType'] = 'document';
203   -
  203 +
204 204 // create mime info
205 205 $aMimeInfo = KTrss::getMimeTypeInfo($iUserId, $iDocumentId);
206 206 $aDData['mimeTypeFName'] = $aMimeInfo['typeFName'];
207 207 $aDData['mimeTypeIcon'] = $aMimeInfo['typeIcon'];
208   -
  208 +
209 209 $aDocument[] = $aDData;
210 210 $aDocument[] = $aDTransactions;
211 211 }
... ... @@ -216,33 +216,33 @@ class KTrss{
216 216 return $aDocument;
217 217 }
218 218 }
219   -
  219 +
220 220 // get information for folder
221 221 function getOneFolder($iFolderId){
222 222 $aFData = KTrss::getFolderData($iFolderId);
223 223 $aFTransactions = array_merge(KTrss::getChildrenFolderTransactions($iFolderId), KTrss::getFolderTransactions($iFolderId));
224 224 $aFTransactions = array_merge($aFTransactions, KTrss::getChildrenDocumentTransactions($iFolderId));
225   -
  225 +
226 226 $code = 'if (strtotime($a[datetime]) == strtotime($b[datetime])){
227 227 return 0;
228 228 }
229 229 return (strtotime($a[datetime]) > strtotime($b[datetime])) ? -1 : 1;';
230   -
  230 +
231 231 $compare = create_function('$a,$b', $code);
232   -
  232 +
233 233 usort($aFTransactions, $compare);
234 234 for($i=0; $i<4; $i++){
235 235 $aFTransactions_new[] = $aFTransactions[$i];
236 236 }
237 237 $aFTransactions = $aFTransactions_new;
238   -
  238 +
239 239 if($aFData){
240 240 $aFData['itemType'] = 'folder';
241   -
  241 +
242 242 // create mime info
243 243 $aFData['mimeTypeFName'] = 'Folder';
244 244 $aFData['mimeTypeIcon'] = KTrss::getFolderIcon();
245   -
  245 +
246 246 $aFolder[] = $aFData;
247 247 $aFolder[] = $aFTransactions;
248 248 $aFolderBox[] = $aFolder;
... ... @@ -254,7 +254,7 @@ class KTrss{
254 254 return $aFolder;
255 255 }
256 256 }
257   -
  257 +
258 258 // Takes in an array as a parameter and returns rss2.0 compatible xml
259 259 function arrayToXML($aItems){
260 260 // Build path to host
... ... @@ -282,7 +282,7 @@ class KTrss{
282 282 $sTypeSelect = 'document.transactionhistory&amp;fDocumentId';
283 283 }
284 284 $feed .= "<item>\n" .
285   - "<title>".$aItems[0][0][name]."</title>\n" .
  285 + "<title>".htmlentities($aItems[0][0][name],ENT_QUOTES, 'UTF-8')."</title>\n" .
286 286 "<link>".$hostPath."action.php?kt_path_info=ktcore.actions.".$sTypeSelect."=".$aItems[0][0]['id']."</link>\n" .
287 287 "<description>\n" .
288 288 "&lt;table border='0' width='90%'&gt;\n".
... ... @@ -291,14 +291,14 @@ class KTrss{
291 291 "&lt;a href='".$hostPath."action.php?kt_path_info=ktcore.actions.".$sTypeSelect."=".$aItems[0][0][id]."' &gt;&lt;img src='".$aItems[0][mimeTypeIcon]."' align='left' height='16px' width='16px' alt='' border='0' /&gt;&lt;/a&gt;" .
292 292 "&lt;/td&gt;\n".
293 293 "&lt;td align='left'&gt; ".$aItems[0][mimeTypeFName]."&lt;/td&gt;\n".
294   - "&lt;/tr&gt;\n".
  294 + "&lt;/tr&gt;\n".
295 295 "&lt;tr&gt;\n".
296 296 "&lt;td colspan='2'&gt;\n".
297 297 ucfirst($aItems[0]['itemType'])." Information (ID: ".$aItems[0][0][id].")&lt;/&gt;\n".
298 298 "&lt;hr&gt;\n".
299 299 "&lt;table width='95%'&gt;\n".
300 300 "&lt;tr&gt;\n".
301   - "&lt;td&gt;Filename: ".$aItems[0][0][filename]."&lt;/td&gt;\n".
  301 + "&lt;td&gt;Filename: ".str_replace('&','&amp;',htmlentities($aItems[0][0][filename],ENT_QUOTES, 'UTF-8'))."&lt;/td&gt;\n".
302 302 "&lt;td&gt;\n".
303 303 "&lt;/tr&gt;\n".
304 304 "&lt;tr&gt;\n".
... ... @@ -326,11 +326,11 @@ class KTrss{
326 326 foreach($aItems[1] as $item){
327 327 $feed .= "&lt;tr&gt;\n".
328 328 "&lt;td&gt;".$item[type]." name:&lt;/td&gt;\n".
329   - "&lt;td&gt;".$item[name]."&lt;/td&gt;\n".
  329 + "&lt;td&gt;".str_replace('&','&amp;',htmlentities($item[name],ENT_QUOTES, 'UTF-8'))."&lt;/td&gt;\n".
330 330 "&lt;/tr&gt;\n".
331 331 "&lt;tr&gt;\n".
332 332 "&lt;td&gt;Path:&lt;/td&gt;\n".
333   - "&lt;td&gt;".$item[fullpath]."&lt;/td&gt;\n".
  333 + "&lt;td&gt;".str_replace('&','&amp;',htmlentities($item[fullpath],ENT_QUOTES, 'UTF-8'))."&lt;/td&gt;\n".
334 334 "&lt;/tr&gt;\n".
335 335 "&lt;tr&gt;\n".
336 336 "&lt;td&gt;Transaction:&lt;/td&gt;\n".
... ... @@ -338,7 +338,7 @@ class KTrss{
338 338 "&lt;/tr&gt;\n".
339 339 "&lt;tr&gt;\n".
340 340 "&lt;td&gt;Comment:&lt;/td&gt;\n".
341   - "&lt;td&gt;".$item[comment]."&lt;/td&gt;\n".
  341 + "&lt;td&gt;".str_replace('&','&amp;',htmlentities($item[comment],ENT_QUOTES, 'UTF-8'))."&lt;/td&gt;\n".
342 342 "&lt;/tr&gt;\n".
343 343 "&lt;tr&gt;\n";if($item[version]){
344 344 $feed .= "&lt;td&gt;Version:&lt;/td&gt;\n".
... ... @@ -354,7 +354,7 @@ class KTrss{
354 354 "&lt;/tr&gt;\n".
355 355 "&lt;tr&gt;\n".
356 356 "&lt;td colspan='2'&gt;&lt;hr width='100' align='left'&gt;&lt;/td&gt;\n".
357   - "&lt;/tr&gt;\n";}
  357 + "&lt;/tr&gt;\n";}
358 358 $feed .= "&lt;/table&gt;\n".
359 359 "&lt;/td&gt;\n".
360 360 "&lt;/tr&gt;\n".
... ... @@ -364,10 +364,10 @@ class KTrss{
364 364 }
365 365 $feed .= "</channel>\n" .
366 366 "</rss>\n";
367   -
368   - return $feed;
  367 +
  368 + return $feed;
369 369 }
370   -
  370 +
371 371 // Takes in an array as a parameter and returns rss2.0 compatible xml
372 372 function errorToXML($sError){
373 373 // Build path to host
... ... @@ -394,21 +394,21 @@ class KTrss{
394 394 "</item>\n";
395 395 $feed .= "</channel>\n" .
396 396 "</rss>\n";
397   -
398   - return $feed;
  397 +
  398 + return $feed;
399 399 }
400   -
  400 +
401 401 // Delete feed function
402 402 function deleteFeed($iFeedId){
403 403 $res = DBUtil::autoDelete('plugin_rss', $iFeedId);
404 404 }
405   -
  405 +
406 406 // Get title for external feed
407 407 function getExternalFeedTitle($iFeedId){
408 408 $sQuery = "SELECT title FROM plugin_rss WHERE id = ?";
409 409 $aParams = array($iFeedId);
410 410 $sFeedTitle = DBUtil::getOneResultKey(array($sQuery, $aParams), 'title');
411   -
  411 +
412 412 if (PEAR::isError($sFeedTitle)) {
413 413 // XXX: log error
414 414 return false;
... ... @@ -417,13 +417,13 @@ class KTrss{
417 417 return $sFeedTitle;
418 418 }
419 419 }
420   -
  420 +
421 421 // Get url for external feed
422 422 function getExternalFeedUrl($iFeedId){
423 423 $sQuery = "SELECT url FROM plugin_rss WHERE id = ?";
424 424 $aParams = array($iFeedId);
425 425 $sFeedUrl = DBUtil::getOneResultKey(array($sQuery, $aParams), 'url');
426   -
  426 +
427 427 if (PEAR::isError($sFeedUrl)) {
428 428 // XXX: log error
429 429 return false;
... ... @@ -432,16 +432,16 @@ class KTrss{
432 432 return $sFeedUrl;
433 433 }
434 434 }
435   -
  435 +
436 436 // Update external feed data
437 437 function updateFeed($iFeedId, $sFeedTitle, $sFeedUrl){
438 438 $sQuery = "UPDATE plugin_rss SET title=?, url=? WHERE id=?";
439 439 $aParams = array($sFeedTitle, $sFeedUrl, $iFeedId);
440 440 $res = DBUtil::runQuery(array($sQuery, $aParams));
441   -
  441 +
442 442 return $res;
443 443 }
444   -
  444 +
445 445 // Create new external feed
446 446 function createFeed($sFeedTitle, $sFeedUrl, $iUserId){
447 447 $aParams = array(
... ... @@ -453,59 +453,59 @@ class KTrss{
453 453  
454 454 return $res;
455 455 }
456   -
  456 +
457 457 // Function to validate that a user has permissions for a specific document
458 458 function validateDocumentPermissions($iUserId, $iDocumentId){
459 459 // check if user id is in session. If not, set it
460 460 if(!isset($_SESSION["userID"])){
461   - $_SESSION['userID'] = $iUserId;
  461 + $_SESSION['userID'] = $iUserId;
462 462 }
463 463 // get document object
464 464 $oDocument =& Document::get($iDocumentId);
465 465 if (PEAR::isError($oDocument)) {
466 466 return false;
467 467 }
468   -
  468 +
469 469 // check permissions for document
470 470 if(Permission::userHasDocumentReadPermission($oDocument)){
471   - return true;
  471 + return true;
472 472 }else{
473 473 return false;
474 474 }
475 475 }
476   -
  476 +
477 477 // Function to validate that a user has permissions for a specific folder
478 478 function validateFolderPermissions($iUserId, $iFolderId){
479 479 // check if user id is in session. If not, set it
480 480 if(!isset($_SESSION["userID"])){
481   - $_SESSION['userID'] = $iUserId;
  481 + $_SESSION['userID'] = $iUserId;
482 482 }
483 483 // get folder object
484 484 $oFolder = Folder::get($iFolderId);
485 485 if (PEAR::isError($oFolder)) {
486 486 return false;
487 487 }
488   -
  488 +
489 489 // check permissions for folder
490 490 if(Permission::userHasFolderReadPermission($oFolder)){
491   - return true;
  491 + return true;
492 492 }else{
493 493 return false;
494 494 }
495 495 }
496   -
  496 +
497 497 // get icon link for rss
498 498 function getRssLinkIcon(){
499 499 // built server path
500 500 global $default;
501 501 $sHostPath = "http" . ($default->sslEnabled ? "s" : "") . "://".$_SERVER['HTTP_HOST']."/".$GLOBALS['KTRootUrl']."/";
502   -
  502 +
503 503 // create image
504 504 $icon = "<img src='".$sHostPath."resources/graphics/rss.gif' alt='RSS' border=0/>";
505   -
  505 +
506 506 return $icon;
507 507 }
508   -
  508 +
509 509 // get rss link for a document/folder
510 510 function getRssLink($iItemId, $sItemType){
511 511 $item = strToLower($sItemType);
... ... @@ -514,34 +514,34 @@ class KTrss{
514 514 }else if($item == 'document'){
515 515 $sItemParameter = '?docId';
516 516 }
517   -
  517 +
518 518 // built server path
519 519 global $default;
520 520 $sHostPath = "http" . ($default->sslEnabled ? "s" : "") . "://" . $_SERVER['HTTP_HOST'];
521   -
  521 +
522 522 // build link
523 523 $sLink = $sHostPath.KTBrowseUtil::buildBaseUrl('rss').$sItemParameter.'='.$iItemId;
524   -
  524 +
525 525 return $sLink;
526 526 }
527   -
  527 +
528 528 // get rss icon link
529 529 function getImageLink($iItemId, $sItemType){
530 530 return "<a href='".KTrss::getRssLink($iItemId, $sItemType)."' target='_blank'>".KTrss::getRssLinkIcon()."</a>";
531 531 }
532   -
  532 +
533 533 // get the mime type id for a document
534 534 function getDocumentMimeTypeId($iUserId, $iDocumentId){
535 535 if(!isset($_SESSION["userID"])){
536   - $_SESSION['userID'] = $iUserId;
  536 + $_SESSION['userID'] = $iUserId;
537 537 }
538 538 // get document object
539 539 $oDocument =& Document::get($iDocumentId);
540   -
  540 +
541 541 $docMime = $oDocument->getMimeTypeID();
542 542 return $docMime;
543 543 }
544   -
  544 +
545 545 // get mime information for a document
546 546 function getMimeTypeInfo($iUserId, $iDocumentId){
547 547 global $default;
... ... @@ -549,27 +549,27 @@ class KTrss{
549 549 $mimeinfo['typeName'] = KTMime::getMimeTypeName($mimeinfo['typeId']); // mime type name
550 550 $mimeinfo['typeFName'] = KTMime::getFriendlyNameForString($mimeinfo['typeName']); // mime type friendly name
551 551 $mimeinfo['typeIcon'] = "http" . ($default->sslEnabled ? "s" : "") . "://".$_SERVER['HTTP_HOST']."/".$GLOBALS['KTRootUrl']."/resources/mimetypes/".KTMime::getIconPath($mimeinfo['typeId']).".png"; //icon path
552   -
  552 +
553 553 return $mimeinfo;
554 554 }
555   -
  555 +
556 556 // get the default folder icon
557 557 function getFolderIcon(){
558 558 global $default;
559 559 return $mimeinfo['typeIcon'] = "http" . ($default->sslEnabled ? "s" : "") . "://".$_SERVER['HTTP_HOST']."/".$GLOBALS['KTRootUrl']."/thirdparty/icon-theme/16x16/mimetypes/x-directory-normal.png"; //icon path
560 560 }
561   -
  561 +
562 562 // get a document information
563 563 function getDocumentData($iUserId, $iDocumentId){
564 564 if(!isset($_SESSION["userID"])){
565   - $_SESSION['userID'] = $iUserId;
  565 + $_SESSION['userID'] = $iUserId;
566 566 }
567 567 // get document object
568 568 $oDocument =& Document::get($iDocumentId);
569   -
  569 +
570 570 $cv = $oDocument->getContentVersionId();
571 571 $mv = $oDocument->getMetadataVersionId();
572   -
  572 +
573 573 $sQuery = "SELECT dcv.document_id AS id, dmver.name AS name, dcv.filename AS filename, c.name AS author, o.name AS owner, dtl.name AS type, dwfs.name AS workflow_status " .
574 574 "FROM documents AS d LEFT JOIN document_content_version AS dcv ON d.id = dcv.document_id " .
575 575 "LEFT JOIN users AS o ON d.owner_id = o.id " .
... ... @@ -582,14 +582,14 @@ class KTrss{
582 582 "AND dmver.id = ? " .
583 583 "AND dcv.id = ? " .
584 584 "LIMIT 1";
585   -
  585 +
586 586 $aParams = array($iDocumentId, $mv, $cv);
587 587 $aDocumentData = DBUtil::getResultArray(array($sQuery, $aParams));
588 588 if($aDocumentData){
589 589 return $aDocumentData;
590 590 }
591 591 }
592   -
  592 +
593 593 // get a folder information
594 594 function getFolderData($iFolderId){
595 595 $sQuery = "SELECT f.id AS id, f.name AS name, f.name AS filename, c.name AS author, o.name AS owner, f.description AS description " .
... ... @@ -598,14 +598,14 @@ class KTrss{
598 598 "LEFT JOIN users AS c ON f.creator_id = c.id " .
599 599 "WHERE f.id = ? " .
600 600 "LIMIT 1";
601   -
  601 +
602 602 $aParams = array($iFolderId);
603 603 $aFolderData = DBUtil::getResultArray(array($sQuery, $aParams));
604 604 if($aFolderData){
605 605 return $aFolderData;
606 606 }
607 607 }
608   -
  608 +
609 609 // get a listing of the latest 3 transactions for a document
610 610 function getDocumentTransactions($iDocumentId){
611 611 $sQuery = "SELECT DT.datetime AS datetime, 'Document' AS type, DMV.name, D.full_path AS fullpath, DTT.name AS transaction_name, U.name AS user_name, DT.version AS version, DT.comment AS comment " .
... ... @@ -616,14 +616,14 @@ class KTrss{
616 616 "WHERE DT.document_id = ? " .
617 617 "ORDER BY DT.datetime DESC " .
618 618 "LIMIT 4";
619   -
  619 +
620 620 $aParams = array($iDocumentId);
621 621 $aDocumentTransactions = DBUtil::getResultArray(array($sQuery, $aParams));
622 622 if($aDocumentTransactions){
623 623 return $aDocumentTransactions;
624 624 }
625 625 }
626   -
  626 +
627 627 // Get a listing of the latest 3 transactions for a folder
628 628 function getFolderTransactions($iFolderId){
629 629 $sQuery = "SELECT FT.datetime AS datetime, 'Folder' AS type, F.name, F.full_path AS fullpath, DTT.name AS transaction_name, U.name AS user_name, FT.comment AS comment " .
... ... @@ -633,7 +633,7 @@ class KTrss{
633 633 "WHERE FT.folder_id = ? " .
634 634 "ORDER BY FT.datetime DESC " .
635 635 "LIMIT 4";
636   -
  636 +
637 637 $aParams = array($iFolderId);
638 638 $aFolderTransactions = DBUtil::getResultArray(array($sQuery, $aParams));
639 639 if($iFolderId){
... ...
plugins/rssplugin/templates/RSSPlugin/dashlet.smarty
  View file @03c98e9
... ... @@ -9,13 +9,13 @@
9 9 {/if}
10 10 {if $feedlist}
11 11 {section name=feed loop=$feedlist}
12   - <option value='{$feedlist[feed].url}'>{$feedlist[feed].title}</option>
  12 + <option value='{$feedlist[feed].url}'>{$feedlist[feed].title|sanitize}</option>
13 13 {/section}
14 14 {/if}
15 15 </select>
16 16 {if ($action.url)}<a href="{$action.url}"
17   -{if $action.description}title="{$action.description}"{/if}
18   - >{$action.name}</a>{else}{$action.name}{/if}
  17 +{if $action.description}title="{$action.description|sanitize}"{/if}
  18 + >{$action.name}</a>{else}{$action.name|sanitize}{/if}
19 19 </form>
20 20 {/if}
21 21 </div>
... ... @@ -26,7 +26,7 @@
26 26 <table width='90%'>
27 27 {section name=i start=0 loop=$itemcount}
28 28 <tr>
29   - <td><strong><a href='{$internalrss.items[i].link}'>{$internalrss.items[i].title}</a><strong></td>
  29 + <td><strong><a href='{$internalrss.items[i].link}'>{$internalrss.items[i].title|sanitize}</a><strong></td>
30 30 </tr>
31 31 <tr>
32 32 <td>{$internalrss.items[i].description}</td>
... ...
plugins/rssplugin/templates/RSSPlugin/rssdocumentaction.smarty
  View file @03c98e9
1   -<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}RSS for Document{/i18n}:<br />{$context->oDocument->getName()}</h2>
  1 +<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}RSS for Document{/i18n}:<br />{$context->oDocument->getName()|sanitize}</h2>
2 2  
3 3 <p>
4 4 {i18n}You can copy the following link into any RSS aggregator to create a feed to the selected document.{/i18n}
... ...
plugins/rssplugin/templates/RSSPlugin/rssfolderaction.smarty
  View file @03c98e9
1   -<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}RSS for folder{/i18n}: {$context->oFolder->getName()}</h2>
  1 +<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}RSS for folder{/i18n}: {$context->oFolder->getName()|sanitize}</h2>
2 2 <p>
3 3 {i18n}You can copy the following link into any RSS aggregator to create a feed to the selected folder.{/i18n}
4 4 <ul>
... ...
templates/kt3/fieldsets/generic.smarty
  View file @03c98e9
... ... @@ -8,9 +8,9 @@
8 8 <table class="metadatatable" cellspacing="0" cellpadding="5">
9 9 <tr class="even first">
10 10 <th>{i18n}Document Filename{/i18n}</th>
11   - <td>{$filename|wordwrap:40:"\n":true} ({$context->_sizeHelper($document->getSize())})</td>
  11 + <td>{$filename|wordwrap:40:"\n":true|sanitize} ({$context->_sizeHelper($document->getSize())})</td>
12 12 </tr>
13   -
  13 +
14 14 <tr class="odd">
15 15 <th>{i18n}File is a{/i18n}</th>
16 16 <td>{$context->_mimeHelper($document->getMimeTypeID())}</td>
... ... @@ -20,7 +20,7 @@
20 20 <th>{i18n}Document Version{/i18n}</th>
21 21 <td>{$document->getMajorVersionNumber()}.{$document->getMinorVersionNumber()}</td>
22 22 </tr>
23   -
  23 +
24 24 <tr class="odd">
25 25 <th>{i18n}Created by{/i18n}</th>
26 26 <td>{$creator} ({$creation_date})</td>
... ...
templates/kt3/fieldsets/generic_versioned.smarty
  View file @03c98e9
... ... @@ -7,20 +7,20 @@
7 7  
8 8 <table class="metadatatable versioned" cellspacing="0" cellpadding="5">
9 9  
10   -{capture assign="oldval"}{$comparison_title}{/capture}
11   -{capture assign="newval"}{$title}{/capture}
  10 +{capture assign="oldval"}{$comparison_title|sanitize}{/capture}
  11 +{capture assign="newval"}{$title|sanitize}{/capture}
12 12 <tr class="odd first">
13 13 <th>{i18n}Document Title{/i18n}</th>
14 14 <td class="current {if ($oldval != $newval)}different{/if}">{$newval}</td>
15   - <td class="previous {if ($oldval != $newval)}different{/if}">{$oldval}</td>
  15 + <td class="previous {if ($oldval != $newval)}different{/if}">{$oldval}</td>
16 16 </tr>
17   -
18   -{capture assign="oldval"}{$comparison_filename} ({$context->_sizeHelper($comparison_document->getSize())}){/capture}
19   -{capture assign="newval"}{$filename} ({$context->_sizeHelper($document->getSize())}){/capture}
  17 +
  18 +{capture assign="oldval"}{$comparison_filename|sanitize} ({$context->_sizeHelper($comparison_document->getSize())}){/capture}
  19 +{capture assign="newval"}{$filename|sanitize} ({$context->_sizeHelper($document->getSize())}){/capture}
20 20 <tr class="even">
21 21 <th>{i18n}Document Filename{/i18n}</th>
22 22 <td class="current {if ($oldval != $newval)}different{/if}">{$newval}</td>
23   - <td class="previous {if ($oldval != $newval)}different{/if}">{$oldval}</td>
  23 + <td class="previous {if ($oldval != $newval)}different{/if}">{$oldval}</td>
24 24 </tr>
25 25  
26 26 {capture assign="oldval"}{$context->_mimeHelper($comparison_document->getMimeTypeID())}{/capture}
... ... @@ -28,17 +28,17 @@
28 28 <tr class="odd">
29 29 <th>{i18n}File is a{/i18n}</th>
30 30 <td class="current {if ($oldval != $newval)}different{/if}">{$newval}</td>
31   - <td class="previous {if ($oldval != $newval)}different{/if}">{$oldval}</td>
  31 + <td class="previous {if ($oldval != $newval)}different{/if}">{$oldval}</td>
32 32 </tr>
33   -
  33 +
34 34 {capture assign="oldval"}{$comparison_document->getMajorVersionNumber()}.{$comparison_document->getMinorVersionNumber()}{/capture}
35 35 {capture assign="newval"}{$document->getMajorVersionNumber()}.{$document->getMinorVersionNumber()}{/capture}
36 36 <tr class="even">
37 37 <th>{i18n}Document Version{/i18n}</th>
38 38 <td class="current {if ($oldval != $newval)}different{/if}">{$newval}</td>
39   - <td class="previous {if ($oldval != $newval)}different{/if}">{$oldval}</td>
  39 + <td class="previous {if ($oldval != $newval)}different{/if}">{$oldval}</td>
40 40 </tr>
41   -
  41 +
42 42 <tr class="odd">
43 43 <th>{i18n}Created by{/i18n}</th>
44 44 <td colspan="2">{$creator} ({$creation_date}) <span class="descriptiveText">({i18n}this cannot change between versions{/i18n})</td>
... ... @@ -54,15 +54,15 @@
54 54 <tr class="odd">
55 55 <th>{i18n}Last update by{/i18n}</th>
56 56 <td class="current {if ($oldval != $newval)}different{/if}">{$newval}</td>
57   - <td class="previous {if ($oldval != $newval)}different{/if}">{$oldval}</td>
  57 + <td class="previous {if ($oldval != $newval)}different{/if}">{$oldval}</td>
58 58 </tr>
59 59  
60 60 {capture assign="oldval"}{$comparison_document_type}{/capture}
61   -{capture assign="newval"}{$document_type}{/capture}
  61 +{capture assign="newval"}{$document_type}{/capture}
62 62 <tr class="even">
63 63 <th>{i18n}Document Type{/i18n}</th>
64 64 <td class="current {if ($oldval != $newval)}different{/if}">{$newval}</td>
65   - <td class="previous {if ($oldval != $newval)}different{/if}">{$oldval}</td>
  65 + <td class="previous {if ($oldval != $newval)}different{/if}">{$oldval}</td>
66 66 </tr>
67 67  
68 68 {capture assign="oldval"}{if $comparison_workflow_state}
... ... @@ -78,7 +78,7 @@
78 78 <tr class="odd">
79 79 <th>{i18n}Workflow status{/i18n}</th>
80 80 <td class="current {if ($oldval != $newval)}different{/if}">{$newval}</td>
81   - <td class="previous {if ($oldval != $newval)}different{/if}">{$oldval}</td>
  81 + <td class="previous {if ($oldval != $newval)}different{/if}">{$oldval}</td>
82 82 </tr>
83 83  
84 84 <tr class="even">
... ...
templates/kt3/fieldsets/simple.smarty
  View file @03c98e9
... ... @@ -3,16 +3,16 @@
3 3 <p class="descriptiveText">
4 4 {$description}
5 5 </p>
6   -
  6 +
7 7 <table class="metadatatable" cellspacing="0" cellpadding="5">
8 8 {foreach item=aFieldPair from=$fieldset_values name=fields}
9 9 <tr class="{cycle values=even,odd} {if $smarty.foreach.fields.first}first{/if}">
10 10 <th>{$aFieldPair.field->getName()}</th>
11   - <td>{if ($aFieldPair.value !== null)}{$aFieldPair.value}
  11 + <td>{if ($aFieldPair.value !== null)}{$aFieldPair.value|sanitize}
12 12 {else}<span class="descriptiveText">{i18n}no value{/i18n}</span>{/if}</td>
13 13 </tr>
14 14 {/foreach}
15 15 </table>
16   -
  16 +
17 17 <div class="floatClear"><!-- --> </div>
18 18 </div>
... ...
templates/kt3/fieldsets/simple_versioned.smarty
  View file @03c98e9
... ... @@ -7,17 +7,17 @@
7 7 {i18n arg_name=$name}This is the data assigned to the
8 8 <strong>#name#</strong> aspect of this document.{/i18n}
9 9 </p>
10   -
  10 +
11 11 <table class="metadatatable versioned" cellspacing="0" cellpadding="5">
12 12 {foreach item=aFieldPair from=$fieldset_values name=fields}
13 13 <tr class="{cycle values=even,odd} {if $smarty.foreach.fields.first}first{/if}">
14 14 <th>{$aFieldPair.field->getName()}</th>
15 15 <td class="current {if ($aFieldPair.current_value != $aFieldPair.previous_value)}different{/if}">
16   - {if ($aFieldPair.current_value !== null)}{$aFieldPair.current_value}
  16 + {if ($aFieldPair.current_value !== null)}{$aFieldPair.current_value|sanitize}
17 17 {else}<span class="descriptiveText">{i18n}no value in this version{/i18n}</span>{/if}</td>
18 18 <td class="previous {if ($aFieldPair.current_value != $aFieldPair.previous_value)}different{/if}">
19   - {if ($aFieldPair.previous_value !== null)}{$aFieldPair.previous_value}
20   - {else}<span class="descriptiveText">{i18n}no value in this version{/i18n}</span>{/if}</td>
  19 + {if ($aFieldPair.previous_value !== null)}{$aFieldPair.previous_value|sanitize}
  20 + {else}<span class="descriptiveText">{i18n}no value in this version{/i18n}</span>{/if}</td>
21 21 </tr>
22 22 {/foreach}
23 23 </table>
... ...
templates/kt3/minimal_page.smarty
  View file @03c98e9
... ... @@ -3,12 +3,12 @@
3 3 <html>
4 4 <head>
5 5 <title>{$page->title} | {$page->systemName}</title>
6   -
  6 +
7 7 <!-- CSS Files. -->
8 8 {foreach item=sResourceURL from=$page->getCSSResources()}
9 9 <link rel="stylesheet" type="text/css" href="{$rootUrl}/{$sResourceURL}" />
10 10 {/foreach}
11   -
  11 +
12 12 <!-- Standalone CSS. -->
13 13 {foreach item=sCSS from=$page->getCSSStandalone()}
14 14 <style>
... ... @@ -56,7 +56,7 @@
56 56 FIXME: page does not set user.
57 57 {/if}
58 58 &middot;
59   -
  59 +
60 60  
61 61 {foreach item=aMenuItem from=$page->userMenu name=prefmenu}
62 62 {if ($aMenuItem.active == 1)}
... ... @@ -76,20 +76,20 @@
76 76 <span class="additional">{i18n}You are here{/i18n}: </span>
77 77 {if ($page->breadcrumbSection !== false)}
78 78 {if ($page->breadcrumbSection.url) }
79   - <a href="{$page->breadcrumbSection.url}" class="primary">{$page->breadcrumbSection.label}</a>
  79 + <a href="{$page->breadcrumbSection.url}" class="primary">{$page->breadcrumbSection.label}</a>
80 80 {else}
81   - <span class="primary">{$page->breadcrumbSection.label}</span>
  81 + <span class="primary">{$page->breadcrumbSection.label}</span>
82 82 {/if}
83 83 {/if}
84 84 {if (($page->breadcrumbSection !== false) && ($page->breadcrumbs !== false))}
85   -&raquo;
  85 +&raquo;
86 86 {/if}
87 87 {if ($page->breadcrumbs !== false)}
88 88 {foreach item=aCrumb from=$page->breadcrumbs name=bc}
89 89 {if ($aCrumb.url) }
90   - <a href="{$aCrumb.url}">{$aCrumb.label}</a>
  90 + <a href="{$aCrumb.url}">{$aCrumb.label|sanitize}</a>
91 91 {else}
92   - <span>{$aCrumb.label}</span>
  92 + <span>{$aCrumb.label|sanitize}</span>
93 93 {/if}
94 94 {if (!$smarty.foreach.bc.last)}
95 95 &raquo;
... ... @@ -97,7 +97,7 @@
97 97 {/foreach}
98 98 {/if}
99 99 {if ($page->breadcrumbDetails !== false)}
100   -<span class="additional">({$page->breadcrumbDetails})</span>
  100 +<span class="additional">({$page->breadcrumbDetails})</span>
101 101 {/if}
102 102 </div>
103 103  
... ...
templates/kt3/standard_page.smarty
  View file @03c98e9
1 1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
2 2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
3   -<html>
  3 +<html>
4 4 <head>
5 5 <title>{$page->title}{if ($page->secondary_title != null)} &mdash; {$page->secondary_title}{/if} | {$page->systemName}</title>
6   -
  6 +
7 7 <!-- CSS Files. -->
8   -
  8 +
9 9 {foreach item=sResourceURL from=$page->getCSSResources()}
10 10 <link rel="stylesheet" type="text/css" href="{$rootUrl}/{$sResourceURL}" />
11 11 {/foreach}
... ... @@ -14,17 +14,17 @@
14 14 <link rel="stylesheet" type="text/css" href="{$rootUrl}/{$sResourceURL}" />
15 15 {/foreach}
16 16 {/if}
17   -
  17 +
18 18 <link rel="stylesheet" type="text/css" href="{$rootUrl}/resources/css/kt-print.css"
19 19 media="print" />
20 20  
21 21 <link rel="icon" href="{$rootUrl}/resources/favicon.ico" type="image/x-icon">
22   - <link rel="shortcut icon" href="{$rootUrl}/resources/favicon.ico" type="image/x-icon">
  22 + <link rel="shortcut icon" href="{$rootUrl}/resources/favicon.ico" type="image/x-icon">
23 23  
24 24 {if $refreshTimeout}
25 25 <meta http-equiv="refresh" content="{$refreshTimeout}" />
26 26 {/if}
27   -
  27 +
28 28 <!-- evil CSS workarounds - inspired by Plone's approach -->
29 29 <!-- Internet Explorer CSS Fixes -->
30 30 <!--[if lt IE 7]>
... ... @@ -37,7 +37,7 @@
37 37 {/foreach}
38 38 {/if}
39 39 <![endif]-->
40   -
  40 +
41 41 <!-- Standalone CSS. -->
42 42 {foreach item=sCSS from=$page->getCSSStandalone()}
43 43 <style>
... ... @@ -89,7 +89,7 @@
89 89 {/if}
90 90 <li><div id="menu_divider"></div></li>
91 91 {/foreach}
92   -
  92 +
93 93 <!-- user menu -->
94 94 <li class="pref">
95 95 {if ($page->user)}
... ... @@ -121,20 +121,20 @@
121 121 <span class="additional">{i18n}You are here{/i18n}: </span>
122 122 {if ($page->breadcrumbSection !== false)}
123 123 {if ($page->breadcrumbSection.url) }
124   - <a href="{$page->breadcrumbSection.url}" class="primary">{$page->breadcrumbSection.label}</a>
  124 + <a href="{$page->breadcrumbSection.url}" class="primary">{$page->breadcrumbSection.label|sanitize}</a>
125 125 {else}
126   - <span class="primary">{$page->breadcrumbSection.label}</span>
  126 + <span class="primary">{$page->breadcrumbSection.label|sanitize}</span>
127 127 {/if}
128 128 {/if}
129 129 {if (($page->breadcrumbSection !== false) && ($page->breadcrumbs !== false))}
130   - &raquo;
  130 + &raquo;
131 131 {/if}
132 132 {if ($page->breadcrumbs !== false)}
133 133 {foreach item=aCrumb from=$page->breadcrumbs name=bc}
134 134 {if ($aCrumb.url) }
135   - <a href="{$aCrumb.url}">{$aCrumb.label}</a>
  135 + <a href="{$aCrumb.url}">{$aCrumb.label|sanitize}</a>
136 136 {else}
137   - <span>{$aCrumb.label|mb_truncate:40:"...":true}</span>
  137 + <span>{$aCrumb.label|mb_truncate:40:"...":true|sanitize}</span>
138 138 {/if}
139 139 {if (!$smarty.foreach.bc.last)}
140 140 &raquo;
... ... @@ -142,7 +142,7 @@
142 142 {/foreach}
143 143 {/if}
144 144 {if ($page->breadcrumbDetails !== false)}
145   - <span class="additional">({$page->breadcrumbDetails})</span>
  145 + <span class="additional">({$page->breadcrumbDetails})</span>
146 146 {/if}
147 147 </div>
148 148 {/if}
... ... @@ -175,7 +175,7 @@
175 175 {if ($page->getHelpURL() != null)}<a class="ktHelp" href="{$page->getHelpURL()}">Help</a> {/if}
176 176 </h1>
177 177 {/if}
178   -
  178 +
179 179 <!-- any status / error messages get added here. -->
180 180 {if (!empty($page->errStack))}
181 181 <div class="ktError">
... ... @@ -187,7 +187,7 @@
187 187 <div class="error_dashlet_topleft_small"></div>
188 188 <div class="error_dashlet_toprepeat_small"></div>
189 189 <div class="error_dashlet_topright_small"></div>
190   -
  190 +
191 191 <div class="error_dashlet_bottomleft"></div>
192 192 <div class="error_dashlet_bottomrepeat_small"></div>
193 193 <div class="error_dashlet_bottomright"></div>
... ... @@ -204,7 +204,7 @@
204 204 <div class="info_dashlet_topleft_small"></div>
205 205 <div class="info_dashlet_toprepeat_small"></div>
206 206 <div class="info_dashlet_topright_small"></div>
207   -
  207 +
208 208 <div class="info_dashlet_bottomleft"></div>
209 209 <div class="info_dashlet_bottomrepeat_small"></div>
210 210 <div class="info_dashlet_bottomright"></div>
... ... @@ -237,6 +237,6 @@
237 237 </table>
238 238 <div class="floatClear"></div>
239 239 </div>
240   -</div>
  240 +</div>
241 241 </body>
242 242 </html>
... ...
templates/kt3/view_folder_history.smarty
  View file @03c98e9
... ... @@ -19,9 +19,9 @@
19 19 <td class="username">{$aTransactionRow.user_name}</td>
20 20 <td class="action">{i18n}{$aTransactionRow.transaction_name}{/i18n}</td>
21 21 <td class="date">{$aTransactionRow.datetime}</td>
22   - <td class="comment">{$aTransactionRow.comment}</td>
  22 + <td class="comment">{$aTransactionRow.comment|sanitize}</td>
23 23 </tr>
24 24 {/foreach}
25 25 </tbody>
26   -
  26 +
27 27 </table>
... ...
templates/ktcore/action/addFolder.smarty
  View file @03c98e9
1   -<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Add a folder to{/i18n}:<br />{$context->oFolder->getName()}</h2>
  1 +<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Add a folder to{/i18n}:<br />{$context->oFolder->getName()|sanitize}</h2>
2 2  
3 3 <p class="descriptiveText">{i18n}Folders are one way of organising documents
4 4 in the document management system. Folders provide meaning in the
... ...
templates/ktcore/action/archive.smarty
  View file @03c98e9
1   -<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Archive Document{/i18n}:<br />{$context->oDocument->getName()}</h2>
  1 +<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Archive Document{/i18n}:<br />{$context->oDocument->getName()|sanitize}</h2>
2 2  
3 3 <p class="descriptiveText">{i18n}Archiving a document changes the
4 4 document's state to invisible to non-administrative users. Only an
... ...
templates/ktcore/action/assistance.smarty
  View file @03c98e9
1   -<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Request Assistance{/i18n}:<br />{$context->oDocument->getName()}</h2>
  1 +<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Request Assistance{/i18n}:<br />{$context->oDocument->getName()|sanitize}</h2>
2 2  
3 3  
4 4 <p class="descriptiveText">{i18n}If you are unable to perform an action
... ...
templates/ktcore/action/cancel_checkout.smarty
  View file @03c98e9
1   -<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Cancel Checkout{/i18n}:<br />{$context->oDocument->getName()}</h2>
  1 +<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Cancel Checkout{/i18n}:<br />{$context->oDocument->getName()|sanitize}</h2>
2 2  
3 3  
4 4 <p class="descriptiveText">{i18n}If you do not want to have this document be checked-out,
... ...
templates/ktcore/action/checkin.smarty
  View file @03c98e9
1   -<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Checkin Document{/i18n}:<br />{$context->oDocument->getName()}</h2>
  1 +<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Checkin Document{/i18n}:<br />{$context->oDocument->getName()|sanitize}</h2>
2 2  
3 3  
4 4 <p class="descriptiveText">{i18n}Checking in a document updates the document
... ...
templates/ktcore/action/checkout.smarty
  View file @03c98e9
1   -<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Checkout Document{/i18n}:<br />{$context->oDocument->getName()}</h2>
  1 +<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Checkout Document{/i18n}:<br />{$context->oDocument->getName()|sanitize}</h2>
2 2  
3 3 <p class="descriptiveText">{i18n}Checking out a document reserves it for your
4 4 exclusive use. This ensures that you can edit the document without
... ...
templates/ktcore/action/checkout_final.smarty
  View file @03c98e9
... ... @@ -16,7 +16,7 @@ addLoadEvent(scheduleCheckout);
16 16 {/capture}
17 17 {$context->oPage->requireJSStandalone($sJavascript)}
18 18  
19   -<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Checkout Document{/i18n}:<br />{$context->oDocument->getName()}</h2>
  19 +<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Checkout Document{/i18n}:<br />{$context->oDocument->getName()|sanitize}</h2>
20 20  
21 21 {capture assign=link}{$sLocation|addQSSelf}{/capture}
22 22 <p class="descriptiveText">{i18n arg_link=$link}The document you wish to
... ...
templates/ktcore/action/view_roles.smarty
  View file @03c98e9
1   -<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}View Roles{/i18n}:<br />{$context->oDocument->getName()}</h2>
  1 +<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}View Roles{/i18n}:<br />{$context->oDocument->getName()|sanitize}</h2>
2 2  
3 3 <p class="descriptiveText">{i18n}
4 4 In many cases, workflow actions will be assigned to certain <strong>roles</strong>
... ... @@ -22,7 +22,7 @@
22 22 <tr class="{cycle values=odd,even}">
23 23 <td>{$aRole.name}</td>
24 24 <td>
25   - {if ($aRole.users != null)}<strong>{i18n}Users{/i18n}:</strong> {$aRole.users}<br />{/if}
  25 + {if ($aRole.users != null)}<strong>{i18n}Users{/i18n}:</strong> {$aRole.users}<br />{/if}
26 26 {if ($aRole.groups != null)}<strong>{i18n}Groups{/i18n}:</strong> {$aRole.groups}{/if}
27 27 </td>
28 28 </tr>
... ...
templates/ktcore/assist/assist_notification_details.smarty
  View file @03c98e9
... ... @@ -6,9 +6,9 @@
6 6  
7 7 <dl>
8 8 <dt>{i18n}Subject{/i18n}</dt>
9   -<dd>{$subject}</dd>
  9 +<dd>{$subject|sanitize}</dd>
10 10 <dt>{i18n}Details{/i18n}</dt>
11   -<dd>{$details} </dd>
  11 +<dd>{$details|sanitize} </dd>
12 12 </dl>
13 13  
14 14 <div class="actionoptions">
... ...
templates/ktcore/bulk_action_complete.smarty
  View file @03c98e9
1   -<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{$context->getDisplayName()}</h2>
  1 +<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{$context->getDisplayName()|sanitize}</h2>
2 2  
3 3 <p class="descriptiveText">{i18n}These are the results of the bulk action{/i18n}:</p>
4 4  
... ... @@ -17,8 +17,8 @@
17 17 <tbody>
18 18 {foreach from=$list.folders item=item}
19 19 <tr class="{cycle values=even,odd}">
20   - <td>{$item.0}</td>
21   - <td>{$item.1}</td>
  20 + <td>{$item.0|sanitize}</td>
  21 + <td>{$item.1|sanitize}</td>
22 22 </tr>
23 23 {/foreach}
24 24 </tbody>
... ... @@ -42,8 +42,8 @@
42 42  
43 43 {foreach from=$list.documents item=item}
44 44 <tr class="{cycle values=even,odd}">
45   - <td>{$item.0}</td>
46   - <td>{$item.1}</td>
  45 + <td>{$item.0|sanitize}</td>
  46 + <td>{$item.1|sanitize}</td>
47 47 </tr>
48 48 {/foreach}
49 49 </tbody>
... ...
templates/ktcore/bulk_action_listing.smarty
  View file @03c98e9
... ... @@ -17,8 +17,8 @@
17 17 <tbody>
18 18 {foreach from=$failed.folders item=item}
19 19 <tr class="{cycle values=even,odd}">
20   - <td>{$item.0}</td>
21   - <td>{$item.1}</td>
  20 + <td>{$item.0|sanitize}</td>
  21 + <td>{$item.1|sanitize}</td>
22 22 </tr>
23 23 {/foreach}
24 24 </tbody>
... ... @@ -43,8 +43,8 @@
43 43  
44 44 {foreach from=$failed.documents item=item}
45 45 <tr class="{cycle values=even,odd}">
46   - <td>{$item.0}</td>
47   - <td>{$item.1}</td>
  46 + <td>{$item.0|sanitize}</td>
  47 + <td>{$item.1|sanitize}</td>
48 48 </tr>
49 49 {/foreach}
50 50 </tbody>
... ... @@ -59,7 +59,7 @@
59 59 <h3>{i18n}Folders{/i18n}</h3>
60 60 <ul>
61 61 {foreach from=$folders item=folder}
62   -<li>{$folder}</li>
  62 +<li>{$folder|sanitize}</li>
63 63 {/foreach}
64 64 </ul>
65 65 {/if}
... ... @@ -68,7 +68,7 @@
68 68 <h3>{i18n}Documents{/i18n}</h3>
69 69 <ul>
70 70 {foreach from=$documents item=document}
71   -<li>{$document}</li>
  71 +<li>{$document|sanitize}</li>
72 72 {/foreach}
73 73 </ul>
74 74 {/if}
... ...
templates/ktcore/dashlets/checkedout.smarty
  View file @03c98e9
... ... @@ -2,7 +2,7 @@
2 2 {if (!empty($documents))}
3 3 <dl>
4 4 {foreach item=oDocument from=$documents}
5   - <dt>{$oDocument->getName()} | <a href="{$context->getDocumentLink($oDocument)}">{i18n}View Document{/i18n}</a></dt>
  5 + <dt>{$oDocument->getName()|sanitize} | <a href="{$context->getDocumentLink($oDocument)}">{i18n}View Document{/i18n}</a></dt>
6 6 {/foreach}
7 7 </ul>
8 8 {else}
... ...
templates/ktcore/document/admin/dearchiveconfirmlist.smarty
  View file @03c98e9
... ... @@ -20,7 +20,7 @@ state.{/i18n}&lt;/span&gt;&lt;/div&gt;
20 20 <tbody>
21 21 {foreach item=oDoc from=$documents}
22 22 <tr>
23   - <td>{$oDoc->getName()}<input type="hidden" name="selected_docs[]" value="{$oDoc->getId()}" /></td>
  23 + <td>{$oDoc->getName()|sanitize}<input type="hidden" name="selected_docs[]" value="{$oDoc->getId()}" /></td>
24 24 <td class="descriptiveText">{$oDoc->getDisplayPath()}</td>
25 25 </tr>
26 26 {/foreach}
... ...
templates/ktcore/document/admin/deletedlist.smarty
  View file @03c98e9
... ... @@ -7,7 +7,7 @@
7 7  
8 8 <h2>{i18n}Deleted Documents{/i18n}</h2>
9 9  
10   -<p class="descriptiveText">{i18n}Documents which are deleted by users are hidden from view
  10 +<p class="descriptiveText">{i18n}Documents which are deleted by users are hidden from view
11 11 but still available for restoration. Since "soft deletes" consume system resources, it
12 12 is possible to <strong>expunge</strong> these documents. Alternatively, you
13 13 can <strong>restore</strong> them as necessary.{/i18n}</p>
... ... @@ -30,12 +30,12 @@ can &lt;strong&gt;restore&lt;/strong&gt; them as necessary.{/i18n}&lt;/p&gt;
30 30 <th>{i18n}Last Modification{/i18n}</th>
31 31 <th>{i18n}Deletion Comment{/i18n}</th>
32 32 </tr>
33   - </thead>
  33 + </thead>
34 34 <tbody id="output">
35 35 {foreach item=oDoc from=$documents}
36 36 <tr>
37 37 <td><input type="checkbox" name="selected_docs[]" value="{$oDoc->getId()}"/></td>
38   - <td>{$oDoc->getName()}</td>
  38 + <td>{$oDoc->getName()|sanitize}</td>
39 39 {* <td>{getCrumbStringForDocument document=$oDoc}</td> *}
40 40 <td>{$oDoc->getLastModifiedDate()}</td>
41 41 <td>{$oDoc->getLastDeletionComment()}</td>
... ...
templates/ktcore/document/admin/expungeconfirmlist.smarty
  View file @03c98e9
... ... @@ -20,7 +20,7 @@ confirm that you want to delete these documents.{/i18n}&lt;/span&gt;&lt;/div&gt;
20 20 <tbody>
21 21 {foreach item=oDoc from=$documents}
22 22 <tr>
23   - <td>{$oDoc->getName()}<input type="hidden" name="selected_docs[]" value="{$oDoc->getId()}" /></td>
  23 + <td>{$oDoc->getName()|sanitize}<input type="hidden" name="selected_docs[]" value="{$oDoc->getId()}" /></td>
24 24 </tr>
25 25 {/foreach}
26 26 </tbody>
... ...
templates/ktcore/document/admin/restoreconfirmlist.smarty
  View file @03c98e9
... ... @@ -14,14 +14,14 @@ confirm that you want to restore these documents.{/i18n}&lt;/span&gt;&lt;/div&gt;
14 14 <tr>
15 15  
16 16 <th>{i18n}Document Name{/i18n}</th>
17   - <th>{i18n}Restore To{/i18n}</th>
  17 + <th>{i18n}Restore To{/i18n}</th>
18 18 </tr>
19 19 </thead>
20 20 <tbody>
21 21 {foreach item=oDoc from=$documents}
22 22 <tr>
23   - <td>{$oDoc->getName()}<input type="hidden" name="selected_docs[]" value="{$oDoc->getId()}" /></td>
24   - <td>{$context->getRestoreLocationFor($oDoc)}</td>
  23 + <td>{$oDoc->getName()|sanitize}<input type="hidden" name="selected_docs[]" value="{$oDoc->getId()}" /></td>
  24 + <td>{$context->getRestoreLocationFor($oDoc)}</td>
25 25 </tr>
26 26 {/foreach}
27 27 </tbody>
... ...
templates/ktcore/document/compare.smarty
  View file @03c98e9
1   -<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Version Comparison{/i18n}:<br />{$context->oDocument->getName()}</h2>
  1 +<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Version Comparison{/i18n}:<br />{$context->oDocument->getName()|sanitize}</h2>
2 2  
3 3 {capture assign=from}
4 4 <strong>{$document->getMajorVersionNumber()}.{$document->getMinorVersionNumber()}</strong> ({$document->getMetadataVersion()})
... ... @@ -24,7 +24,7 @@ note{/i18n}:&lt;/strong&gt; {i18n arg_version=$to arg_appname=&quot;$appname&quot;}the informati
24 24 #version# comes from an older version of #appname# and may be
25 25 incorrect.{/i18n}
26 26 {/if}
27   -
  27 +
28 28 {foreach item=oFieldset from=$fieldsets}
29 29 {$oFieldset->renderComparison($document_data, $comparison_data)}
30 30 {/foreach}
... ...
templates/ktcore/document/document_permissions.smarty
  View file @03c98e9
1   -<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Document permissions{/i18n}:<br />{$context->oDocument->getName()}</h2>
  1 +<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Document permissions{/i18n}:<br />{$context->oDocument->getName()|sanitize}</h2>
2 2  
3 3 <p class="descriptiveText">{i18n}This page shows the permissions that apply to
4 4 this specific document. Where the folder view shows you information by role and group,
... ...
templates/ktcore/document/metadata_history.smarty
  View file @03c98e9
1   -<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Document Version History{/i18n}:<br />{$document->getName()}</h2>
  1 +<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Document Version History{/i18n}:<br />{$document->getName()|sanitize}</h2>
2 2  
3 3 <p class="descriptiveText">{i18n}This page lists versions of document metadata and allows you to compare a metadata version with the current metadata content.{/i18n}</p>
4 4  
... ... @@ -27,9 +27,9 @@
27 27 {if ($document->getMetadataVersion() == $oVersion->getMetadataVersion())}
28 28 <strong>{i18n}current version{/i18n}</strong>
29 29 {else}
30   - <a href="{addQS}action=viewComparison&fDocumentId={$document->getId()}&fBaseVersion={$oVersion->getMetadataVersionId()}&fComparisonVersion={$oVersion->getCurrentMetadataVersionId()}{/addQS}">{i18n}compare with current{/i18n}</a></td>
  30 + <a href="{addQS}action=viewComparison&fDocumentId={$document->getId()}&fBaseVersion={$oVersion->getMetadataVersionId()}&fComparisonVersion={$oVersion->getCurrentMetadataVersionId()}{/addQS}">{i18n}compare with current{/i18n}</a></td>
31 31 {/if}
32   - </td>
  32 + </td>
33 33 <td>
34 34 {if (count($versions) == 1)}
35 35 &mdash;
... ... @@ -41,5 +41,5 @@
41 41 </tr>
42 42 {/foreach}
43 43 </tbody>
44   -
  44 +
45 45 </table>
... ...
templates/ktcore/document/ownershipchangeaction.smarty
  View file @03c98e9
1   -<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Change Ownership{/i18n}:<br />{$context->oDocument->getName()}</h2>
  1 +<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Change Ownership{/i18n}:<br />{$context->oDocument->getName()|sanitize}</h2>
2 2  
3 3 {$form->render()}
... ...
templates/ktcore/document/resolved_permissions_user.smarty
  View file @03c98e9
1   -<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Resolved permissions per user{/i18n}:<br />{$context->oDocument->getName()}</h2>
  1 +<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Resolved permissions per user{/i18n}:<br />{$context->oDocument->getName()|sanitize}</h2>
2 2  
3 3 <p class="descriptiveText">{i18n}This page shows the permissions that
4 4 individual users have on this document. Only the users which have permissions
5   -assigned are shown.{/i18n}</p>
  5 +assigned are shown.{/i18n}</p>
6 6  
7 7 <p class="descriptiveText">{i18n}Users may have permissions on this
8 8 document due to membership of a group, or fulfilling a specific role on
9   -this document.{/i18n}</p>
  9 +this document.{/i18n}</p>
10 10  
11 11 {if (empty($users)) }
12 12 <div class="ktInfoMessage"><span>{i18n}No users have permissions on this item.{/i18n}</span></div>
... ...
templates/ktcore/document/transaction_history.smarty
  View file @03c98e9
1   -<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Document Transaction History{/i18n}:<br />{$document->getName()}</h2>
  1 +<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Document Transaction History{/i18n}:<br />{$document->getName()|sanitize}</h2>
2 2  
3 3 <p class="descriptiveText">{i18n}This page provides details of all activities that have been carried out on the document.{/i18n}</p>
4 4  
... ... @@ -20,10 +20,10 @@
20 20 <td class="username">{$aTransactionRow.user_name}</td>
21 21 <td class="action">{i18n}{$aTransactionRow.transaction_name}{/i18n}</td>
22 22 <td class="date">{$aTransactionRow.datetime}</td>
23   - <td class="contentversion">{$aTransactionRow.version}</td>
24   - <td class="comment">{$aTransactionRow.comment}</td>
  23 + <td class="contentversion">{$aTransactionRow.version}</td>
  24 + <td class="comment">{$aTransactionRow.comment|sanitize}</td>
25 25 </tr>
26 26 {/foreach}
27 27 </tbody>
28   -
  28 +
29 29 </table>
... ...
templates/ktcore/document/view.smarty
  View file @03c98e9
1   -<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Document Details{/i18n}:<br />{$context->oDocument->getName()}</h2>
  1 +<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Document Details{/i18n}:<br />{$context->oDocument->getName()|sanitize}</h2>
2 2  
3 3 {if ($document->getIsCheckedOut() == 1)}
4 4 {capture assign=checkout_user}<strong>{$sCheckoutUser}</strong>{/capture}
... ... @@ -9,18 +9,18 @@
9 9 {else}
10 10 {if ($canCheckin)}
11 11 <div class="ktInfoMessage">
12   -<span>{i18n arg_checkoutuser=$checkout_user}This document is currently checked out by #checkoutuser#, but you
  12 +<span>{i18n arg_checkoutuser=$checkout_user}This document is currently checked out by #checkoutuser#, but you
13 13 have sufficient priviledges to cancel their checkout.{/i18n}</span>
14 14 </div>
15 15 {else}
16 16 <div class="ktInfoMessage">
17   - <span>{i18n arg_checkoutuser=$checkout_user arg_appname="$appname"}This document is currently checked out by #checkoutuser#. You cannot make
  17 + <span>{i18n arg_checkoutuser=$checkout_user arg_appname="$appname"}This document is currently checked out by #checkoutuser#. You cannot make
18 18 changes until that user checks it in. If you have urgent modifications to make, please
19 19 contact your #appname# Administrator.{/i18n}</span>
20 20 </div>
21 21 {/if}
22 22 {/if}
23   -{/if}
  23 +{/if}
24 24  
25 25 {if ($document->getImmutable() == true)}
26 26 <div class="ktInfoMessage">
... ...
templates/ktcore/folder/bulkImport.smarty
  View file @03c98e9
... ... @@ -12,9 +12,9 @@
12 12 {capture assign=sJavascript}
13 13 {literal}
14 14 function swapInItem(elementId, req) {
15   -
  15 +
16 16 var cp = getElement(elementId);
17   -
  17 +
18 18 cp.innerHTML = req.responseText;
19 19 initialiseConditionalFieldsets();
20 20 }
... ... @@ -28,8 +28,8 @@ function swapElementFromRequest(elementId, url) {
28 28 var cp = getElement(elementId);
29 29 cp.innerHTML=_("loading...");
30 30 deff.addCallback(partial(swapInItem, elementId));
31   -
32   -
  31 +
  32 +
33 33 }
34 34  
35 35 function getMetadataForType(id) {
... ... @@ -54,7 +54,7 @@ addLoadEvent(startupMetadata);
54 54 {/capture}
55 55 {$context->oPage->requireJSStandalone($sJavascript)}
56 56  
57   -<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Import files into{/i18n}:<br />{$context->oFolder->getName()}</h2>
  57 +<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Import files into{/i18n}:<br />{$context->oFolder->getName()|sanitize}</h2>
58 58  
59 59 <form method="POST" action="{$smarty.server.PHP_SELF}" enctype="multipart/form-data">
60 60 <fieldset><legend>{i18n}Import from Server Location{/i18n}</legend>
... ...
templates/ktcore/folder/bulkUpload.smarty
  View file @03c98e9
... ... @@ -12,9 +12,9 @@
12 12 {capture assign=sJavascript}
13 13 {literal}
14 14 function swapInItem(elementId, req) {
15   -
  15 +
16 16 var cp = getElement(elementId);
17   -
  17 +
18 18 cp.innerHTML = req.responseText;
19 19 initialiseConditionalFieldsets();
20 20 }
... ... @@ -28,8 +28,8 @@ function swapElementFromRequest(elementId, url) {
28 28 var cp = getElement(elementId);
29 29 cp.innerHTML=_("loading...");
30 30 deff.addCallback(partial(swapInItem, elementId));
31   -
32   -
  31 +
  32 +
33 33 }
34 34  
35 35 function getMetadataForType(id) {
... ... @@ -54,7 +54,7 @@ addLoadEvent(startupMetadata);
54 54 {/capture}
55 55 {$context->oPage->requireJSStandalone($sJavascript)}
56 56  
57   -<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Upload files into{/i18n}:<br />{$context->oFolder->getName()}</h2>
  57 +<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Upload files into{/i18n}:<br />{$context->oFolder->getName()|sanitize}</h2>
58 58  
59 59 <form method="POST" action="{$smarty.server.PHP_SELF|addQueryString:"postExpected=1&fFolderId="}{$context->oFolder->getId()}" enctype="multipart/form-data">
60 60 <fieldset><legend>{i18n}Bulk upload{/i18n}</legend>
... ...
templates/ktcore/folder/permissions.smarty
  View file @03c98e9
1   -<h2>{i18n arg_foldername=$foldername}Folder permissions for "#foldername#"{/i18n}</h2>
  1 +<h2>Folder permissions for "{$foldername|sanitize}"</h2>
2 2  
3 3  
4 4  
... ... @@ -31,9 +31,9 @@
31 31  
32 32 <form action="{$smarty.server.PHP_SELF}" method="POST">
33 33 <div class="field">
34   -
  34 +
35 35 <p class="descriptiveText">{i18n}Select roles and groups for whom you wish to change permission assignment from the box on the left, and move them over to the box on the right using the button with right-pointing arrows. You can then allocate or remove permissions from these entities and save by pressing the 'Update Permission Assignments' button'.{/i18n}</p>
36   -
  36 +
37 37 <table>
38 38  
39 39 <thead>
... ... @@ -55,11 +55,11 @@
55 55 </td>
56 56  
57 57 <td>
58   -
  58 +
59 59 <input type="button" id="entities_add" value="&raquo;" />
60 60 <br /><br/>
61 61 <input type="button" id="entities_remove" value="&laquo;" />
62   -
  62 +
63 63 </td>
64 64  
65 65 <td style="vertical-align: top">
... ... @@ -74,7 +74,7 @@
74 74  
75 75 <input name="entities_items_added" id="entities_items_added" type="hidden" />
76 76 <input name="entities_items_removed" id="entities_items_removed" type="hidden" />
77   -
  77 +
78 78 <input type="hidden" name="kt_core_fieldsets_expect[entities]" value ="1" />
79 79 </div>
80 80  
... ...
templates/ktcore/folder/rename.smarty
  View file @03c98e9
1   -<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Rename Folder{/i18n}:<br />{$folderName}</h2>
  1 +<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Rename Folder{/i18n}:<br />{$folderName|sanitize}</h2>
2 2  
3 3 </h2><p class="descriptiveText">{i18n}This page allows you to rename a
4 4 folder.{/i18n}</p>
... ...
templates/ktcore/folder/resolved_permissions_user.smarty
  View file @03c98e9
1   -<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Resolved permissions per user{/i18n}: {$context->oFolder->getName()}</h2>
  1 +<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Resolved permissions per user{/i18n}: {$context->oFolder->getName()|sanitize}</h2>
2 2  
3 3 <p class="descriptiveText">{i18n}This page shows the permissions that
4 4 individual users have on this folder. Only the users which have permissions
5   -assigned are shown.{/i18n}</p>
  5 +assigned are shown.{/i18n}</p>
6 6  
7 7 <p class="descriptiveText">{i18n}Users may have permissions on this
8 8 folder due to membership of a group, or fulfilling a specific role on
9   -this folder.{/i18n}</p>
  9 +this folder.{/i18n}</p>
10 10  
11 11 {if (empty($users)) }
12 12 <div class="ktInfoMessage"><span>{i18n}No users have permissions on this item.{/i18n}</span></div>
13 13 {else}
14 14  
15 15 {if $edit}
16   -{i18n}Manage security{/i18n}: <a href="{addQS}action=edit&fFolderId={$oFolder->getId()}{/addQS}">{i18n}Edit permissions{/i18n}</a>
17   -| <a href="{addQS}fFolderId={$oFolder->getId()}{/addQS}">{i18n}View permissions overview{/i18n}</a>
  16 +{i18n}Manage security{/i18n}: <a href="{addQS}action=edit&fFolderId={$oFolder->getId()}{/addQS}">{i18n}Edit permissions{/i18n}</a>
  17 +| <a href="{addQS}fFolderId={$oFolder->getId()}{/addQS}">{i18n}View permissions overview{/i18n}</a>
18 18 {else}
19   -{i18n}Manage security{/i18n}: <a href="{addQS}fFolderId={$oFolder->getId()}{/addQS}">{i18n}View permissions overview{/i18n}</a>
  19 +{i18n}Manage security{/i18n}: <a href="{addQS}fFolderId={$oFolder->getId()}{/addQS}">{i18n}View permissions overview{/i18n}</a>
20 20 {/if}
21 21  
22 22 <table class="kt_collection narrow" cellspacing="0" cellpadding="0" border="0">
... ...
templates/ktcore/folder/roles.smarty
  View file @03c98e9
1   -<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Allocate Roles for{/i18n}:<br />{$folderName}</h2>
  1 +<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Allocate Roles for{/i18n}:<br />{$folderName|sanitize}</h2>
2 2  
3 3 <p class="descriptiveText">{i18n}
4 4 In many cases, workflow actions will be assigned to certain <strong>roles</strong>
... ... @@ -14,7 +14,7 @@ role allocations may take a some time, depending on the number of folders below
14 14 <tr>
15 15 <th>{i18n}Role{/i18n}</th>
16 16 <th>{i18n}Allocated users{/i18n}</th>
17   - <th class="centered">{i18n}Edit Users{/i18n}</th>
  17 + <th class="centered">{i18n}Edit Users{/i18n}</th>
18 18 <th class="centered">{i18n}Edit Groups{/i18n}</th>
19 19 {if !$is_root}<th class="centered">{i18n}Use Parent{/i18n}</th>{/if}
20 20 </tr>
... ... @@ -29,7 +29,7 @@ role allocations may take a some time, depending on the number of folders below
29 29 <strong>{i18n}inherited from parent folder.{/i18n}</strong><br />
30 30 <span class="descriptiveText">
31 31 {/if}
32   - {if ($aRole.users != null)}<strong>{i18n}Users{/i18n}:</strong> {$aRole.users}<br />{/if}
  32 + {if ($aRole.users != null)}<strong>{i18n}Users{/i18n}:</strong> {$aRole.users}<br />{/if}
33 33 {if ($aRole.groups != null)}<strong>{i18n}Groups{/i18n}:</strong> {$aRole.groups}{/if}
34 34 {if ($aRole.allocation_id === null)}
35 35 </span class="descriptiveText">
... ... @@ -41,11 +41,11 @@ role allocations may take a some time, depending on the number of folders below
41 41 <td class="centered"><a href="{addQS}action=editRoleUsers&alloc_id={$aRole.allocation_id}&fFolderId={$context->oFolder->getId()}&role_id={$role_id}{/addQS}" class="ktAction ktEdit" title="{i18n}Edit Users{/i18n}">{i18n}Edit Users{/i18n}</a></td>
42 42 <td class="centered"><a href="{addQS}action=editRoleGroups&alloc_id={$aRole.allocation_id}&fFolderId={$context->oFolder->getId()}&role_id={$role_id}{/addQS}" class="ktAction ktEdit" title="{i18n}Edit Groups{/i18n}">{i18n}Edit Groups{/i18n}</a></td>
43 43 {if !$is_root}
44   - <td class="centered"><a href="{addQS}action=useParent&role_id={$role_id}&fFolderId={$context->oFolder->getId()}{/addQS}" class="ktAction ktDelete"
45   - kt:deleteMessage="{i18n}Are you sure you wish to remove this role allocation?{/i18n}"
  44 + <td class="centered"><a href="{addQS}action=useParent&role_id={$role_id}&fFolderId={$context->oFolder->getId()}{/addQS}" class="ktAction ktDelete"
  45 + kt:deleteMessage="{i18n}Are you sure you wish to remove this role allocation?{/i18n}"
46 46 title="{i18n}Use parent's allocation{/i18n}">{i18n}Use parent's allocation{/i18n}</a></td>
47 47 {/if}
48   - {/if}
  48 + {/if}
49 49 </tr>
50 50 {/foreach}
51 51 {else}
... ...
templates/ktcore/folder/view_permissions.smarty
  View file @03c98e9
1   -<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}View Permissions for{/i18n}:<br />{$context->oFolder->getName()}</h2>
  1 +<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}View Permissions for{/i18n}:<br />{$context->oFolder->getName()|sanitize}</h2>
2 2  
3 3 <p class="descriptiveText">{i18n}This page shows the permissions that apply to
4 4 this specific folder. Only the roles or groups which have permissions
5   -assigned are shown.{/i18n}</p>
  5 +assigned are shown.{/i18n}</p>
6 6  
7 7 {if $edit}
8   -{i18n}Manage security{/i18n}: <a href="{addQS context=$context}action=edit{/addQS}">{i18n}Edit permissions{/i18n}</a>
9   -| <a href="{addQS context=$context}action=resolved_users{/addQS}">{i18n}View resolved permissions for user{/i18n}</a>
  8 +{i18n}Manage security{/i18n}: <a href="{addQS context=$context}action=edit{/addQS}">{i18n}Edit permissions{/i18n}</a>
  9 +| <a href="{addQS context=$context}action=resolved_users{/addQS}">{i18n}View resolved permissions for user{/i18n}</a>
10 10 {else}
11   -{i18n}Manage security{/i18n}: <a href="{addQS context=$context}action=resolved_users{/addQS}">{i18n}View resolved permissions for user{/i18n}</a>
  11 +{i18n}Manage security{/i18n}: <a href="{addQS context=$context}action=resolved_users{/addQS}">{i18n}View resolved permissions for user{/i18n}</a>
12 12 {/if}
13 13  
14 14  
... ... @@ -136,7 +136,7 @@ value=&quot;{$iGroupId}&quot;&gt;&lt;/td&gt;
136 136 <td class="centered"><span class="ktAction ktInline ktAllowed">{i18n}Allowed{/i18n}</span></td>
137 137 { else }
138 138 <td class="centered"><span class="ktAction ktInline ktDenied">{i18n}Denied{/i18n}</span></td>
139   - { /if }
  139 + { /if }
140 140 {/foreach}
141 141 </tr>
142 142 {/foreach}
... ...
templates/ktcore/forms/widgets/collection.smarty
  View file @03c98e9
... ... @@ -5,7 +5,7 @@
5 5 <link rel="stylesheet" type="text/css" href="{$rootUrl}/resources/css/kt-framing.css" />
6 6 <link rel="stylesheet" type="text/css" href="{$rootUrl}/resources/css/kt-contenttypes.css" />
7 7 <link rel="stylesheet" type="text/css" href="{$rootUrl}/resources/css/kt-headings.css" />
8   -<!--[if lt IE 7]><style type="text/css" media="all">@import url({$rootUrl}/resources/css/kt-ie-icons.css);</style><![endif]-->
  8 +<!--[if lt IE 7]><style type="text/css" media="all">@import url({$rootUrl}/resources/css/kt-ie-icons.css);</style><![endif]-->
9 9  
10 10 <script type="text/javascript" src="{$rootUrl}/thirdpartyjs/MochiKit/Base.js"> </script>
11 11 <script type="text/javascript" src="{$rootUrl}/thirdpartyjs/MochiKit/Iter.js"> </script>
... ... @@ -25,7 +25,7 @@
25 25 <input type="hidden" name="{$targetname}" value="{$folder->getId()}" />
26 26  
27 27 {foreach from=$breadcrumbs item=breadcrumb name=bc}
28   -<a href="{$breadcrumb.url}">{$breadcrumb.name}</a>
  28 +<a href="{$breadcrumb.url}">{$breadcrumb.name|sanitize}</a>
29 29 {if !$smarty.foreach.bc.last}
30 30 &raquo;
31 31 {/if}
... ...
templates/ktcore/forms/widgets/fieldset.smarty
  View file @03c98e9
1 1 <fieldset>
2 2 {if $label}<legend>{$label}</legend>{/if}
3   - {if $description}<p class="descriptiveText">{$description}</p>{/if}
4   -
  3 + {if $description}<p class="descriptiveText">{$description|sanitize}</p>{/if}
  4 +
5 5 {$widgets}
6 6 </fieldset>
... ...
templates/ktcore/forms/widgets/hidden.smarty
  View file @03c98e9
1   - <input type="hidden" name="{$name}" {if $has_id}id="{$id}"{/if} {if $has_value}value="{$value}"{/if}/>
  1 + <input type="hidden" name="{$name}" {if $has_id}id="{$id}"{/if} {if $has_value}value="{$value|sanitize_input}"{/if}/>
... ...
templates/ktcore/forms/widgets/password.smarty
  View file @03c98e9
1   - <input type="password" name="{$name}{if ($context->bConfirm)}[base]{/if}" {if $has_id}id="{$id}"{/if} {if $has_value}value="{$value}"{/if}{if ($options.autocomplete === false)}autocomplete="off"{/if}/>
  1 + <input type="password" name="{$name}{if ($context->bConfirm)}[base]{/if}" {if $has_id}id="{$id}"{/if} {if $has_value}value="{$value|sanitize_input}"{/if}{if ($options.autocomplete === false)}autocomplete="off"{/if}/>
2 2  
3 3 {if ($context->bConfirm)}
4 4 <br /> <br />
5 5 <label for="{$name}">{i18n arg_label=$label}Confirm #label#{/i18n}{if ($required === true)}<span class="required">({i18n}Required{/i18n})</span>{/if}</label>
6 6 <p class="descriptiveText">{$context->sConfirmDescription}</p>
7   -
8   - <input type="password" name="{$name}[confirm]" {if $has_id}id="{$id}"{/if} {if $has_value}value="{$value}"{/if}{if ($options.autocomplete === false)}autocomplete="off"{/if}/>
  7 +
  8 + <input type="password" name="{$name}[confirm]" {if $has_id}id="{$id}"{/if} {if $has_value}value="{$value|sanitize_input}"{/if}{if ($options.autocomplete === false)}autocomplete="off"{/if}/>
9 9 {/if}
... ...
templates/ktcore/forms/widgets/string.smarty
  View file @03c98e9
1   - <input type="text" name="{$name}" {if $has_id}id="{$id}"{/if} {if $has_value}value="{$value}"{/if}{if ($options.autocomplete === false)}autocomplete="off"{/if} {if $options.width}size="{$options.width}"{/if} />
  1 + <input type="text" name="{$name}" {if $has_id}id="{$id}"{/if} {if $has_value}value="{$value|sanitize_input}"{/if}{if ($options.autocomplete === false)}autocomplete="off"{/if} {if $options.width}size="{$options.width}"{/if} />
... ...
templates/ktcore/forms/widgets/text.smarty
  View file @03c98e9
... ... @@ -2,4 +2,4 @@
2 2 {if $has_id} id="{$id}"{/if}
3 3 {if $options.rows} rows="{$options.rows}"{else} rows="7"{/if}
4 4 {if $options.cols} cols="{$options.cols}"{else} cols="45"{/if}
5   - >{if $has_value}{$value}{/if}</textarea>
  5 + >{if $has_value}{$value|sanitize_input}{/if}</textarea>
... ...
templates/ktcore/login.smarty
  View file @03c98e9
... ... @@ -3,12 +3,12 @@
3 3 <html>
4 4 <head>
5 5 <title>{i18n arg_appname="$appname"}Login | #appname#{/i18n}</title>
6   -
  6 +
7 7 <link rel="stylesheet" href="{$rootUrl}/resources/css/kt-login.css" type="text/css" />
8 8  
9 9 <link rel="icon" href="{$rootUrl}/resources/favicon.ico" type="image/x-icon">
10   - <link rel="shortcut icon" href="{$rootUrl}/resources/favicon.ico" type="image/x-icon">
11   -
  10 + <link rel="shortcut icon" href="{$rootUrl}/resources/favicon.ico" type="image/x-icon">
  11 +
12 12 <link rel="stylesheet" href="{$rootUrl}/resources/css/kt-ie-icons.css" type="text/css" />
13 13  
14 14 <script type="text/javascript" src="{$rootUrl}/thirdpartyjs/curvycorners/rounded_corners.inc.js"> </script>
... ... @@ -30,13 +30,13 @@
30 30 {if ($errorMessage == null)}
31 31 <p class="descriptiveText">{i18n}Please enter your details below to login.{/i18n}</p>
32 32 {else}
33   - <div class="ktErrorMessage"><span>{$errorMessage}</span></div>
  33 + <div class="ktErrorMessage"><span>{$errorMessage|sanitize}</span></div>
34 34 {/if}
35 35 <label for="username">{i18n}Username{/i18n}</label>
36 36 <input type="text" id="username" name="username"/>
37 37 <label for="password">{i18n}Password{/i18n}</label>
38 38 <input type="password" id="password" name="password"/>
39   -
  39 +
40 40 <label for="language">{i18n}Language{/i18n}</label>
41 41 <select id="language" name="language">
42 42 {foreach from=$languages key=sLang item=sLanguageName}
... ... @@ -55,7 +55,7 @@
55 55 {/if}
56 56 <p class="descriptiveText version">
57 57 {i18n arg_appname="$appname"}#appname# Version{/i18n}<br />{$versionName}<br/>
58   - {i18n}&copy; 2007 <a href="http://www.knowledgetree.com/">The Jam Warehouse Software (Pty) Ltd.</a> All Rights Reserved{/i18n}
  58 + {i18n}&copy; 2007 <a href="http://www.knowledgetree.com/">The Jam Warehouse Software (Pty) Ltd.</a> All Rights Reserved{/i18n}
59 59 </p>
60 60 <div id="bottomspacer"></div>
61 61 <div class="floatClear"></div>
... ...
templates/ktcore/workflow/documentWorkflow.smarty
  View file @03c98e9
1   -<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Workflow for{/i18n}:<br />{$oDocument->getName()}</h2>
  1 +<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Workflow for{/i18n}:<br />{$oDocument->getName()|sanitize}</h2>
2 2  
3 3 <p class="descriptiveText">
4 4 {i18n}Workflow is a description of a document's lifecycle. It is made up of
... ...
templates/ktstandard/action/discussion.smarty
  View file @03c98e9
1   -<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Discussion{/i18n}:<br />{$context->oDocument->getName()}</h2>
  1 +<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Discussion{/i18n}:<br />{$context->oDocument->getName()|sanitize}</h2>
2 2  
3 3 {if $threads}
4 4 <h3>{i18n}Existing threads{/i18n}</h3>
... ... @@ -20,7 +20,7 @@
20 20 </tbody>
21 21 </table>
22 22 {else}
23   - <p class="descriptiveText"> {if ($closed_threads != 0)}
  23 + <p class="descriptiveText"> {if ($closed_threads != 0)}
24 24 {i18n arg_closed=$closed_threads}There are #closed# closed threads - use the "View All" option below to view them.{/i18n}
25 25 {else}
26 26 {i18n}There are no open threads for this document.{/i18n}
... ...
templates/ktstandard/action/discussion_comment_list_item.smarty
  View file @03c98e9
... ... @@ -5,16 +5,16 @@
5 5 {else}
6 6 <dl class="kt-discussion-comment odd-comment">
7 7 {/if}
8   -
9   - <dt>{i18n arg_subject=$comment->getSubject() arg_author=$creator->getName() arg_date=$comment->getDate()}
10   - <span class="subject">#subject#</span>
  8 +
  9 + <dt>
  10 + <span class="subject">{$comment->getSubject()|sanitize_input}</span>
11 11 by
12   - <span class="author">#author#</span>
13   - <span class="date">(#date#)</span>
14   - {/i18n}
  12 + <span class="author">{$creator->getName()}</span>
  13 + <span class="date">({$comment->getDate()})</span>
  14 +
15 15 </dt>
16   -
17   - <dd>{$comment->getBody()}</dd>
  16 +
  17 + <dd>{$comment->getBody()|sanitize_input}</dd>
18 18  
19 19 </dl>
20 20  
... ...
templates/ktstandard/action/discussion_thread_list_item.smarty
  View file @03c98e9
1 1 <tr>
2   - <td><a href="{addQS}action=viewThread&fDocumentId={$context->oDocument->getId()}&fThreadId={$thread->getId()}{/addQS}">{$first_comment->getSubject()}</a></td>
  2 + <td><a href="{addQS}action=viewThread&fDocumentId={$context->oDocument->getId()}&fThreadId={$thread->getId()}{/addQS}">{$first_comment->getSubject()|sanitize}</a></td>
3 3 <td>{$creator->getName()}</td>
4 4 <td>{$thread->getNumberOfViews()}</td>
5 5 <td>{$thread->getNumberOfReplies()}</td>
... ...
templates/ktstandard/action/document_links.smarty
  View file @03c98e9
1   -<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Document Links{/i18n}:<br />{$context->oDocument->getName()}</h2>
  1 +<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Document Links{/i18n}:<br />{$context->oDocument->getName()|sanitize}</h2>
2 2  
3 3 <p class="descriptiveText">{i18n}The current links to and from this document are displayed below.{/i18n}</p>
4 4  
... ... @@ -12,15 +12,15 @@
12 12 <th>{i18n}Relationship{/i18n}</th>
13 13 </tr>
14 14 </thead>
15   -
  15 +
16 16 <tbody>
17 17  
18 18  
19 19  
20 20  
21 21  
22   -{if $links_from || $links_to}
23   -
  22 +{if $links_from || $links_to}
  23 +
24 24 {foreach from=$links_from item=link}
25 25  
26 26 {assign var="type" value=$link->getLinkType()}
... ... @@ -35,12 +35,12 @@
35 35 {/if}
36 36 </td>
37 37  
38   - <td><a href="{"viewDocument"|generateControllerUrl}&qs[fDocumentId]={$target->getId()}&qs[action]=main">{$target->getName()}</a></td>
  38 + <td><a href="{"viewDocument"|generateControllerUrl}&qs[fDocumentId]={$target->getId()}&qs[action]=main">{$target->getName()|sanitize}</a></td>
39 39 <td>{$type->getName()}</td>
40 40 <td>{i18n}Linked <b>from</b> this document{/i18n}</td>
41 41 </tr>
42   -
43   -{/foreach}
  42 +
  43 +{/foreach}
44 44  
45 45 {foreach from=$links_to item=link}
46 46  
... ... @@ -55,13 +55,13 @@
55 55 &nbsp;
56 56 {/if}
57 57 </td>
58   -
59   - <td><a href="{"viewDocument"|generateControllerUrl}&qs[fDocumentId]={$target->getId()}&qs[action]=main">{$target->getName()}</a></td>
  58 +
  59 + <td><a href="{"viewDocument"|generateControllerUrl}&qs[fDocumentId]={$target->getId()}&qs[action]=main">{$target->getName()|sanitize}</a></td>
60 60 <td>{$type->getName()}</td>
61 61 <td>{i18n}Links <b>to</b> this document{/i18n}</td>
62 62 </tr>
63   -
64   -{/foreach}
  63 +
  64 +{/foreach}
65 65  
66 66  
67 67 {else}
... ...
templates/ktstandard/links/links_viewlet.smarty
  View file @03c98e9
... ... @@ -3,7 +3,7 @@
3 3 <h3>{i18n}Links from this document{/i18n}</h3>
4 4 <ul>
5 5 {foreach from=$links_from item=info}
6   - <li class="descriptiveText">{i18n}from{/i18n} <a href="{$info.url}" title="{$info.description}">{$info.name}</a> ({$info.type})</li>
  6 + <li class="descriptiveText">{i18n}from{/i18n} <a href="{$info.url}" title="{$info.description}">{$info.name|sanitize}</a> ({$info.type})</li>
7 7 {/foreach}
8 8 </ul>
9 9 {/if}
... ... @@ -12,9 +12,9 @@
12 12 <h3>{i18n}Links to this document{/i18n}</h3>
13 13 <ul>
14 14 {foreach from=$links_to item=info}
15   - <li class="descriptiveText">{i18n}to{/i18n} <a href="{$info.url}" title="{$info.description}">{$info.name}</a> ({$info.type})</li>
  15 + <li class="descriptiveText">{i18n}to{/i18n} <a href="{$info.url}" title="{$info.description}">{$info.name|sanitize}</a> ({$info.type})</li>
16 16 {/foreach}
17 17 </ul>
18 18 {/if}
19   -
  19 +
20 20 </div>
... ...
thirdparty/Smarty/plugins/modifier.sanitize.php 0 → 100644
  View file @03c98e9
  1 +<?php
  2 +
  3 +function smarty_modifier_sanitize($string, $esc_type = 'html', $charset='UTF-8')
  4 +{
  5 + // based on escape, but with charset
  6 + switch ($esc_type) {
  7 + case 'html':
  8 + return htmlspecialchars($string, ENT_QUOTES,$charset);
  9 +
  10 + case 'htmlall':
  11 + return htmlentities($string, ENT_QUOTES,$charset);
  12 +
  13 + case 'url':
  14 + return rawurlencode($string);
  15 +
  16 + case 'quotes':
  17 + // escape unescaped single quotes
  18 + return preg_replace("%(?<!\\\\)'%", "\\'", $string);
  19 +
  20 + case 'hex':
  21 + // escape every character into hex
  22 + $return = '';
  23 + for ($x=0; $x < strlen($string); $x++) {
  24 + $return .= '%' . bin2hex($string[$x]);
  25 + }
  26 + return $return;
  27 +
  28 + case 'hexentity':
  29 + $return = '';
  30 + for ($x=0; $x < strlen($string); $x++) {
  31 + $return .= '&#x' . bin2hex($string[$x]) . ';';
  32 + }
  33 + return $return;
  34 +
  35 + case 'decentity':
  36 + $return = '';
  37 + for ($x=0; $x < strlen($string); $x++) {
  38 + $return .= '&#' . ord($string[$x]) . ';';
  39 + }
  40 + return $return;
  41 +
  42 + case 'javascript':
  43 + // escape quotes and backslashes, newlines, etc.
  44 + return strtr($string, array('\\'=>'\\\\',"'"=>"\\'",'"'=>'\\"',"\r"=>'\\r',"\n"=>'\\n','</'=>'<\/'));
  45 +
  46 + case 'mail':
  47 + // safe way to display e-mail address on a web page
  48 + return str_replace(array('@', '.'),array(' [AT] ', ' [DOT] '), $string);
  49 +
  50 + case 'nonstd':
  51 + // escape non-standard chars, such as ms document quotes
  52 + $_res = '';
  53 + for($_i = 0, $_len = strlen($string); $_i < $_len; $_i++) {
  54 + $_ord = ord($string{$_i});
  55 + // non-standard char, escape it
  56 + if($_ord >= 126){
  57 + $_res .= '&#' . $_ord . ';';
  58 + }
  59 + else {
  60 + $_res .= $string{$_i};
  61 + }
  62 + }
  63 + return $_res;
  64 +
  65 + default:
  66 + return $string;
  67 + }
  68 +}
  69 +
  70 +
  71 +?>
... ...
thirdparty/Smarty/plugins/modifier.sanitize_input.php 0 → 100644
  View file @03c98e9
  1 +<?php
  2 +
  3 +function smarty_modifier_sanitize_input($string, $esc_type = 'html', $charset='UTF-8')
  4 +{
  5 + $string = mb_ereg_replace("'","&#039;", $string);
  6 + $string = mb_ereg_replace('"',"&quot;", $string);
  7 + $string = mb_ereg_replace('<',"&lt;", $string);
  8 + $string = mb_ereg_replace('>',"&gt;", $string);
  9 + return $string;
  10 +}
  11 +
  12 +
  13 +?>
... ...