From 03c98e980f0dc14fa4bbdd7eb2991c8a0fa0502e Mon Sep 17 00:00:00 2001 From: kevin_fourie Date: Mon, 16 Jul 2007 12:54:51 +0000 Subject: [PATCH] Merged in from DEV trunk... --- lib/browse/BrowseColumns.inc.php | 188 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++---------------------------------------------------------------------------------------------- lib/browse/Criteria.inc | 156 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++------------------------------------------------------------------------------ lib/browse/DocumentCollection.inc.php | 368 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- lib/documentmanagement/Document.inc | 138 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++--------------------------------------------------------------------- lib/foldermanagement/Folder.inc | 103 ++++++++++++++++++++++++++++++++++++++++++++++++++++++------------------------------------------------- lib/widgets/forms.inc.php | 244 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-------------------------------------------------------------------------------------------------------------------------- plugins/browseabledashlet/templates/browseabledashlet/dashlet.smarty | 2 +- plugins/ktcore/KTColumns.inc.php | 214 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++----------------------------------------------------------------------------------------------------------- plugins/ktcore/KTDocumentActions.php | 336 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++------------------------------------------------------------------------------------------------------------------------------------------------------------------------ plugins/ktcore/KTPermissions.php | 283 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++--------------------------------------------------------------------------------------------------------------------------------------------- plugins/ktstandard/KTDocumentLinksColumns.php | 10 +++++----- plugins/rssplugin/KTrss.inc.php | 166 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++----------------------------------------------------------------------------------- plugins/rssplugin/templates/RSSPlugin/dashlet.smarty | 8 ++++---- plugins/rssplugin/templates/RSSPlugin/rssdocumentaction.smarty | 2 +- plugins/rssplugin/templates/RSSPlugin/rssfolderaction.smarty | 2 +- templates/kt3/fieldsets/generic.smarty | 6 +++--- templates/kt3/fieldsets/generic_versioned.smarty | 30 +++++++++++++++--------------- templates/kt3/fieldsets/simple.smarty | 6 +++--- templates/kt3/fieldsets/simple_versioned.smarty | 8 ++++---- templates/kt3/minimal_page.smarty | 18 +++++++++--------- templates/kt3/standard_page.smarty | 36 ++++++++++++++++++------------------ templates/kt3/view_folder_history.smarty | 4 ++-- templates/ktcore/action/addFolder.smarty | 2 +- templates/ktcore/action/archive.smarty | 2 +- templates/ktcore/action/assistance.smarty | 2 +- templates/ktcore/action/cancel_checkout.smarty | 2 +- templates/ktcore/action/checkin.smarty | 2 +- templates/ktcore/action/checkout.smarty | 2 +- templates/ktcore/action/checkout_final.smarty | 2 +- templates/ktcore/action/view_roles.smarty | 4 ++-- templates/ktcore/assist/assist_notification_details.smarty | 4 ++-- templates/ktcore/bulk_action_complete.smarty | 10 +++++----- templates/ktcore/bulk_action_listing.smarty | 12 ++++++------ templates/ktcore/dashlets/checkedout.smarty | 2 +- templates/ktcore/document/admin/dearchiveconfirmlist.smarty | 2 +- templates/ktcore/document/admin/deletedlist.smarty | 6 +++--- templates/ktcore/document/admin/expungeconfirmlist.smarty | 2 +- templates/ktcore/document/admin/restoreconfirmlist.smarty | 6 +++--- templates/ktcore/document/compare.smarty | 4 ++-- templates/ktcore/document/document_permissions.smarty | 2 +- templates/ktcore/document/metadata_history.smarty | 8 ++++---- templates/ktcore/document/ownershipchangeaction.smarty | 2 +- templates/ktcore/document/resolved_permissions_user.smarty | 6 +++--- templates/ktcore/document/transaction_history.smarty | 8 ++++---- templates/ktcore/document/view.smarty | 8 ++++---- templates/ktcore/folder/bulkImport.smarty | 10 +++++----- templates/ktcore/folder/bulkUpload.smarty | 10 +++++----- templates/ktcore/folder/permissions.smarty | 12 ++++++------ templates/ktcore/folder/rename.smarty | 2 +- templates/ktcore/folder/resolved_permissions_user.smarty | 12 ++++++------ templates/ktcore/folder/roles.smarty | 12 ++++++------ templates/ktcore/folder/view_permissions.smarty | 12 ++++++------ templates/ktcore/forms/widgets/collection.smarty | 4 ++-- templates/ktcore/forms/widgets/fieldset.smarty | 4 ++-- templates/ktcore/forms/widgets/hidden.smarty | 2 +- templates/ktcore/forms/widgets/password.smarty | 6 +++--- templates/ktcore/forms/widgets/string.smarty | 2 +- templates/ktcore/forms/widgets/text.smarty | 2 +- templates/ktcore/login.smarty | 12 ++++++------ templates/ktcore/workflow/documentWorkflow.smarty | 2 +- templates/ktstandard/action/discussion.smarty | 4 ++-- templates/ktstandard/action/discussion_comment_list_item.smarty | 16 ++++++++-------- templates/ktstandard/action/discussion_thread_list_item.smarty | 2 +- templates/ktstandard/action/document_links.smarty | 22 +++++++++++----------- templates/ktstandard/links/links_viewlet.smarty | 6 +++--- thirdparty/Smarty/plugins/modifier.sanitize.php | 71 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ thirdparty/Smarty/plugins/modifier.sanitize_input.php | 13 +++++++++++++ 67 files changed, 1378 insertions(+), 1288 deletions(-) create mode 100644 thirdparty/Smarty/plugins/modifier.sanitize.php create mode 100644 thirdparty/Smarty/plugins/modifier.sanitize_input.php diff --git a/lib/browse/BrowseColumns.inc.php b/lib/browse/BrowseColumns.inc.php index cc7ee11..ed92bcf 100644 --- a/lib/browse/BrowseColumns.inc.php +++ b/lib/browse/BrowseColumns.inc.php @@ -6,7 +6,7 @@ * License Version 1.1.2 ("License"); You may not use this file except in * compliance with the License. You may obtain a copy of the License at * http://www.knowledgetree.com/KPL - * + * * Software distributed under the License is distributed on an "AS IS" * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. * See the License for the specific language governing rights and @@ -17,9 +17,9 @@ * (ii) the KnowledgeTree copyright notice * in the same form as they appear in the distribution. See the License for * requirements. - * + * * The Original Code is: KnowledgeTree Open Source - * + * * The Initial Developer of the Original Code is The Jam Warehouse Software * (Pty) Ltd, trading as KnowledgeTree. * Portions created by The Jam Warehouse Software (Pty) Ltd are Copyright @@ -30,17 +30,17 @@ */ /** BrowserColumns - * + * * Presentation and render logic for the different columns. Each has two * major methods: * * function renderHeader($sReturnURL) * function renderData($aDataRow) - * + * * renderHeader returns the _content_ of the header row. * renderData returns the _content_ of the body row. */ - + require_once(KT_LIB_DIR . '/database/dbutil.inc'); require_once(KT_LIB_DIR . '/users/User.inc'); @@ -53,36 +53,36 @@ class BrowseColumn { var $sort_on = false; var $sort_direction = 'asc'; var $name = '-'; - - function BrowseColumn($sLabel, $sName) { - $this->label = $sLabel; - $this->name = $sName; + + function BrowseColumn($sLabel, $sName) { + $this->label = $sLabel; + $this->name = $sName; } // FIXME is it _really_ worth using a template here? - function renderHeader($sReturnURL) { - $text = _kt('Abstract') . ': ' . $this->label; + function renderHeader($sReturnURL) { + $text = _kt('Abstract') . ': ' . $this->label; $href = $sReturnURL . '&sort_on=' . $this->name . '&sort_order='; if ($this->sort_on) { $href .= $this->sort_direction == 'asc' ? 'desc' : 'asc' ; } else { $href .= $this->sort_direction = 'asc'; } - - return ''.$text.''; + + return ''.$text.''; } - - function renderData($aDataRow) { + + function renderData($aDataRow) { if ($aDataRow['type'] == 'folder') { - return $this->name . ': '. print_r($aDataRow['folder']->getName(), true); + return $this->name . ': '. print_r($aDataRow['folder']->getName(), true); } else { - return $this->name . ': '. print_r($aDataRow['document']->getName(), true); + return $this->name . ': '. print_r($aDataRow['document']->getName(), true); } } function setSortedOn($bIsSortedOn) { $this->sort_on = $bIsSortedOn; } function getSortedOn() { return $this->sort_on; } function setSortDirection($sSortDirection) { $this->sort_direction = $sSortDirection; } function getSortDirection() { return $this->sort_direction; } - + function addToFolderQuery() { return array(null, null, null); } function addToDocumentQuery() { return array(null, null, null); } } @@ -95,7 +95,7 @@ class TitleColumn extends BrowseColumn { $this->aOptions = $aOptions; } // unlike others, this DOESN'T give its name. - function renderHeader($sReturnURL) { + function renderHeader($sReturnURL) { $text = _kt('Title'); $href = $sReturnURL . '&sort_on=' . $this->name . '&sort_order='; if ($this->sort_on) { @@ -103,9 +103,9 @@ class TitleColumn extends BrowseColumn { } else { $href .= $this->sort_direction = 'asc'; } - + return ''.$text.''; - + } function renderFolderLink($aDataRow) { @@ -116,7 +116,7 @@ class TitleColumn extends BrowseColumn { } function renderDocumentLink($aDataRow) { - $outStr = ''; + $outStr = ''; $outStr .= htmlentities($aDataRow['document']->getName(), ENT_NOQUOTES, 'UTF-8'); $outStr .= ''; return $outStr; @@ -133,14 +133,14 @@ class TitleColumn extends BrowseColumn { return KTBrowseUtil::getUrlForFolder($aDataRow['folder']); } } - + // use inline, since its just too heavy to even _think_ about using smarty. - function renderData($aDataRow) { + function renderData($aDataRow) { $outStr = ''; if ($aDataRow['type'] == 'folder') { $outStr .= ''; $outStr .= $this->renderFolderLink($aDataRow); - $outStr .= ''; + $outStr .= ''; } else { $outStr .= ''; $outStr .= $this->renderDocumentLink($aDataRow); @@ -149,11 +149,11 @@ class TitleColumn extends BrowseColumn { } return $outStr; } - + function prettySize($size) { $finalSize = $size; $label = 'b'; - + if ($finalSize > 1000) { $label='Kb'; $finalSize = floor($finalSize/1000); } if ($finalSize > 1000) { $label='Mb'; $finalSize = floor($finalSize/1000); } return $finalSize . $label; @@ -169,15 +169,15 @@ class TitleColumn extends BrowseColumn { class DateColumn extends BrowseColumn { var $field_function; - + // $sDocumentFieldFunction is _called_ on the document. function DateColumn($sLabel, $sName, $sDocumentFieldFunction) { $this->field_function = $sDocumentFieldFunction; parent::BrowseColumn($sLabel, $sName); - + } - - function renderHeader($sReturnURL) { + + function renderHeader($sReturnURL) { $text = $this->label; $href = $sReturnURL . '&sort_on=' . $this->name . '&sort_order='; if ($this->sort_on) { @@ -185,31 +185,31 @@ class DateColumn extends BrowseColumn { } else { $href .= $this->sort_direction = 'asc'; } - + return ''.$text.''; - + } - + // use inline, since its just too heavy to even _think_ about using smarty. - function renderData($aDataRow) { + function renderData($aDataRow) { $outStr = ''; if ($aDataRow['type'] == 'folder') { $outStr = ' '; // no-op on folders. } else { $fn = $this->field_function; $dColumnDate = strtotime($aDataRow['document']->$fn()); - + // now reformat this into something "pretty" $outStr = date('Y-m-d H:i', $dColumnDate); } return $outStr; } - + function _mimeHelper($iMimeTypeId) { // FIXME lazy cache this. $sQuery = 'SELECT icon_path FROM mime_types WHERE id = ?'; $res = DBUtil::getOneResult(array($sQuery, array($iMimeTypeId))); - + if ($res[0] !== null) { return $res[0]; } else { @@ -228,15 +228,15 @@ class DateColumn extends BrowseColumn { class UserColumn extends BrowseColumn { var $field_function; - + // $sDocumentFieldFunction is _called_ on the document. function UserColumn($sLabel, $sName, $sDocumentFieldFunction) { $this->field_function = $sDocumentFieldFunction; parent::BrowseColumn($sLabel, $sName); - + } - - function renderHeader($sReturnURL) { + + function renderHeader($sReturnURL) { $text = $this->label; $href = $sReturnURL . '&sort_on=' . $this->name . '&sort_order='; if ($this->sort_on) { @@ -244,13 +244,13 @@ class UserColumn extends BrowseColumn { } else { $href .= $this->sort_direction = 'asc'; } - + return ''.$text.''; - + } - + // use inline, since its just too heavy to even _think_ about using smarty. - function renderData($aDataRow) { + function renderData($aDataRow) { $outStr = ''; $fn = $this->field_function; $iUserId = null; @@ -294,36 +294,36 @@ class SelectionColumn extends BrowseColumn { parent::BrowseColumn($sLabel, $sName); } - function renderHeader($sReturnURL) { + function renderHeader($sReturnURL) { // FIXME clean up access to oPage. global $main; $main->requireJSResource('resources/js/toggleselect.js'); - + return ''; - + } - + // only include the _f or _d IF WE HAVE THE OTHER TYPE. - function renderData($aDataRow) { + function renderData($aDataRow) { $localname = $this->name; - - if (($aDataRow['type'] === 'folder') && ($this->show_folders)) { + + if (($aDataRow['type'] === 'folder') && ($this->show_folders)) { if ($this->show_documents) { - $localname .= '_f[]'; + $localname .= '_f[]'; } - $v = $aDataRow['folderid']; - } else if (($aDataRow['type'] === 'document') && $this->show_documents) { + $v = $aDataRow['folderid']; + } else if (($aDataRow['type'] === 'document') && $this->show_documents) { if ($this->show_folders) { - $localname .= '_d[]'; + $localname .= '_d[]'; } - $v = $aDataRow['docid']; - } else { - return ' '; + $v = $aDataRow['docid']; + } else { + return ' '; } - + return ''; } - + } @@ -337,58 +337,58 @@ class SingleSelectionColumn extends SelectionColumn { parent::BrowseColumn($sLabel, $sName); } - function renderHeader($sReturnURL) { + function renderHeader($sReturnURL) { global $main; } - + // only include the _f or _d IF WE HAVE THE OTHER TYPE. - function renderData($aDataRow) { + function renderData($aDataRow) { $localname = $this->name; - - if (($aDataRow['type'] === 'folder') && ($this->show_folders)) { + + if (($aDataRow['type'] === 'folder') && ($this->show_folders)) { if ($this->show_documents) { - $localname .= '_f'; + $localname .= '_f'; } - $v = $aDataRow['folderid']; - } else if (($aDataRow['type'] === 'document') && $this->show_documents) { + $v = $aDataRow['folderid']; + } else if (($aDataRow['type'] === 'document') && $this->show_documents) { if ($this->show_folders) { - $localname .= '_d'; + $localname .= '_d'; } - $v = $aDataRow['docid']; - } else { - return ' '; + $v = $aDataRow['docid']; + } else { + return ' '; } - + return ''; } - + } class WorkflowColumn extends BrowseColumn { - function renderHeader($sReturnURL) { - $text = $this->label; + function renderHeader($sReturnURL) { + $text = $this->label; $href = $sReturnURL . '&sort_on=' . $this->name . '&sort_order='; if ($this->sort_on) { $href .= $this->sort_direction == 'asc' ? 'desc' : 'asc' ; } else { $href .= $this->sort_direction = 'asc'; } - + return ''.$text.''; } - + // use inline, since its just too heavy to even _think_ about using smarty. - function renderData($aDataRow) { + function renderData($aDataRow) { $localname = $this->name; - + // only _ever_ show this folder documents. - if ($aDataRow['type'] === 'folder') { + if ($aDataRow['type'] === 'folder') { return ' '; } - + $oWorkflow = KTWorkflowUtil::getWorkflowForDocument($aDataRow['document']); $oState = KTWorkflowUtil::getWorkflowStateForDocument($aDataRow['document']); if (($oState == null) || ($oWorkflow == null)) { @@ -400,23 +400,23 @@ class WorkflowColumn extends BrowseColumn { } class DownloadColumn extends BrowseColumn { - - function renderHeader($sReturnURL) { - $text = ' '; - + + function renderHeader($sReturnURL) { + $text = ' '; + return $text; } - - function renderData($aDataRow) { + + function renderData($aDataRow) { $localname = $this->name; - + // only _ever_ show this folder documents. - if ($aDataRow['type'] === 'folder') { + if ($aDataRow['type'] === 'folder') { return ' '; } - + // FIXME at some point we may want to hide this if the user doens't have the download action, but its OK for now. $link = KTUtil::ktLink('action.php','ktcore.actions.document.view', 'fDocumentId=' . $aDataRow['document']->getId()); $outStr = sprintf('%s', $link, _kt('Download Document'), _kt('Download Document')); diff --git a/lib/browse/Criteria.inc b/lib/browse/Criteria.inc index be1d26e..f4e8d55 100644 --- a/lib/browse/Criteria.inc +++ b/lib/browse/Criteria.inc @@ -8,7 +8,7 @@ * License Version 1.1.2 ("License"); You may not use this file except in * compliance with the License. You may obtain a copy of the License at * http://www.knowledgetree.com/KPL - * + * * Software distributed under the License is distributed on an "AS IS" * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. * See the License for the specific language governing rights and @@ -19,9 +19,9 @@ * (ii) the KnowledgeTree copyright notice * in the same form as they appear in the distribution. See the License for * requirements. - * + * * The Original Code is: KnowledgeTree Open Source - * + * * The Initial Developer of the Original Code is The Jam Warehouse Software * (Pty) Ltd, trading as KnowledgeTree. * Portions created by The Jam Warehouse Software (Pty) Ltd are Copyright @@ -92,7 +92,7 @@ class BrowseCriterion { } function parameterDisplay($aData) { - return sprintf("%s %s", $this->baseParameterDisplay(), $aData[$this->getWidgetBase()]); + return sprintf("%s %s", $this->baseParameterDisplay(), htmlentities($aData[$this->getWidgetBase()],ENT_QUOTES, 'UTF-8')); } function folderQuery ($iParentID, $sSortDirection) { @@ -144,7 +144,7 @@ class BrowseCriterion { // $sSortField = $this->getSortField(); $documentQuery .= "ORDER BY " . $this->getSortField() . " " . $sSortDirection; } - + return array($documentQuery, $aParams); } @@ -176,7 +176,7 @@ class BrowseCriterion { function getID() { return $this->iID; } - + function getNameSpace() { return $this->sNamespace; } @@ -203,10 +203,10 @@ class BrowseCriterion { return $this->getNotWidget($aPreValue) . "getWidgetBase() . "\" />"; } } - + function getNotWidget($aPreValue=null) { if (!$this->bHandleNot) { return ''; } - + // not perfect, but acceptable. $form_name = $this->getWidgetBase() . '_not'; $pos_select = ''; @@ -229,7 +229,7 @@ class BrowseCriterion { $is_string = _kt('is'); } else { $not_string = _kt('does not contain'); - $is_string = _kt('contains'); + $is_string = _kt('contains'); } $widget = sprintf(' ', $form_name, $pos_select, $is_string, $neg_select, $not_string); return $widget; @@ -254,14 +254,14 @@ class BrowseCriterion { // handle the boolean "not" stuff UNLESS our caller is doing so already. if ($handle_not) { $want_invert = KTUtil::arrayGet($aRequest, $this->getWidgetBase() . '_not'); - + if (is_null($want_invert) || ($want_invert == "0")) { // use explicit "0" check return $val; } else { $val[0] = '(NOT (' . $val[0] . '))'; } } - + return $val; } @@ -276,7 +276,7 @@ class NameCriterion extends BrowseCriterion { var $bString = true; var $sSearchTable = "DC"; var $bContains = true; - + var $sDocumentField = 'filename'; var $sSortField = 'filename'; var $sNamespace = 'ktcore.criteria.name'; @@ -343,7 +343,7 @@ class TitleCriterion extends BrowseCriterion { function TitleCriterion() { $this->sDisplay = _kt('Document Title'); } - + function documentDisplay ($oDocument) { return $oDocument->getName(); } @@ -370,7 +370,7 @@ class CreatorCriterion extends BrowseCriterion { function CreatorCriterion() { $this->sDisplay = _kt('Creator'); } - + function documentDisplay ($oDocument) { $oCreator = User::get($oDocument->getCreatorID()); if ($oCreator) { @@ -388,7 +388,7 @@ class CreatorCriterion extends BrowseCriterion { $oUser =& User::get($aData[$this->getWidgetBase()]); if(PEAR::isError($oUser)) { return $sBase . 'unknown user'; - } + } return $sBase . $oUser->getName(); } @@ -434,7 +434,7 @@ class DateCreatedCriterion extends BrowseCriterion { if($sStart) { $sDisp .= _kt('after ') .$sStart; - } + } if($sStart && $sEnd) { $sDisp .= _kt(' and '); } @@ -449,9 +449,9 @@ class DateCreatedCriterion extends BrowseCriterion { } function searchWidget ($aRequest, $aPreValue = null) { global $default; - + // IMPORTANT: this requires the presence of kt3-calendar.js - + $sStartWidget = $this->getWidgetBase() . "_start"; $sEndWidget = $this->getWidgetBase() . "_end"; /* // legacy code. @@ -480,8 +480,8 @@ class DateCreatedCriterion extends BrowseCriterion { } else { $sEnd = $aRequest[$this->getWidgetBase() . "_end"]; } - - + + $val = null; if ($sStart && $sEnd) { $val = array($this->getSearchTable() . "." . $this->getSearchField() . " BETWEEN ? AND ?", array($sStart, $sEnd)); @@ -491,17 +491,17 @@ class DateCreatedCriterion extends BrowseCriterion { $val = array($this->getSearchTable() . "." . $this->getSearchField() . " < ?", array($sEnd)); } else { return null; - } - + } + // handle the boolean "not" stuff. $want_invert = KTUtil::arrayGet($aRequest, $this->getWidgetBase() . '_not'); - + if (is_null($want_invert) || ($want_invert == "0")) { return $val; } else { $val[0] = '(NOT (' . $val[0] . '))'; } - + // finally return $val; } @@ -636,15 +636,15 @@ class GenericMetadataCriterion extends BrowseCriterion { $p = parent::searchSQL($aRequest, false); // handle not ourselves. $p[0] = join(' AND ', array($p[0], "$this->sSearchTable.document_field_id = ?")); $p[1] = array_merge($p[1], array($this->iID)); - + // handle the boolean "not" stuff. $want_invert = KTUtil::arrayGet($aRequest, $this->getWidgetBase() . '_not'); if (is_null($want_invert) || ($want_invert == "0")) { return $p; } else { $p[0] = '(NOT (' . $p[0] . '))'; - } - + } + return $p; } @@ -671,9 +671,9 @@ class GeneralMetadataCriterion extends BrowseCriterion { { $this->sDisplay = _kt('General Metadata'); } - + function documentDisplay ($oDocument) { - + return 'General Metadata'; } @@ -682,11 +682,11 @@ class GeneralMetadataCriterion extends BrowseCriterion { return $this->aLookup['field']; } - + function searchSQL ($aRequest) { - $val = array('('.$this->getSearchTable() . "." . $this->getSearchField() . " LIKE '%!%' OR DM.name LIKE '%!%' )", - array(DBUtil::escapeSimple($aRequest[$this->getWidgetBase()]),DBUtil::escapeSimple($aRequest[$this->getWidgetBase()]))); - + $val = array('('.$this->getSearchTable() . "." . $this->getSearchField() . " LIKE '%!%' OR DM.name LIKE '%!%' )", + array(DBUtil::escapeSimple($aRequest[$this->getWidgetBase()]),DBUtil::escapeSimple($aRequest[$this->getWidgetBase()]))); + return $val; } @@ -736,7 +736,7 @@ class SizeCriterion extends BrowseCriterion { function SizeCriterion() { $this->sDisplay = _kt('File Size'); } - + function documentDisplay ($oDocument) { return $oDocument->getFileSize(); } @@ -747,7 +747,7 @@ class SizeCriterion extends BrowseCriterion { function parameterDisplay($aData) { $sBase = $this->getWidgetBase(); - return sprintf("%s %s %s %s", $this->baseParameterDisplay(), $this->aCmps[$aData[$sBase.'_not']], $aData[$sBase.'_num'], $this->aTypes[$aData[$sBase.'_type']]); + return sprintf("%s %s %s %s", $this->baseParameterDisplay(), $this->aCmps[$aData[$sBase.'_not']], htmlentities($aData[$sBase.'_num'],ENT_QUOTES,'UTF-8'), $this->aTypes[$aData[$sBase.'_type']]); } function searchWidget ($aRequest, $aPreValue = null) { @@ -763,7 +763,7 @@ class SizeCriterion extends BrowseCriterion { // build number $sNumInput = sprintf('', $sNumWidget, KTUtil::arrayGet($aPreValue, $sNumWidget, '')); - + // build type selection widget $sTypeSelect = '\n"; @@ -937,9 +937,9 @@ class DiscussionTextCriterion extends BrowseCriterion { function DiscussionTextCriterion() { $this->sDisplay = _kt('Discussion Threads'); - } - - + } + + function documentDisplay ($oDocument) { return "Discussion Threads"; } @@ -959,15 +959,15 @@ class DiscussionTextCriterion extends BrowseCriterion { $p = array(); $p[0] = "MATCH(DDCT.body) AGAINST (? $boolean_mode)"; $p[1] = KTUtil::phraseQuote($aRequest[$this->getWidgetBase()]); - + // handle the boolean "not" stuff. $want_invert = KTUtil::arrayGet($aRequest, $this->getWidgetBase() . '_not'); if (is_null($want_invert) || ($want_invert == "0")) { return $p; } else { $p[0] = '(NOT (' . $p[0] . '))'; - } - + } + return $p; } @@ -989,8 +989,8 @@ class SearchableTextCriterion extends BrowseCriterion { function SearchableTextCriterion() { $this->sDisplay = _kt('Simple Search Text'); - } - + } + function documentDisplay ($oDocument) { return "Simple search text"; } @@ -1000,7 +1000,7 @@ class SearchableTextCriterion extends BrowseCriterion { function getSearchField () { return "document_text"; - } + } function searchSQL ($aRequest) { $oKTConfig =& KTConfig::getSingleton(); @@ -1015,11 +1015,11 @@ class SearchableTextCriterion extends BrowseCriterion { } else { $boolean_mode = ""; } - + $p = array(); $temp = str_replace('%', '', $aRequest[$this->getWidgetBase()]); $keywords = explode(' ', $temp); - + for($i=0; $isDisplay = _kt('Transaction Text'); - } - + } + function documentDisplay ($oDocument) { return "Transaction text"; } @@ -1092,15 +1092,15 @@ class TransactionTextCriterion extends BrowseCriterion { $p = array(); $p[0] = "MATCH(DTT.document_text) AGAINST (? $boolean_mode)"; $p[1] = KTUtil::phraseQuote($aRequest[$this->getWidgetBase()]); - + // handle the boolean "not" stuff. $want_invert = KTUtil::arrayGet($aRequest, $this->getWidgetBase() . '_not'); if (is_null($want_invert) || ($want_invert == "0")) { return $p; } else { $p[0] = '(NOT (' . $p[0] . '))'; - } - + } + return $p; } @@ -1118,11 +1118,11 @@ class TagCloudCriterion extends BrowseCriterion { var $sSortField = 'tag'; var $sNamespace = 'ktcore.criteria.tagcloud'; var $sSearchTable = "TWS" ; - + function TagCloudCriterion() { $this->sDisplay = _kt('Tag Cloud'); - } - + } + function documentDisplay ($oDocument) { return "Tag Cloud"; } @@ -1132,16 +1132,16 @@ class TagCloudCriterion extends BrowseCriterion { function searchSQL ($aRequest) { $p = parent::searchSQL($aRequest, false); // handle not ourselves. - + // handle the boolean "not" stuff. $want_invert = KTUtil::arrayGet($aRequest, $this->getWidgetBase() . '_not'); if (is_null($want_invert) || ($want_invert == "0")) { return $p; } else { $p[0] = '(NOT (' . $p[0] . '))'; - } - - return $p; + } + + return $p; } function searchJoinSQL () { @@ -1163,14 +1163,14 @@ class DateCreatedDeltaCriterion extends DateCreatedCriterion { function DateCreatedDeltaCriterion() { $this->sDisplay = _kt('Date Created Delta'); - } + } - function parameterDisplay($aData) { + function parameterDisplay($aData) { $sNum = KTUtil::arrayGet($aData, $this->getWidgetBase() . '_num'); $sType = KTUtil::arrayGet($aData, $this->getWidgetBase() . '_type'); return sprintf('%s %s %s', $this->baseParameterDisplay(), $sNum, $this->aTypes[$sType]); } - + function searchWidget ($aRequest, $aPreValue = null) { $sNumWidget = $this->getWidgetBase() . '_num'; $sTypeWidget = $this->getWidgetBase() . '_type'; @@ -1196,7 +1196,7 @@ class DateCreatedDeltaCriterion extends DateCreatedCriterion { $sType = KTUtil::arrayGet($aRequest, $this->getWidgetBase() . '_type'); $val = array($this->getSearchTable() . "." . $this->getSearchField() . " > SUBDATE(NOW(), INTERVAL ? {$sType})", array($sNum)); - + $want_invert = KTUtil::arrayGet($aRequest, $this->getWidgetBase() . '_not'); if (is_null($want_invert) || ($want_invert == "0")) { return $val; @@ -1215,8 +1215,8 @@ class DateModifiedDeltaCriterion extends DateCreatedDeltaCriterion { function DateModifiedDeltaCriterion() { $this->sDisplay = _kt('Date Modified Delta'); - } - + } + function documentDisplay ($oDocument) { return $oDocument->getLastModifiedDate(); } diff --git a/lib/browse/DocumentCollection.inc.php b/lib/browse/DocumentCollection.inc.php index 98960cc..de35347 100644 --- a/lib/browse/DocumentCollection.inc.php +++ b/lib/browse/DocumentCollection.inc.php @@ -6,7 +6,7 @@ * License Version 1.1.2 ("License"); You may not use this file except in * compliance with the License. You may obtain a copy of the License at * http://www.knowledgetree.com/KPL - * + * * Software distributed under the License is distributed on an "AS IS" * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. * See the License for the specific language governing rights and @@ -17,9 +17,9 @@ * (ii) the KnowledgeTree copyright notice * in the same form as they appear in the distribution. See the License for * requirements. - * + * * The Original Code is: KnowledgeTree Open Source - * + * * The Initial Developer of the Original Code is The Jam Warehouse Software * (Pty) Ltd, trading as KnowledgeTree. * Portions created by The Jam Warehouse Software (Pty) Ltd are Copyright @@ -29,9 +29,9 @@ * */ -require_once(KT_LIB_DIR . '/templating/templating.inc.php'); -require_once(KT_LIB_DIR . '/documentmanagement/Document.inc'); -require_once(KT_LIB_DIR . '/foldermanagement/Folder.inc'); +require_once(KT_LIB_DIR . '/templating/templating.inc.php'); +require_once(KT_LIB_DIR . '/documentmanagement/Document.inc'); +require_once(KT_LIB_DIR . '/foldermanagement/Folder.inc'); require_once(KT_LIB_DIR . '/browse/PartialQuery.inc.php'); class DocumentCollection { @@ -43,90 +43,90 @@ class DocumentCollection { var $_aDocumentJoinParams = null; var $_sDocumentSortField = null; var $_queryObj = null; - + // current documents (in _this_ batch.) var $activeset = null; var $_documentData = array(); // [docid] => array(); var $_folderData = array(); // [folderid] => array(); var $columns = array(); // the columns in use - + var $returnURL = null; - + var $folderCount = 0; var $documentCount = 0; - var $itemCount = 0; + var $itemCount = 0; var $batchStart = 0; // if batch specified a "start". var $batchPage = 0; var $batchSize = 20; // size of the batch // FIXME make this configurable. - - + + var $sort_column; var $sort_order; - + var $is_advanced = false; - + var $empty_message; - + /* initialisation */ - + function DocumentCollection() { - $this->empty_message = _kt('No folders or documents in this location.'); + $this->empty_message = _kt('No folders or documents in this location.'); } - + // columns should be added in the "correct" order (e.g. display order) - function addColumn($oBrowseColumn) { array_push($this->columns, $oBrowseColumn); } - function setQueryObject($oQueryObj) { $this->_queryObj = $oQueryObj; } + function addColumn($oBrowseColumn) { array_push($this->columns, $oBrowseColumn); } + function setQueryObject($oQueryObj) { $this->_queryObj = $oQueryObj; } + + /* fetch cycle */ - /* fetch cycle */ - // FIXME this needs to be handled by US, not browse / search. - + function setBatching($sReturnURL, $iBatchPage, $iBatchSize) { $this->returnURL = $sReturnURL; - $this->batchPage = $iBatchPage; - $this->batchSize = $iBatchSize; - $this->batchStart = $this->batchPage * $this->batchSize; - } - + $this->batchPage = $iBatchPage; + $this->batchSize = $iBatchSize; + $this->batchStart = $this->batchPage * $this->batchSize; + } + // column is the label of the column. - - function setSorting($sSortColumn, $sSortOrder) { + + function setSorting($sSortColumn, $sSortOrder) { // FIXME affect the column based on this. - + // defaults $this->_sDocumentSortField = 'DM.name'; $this->_sFolderSortField = 'F.name'; - + // then we start. - $this->sort_column = $sSortColumn; - $this->sort_order = $sSortOrder; - - + $this->sort_column = $sSortColumn; + $this->sort_order = $sSortOrder; + + // this is O(n). Do this only after adding all columns. - foreach ($this->columns as $key => $oColumn) { - if ($oColumn->name == $sSortColumn) { + foreach ($this->columns as $key => $oColumn) { + if ($oColumn->name == $sSortColumn) { // nb: don't use $oColumn - its a different object (?) $this->columns[$key]->setSortedOn(true); $this->columns[$key]->setSortDirection($sSortOrder); - + // get the join params from the object. $aFQ = $this->columns[$key]->addToFolderQuery(); $aDQ = $this->columns[$key]->addToDocumentQuery(); - + $this->_sFolderJoinClause = $aFQ[0]; $this->_aFolderJoinParams = $aFQ[1]; if ($aFQ[2]) { $this->_sFolderSortField = $aFQ[2]; } $this->_sDocumentJoinClause = $aDQ[0]; $this->_aDocumentJoinParams = $aDQ[1]; if ($aDQ[2]) { $this->_sDocumentSortField = $aDQ[2]; } - + } else { $oColumn->setSortedOn(false); } - + } - + } // finally, generate the results. either (documents or folders) could be null/empty @@ -144,14 +144,14 @@ class DocumentCollection { $this->documentCount = 0; } $this->itemCount = $this->documentCount + $this->folderCount; - + // now we need the active set: this is based on the batchsize, // batchstart. this is divided into folders/documents. (_no_ intermingling). $folderSet = null; $documentSet = null; // assume we have not documents. This impacts "where" our documents start. - // + // $no_folders = true; $documents_to_get = $this->batchSize; $folders_to_get = 0; @@ -165,10 +165,10 @@ class DocumentCollection { } else { $documents_to_get -= $folders_to_get; // batch-size less the folders. } - + } - - + + if ($no_folders) { $this->batchStart -= $this->folderCount; $documentSet = $this->_queryObj->getDocuments($documents_to_get, $this->batchStart, $this->_sDocumentSortField, $this->sort_order, $this->_sDocumentJoinClause, $this->_aDocumentJoinParams); @@ -177,7 +177,7 @@ class DocumentCollection { if ($documents_to_get > 0) { $documentSet = $this->_queryObj->getDocuments($documents_to_get, 0, $this->_sDocumentSortField, $this->sort_order, $this->_sDocumentJoinClause, $this->_aDocumentJoinParams); } - + } //var_dump($folderSet); $this->activeset = array( @@ -186,49 +186,49 @@ class DocumentCollection { ); } - // stub: fetch all relevant information about a document (that will reasonably be fetched). - function getDocumentInfo($iDocumentId) { + // stub: fetch all relevant information about a document (that will reasonably be fetched). + function getDocumentInfo($iDocumentId) { if (array_key_exists($iDocumentId, $this->_documentData)) { - return $this->_documentData[$iDocumentId]; + return $this->_documentData[$iDocumentId]; } else { $this->_documentData[$iDocumentId] = $this->_retrieveDocumentInfo($iDocumentId); return $this->_documentData[$iDocumentId]; } - } - function _retrieveDocumentInfo($iDocumentId) { + } + function _retrieveDocumentInfo($iDocumentId) { $row_info = array('docid' => $iDocumentId); $row_info['type'] = 'document'; $row_info['document'] =& Document::get($iDocumentId); - + return $row_info; } - + // FIXME get more document info. - function getFolderInfo($iFolderId) { + function getFolderInfo($iFolderId) { if (array_key_exists($iFolderId, $this->_folderData)) { - return $this->_folderData[$iFolderId]; + return $this->_folderData[$iFolderId]; } else { $this->_folderData[$iFolderId] = $this->_retrieveFolderInfo($iFolderId); return $this->_folderData[$iFolderId]; - } - } - + } + } + // FIXME get more folder info. - function _retrieveFolderInfo($iFolderId) { + function _retrieveFolderInfo($iFolderId) { $row_info = array('folderid' => $iFolderId); $row_info['type'] = 'folder'; - $row_info['folder'] =& Folder::get($iFolderId); - + $row_info['folder'] =& Folder::get($iFolderId); + return $row_info; } - + // render a particular row. function renderRow($iDocumentId) { ; } // link url for a particular page. - function pageLink($iPageNumber) { - return $this->returnURL . '&page=' . $iPageNumber . '&sort_on=' . $this->sort_column . '&sort_order=' . $this->sort_order; + function pageLink($iPageNumber) { + return $this->returnURL . '&page=' . $iPageNumber . '&sort_on=' . $this->sort_column . '&sort_order=' . $this->sort_order; } - + function render() { // sort out the batch $pagecount = (int) floor($this->itemCount / $this->batchSize); @@ -236,7 +236,7 @@ class DocumentCollection { $pagecount += 1; } // FIXME expose the current set of rows to the document. - + $oTemplating =& KTTemplating::getSingleton(); $oTemplate = $oTemplating->loadTemplate('kt3/document_collection'); $aTemplateData = array( @@ -246,7 +246,7 @@ class DocumentCollection { 'returnURL' => $this->returnURL, 'columncount' => count($this->columns), ); - + // in order to allow OTHER things than batch to move us around, we do: return $oTemplate->render($aTemplateData); } @@ -272,52 +272,52 @@ class AdvancedCollection { var $_queryObj = null; var $sort_column; var $sort_order; - + // current documents (in _this_ batch.) - var $activeset = null; + var $activeset = null; var $_documentData = array(); // [docid] => array(); var $_folderData = array(); // [folderid] => array(); var $columns = array(); // the columns in use - + var $returnURL = null; - + var $folderCount = 0; var $documentCount = 0; - var $itemCount = 0; + var $itemCount = 0; var $batchStart = 0; // if batch specified a "start". var $batchPage = 0; var $batchSize = 20; // size of the batch // FIXME make this configurable. - + var $aOptions = array(); var $bShowFolders = true; var $bShowDocuments = true; - - var $_gotData = false; + + var $_gotData = false; var $_sorted = false; - + var $is_browse = false; - + var $empty_message; /* initialisation */ function setOptions($aOptions) { - $this->aOptions = $aOptions; - + $this->aOptions = $aOptions; + // batching - $this->batchPage = KTUtil::arrayGet($aOptions, 'batch_page', 0); - $this->batchSize = KTUtil::arrayGet($aOptions, 'batch_size', 25); - $this->batchStart = $this->batchPage * $this->batchSize; - + $this->batchPage = KTUtil::arrayGet($aOptions, 'batch_page', 0); + $this->batchSize = KTUtil::arrayGet($aOptions, 'batch_size', 25); + $this->batchStart = $this->batchPage * $this->batchSize; + // visibility - $this->bShowFolders = KTUtil::arrayGet($aOptions, 'show_folders', true, false); + $this->bShowFolders = KTUtil::arrayGet($aOptions, 'show_folders', true, false); $this->bShowDocuments = KTUtil::arrayGet($aOptions, 'show_documents', true, false); - + $this->is_browse = KTUtil::arrayGet($aOptions, 'is_browse', false); - + // sorting - $this->sort_column = KTUtil::arrayGet($aOptions, 'sort_on', 'ktcore.columns.title'); - $this->sort_order = KTUtil::arrayGet($aOptions, 'sort_order', 'asc'); + $this->sort_column = KTUtil::arrayGet($aOptions, 'sort_on', 'ktcore.columns.title'); + $this->sort_order = KTUtil::arrayGet($aOptions, 'sort_order', 'asc'); // url options $sURL = KTUtil::arrayGet($aOptions, 'return_url', false); @@ -325,19 +325,19 @@ class AdvancedCollection { $sURL = KTUtil::arrayGet($aOptions, 'result_url', $_SERVER['PHP_SELF']); } $this->returnURL = $sURL; - + $this->empty_message = KTUtil::arrayGet($aOptions, 'empty_message', _kt('No folders or documents in this location.')); - } - - + } + + // we use a lot of standard variable names for these (esp. in columns.) // no need to replicate the code everywhere. function getEnvironOptions() { $aNewOptions = array(); - + // batching $aNewOptions['batch_page'] = (int) KTUtil::arrayGet($_REQUEST, 'page', 0); - + // evil with cookies. $batch_size = KTUtil::arrayGet($_REQUEST, 'page_size'); if (empty($batch_size)) { @@ -347,28 +347,28 @@ class AdvancedCollection { setcookie('__kt_batch_size', $batch_size); } $aNewOptions['batch_size'] = (int) $batch_size; - + // ordering. (direction and column) - $aNewOptions['sort_on'] = KTUtil::arrayGet($_REQUEST, 'sort_on', 'ktcore.columns.title'); - $displayOrder = KTUtil::arrayGet($_REQUEST, 'sort_order', 'asc'); + $aNewOptions['sort_on'] = KTUtil::arrayGet($_REQUEST, 'sort_on', 'ktcore.columns.title'); + $displayOrder = KTUtil::arrayGet($_REQUEST, 'sort_order', 'asc'); if ($displayOrder !== 'asc') { $displayOrder = 'desc'; } $aNewOptions['sort_order'] = $displayOrder; - - // probably URL - $aNewOptions['result_url'] = $_SERVER['PHP_SELF']; - + + // probably URL + $aNewOptions['result_url'] = $_SERVER['PHP_SELF']; + // return the environ options return $aNewOptions; } - + function setColumnOptions($sColumnNamespace, $aOptions) { foreach ($this->columns as $key => $oColumn) { if ($oColumn->namespace == $sColumnNamespace) { - $this->columns[$key]->setOptions($aOptions); + $this->columns[$key]->setOptions($aOptions); } } } - + function getColumnOptions($sColumnNamespace) { foreach ($this->columns as $key => $oColumn) { if ($oColumn->namespace == $sColumnNamespace) { @@ -376,59 +376,59 @@ class AdvancedCollection { } } } - + // columns should be added in the "correct" order (e.g. display order) - function addColumn($oBrowseColumn) { array_push($this->columns, $oBrowseColumn); } + function addColumn($oBrowseColumn) { array_push($this->columns, $oBrowseColumn); } function addColumns($aColumns) { $this->columns = kt_array_merge($this->columns, $aColumns); } - function setQueryObject($oQueryObj) { $this->_queryObj = $oQueryObj; } + function setQueryObject($oQueryObj) { $this->_queryObj = $oQueryObj; } + + /* fetch cycle */ + function setSorting() { + + $this->_sorted = true; - /* fetch cycle */ - function setSorting() { - - $this->_sorted = true; - // defaults $this->_sDocumentSortField = 'DM.name'; - $this->_sFolderSortField = 'F.name'; - - foreach ($this->columns as $key => $oColumn) { - if ($oColumn->namespace == $this->sort_column) { + $this->_sFolderSortField = 'F.name'; + + foreach ($this->columns as $key => $oColumn) { + if ($oColumn->namespace == $this->sort_column) { $this->columns[$key]->setSortedOn(true); $this->columns[$key]->setSortDirection($this->sort_order); // get the join params from the object. $aFQ = $this->columns[$key]->addToFolderQuery(); $aDQ = $this->columns[$key]->addToDocumentQuery(); - + $this->_sFolderJoinClause = $aFQ[0]; $this->_aFolderJoinParams = $aFQ[1]; - + if ($aFQ[2]) { $this->_sFolderSortField = $aFQ[2]; } $this->_sDocumentJoinClause = $aDQ[0]; - $this->_aDocumentJoinParams = $aDQ[1]; - - if ($aDQ[2]) { + $this->_aDocumentJoinParams = $aDQ[1]; + + if ($aDQ[2]) { $this->_sDocumentSortField = $aDQ[2]; } } else { $oColumn->setSortedOn(false); } } } - + // finally, generate the results. either (documents or folders) could be null/empty // FIXME handle column-for-sorting (esp. md?) function getResults() { - + if ($this->_gotInfo == true) { - return; - } - + return; + } + // this impacts the query used. if (!$this->_sorted) { $this->setSorting(); - } - + } + // work out how many of each item type we're going to expect. if ($this->bShowFolders) { $this->folderCount = $this->_queryObj->getFolderCount(); @@ -439,9 +439,9 @@ class AdvancedCollection { } else { $this->folderCount = 0; } - + if ($this->bShowDocuments) { - $this->documentCount = $this->_queryObj->getDocumentCount(); + $this->documentCount = $this->_queryObj->getDocumentCount(); if (PEAR::isError($this->documentCount)) { $_SESSION['KTErrorMessage'][] = $this->documentCount->toString(); $this->documentCount = 0; @@ -449,21 +449,21 @@ class AdvancedCollection { } else { $this->documentCount = 0; } - + $this->itemCount = $this->documentCount + $this->folderCount; - + // now we need the active set: this is based on the batchsize, // batchstart. this is divided into folders/documents. (_no_ intermingling). $folderSet = null; $documentSet = null; // assume we have not documents. This impacts "where" our documents start. - // + // $no_folders = true; if ($this->bShowDocuments) { $documents_to_get = $this->batchSize; } else { - $documents_to_get = 0; + $documents_to_get = 0; } $folders_to_get = 0; @@ -480,27 +480,27 @@ class AdvancedCollection { if ($no_folders) { $this->batchStart -= $this->folderCount; - $documentSet = $this->_queryObj->getDocuments($documents_to_get, - $this->batchStart, - $this->_sDocumentSortField, - $this->sort_order, - $this->_sDocumentJoinClause, + $documentSet = $this->_queryObj->getDocuments($documents_to_get, + $this->batchStart, + $this->_sDocumentSortField, + $this->sort_order, + $this->_sDocumentJoinClause, $this->_aDocumentJoinParams); } else { - $folderSet = $this->_queryObj->getFolders($folders_to_get, - $this->batchStart, - $this->_sFolderSortField, - $this->sort_order, - $this->_sFolderJoinQuery, + $folderSet = $this->_queryObj->getFolders($folders_to_get, + $this->batchStart, + $this->_sFolderSortField, + $this->sort_order, + $this->_sFolderJoinQuery, $this->_aFolderJoinParams); - // if we're getting -any- documents this round, then get some. + // if we're getting -any- documents this round, then get some. if ($documents_to_get > 0) { - $documentSet = $this->_queryObj->getDocuments($documents_to_get, - 0, - $this->_sDocumentSortField, - $this->sort_order, - $this->_sDocumentJoinClause, + $documentSet = $this->_queryObj->getDocuments($documents_to_get, + 0, + $this->_sDocumentSortField, + $this->sort_order, + $this->_sDocumentJoinClause, $this->_aDocumentJoinParams); } } @@ -516,11 +516,11 @@ class AdvancedCollection { //var_dump($documentSet); exit(0); $documentSet = array(); $this->documentCount = 0; - + } - - $this->itemCount = $this->documentCount + $this->folderCount; - + + $this->itemCount = $this->documentCount + $this->folderCount; + $this->activeset = array( 'folders' => $folderSet, 'documents' => $documentSet, @@ -529,72 +529,72 @@ class AdvancedCollection { $this->_gotInfo = true; // don't do this twice ... } - // stub: fetch all relevant information about a document (that will reasonably be fetched). - function getDocumentInfo($iDocumentId) { + // stub: fetch all relevant information about a document (that will reasonably be fetched). + function getDocumentInfo($iDocumentId) { if (array_key_exists($iDocumentId, $this->_documentData)) { - return $this->_documentData[$iDocumentId]; + return $this->_documentData[$iDocumentId]; } else { $this->_documentData[$iDocumentId] = $this->_retrieveDocumentInfo($iDocumentId); return $this->_documentData[$iDocumentId]; } } - - function _retrieveDocumentInfo($iDocumentId) { + + function _retrieveDocumentInfo($iDocumentId) { $row_info = array('docid' => $iDocumentId); $row_info['type'] = 'document'; $row_info['document'] =& Document::get($iDocumentId); return $row_info; } - + // FIXME get more document info. - function getFolderInfo($iFolderId) { + function getFolderInfo($iFolderId) { if (array_key_exists($iFolderId, $this->_folderData)) { - return $this->_folderData[$iFolderId]; + return $this->_folderData[$iFolderId]; } else { $this->_folderData[$iFolderId] = $this->_retrieveFolderInfo($iFolderId); return $this->_folderData[$iFolderId]; - } + } } - + // FIXME get more folder info. - function _retrieveFolderInfo($iFolderId) { + function _retrieveFolderInfo($iFolderId) { $row_info = array('folderid' => $iFolderId); $row_info['type'] = 'folder'; - $row_info['folder'] =& Folder::get($iFolderId); - + $row_info['folder'] =& Folder::get($iFolderId); + return $row_info; } - + // render a particular row. function renderRow($iDocumentId) { ; } - + // link url for a particular page. - function pageLink($iPageNumber) { - $qs = sprintf('page=%s&sort_on=%s&sort_order=%s', $iPageNumber, $this->sort_column, $this->sort_order); - return KTUtil::addQueryString($this->returnURL, $qs); + function pageLink($iPageNumber) { + $qs = sprintf('page=%s&sort_on=%s&sort_order=%s', $iPageNumber, $this->sort_column, $this->sort_order); + return KTUtil::addQueryString($this->returnURL, $qs); } - - function render() { + + function render() { $this->setSorting(); - $this->getResults(); - + $this->getResults(); + // ensure all columns use the correct url //var_dump($this->returnURL); exit(0); $aOpt = array('return_url' => $this->returnURL); foreach ($this->columns as $k => $v) { $this->columns[$k]->setOptions($aOpt); } - + // sort out the batch $pagecount = (int) floor($this->itemCount / $this->batchSize); if (($this->itemCount % $this->batchSize) != 0) { $pagecount += 1; } - + // ick. global $main; $main->requireJSResource('resources/js/browsehelper.js'); - + $oTemplating =& KTTemplating::getSingleton(); $oTemplate = $oTemplating->loadTemplate('kt3/document_collection'); $aTemplateData = array( @@ -603,10 +603,10 @@ class AdvancedCollection { 'currentpage' => $this->batchPage, 'returnURL' => $this->returnURL, 'columncount' => count($this->columns), - 'bIsBrowseCollection' => $this->is_browse, + 'bIsBrowseCollection' => $this->is_browse, 'batch_size' => $this->batchSize, ); - + // in order to allow OTHER things than batch to move us around, we do: return $oTemplate->render($aTemplateData); } diff --git a/lib/documentmanagement/Document.inc b/lib/documentmanagement/Document.inc index 541223e..ff07fd3 100644 --- a/lib/documentmanagement/Document.inc +++ b/lib/documentmanagement/Document.inc @@ -6,7 +6,7 @@ * License Version 1.1.2 ("License"); You may not use this file except in * compliance with the License. You may obtain a copy of the License at * http://www.knowledgetree.com/KPL - * + * * Software distributed under the License is distributed on an "AS IS" * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. * See the License for the specific language governing rights and @@ -17,9 +17,9 @@ * (ii) the KnowledgeTree copyright notice * in the same form as they appear in the distribution. See the License for * requirements. - * + * * The Original Code is: KnowledgeTree Open Source - * + * * The Initial Developer of the Original Code is The Jam Warehouse Software * (Pty) Ltd, trading as KnowledgeTree. * Portions created by The Jam Warehouse Software (Pty) Ltd are Copyright @@ -42,76 +42,76 @@ require_once(KT_LIB_DIR . '/documentmanagement/documentmetadataversion.inc.php') class Document { var $iId; - + var $_oDocumentCore = null; var $_oDocumentContentVersion = null; var $_oDocumentMetadataVersion = null; - + var $iCurrentMetadataVersionId = null; // {{{ getters/setters // locally stored info. - + function getId() { return $this->iId; } - + // Document Core - + function getFolderID() { return $this->_oDocumentCore->getFolderId(); } function setFolderID($iNewValue) { $this->_oDocumentCore->setFolderId($iNewValue); } function getFullPath() { return $this->_oDocumentCore->getFullPath(); } - + function getCreatorID() { return $this->_oDocumentCore->getCreatorId(); } function setCreatorID($iNewValue) { $this->_oDocumentCore->setCreatorId($iNewValue); } - + function getOwnerID() { return $this->_oDocumentCore->getOwnerId(); } function setOwnerID($iNewValue) { $this->_oDocumentCore->setOwnerId($iNewValue); } - + function getLastModifiedDate() { return $this->_oDocumentCore->getLastModifiedDate(); } function setLastModifiedDate($dNewValue) { $this->_oDocumentCore->setLastModifiedDate($dNewValue); } - + function getCreatedDateTime() { return $this->_oDocumentCore->getCreatedDateTime(); } - + function getIsCheckedOut() { return $this->_oDocumentCore->getIsCheckedOut(); } function setIsCheckedOut($bNewValue) { $this->_oDocumentCore->setIsCheckedOut(KTUtil::anyToBool($bNewValue)); } - + function getCheckedOutUserID() { return $this->_oDocumentCore->getCheckedOutUserId(); } function setCheckedOutUserID($iNewValue) { $this->_oDocumentCore->setCheckedOutUserId($iNewValue); } - + function getPermissionObjectID() { return $this->_oDocumentCore->getPermissionObjectId(); } function setPermissionObjectID($iNewValue) { $this->_oDocumentCore->setPermissionObjectId($iNewValue); } - + function getPermissionLookupID() { return $this->_oDocumentCore->getPermissionLookupId(); } function setPermissionLookupID($iNewValue) { $this->_oDocumentCore->setPermissionLookupId($iNewValue); } - + function getModifiedUserId() { return $this->_oDocumentCore->getModifiedUserId(); } function setModifiedUserId($iNewValue) { $this->_oDocumentCore->setModifiedUserId($iNewValue); } function getImmutable() { return $this->_oDocumentCore->getImmutable(); } function setImmutable($mValue) { $this->_oDocumentCore->setImmutable($mValue); } - + function getRestoreFolderId() { return $this->_oDocumentCore->getRestoreFolderId(); } - function setRestoreFolderId($iValue) { $this->_oDocumentCore->setRestoreFolderId($iValue); } + function setRestoreFolderId($iValue) { $this->_oDocumentCore->setRestoreFolderId($iValue); } function getRestoreFolderPath() { return $this->_oDocumentCore->getRestoreFolderPath(); } - function setRestoreFolderPath($sValue) { $this->_oDocumentCore->setRestoreFolderPath($sValue); } - - + function setRestoreFolderPath($sValue) { $this->_oDocumentCore->setRestoreFolderPath($sValue); } + + // Document Metadata Items - + function getDocumentTypeID() { return $this->_oDocumentMetadataVersion->getDocumentTypeId(); } function setDocumentTypeID($sNewValue) { $this->_oDocumentMetadataVersion->setDocumentTypeId($sNewValue); } - + function getName() { return $this->_oDocumentMetadataVersion->getName(); } function setName($sNewValue) { $this->_oDocumentMetadataVersion->setName($sNewValue); } function getDescription() { return $this->_oDocumentMetadataVersion->getDescription(); } function setDescription($sNewValue) { $this->_oDocumentMetadataVersion->setDescription($sNewValue); } - + function getStatusID() { return $this->_oDocumentCore->getStatusId(); } function setStatusID($iNewValue) { $this->_oDocumentMetadataVersion->setStatusId($iNewValue); $this->_oDocumentCore->setStatusId($iNewValue); } - + function getMetadataVersion() { return $this->_oDocumentMetadataVersion->getMetadataVersion(); } function setMetadataVersion($iNewValue) { $this->_oDocumentMetadataVersion->getMetadataVersion($iNewValue); } @@ -120,7 +120,7 @@ class Document { function getContentVersionId() { return $this->_oDocumentMetadataVersion->getContentVersionId(); } function setContentVersionId($iNewValue) { $this->_oDocumentMetadataVersion->setContentVersionId($iNewValue); } - + function getVersionCreated() { return $this->_oDocumentMetadataVersion->getVersionCreated(); } function getVersionCreatorId() { return $this->_oDocumentMetadataVersion->getVersionCreatorId(); } @@ -129,29 +129,29 @@ class Document { function getWorkflowStateId() { return $this->_oDocumentMetadataVersion->getWorkflowStateId(); } function setWorkflowStateId($mValue) { $this->_oDocumentMetadataVersion->setWorkflowStateId($mValue); } - // Document Content Version - + // Document Content Version + function getFileName() { return $this->_oDocumentContentVersion->getFileName(); } function setFileName($sNewValue) { $this->_oDocumentContentVersion->setFileName($sNewValue); } - + function getFileSize() { return $this->_oDocumentContentVersion->getSize(); } function setFileSize($iNewValue) { $this->_oDocumentContentVersion->setSize($iNewValue); } - + function getSize() { return $this->_oDocumentContentVersion->getSize(); } function setSize($iNewValue) { $this->_oDocumentContentVersion->setSize($iNewValue); } - + function getMimeTypeID() { return $this->_oDocumentContentVersion->getMimeTypeId(); } function setMimeTypeID($iNewValue) { $this->_oDocumentContentVersion->setMimeTypeId($iNewValue); } - + function getMajorVersionNumber() { return $this->_oDocumentContentVersion->getMajorVersionNumber(); } function setMajorVersionNumber($iNewValue) { $this->_oDocumentContentVersion->setMajorVersionNumber($iNewValue); } - + function getMinorVersionNumber() { return $this->_oDocumentContentVersion->getMinorVersionNumber(); } function setMinorVersionNumber($iNewValue) { $this->_oDocumentContentVersion->setMinorVersionNumber($iNewValue); } function getStoragePath() { return $this->_oDocumentContentVersion->getStoragePath(); } function setStoragePath($sNewValue) { $this->_oDocumentContentVersion->setStoragePath($sNewValue); } - + // }}} // {{{ getParentID @@ -190,10 +190,10 @@ class Document { function update($bPathMove = false) { $res = $this->_oDocumentCore->update($bPathMove); if (PEAR::isError($res)) { var_dump($res); return $res; } - + $res = $this->_oDocumentContentVersion->update($bPathMove); if (PEAR::isError($res)) { var_dump($res); return $res; } - + $res = $this->_oDocumentMetadataVersion->update($bPathMove); if (PEAR::isError($res)) { var_dump($res); return $res; } @@ -209,7 +209,7 @@ class Document { $iId = (int)$iId; $oDocument = new Document(); $res = $oDocument->load($iId, $iMetadataVersion); - if (PEAR::isError($res)) { + if (PEAR::isError($res)) { return $res; } return $oDocument; @@ -221,21 +221,21 @@ class Document { $this->iId = $iId; $this->_oDocumentCore = KTDocumentCore::get($iId); if (PEAR::isError($this->_oDocumentCore)) { return $this->_oDocumentCore; } - + // FIXME add error $res if MDV > $_oDC->getMDV - if (is_null($iMetadataVersionId)) { - $this->_oDocumentMetadataVersion = KTDocumentMetadataVersion::get($this->_oDocumentCore->getMetadataVersionId()); + if (is_null($iMetadataVersionId)) { + $this->_oDocumentMetadataVersion = KTDocumentMetadataVersion::get($this->_oDocumentCore->getMetadataVersionId()); $this->iCurrentMetadataVersionId = $this->_oDocumentCore->getMetadataVersionId(); } else { $this->_oDocumentMetadataVersion = KTDocumentMetadataVersion::get($iMetadataVersionId); $this->iCurrentMetadataVersionId = $iMetadataVersionId; } - if (PEAR::isError($this->_oDocumentMetadataVersion)) - { - // var_dump($this->_oDocumentMetadataVersion); - return $this->_oDocumentMetadataVersion; + if (PEAR::isError($this->_oDocumentMetadataVersion)) + { + // var_dump($this->_oDocumentMetadataVersion); + return $this->_oDocumentMetadataVersion; } - + $this->_oDocumentContentVersion = KTDocumentContentVersion::get($this->_oDocumentMetadataVersion->getContentVersionId()); if (PEAR::isError($this->_oDocumentContentVersion)) { return $this->_oDocumentContentVersion; } } @@ -278,7 +278,7 @@ class Document { $sFolderPath = Folder::getFolderDisplayPath($this->getFolderID()); // #3425 for consistency return ($bDisplayIcon ? $this->getIcon() : "") . - ($sFolderPath == "" ? "Deleted Folder" : $sFolderPath) . " » " . $this->getName(); + ($sFolderPath == "" ? "Deleted Folder" : $sFolderPath) . " » " . sanitizeForHTML($this->getName()); } // }}} @@ -308,7 +308,7 @@ class Document { return true; } // }}} - + function &getByFilenameAndFolder($sFileName, $iFolderID) { $sD = KTUtil::getTableName('documents'); $sDM = KTUtil::getTableName('document_metadata_version'); @@ -319,7 +319,7 @@ class Document { WHERE DC.filename = ? AND D.folder_id = ?"; $aParams = array($sFileName, $iFolderID); $id = DBUtil::getOneResultKey(array($sQuery, $aParams), 'id'); - return Document::get($id); + return Document::get($id); } // {{{ nameExists @@ -359,7 +359,7 @@ class Document { WHERE DM.name = ? AND D.folder_id = ?"; $aParams = array($sName, $iFolderID); $id = DBUtil::getOneResultKey(array($sQuery, $aParams), 'id'); - return Document::get($id); + return Document::get($id); } // {{{ getDocumentDisplayPath @@ -384,7 +384,7 @@ class Document { // FIXME this appears to be deprecated, or at least should be $sTable = KTUtil::getTableName('document_text'); $sQuery = "DELETE FROM $sTable WHERE document_id = ?"; - $aParams = array($iDocumentID); + $aParams = array($iDocumentID); $res = DBUtil::runQuery(array($sQuery, $aParams)); return $res; } @@ -397,7 +397,7 @@ class Document { 'permission_lookup_id' => $iLookupID, 'status_id' => LIVE, ), array('multi' => true, 'ids' => true)); - + $aList = array(); foreach ($aIds as $iId) { $aList[] = Document::get($iId); @@ -418,7 +418,7 @@ class Document { $aParams = array($iStateId); $aIds = DBUtil::getResultArrayKey(array($sQuery, $aParams), 'document_id'); - + $aList = array(); foreach ($aIds as $iId) { $aList[] = Document::get($iId); @@ -442,19 +442,19 @@ class Document { */ $oDocument = new Document(); $aOptions = array_change_key_case($aOptions); - - + + $aCoreKeys = array( "CreatorId", "Created", "ModifiedUserId", "Modified", - "FolderId", + "FolderId", "StatusId", - "RestoreFolderId", + "RestoreFolderId", "RestoreFolderPath", ); - + $aCore = array(); foreach ($aCoreKeys as $sKey) { $sKey = strtolower($sKey); @@ -463,7 +463,7 @@ class Document { $aCore[$sKey] = $sValue; } } - + $aMetadataVersionKeys = array( "MetadataVersion", "ContentVersionId", @@ -474,7 +474,7 @@ class Document { "VersionCreated", "VersionCreatorId", ); - + $aMetadataVersion = array(); foreach ($aMetadataVersionKeys as $sKey) { $sKey = strtolower($sKey); @@ -484,7 +484,7 @@ class Document { } } $aMetadataVersion['VersionCreatorId'] = $aCore['creatorid']; - + $aContentKeys = array( "Filename", "Size", @@ -493,7 +493,7 @@ class Document { "MinorVersion", "StoragePath", ); - + $aContentVersion = array(); foreach ($aContentKeys as $sKey) { $sKey = strtolower($sKey); @@ -501,8 +501,8 @@ class Document { if (!is_null($sValue)) { $aContentVersion[$sKey] = $sValue; } - } - + } + $oDocument->_oDocumentCore = KTDocumentCore::createFromArray($aCore); if (PEAR::isError($oDocument->_oDocumentCore)) { return $oDocument->_oDocumentCore; @@ -592,11 +592,11 @@ class Document { // }}} function clearAllCaches() { - + KTEntityUtil::clearAllCaches('KTDocumentCore'); KTEntityUtil::clearAllCaches('KTDocumentContentVersion'); KTEntityUtil::clearAllCaches('KTDocumentMetadataVersion'); - + return KTEntityUtil::clearAllCaches('Document'); } @@ -606,7 +606,7 @@ class Document { $sQuery = sprintf("SELECT comment FROM %s WHERE transaction_namespace = ? AND document_id = ? - ORDER BY datetime DESC", + ORDER BY datetime DESC", $sDocumentTransactionTable, $sDocumentMetadataTable); $aParams = array($sTransactionNamespace, $this->getId()); @@ -628,10 +628,10 @@ class Document { $aComment = explode(':', $sComment); return trim($aComment[1]); } - - + + } ?> diff --git a/lib/foldermanagement/Folder.inc b/lib/foldermanagement/Folder.inc index bc0dfe5..bd25867 100644 --- a/lib/foldermanagement/Folder.inc +++ b/lib/foldermanagement/Folder.inc @@ -8,7 +8,7 @@ * License Version 1.1.2 ("License"); You may not use this file except in * compliance with the License. You may obtain a copy of the License at * http://www.knowledgetree.com/KPL - * + * * Software distributed under the License is distributed on an "AS IS" * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. * See the License for the specific language governing rights and @@ -19,9 +19,9 @@ * (ii) the KnowledgeTree copyright notice * in the same form as they appear in the distribution. See the License for * requirements. - * + * * The Original Code is: KnowledgeTree Open Source - * + * * The Initial Developer of the Original Code is The Jam Warehouse Software * (Pty) Ltd, trading as KnowledgeTree. * Portions created by The Jam Warehouse Software (Pty) Ltd are Copyright @@ -35,7 +35,7 @@ require_once(KT_LIB_DIR . "/documentmanagement/Document.inc"); require_once(KT_LIB_DIR . "/util/sanitize.inc"); class Folder extends KTEntity { - + /** folder primary key */ var $iId; /** folder name */ @@ -45,7 +45,7 @@ class Folder extends KTEntity { /** folder parent primary key */ var $iParentID; /** primary key of user who created folder */ - var $iCreatorID; + var $iCreatorID; /** public status of folder */ var $bIsPublic = false; /** comma deliminated string of parent ids */ @@ -74,12 +74,12 @@ class Folder extends KTEntity { 'bRestrictDocumentTypes' => 'restrict_document_types', ); // }}} - + function getID() { return $this->iId; } function getName() { return sanitizeForSQLtoHTML($this->sName); } function setName($sNewValue) { $this->sName = sanitizeForSQL($sNewValue); } - function getDescription() { return sanitizeForSQLtoHTML($this->sDescription); } - function setDescription($sNewValue) { $this->sDescription = sanitizeForSQL($sNewValue); } + function getDescription() { return sanitizeForSQLtoHTML($this->sDescription); } + function setDescription($sNewValue) { $this->sDescription = sanitizeForSQL($sNewValue); } function getParentID() { return $this->iParentID; } function setParentID($iNewValue) { $this->iParentID = $iNewValue; } function getCreatorID() { return $this->iCreatorID; } @@ -111,7 +111,7 @@ class Folder extends KTEntity { /** * Returns a comma delimited string containing the parent folder ids, strips leading / - * + * * @return String comma delimited string containing the parent folder ids */ function generateFolderIDs($iFolderId) { @@ -136,13 +136,13 @@ class Folder extends KTEntity { } return sprintf('%s,%s,%s', $sParentFolderParentFolderIds, $iParentId, $oFolder->getId()); } - + /** * Recursively generates forward slash deliminated string giving full path of document * from file system root url */ function generateFullFolderPath($iFolderId) { - //if the folder is not the root folder + //if the folder is not the root folder if ($iFolderId == 0) { return; } @@ -167,13 +167,13 @@ class Folder extends KTEntity { } return sprintf('%s/%s', $res, $oFolder->getName()); } - + /** * Returns a forward slash deliminated string giving full path of document, strips leading / - */ + */ function generateFolderPath($iFolderID) { $sPath = Folder::generateFullFolderPath($iFolderID); - return $sPath; + return $sPath; } function _fieldValues () { @@ -197,7 +197,7 @@ class Folder extends KTEntity { global $default; return $default->folders_table; } - + /** * Update the current folder values in the database * @@ -206,7 +206,7 @@ class Folder extends KTEntity { function update($bPathChange = false) { $res = parent::update(); if ($res === true) { - if ($bPathChange) { + if ($bPathChange) { // XXX: TransactionCheckPoint $this->updateChildPaths($this->iId); $this->updateDocumentPaths($this->iId); @@ -214,15 +214,15 @@ class Folder extends KTEntity { } return $res; } - + function renameFolder($sOldPath) { PhysicalFolderManagement::renameFolder($sOldPath, $default->documentRoot . "/" . $this->sFullPath . "/" . $this->sName); } - + /** * When a folder is renamed, we must update * the paths of the children in the database - * + * */ function updateChildPaths($iId) { global $default; @@ -230,7 +230,7 @@ class Folder extends KTEntity { $sql = $default->db; $aFolders =& Folder::getByParentId($iId); foreach ($aFolders as $oFolder) { - $oFolder->update(true); + $oFolder->update(true); } return; } @@ -256,7 +256,7 @@ class Folder extends KTEntity { } return true; } - + /** * Returns the documents in this folder */ @@ -270,7 +270,7 @@ class Folder extends KTEntity { } return implode(',', $res); } - + function &get($iFolderID) { return KTEntityUtil::get('Folder', $iFolderID); } @@ -288,7 +288,7 @@ class Folder extends KTEntity { } return ($res != 0); // handle pre-existing duplicates gracefully. } - + /** * Static function * Get a list of Documents @@ -304,13 +304,13 @@ class Folder extends KTEntity { /** * Static function. * Get the full path for a folder - * - * @param Primary key of folder to generate path for + * + * @param Primary key of folder to generate path for * * @return String full path of folder */ function getFolderPath($iFolderID) { - global $default; + global $default; $oFolder = Folder::get($iFolderID); $sPath = $default->documentRoot . "/" . $oFolder->getFullPath() . "/" . $oFolder->getName() . "/"; return $sPath; @@ -319,18 +319,18 @@ class Folder extends KTEntity { /** * Static function. * Get the full path for a folder as an array - * - * @param int primary key of folder to generate path for + * + * @param int primary key of folder to generate path for * * @return array full path of folder as an array of folderIDs */ function getFolderPathNamesAsArray($iFolderID) { global $default; $oFolder = Folder::get($iFolderID); - $aPathArray = array(); + $aPathArray = array(); if ($oFolder) { if (strlen($oFolder->getFullPath()) > 0) { - if (strlen($oFolder->getFullPath()) > 1) { + if (strlen($oFolder->getFullPath()) > 1) { $aPathArray = explode("/",$oFolder->getFullPath()); } else { $aPathArray = array($oFolder->getFullPath()); @@ -348,17 +348,17 @@ class Folder extends KTEntity { return Folder::getFolderPathNamesAsArray($this->getID()); } // }}} - + /** * Static function. * Get the full path for a folder as an array - * - * @param int primary key of folder to generate path for + * + * @param int primary key of folder to generate path for * * @return array full path of folder as an array of folderIDs */ function getFolderPathAsArray($iFolderID) { - global $default; + global $default; $oFolder = Folder::get($iFolderID); if ($oFolder === false) { return false; @@ -366,36 +366,41 @@ class Folder extends KTEntity { if (strlen($oFolder->getParentFolderIDs()) > 0) { if ($oFolder->iParentID == 0) { $aPathArray = array(); - } else if (strlen($oFolder->getParentFolderIDs()) > 1) { + } else if (strlen($oFolder->getParentFolderIDs()) > 1) { $aPathArray = explode(",",$oFolder->getParentFolderIDs()); } else { $aPathArray = array($oFolder->getParentFolderIDs()); } $aPathArray[count($aPathArray)] = $oFolder->getID(); - } else { + } else { $aPathArray = array($oFolder->getID()); - } + } return $aPathArray; } - + /** * Static function. * Get the path for a folder that will be displated to the user - * - * @param Primary key of folder to generate path for + * + * @param Primary key of folder to generate path for * * @return String full path of folder */ function getFolderDisplayPath($iFolderID) { global $default; $aPathNamesArray = Folder::getFolderPathNamesAsArray($iFolderID); + + foreach($aPathNamesArray as $k=>$v) + { + $aPathNamesArray[$k] = sanitizeForHTML($v); + } if (count($aPathNamesArray) > 0) { return implode(" » ", $aPathNamesArray); } else { return ""; } } - + /** * Static function * Get the primary key of the parent folder @@ -404,14 +409,14 @@ class Folder extends KTEntity { * * @return integer primary key of parent folder */ - function getParentFolderID($iFolderID) { + function getParentFolderID($iFolderID) { if ($iFolderID != 0) { $oFolder = Folder::get($iFolderID); return $oFolder->getParentFolderID(); } return 0; } - + /** * Static function * Checks if a given folder already exists using the folder name @@ -431,7 +436,7 @@ class Folder extends KTEntity { } return false; } - + /** * Checks if a given folder already exists using the folder name * @@ -441,13 +446,13 @@ class Folder extends KTEntity { */ function folderExistsID($iFolderID) { $oFolder = Folder::get($iFolderID); - if (PEAR::isError($oFolder)) { + if (PEAR::isError($oFolder)) { return false; // no such folder, or bad ID } else { return true; } } - + /** * Get the folder name using the primary key * @@ -463,15 +468,15 @@ class Folder extends KTEntity { return $oFolder->getName(); } } - - + + function getByParentIDAndLookupID($iParentID, $iLookupID) { return KTEntityUtil::getByDict('Folder', array( 'parent_id' => $iParentID, 'permission_lookup_id' => $iLookupID, ), array('multi' => true)); } - + function getByParentId($iParentID) { return KTEntityUtil::getByDict('Folder', array( 'parent_id' => $iParentID, diff --git a/lib/widgets/forms.inc.php b/lib/widgets/forms.inc.php index a18fbd3..a552c8c 100644 --- a/lib/widgets/forms.inc.php +++ b/lib/widgets/forms.inc.php @@ -1,12 +1,12 @@ _context =& $context; // form identifier (namespace) - $this->sIdentifier = KTUtil::arrayGet($aOptions, 'identifier','kt.default'); + $this->sIdentifier = KTUtil::arrayGet($aOptions, 'identifier','kt.default'); // form name - $this->_kt_form_name = KTUtil::arrayGet($aOptions, '_kt_form_name', + $this->_kt_form_name = KTUtil::arrayGet($aOptions, '_kt_form_name', $this->generateFormName($this->sIdentifier), false); - + // form labelling $this->sLabel = KTUtil::arrayGet($aOptions, 'label'); $this->sDescription = KTUtil::arrayGet($aOptions, 'description'); - + // actions $this->_action = KTUtil::arrayGet($aOptions, 'action'); $qs = KTUtil::arrayGet($aOptions, 'actionparams',''); @@ -91,7 +91,7 @@ class KTForm { $this->_enctype="multipart/form-data"; } } - + $targeturl = KTUtil::arrayGet($aOptions, 'targeturl', false); if($targeturl === false) { $this->_actionurl = KTUtil::addQueryStringSelf($qs); @@ -114,43 +114,43 @@ class KTForm { } $this->_noframe = KTUtil::arrayGet($aOptions, 'noframe', false); - + // cancel // there are a few options here: // 1. cancel_action // 2. cancel_url $cancel_action = KTUtil::arrayGet($aOptions, 'cancel_action'); $cancel_url = KTUtil::arrayGet($aOptions, 'cancel_url'); - + if (!empty($cancel_action)) { - $this->bCancel = true; + $this->bCancel = true; // there are two cases here - if we have a context, we can // use the meldPersistQuery to create the url. if (!is_null($context)) { - $sQuery = $context->meldPersistQuery("", + $sQuery = $context->meldPersistQuery("", $cancel_action); - $this->_cancelurl = + $this->_cancelurl = KTUtil::addQueryString($_SERVER['PHP_SELF'], $sQuery); } else { // give it a try using addQSSelf $this->_cancelurl = KTUtil::addQueryStringSelf( - sprintf('%s=%s', $this->_event, $cancel_action)); + sprintf('%s=%s', $this->_event, $cancel_action)); } - - + + } else if (!empty($cancel_url)) { - $this->bCancel = true; + $this->bCancel = true; $this->_cancelurl = $cancel_url; } else { $this->bCancel = false; } - + // FIXME process extra arguments more intelligently $default_args = array(); if (!is_null($this->_context)) { $default_args = $this->_context->meldPersistQuery("","",true); } - $this->_extraargs = KTUtil::arrayGet($aOptions, + $this->_extraargs = KTUtil::arrayGet($aOptions, 'extraargs', $default_args); // method @@ -158,7 +158,7 @@ class KTForm { $this->_extraargs['postReceived'] = 1; } - + function getWidget(&$aInfo) { if (is_null($this->_oWF)) { $this->_oWF =& KTWidgetFactory::getSingleton(); @@ -167,13 +167,13 @@ class KTForm { if (is_null($aInfo)) { $widget = null; } else if (is_object($aInfo)) { - + // assume this is a fully configured object $widget =& $aInfo; } else { $namespaceOrObject = $aInfo[0]; $config = (array) $aInfo[1]; - + $widget =& $this->_oWF->get($namespaceOrObject, $config); } @@ -183,10 +183,10 @@ class KTForm { function getValidator($aInfo) { if (is_null($this->_oVF)) { $this->_oVF =& KTValidatorFactory::getSingleton(); - } - + } + $validator = null; - + // we don't want to expose the factory stuff to the user - its an // arbitrary distinction to the user. Good point from NBM ;) if (is_null($aInfo)) { @@ -197,29 +197,29 @@ class KTForm { } else { $namespaceOrObject = $aInfo[0]; $config = (array) $aInfo[1]; - + $validator =& $this->_oVF->get($namespaceOrObject, $config); } - + return $validator; } - + // set the "form widgets" that will be used. // these are pushed into the "data" component function setWidgets($aWidgets) { $this->_widgets = array(); - + if (is_null($this->_oWF)) { $this->_oWF =& KTWidgetFactory::getSingleton(); } - + $this->addWidgets($aWidgets); } - + function addWidgets($aWidgets) { - foreach ($aWidgets as $aInfo) { + foreach ($aWidgets as $aInfo) { $widget = $this->getWidget($aInfo); - + if (is_null($widget)) { continue; } else { @@ -227,51 +227,51 @@ class KTForm { } } } - + function setValidators($aValidators) { $this->_validators = array(); - + if (is_null($this->_oVF)) { $this->_oVF =& KTValidatorFactory::getSingleton(); - } - + } + $this->addValidators($aValidators); } - + function addValidators($aValidators) { // we don't want to expose the factory stuff to the user - its an // arbitrary distinction to the user. Good point from NBM ;) foreach ($aValidators as $aInfo) { $validator = $this->getValidator($aInfo); - + if (is_null($validator)) { continue; } else { $this->_validators[] = $validator; } - } + } } - + function addValidator($aInfo) { $validator = $this->getValidator($aInfo); - + if (is_null($validator)) { return false; } else { $this->_validators[] =& $validator; - } + } } - + function addWidget($aInfo) { $widget = $this->getWidget($aInfo); - + if (is_null($widget)) { return false; } else { $this->_widgets[] =& $widget; - } - } - + } + } + function addInitializedWidget($oWidget) { $this->_widgets[] = $oWidget; } @@ -279,10 +279,10 @@ class KTForm { function render() { $sWidgets = $this->renderWidgets(); $sButtons = $this->renderButtons(); - + return $this->renderContaining($sWidgets . ' ' . $sButtons); } - + function renderPage($sTitle = null, $sDescription = null) { if ($sTitle == null) { $sTitle = $this->sLabel; @@ -292,35 +292,35 @@ class KTForm { if (!is_null($sDescription)) { $sHelpText = sprintf('

%s

', $sDescription); } - return sprintf('

%s

%s %s', $sTitle, $sHelpText, $pageval); - } - + return sprintf('

%s

%s %s', sanitizeForHTML($sTitle), $sHelpText, $pageval); + } + function getErrors() { $aErrors = array(); - $old_data = KTUtil::arrayGet((array) $_SESSION['_kt_old_data'], + $old_data = KTUtil::arrayGet((array) $_SESSION['_kt_old_data'], $this->_kt_form_name, array()); if (KTUtil::arrayGet($old_data, 'identifier') == $this->sIdentifier) { $aErrors = (array) unserialize(KTUtil::arrayGet($old_data, 'errors')); - } + } return $aErrors; } - + function renderWidgets() { if (empty($this->_widgets)) { return ' '; } - + // do this all at the *last* possible moment // now we need to do two things: // - // 1. inform each "widget" that it needs to wrap itself inside + // 1. inform each "widget" that it needs to wrap itself inside // the "data" var - // 2. replace the widget's default values with the ones from the + // 2. replace the widget's default values with the ones from the // failed request, as appropriate. $bUseOld = false; $aOldData = array(); $aErrors = array(); - $old_data = KTUtil::arrayGet((array) $_SESSION['_kt_old_data'], + $old_data = KTUtil::arrayGet((array) $_SESSION['_kt_old_data'], $this->_kt_form_name, array()); if (KTUtil::arrayGet($old_data, 'identifier') == $this->sIdentifier) { $bUseOld = true; @@ -331,7 +331,7 @@ class KTForm { } $aErrors = (array) unserialize(KTUtil::arrayGet($old_data, 'errors')); } - + foreach ($this->_widgets as $k => $v) { if (PEAR::isError($v)) { continue; // error, handle it in render. @@ -339,16 +339,16 @@ class KTForm { $widget =& $this->_widgets[$k]; // reference needed since we're changing them $widget->wrapName('data'); if ($bUseOld) { - $widget->setDefault(KTUtil::arrayGet($aOldData, $widget->getBasename(), + $widget->setDefault(KTUtil::arrayGet($aOldData, $widget->getBasename(), $widget->getDefault(), false)); $widget->setErrors(KTUtil::arrayGet($aErrors, $widget->getBasename())); } } - + // too much overhead by half to use a template here // so we do it the "old fashioned" way. $rendered = array(); - + foreach ($this->_widgets as $v) { if (PEAR::isError($v)) { $rendered[] = sprintf(_kt('

Unable to show widget — %s

'), $v->getMessage()); @@ -356,45 +356,45 @@ class KTForm { $rendered[] = $v->render(); } } - + return implode(' ', $rendered); } - + function renderButtons() { $oKTTemplating =& KTTemplating::getSingleton(); $oTemplate = $oKTTemplating->loadTemplate('ktcore/forms/buttons'); - + // now do the render. $oTemplate->setData(array( - 'context' => &$this, + 'context' => &$this, )); - + return $oTemplate->render(); } - + function renderContaining() { - + $args = func_get_args(); $sInner = implode(' ', $args); - + $oKTTemplating =& KTTemplating::getSingleton(); $oTemplate = $oKTTemplating->loadTemplate('ktcore/forms/outerform'); - + // remove inner "action" var from extraargs // if its there at all. unset($this->_extraargs[$this->_event]); $this->_extraargs['_kt_form_name'] = $this->_kt_form_name; - + // now do the render. $oTemplate->setData(array( - 'context' => &$this, + 'context' => &$this, 'inner' => $sInner, )); - + return $oTemplate->render(); } - - function generateFormName($sIdentifier = null) { + + function generateFormName($sIdentifier = null) { if (!is_null($sIdentifier)) { // try use the existing one from the request. $existing = KTUtil::arrayGet($_REQUEST, '_kt_form_name'); @@ -409,62 +409,62 @@ class KTForm { } return KTUtil::randomString(32); // unique 32 char string } - + function validate() { // we first ask each widget to pull its data out. // while we do that, we create the storage set for the session // that widgets can call on later. - + $raw_data = KTUtil::arrayGet($_REQUEST, 'data'); $processed_data = array(); foreach ($this->_widgets as $oWidget) { if (PEAR::isError($oWidget)) { continue; } - - // widgets are expected to place their data in the "basename" + + // widgets are expected to place their data in the "basename" // entry in the processed data area // // they should also be able to reconstruct their inputs from this // since its what they get later. - + $res = $oWidget->process($raw_data); $processed_data = kt_array_merge($processed_data, $res); } - + // before we validate ANYTHING we store data into the session $store_data = array(); // we only want to store serialized values here foreach ($processed_data as $k => $v) { $store_data[$k] = serialize($v); } - + $_SESSION['_kt_old_data'][$this->_kt_form_name]['data'] = serialize($store_data); - $_SESSION['_kt_old_data'][$this->_kt_form_name]['identifier'] = - $this->sIdentifier; - $_SESSION['_kt_old_data'][$this->_kt_form_name]['created'] = + $_SESSION['_kt_old_data'][$this->_kt_form_name]['identifier'] = + $this->sIdentifier; + $_SESSION['_kt_old_data'][$this->_kt_form_name]['created'] = getCurrentDateTime(); - + $results = array(); $errors = array(); - + // some things can be checked by the actual widgets involved. These // are obvious (e.g. required) and shouldn't require the developer to // think about them. // // to accomplish this, we call each widget's "getValidators" method. - // + // // note that autovalidation can be turned off for a widget by passing // "autovalidate" => "false" in the widget's config. - + $extra_validators = array(); foreach ($this->_widgets as $oWidget) { - if (PEAR::isError($oWidget)) { + if (PEAR::isError($oWidget)) { continue; } - + $res = $oWidget->getValidators(); - + if (!is_null($res)) { if (is_array($res)) { $extra_validators = kt_array_merge($extra_validators, $res); @@ -473,23 +473,23 @@ class KTForm { } } } - + $validators = kt_array_merge($extra_validators, $this->_validators); - + foreach ($validators as $oValidator) { if (PEAR::isError($oValidator)) { // don't bother with broken validators, but warn the user/dev $errors['_kt_global'][] = $oValidator->getMessage(); - continue; + continue; } - + $res = $oValidator->validate($processed_data); - + // results comes out with a set of names and values. // these *shouldn't* overlap, so just merge them $extra_results = KTUtil::arrayGet($res, 'results', array()); $results = kt_array_merge($results, $extra_results); - + // errors *can* overlap // the format is: // basename => array(errors) @@ -501,27 +501,27 @@ class KTForm { $extra_errors = KTUtil::arrayGet($res, 'errors', array()); foreach ($extra_errors as $varname => $aErrors) { if (is_string($aErrors)) { - $errors[$varname][] = $aErrors; + $errors[$varname][] = $aErrors; } else { $errors[$varname] = kt_array_merge($errors[$varname], $aErrors); } } } - + $this->_errors = $errors; // store for later use without unserialising if (!empty($errors)) { - $_SESSION['_kt_old_data'][$this->_kt_form_name]['errors'] = + $_SESSION['_kt_old_data'][$this->_kt_form_name]['errors'] = serialize($errors); - } - + } + //var_dump($errors); exit(0); - + return array( 'errors' => $errors, 'results' => $results, ); } - + function handleError($sGlobalError = null, $aSimplerErrors = null) { if (!is_null($sGlobalError)) { $this->_errors['_kt_global'][] = $sGlobalError; @@ -531,23 +531,23 @@ class KTForm { $this->_errors[$k] = kt_array_merge($this->_errors[$k], $v); } // since we've changed them, update the stored version - $_SESSION['_kt_old_data'][$this->_kt_form_name]['errors'] = - serialize($this->_errors); + $_SESSION['_kt_old_data'][$this->_kt_form_name]['errors'] = + serialize($this->_errors); } if (is_array($this->_errors)) { $global_errors = KTUtil::arrayGet($this->_errors, '_kt_global', array()); $_SESSION['KTErrorMessage'] = kt_array_merge($_SESSION['KTErrorMessage'], $global_errors); } - + if (!empty($this->_failaction) && !is_null($this->_context)) { - $this->_context->errorRedirectTo($this->_failaction, - _kt("Please correct the errors indicated."), + $this->_context->errorRedirectTo($this->_failaction, + _kt("Please correct the errors indicated."), sprintf("_kt_form_name=%s",$this->_kt_form_name)); exit(0); } else if ($this->_failurl){ redirect(KTUtil::addQueryString($this->_failurl, - sprintf("_kt_form_name=%s",$this->_kt_form_name))); - exit(0); + sprintf("_kt_form_name=%s",$this->_kt_form_name))); + exit(0); } else { return '

' . _kt("An error occured, and no error handlers were configured.") . '

'; exit(0); diff --git a/plugins/browseabledashlet/templates/browseabledashlet/dashlet.smarty b/plugins/browseabledashlet/templates/browseabledashlet/dashlet.smarty index efdd5c1..adef814 100644 --- a/plugins/browseabledashlet/templates/browseabledashlet/dashlet.smarty +++ b/plugins/browseabledashlet/templates/browseabledashlet/dashlet.smarty @@ -11,7 +11,7 @@ {foreach from=$folders item=oFolder} getId()}{/capture} - href="{ktLink base="browse.php" query="fFolderId=`$fid`"}">{$oFolder->getName()} + href="{ktLink base="browse.php" query="fFolderId=`$fid`"}">{$oFolder->getName()|sanitize} {/foreach} diff --git a/plugins/ktcore/KTColumns.inc.php b/plugins/ktcore/KTColumns.inc.php index 8c1c194..14bbb40 100644 --- a/plugins/ktcore/KTColumns.inc.php +++ b/plugins/ktcore/KTColumns.inc.php @@ -1,12 +1,12 @@ link_folders = KTUtil::arrayGet($aOptions, 'link_folders', $this->link_folders, false); - $this->link_documents = KTUtil::arrayGet($aOptions, 'link_documents', $this->link_documents, false); + $this->link_documents = KTUtil::arrayGet($aOptions, 'link_documents', $this->link_documents, false); parent::setOptions($aOptions); } - + function AdvancedTitleColumn() { $this->label = _kt("Title"); - } - - // what is used for sorting + } + + // what is used for sorting // query addition is: // [0] => join claus // [1] => join params - // [2] => ORDER - - function addToFolderQuery() { - return array(null, - null, + // [2] => ORDER + + function addToFolderQuery() { + return array(null, + null, "F.name", - ); + ); } - function addToDocumentQuery() { - return array(null, - null, + function addToDocumentQuery() { + return array(null, + null, "DM.name" - ); + ); } - + function renderFolderLink($aDataRow) { /* this check has to be done so that any titles longer than 40 characters is not displayed incorrectly. as mozilla cannot wrap text without white spaces */ - if (mb_strlen($aDataRow["folder"]->getName(), 'UTF-8') > 40) { + if (mb_strlen($aDataRow["folder"]->getName(), 'UTF-8') > 40) { mb_internal_encoding("UTF-8"); $outStr = htmlentities(mb_substr($aDataRow["folder"]->getName(), 0, 40, 'UTF-8')."...", ENT_NOQUOTES, 'UTF-8'); }else{ @@ -90,15 +90,15 @@ class AdvancedTitleColumn extends AdvancedColumn { function renderDocumentLink($aDataRow) { /* this check has to be done so that any titles longer than 40 characters is not displayed incorrectly. as mozilla cannot wrap text without white spaces */ - if (mb_strlen($aDataRow["document"]->getName(), 'UTF-8') > 40) { + if (mb_strlen($aDataRow["document"]->getName(), 'UTF-8') > 40) { mb_internal_encoding("UTF-8"); $outStr = htmlentities(mb_substr($aDataRow["document"]->getName(), 0, 40, 'UTF-8')."...", ENT_NOQUOTES, 'UTF-8'); }else{ $outStr = htmlentities($aDataRow["document"]->getName(), ENT_NOQUOTES, 'UTF-8'); } - + if($this->link_documents) { - $outStr = 'getFilename().'">' . + $outStr = 'getFilename(), ENT_QUOTES, 'UTF-8').'">' . $outStr . ''; } return $outStr; @@ -116,7 +116,7 @@ class AdvancedTitleColumn extends AdvancedColumn { function buildFolderLink($aDataRow) { if (is_null(KTUtil::arrayGet($this->aOptions, 'direct_folder'))) { $dest = KTUtil::arrayGet($this->aOptions, 'folder_link'); - $params = kt_array_merge(KTUtil::arrayGet($this->aOptions, 'qs_params', array()), + $params = kt_array_merge(KTUtil::arrayGet($this->aOptions, 'qs_params', array()), array('fFolderId' => $aDataRow['folder']->getId())); if (empty($dest)) { @@ -129,9 +129,9 @@ class AdvancedTitleColumn extends AdvancedColumn { return KTBrowseUtil::getUrlForFolder($aDataRow['folder']); } } - + // use inline, since its just too heavy to even _think_ about using smarty. - function renderData($aDataRow) { + function renderData($aDataRow) { if ($aDataRow["type"] == "folder") { $contenttype = 'folder'; $link = $this->renderFolderLink($aDataRow); @@ -143,11 +143,11 @@ class AdvancedTitleColumn extends AdvancedColumn { return sprintf('%s (%s)', $contenttype, $link, $size); } } - + function prettySize($size) { $finalSize = $size; $label = 'b'; - + if ($finalSize > 1000) { $label='Kb'; $finalSize = floor($finalSize/1000); } if ($finalSize > 1000) { $label='Mb'; $finalSize = floor($finalSize/1000); } return $finalSize . $label; @@ -159,7 +159,7 @@ class AdvancedTitleColumn extends AdvancedColumn { } } -/* +/* * Column to handle dates */ @@ -168,17 +168,17 @@ class AdvancedDateColumn extends AdvancedColumn { var $document_field_function; var $folder_field_function; - var $sortable = true; + var $sortable = true; var $document_sort_column; var $folder_sort_column; var $namespace = 'ktcore.columns.genericdate'; - + function AdvancedDateColumn() { $this->label = _kt('Generic Date Function'); } // use inline, since its just too heavy to even _think_ about using smarty. - function renderData($aDataRow) { + function renderData($aDataRow) { $outStr = ''; if (($aDataRow["type"] == "folder") && (!is_null($this->folder_field_function))) { $res = call_user_func(array($aDataRow["folder"], $this->folder_field_function)); @@ -186,7 +186,7 @@ class AdvancedDateColumn extends AdvancedColumn { // now reformat this into something "pretty" return date("Y-m-d H:i", $dColumnDate); - + } else if (($aDataRow["type"] == "document") && (!is_null($this->document_field_function))) { $res = call_user_func(array($aDataRow["document"], $this->document_field_function)); $dColumnDate = strtotime($res); @@ -210,11 +210,11 @@ class AdvancedDateColumn extends AdvancedColumn { class CreationDateColumn extends AdvancedDateColumn { var $document_field_function = 'getCreatedDateTime'; var $folder_field_function = null; - + var $document_sort_column = "D.created"; var $folder_sort_column = null; var $namespace = 'ktcore.columns.creationdate'; - + function CreationDateColumn() { $this->label = _kt('Created'); } @@ -223,11 +223,11 @@ class CreationDateColumn extends AdvancedDateColumn { class ModificationDateColumn extends AdvancedDateColumn { var $document_field_function = 'getLastModifiedDate'; var $folder_field_function = null; - + var $document_sort_column = "D.modified"; var $folder_sort_column = null; var $namespace = 'ktcore.columns.modificationdate'; - + function ModificationDateColumn() { $this->label = _kt('Modified'); } @@ -236,25 +236,25 @@ class ModificationDateColumn extends AdvancedDateColumn { class AdvancedUserColumn extends AdvancedColumn { var $document_field_function; var $folder_field_function; - var $sortable = false; // by default + var $sortable = false; // by default var $document_sort_column; var $folder_sort_column; var $namespace = 'ktcore.columns.genericuser'; - + function AdvancedUserColumn() { - $this->label = null; // abstract. + $this->label = null; // abstract. } - + // use inline, since its just too heavy to even _think_ about using smarty. - function renderData($aDataRow) { + function renderData($aDataRow) { $iUserId = null; if (($aDataRow["type"] == "folder") && (!is_null($this->folder_field_function))) { if (method_exists($aDataRow['folder'], $this->folder_field_function)) { - $iUserId = call_user_func(array($aDataRow['folder'], $this->folder_field_function)); + $iUserId = call_user_func(array($aDataRow['folder'], $this->folder_field_function)); } } else if (($aDataRow["type"] == "document") && (!is_null($this->document_field_function))) { if (method_exists($aDataRow['document'], $this->document_field_function)) { - $iUserId = call_user_func(array($aDataRow['document'], $this->document_field_function)); + $iUserId = call_user_func(array($aDataRow['document'], $this->document_field_function)); } } if (is_null($iUserId)) { @@ -271,7 +271,7 @@ class AdvancedUserColumn extends AdvancedColumn { function addToFolderQuery() { return array(null, null, null); } - + function addToDocumentQuery() { return array(null, null, null); } @@ -280,20 +280,20 @@ class AdvancedUserColumn extends AdvancedColumn { class CreatorColumn extends AdvancedUserColumn { var $document_field_function = "getCreatorID"; var $folder_field_function = "getCreatorID"; - var $sortable = true; // by default + var $sortable = true; // by default var $namespace = 'ktcore.columns.creator'; - + function CreatorColumn() { - $this->label = _kt("Creator"); // abstract. + $this->label = _kt("Creator"); // abstract. } } class AdvancedSelectionColumn extends AdvancedColumn { var $rangename = null; var $show_folders = true; - var $show_documents = true; - - var $namespace = "ktcore.columns.selection"; + var $show_documents = true; + + var $namespace = "ktcore.columns.selection"; function AdvancedSelectionColumn() { $this->label = ''; @@ -302,40 +302,40 @@ class AdvancedSelectionColumn extends AdvancedColumn { function setOptions($aOptions) { AdvancedColumn::setOptions($aOptions); $this->rangename = KTUtil::arrayGet($this->aOptions, 'rangename', $this->rangename); - $this->show_folders = KTUtil::arrayGet($this->aOptions, 'show_folders', $this->show_folders, false); - $this->show_documents = KTUtil::arrayGet($this->aOptions, 'show_documents', $this->show_documents, false); + $this->show_folders = KTUtil::arrayGet($this->aOptions, 'show_folders', $this->show_folders, false); + $this->show_documents = KTUtil::arrayGet($this->aOptions, 'show_documents', $this->show_documents, false); } - function renderHeader($sReturnURL) { + function renderHeader($sReturnURL) { global $main; $main->requireJSResource("resources/js/toggleselect.js"); - + return sprintf('', $this->rangename); - + } - + // only include the _f or _d IF WE HAVE THE OTHER TYPE. - function renderData($aDataRow) { - $localname = $this->rangename; - - if (($aDataRow["type"] === "folder") && ($this->show_folders)) { + function renderData($aDataRow) { + $localname = htmlentities($this->rangename,ENT_QUOTES,'UTF-8'); + + if (($aDataRow["type"] === "folder") && ($this->show_folders)) { if ($this->show_documents) { - $localname .= "_f[]"; + $localname .= "_f[]"; } - $v = $aDataRow["folderid"]; - } else if (($aDataRow["type"] === "document") && $this->show_documents) { + $v = $aDataRow["folderid"]; + } else if (($aDataRow["type"] === "document") && $this->show_documents) { if ($this->show_folders) { - $localname .= "_d[]"; + $localname .= "_d[]"; } - $v = $aDataRow["docid"]; - } else { - return ' '; + $v = $aDataRow["docid"]; + } else { + return ' '; } - + return sprintf('', $localname, $v); } - - + + // no label, but we do have a title function getName() { return _kt("Multiple Selection"); @@ -350,36 +350,36 @@ class AdvancedSingleSelectionColumn extends AdvancedSelectionColumn { parent::AdvancedSelectionColumn(); $this->label = null; } - + function renderHeader() { - return ' '; + return ' '; } - + // only include the _f or _d IF WE HAVE THE OTHER TYPE. - function renderData($aDataRow) { + function renderData($aDataRow) { $localname = $this->rangename; - - if (($aDataRow["type"] === "folder") && ($this->show_folders)) { + + if (($aDataRow["type"] === "folder") && ($this->show_folders)) { if ($this->show_documents) { - $localname .= "_f"; + $localname .= "_f"; } - $v = $aDataRow["folderid"]; - } else if (($aDataRow["type"] === "document") && $this->show_documents) { + $v = $aDataRow["folderid"]; + } else if (($aDataRow["type"] === "document") && $this->show_documents) { if ($this->show_folders) { - $localname .= "_d"; + $localname .= "_d"; } - $v = $aDataRow["docid"]; - } else { - return ' '; + $v = $aDataRow["docid"]; + } else { + return ' '; } - + return ''; } // no label, but we do have a title function getName() { return _kt("Single Selection"); - } + } } @@ -389,16 +389,16 @@ class AdvancedWorkflowColumn extends AdvancedColumn { function AdvancedWorkflowColumn() { $this->label = _kt("Workflow State"); - $this->sortable = false; + $this->sortable = false; } - + // use inline, since its just too heavy to even _think_ about using smarty. - function renderData($aDataRow) { + function renderData($aDataRow) { // only _ever_ show this for documents. - if ($aDataRow["type"] === "folder") { + if ($aDataRow["type"] === "folder") { return ' '; } - + $oWorkflow = KTWorkflowUtil::getWorkflowForDocument($aDataRow['document']); $oState = KTWorkflowUtil::getWorkflowStateForDocument($aDataRow['document']); if (($oState == null) || ($oWorkflow == null)) { @@ -415,21 +415,21 @@ class AdvancedWorkflowColumn extends AdvancedColumn { class AdvancedDownloadColumn extends AdvancedColumn { var $namespace = 'ktcore.columns.download'; - + function AdvancedDownloadColumn() { $this->label = null; } - function renderData($aDataRow) { + function renderData($aDataRow) { // only _ever_ show this for documents. - if ($aDataRow["type"] === "folder") { + if ($aDataRow["type"] === "folder") { return ' '; } - + $link = KTUtil::ktLink('action.php','ktcore.actions.document.view', 'fDocumentId=' . $aDataRow['document']->getId()); return sprintf('%s', $link, _kt('Download Document'), _kt('Download Document')); } - + function getName() { return _kt('Download'); } } @@ -437,17 +437,17 @@ class AdvancedDownloadColumn extends AdvancedColumn { class DocumentIDColumn extends AdvancedColumn { var $bSortable = false; var $namespace = 'ktcore.columns.docid'; - + function DocumentIDColumn() { $this->label = _kt("Document ID"); } - function renderData($aDataRow) { + function renderData($aDataRow) { // only _ever_ show this for documents. - if ($aDataRow["type"] === "folder") { + if ($aDataRow["type"] === "folder") { return ' '; } - + return htmlentities($aDataRow['document']->getId(), ENT_NOQUOTES, 'UTF-8'); } } @@ -455,21 +455,21 @@ class DocumentIDColumn extends AdvancedColumn { class ContainingFolderColumn extends AdvancedColumn { var $namespace = 'ktcore.columns.containing_folder'; - + function ContainingFolderColumn() { $this->label = _kt("View Folder"); } - function renderData($aDataRow) { + function renderData($aDataRow) { // only _ever_ show this for documents. - if ($aDataRow["type"] === "folder") { + if ($aDataRow["type"] === "folder") { return ' '; } - + $link = KTBrowseUtil::getUrlForFolder($aDataRow['document']->getFolderId()); return sprintf('%s', $link, _kt('View Folder'), _kt('View Folder')); } - + function getName() { return _kt('Opening Containing Folder'); } } diff --git a/plugins/ktcore/KTDocumentActions.php b/plugins/ktcore/KTDocumentActions.php index f1be637..76a4008 100644 --- a/plugins/ktcore/KTDocumentActions.php +++ b/plugins/ktcore/KTDocumentActions.php @@ -6,7 +6,7 @@ * License Version 1.1.2 ("License"); You may not use this file except in * compliance with the License. You may obtain a copy of the License at * http://www.knowledgetree.com/KPL - * + * * Software distributed under the License is distributed on an "AS IS" * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. * See the License for the specific language governing rights and @@ -17,9 +17,9 @@ * (ii) the KnowledgeTree copyright notice * in the same form as they appear in the distribution. See the License for * requirements. - * + * * The Original Code is: KnowledgeTree Open Source - * + * * The Initial Developer of the Original Code is The Jam Warehouse Software * (Pty) Ltd, trading as KnowledgeTree. * Portions created by The Jam Warehouse Software (Pty) Ltd are Copyright @@ -42,7 +42,7 @@ require_once(KT_LIB_DIR . '/browse/PartialQuery.inc.php'); require_once(KT_LIB_DIR . '/widgets/forms.inc.php'); -// {{{ KTDocumentDetailsAction +// {{{ KTDocumentDetailsAction class KTDocumentDetailsAction extends KTDocumentAction { var $sName = 'ktcore.actions.document.displaydetails'; @@ -143,7 +143,7 @@ class KTDocumentVersionHistoryAction extends KTDocumentAction { ); return $oTemplate->render($aTemplateData); } - + function do_startComparison() { $comparison_version = KTUtil::arrayGet($_REQUEST, 'fComparisonVersion'); @@ -151,7 +151,7 @@ class KTDocumentVersionHistoryAction extends KTDocumentAction { if (PEAR::isError($oDocument)) { return $this->redirectToMain(_kt('The document you selected was invalid')); } - + if (!Permission::userHasDocumentReadPermission($oDocument)) { return $this->errorRedirectToMain(_kt('You are not allowed to view this document')); } @@ -176,7 +176,7 @@ class KTDocumentVersionHistoryAction extends KTDocumentAction { ); return $oTemplate->render($aTemplateData); } - + function do_viewComparison() { // this is just a redirector $QS = array( @@ -185,22 +185,22 @@ class KTDocumentVersionHistoryAction extends KTDocumentAction { 'fBaseVersion' => $_REQUEST['fBaseVersion'], 'fComparisonVersion' => $_REQUEST['fComparisonVersion'], ); - + $frag = array(); - + foreach ($QS as $k => $v) { $frag[] = sprintf('%s=%s', urlencode($k), urlencode($v)); } - + redirect(KTUtil::ktLink('view.php',null,implode('&', $frag))); } - - + + function getUserForId($iUserId) { $u = User::get($iUserId); if (PEAR::isError($u) || ($u == false)) { return _kt('User no longer exists'); } return $u->getName(); - } + } } // }}} @@ -208,7 +208,7 @@ class KTDocumentVersionHistoryAction extends KTDocumentAction { // {{{ KTDocumentViewAction class KTDocumentViewAction extends KTDocumentAction { var $sName = 'ktcore.actions.document.view'; - var $sIconClass = 'download'; + var $sIconClass = 'download'; function getDisplayName() { return _kt('Download'); @@ -230,13 +230,13 @@ class KTDocumentViewAction extends KTDocumentAction { } else { $res = $oStorage->download($this->oDocument); } - + if ($res === false) { $this->addErrorMessage(_kt('The file you requested is not available - please contact the system administrator if this is incorrect.')); redirect(generateControllerLink('viewDocument',sprintf(_kt('fDocumentId=%d'),$this->oDocument->getId()))); - exit(0); + exit(0); } - + $oDocumentTransaction = & new DocumentTransaction($this->oDocument, _kt('Document downloaded'), 'ktcore.transactions.download', $aOptions); $oDocumentTransaction->create(); exit(0); @@ -258,7 +258,7 @@ class KTDocumentCheckOutAction extends KTDocumentAction { return _kt('Checkout'); } - function getInfo() { + function getInfo() { if ($this->oDocument->getIsCheckedOut()) { return null; } @@ -272,10 +272,10 @@ class KTDocumentCheckOutAction extends KTDocumentAction { return $res; } // since we actually check the doc out, then download it ... - if (($_REQUEST[$this->event_var] == 'checkout_final') && ($this->oDocument->getCheckedOutUserID() == $_SESSION['userID'])) { - return true; + if (($_REQUEST[$this->event_var] == 'checkout_final') && ($this->oDocument->getCheckedOutUserID() == $_SESSION['userID'])) { + return true; } - + // "normal". if ($this->oDocument->getIsCheckedOut()) { $_SESSION['KTErrorMessage'][] = _kt('This document is already checked out'); @@ -317,9 +317,9 @@ class KTDocumentCheckOutAction extends KTDocumentAction { array('ktcore.validators.boolean', array( 'test' => 'download_file', 'output' => 'download_file', - )), + )), )); - + return $oForm; } @@ -337,13 +337,13 @@ class KTDocumentCheckOutAction extends KTDocumentAction { } function do_checkout() { - + $oForm = $this->form_checkout(); $res = $oForm->validate(); if (!empty($res['errors'])) { return $oForm->handleError(); } - + $data = $res['results']; $oTemplate =& $this->oValidator->validateTemplate('ktcore/action/checkout_final'); @@ -354,17 +354,17 @@ class KTDocumentCheckOutAction extends KTDocumentAction { if (PEAR::isError($res)) { return $this->errorRedirectToMain(sprintf(_kt('Failed to check out the document: %s'), $res->getMessage())); } - - + + $this->commitTransaction(); - + if (!$data['download_file']) { $this->addInfoMessage(_kt('Document checked out.')); redirect(KTBrowseUtil::getUrlForDocument($this->oDocument)); exit(0); } - + $oTemplate->setData(array( 'context' => &$this, 'reason' => $sReason, @@ -376,7 +376,7 @@ class KTDocumentCheckOutAction extends KTDocumentAction { $sReason = KTUtil::arrayGet($_REQUEST, 'reason'); $this->oValidator->notEmpty($sReason); - + $oStorage =& KTStorageManagerUtil::getSingleton(); $oStorage->download($this->oDocument, true); exit(0); @@ -446,33 +446,33 @@ class KTDocumentCheckInAction extends KTDocumentAction { 'context' => &$this, 'file_upload' => true, // otherwise the post is not received. )); - + $major_inc = sprintf('%d.%d', $this->oDocument->getMajorVersionNumber()+1, 0); - $minor_inc = sprintf('%d.%d', $this->oDocument->getMajorVersionNumber(), $this->oDocument->getMinorVersionNumber()+1); - + $minor_inc = sprintf('%d.%d', $this->oDocument->getMajorVersionNumber(), $this->oDocument->getMinorVersionNumber()+1); + $oForm->setWidgets(array( array('ktcore.widgets.file', array( 'label' => _kt('File'), - 'description' => sprintf(_kt('Please specify the file you wish to upload. Unless you also indicate that you are changing its filename (see "Force Original Filename" below), this will need to be called %s'), $this->oDocument->getFilename()), + 'description' => sprintf(_kt('Please specify the file you wish to upload. Unless you also indicate that you are changing its filename (see "Force Original Filename" below), this will need to be called %s'), htmlentities($this->oDocument->getFilename(),ENT_QUOTES,'UTF-8')), 'name' => 'file', 'basename' => 'file', 'required' => true, )), array('ktcore.widgets.boolean',array( - 'label' => _kt('Major Update'), - 'description' => sprintf(_kt('If this is checked, then the document\'s version number will be increased to %s. Otherwise, it will be considered a minor update, and the version number will be %s.'), $major_inc, $minor_inc), - 'name' => 'major_update', + 'label' => _kt('Major Update'), + 'description' => sprintf(_kt('If this is checked, then the document\'s version number will be increased to %s. Otherwise, it will be considered a minor update, and the version number will be %s.'), $major_inc, $minor_inc), + 'name' => 'major_update', 'value' => false, - )), + )), array('ktcore.widgets.reason', array( 'label' => _kt('Reason'), 'description' => _kt('Please describe the changes you made to the document. Bear in mind that you can use a maximum of 250 characters.'), 'name' => 'reason', )), array('ktcore.widgets.boolean',array( - 'label' => _kt('Force Original Filename'), - 'description' => sprintf(_kt('If this is checked, the uploaded document must have the same filename as the original: %s'), $this->oDocument->getFilename()), - 'name' => 'forcefilename', + 'label' => _kt('Force Original Filename'), + 'description' => sprintf(_kt('If this is checked, the uploaded document must have the same filename as the original: %s'), htmlentities($this->oDocument->getFilename(),ENT_QUOTES,'UTF-8')), + 'name' => 'forcefilename', 'value' => true, )), )); @@ -485,17 +485,17 @@ class KTDocumentCheckInAction extends KTDocumentAction { array('ktcore.validators.boolean', array( 'test' => 'major_update', 'output' => 'major_update', - )), + )), array('ktcore.validators.file', array( 'test' => 'file', 'output' => 'file', - )), + )), array('ktcore.validators.boolean', array( 'test' => 'forcefilename', 'output' => 'forcefilename', - )), + )), )); - + return $oForm; } @@ -503,7 +503,7 @@ class KTDocumentCheckInAction extends KTDocumentAction { function do_main() { $this->oPage->setBreadcrumbDetails(_kt('Checkin')); $oTemplate =& $this->oValidator->validateTemplate('ktcore/action/checkin'); - + $oForm = $this->form_main(); $oTemplate->setData(array( @@ -517,24 +517,24 @@ class KTDocumentCheckInAction extends KTDocumentAction { $oForm = $this->form_main(); $res = $oForm->validate(); $data = $res['results']; - + $extra_errors = array(); - + if ($data['forcefilename'] && ($data['file']['name'] != $this->oDocument->getFilename())) { - $extra_errors['file'] = sprintf(_kt('The file you uploaded was not called "%s". If you wish to change the filename, please set "Force Original Filename" below to false. '), $this->oDocument->getFilename()); + $extra_errors['file'] = sprintf(_kt('The file you uploaded was not called "%s". If you wish to change the filename, please set "Force Original Filename" below to false. '), htmlentities($this->oDocument->getFilename(),ENT_QUOTES,'UTF-8')); } - + if (!empty($res['errors']) || !empty($extra_errors)) { return $oForm->handleError(null, $extra_errors); } - + $sReason = $data['reason']; - + $sCurrentFilename = $this->oDocument->getFileName(); $sNewFilename = $data['file']['name']; $aOptions = array(); - + if ($data['major_update']) { $aOptions['major_update'] = true; } @@ -542,7 +542,7 @@ class KTDocumentCheckInAction extends KTDocumentAction { if ($sCurrentFilename != $sNewFilename) { $aOptions['newfilename'] = $sNewFilename; } - + $res = KTDocumentUtil::checkin($this->oDocument, $data['file']['tmp_name'], $sReason, $this->oUser, $aOptions); if (PEAR::isError($res)) { $this->errorRedirectToMain(_kt('An error occurred while trying to check in the document'), 'fDocumentId=' . $this->oDocument->getId() . '&reason=' . $sReason); @@ -561,7 +561,7 @@ class KTDocumentCancelCheckOutAction extends KTDocumentAction { var $_sShowPermission = 'ktcore.permissions.write'; var $bAllowInAdminMode = true; var $bInAdminMode = null; - var $sIconClass = 'cancel_checkout'; + var $sIconClass = 'cancel_checkout'; function getDisplayName() { return _kt('Cancel Checkout'); @@ -573,10 +573,10 @@ class KTDocumentCancelCheckOutAction extends KTDocumentAction { } if (is_null($this->bInAdminMode)) { $oFolder = Folder::get($this->oDocument->getFolderId()); - if (KTBrowseUtil::inAdminMode($this->oUser, $oFolder)) { + if (KTBrowseUtil::inAdminMode($this->oUser, $oFolder)) { $this->bAdminMode = true; - return parent::getInfo(); - } + return parent::getInfo(); + } } else if ($this->bInAdminMode == true) { return parent::getInfo(); } @@ -588,7 +588,7 @@ class KTDocumentCancelCheckOutAction extends KTDocumentAction { function check() { $res = parent::check(); - + if ($res !== true) { return $res; } @@ -600,10 +600,10 @@ class KTDocumentCancelCheckOutAction extends KTDocumentAction { // hard override if we're in admin mode for this doc. if (is_null($this->bInAdminMode)) { $oFolder = Folder::get($this->oDocument->getFolderId()); - if (KTBrowseUtil::inAdminMode($this->oUser, $oFolder)) { + if (KTBrowseUtil::inAdminMode($this->oUser, $oFolder)) { $this->bAdminMode = true; - return true; - } + return true; + } } else if ($this->bInAdminMode == true) { return true; } @@ -639,16 +639,16 @@ class KTDocumentCancelCheckOutAction extends KTDocumentAction { 'output' => 'reason', )), )); - + return $oForm; } function do_main() { $this->oPage->setBreadcrumbDetails(_kt('cancel checkout')); $oTemplate =& $this->oValidator->validateTemplate('ktcore/action/cancel_checkout'); - + $oForm = $this->form_main(); - + $oTemplate->setData(array( 'context' => &$this, 'form' => $oForm, @@ -663,9 +663,9 @@ class KTDocumentCancelCheckOutAction extends KTDocumentAction { if (!empty($res['errors'])) { return $oForm->handleError(); } - + $data = $res['results']; - + $this->startTransaction(); // actually do the checkin. $this->oDocument->setIsCheckedOut(0); @@ -675,7 +675,7 @@ class KTDocumentCancelCheckOutAction extends KTDocumentAction { $this->rollbackTransaction(); return $this->errorRedirectToMain(_kt('Failed to force the document\'s checkin.'),sprintf('fDocumentId=%d'),$this->oDocument->getId()); } - + // checkout cancelled transaction $oDocumentTransaction = & new DocumentTransaction($this->oDocument, $data['reason'], 'ktcore.transactions.force_checkin'); $res = $oDocumentTransaction->create(); @@ -683,7 +683,7 @@ class KTDocumentCancelCheckOutAction extends KTDocumentAction { $this->rollbackTransaction(); return $this->errorRedirectToMain(_kt('Failed to force the document\'s checkin.'),sprintf('fDocumentId=%d'),$this->oDocument->getId()); } - $this->commitTransaction(); + $this->commitTransaction(); redirect(KTBrowseUtil::getUrlForDocument($this->oDocument)); } } @@ -746,7 +746,7 @@ class KTDocumentDeleteAction extends KTDocumentAction { 'output' => 'reason', )), )); - + return $oForm; } @@ -770,17 +770,17 @@ class KTDocumentDeleteAction extends KTDocumentAction { if (!empty($res['errors'])) { return $oForm->handleError(); } - + $sReason = $data['reason']; - + $fFolderId = $this->oDocument->getFolderId(); $res = KTDocumentUtil::delete($this->oDocument, $sReason); if (PEAR::isError($res)) { $this->errorRedirectToMain(sprintf(_kt('Unexpected failure deleting document: %s'), $res->getMessage())); - } + } $_SESSION['KTInfoMessage'][] = sprintf(_kt('Document "%s" Deleted.'),$this->oDocument->getName()); - + controllerRedirect('browse', 'fFolderId=' . $fFolderId); exit(0); } @@ -838,15 +838,15 @@ class KTDocumentMoveAction extends KTDocumentAction { 'cancel_url' => KTBrowseUtil::getUrlForDocument($this->oDocument), 'fail_action' => 'main', 'context' => $this, - )); + )); /* * This is somewhat more complex than most forms, since the "filename" * and title shouldn't appear unless there's a clash. * * This is still not the most elegant solution. - */ - + */ + $oForm->setWidgets(array( array('ktcore.widgets.foldercollection', array( 'label' => _kt('Target Folder'), @@ -861,8 +861,8 @@ class KTDocumentMoveAction extends KTDocumentAction { 'name' => 'reason', )), )); - - + + $oForm->setValidators(array( array('ktcore.validators.string', array( 'test' => 'reason', @@ -874,10 +874,10 @@ class KTDocumentMoveAction extends KTDocumentAction { 'test' => 'browse', 'output' => 'browse', )), - )); - + )); + // here's the ugly bit. - + $err = $oForm->getErrors(); if (!empty($err['name']) || !empty($err['filename'])) { $oForm->addWidget( @@ -914,7 +914,7 @@ class KTDocumentMoveAction extends KTDocumentAction { } return $oForm; } - + function do_move() { $oForm = $this->form_move(); $res = $oForm->validate(); @@ -926,59 +926,59 @@ class KTDocumentMoveAction extends KTDocumentAction { if ($data['browse']->getId() == $this->oDocument->getFolderID()) { $extra_errors['browse'] = _kt('You cannot move the document within the same folder.'); } else { - $bNameClash = KTDocumentUtil::nameExists($data['browse'], $this->oDocument->getName()); + $bNameClash = KTDocumentUtil::nameExists($data['browse'], $this->oDocument->getName()); if ($bNameClash && isset($data['name'])) { $name = $data['name']; - $bNameClash = KTDocumentUtil::nameExists($data['browse'], $name); + $bNameClash = KTDocumentUtil::nameExists($data['browse'], $name); } else { $name = $this->oDocument->getName(); } if ($bNameClash) { $extra_errors['name'] = _kt('A document with this title already exists in your chosen folder. Please choose a different folder, or specify a new title for the copied document.'); } - - $bFileClash = KTDocumentUtil::fileExists($data['browse'], $this->oDocument->getFilename()); + + $bFileClash = KTDocumentUtil::fileExists($data['browse'], $this->oDocument->getFilename()); if ($bFileClash && isset($data['filename'])) { $filename = $data['filename']; - $bFileClash = KTDocumentUtil::fileExists($data['browse'], $filename); + $bFileClash = KTDocumentUtil::fileExists($data['browse'], $filename); } else { $filename = $this->oDocument->getFilename(); - } + } if ($bFileClash) { $extra_errors['filename'] = _kt('A document with this filename already exists in your chosen folder. Please choose a different folder, or specify a new filename for the copied document.'); } - + if (!Permission::userHasFolderWritePermission($data['browse'])) { $extra_errors['browse'] = _kt('You do not have permission to create new documents in that folder.'); } } } - + if (!empty($errors) || !empty($extra_errors)) { - return $oForm->handleError(null, $extra_errors); + return $oForm->handleError(null, $extra_errors); } - + $this->startTransaction(); // now try update it. - + $res = KTDocumentUtil::move($this->oDocument, $data['browse'], $this->oUser, $sReason); if (PEAR::isError($oNewDoc)) { $this->errorRedirectTo('main', _kt('Failed to move document: ') . $oNewDoc->getMessage()); exit(0); } - + $this->oDocument->setName($name); // if needed. $this->oDocument->setFilename($filename); // if needed. - + $res = $this->oDocument->update(); if (PEAR::isError($res)) { return $this->errorRedirectTo('main', _kt('Failed to move document: ') . $res->getMessage()); } $this->commitTransaction(); - + controllerRedirect('viewDocument', 'fDocumentId=' . $this->oDocument->getId()); - exit(0); + exit(0); } } @@ -1009,7 +1009,7 @@ class KTDocumentCopyAction extends KTDocumentAction { if ($this->oDocument->getIsCheckedOut()) { return null; } - + return parent::getInfo(); } @@ -1028,7 +1028,7 @@ class KTDocumentCopyAction extends KTDocumentAction { $this->oDocumentFolder = $this->oValidator->validateFolder($this->oDocument->getFolderId()); return true; } - + function form_copyselection() { $oForm = new KTForm; $oForm->setOptions(array( @@ -1039,15 +1039,15 @@ class KTDocumentCopyAction extends KTDocumentAction { 'cancel_url' => KTBrowseUtil::getUrlForDocument($this->oDocument), 'fail_action' => 'main', 'context' => $this, - )); + )); /* * This is somewhat more complex than most forms, since the "filename" * and title shouldn't appear unless there's a clash. * * This is still not the most elegant solution. - */ - + */ + $oForm->setWidgets(array( array('ktcore.widgets.foldercollection', array( 'label' => _kt('Target Folder'), @@ -1062,8 +1062,8 @@ class KTDocumentCopyAction extends KTDocumentAction { 'name' => 'reason', )), )); - - + + $oForm->setValidators(array( array('ktcore.validators.string', array( 'test' => 'reason', @@ -1075,10 +1075,10 @@ class KTDocumentCopyAction extends KTDocumentAction { 'test' => 'browse', 'output' => 'browse', )), - )); - + )); + // here's the ugly bit. - + $err = $oForm->getErrors(); if (!empty($err['name']) || !empty($err['filename'])) { $oForm->addWidget( @@ -1122,7 +1122,7 @@ class KTDocumentCopyAction extends KTDocumentAction { return $oForm->renderPage(_kt('Copy Document') . ': ' . $this->oDocument->getName()); } - function do_copy() { + function do_copy() { $oForm = $this->form_copyselection(); $res = $oForm->validate(); $errors = $res['errors']; @@ -1131,59 +1131,59 @@ class KTDocumentCopyAction extends KTDocumentAction { if (!is_null($data['browse'])) { - $bNameClash = KTDocumentUtil::nameExists($data['browse'], $this->oDocument->getName()); + $bNameClash = KTDocumentUtil::nameExists($data['browse'], $this->oDocument->getName()); if ($bNameClash && isset($data['name'])) { $name = $data['name']; - $bNameClash = KTDocumentUtil::nameExists($data['browse'], $name); + $bNameClash = KTDocumentUtil::nameExists($data['browse'], $name); } else { $name = $this->oDocument->getName(); } if ($bNameClash) { $extra_errors['name'] = _kt('A document with this title already exists in your chosen folder. Please choose a different folder, or specify a new title for the copied document.'); } - - $bFileClash = KTDocumentUtil::fileExists($data['browse'], $this->oDocument->getFilename()); + + $bFileClash = KTDocumentUtil::fileExists($data['browse'], $this->oDocument->getFilename()); if ($bFileClash && isset($data['filename'])) { $filename = $data['filename']; - $bFileClash = KTDocumentUtil::fileExists($data['browse'], $filename); + $bFileClash = KTDocumentUtil::fileExists($data['browse'], $filename); } else { $filename = $this->oDocument->getFilename(); - } + } if ($bFileClash) { $extra_errors['filename'] = _kt('A document with this filename already exists in your chosen folder. Please choose a different folder, or specify a new filename for the copied document.'); } - + if (!Permission::userHasFolderWritePermission($data['browse'])) { $extra_errors['browse'] = _kt('You do not have permission to create new documents in that folder.'); } } - + if (!empty($errors) || !empty($extra_errors)) { - return $oForm->handleError(null, $extra_errors); + return $oForm->handleError(null, $extra_errors); } - + // FIXME agree on document-duplication rules re: naming, etc. - + $this->startTransaction(); // now try update it. - + $oNewDoc = KTDocumentUtil::copy($this->oDocument, $data['browse'], $sReason); if (PEAR::isError($oNewDoc)) { $this->errorRedirectTo('main', _kt('Failed to copy document: ') . $oNewDoc->getMessage(), sprintf('fDocumentId=%d&fFolderId=%d', $this->oDocument->getId(), $this->oFolder->getId())); exit(0); } - + $oNewDoc->setName($name); $oNewDoc->setFilename($filename); - + $res = $oNewDoc->update(); if (PEAR::isError($res)) { return $this->errorRedirectTo('main', _kt('Failed to copy document: ') . $res->getMessage(), sprintf('fDocumentId=%d&fFolderId=%d', $this->oDocument->getId(), $this->oFolder->getId())); } $this->commitTransaction(); - + // FIXME do we need to refactor all trigger usage into the util function? $oKTTriggerRegistry = KTTriggerRegistry::getSingleton(); $aTriggers = $oKTTriggerRegistry->getTriggers('copyDocument', 'postValidate'); @@ -1198,13 +1198,13 @@ class KTDocumentCopyAction extends KTDocumentAction { $oTrigger->setInfo($aInfo); $ret = $oTrigger->postValidate(); } - + //$aOptions = array('user' => $oUser); //$oDocumentTransaction = & new DocumentTransaction($oNewDoc, 'Document copied from old version.', 'ktcore.transactions.create', $aOptions); //$res = $oDocumentTransaction->create(); - + $_SESSION['KTInfoMessage'][] = _kt('Document copied.'); - + controllerRedirect('viewDocument', 'fDocumentId=' . $oNewDoc->getId()); exit(0); } @@ -1252,10 +1252,10 @@ class KTDocumentArchiveAction extends KTDocumentAction { 'output' => 'reason', )), )); - + return $oForm; } - + function do_main() { $this->oPage->setBreadcrumbDetails(_kt('Archive Document')); $oTemplate =& $this->oValidator->validateTemplate('ktcore/action/archive'); @@ -1270,16 +1270,16 @@ class KTDocumentArchiveAction extends KTDocumentAction { } function do_archive() { - + $oForm = $this->form_main(); $res = $oForm->validate(); $data = $res['results']; if (!empty($res['errors'])) { return $oForm->handleError(); } - + $sReason = $data['reason']; - + $this->startTransaction(); $this->oDocument->setStatusID(ARCHIVED); $res = $this->oDocument->update(); @@ -1290,7 +1290,7 @@ class KTDocumentArchiveAction extends KTDocumentAction { } $oDocumentTransaction = & new DocumentTransaction($this->oDocument, sprintf(_kt('Document archived: %s'), $sReason), 'ktcore.transactions.update'); $oDocumentTransaction->create(); - + $this->commitTransaction(); $oKTTriggerRegistry = KTTriggerRegistry::getSingleton(); @@ -1320,11 +1320,11 @@ class KTDocumentArchiveAction extends KTDocumentAction { class KTDocumentWorkflowAction extends KTDocumentAction { var $sName = 'ktcore.actions.document.workflow'; var $_sShowPermission = 'ktcore.permissions.read'; - - var $sHelpPage = 'ktcore/user/workflow.html'; + + var $sHelpPage = 'ktcore/user/workflow.html'; function predispatch() { - $this->persistParams(array('fTransitionId')); + $this->persistParams(array('fTransitionId')); } function getDisplayName() { @@ -1350,7 +1350,7 @@ class KTDocumentWorkflowAction extends KTDocumentAction { } $fieldErrors = null; - + $transition_fields = array(); if ($aTransitions) { $aVocab = array(); @@ -1364,8 +1364,8 @@ class KTDocumentWorkflowAction extends KTDocumentAction { $fieldOptions = array('vocab' => $aVocab); $transition_fields[] = new KTLookupWidget(_kt('Transition to perform'), _kt('The transition listed will cause the document to change from its current state to the listed destination state.'), 'fTransitionId', null, $this->oPage, true, null, $fieldErrors, $fieldOptions); $transition_fields[] = new KTTextWidget( - _kt('Reason for transition'), _kt('Describe why this document qualifies to be changed from its current state to the destination state of the transition chosen.'), - 'fComments', '', + _kt('Reason for transition'), _kt('Describe why this document qualifies to be changed from its current state to the destination state of the transition chosen.'), + 'fComments', '', $this->oPage, true, null, null, array('cols' => 80, 'rows' => 4)); } @@ -1399,7 +1399,7 @@ class KTDocumentWorkflowAction extends KTDocumentAction { function do_performTransition() { $oDocument =& $this->oValidator->validateDocument($_REQUEST['fDocumentId']); - $oTransition =& $this->oValidator->validateWorkflowTransition($_REQUEST['fTransitionId']); + $oTransition =& $this->oValidator->validateWorkflowTransition($_REQUEST['fTransitionId']); $aErrorOptions = array( 'redirect_to' => array('main', sprintf('fDocumentId=%d', $_REQUEST['fDocumentId'])), @@ -1407,7 +1407,7 @@ class KTDocumentWorkflowAction extends KTDocumentAction { ); $sComments =& $this->oValidator->validateString($_REQUEST['fComments'], $aErrorOptions); - + $oUser =& User::get($_SESSION['userID']); $res = KTWorkflowUtil::performTransitionOnDocument($oTransition, $oDocument, $oUser, $sComments); @@ -1420,7 +1420,7 @@ class KTDocumentWorkflowAction extends KTDocumentAction { array('fDocumentId' => $oDocument->getId())); } } - + function form_quicktransition() { $oForm = new KTForm; @@ -1446,36 +1446,36 @@ class KTDocumentWorkflowAction extends KTDocumentAction { 'test' => 'reason', 'max_length' => 250, 'output' => 'reason', - )), + )), )); - + return $oForm; } function do_quicktransition() { // make sure this gets through. $this->persistParams(array('fTransitionId')); - + $transition_id = $_REQUEST['fTransitionId']; $oTransition = KTWorkflowTransition::get($transition_id); - + $oForm = $this->form_quicktransition(); return $oForm->renderPage(sprintf(_kt('Perform Transition: %s'), $oTransition->getName())); } - + function do_performquicktransition() { $oForm = $this->form_quicktransition(); $res = $oForm->validate(); - + if (!empty($res['errors'])) { return $oForm->handleError(); - } - + } + $this->startTransaction(); - + $data = $res['results']; $oTransition = KTWorkflowTransition::get($_REQUEST['fTransitionId']); - + $res = KTWorkflowUtil::performTransitionOnDocument($oTransition, $this->oDocument, $this->oUser, $data['reason']); if(!Permission::userHasDocumentReadPermission($this->oDocument)) { @@ -1483,10 +1483,10 @@ class KTDocumentWorkflowAction extends KTDocumentAction { $_SESSION['KTInfoMessage'][] = _kt('Transition performed') . '. ' . _kt('You no longer have permission to view this document'); controllerRedirect('browse', sprintf('fFolderId=%d', $this->oDocument->getFolderId())); } else { - $this->commitTransaction(); + $this->commitTransaction(); $_SESSION['KTInfoMessage'][] = _kt('Transition performed'); controllerRedirect('viewDocument', sprintf('fDocumentId=%d', $this->oDocument->getId())); - } + } } } @@ -1499,7 +1499,7 @@ class KTOwnershipChangeAction extends KTDocumentAction { function getDisplayName() { return _kt('Change Document Ownership'); } - + function form_owner() { $oForm = new KTForm; $oForm->setOptions(array( @@ -1529,49 +1529,49 @@ class KTOwnershipChangeAction extends KTDocumentAction { 'output' => 'user', )), )); - + return $oForm; } - function do_main() { + function do_main() { $this->oPage->setBreadcrumbDetails(_kt('Changing Ownership')); $oTemplate =& $this->oValidator->validateTemplate('ktcore/document/ownershipchangeaction'); - + $change_form = $this->form_owner(); - + $oTemplate->setData(array( 'context' => $this, 'form' => $change_form, - )); + )); return $oTemplate->render(); } - + function do_reown() { $oForm = $this->form_owner(); $res = $oForm->validate(); $data = $res['results']; $errors = $res['errors']; - + if (!empty($errors)) { - return $oForm->handleError(); + return $oForm->handleError(); } $oUser = $data['user']; - + $this->startTransaction(); - + $this->oDocument->setOwnerID($oUser->getId()); $res = $this->oDocument->update(); if (PEAR::isError($res)) { $this->errorRedirectToMain(sprintf(_kt('Failed to update document: %s'), $res->getMessage()), sprintf('fDocumentId=%d', $this->oDocument->getId())); } - + $res = KTPermissionUtil::updatePermissionLookup($this->oDocument); - + if (PEAR::isError($res)) { $this->errorRedirectToMain(sprintf(_kt('Failed to update document: %s'), $res->getMessage()), sprintf('fDocumentId=%d', $this->oDocument->getId())); } - + $this->successRedirectToMain(_kt('Ownership changed.'), sprintf('fDocumentId=%d', $this->oDocument->getId())); } } diff --git a/plugins/ktcore/KTPermissions.php b/plugins/ktcore/KTPermissions.php index 2d46964..e59a719 100644 --- a/plugins/ktcore/KTPermissions.php +++ b/plugins/ktcore/KTPermissions.php @@ -6,7 +6,7 @@ * License Version 1.1.2 ("License"); You may not use this file except in * compliance with the License. You may obtain a copy of the License at * http://www.knowledgetree.com/KPL - * + * * Software distributed under the License is distributed on an "AS IS" * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. * See the License for the specific language governing rights and @@ -17,9 +17,9 @@ * (ii) the KnowledgeTree copyright notice * in the same form as they appear in the distribution. See the License for * requirements. - * + * * The Original Code is: KnowledgeTree Open Source - * + * * The Initial Developer of the Original Code is The Jam Warehouse Software * (Pty) Ltd, trading as KnowledgeTree. * Portions created by The Jam Warehouse Software (Pty) Ltd are Copyright @@ -64,21 +64,21 @@ class KTDocumentPermissionsAction extends KTDocumentAction { function do_main() { $this->oPage->setBreadcrumbDetails(_kt("Document Permissions")); $oTemplate = $this->oValidator->validateTemplate("ktcore/document/document_permissions"); - + $oPL = KTPermissionLookup::get($this->oDocument->getPermissionLookupID()); $aPermissions = KTPermission::getList(); $aMapPermissionGroup = array(); - $aMapPermissionRole = array(); - $aMapPermissionUser = array(); - + $aMapPermissionRole = array(); + $aMapPermissionUser = array(); + $aAllGroups = Group::getList(); // probably small enough $aAllRoles = Role::getList(); // probably small enough. // users are _not_ fetched this way. - + $aActiveGroups = array(); $aActiveUsers = array(); $aActiveRoles = array(); - + foreach ($aPermissions as $oPermission) { $oPLA = KTPermissionLookupAssignment::getByPermissionAndLookup($oPermission, $oPL); if (PEAR::isError($oPLA)) { @@ -97,15 +97,15 @@ class KTDocumentPermissionsAction extends KTDocumentAction { foreach ($aIds as $iId) { $aMapPermissionRole[$iPermissionID][$iId] = true; $aActiveRoles[$iId] = true; - } + } $aIds = $oDescriptor->getUsers(); $aMapPermissionUser[$iPermissionID] = array(); foreach ($aIds as $iId) { $aMapPermissionUser[$iPermissionID][$iId] = true; $aActiveUsers[$iId] = true; - } + } } - + // now we constitute the actual sets. $users = array(); $groups = array(); @@ -117,19 +117,19 @@ class KTDocumentPermissionsAction extends KTDocumentAction { $users[$oUser->getName()] = $oUser; } asort($users); // ascending, per convention. - + foreach ($aActiveGroups as $id => $marker) { $oGroup = Group::get($id); $groups[$oGroup->getName()] = $oGroup; } asort($groups); - + foreach ($aActiveRoles as $id => $marker) { $oRole = Role::get($id); $roles[$oRole->getName()] = $oRole; } asort($roles); - + $bEdit = KTPermissionUtil::userHasPermissionOnItem($this->oUser, $this->_sEditShowPermission, $this->oDocument); $sInherited = ''; @@ -151,7 +151,7 @@ class KTDocumentPermissionsAction extends KTDocumentAction { } } } - } + } } @@ -163,7 +163,7 @@ class KTDocumentPermissionsAction extends KTDocumentAction { $aWorkflowControls[$oAssignment->getPermissionId()] = true; unset($aDynamicControls[$oAssignment->getPermissionId()]); } - } + } $aTemplateData = array( @@ -171,15 +171,15 @@ class KTDocumentPermissionsAction extends KTDocumentAction { "permissions" => $aPermissions, "groups" => $groups, "users" => $users, - "roles" => $roles, + "roles" => $roles, "iDocumentID" => $_REQUEST['fDocumentID'], "aMapPermissionGroup" => $aMapPermissionGroup, - "aMapPermissionRole" => $aMapPermissionRole, + "aMapPermissionRole" => $aMapPermissionRole, "aMapPermissionUser" => $aMapPermissionUser, "edit" => $bEdit, "inherited" => $sInherited, 'workflow_controls' => $aWorkflowControls, - 'conditions_control' => $aDynamicControls, + 'conditions_control' => $aDynamicControls, ); return $oTemplate->render($aTemplateData); } @@ -245,7 +245,7 @@ class KTDocumentPermissionsAction extends KTDocumentAction { } } } - } + } } @@ -257,7 +257,7 @@ class KTDocumentPermissionsAction extends KTDocumentAction { $aWorkflowControls[$oAssignment->getPermissionId()] = true; unset($aDynamicControls[$oAssignment->getPermissionId()]); } - } + } $aTemplateData = array( @@ -273,7 +273,7 @@ class KTDocumentPermissionsAction extends KTDocumentAction { "edit" => $bEdit, "inherited" => $sInherited, 'workflow_controls' => $aWorkflowControls, - 'conditions_control' => $aDynamicControls, + 'conditions_control' => $aDynamicControls, ); return $oTemplate->render($aTemplateData); } @@ -295,19 +295,19 @@ class KTRoleAllocationPlugin extends KTFolderAction { $this->oPage->setBreadcrumbDetails(_kt("Allocate Roles")); $oTemplating =& KTTemplating::getSingleton(); $oTemplate = $oTemplating->loadTemplate("ktcore/folder/roles"); - + // we need to have: // - a list of roles // - with their users / groups // - and that allocation id $aRoles = array(); // stores data for display. - + $aRoleList = Role::getList('id > 0'); foreach ($aRoleList as $oRole) { $iRoleId = $oRole->getId(); $aRoles[$iRoleId] = array("name" => $oRole->getName()); $oRoleAllocation = RoleAllocation::getAllocationsForFolderAndRole($this->oFolder->getId(), $iRoleId); - + $u = array(); $g = array(); $aid = null; @@ -335,15 +335,15 @@ class KTRoleAllocationPlugin extends KTFolderAction { $aRoles[$iRoleId]['allocation_id'] = $aid; $aRoles[$iRoleId]['real_allocation_id'] = $raid; } - + /* print '
';
         var_dump($aRoles);
         print '
'; */ - - + + // FIXME this is test data. /* $aRoles = array( @@ -352,10 +352,10 @@ class KTRoleAllocationPlugin extends KTFolderAction { 3 => array('name' => 'Inherited', 'users' => array(), 'groups' => array(1), 'allocation_id' => null), ); */ - - + + // final step. - + // map to users, groups. foreach ($aRoles as $key => $role) { $_users = array(); @@ -366,11 +366,11 @@ class KTRoleAllocationPlugin extends KTFolderAction { } } if (empty($_users)) { - $aRoles[$key]['users'] = ' ' . _kt('no users') . ''; + $aRoles[$key]['users'] = ' ' . _kt('no users') . ''; } else { $aRoles[$key]['users'] = join(', ',$_users); } - + $_groups = array(); foreach ($aRoles[$key]['groups'] as $iGroupId) { $oGroup = Group::get($iGroupId); @@ -379,22 +379,23 @@ class KTRoleAllocationPlugin extends KTFolderAction { } } if (empty($_groups)) { - $aRoles[$key]['groups'] = ' ' . _kt('no groups') . ''; + $aRoles[$key]['groups'] = ' ' . _kt('no groups') . ''; } else { $aRoles[$key]['groups'] = join(', ',$_groups); } } - + $aTemplateData = array( 'context' => &$this, 'roles' => $aRoles, + 'folderName'=>$this->oFolder->getName(), 'is_root' => ($this->oFolder->getId() == 1), ); return $oTemplate->render($aTemplateData); } - - - + + + function do_overrideParent() { $role_id = KTUtil::arrayGet($_REQUEST, 'role_id', null); $oRole = Role::get($role_id); @@ -405,20 +406,20 @@ class KTRoleAllocationPlugin extends KTFolderAction { $oRoleAllocation = new RoleAllocation(); $oRoleAllocation->setFolderId($this->oFolder->getId()); $oRoleAllocation->setRoleId($role_id); - - // create a new permission descriptor. + + // create a new permission descriptor. // FIXME we really want to duplicate the original (if it exists) - + $aAllowed = array(); // no-op, for now. $this->startTransaction(); - + $oRoleAllocation->setAllowed($aAllowed); $res = $oRoleAllocation->create(); - + if (PEAR::isError($res) || ($res == false)) { $this->errorRedirectToMain(_kt('Failed to create the role allocation.') . print_r($res, true), sprintf('fFolderId=%d', $this->oFolder->getId())); } - + $oTransaction = KTFolderTransaction::createFromArray(array( 'folderid' => $this->oFolder->getId(), 'comment' => _kt('Override parent allocation'), @@ -452,42 +453,42 @@ class KTRoleAllocationPlugin extends KTFolderAction { $oRoleAllocation->setAllowed($aAllowed); $res = $oRoleAllocation->update(); - - if (PEAR::isError($res) || ($res == false)) + + if (PEAR::isError($res) || ($res == false)) { $this->errorRedirectToMain(_kt('Failed to create the role allocation.') . print_r($res, true), sprintf('fFolderId=%d', $this->oFolder->getId())); } } - + // regenerate permissions - + $this->renegeratePermissionsForRole($oRoleAllocation->getRoleId()); $this->successRedirectToMain(_kt('Role allocation created.'), sprintf('fFolderId=%d', $this->oFolder->getId())); } - - function do_useParent() { + + function do_useParent() { $role_id = KTUtil::arrayGet($_REQUEST, 'role_id', null); $oRole = Role::get($role_id); if (PEAR::isError($oRole)) { - $this->errorRedirectToMain(_kt('Invalid Role.'), sprintf('fFolderId=%d',$this->oFolder->getId())); + $this->errorRedirectToMain(_kt('Invalid Role.'), sprintf('fFolderId=%d',$this->oFolder->getId())); } $role_id = $oRole->getId(); // numeric, for various testing purposes. - + $oRoleAllocation = RoleAllocation::getAllocationsForFolderAndRole($this->oFolder->getId(), $role_id); - + if ($oRoleAllocation->getFolderId() != $this->oFolder->getId()) { - $this->errorRedirectToMain(_kt('Already using a different descriptor.'), sprintf('fFolderId=%d',$this->oFolder->getId())); - } + $this->errorRedirectToMain(_kt('Already using a different descriptor.'), sprintf('fFolderId=%d',$this->oFolder->getId())); + } $this->startTransaction(); - + $res = $oRoleAllocation->delete(); - + if (PEAR::isError($res) || ($res == false)) { - $this->errorRedirectToMain(_kt('Unable to change role allocation.') . print_r($res, true), sprintf('fFolderId=%d',$this->oFolder->getId())); + $this->errorRedirectToMain(_kt('Unable to change role allocation.') . print_r($res, true), sprintf('fFolderId=%d',$this->oFolder->getId())); exit(0); } - + $oTransaction = KTFolderTransaction::createFromArray(array( 'folderid' => $this->oFolder->getId(), 'comment' => _kt('Use parent allocation'), @@ -503,34 +504,34 @@ class KTRoleAllocationPlugin extends KTFolderAction { $this->renegeratePermissionsForRole($oRoleAllocation->getRoleId()); - $this->successRedirectToMain(_kt('Role now uses parent.'), sprintf('fFolderId=%d',$this->oFolder->getId())); + $this->successRedirectToMain(_kt('Role now uses parent.'), sprintf('fFolderId=%d',$this->oFolder->getId())); } - + function rootoverride($role_id) { if ($this->oFolder->getId() != 1) { $this->errorRedirectToMain(_kt("Cannot create allocation for non-root locations.")); } - + $oRoleAllocation = new RoleAllocation(); $oRoleAllocation->setFolderId($this->oFolder->getId()); $oRoleAllocation->setRoleId($role_id); - - // create a new permission descriptor. + + // create a new permission descriptor. // FIXME we really want to duplicate the original (if it exists) - + $aAllowed = array(); // no-op, for now. $this->startTransaction(); - + $oRoleAllocation->setAllowed($aAllowed); $res = $oRoleAllocation->create(); - + if (PEAR::isError($res) || ($res == false)) { $this->errorRedirectToMain(_kt('Failed to create the role allocation.') . print_r($res, true), sprintf('fFolderId=%d', $this->oFolder->getId())); } - + return $oRoleAllocation; } - + function do_editRoleUsers() { $role_allocation_id = KTUtil::arrayGet($_REQUEST, 'alloc_id'); @@ -542,22 +543,22 @@ class KTRoleAllocationPlugin extends KTFolderAction { if ((PEAR::isError($oRoleAllocation)) || ($oRoleAllocation=== false)) { $this->errorRedirectToMain(_kt('No such role allocation.'), sprintf('fFolderId=%d',$this->oFolder->getId())); } - - + + $this->oPage->setBreadcrumbDetails(_kt('Manage Users for Role')); $this->oPage->setTitle(sprintf(_kt('Manage Users for Role'))); - + $initJS = 'var optGroup = new OptionTransfer("userSelect","chosenUsers"); ' . 'function startTrans() { var f = getElement("userroleform"); ' . ' optGroup.saveNewRightOptions("userFinal"); ' . ' optGroup.init(f); }; ' . - ' addLoadEvent(startTrans); '; + ' addLoadEvent(startTrans); '; $this->oPage->requireJSStandalone($initJS); - + $aInitialUsers = $oRoleAllocation->getUsers(); $aAllUsers = User::getList(); - - + + // FIXME this is massively non-performant for large userbases.. $aRoleUsers = array(); $aFreeUsers = array(); @@ -569,8 +570,8 @@ class KTRoleAllocationPlugin extends KTFolderAction { $aFreeUsers[$oUser->getId()] = $oUser; } } - - $oTemplating =& KTTemplating::getSingleton(); + + $oTemplating =& KTTemplating::getSingleton(); $oTemplate = $oTemplating->loadTemplate("ktcore/folder/roles_manageusers"); $aTemplateData = array( "context" => $this, @@ -580,8 +581,8 @@ class KTRoleAllocationPlugin extends KTFolderAction { ); return $oTemplate->render($aTemplateData); } - - function do_editRoleGroups() { + + function do_editRoleGroups() { $role_allocation_id = KTUtil::arrayGet($_REQUEST, 'alloc_id'); if (($this->oFolder->getId() == 1) && is_null($role_allocation_id)) { @@ -592,22 +593,22 @@ class KTRoleAllocationPlugin extends KTFolderAction { if ((PEAR::isError($oRoleAllocation)) || ($oRoleAllocation=== false)) { $this->errorRedirectToMain(_kt('No such role allocation.'), sprintf('fFolderId=%d',$this->oFolder->getId())); } - - $oRole = Role::get($oRoleAllocation->getRoleId()); + + $oRole = Role::get($oRoleAllocation->getRoleId()); $this->oPage->setBreadcrumbDetails(_kt('Manage Groups for Role')); $this->oPage->setTitle(sprintf(_kt('Manage Groups for Role "%s"'), $oRole->getName())); - + $initJS = 'var optGroup = new OptionTransfer("groupSelect","chosenGroups"); ' . 'function startTrans() { var f = getElement("grouproleform"); ' . ' optGroup.saveNewRightOptions("groupFinal"); ' . ' optGroup.init(f); }; ' . - ' addLoadEvent(startTrans); '; + ' addLoadEvent(startTrans); '; $this->oPage->requireJSStandalone($initJS); - + $aInitialUsers = $oRoleAllocation->getGroups(); $aAllUsers = Group::getList(); - - + + // FIXME this is massively non-performant for large userbases.. $aRoleUsers = array(); $aFreeUsers = array(); @@ -619,10 +620,10 @@ class KTRoleAllocationPlugin extends KTFolderAction { $aFreeUsers[$oGroup->getId()] = $oGroup; } } - - - - $oTemplating =& KTTemplating::getSingleton(); + + + + $oTemplating =& KTTemplating::getSingleton(); $oTemplate = $oTemplating->loadTemplate("ktcore/folder/roles_managegroups"); $aTemplateData = array( "context" => $this, @@ -633,7 +634,7 @@ class KTRoleAllocationPlugin extends KTFolderAction { ); return $oTemplate->render($aTemplateData); } - + function do_setRoleUsers() { $role_allocation_id = KTUtil::arrayGet($_REQUEST, 'allocation_id'); @@ -653,24 +654,24 @@ class KTRoleAllocationPlugin extends KTFolderAction { } } if (empty($aFinalUserIds)) { $aFinalUserIds = null; } - + // hack straight in. $oPD = $oRoleAllocation->getPermissionDescriptor(); - $aAllowed = $oPD->getAllowed(); - - - + $aAllowed = $oPD->getAllowed(); + + + // now, grab the existing allowed and modify. $aAllowed['user'] = $aFinalUserIds; - + $oRoleAllocation->setAllowed($aAllowed); $res = $oRoleAllocation->update(); - + if (PEAR::isError($res) || ($res == false)) { $this->errorRedirectToMain(_kt('Failed to change the role allocation.') . print_r($res, true), sprintf('fFolderId=%d', $this->oFolder->getId())); } - + $oTransaction = KTFolderTransaction::createFromArray(array( 'folderid' => $this->oFolder->getId(), 'comment' => _kt('Set role users'), @@ -685,12 +686,12 @@ class KTRoleAllocationPlugin extends KTFolderAction { $this->oValidator->notErrorFalse($oTransaction, $aOptions); $this->renegeratePermissionsForRole($oRoleAllocation->getRoleId()); - - $this->successRedirectToMain(_kt('Allocation changed.'), sprintf('fFolderId=%d',$this->oFolder->getId())); + + $this->successRedirectToMain(_kt('Allocation changed.'), sprintf('fFolderId=%d',$this->oFolder->getId())); } - + function do_setRoleGroups() { - + $role_allocation_id = KTUtil::arrayGet($_REQUEST, 'allocation_id'); $oRoleAllocation = RoleAllocation::get($role_allocation_id); if ((PEAR::isError($oRoleAllocation)) || ($oRoleAllocation=== false)) { @@ -708,24 +709,24 @@ class KTRoleAllocationPlugin extends KTFolderAction { } } if (empty($aFinalGroupIds)) { $aFinalGroupIds = null; } - + // hack straight in. $oPD = $oRoleAllocation->getPermissionDescriptor(); - $aAllowed = $oPD->getAllowed(); - - - + $aAllowed = $oPD->getAllowed(); + + + // now, grab the existing allowed and modify. $aAllowed['group'] = $aFinalGroupIds; - + $oRoleAllocation->setAllowed($aAllowed); $res = $oRoleAllocation->update(); - + if (PEAR::isError($res) || ($res == false)) { $this->errorRedirectToMain(_kt('Failed to change the role allocation.') . print_r($res, true), sprintf('fFolderId=%d', $this->oFolder->getId())); } - + $oTransaction = KTFolderTransaction::createFromArray(array( 'folderid' => $this->oFolder->getId(), 'comment' => _kt('Set role groups'), @@ -740,14 +741,14 @@ class KTRoleAllocationPlugin extends KTFolderAction { $this->oValidator->notErrorFalse($oTransaction, $aOptions); $this->renegeratePermissionsForRole($oRoleAllocation->getRoleId()); - - $this->successRedirectToMain(_kt('Allocation changed.'), sprintf('fFolderId=%d',$this->oFolder->getId())); + + $this->successRedirectToMain(_kt('Allocation changed.'), sprintf('fFolderId=%d',$this->oFolder->getId())); } - + function renegeratePermissionsForRole($iRoleId) { $iStartFolderId = $this->oFolder->getId(); - /* - * 1. find all folders & documents "below" this one which use the role + /* + * 1. find all folders & documents "below" this one which use the role * definition _active_ (not necessarily present) at this point. * 2. tell permissionutil to regen their permissions. * @@ -755,7 +756,7 @@ class KTRoleAllocationPlugin extends KTFolderAction { * * folder_queue <- (iStartFolderId) * while folder_queue is not empty: - * active_folder = + * active_folder = * for each folder in the active_folder: * find folders in _this_ folder without a role-allocation on the iRoleId * add them to the folder_queue @@ -763,38 +764,38 @@ class KTRoleAllocationPlugin extends KTFolderAction { * find documents in this folder: * update their permissions. */ - + $sRoleAllocTable = KTUtil::getTableName('role_allocations'); $sFolderTable = KTUtil::getTableName('folders'); $sQuery = sprintf('SELECT f.id as id FROM %s AS f LEFT JOIN %s AS ra ON (f.id = ra.folder_id) WHERE ra.id IS NULL AND f.parent_id = ?', $sFolderTable, $sRoleAllocTable); - - + + $folder_queue = array($iStartFolderId); while (!empty($folder_queue)) { $active_folder = array_pop($folder_queue); - - $aParams = array($active_folder); - + + $aParams = array($active_folder); + $aNewFolders = DBUtil::getResultArrayKey(array($sQuery, $aParams), 'id'); if (PEAR::isError($aNewFolders)) { $this->errorRedirectToMain(_kt('Failure to generate folderlisting.')); } $folder_queue = kt_array_merge ($folder_queue, (array) $aNewFolders); // push. - + // update the folder. $oFolder =& Folder::get($active_folder); if (PEAR::isError($oFolder) || ($oFolder == false)) { $this->errorRedirectToMain(_kt('Unable to locate folder: ') . $active_folder); } - + KTPermissionUtil::updatePermissionLookup($oFolder); $aDocList =& Document::getList(array('folder_id = ?', $active_folder)); if (PEAR::isError($aDocList) || ($aDocList === false)) { $this->errorRedirectToMain(sprintf(_kt('Unable to get documents in folder %s: %s'), $active_folder, $aDocList->getMessage())); } - - foreach ($aDocList as $oDoc) { + + foreach ($aDocList as $oDoc) { if (!PEAR::isError($oDoc)) { KTPermissionUtil::updatePermissionLookup($oDoc); } @@ -818,13 +819,13 @@ class KTDocumentRolesAction extends KTDocumentAction { $this->oPage->setBreadcrumbDetails(_kt("View Roles")); $oTemplating = new KTTemplating; $oTemplate = $oTemplating->loadTemplate("ktcore/action/view_roles"); - + // we need to have: // - a list of roles // - with their users / groups // - and that allocation id $aRoles = array(); // stores data for display. - + $aRoleList = Role::getList(); foreach ($aRoleList as $oRole) { $iRoleId = $oRole->getId(); @@ -833,7 +834,7 @@ class KTDocumentRolesAction extends KTDocumentAction { if (is_null($oRoleAllocation)) { $oRoleAllocation = RoleAllocation::getAllocationsForFolderAndRole($this->oDocument->getFolderID(), $iRoleId); } - + $u = array(); $g = array(); $aid = null; @@ -855,12 +856,12 @@ class KTDocumentRolesAction extends KTDocumentAction { $aRoles[$iRoleId]['users'] = $u; $aRoles[$iRoleId]['groups'] = $g; $aRoles[$iRoleId]['real_allocation_id'] = $raid; - } - + } + // final step. - + // map to users, groups. - foreach ($aRoles as $key => $role) { + foreach ($aRoles as $key => $role) { $_users = array(); foreach ($aRoles[$key]['users'] as $iUserId) { $oUser = User::get($iUserId); @@ -869,11 +870,11 @@ class KTDocumentRolesAction extends KTDocumentAction { } } if (empty($_users)) { - $aRoles[$key]['users'] = ' ' . _kt('no users') . ''; + $aRoles[$key]['users'] = ' ' . _kt('no users') . ''; } else { $aRoles[$key]['users'] = implode(', ',$_users); - } - + } + $_groups = array(); foreach ($aRoles[$key]['groups'] as $iGroupId) { $oGroup = Group::get($iGroupId); @@ -882,12 +883,12 @@ class KTDocumentRolesAction extends KTDocumentAction { } } if (empty($_groups)) { - $aRoles[$key]['groups'] = ' ' . _kt('no groups') . ''; + $aRoles[$key]['groups'] = ' ' . _kt('no groups') . ''; } else { $aRoles[$key]['groups'] = implode(', ',$_groups); } } - + $aTemplateData = array( 'context' => &$this, 'roles' => $aRoles, diff --git a/plugins/ktstandard/KTDocumentLinksColumns.php b/plugins/ktstandard/KTDocumentLinksColumns.php index d4d700a..13e463d 100644 --- a/plugins/ktstandard/KTDocumentLinksColumns.php +++ b/plugins/ktstandard/KTDocumentLinksColumns.php @@ -7,7 +7,7 @@ * License Version 1.1.2 ("License"); You may not use this file except in * compliance with the License. You may obtain a copy of the License at * http://www.knowledgetree.com/KPL - * + * * Software distributed under the License is distributed on an "AS IS" * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. * See the License for the specific language governing rights and @@ -18,9 +18,9 @@ * (ii) the KnowledgeTree copyright notice * in the same form as they appear in the distribution. See the License for * requirements. - * + * * The Original Code is: KnowledgeTree Open Source - * + * * The Initial Developer of the Original Code is The Jam Warehouse Software * (Pty) Ltd, trading as KnowledgeTree. * Portions created by The Jam Warehouse Software (Pty) Ltd are Copyright @@ -48,13 +48,13 @@ $oCR->getColumn('ktcore.columns.title'); class KTDocumentLinkTitle extends AdvancedTitleColumn { var $namespace = 'ktdocumentlinks.columns.title'; - function renderDocumentLink($aDataRow) { + function renderDocumentLink($aDataRow) { $aOptions = $this->getOptions(); $fParentDocId = KTUtil::arrayGet(KTUtil::arrayGet($aOptions, 'qs_params', array()), 'fDocumentId', False); if ((int)$aDataRow["document"]->getId() === (int)$fParentDocId) { - return $aDataRow["document"]->getName() . + return htmlentities($aDataRow["document"]->getName(),ENT_QUOTES, 'UTF-8') . ' (' . _kt('you cannot link to the source document') . ')'; } else { return parent::renderDocumentLink($aDataRow); diff --git a/plugins/rssplugin/KTrss.inc.php b/plugins/rssplugin/KTrss.inc.php index fd406c3..1cfb75f 100644 --- a/plugins/rssplugin/KTrss.inc.php +++ b/plugins/rssplugin/KTrss.inc.php @@ -4,7 +4,7 @@ * License Version 1.1.2 ("License"); You may not use this file except in * compliance with the License. You may obtain a copy of the License at * http://www.knowledgetree.com/KPL - * + * * Software distributed under the License is distributed on an "AS IS" * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. * See the License for the specific language governing rights and @@ -15,9 +15,9 @@ * (ii) the KnowledgeTree copyright notice * in the same form as they appear in the distribution. See the License for * requirements. - * + * * The Original Code is: KnowledgeTree Open Source - * + * * The Initial Developer of the Original Code is The Jam Warehouse Software * (Pty) Ltd, trading as KnowledgeTree. * Portions created by The Jam Warehouse Software (Pty) Ltd are Copyright @@ -52,7 +52,7 @@ class KTrss{ $sQuery = "SELECT id, url, title FROM plugin_rss WHERE user_id = ?"; $aParams = array($iUserId); $aFeeds = DBUtil::getResultArray(array($sQuery, $aParams)); - + if (PEAR::isError($aFeeds)) { // XXX: log error return false; @@ -61,7 +61,7 @@ class KTrss{ return $aFeeds; } } - + // Gets full listing of data of documents and folders subscribed to function getInternalFeed($iUserId){ $documents=KTrss::getDocuments($iUserId); @@ -75,13 +75,13 @@ class KTrss{ } return $response; } - + // Get list of document subscriptions function getDocumentList($iUserId){ $sQuery = "SELECT document_id as id FROM document_subscriptions WHERE user_id = ?"; $aParams = array($iUserId); $aDocumentList = DBUtil::getResultArrayKey(array($sQuery, $aParams), 'id'); - + if (PEAR::isError($aDocumentList)) { // XXX: log error return false; @@ -90,13 +90,13 @@ class KTrss{ return $aDocumentList; } } - + // Get list of folder subscriptions function getFolderList($iUserId){ $sQuery = "SELECT folder_id as id, is_tree as tree FROM folder_subscriptions WHERE user_id = ?"; $aParams = array($iUserId); $aFolderList = DBUtil::getResultArray(array($sQuery, $aParams)); - + if (PEAR::isError($aFolderList)) { // XXX: log error return false; @@ -105,14 +105,14 @@ class KTrss{ return $aFolderList; } } - + // Get data for all documents subscribed to function getDocuments($iUserId){ $aDList = KTrss::getDocumentList($iUserId); if($aDList){ foreach($aDList as $document_id){ $document = KTrss::getOneDocument($document_id, $iUserId); - if($document){ + if($document){ $aDocuments[] = $document; } } @@ -125,7 +125,7 @@ class KTrss{ return $aDocuments; } } - + // Get data for all folders subscribed to function getFolders($iUserId){ $aFList = KTrss::getFolderList($iUserId); @@ -139,7 +139,7 @@ class KTrss{ } } } - + if (PEAR::isError($aFolders)) { // XXX: log error return false; @@ -148,13 +148,13 @@ class KTrss{ return $aFolders; } } - + function getChildrenFolderTransactions($iParentFolderId, $depth = '1'){ if($depth == '1'){ $sQuery = "SELECT id from folders WHERE parent_folder_ids LIKE ?"; $aParams = array('%'.$iParentFolderId); }//else - + $aFolderList = DBUtil::getResultArray(array($sQuery, $aParams)); if (PEAR::isError($aFolderList)) { // XXX: log error @@ -162,7 +162,7 @@ class KTrss{ } if ($aFolderList) { foreach($aFolderList as $folderElement){ - $folder_id = $folderElement['id']; + $folder_id = $folderElement['id']; $aFolderTransactions = array_merge($aFolderTransactions, KTrss::getFolderTransactions($folder_id)); } } @@ -170,13 +170,13 @@ class KTrss{ return $aFolderTransactions; } } - + function getChildrenDocumentTransactions($iParentFolderId, $depth = '1'){ if($depth == '1'){ $sQuery = "SELECT id from documents WHERE parent_folder_ids LIKE ? "; $aParams = array('%'.$iParentFolderId); }//else - + $aDocumentList = DBUtil::getResultArray(array($sQuery, $aParams)); if (PEAR::isError($aDocumentList)) { @@ -185,7 +185,7 @@ class KTrss{ } if ($aDocumentList) { foreach($aDocumentList as $documentElement){ - $document_id = $documentElement['id']; + $document_id = $documentElement['id']; $aDocumentTransactions = array_merge($aDocumentTransactions, KTrss::getDocumentTransactions($document_id)); } } @@ -193,19 +193,19 @@ class KTrss{ return $aDocumentTransactions; } } - + // get information on document function getOneDocument($iDocumentId, $iUserId){ $aDData = KTrss::getDocumentData($iUserId, $iDocumentId); $aDTransactions = KTrss::getDocumentTransactions($iDocumentId); if($aDData){ $aDData['itemType'] = 'document'; - + // create mime info $aMimeInfo = KTrss::getMimeTypeInfo($iUserId, $iDocumentId); $aDData['mimeTypeFName'] = $aMimeInfo['typeFName']; $aDData['mimeTypeIcon'] = $aMimeInfo['typeIcon']; - + $aDocument[] = $aDData; $aDocument[] = $aDTransactions; } @@ -216,33 +216,33 @@ class KTrss{ return $aDocument; } } - + // get information for folder function getOneFolder($iFolderId){ $aFData = KTrss::getFolderData($iFolderId); $aFTransactions = array_merge(KTrss::getChildrenFolderTransactions($iFolderId), KTrss::getFolderTransactions($iFolderId)); $aFTransactions = array_merge($aFTransactions, KTrss::getChildrenDocumentTransactions($iFolderId)); - + $code = 'if (strtotime($a[datetime]) == strtotime($b[datetime])){ return 0; } return (strtotime($a[datetime]) > strtotime($b[datetime])) ? -1 : 1;'; - + $compare = create_function('$a,$b', $code); - + usort($aFTransactions, $compare); for($i=0; $i<4; $i++){ $aFTransactions_new[] = $aFTransactions[$i]; } $aFTransactions = $aFTransactions_new; - + if($aFData){ $aFData['itemType'] = 'folder'; - + // create mime info $aFData['mimeTypeFName'] = 'Folder'; $aFData['mimeTypeIcon'] = KTrss::getFolderIcon(); - + $aFolder[] = $aFData; $aFolder[] = $aFTransactions; $aFolderBox[] = $aFolder; @@ -254,7 +254,7 @@ class KTrss{ return $aFolder; } } - + // Takes in an array as a parameter and returns rss2.0 compatible xml function arrayToXML($aItems){ // Build path to host @@ -282,7 +282,7 @@ class KTrss{ $sTypeSelect = 'document.transactionhistory&fDocumentId'; } $feed .= "\n" . - "".$aItems[0][0][name]."\n" . + "".htmlentities($aItems[0][0][name],ENT_QUOTES, 'UTF-8')."\n" . "".$hostPath."action.php?kt_path_info=ktcore.actions.".$sTypeSelect."=".$aItems[0][0]['id']."\n" . "\n" . "<table border='0' width='90%'>\n". @@ -291,14 +291,14 @@ class KTrss{ "<a href='".$hostPath."action.php?kt_path_info=ktcore.actions.".$sTypeSelect."=".$aItems[0][0][id]."' ><img src='".$aItems[0][mimeTypeIcon]."' align='left' height='16px' width='16px' alt='' border='0' /></a>" . "</td>\n". "<td align='left'> ".$aItems[0][mimeTypeFName]."</td>\n". - "</tr>\n". + "</tr>\n". "<tr>\n". "<td colspan='2'>\n". ucfirst($aItems[0]['itemType'])." Information (ID: ".$aItems[0][0][id].")</>\n". "<hr>\n". "<table width='95%'>\n". "<tr>\n". - "<td>Filename: ".$aItems[0][0][filename]."</td>\n". + "<td>Filename: ".str_replace('&','&',htmlentities($aItems[0][0][filename],ENT_QUOTES, 'UTF-8'))."</td>\n". "<td>\n". "</tr>\n". "<tr>\n". @@ -326,11 +326,11 @@ class KTrss{ foreach($aItems[1] as $item){ $feed .= "<tr>\n". "<td>".$item[type]." name:</td>\n". - "<td>".$item[name]."</td>\n". + "<td>".str_replace('&','&',htmlentities($item[name],ENT_QUOTES, 'UTF-8'))."</td>\n". "</tr>\n". "<tr>\n". "<td>Path:</td>\n". - "<td>".$item[fullpath]."</td>\n". + "<td>".str_replace('&','&',htmlentities($item[fullpath],ENT_QUOTES, 'UTF-8'))."</td>\n". "</tr>\n". "<tr>\n". "<td>Transaction:</td>\n". @@ -338,7 +338,7 @@ class KTrss{ "</tr>\n". "<tr>\n". "<td>Comment:</td>\n". - "<td>".$item[comment]."</td>\n". + "<td>".str_replace('&','&',htmlentities($item[comment],ENT_QUOTES, 'UTF-8'))."</td>\n". "</tr>\n". "<tr>\n";if($item[version]){ $feed .= "<td>Version:</td>\n". @@ -354,7 +354,7 @@ class KTrss{ "</tr>\n". "<tr>\n". "<td colspan='2'><hr width='100' align='left'></td>\n". - "</tr>\n";} + "</tr>\n";} $feed .= "</table>\n". "</td>\n". "</tr>\n". @@ -364,10 +364,10 @@ class KTrss{ } $feed .= "\n" . "\n"; - - return $feed; + + return $feed; } - + // Takes in an array as a parameter and returns rss2.0 compatible xml function errorToXML($sError){ // Build path to host @@ -394,21 +394,21 @@ class KTrss{ "\n"; $feed .= "\n" . "\n"; - - return $feed; + + return $feed; } - + // Delete feed function function deleteFeed($iFeedId){ $res = DBUtil::autoDelete('plugin_rss', $iFeedId); } - + // Get title for external feed function getExternalFeedTitle($iFeedId){ $sQuery = "SELECT title FROM plugin_rss WHERE id = ?"; $aParams = array($iFeedId); $sFeedTitle = DBUtil::getOneResultKey(array($sQuery, $aParams), 'title'); - + if (PEAR::isError($sFeedTitle)) { // XXX: log error return false; @@ -417,13 +417,13 @@ class KTrss{ return $sFeedTitle; } } - + // Get url for external feed function getExternalFeedUrl($iFeedId){ $sQuery = "SELECT url FROM plugin_rss WHERE id = ?"; $aParams = array($iFeedId); $sFeedUrl = DBUtil::getOneResultKey(array($sQuery, $aParams), 'url'); - + if (PEAR::isError($sFeedUrl)) { // XXX: log error return false; @@ -432,16 +432,16 @@ class KTrss{ return $sFeedUrl; } } - + // Update external feed data function updateFeed($iFeedId, $sFeedTitle, $sFeedUrl){ $sQuery = "UPDATE plugin_rss SET title=?, url=? WHERE id=?"; $aParams = array($sFeedTitle, $sFeedUrl, $iFeedId); $res = DBUtil::runQuery(array($sQuery, $aParams)); - + return $res; } - + // Create new external feed function createFeed($sFeedTitle, $sFeedUrl, $iUserId){ $aParams = array( @@ -453,59 +453,59 @@ class KTrss{ return $res; } - + // Function to validate that a user has permissions for a specific document function validateDocumentPermissions($iUserId, $iDocumentId){ // check if user id is in session. If not, set it if(!isset($_SESSION["userID"])){ - $_SESSION['userID'] = $iUserId; + $_SESSION['userID'] = $iUserId; } // get document object $oDocument =& Document::get($iDocumentId); if (PEAR::isError($oDocument)) { return false; } - + // check permissions for document if(Permission::userHasDocumentReadPermission($oDocument)){ - return true; + return true; }else{ return false; } } - + // Function to validate that a user has permissions for a specific folder function validateFolderPermissions($iUserId, $iFolderId){ // check if user id is in session. If not, set it if(!isset($_SESSION["userID"])){ - $_SESSION['userID'] = $iUserId; + $_SESSION['userID'] = $iUserId; } // get folder object $oFolder = Folder::get($iFolderId); if (PEAR::isError($oFolder)) { return false; } - + // check permissions for folder if(Permission::userHasFolderReadPermission($oFolder)){ - return true; + return true; }else{ return false; } } - + // get icon link for rss function getRssLinkIcon(){ // built server path global $default; $sHostPath = "http" . ($default->sslEnabled ? "s" : "") . "://".$_SERVER['HTTP_HOST']."/".$GLOBALS['KTRootUrl']."/"; - + // create image $icon = "RSS"; - + return $icon; } - + // get rss link for a document/folder function getRssLink($iItemId, $sItemType){ $item = strToLower($sItemType); @@ -514,34 +514,34 @@ class KTrss{ }else if($item == 'document'){ $sItemParameter = '?docId'; } - + // built server path global $default; $sHostPath = "http" . ($default->sslEnabled ? "s" : "") . "://" . $_SERVER['HTTP_HOST']; - + // build link $sLink = $sHostPath.KTBrowseUtil::buildBaseUrl('rss').$sItemParameter.'='.$iItemId; - + return $sLink; } - + // get rss icon link function getImageLink($iItemId, $sItemType){ return "".KTrss::getRssLinkIcon().""; } - + // get the mime type id for a document function getDocumentMimeTypeId($iUserId, $iDocumentId){ if(!isset($_SESSION["userID"])){ - $_SESSION['userID'] = $iUserId; + $_SESSION['userID'] = $iUserId; } // get document object $oDocument =& Document::get($iDocumentId); - + $docMime = $oDocument->getMimeTypeID(); return $docMime; } - + // get mime information for a document function getMimeTypeInfo($iUserId, $iDocumentId){ global $default; @@ -549,27 +549,27 @@ class KTrss{ $mimeinfo['typeName'] = KTMime::getMimeTypeName($mimeinfo['typeId']); // mime type name $mimeinfo['typeFName'] = KTMime::getFriendlyNameForString($mimeinfo['typeName']); // mime type friendly name $mimeinfo['typeIcon'] = "http" . ($default->sslEnabled ? "s" : "") . "://".$_SERVER['HTTP_HOST']."/".$GLOBALS['KTRootUrl']."/resources/mimetypes/".KTMime::getIconPath($mimeinfo['typeId']).".png"; //icon path - + return $mimeinfo; } - + // get the default folder icon function getFolderIcon(){ global $default; return $mimeinfo['typeIcon'] = "http" . ($default->sslEnabled ? "s" : "") . "://".$_SERVER['HTTP_HOST']."/".$GLOBALS['KTRootUrl']."/thirdparty/icon-theme/16x16/mimetypes/x-directory-normal.png"; //icon path } - + // get a document information function getDocumentData($iUserId, $iDocumentId){ if(!isset($_SESSION["userID"])){ - $_SESSION['userID'] = $iUserId; + $_SESSION['userID'] = $iUserId; } // get document object $oDocument =& Document::get($iDocumentId); - + $cv = $oDocument->getContentVersionId(); $mv = $oDocument->getMetadataVersionId(); - + $sQuery = "SELECT dcv.document_id AS id, dmver.name AS name, dcv.filename AS filename, c.name AS author, o.name AS owner, dtl.name AS type, dwfs.name AS workflow_status " . "FROM documents AS d LEFT JOIN document_content_version AS dcv ON d.id = dcv.document_id " . "LEFT JOIN users AS o ON d.owner_id = o.id " . @@ -582,14 +582,14 @@ class KTrss{ "AND dmver.id = ? " . "AND dcv.id = ? " . "LIMIT 1"; - + $aParams = array($iDocumentId, $mv, $cv); $aDocumentData = DBUtil::getResultArray(array($sQuery, $aParams)); if($aDocumentData){ return $aDocumentData; } } - + // get a folder information function getFolderData($iFolderId){ $sQuery = "SELECT f.id AS id, f.name AS name, f.name AS filename, c.name AS author, o.name AS owner, f.description AS description " . @@ -598,14 +598,14 @@ class KTrss{ "LEFT JOIN users AS c ON f.creator_id = c.id " . "WHERE f.id = ? " . "LIMIT 1"; - + $aParams = array($iFolderId); $aFolderData = DBUtil::getResultArray(array($sQuery, $aParams)); if($aFolderData){ return $aFolderData; } } - + // get a listing of the latest 3 transactions for a document function getDocumentTransactions($iDocumentId){ $sQuery = "SELECT DT.datetime AS datetime, 'Document' AS type, DMV.name, D.full_path AS fullpath, DTT.name AS transaction_name, U.name AS user_name, DT.version AS version, DT.comment AS comment " . @@ -616,14 +616,14 @@ class KTrss{ "WHERE DT.document_id = ? " . "ORDER BY DT.datetime DESC " . "LIMIT 4"; - + $aParams = array($iDocumentId); $aDocumentTransactions = DBUtil::getResultArray(array($sQuery, $aParams)); if($aDocumentTransactions){ return $aDocumentTransactions; } } - + // Get a listing of the latest 3 transactions for a folder function getFolderTransactions($iFolderId){ $sQuery = "SELECT FT.datetime AS datetime, 'Folder' AS type, F.name, F.full_path AS fullpath, DTT.name AS transaction_name, U.name AS user_name, FT.comment AS comment " . @@ -633,7 +633,7 @@ class KTrss{ "WHERE FT.folder_id = ? " . "ORDER BY FT.datetime DESC " . "LIMIT 4"; - + $aParams = array($iFolderId); $aFolderTransactions = DBUtil::getResultArray(array($sQuery, $aParams)); if($iFolderId){ diff --git a/plugins/rssplugin/templates/RSSPlugin/dashlet.smarty b/plugins/rssplugin/templates/RSSPlugin/dashlet.smarty index a0b5a8c..a68f89c 100644 --- a/plugins/rssplugin/templates/RSSPlugin/dashlet.smarty +++ b/plugins/rssplugin/templates/RSSPlugin/dashlet.smarty @@ -9,13 +9,13 @@ {/if} {if $feedlist} {section name=feed loop=$feedlist} - + {/section} {/if} {if ($action.url)}{$action.name}{else}{$action.name}{/if} +{if $action.description}title="{$action.description|sanitize}"{/if} + >{$action.name}{else}{$action.name|sanitize}{/if} {/if} @@ -26,7 +26,7 @@ {section name=i start=0 loop=$itemcount} - + diff --git a/plugins/rssplugin/templates/RSSPlugin/rssdocumentaction.smarty b/plugins/rssplugin/templates/RSSPlugin/rssdocumentaction.smarty index 7ad9273..5a1e588 100644 --- a/plugins/rssplugin/templates/RSSPlugin/rssdocumentaction.smarty +++ b/plugins/rssplugin/templates/RSSPlugin/rssdocumentaction.smarty @@ -1,4 +1,4 @@ -

get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}RSS for Document{/i18n}:
{$context->oDocument->getName()}

+

get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}RSS for Document{/i18n}:
{$context->oDocument->getName()|sanitize}

{i18n}You can copy the following link into any RSS aggregator to create a feed to the selected document.{/i18n} diff --git a/plugins/rssplugin/templates/RSSPlugin/rssfolderaction.smarty b/plugins/rssplugin/templates/RSSPlugin/rssfolderaction.smarty index 057aa18..f7a1b95 100644 --- a/plugins/rssplugin/templates/RSSPlugin/rssfolderaction.smarty +++ b/plugins/rssplugin/templates/RSSPlugin/rssfolderaction.smarty @@ -1,4 +1,4 @@ -

get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}RSS for folder{/i18n}: {$context->oFolder->getName()}

+

get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}RSS for folder{/i18n}: {$context->oFolder->getName()|sanitize}

{i18n}You can copy the following link into any RSS aggregator to create a feed to the selected folder.{/i18n}

{$internalrss.items[i].title}{$internalrss.items[i].title|sanitize}
{$internalrss.items[i].description}
- + - + @@ -20,7 +20,7 @@ - + diff --git a/templates/kt3/fieldsets/generic_versioned.smarty b/templates/kt3/fieldsets/generic_versioned.smarty index ee9e780..6e01767 100644 --- a/templates/kt3/fieldsets/generic_versioned.smarty +++ b/templates/kt3/fieldsets/generic_versioned.smarty @@ -7,20 +7,20 @@
{i18n}Document Filename{/i18n}{$filename|wordwrap:40:"\n":true} ({$context->_sizeHelper($document->getSize())}){$filename|wordwrap:40:"\n":true|sanitize} ({$context->_sizeHelper($document->getSize())})
{i18n}File is a{/i18n} {$context->_mimeHelper($document->getMimeTypeID())}{i18n}Document Version{/i18n} {$document->getMajorVersionNumber()}.{$document->getMinorVersionNumber()}
{i18n}Created by{/i18n} {$creator} ({$creation_date})
-{capture assign="oldval"}{$comparison_title}{/capture} -{capture assign="newval"}{$title}{/capture} +{capture assign="oldval"}{$comparison_title|sanitize}{/capture} +{capture assign="newval"}{$title|sanitize}{/capture} - + - -{capture assign="oldval"}{$comparison_filename} ({$context->_sizeHelper($comparison_document->getSize())}){/capture} -{capture assign="newval"}{$filename} ({$context->_sizeHelper($document->getSize())}){/capture} + +{capture assign="oldval"}{$comparison_filename|sanitize} ({$context->_sizeHelper($comparison_document->getSize())}){/capture} +{capture assign="newval"}{$filename|sanitize} ({$context->_sizeHelper($document->getSize())}){/capture} - + {capture assign="oldval"}{$context->_mimeHelper($comparison_document->getMimeTypeID())}{/capture} @@ -28,17 +28,17 @@ - + - + {capture assign="oldval"}{$comparison_document->getMajorVersionNumber()}.{$comparison_document->getMinorVersionNumber()}{/capture} {capture assign="newval"}{$document->getMajorVersionNumber()}.{$document->getMinorVersionNumber()}{/capture} - + - + @@ -54,15 +54,15 @@ - + {capture assign="oldval"}{$comparison_document_type}{/capture} -{capture assign="newval"}{$document_type}{/capture} +{capture assign="newval"}{$document_type}{/capture} - + {capture assign="oldval"}{if $comparison_workflow_state} @@ -78,7 +78,7 @@ - + diff --git a/templates/kt3/fieldsets/simple.smarty b/templates/kt3/fieldsets/simple.smarty index 2b6a743..6a1c265 100644 --- a/templates/kt3/fieldsets/simple.smarty +++ b/templates/kt3/fieldsets/simple.smarty @@ -3,16 +3,16 @@

{$description}

- +
{i18n}Document Title{/i18n} {$newval}{$oldval}{$oldval}
{i18n}Document Filename{/i18n} {$newval}{$oldval}{$oldval}
{i18n}File is a{/i18n} {$newval}{$oldval}{$oldval}
{i18n}Document Version{/i18n} {$newval}{$oldval}{$oldval}
{i18n}Created by{/i18n} {$creator} ({$creation_date}) ({i18n}this cannot change between versions{/i18n})
{i18n}Last update by{/i18n} {$newval}{$oldval}{$oldval}
{i18n}Document Type{/i18n} {$newval}{$oldval}{$oldval}
{i18n}Workflow status{/i18n} {$newval}{$oldval}{$oldval}
{foreach item=aFieldPair from=$fieldset_values name=fields} - {/foreach}
{$aFieldPair.field->getName()}{if ($aFieldPair.value !== null)}{$aFieldPair.value} + {if ($aFieldPair.value !== null)}{$aFieldPair.value|sanitize} {else}{i18n}no value{/i18n}{/if}
- +
diff --git a/templates/kt3/fieldsets/simple_versioned.smarty b/templates/kt3/fieldsets/simple_versioned.smarty index 0a39a0d..a5076b4 100644 --- a/templates/kt3/fieldsets/simple_versioned.smarty +++ b/templates/kt3/fieldsets/simple_versioned.smarty @@ -7,17 +7,17 @@ {i18n arg_name=$name}This is the data assigned to the #name# aspect of this document.{/i18n}

- + {foreach item=aFieldPair from=$fieldset_values name=fields} + {if ($aFieldPair.previous_value !== null)}{$aFieldPair.previous_value|sanitize} + {else}{i18n}no value in this version{/i18n}{/if} {/foreach}
{$aFieldPair.field->getName()} - {if ($aFieldPair.current_value !== null)}{$aFieldPair.current_value} + {if ($aFieldPair.current_value !== null)}{$aFieldPair.current_value|sanitize} {else}{i18n}no value in this version{/i18n}{/if} - {if ($aFieldPair.previous_value !== null)}{$aFieldPair.previous_value} - {else}{i18n}no value in this version{/i18n}{/if}
diff --git a/templates/kt3/minimal_page.smarty b/templates/kt3/minimal_page.smarty index 1d65a83..394b631 100644 --- a/templates/kt3/minimal_page.smarty +++ b/templates/kt3/minimal_page.smarty @@ -3,12 +3,12 @@ {$page->title} | {$page->systemName} - + {foreach item=sResourceURL from=$page->getCSSResources()} {/foreach} - + {foreach item=sCSS from=$page->getCSSStandalone()} + @@ -25,7 +25,7 @@ {foreach from=$breadcrumbs item=breadcrumb name=bc} -{$breadcrumb.name} +{$breadcrumb.name|sanitize} {if !$smarty.foreach.bc.last} » {/if} diff --git a/templates/ktcore/forms/widgets/fieldset.smarty b/templates/ktcore/forms/widgets/fieldset.smarty index 0512e90..3ba353e 100644 --- a/templates/ktcore/forms/widgets/fieldset.smarty +++ b/templates/ktcore/forms/widgets/fieldset.smarty @@ -1,6 +1,6 @@
{if $label}{$label}{/if} - {if $description}

{$description}

{/if} - + {if $description}

{$description|sanitize}

{/if} + {$widgets}
diff --git a/templates/ktcore/forms/widgets/hidden.smarty b/templates/ktcore/forms/widgets/hidden.smarty index bdee3db..a170f56 100644 --- a/templates/ktcore/forms/widgets/hidden.smarty +++ b/templates/ktcore/forms/widgets/hidden.smarty @@ -1 +1 @@ - + diff --git a/templates/ktcore/forms/widgets/password.smarty b/templates/ktcore/forms/widgets/password.smarty index 56d56e5..cfb4c04 100644 --- a/templates/ktcore/forms/widgets/password.smarty +++ b/templates/ktcore/forms/widgets/password.smarty @@ -1,9 +1,9 @@ - + {if ($context->bConfirm)}

{$context->sConfirmDescription}

- - + + {/if} diff --git a/templates/ktcore/forms/widgets/string.smarty b/templates/ktcore/forms/widgets/string.smarty index 8bad37a..1de962c 100644 --- a/templates/ktcore/forms/widgets/string.smarty +++ b/templates/ktcore/forms/widgets/string.smarty @@ -1 +1 @@ - + diff --git a/templates/ktcore/forms/widgets/text.smarty b/templates/ktcore/forms/widgets/text.smarty index b269a64..8dc69cd 100644 --- a/templates/ktcore/forms/widgets/text.smarty +++ b/templates/ktcore/forms/widgets/text.smarty @@ -2,4 +2,4 @@ {if $has_id} id="{$id}"{/if} {if $options.rows} rows="{$options.rows}"{else} rows="7"{/if} {if $options.cols} cols="{$options.cols}"{else} cols="45"{/if} - >{if $has_value}{$value}{/if} + >{if $has_value}{$value|sanitize_input}{/if} diff --git a/templates/ktcore/login.smarty b/templates/ktcore/login.smarty index aabb741..2295a6e 100644 --- a/templates/ktcore/login.smarty +++ b/templates/ktcore/login.smarty @@ -3,12 +3,12 @@ {i18n arg_appname="$appname"}Login | #appname#{/i18n} - + - - + + @@ -30,13 +30,13 @@ {if ($errorMessage == null)}

{i18n}Please enter your details below to login.{/i18n}

{else} -
{$errorMessage}
+
{$errorMessage|sanitize}
{/if} - +