Peter M. Groen / knowledgetree

Commit 30da8bf78d3a3c02a9f455a8725694e45a61a29a

Authored by conradverm
1 parent 84e027e8

KTS-2178 

"cross site scripting"
Updated.

Reviewed By: Kevin Fourie

git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@6950 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 5 changed files with 16 additions and 16 deletions
templates/ktcore/document/metadata_history.smarty
  View file @30da8bf
1 -<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Document Version History{/i18n}:<br />{$document->getName()}</h2> 1 +<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Document Version History{/i18n}:<br />{$document->getName()|sanitize}</h2>
2 2
3 <p class="descriptiveText">{i18n}This page lists versions of document metadata and allows you to compare a metadata version with the current metadata content.{/i18n}</p> 3 <p class="descriptiveText">{i18n}This page lists versions of document metadata and allows you to compare a metadata version with the current metadata content.{/i18n}</p>
4 4
@@ -27,9 +27,9 @@ @@ -27,9 +27,9 @@
27 {if ($document->getMetadataVersion() == $oVersion->getMetadataVersion())} 27 {if ($document->getMetadataVersion() == $oVersion->getMetadataVersion())}
28 <strong>{i18n}current version{/i18n}</strong> 28 <strong>{i18n}current version{/i18n}</strong>
29 {else} 29 {else}
30 - <a href="{addQS}action=viewComparison&fDocumentId={$document->getId()}&fBaseVersion={$oVersion->getMetadataVersionId()}&fComparisonVersion={$oVersion->getCurrentMetadataVersionId()}{/addQS}">{i18n}compare with current{/i18n}</a></td> 30 + <a href="{addQS}action=viewComparison&fDocumentId={$document->getId()}&fBaseVersion={$oVersion->getMetadataVersionId()}&fComparisonVersion={$oVersion->getCurrentMetadataVersionId()}{/addQS}">{i18n}compare with current{/i18n}</a></td>
31 {/if} 31 {/if}
32 - </td> 32 + </td>
33 <td> 33 <td>
34 {if (count($versions) == 1)} 34 {if (count($versions) == 1)}
35 &mdash; 35 &mdash;
@@ -41,5 +41,5 @@ @@ -41,5 +41,5 @@
41 </tr> 41 </tr>
42 {/foreach} 42 {/foreach}
43 </tbody> 43 </tbody>
44 - 44 +
45 </table> 45 </table>
templates/ktcore/document/ownershipchangeaction.smarty
  View file @30da8bf
1 -<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Change Ownership{/i18n}:<br />{$context->oDocument->getName()}</h2> 1 +<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Change Ownership{/i18n}:<br />{$context->oDocument->getName()|sanitize}</h2>
2 2
3 {$form->render()} 3 {$form->render()}
templates/ktcore/document/resolved_permissions_user.smarty
  View file @30da8bf
1 -<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Resolved permissions per user{/i18n}:<br />{$context->oDocument->getName()}</h2> 1 +<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Resolved permissions per user{/i18n}:<br />{$context->oDocument->getName()|sanitize}</h2>
2 2
3 <p class="descriptiveText">{i18n}This page shows the permissions that 3 <p class="descriptiveText">{i18n}This page shows the permissions that
4 individual users have on this document. Only the users which have permissions 4 individual users have on this document. Only the users which have permissions
5 -assigned are shown.{/i18n}</p> 5 +assigned are shown.{/i18n}</p>
6 6
7 <p class="descriptiveText">{i18n}Users may have permissions on this 7 <p class="descriptiveText">{i18n}Users may have permissions on this
8 document due to membership of a group, or fulfilling a specific role on 8 document due to membership of a group, or fulfilling a specific role on
9 -this document.{/i18n}</p> 9 +this document.{/i18n}</p>
10 10
11 {if (empty($users)) } 11 {if (empty($users)) }
12 <div class="ktInfoMessage"><span>{i18n}No users have permissions on this item.{/i18n}</span></div> 12 <div class="ktInfoMessage"><span>{i18n}No users have permissions on this item.{/i18n}</span></div>
templates/ktcore/document/transaction_history.smarty
  View file @30da8bf
1 -<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Document Transaction History{/i18n}:<br />{$document->getName()}</h2> 1 +<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Document Transaction History{/i18n}:<br />{$document->getName()|sanitize}</h2>
2 2
3 <p class="descriptiveText">{i18n}This page provides details of all activities that have been carried out on the document.{/i18n}</p> 3 <p class="descriptiveText">{i18n}This page provides details of all activities that have been carried out on the document.{/i18n}</p>
4 4
@@ -20,10 +20,10 @@ @@ -20,10 +20,10 @@
20 <td class="username">{$aTransactionRow.user_name}</td> 20 <td class="username">{$aTransactionRow.user_name}</td>
21 <td class="action">{i18n}{$aTransactionRow.transaction_name}{/i18n}</td> 21 <td class="action">{i18n}{$aTransactionRow.transaction_name}{/i18n}</td>
22 <td class="date">{$aTransactionRow.datetime}</td> 22 <td class="date">{$aTransactionRow.datetime}</td>
23 - <td class="contentversion">{$aTransactionRow.version}</td>  
24 - <td class="comment">{$aTransactionRow.comment}</td> 23 + <td class="contentversion">{$aTransactionRow.version}</td>
  24 + <td class="comment">{$aTransactionRow.comment|sanitize}</td>
25 </tr> 25 </tr>
26 {/foreach} 26 {/foreach}
27 </tbody> 27 </tbody>
28 - 28 +
29 </table> 29 </table>
templates/ktcore/document/view.smarty
  View file @30da8bf
1 -<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Document Details{/i18n}:<br />{$context->oDocument->getName()}</h2> 1 +<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Document Details{/i18n}:<br />{$context->oDocument->getName()|sanitize}</h2>
2 2
3 {if ($document->getIsCheckedOut() == 1)} 3 {if ($document->getIsCheckedOut() == 1)}
4 {capture assign=checkout_user}<strong>{$sCheckoutUser}</strong>{/capture} 4 {capture assign=checkout_user}<strong>{$sCheckoutUser}</strong>{/capture}
@@ -9,18 +9,18 @@ @@ -9,18 +9,18 @@
9 {else} 9 {else}
10 {if ($canCheckin)} 10 {if ($canCheckin)}
11 <div class="ktInfoMessage"> 11 <div class="ktInfoMessage">
12 -<span>{i18n arg_checkoutuser=$checkout_user}This document is currently checked out by #checkoutuser#, but you 12 +<span>{i18n arg_checkoutuser=$checkout_user}This document is currently checked out by #checkoutuser#, but you
13 have sufficient priviledges to cancel their checkout.{/i18n}</span> 13 have sufficient priviledges to cancel their checkout.{/i18n}</span>
14 </div> 14 </div>
15 {else} 15 {else}
16 <div class="ktInfoMessage"> 16 <div class="ktInfoMessage">
17 - <span>{i18n arg_checkoutuser=$checkout_user arg_appname="$appname"}This document is currently checked out by #checkoutuser#. You cannot make 17 + <span>{i18n arg_checkoutuser=$checkout_user arg_appname="$appname"}This document is currently checked out by #checkoutuser#. You cannot make
18 changes until that user checks it in. If you have urgent modifications to make, please 18 changes until that user checks it in. If you have urgent modifications to make, please
19 contact your #appname# Administrator.{/i18n}</span> 19 contact your #appname# Administrator.{/i18n}</span>
20 </div> 20 </div>
21 {/if} 21 {/if}
22 {/if} 22 {/if}
23 -{/if} 23 +{/if}
24 24
25 {if ($document->getImmutable() == true)} 25 {if ($document->getImmutable() == true)}
26 <div class="ktInfoMessage"> 26 <div class="ktInfoMessage">