diff --git a/lib/validation/dispatchervalidation.inc.php b/lib/validation/dispatchervalidation.inc.php
index e15f3c3..7f169f0 100644
--- a/lib/validation/dispatchervalidation.inc.php
+++ b/lib/validation/dispatchervalidation.inc.php
@@ -292,6 +292,29 @@ class KTDispatcherValidation {
}
return $sEmailAddress;
}
+
+
+ /* assuming something has a 'getList' static method, this may work */
+ function validateDuplicateName($sEntityTypeName, $sHumanEntityTypeName, $sName, $aOptions) {
+ $aMethod = array($sEntityTypeName, 'getList');
+
+ $aList =& call_user_func($aMethod, "name = '$sName'");
+ if(count($aList)) {
+ $aOptions['message'] = KTUtil::arrayGet($aOptions, 'message', _("A $sHumanEntityTypeName with that name already exists"));
+ $this->handleError($aOptions);
+ }
+ return $sName;
+ }
+
+ /* just does an empty string validation with an appropriate message, and then a duplicate name validation */
+ function validateEntityName($sEntityTypeName, $sHumanEntityTypeName, $sName, $aOptions) {
+ $aNewOptions = $aOptions;
+ $aNewOptions['message'] = KTUtil::arrayGet($aOptions, 'message', _("No name was given for the $sHumanEntityTypeName"));
+
+ $this->validateString($sName, $aNewOptions);
+ $this->validateDuplicateName($sEntityTypeName, $sHumanEntityTypeName, $sName, $aOptions);
+ }
+
}
diff --git a/plugins/ktcore/KTDocumentActions.php b/plugins/ktcore/KTDocumentActions.php
index 520de7a..20148df 100644
--- a/plugins/ktcore/KTDocumentActions.php
+++ b/plugins/ktcore/KTDocumentActions.php
@@ -89,9 +89,14 @@ class KTDocumentCheckOutAction extends KTDocumentAction {
}
function do_checkout() {
- $sReason = KTUtil::arrayGet($_REQUEST, 'reason');
- $this->oValidator->notEmpty($sReason);
+ $aErrorOptions = array(
+ 'redirect_to' => array('','fDocumentId=' . $this->oDocument->getId()),
+ 'message' => "You must provide a reason"
+ );
+
$oTemplate =& $this->oValidator->validateTemplate('ktcore/action/checkout_final');
+ $sReason = $this->oValidator->validateString(KTUtil::arrayGet($_REQUEST, 'reason'), $aErrorOptions);
+
$oTemplate->setData(array(
'context' => &$this,
'reason' => $sReason,
@@ -623,7 +628,11 @@ class KTDocumentWorkflowAction extends KTDocumentAction {
}
$fieldOptions = array("vocab" => $aVocab);
$transition_fields[] = new KTLookupWidget(_('Transition to perform'), 'FIXME', 'fTransitionId', null, $this->oPage, true, null, $fieldErrors, $fieldOptions);
- $transition_fields[] = new KTStringWidget(_('Reason for transition'), _('Describe the changes made to the document.'), 'fComments', "", $this->oPage, true);
+ $transition_fields[] = new KTTextWidget(
+ _('Reason for transition'), _('Describe the changes made to the document.'),
+ 'fComments', "",
+ $this->oPage, true, null, null,
+ array('cols' => 80, 'rows' => 4));
}
$aTemplateData = array(
'oDocument' => $oDocument,
@@ -650,8 +659,15 @@ class KTDocumentWorkflowAction extends KTDocumentAction {
function do_performTransition() {
$oDocument =& $this->oValidator->validateDocument($_REQUEST['fDocumentId']);
- $oTransition =& $this->oValidator->validateWorkflowTransition($_REQUEST['fTransitionId']);
- $sComments =& $this->oValidator->notEmpty($_REQUEST['fComments']);
+ $oTransition =& $this->oValidator->validateWorkflowTransition($_REQUEST['fTransitionId']);
+
+ $aErrorOptions = array(
+ 'redirect_to' => array('main', sprintf('fDocumentId=%d', $_REQUEST['fDocumentId'])),
+ 'message' => 'You must provide a reason for the transition'
+ );
+
+ $sComments =& $this->oValidator->validateString($_REQUEST['fComments'], $aErrorOptions);
+
$oUser =& User::get($_SESSION['userID']);
$res = KTWorkflowUtil::performTransitionOnDocument($oTransition, $oDocument, $oUser, $sComments);
$this->successRedirectToMain(_('Transition performed'),
diff --git a/plugins/ktcore/admin/documentFields.php b/plugins/ktcore/admin/documentFields.php
index afa9aa5..c6820db 100755
--- a/plugins/ktcore/admin/documentFields.php
+++ b/plugins/ktcore/admin/documentFields.php
@@ -106,6 +106,10 @@ class KTDocumentFieldDispatcher extends KTStandardDispatcher {
// {{{ do_new
function do_new() {
+ $aErrorOptions = array(
+ 'redirect_to' => array('main'),
+ );
+
$bIsGeneric = false;
$bIsSystem = false;
@@ -118,14 +122,19 @@ class KTDocumentFieldDispatcher extends KTStandardDispatcher {
// Can't be a system fieldset and a generic fieldset...
$bIsGeneric = false;
}
- $sName = KTUtil::arrayGet($_REQUEST, 'name');
- $sName = $this->oValidator->notEmpty($sName);
+
+ // basic validation
+ $sName = $this->oValidator->validateEntityName("KTFieldset", "fieldset", KTUtil::arrayGet($_REQUEST, 'name'), $aErrorOptions);
+
+ $sDescription = $this->oValidator->validateString(KTUtil::arrayGet($_REQUEST, 'description'),
+ KTUtil::meldOptions($aErrorOptions, array('message' => "You must provide a description")));
+
$sNamespace = KTUtil::arrayGet($_REQUEST, 'namespace');
- $sDescription = KTUtil::arrayGet($_REQUEST, 'description');
- $sDescription = $this->oValidator->notEmpty($sDescription);
+
if (empty($sNamespace)) {
$sNamespace = KTUtil::nameToLocalNamespace('fieldsets', $sName);
}
+
$res = KTFieldset::createFromArray(array(
'name' => $sName,
'namespace' => $sNamespace,
@@ -207,6 +216,7 @@ class KTDocumentFieldDispatcher extends KTStandardDispatcher {
function do_editFieldObject() {
$oTemplating =& KTTemplating::getSingleton();
$oTemplate =& $oTemplating->loadTemplate('ktcore/metadata/editField');
+
$oFieldset =& KTFieldset::get($_REQUEST['fFieldsetId']);
$oField =& DocumentField::get($_REQUEST['fFieldId']);
diff --git a/plugins/ktcore/admin/documentTypes.php b/plugins/ktcore/admin/documentTypes.php
index c229fd5..53786aa 100755
--- a/plugins/ktcore/admin/documentTypes.php
+++ b/plugins/ktcore/admin/documentTypes.php
@@ -32,13 +32,12 @@ class KTDocumentTypeDispatcher extends KTAdminDispatcher {
}
function do_new() {
+ $sName = $this->oValidator->validateEntityName('DocumentType', 'document type', $_REQUEST['name'], array("redirect_to" => array("main")));
-
-
- $sName = $_REQUEST['name'];
$oDocumentType =& DocumentType::createFromArray(array(
'name' => $sName,
));
+
if (PEAR::isError($oDocumentType)) {
$this->errorRedirectToMain(_('Could not create document type'));
exit(0);
@@ -85,7 +84,7 @@ class KTDocumentTypeDispatcher extends KTAdminDispatcher {
$aOptions['vocab'] = $vocab;
$aOptions['multi'] = true;
$aOptions['size'] = 5;
- $availableTypesWidget =& new KTLookupWidget(_('Available Fieldsets'),_('Select the fieldsets which you wish to associate with this document type'), 'fieldsetid', null, $this->oPage, true,
+ $availableTypesWidget =& new KTLookupWidget(_('Available Fieldsets'),_('Select the fieldsets which you wish to associate with this document type'), 'fieldsetid[]', null, $this->oPage, true,
null, null, $aOptions);
$this->aBreadcrumbs[] = array(
@@ -102,9 +101,16 @@ class KTDocumentTypeDispatcher extends KTAdminDispatcher {
return $oTemplate;
}
- function do_editobject() {
- $oDocumentType =& DocumentType::get($_REQUEST['fDocumentTypeId']);
- $oDocumentType->setName($_REQUEST['name']);
+ function do_editobject() {
+ $iDocumentTypeId = (int)$_REQUEST['fDocumentTypeId'];
+ $oDocumentType =& DocumentType::get($iDocumentTypeId);
+
+ $aErrorOptions = array(
+ 'redirect_to' => array('edit', sprintf('fDocumentTypeId=%d', $iDocumentTypeId)),
+ );
+
+ $sName = $this->oValidator->validateEntityName('DocumentType', 'document type', $_REQUEST['name'], $aErrorOptions);
+
$res = $oDocumentType->update();
if (PEAR::isError($res) || ($res === false)) {
$this->errorRedirectTo('edit', _('Could not save document type changes'), 'fDocumentTypeId=' . $oDocumentType->getId());
@@ -128,7 +134,14 @@ class KTDocumentTypeDispatcher extends KTAdminDispatcher {
function do_addfieldsets() {
$oDocumentType =& DocumentType::get($_REQUEST['fDocumentTypeId']);
- $res = KTMetadataUtil::addSetsToDocumentType($oDocumentType, $_REQUEST['fieldsetid']);
+ $aFieldsetId = $_REQUEST['fieldsetid'];
+
+ if(!count($aFieldsetId)) {
+ $this->errorRedirectTo('edit', _('You must select at least one fieldset'), 'fDocumentTypeId=' . $oDocumentType->getId());
+ exit(0);
+ }
+
+ $res = KTMetadataUtil::addSetsToDocumentType($oDocumentType, $aFieldsetId);
if (PEAR::isError($res)) {
var_dump($res);
$this->errorRedirectTo('edit', _('Changes not saved'), 'fDocumentTypeId=' . $oDocumentType->getId());
diff --git a/plugins/ktcore/admin/userManagement.php b/plugins/ktcore/admin/userManagement.php
index 001f648..90c6ef5 100755
--- a/plugins/ktcore/admin/userManagement.php
+++ b/plugins/ktcore/admin/userManagement.php
@@ -285,14 +285,33 @@ class KTUserAdminDispatcher extends KTAdminDispatcher {
function do_saveUser() {
$user_id = KTUtil::arrayGet($_REQUEST, 'user_id');
+
+ $aErrorOptions = array(
+ 'redirect_to' => array('editUser', sprintf('user_id=%d', $user_id))
+ );
+
+ $name = $this->oValidator->validateString(
+ KTUtil::arrayGet($_REQUEST, 'name'),
+ KTUtil::meldOptions($aErrorOptions, array('message' => _("You must provide a name")))
+ );
+
+ $username = $this->oValidator->validateString(
+ KTUtil::arrayGet($_REQUEST, 'username'),
+ KTUtil::meldOptions($aErrorOptions, array('message' => _("You must provide a username")))
+ );
- $name = KTUtil::arrayGet($_REQUEST, 'name');
- $username = KTUtil::arrayGet($_REQUEST, 'username');
$email_address = KTUtil::arrayGet($_REQUEST, 'email_address');
+ if(strlen(trim($email_address))) {
+ $email_address = $this->oValidator->validateEmailAddress($email_address, $aErrorOptions);
+ }
+
$email_notifications = KTUtil::arrayGet($_REQUEST, 'email_notifications', false);
if ($email_notifications !== false) $email_notifications = true;
+
$mobile_number = KTUtil::arrayGet($_REQUEST, 'mobile_number');
+
$max_sessions = KTUtil::arrayGet($_REQUEST, 'max_sessions', '3');
+
// FIXME more validation would be useful.
// validated and ready..
$this->startTransaction();
diff --git a/plugins/ktcore/admin/workflows.php b/plugins/ktcore/admin/workflows.php
index d630dd7..2b19a00 100755
--- a/plugins/ktcore/admin/workflows.php
+++ b/plugins/ktcore/admin/workflows.php
@@ -68,7 +68,7 @@ class KTWorkflowDispatcher extends KTAdminDispatcher {
$add_transition_fields = array();
- $add_transition_fields[] = new KTStringWidget(_('Name'), _('A human-readable name for the state.'), 'fName', null, $this->oPage, true);
+ $add_transition_fields[] = new KTStringWidget(_('Name'), _('A human-readable name for the transition.'), 'fName', null, $this->oPage, true);
$aOptions = array();
$vocab = array();
foreach($aStates as $state) {
@@ -113,21 +113,29 @@ class KTWorkflowDispatcher extends KTAdminDispatcher {
// {{{ do_saveWorkflow
function do_saveWorkflow() {
$oWorkflow =& $this->oValidator->validateWorkflow($_REQUEST['fWorkflowId']);
+
$aOptions = array(
'redirect_to' => array('editWorkflow', 'fWorkflowId=' . $oWorkflow->getId()),
);
- $oWorkflow->setName($_REQUEST['fName']);
- $oWorkflow->setHumanName($_REQUEST['fName']);
+
+ $sName = $this->oValidator->validateString($_REQUEST['fName'], $aOptions);
+
+ $oWorkflow->setName($sName);
+ $oWorkflow->setHumanName($sName);
+
if (!empty($_REQUEST['fStartStateId'])) {
$oWorkflow->setStartStateId($_REQUEST['fStartStateId']);
} else {
$oWorkflow->setStartStateId(null);
}
+
$res = $oWorkflow->update();
+
$this->oValidator->notErrorFalse($res, array(
'redirect_to' => array('editWorkflow', 'fWorkflowId=' . $oWorkflow->getId()),
'message' => _('Error saving workflow'),
));
+
$this->successRedirectTo('editWorkflow', _('Changes saved'), 'fWorkflowId=' . $oWorkflow->getId());
exit(0);
}
@@ -137,11 +145,16 @@ class KTWorkflowDispatcher extends KTAdminDispatcher {
function do_newWorkflow() {
$aErrorOptions = array(
'redirect_to' => array('main'),
- 'message' => 'No name given',
);
+
$sName = KTUtil::arrayGet($_REQUEST, 'fName');
- $sName = $this->oValidator->validateString($sName,
- $aErrorOptions);
+ $sName = $this->oValidator->validateEntityName('KTWorkflow', 'workflow', $sName, $aErrorOptions);
+
+
+/* if(!PEAR::isError(KTWorkflow::getByName($sName))) {
+ $this->errorRedirectToMain(_("A state with that name already exists"));
+ }*/
+
$res = KTWorkflow::createFromArray(array(
'name' => $sName,
'humanname' => $sName,
@@ -174,16 +187,34 @@ class KTWorkflowDispatcher extends KTAdminDispatcher {
//
// {{{ do_newState
function do_newState() {
- $oWorkflow =& $this->oValidator->validateWorkflow($_REQUEST['fWorkflowId']);
+ $iWorkflowId = (int) $_REQUEST['fWorkflowId'];
+
+ $aErrorOptions = array(
+ 'redirect_to' => array('editWorkflow', sprintf('fWorkflowId=%d', $iWorkflowId)),
+ );
+
+ $oWorkflow =& $this->oValidator->validateWorkflow($iWorkflowId);
+
+ // validate name
+ $sName = $this->oValidator->validateString($_REQUEST['fName'], $aErrorOptions);
+
+ // check there are no other states by that name in this workflow
+ $aStates = KTWorkflowState::getList(sprintf("workflow_id = %d and name = '%s'", $iWorkflowId, $sName));
+ if(count($aStates)) {
+ $this->errorRedirectTo(implode('&', $aErrorOptions['redirect_to']), _("A state by that name already exists"));
+ }
+
$oState = KTWorkflowState::createFromArray(array(
'workflowid' => $oWorkflow->getId(),
- 'name' => $_REQUEST['fName'],
- 'humanname' => $_REQUEST['fName'],
+ 'name' => $sName,
+ 'humanname' => $sName,
));
+
$this->oValidator->notError($oState, array(
'redirect_to' => array('editWorkflow', 'fWorkflowId=' . $oWorkflow->getId()),
'message' => _('Could not create workflow state'),
));
+
$this->successRedirectTo('editState', _('Workflow state created'), 'fWorkflowId=' . $oWorkflow->getId() . '&fStateId=' . $oState->getId());
exit(0);
}
@@ -326,9 +357,28 @@ class KTWorkflowDispatcher extends KTAdminDispatcher {
function do_newTransition() {
$oWorkflow =& $this->oValidator->validateWorkflow($_REQUEST['fWorkflowId']);
$oState =& $this->oValidator->validateWorkflowState($_REQUEST['fTargetStateId']);
+
+ // setup error options for later
+ $aErrorOptions = array(
+ 'redirect_to' => array('editWorkflow', sprintf('fWorkflowId=%d', $oWorkflow->getId())),
+ );
+
$iPermissionId = KTUtil::arrayGet($_REQUEST, 'fPermissionId');
$iGroupId = KTUtil::arrayGet($_REQUEST, 'fGroupId');
$iRoleId = KTUtil::arrayGet($_REQUEST, 'fRoleId');
+
+ // validate name
+ $sName = $this->oValidator->validateString(KTUtil::arrayGet($_REQUEST, 'fName'), $aErrorOptions);
+
+
+ // check there are no other transitions by that name in this workflow
+ $aTransitions = KTWorkflowTransition::getList(sprintf("workflow_id = %d and name = '%s'", $oWorkflow->getId(), $sName));
+ if(count($aTransitions)) {
+ $this->errorRedirectTo(implode('&', $aErrorOptions['redirect_to']), _("A transition by that name already exists"));
+ }
+
+
+ // validate permissions, roles, and group
if ($iPermissionId) {
$this->oValidator->validatePermission($_REQUEST['fPermissionId']);
}
@@ -338,6 +388,7 @@ class KTWorkflowDispatcher extends KTAdminDispatcher {
if ($iRoleId) {
$this->oValidator->validateRole($_REQUEST['fRoleId']);
}
+
$res = KTWorkflowTransition::createFromArray(array(
'workflowid' => $oWorkflow->getId(),
'name' => $_REQUEST['fName'],
diff --git a/preferences.php b/preferences.php
index faddf99..b5c33c8 100644
--- a/preferences.php
+++ b/preferences.php
@@ -72,9 +72,9 @@ class PreferencesDispatcher extends KTStandardDispatcher {
$confirm_password = KTUtil::arrayGet($_REQUEST, 'confirm_password');
if (empty($password)) {
- $this->errorRedirectToMain(_("You must specify a password for the user."));
+ $this->errorRedirect("setPassword", _("You must specify a password."));
} else if ($password !== $confirm_password) {
- $this->errorRedirectToMain(_("The passwords you specified do not match."));
+ $this->errorRedirect("setPassword", _("The passwords you specified do not match."));
}
$KTConfig =& KTConfig::getSingleton();
diff --git a/templates/ktcore/principals/password.smarty b/templates/ktcore/principals/password.smarty
index bd3a3f5..5c5e4dd 100644
--- a/templates/ktcore/principals/password.smarty
+++ b/templates/ktcore/principals/password.smarty
@@ -14,8 +14,10 @@
diff --git a/templates/ktcore/workflow/editWorkflow.smarty b/templates/ktcore/workflow/editWorkflow.smarty
index 2f12065..6271915 100644
--- a/templates/ktcore/workflow/editWorkflow.smarty
+++ b/templates/ktcore/workflow/editWorkflow.smarty
@@ -52,6 +52,8 @@ title="State {$oState->getId()}">{$oState->getName()|escape}
+{* check that there are states, and, if not, don't show transitions *}
+{if $aStates}
{i18n}Transitions{/i18n}
@@ -87,6 +89,7 @@ title="Transition {$oTransition->getId()}">{$oTransition->getName()|escape}<
{/if}
+{/if}