Peter M. Groen / knowledgetree

Commit 1701a2c760ad8afc0794f0d7f1bb4e1b421775e0

Authored by conradverm
1 parent 86c6ac67

KTS-2178 

"cross site scripting"
Implemented.

Reviewed By: Kevin Fourie

git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@6986 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 1 changed file with 17 additions and 17 deletions
plugins/tagcloud/TagCloudRedirectPage.php
  View file @1701a2c
... ... @@ -4,7 +4,7 @@
4 4 * License Version 1.1.2 ("License"); You may not use this file except in
5 5 * compliance with the License. You may obtain a copy of the License at
6 6 * http://www.knowledgetree.com/KPL
7   - *
  7 + *
8 8 * Software distributed under the License is distributed on an "AS IS"
9 9 * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied.
10 10 * See the License for the specific language governing rights and
... ... @@ -15,9 +15,9 @@
15 15 * (ii) the KnowledgeTree copyright notice
16 16 * in the same form as they appear in the distribution. See the License for
17 17 * requirements.
18   - *
  18 + *
19 19 * The Original Code is: KnowledgeTree Open Source
20   - *
  20 + *
21 21 * The Initial Developer of the Original Code is The Jam Warehouse Software
22 22 * (Pty) Ltd, trading as KnowledgeTree.
23 23 * Portions created by The Jam Warehouse Software (Pty) Ltd are Copyright
... ... @@ -26,7 +26,7 @@
26 26 * Contributor( s): ______________________________________
27 27 *
28 28 */
29   -
  29 +
30 30 require_once(KT_LIB_DIR . '/plugins/plugin.inc.php');
31 31 require_once(KT_LIB_DIR . '/plugins/pluginregistry.inc.php');
32 32 require_once(KT_LIB_DIR . '/templating/templating.inc.php');
... ... @@ -55,12 +55,12 @@ class TagCloudRedirectPage extends KTStandardDispatcher {
55 55 $searchable_text = KTUtil::arrayGet($_REQUEST, 'tag');
56 56 // set breadcrumbs
57 57 $this->aBreadcrumbs[] = array('url' => 'dashboard.php', 'name' => _kt('Dashboard'));
58   - $this->aBreadcrumbs[] = array('url' => $_SERVER['PHP_SELF'].'&tag='.$searchable_text, 'name' => _kt('Tag Cloud Search'));
  58 + $this->aBreadcrumbs[] = array('url' => $_SERVER['PHP_SELF'].'&tag='.htmlentities($searchable_text,ENT_QUOTES,'UTF-8'), 'name' => _kt('Tag Cloud Search'));
59 59 // set page title
60 60 $sTitle = _kt('Search Results');
61   -
62   - $this->oPage->setBreadcrumbDetails($sTitle);
63   -
  61 +
  62 + $this->oPage->setBreadcrumbDetails($sTitle);
  63 +
64 64 // build criteria set
65 65 $aCriteriaSet = array(
66 66 'join'=>'AND',
... ... @@ -79,17 +79,17 @@ class TagCloudRedirectPage extends KTStandardDispatcher {
79 79 )
80 80 )
81 81 );
82   -
83   -
  82 +
  83 +
84 84 $this->browseType = 'Folder';
85 85 $sSearch = md5(serialize($aCriteriaSet));
86 86 $_SESSION['boolean_search'][$sSearch] = $aCriteriaSet;
87 87  
88   - $collection = new AdvancedCollection;
  88 + $collection = new AdvancedCollection;
89 89 $oColumnRegistry = KTColumnRegistry::getSingleton();
90 90 $aColumns = $oColumnRegistry->getColumnsForView('ktcore.views.search');
91   - $collection->addColumns($aColumns);
92   -
  91 + $collection->addColumns($aColumns);
  92 +
93 93 // set a view option
94 94 $aTitleOptions = array(
95 95 'documenturl' => $GLOBALS['KTRootUrl'] . '/view.php',
... ... @@ -100,13 +100,13 @@ class TagCloudRedirectPage extends KTStandardDispatcher {
100 100 'show_folders' => true,
101 101 'show_documents' => true,
102 102 ));
103   -
  103 +
104 104 $aOptions = $collection->getEnvironOptions(); // extract data from the environment
105   -
  105 +
106 106 $aOptions['return_url'] = KTUtil::addQueryString('dashboard.php', false);
107 107 $aOptions['empty_message'] = _kt('No documents or folders match this query.');
108 108 $aOptions['is_browse'] = true;
109   -
  109 +
110 110 $collection->setOptions($aOptions);
111 111 $collection->setQueryObject(new BooleanSearchQuery($aCriteriaSet));
112 112  
... ... @@ -125,7 +125,7 @@ class TagCloudRedirectPage extends KTStandardDispatcher {
125 125  
126 126 );
127 127 return $oTemplate->render($aTemplateData);
128   -
  128 +
129 129 }
130 130 }
131 131 ?>
... ...