Peter M. Groen / knowledgetree

Commit 411f335b7ee9e328173cd637ff59d112845fd69e

Authored by rob
1 parent cb24ceb8

Added check on illegal characters in folder name 


git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@775 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 1 changed file with 42 additions and 26 deletions
presentation/lookAndFeel/knowledgeTree/foldermanagement/addFolderBL.php
  View file @411f335
@@ -42,41 +42,57 @@ if (checkSession()) { @@ -42,41 +42,57 @@ if (checkSession()) {
42 } else { 42 } else {
43 //have a folder name to store 43 //have a folder name to store
44 if (Permission::userHasFolderWritePermission($fFolderID)) { 44 if (Permission::userHasFolderWritePermission($fFolderID)) {
45 - if (Folder::folderExistsName($fFolderName, $fFolderID)) {  
46 - require_once("$default->owl_fs_root/presentation/webpageTemplate.inc");  
47 - $oPatternCustom->setHtml(renderBrowseAddPage($fFolderID));  
48 - $main->setCentralPayload($oPatternCustom);  
49 - $main->setErrorMessage("There is another folder named $fFolderName in this folder already");  
50 - $main->setFormAction("addFolderBL.php?fFolderID=$fFolderID");  
51 - $main->render();  
52 - } else {  
53 - $oParentFolder = Folder::get($fFolderID);  
54 - //create the folder in the db, giving it the properties of it's parent folder  
55 - $oFolder = &new Folder($fFolderName, "", $fFolderID, $_SESSION["userID"], $oParentFolder->getDocumentTypeID(), $oParentFolder->getUnitID());  
56 - if ($oFolder->create()) {  
57 - //create the folder on the file system  
58 - if (PhysicalFolderManagement::createFolder(Folder::getFolderPath($oFolder->getID()))) {  
59 - redirect("$default->owl_root_url/control.php?action=browse&fBrowseType=folder&fFolderID=" . $oFolder->getID()); 45 + //check for illegal characters in the folder name
  46 + if (strpos($fFolderName, "\\") === false && strpos($fFolderName, ">") === false &&
  47 + strpos($fFolderName, "<") === false && strpos($fFolderName, ":") === false &&
  48 + strpos($fFolderName, "*") === false && strpos($fFolderName, "?") === false &&
  49 + strpos($fFolderName, "|") === false && strpos($fFolderName, "/") === false &&
  50 + strpos($fFolderName, "\"") === false) {
  51 + if (Folder::folderExistsName($fFolderName, $fFolderID)) {
  52 + require_once("$default->owl_fs_root/presentation/webpageTemplate.inc");
  53 + $oPatternCustom->setHtml(renderBrowseAddPage($fFolderID));
  54 + $main->setCentralPayload($oPatternCustom);
  55 + $main->setErrorMessage("There is another folder named $fFolderName in this folder already");
  56 + $main->setFormAction("addFolderBL.php?fFolderID=$fFolderID");
  57 + $main->render();
  58 + } else {
  59 + $oParentFolder = Folder::get($fFolderID);
  60 + //create the folder in the db, giving it the properties of it's parent folder
  61 + $oFolder = &new Folder($fFolderName, "", $fFolderID, $_SESSION["userID"], $oParentFolder->getDocumentTypeID(), $oParentFolder->getUnitID());
  62 + if ($oFolder->create()) {
  63 + //create the folder on the file system
  64 + if (PhysicalFolderManagement::createFolder(Folder::getFolderPath($oFolder->getID()))) {
  65 + redirect("$default->owl_root_url/control.php?action=browse&fBrowseType=folder&fFolderID=" . $oFolder->getID());
  66 + } else {
  67 + //if we couldn't do that, remove the folder from the db and report and error
  68 + $oFolder->delete();
  69 + require_once("$default->owl_fs_root/presentation/webpageTemplate.inc");
  70 + $oPatternCustom->setHtml(renderBrowsePage($fFolderID));
  71 + $main->setCentralPayload($oPatternCustom);
  72 + $main->setErrorMessage("There was an error creating the folder $fFolderName on the filesystem");
  73 + $main->setFormAction("addFolderBL.php?fFolderID=$fFolderID");
  74 + $main->render();
  75 + }
60 } else { 76 } else {
61 - //if we couldn't do that, remove the folder from the db and report and error  
62 - $oFolder->delete(); 77 + //if we couldn't create the folder in the db, report an error
63 require_once("$default->owl_fs_root/presentation/webpageTemplate.inc"); 78 require_once("$default->owl_fs_root/presentation/webpageTemplate.inc");
64 $oPatternCustom->setHtml(renderBrowsePage($fFolderID)); 79 $oPatternCustom->setHtml(renderBrowsePage($fFolderID));
65 $main->setCentralPayload($oPatternCustom); 80 $main->setCentralPayload($oPatternCustom);
66 - $main->setErrorMessage("There was an error creating the folder $fFolderName on the filesystem"); 81 + $main->setErrorMessage("There was an error creating the folder $fFolderName in the database");
67 $main->setFormAction("addFolderBL.php?fFolderID=$fFolderID"); 82 $main->setFormAction("addFolderBL.php?fFolderID=$fFolderID");
68 $main->render(); 83 $main->render();
69 } 84 }
70 - } else {  
71 - //if we couldn't create the folder in the db, report an error  
72 - require_once("$default->owl_fs_root/presentation/webpageTemplate.inc");  
73 - $oPatternCustom->setHtml(renderBrowsePage($fFolderID));  
74 - $main->setCentralPayload($oPatternCustom);  
75 - $main->setErrorMessage("There was an error creating the folder $fFolderName in the database");  
76 - $main->setFormAction("addFolderBL.php?fFolderID=$fFolderID");  
77 - $main->render();  
78 } 85 }
  86 + } else {
  87 + //the user entered an illegal character in the folder name
  88 + require_once("$default->owl_fs_root/presentation/webpageTemplate.inc");
  89 + $oPatternCustom->setHtml(renderBrowseAddPage($fFolderID));
  90 + $main->setCentralPayload($oPatternCustom);
  91 + $main->setErrorMessage("Folder not created. Folder names may not contain: '<', '>', '*', '/', '\', '|', '?' or '\"' ");
  92 + $main->setFormAction("addFolderBL.php?fFolderID=$fFolderID");
  93 + $main->render();
79 } 94 }
  95 +
80 } else { 96 } else {
81 //if the user doesn't have write permission for this folder, 97 //if the user doesn't have write permission for this folder,
82 //give them only browse facilities 98 //give them only browse facilities