KTS-2831

"CLONE -End line characters in discussions and disclaimers being displayed as html tags (SUP-546)" Fixed. Removed the calls to sanitiseForSQL before inserting into the database. Committed by: Megan Watson Reviewed by: Conrad Vermeulen git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@7909 c91229c3-7414-0410-bfa2-8a42b809f60b

KTS-2831
"CLONE -End line characters in discussions and disclaimers being displayed as html tags (SUP-546)" Fixed. Removed the calls to sanitiseForSQL before inserting into the database. Committed by: Megan Watson Reviewed by: Conrad Vermeulen git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@7909 c91229c3-7414-0410-bfa2-8a42b809f60b
megan_w
1 parent 7f3a45fc
Showing 5 changed files with 80 additions and 78 deletions
lib/discussions/DiscussionComment.inc
plugins/ktstandard/KTDisclaimers.php
plugins/ktstandard/KTDiscussion.php
sql/mysql/upgrade/3.4.6/remove_backslashes.sql
templates/ktstandard/action/discussion_comment_list_item.smarty
@@ -7,38 +7,38 @@
  * KnowledgeTree Open Source Edition
  * Document Management Made Simple
  * Copyright (C) 2004 - 2007 The Jam Warehouse Software (Pty) Limited
- * 
+ *
  * This program is free software; you can redistribute it and/or modify it under
  * the terms of the GNU General Public License version 3 as published by the
  * Free Software Foundation.
- * 
+ *
  * This program is distributed in the hope that it will be useful, but WITHOUT
  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  * FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
  * details.
- * 
+ *
  * You should have received a copy of the GNU General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- * 
+ *
  * You can contact The Jam Warehouse Software (Pty) Limited, Unit 1, Tramber Place,
  * Blake Street, Observatory, 7925 South Africa. or email info@knowledgetree.com.
- * 
+ *
  * The interactive user interfaces in modified source and object code versions
  * of this program must display Appropriate Legal Notices, as required under
  * Section 5 of the GNU General Public License version 3.
- * 
+ *
  * In accordance with Section 7(b) of the GNU General Public License version 3,
  * these Appropriate Legal Notices must retain the display of the "Powered by
- * KnowledgeTree" logo and retain the original copyright notice. If the display of the 
+ * KnowledgeTree" logo and retain the original copyright notice. If the display of the
  * logo is not reasonably feasible for technical reasons, the Appropriate Legal Notices
- * must display the words "Powered by KnowledgeTree" and retain the original 
- * copyright notice. 
+ * must display the words "Powered by KnowledgeTree" and retain the original
+ * copyright notice.
  * Contributor( s): ______________________________________
  */
  
 class DiscussionComment extends KTEntity {
     var $_bUsePearError = true;
-    
+
     var $iThreadId;
     var $iUserId;
     var $sSubject;
@@ -66,12 +66,12 @@ class DiscussionComment extends KTEntity {
  
     function getThreadId(){ return $this->iThreadId; }
     function setThreadId($iThreadId){ $this->iThreadId = $iThreadId; }
-    function getUserId(){ return $this->iUserId; } 
+    function getUserId(){ return $this->iUserId; }
     function setUserId($iNewUserId){ $this->iUserId = $iNewUserId; }
-    function getSubject(){ return sanitizeForSQLtoHTML($this->sSubject); }
-    function setSubject($sNewSubject){ $this->sSubject = sanitizeForSQL($sNewSubject); }
-    function getBody(){ return sanitizeForSQLtoHTML($this->sBody); }
-    function setBody($sNewBody){ $this->sBody = sanitizeForSQL($sNewBody); }
+    function getSubject(){ return $this->sSubject; }
+    function setSubject($sNewSubject){ $this->sSubject = $sNewSubject; }
+    function getBody(){ return $this->sBody; }
+    function setBody($sNewBody){ $this->sBody = $sNewBody; }
     function getDate(){ return $this->dDate; }
     function getInReplyTo(){ return $this->iInReplyTo; }
     function setInReplyTo($sNewCommentId){ $this->iInReplyTo = $sNewCommentId; }
@@ -5,32 +5,32 @@
  * KnowledgeTree Open Source Edition
  * Document Management Made Simple
  * Copyright (C) 2004 - 2007 The Jam Warehouse Software (Pty) Limited
- * 
+ *
  * This program is free software; you can redistribute it and/or modify it under
  * the terms of the GNU General Public License version 3 as published by the
  * Free Software Foundation.
- * 
+ *
  * This program is distributed in the hope that it will be useful, but WITHOUT
  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  * FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
  * details.
- * 
+ *
  * You should have received a copy of the GNU General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- * 
+ *
  * You can contact The Jam Warehouse Software (Pty) Limited, Unit 1, Tramber Place,
  * Blake Street, Observatory, 7925 South Africa. or email info@knowledgetree.com.
- * 
+ *
  * The interactive user interfaces in modified source and object code versions
  * of this program must display Appropriate Legal Notices, as required under
  * Section 5 of the GNU General Public License version 3.
- * 
+ *
  * In accordance with Section 7(b) of the GNU General Public License version 3,
  * these Appropriate Legal Notices must retain the display of the "Powered by
- * KnowledgeTree" logo and retain the original copyright notice. If the display of the 
+ * KnowledgeTree" logo and retain the original copyright notice. If the display of the
  * logo is not reasonably feasible for technical reasons, the Appropriate Legal Notices
- * must display the words "Powered by KnowledgeTree" and retain the original 
- * copyright notice. 
+ * must display the words "Powered by KnowledgeTree" and retain the original
+ * copyright notice.
  * Contributor( s): ______________________________________
  *
  */
@@ -50,7 +50,7 @@ class KTDisclaimersPlugin extends KTPlugin {
         $res = parent::KTPlugin($sFilename);
         $this->sFriendlyName = _kt('Disclaimers Plugin');
         return $res;
-    }        
+    }
  
     function setup() {
 	$this->setupAdmin();
@@ -67,25 +67,25 @@ class KTDisclaimersPlugin extends KTPlugin {
     }
  
     function getDisclaimer($sLocation) {
-	$sDisclaimer = false;
+    	$sDisclaimer = false;
+
+    	if($this->isRegistered()) {
+    	    $aHelp = KTHelp::getHelpInfo($sLocation);
  
-	if($this->isRegistered()) {
-	    $aHelp = KTHelp::getHelpInfo($sLocation);
-	    
-	    if(!PEAR::isError($aHelp) && strlen(trim($aHelp['body']))) {
-		$sDisclaimer = $aHelp['body'];
-	    }
-	}
+    	    if(!PEAR::isError($aHelp) && strlen(trim($aHelp['body']))) {
+    	        $sDisclaimer = str_replace(array('\r','\n'), array('<br>','<br>'), $aHelp['body']);
+    	    }
+    	}
  
-	return $sDisclaimer;
+	   return $sDisclaimer;
     }
  
     function getPageDisclaimer() {
-	return $this->getDisclaimer($this->aDisclaimers['page']['path']);
+	   return $this->getDisclaimer($this->aDisclaimers['page']['path']);
     }
  
     function getLoginDisclaimer() {
-	return $this->getDisclaimer($this->aDisclaimers['login']['path']);
+	   return $this->getDisclaimer($this->aDisclaimers['login']['path']);
     }
  
 }
@@ -5,32 +5,32 @@
  * KnowledgeTree Open Source Edition
  * Document Management Made Simple
  * Copyright (C) 2004 - 2007 The Jam Warehouse Software (Pty) Limited
- * 
+ *
  * This program is free software; you can redistribute it and/or modify it under
  * the terms of the GNU General Public License version 3 as published by the
  * Free Software Foundation.
- * 
+ *
  * This program is distributed in the hope that it will be useful, but WITHOUT
  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  * FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
  * details.
- * 
+ *
  * You should have received a copy of the GNU General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- * 
+ *
  * You can contact The Jam Warehouse Software (Pty) Limited, Unit 1, Tramber Place,
  * Blake Street, Observatory, 7925 South Africa. or email info@knowledgetree.com.
- * 
+ *
  * The interactive user interfaces in modified source and object code versions
  * of this program must display Appropriate Legal Notices, as required under
  * Section 5 of the GNU General Public License version 3.
- * 
+ *
  * In accordance with Section 7(b) of the GNU General Public License version 3,
  * these Appropriate Legal Notices must retain the display of the "Powered by
- * KnowledgeTree" logo and retain the original copyright notice. If the display of the 
+ * KnowledgeTree" logo and retain the original copyright notice. If the display of the
  * logo is not reasonably feasible for technical reasons, the Appropriate Legal Notices
- * must display the words "Powered by KnowledgeTree" and retain the original 
- * copyright notice. 
+ * must display the words "Powered by KnowledgeTree" and retain the original
+ * copyright notice.
  * Contributor( s): ______________________________________
  *
  */
@@ -136,12 +136,12 @@ class KTDocumentDiscussionAction extends KTDocumentAction {
         $fields[] = new KTStringWidget(_kt("Subject"), _kt("The topic of discussion in this thread"), "subject", "", $this->oPage, true);
         $fields[] = new KTTextWidget(_kt("Body"), _kt("Your contribution to the discussion in this thread"), "body", "", $this->oPage, true, null, null, array("cols" => 50, "rows" => 10));
  
-	$bIncludeClosed = KTUtil::arrayGet($_REQUEST, 'fIncludeClosed', false);
+    	$bIncludeClosed = KTUtil::arrayGet($_REQUEST, 'fIncludeClosed', false);
  
-	$sQuery = sprintf('document_id = %d', $this->oDocument->getId());
-	if(!$bIncludeClosed) {
-	    $sQuery .= sprintf(' AND state != %d', DISCUSSION_CLOSED);
-	}
+    	$sQuery = sprintf('document_id = %d', $this->oDocument->getId());
+    	if(!$bIncludeClosed) {
+    	    $sQuery .= sprintf(' AND state != %d', DISCUSSION_CLOSED);
+    	}
  
         $threads = DiscussionThread::getList($sQuery);
         $sQuery2 = sprintf('document_id = %d AND state = %d', $this->oDocument->getId(), DISCUSSION_CLOSED);
@@ -183,8 +183,8 @@ class KTDocumentDiscussionAction extends KTDocumentAction {
         $oComment = DiscussionComment::createFromArray(array(
             'threadid' => $oThread->getId(),
             'userid' => $this->oUser->getId(),
-            'subject' => sanitizeForSQL($sSubject),
-            'body' => sanitizeForSQL(KTUtil::formatPlainText($sBody)),
+            'subject' => $sSubject,
+            'body' => KTUtil::formatPlainText($sBody),
         ));
         $aErrorOptions['message'] = _kt("There was an error adding the comment to the thread");
         $this->oValidator->notError($oComment, $aErrorOptions);
@@ -315,8 +315,8 @@ class KTDocumentDiscussionAction extends KTDocumentAction {
         $oComment = DiscussionComment::createFromArray(array(
             'threadid' => $oThread->getId(),
             'userid' => $this->oUser->getId(),
-            'subject' => sanitizeForSQL($sSubject),
-            'body' => sanitizeForSQL(KTUtil::formatPlainText($sBody)),
+            'subject' => $sSubject,
+            'body' => KTUtil::formatPlainText($sBody),
         ));
         $aErrorOptions['message'] = _kt("There was an error adding the comment to the thread");
         $this->oValidator->notError($oComment, $aErrorOptions);
@@ -378,7 +378,7 @@ class KTDocumentDiscussionAction extends KTDocumentAction {
         );
  
         $oPermission =& KTPermission::getByName('ktcore.permissions.workflow');
-	$sRedirectTo = implode('&', $aErrorOptions['redirect_to']);
+	    $sRedirectTo = implode('&', $aErrorOptions['redirect_to']);
  
         if (PEAR::isError($oPermission)) {
             $this->errorRedirectTo($sRedirectTo, _kt("Error getting permission"));
@@ -389,30 +389,30 @@ class KTDocumentDiscussionAction extends KTDocumentAction {
 	    exit(0);
         }
  
-	$iStateId = KTUtil::arrayGet($_REQUEST, 'state');
-	if(!in_array($iStateId, $this->aTransitions[$oThread->getState()])) {
-	    $this->errorRedirectTo($sRedirectTo, _kt("Invalid transition"));
-	    exit(0);
-	}
+    	$iStateId = KTUtil::arrayGet($_REQUEST, 'state');
+    	if(!in_array($iStateId, $this->aTransitions[$oThread->getState()])) {
+    	    $this->errorRedirectTo($sRedirectTo, _kt("Invalid transition"));
+    	    exit(0);
+    	}
  
-	$aErrorOptions['message'] = _kt("No reason provided");
-	$sReason = sanitizeForSQL($this->oValidator->validateString(KTUtil::arrayGet($_REQUEST, 'reason'), $aErrorOptions));
+    	$aErrorOptions['message'] = _kt("No reason provided");
+    	$sReason = $this->oValidator->validateString(KTUtil::arrayGet($_REQUEST, 'reason'), $aErrorOptions);
  
-	if($iStateId > $oThread->getState()) {
-	    $sTransactionNamespace = 'ktcore.transactions.collaboration_step_approve';
-	} else {
-	    $sTransactionNamespace = 'ktcore.transactions.collaboration_step_rollback';
-	}
+    	if($iStateId > $oThread->getState()) {
+    	    $sTransactionNamespace = 'ktcore.transactions.collaboration_step_approve';
+    	} else {
+    	    $sTransactionNamespace = 'ktcore.transactions.collaboration_step_rollback';
+    	}
  
         // Start the transaction comment creation
         $this->startTransaction();
  
         $oThread->setState($iStateId);
-	if($iStateId == DISCUSSION_CLOSED) {
-	    $oThread->setCloseMetadataVersion($this->oDocument->getMetadataVersion());
-	} else if($iStateId == DISCUSSION_CONCLUSION) {
-	    $oThread->setCloseReason($sReason);
-	}
+    	if($iStateId == DISCUSSION_CLOSED) {
+    	    $oThread->setCloseMetadataVersion($this->oDocument->getMetadataVersion());
+    	} else if($iStateId == DISCUSSION_CONCLUSION) {
+    	    $oThread->setCloseReason($sReason);
+    	}
  
         $oDocumentTransaction = new DocumentTransaction($this->oDocument, $sReason, $sTransactionNamespace);
         $oDocumentTransaction->create();
@@ -429,9 +429,6 @@ class KTDocumentDiscussionAction extends KTDocumentAction {
         exit(0);
     }
  
-
-
-
     function &_buildStates(&$oThread) {
 	$iCurState = $oThread->getState();
 	$aTransitions = $this->aTransitions[$iCurState];
@@ -450,3 +447,4 @@ class KTDocumentDiscussionAction extends KTDocumentAction {
  
  
 }
+?>
 \ No newline at end of file
@@ -12,4 +12,8 @@ SET name = replace(replace(replace(name, &#39;\\\\&#39;, &#39;\\&#39;), &#39;\\\&quot;&#39;, &#39;\&quot;&#39;), &#39;\\\&#39;&#39;, &#39;
  
 UPDATE folders
 SET name = replace(replace(replace(name, '\\\\', '\\'), '\\\"', '\"'), '\\\'', '\''),
- description = replace(replace(replace(description, '\\\\', '\\'), '\\\"', '\"'), '\\\'', '\'');
 \ No newline at end of file
+ description = replace(replace(replace(description, '\\\\', '\\'), '\\\"', '\"'), '\\\'', '\'');
+
+UPDATE discussion_comments
+SET subject = replace(replace(replace(subject, '\\\\', '\\'), '\\\"', '\"'), '\\\'', '\''),
+ body = replace(replace(replace(body, '\\\\', '\\'), '\\\"', '\"'), '\\\'', '\'');
 \ No newline at end of file
@@ -7,14 +7,14 @@
 {/if}
  
   <dt>
-    <span class="subject">{$comment->getSubject()|sanitize_input}</span>
+    <span class="subject">{$comment->getSubject()}</span>
     by
     <span class="author">{$creator->getName()}</span>
     <span class="date">({$comment->getDate()})</span>
  
   </dt>
  
-  <dd>{$comment->getBody()|sanitize_input}</dd>
+  <dd>{$comment->getBody()}</dd>
  
 </dl>