Commit 411f335b7ee9e328173cd637ff59d112845fd69e
1 parent
cb24ceb8
Added check on illegal characters in folder name
git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@775 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
1 changed file
with
42 additions
and
26 deletions
presentation/lookAndFeel/knowledgeTree/foldermanagement/addFolderBL.php
| ... | ... | @@ -42,41 +42,57 @@ if (checkSession()) { |
| 42 | 42 | } else { |
| 43 | 43 | //have a folder name to store |
| 44 | 44 | if (Permission::userHasFolderWritePermission($fFolderID)) { |
| 45 | - if (Folder::folderExistsName($fFolderName, $fFolderID)) { | |
| 46 | - require_once("$default->owl_fs_root/presentation/webpageTemplate.inc"); | |
| 47 | - $oPatternCustom->setHtml(renderBrowseAddPage($fFolderID)); | |
| 48 | - $main->setCentralPayload($oPatternCustom); | |
| 49 | - $main->setErrorMessage("There is another folder named $fFolderName in this folder already"); | |
| 50 | - $main->setFormAction("addFolderBL.php?fFolderID=$fFolderID"); | |
| 51 | - $main->render(); | |
| 52 | - } else { | |
| 53 | - $oParentFolder = Folder::get($fFolderID); | |
| 54 | - //create the folder in the db, giving it the properties of it's parent folder | |
| 55 | - $oFolder = &new Folder($fFolderName, "", $fFolderID, $_SESSION["userID"], $oParentFolder->getDocumentTypeID(), $oParentFolder->getUnitID()); | |
| 56 | - if ($oFolder->create()) { | |
| 57 | - //create the folder on the file system | |
| 58 | - if (PhysicalFolderManagement::createFolder(Folder::getFolderPath($oFolder->getID()))) { | |
| 59 | - redirect("$default->owl_root_url/control.php?action=browse&fBrowseType=folder&fFolderID=" . $oFolder->getID()); | |
| 45 | + //check for illegal characters in the folder name | |
| 46 | + if (strpos($fFolderName, "\\") === false && strpos($fFolderName, ">") === false && | |
| 47 | + strpos($fFolderName, "<") === false && strpos($fFolderName, ":") === false && | |
| 48 | + strpos($fFolderName, "*") === false && strpos($fFolderName, "?") === false && | |
| 49 | + strpos($fFolderName, "|") === false && strpos($fFolderName, "/") === false && | |
| 50 | + strpos($fFolderName, "\"") === false) { | |
| 51 | + if (Folder::folderExistsName($fFolderName, $fFolderID)) { | |
| 52 | + require_once("$default->owl_fs_root/presentation/webpageTemplate.inc"); | |
| 53 | + $oPatternCustom->setHtml(renderBrowseAddPage($fFolderID)); | |
| 54 | + $main->setCentralPayload($oPatternCustom); | |
| 55 | + $main->setErrorMessage("There is another folder named $fFolderName in this folder already"); | |
| 56 | + $main->setFormAction("addFolderBL.php?fFolderID=$fFolderID"); | |
| 57 | + $main->render(); | |
| 58 | + } else { | |
| 59 | + $oParentFolder = Folder::get($fFolderID); | |
| 60 | + //create the folder in the db, giving it the properties of it's parent folder | |
| 61 | + $oFolder = &new Folder($fFolderName, "", $fFolderID, $_SESSION["userID"], $oParentFolder->getDocumentTypeID(), $oParentFolder->getUnitID()); | |
| 62 | + if ($oFolder->create()) { | |
| 63 | + //create the folder on the file system | |
| 64 | + if (PhysicalFolderManagement::createFolder(Folder::getFolderPath($oFolder->getID()))) { | |
| 65 | + redirect("$default->owl_root_url/control.php?action=browse&fBrowseType=folder&fFolderID=" . $oFolder->getID()); | |
| 66 | + } else { | |
| 67 | + //if we couldn't do that, remove the folder from the db and report and error | |
| 68 | + $oFolder->delete(); | |
| 69 | + require_once("$default->owl_fs_root/presentation/webpageTemplate.inc"); | |
| 70 | + $oPatternCustom->setHtml(renderBrowsePage($fFolderID)); | |
| 71 | + $main->setCentralPayload($oPatternCustom); | |
| 72 | + $main->setErrorMessage("There was an error creating the folder $fFolderName on the filesystem"); | |
| 73 | + $main->setFormAction("addFolderBL.php?fFolderID=$fFolderID"); | |
| 74 | + $main->render(); | |
| 75 | + } | |
| 60 | 76 | } else { |
| 61 | - //if we couldn't do that, remove the folder from the db and report and error | |
| 62 | - $oFolder->delete(); | |
| 77 | + //if we couldn't create the folder in the db, report an error | |
| 63 | 78 | require_once("$default->owl_fs_root/presentation/webpageTemplate.inc"); |
| 64 | 79 | $oPatternCustom->setHtml(renderBrowsePage($fFolderID)); |
| 65 | 80 | $main->setCentralPayload($oPatternCustom); |
| 66 | - $main->setErrorMessage("There was an error creating the folder $fFolderName on the filesystem"); | |
| 81 | + $main->setErrorMessage("There was an error creating the folder $fFolderName in the database"); | |
| 67 | 82 | $main->setFormAction("addFolderBL.php?fFolderID=$fFolderID"); |
| 68 | 83 | $main->render(); |
| 69 | 84 | } |
| 70 | - } else { | |
| 71 | - //if we couldn't create the folder in the db, report an error | |
| 72 | - require_once("$default->owl_fs_root/presentation/webpageTemplate.inc"); | |
| 73 | - $oPatternCustom->setHtml(renderBrowsePage($fFolderID)); | |
| 74 | - $main->setCentralPayload($oPatternCustom); | |
| 75 | - $main->setErrorMessage("There was an error creating the folder $fFolderName in the database"); | |
| 76 | - $main->setFormAction("addFolderBL.php?fFolderID=$fFolderID"); | |
| 77 | - $main->render(); | |
| 78 | 85 | } |
| 86 | + } else { | |
| 87 | + //the user entered an illegal character in the folder name | |
| 88 | + require_once("$default->owl_fs_root/presentation/webpageTemplate.inc"); | |
| 89 | + $oPatternCustom->setHtml(renderBrowseAddPage($fFolderID)); | |
| 90 | + $main->setCentralPayload($oPatternCustom); | |
| 91 | + $main->setErrorMessage("Folder not created. Folder names may not contain: '<', '>', '*', '/', '\', '|', '?' or '\"' "); | |
| 92 | + $main->setFormAction("addFolderBL.php?fFolderID=$fFolderID"); | |
| 93 | + $main->render(); | |
| 79 | 94 | } |
| 95 | + | |
| 80 | 96 | } else { |
| 81 | 97 | //if the user doesn't have write permission for this folder, |
| 82 | 98 | //give them only browse facilities | ... | ... |