From 2f89017c6a69a46936e7637ff32d2f5d55ed2f94 Mon Sep 17 00:00:00 2001
From: megan_w <megan_w@c91229c3-7414-0410-bfa2-8a42b809f60b>
Date: Mon, 14 Jan 2008 10:13:27 +0000
Subject: [PATCH] KTS-2831 "CLONE -End line characters in discussions and disclaimers being displayed as html tags (SUP-546)" Fixed. Removed the calls to sanitiseForSQL before inserting into the database.

---
 lib/discussions/DiscussionComment.inc                           | 30 +++++++++++++++---------------
 plugins/ktstandard/KTDisclaimers.php                            | 42 +++++++++++++++++++++---------------------
 plugins/ktstandard/KTDiscussion.php                             | 76 +++++++++++++++++++++++++++++++++++++---------------------------------------
 sql/mysql/upgrade/3.4.6/remove_backslashes.sql                  |  6 +++++-
 templates/ktstandard/action/discussion_comment_list_item.smarty |  4 ++--
 5 files changed, 80 insertions(+), 78 deletions(-)

diff --git a/lib/discussions/DiscussionComment.inc b/lib/discussions/DiscussionComment.inc
index 334e7e6..455aef7 100644
--- a/lib/discussions/DiscussionComment.inc
+++ b/lib/discussions/DiscussionComment.inc
@@ -7,38 +7,38 @@
  * KnowledgeTree Open Source Edition
  * Document Management Made Simple
  * Copyright (C) 2004 - 2007 The Jam Warehouse Software (Pty) Limited
- * 
+ *
  * This program is free software; you can redistribute it and/or modify it under
  * the terms of the GNU General Public License version 3 as published by the
  * Free Software Foundation.
- * 
+ *
  * This program is distributed in the hope that it will be useful, but WITHOUT
  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  * FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
  * details.
- * 
+ *
  * You should have received a copy of the GNU General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- * 
+ *
  * You can contact The Jam Warehouse Software (Pty) Limited, Unit 1, Tramber Place,
  * Blake Street, Observatory, 7925 South Africa. or email info@knowledgetree.com.
- * 
+ *
  * The interactive user interfaces in modified source and object code versions
  * of this program must display Appropriate Legal Notices, as required under
  * Section 5 of the GNU General Public License version 3.
- * 
+ *
  * In accordance with Section 7(b) of the GNU General Public License version 3,
  * these Appropriate Legal Notices must retain the display of the "Powered by
- * KnowledgeTree" logo and retain the original copyright notice. If the display of the 
+ * KnowledgeTree" logo and retain the original copyright notice. If the display of the
  * logo is not reasonably feasible for technical reasons, the Appropriate Legal Notices
- * must display the words "Powered by KnowledgeTree" and retain the original 
- * copyright notice. 
+ * must display the words "Powered by KnowledgeTree" and retain the original
+ * copyright notice.
  * Contributor( s): ______________________________________
  */
 
 class DiscussionComment extends KTEntity {
     var $_bUsePearError = true;
-    
+
     var $iThreadId;
     var $iUserId;
     var $sSubject;
@@ -66,12 +66,12 @@ class DiscussionComment extends KTEntity {
 
     function getThreadId(){ return $this->iThreadId; }
     function setThreadId($iThreadId){ $this->iThreadId = $iThreadId; }
-    function getUserId(){ return $this->iUserId; } 
+    function getUserId(){ return $this->iUserId; }
     function setUserId($iNewUserId){ $this->iUserId = $iNewUserId; }
-    function getSubject(){ return sanitizeForSQLtoHTML($this->sSubject); }
-    function setSubject($sNewSubject){ $this->sSubject = sanitizeForSQL($sNewSubject); }
-    function getBody(){ return sanitizeForSQLtoHTML($this->sBody); }
-    function setBody($sNewBody){ $this->sBody = sanitizeForSQL($sNewBody); }
+    function getSubject(){ return $this->sSubject; }
+    function setSubject($sNewSubject){ $this->sSubject = $sNewSubject; }
+    function getBody(){ return $this->sBody; }
+    function setBody($sNewBody){ $this->sBody = $sNewBody; }
     function getDate(){ return $this->dDate; }
     function getInReplyTo(){ return $this->iInReplyTo; }
     function setInReplyTo($sNewCommentId){ $this->iInReplyTo = $sNewCommentId; }
diff --git a/plugins/ktstandard/KTDisclaimers.php b/plugins/ktstandard/KTDisclaimers.php
index 2d66b26..8b364eb 100644
--- a/plugins/ktstandard/KTDisclaimers.php
+++ b/plugins/ktstandard/KTDisclaimers.php
@@ -5,32 +5,32 @@
  * KnowledgeTree Open Source Edition
  * Document Management Made Simple
  * Copyright (C) 2004 - 2007 The Jam Warehouse Software (Pty) Limited
- * 
+ *
  * This program is free software; you can redistribute it and/or modify it under
  * the terms of the GNU General Public License version 3 as published by the
  * Free Software Foundation.
- * 
+ *
  * This program is distributed in the hope that it will be useful, but WITHOUT
  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  * FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
  * details.
- * 
+ *
  * You should have received a copy of the GNU General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- * 
+ *
  * You can contact The Jam Warehouse Software (Pty) Limited, Unit 1, Tramber Place,
  * Blake Street, Observatory, 7925 South Africa. or email info@knowledgetree.com.
- * 
+ *
  * The interactive user interfaces in modified source and object code versions
  * of this program must display Appropriate Legal Notices, as required under
  * Section 5 of the GNU General Public License version 3.
- * 
+ *
  * In accordance with Section 7(b) of the GNU General Public License version 3,
  * these Appropriate Legal Notices must retain the display of the "Powered by
- * KnowledgeTree" logo and retain the original copyright notice. If the display of the 
+ * KnowledgeTree" logo and retain the original copyright notice. If the display of the
  * logo is not reasonably feasible for technical reasons, the Appropriate Legal Notices
- * must display the words "Powered by KnowledgeTree" and retain the original 
- * copyright notice. 
+ * must display the words "Powered by KnowledgeTree" and retain the original
+ * copyright notice.
  * Contributor( s): ______________________________________
  *
  */
@@ -50,7 +50,7 @@ class KTDisclaimersPlugin extends KTPlugin {
         $res = parent::KTPlugin($sFilename);
         $this->sFriendlyName = _kt('Disclaimers Plugin');
         return $res;
-    }        
+    }
 
     function setup() {
 	$this->setupAdmin();
@@ -67,25 +67,25 @@ class KTDisclaimersPlugin extends KTPlugin {
     }
 
     function getDisclaimer($sLocation) {
-	$sDisclaimer = false;
+    	$sDisclaimer = false;
+
+    	if($this->isRegistered()) {
+    	    $aHelp = KTHelp::getHelpInfo($sLocation);
 
-	if($this->isRegistered()) {
-	    $aHelp = KTHelp::getHelpInfo($sLocation);
-	    
-	    if(!PEAR::isError($aHelp) && strlen(trim($aHelp['body']))) {
-		$sDisclaimer = $aHelp['body'];
-	    }
-	}
+    	    if(!PEAR::isError($aHelp) && strlen(trim($aHelp['body']))) {
+    	        $sDisclaimer = str_replace(array('\r','\n'), array('<br>','<br>'), $aHelp['body']);
+    	    }
+    	}
 
-	return $sDisclaimer;
+	   return $sDisclaimer;
     }
 
     function getPageDisclaimer() {
-	return $this->getDisclaimer($this->aDisclaimers['page']['path']);
+	   return $this->getDisclaimer($this->aDisclaimers['page']['path']);
     }
 
     function getLoginDisclaimer() {
-	return $this->getDisclaimer($this->aDisclaimers['login']['path']);
+	   return $this->getDisclaimer($this->aDisclaimers['login']['path']);
     }
 
 }
diff --git a/plugins/ktstandard/KTDiscussion.php b/plugins/ktstandard/KTDiscussion.php
index 75ffb52..b9b36f4 100644
--- a/plugins/ktstandard/KTDiscussion.php
+++ b/plugins/ktstandard/KTDiscussion.php
@@ -5,32 +5,32 @@
  * KnowledgeTree Open Source Edition
  * Document Management Made Simple
  * Copyright (C) 2004 - 2007 The Jam Warehouse Software (Pty) Limited
- * 
+ *
  * This program is free software; you can redistribute it and/or modify it under
  * the terms of the GNU General Public License version 3 as published by the
  * Free Software Foundation.
- * 
+ *
  * This program is distributed in the hope that it will be useful, but WITHOUT
  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  * FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
  * details.
- * 
+ *
  * You should have received a copy of the GNU General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- * 
+ *
  * You can contact The Jam Warehouse Software (Pty) Limited, Unit 1, Tramber Place,
  * Blake Street, Observatory, 7925 South Africa. or email info@knowledgetree.com.
- * 
+ *
  * The interactive user interfaces in modified source and object code versions
  * of this program must display Appropriate Legal Notices, as required under
  * Section 5 of the GNU General Public License version 3.
- * 
+ *
  * In accordance with Section 7(b) of the GNU General Public License version 3,
  * these Appropriate Legal Notices must retain the display of the "Powered by
- * KnowledgeTree" logo and retain the original copyright notice. If the display of the 
+ * KnowledgeTree" logo and retain the original copyright notice. If the display of the
  * logo is not reasonably feasible for technical reasons, the Appropriate Legal Notices
- * must display the words "Powered by KnowledgeTree" and retain the original 
- * copyright notice. 
+ * must display the words "Powered by KnowledgeTree" and retain the original
+ * copyright notice.
  * Contributor( s): ______________________________________
  *
  */
@@ -136,12 +136,12 @@ class KTDocumentDiscussionAction extends KTDocumentAction {
         $fields[] = new KTStringWidget(_kt("Subject"), _kt("The topic of discussion in this thread"), "subject", "", $this->oPage, true);
         $fields[] = new KTTextWidget(_kt("Body"), _kt("Your contribution to the discussion in this thread"), "body", "", $this->oPage, true, null, null, array("cols" => 50, "rows" => 10));
 
-	$bIncludeClosed = KTUtil::arrayGet($_REQUEST, 'fIncludeClosed', false);
+    	$bIncludeClosed = KTUtil::arrayGet($_REQUEST, 'fIncludeClosed', false);
 
-	$sQuery = sprintf('document_id = %d', $this->oDocument->getId());
-	if(!$bIncludeClosed) {
-	    $sQuery .= sprintf(' AND state != %d', DISCUSSION_CLOSED);
-	}
+    	$sQuery = sprintf('document_id = %d', $this->oDocument->getId());
+    	if(!$bIncludeClosed) {
+    	    $sQuery .= sprintf(' AND state != %d', DISCUSSION_CLOSED);
+    	}
 
         $threads = DiscussionThread::getList($sQuery);
         $sQuery2 = sprintf('document_id = %d AND state = %d', $this->oDocument->getId(), DISCUSSION_CLOSED);
@@ -183,8 +183,8 @@ class KTDocumentDiscussionAction extends KTDocumentAction {
         $oComment = DiscussionComment::createFromArray(array(
             'threadid' => $oThread->getId(),
             'userid' => $this->oUser->getId(),
-            'subject' => sanitizeForSQL($sSubject),
-            'body' => sanitizeForSQL(KTUtil::formatPlainText($sBody)),
+            'subject' => $sSubject,
+            'body' => KTUtil::formatPlainText($sBody),
         ));
         $aErrorOptions['message'] = _kt("There was an error adding the comment to the thread");
         $this->oValidator->notError($oComment, $aErrorOptions);
@@ -315,8 +315,8 @@ class KTDocumentDiscussionAction extends KTDocumentAction {
         $oComment = DiscussionComment::createFromArray(array(
             'threadid' => $oThread->getId(),
             'userid' => $this->oUser->getId(),
-            'subject' => sanitizeForSQL($sSubject),
-            'body' => sanitizeForSQL(KTUtil::formatPlainText($sBody)),
+            'subject' => $sSubject,
+            'body' => KTUtil::formatPlainText($sBody),
         ));
         $aErrorOptions['message'] = _kt("There was an error adding the comment to the thread");
         $this->oValidator->notError($oComment, $aErrorOptions);
@@ -378,7 +378,7 @@ class KTDocumentDiscussionAction extends KTDocumentAction {
         );
 
         $oPermission =& KTPermission::getByName('ktcore.permissions.workflow');
-	$sRedirectTo = implode('&', $aErrorOptions['redirect_to']);
+	    $sRedirectTo = implode('&', $aErrorOptions['redirect_to']);
 
         if (PEAR::isError($oPermission)) {
             $this->errorRedirectTo($sRedirectTo, _kt("Error getting permission"));
@@ -389,30 +389,30 @@ class KTDocumentDiscussionAction extends KTDocumentAction {
 	    exit(0);
         }
 
-	$iStateId = KTUtil::arrayGet($_REQUEST, 'state');
-	if(!in_array($iStateId, $this->aTransitions[$oThread->getState()])) {
-	    $this->errorRedirectTo($sRedirectTo, _kt("Invalid transition"));
-	    exit(0);
-	}
+    	$iStateId = KTUtil::arrayGet($_REQUEST, 'state');
+    	if(!in_array($iStateId, $this->aTransitions[$oThread->getState()])) {
+    	    $this->errorRedirectTo($sRedirectTo, _kt("Invalid transition"));
+    	    exit(0);
+    	}
 
-	$aErrorOptions['message'] = _kt("No reason provided");
-	$sReason = sanitizeForSQL($this->oValidator->validateString(KTUtil::arrayGet($_REQUEST, 'reason'), $aErrorOptions));
+    	$aErrorOptions['message'] = _kt("No reason provided");
+    	$sReason = $this->oValidator->validateString(KTUtil::arrayGet($_REQUEST, 'reason'), $aErrorOptions);
 
-	if($iStateId > $oThread->getState()) {
-	    $sTransactionNamespace = 'ktcore.transactions.collaboration_step_approve';
-	} else {
-	    $sTransactionNamespace = 'ktcore.transactions.collaboration_step_rollback';
-	}
+    	if($iStateId > $oThread->getState()) {
+    	    $sTransactionNamespace = 'ktcore.transactions.collaboration_step_approve';
+    	} else {
+    	    $sTransactionNamespace = 'ktcore.transactions.collaboration_step_rollback';
+    	}
 
         // Start the transaction comment creation
         $this->startTransaction();
 
         $oThread->setState($iStateId);
-	if($iStateId == DISCUSSION_CLOSED) {
-	    $oThread->setCloseMetadataVersion($this->oDocument->getMetadataVersion());
-	} else if($iStateId == DISCUSSION_CONCLUSION) {
-	    $oThread->setCloseReason($sReason);
-	}
+    	if($iStateId == DISCUSSION_CLOSED) {
+    	    $oThread->setCloseMetadataVersion($this->oDocument->getMetadataVersion());
+    	} else if($iStateId == DISCUSSION_CONCLUSION) {
+    	    $oThread->setCloseReason($sReason);
+    	}
 
         $oDocumentTransaction = new DocumentTransaction($this->oDocument, $sReason, $sTransactionNamespace);
         $oDocumentTransaction->create();
@@ -429,9 +429,6 @@ class KTDocumentDiscussionAction extends KTDocumentAction {
         exit(0);
     }
 
-
-
-
     function &_buildStates(&$oThread) {
 	$iCurState = $oThread->getState();
 	$aTransitions = $this->aTransitions[$iCurState];
@@ -450,3 +447,4 @@ class KTDocumentDiscussionAction extends KTDocumentAction {
 
 
 }
+?>
\ No newline at end of file
diff --git a/sql/mysql/upgrade/3.4.6/remove_backslashes.sql b/sql/mysql/upgrade/3.4.6/remove_backslashes.sql
index 9b5ed45..721ea20 100644
--- a/sql/mysql/upgrade/3.4.6/remove_backslashes.sql
+++ b/sql/mysql/upgrade/3.4.6/remove_backslashes.sql
@@ -12,4 +12,8 @@ SET name = replace(replace(replace(name, '\\\\', '\\'), '\\\"', '\"'), '\\\'', '
 
 UPDATE folders
 SET name = replace(replace(replace(name, '\\\\', '\\'), '\\\"', '\"'), '\\\'', '\''),
- description = replace(replace(replace(description, '\\\\', '\\'), '\\\"', '\"'), '\\\'', '\'');
\ No newline at end of file
+ description = replace(replace(replace(description, '\\\\', '\\'), '\\\"', '\"'), '\\\'', '\'');
+
+UPDATE discussion_comments
+SET subject = replace(replace(replace(subject, '\\\\', '\\'), '\\\"', '\"'), '\\\'', '\''),
+ body = replace(replace(replace(body, '\\\\', '\\'), '\\\"', '\"'), '\\\'', '\'');
\ No newline at end of file
diff --git a/templates/ktstandard/action/discussion_comment_list_item.smarty b/templates/ktstandard/action/discussion_comment_list_item.smarty
index 385c19b..696eaa9 100644
--- a/templates/ktstandard/action/discussion_comment_list_item.smarty
+++ b/templates/ktstandard/action/discussion_comment_list_item.smarty
@@ -7,14 +7,14 @@
 {/if}
 
   <dt>
-    <span class="subject">{$comment->getSubject()|sanitize_input}</span>
+    <span class="subject">{$comment->getSubject()}</span>
     by
     <span class="author">{$creator->getName()}</span>
     <span class="date">({$comment->getDate()})</span>
 
   </dt>
 
-  <dd>{$comment->getBody()|sanitize_input}</dd>
+  <dd>{$comment->getBody()}</dd>
 
 </dl>
 
--
libgit2 0.21.4