Peter M. Groen / knowledgetree

Commit 59f8600ff754969362266d8a5be6fbcceb3e8905

Authored by conradverm
1 parent 878f93dc

KTS-2178 

"cross site scripting"
Updated.

Reviewed By: Kevin Fourie

git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@6921 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 1 changed file with 168 additions and 168 deletions
plugins/ktcore/KTDocumentActions.php
  View file @59f8600
... ... @@ -6,7 +6,7 @@
6 6 * License Version 1.1.2 ("License"); You may not use this file except in
7 7 * compliance with the License. You may obtain a copy of the License at
8 8 * http://www.knowledgetree.com/KPL
9   - *
  9 + *
10 10 * Software distributed under the License is distributed on an "AS IS"
11 11 * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied.
12 12 * See the License for the specific language governing rights and
... ... @@ -17,9 +17,9 @@
17 17 * (ii) the KnowledgeTree copyright notice
18 18 * in the same form as they appear in the distribution. See the License for
19 19 * requirements.
20   - *
  20 + *
21 21 * The Original Code is: KnowledgeTree Open Source
22   - *
  22 + *
23 23 * The Initial Developer of the Original Code is The Jam Warehouse Software
24 24 * (Pty) Ltd, trading as KnowledgeTree.
25 25 * Portions created by The Jam Warehouse Software (Pty) Ltd are Copyright
... ... @@ -42,7 +42,7 @@ require_once(KT_LIB_DIR . '/browse/PartialQuery.inc.php');
42 42  
43 43 require_once(KT_LIB_DIR . '/widgets/forms.inc.php');
44 44  
45   -// {{{ KTDocumentDetailsAction
  45 +// {{{ KTDocumentDetailsAction
46 46 class KTDocumentDetailsAction extends KTDocumentAction {
47 47 var $sName = 'ktcore.actions.document.displaydetails';
48 48  
... ... @@ -143,7 +143,7 @@ class KTDocumentVersionHistoryAction extends KTDocumentAction {
143 143 );
144 144 return $oTemplate->render($aTemplateData);
145 145 }
146   -
  146 +
147 147 function do_startComparison() {
148 148 $comparison_version = KTUtil::arrayGet($_REQUEST, 'fComparisonVersion');
149 149  
... ... @@ -151,7 +151,7 @@ class KTDocumentVersionHistoryAction extends KTDocumentAction {
151 151 if (PEAR::isError($oDocument)) {
152 152 return $this->redirectToMain(_kt('The document you selected was invalid'));
153 153 }
154   -
  154 +
155 155 if (!Permission::userHasDocumentReadPermission($oDocument)) {
156 156 return $this->errorRedirectToMain(_kt('You are not allowed to view this document'));
157 157 }
... ... @@ -176,7 +176,7 @@ class KTDocumentVersionHistoryAction extends KTDocumentAction {
176 176 );
177 177 return $oTemplate->render($aTemplateData);
178 178 }
179   -
  179 +
180 180 function do_viewComparison() {
181 181 // this is just a redirector
182 182 $QS = array(
... ... @@ -185,22 +185,22 @@ class KTDocumentVersionHistoryAction extends KTDocumentAction {
185 185 'fBaseVersion' => $_REQUEST['fBaseVersion'],
186 186 'fComparisonVersion' => $_REQUEST['fComparisonVersion'],
187 187 );
188   -
  188 +
189 189 $frag = array();
190   -
  190 +
191 191 foreach ($QS as $k => $v) {
192 192 $frag[] = sprintf('%s=%s', urlencode($k), urlencode($v));
193 193 }
194   -
  194 +
195 195 redirect(KTUtil::ktLink('view.php',null,implode('&', $frag)));
196 196 }
197   -
198   -
  197 +
  198 +
199 199 function getUserForId($iUserId) {
200 200 $u = User::get($iUserId);
201 201 if (PEAR::isError($u) || ($u == false)) { return _kt('User no longer exists'); }
202 202 return $u->getName();
203   - }
  203 + }
204 204 }
205 205 // }}}
206 206  
... ... @@ -208,7 +208,7 @@ class KTDocumentVersionHistoryAction extends KTDocumentAction {
208 208 // {{{ KTDocumentViewAction
209 209 class KTDocumentViewAction extends KTDocumentAction {
210 210 var $sName = 'ktcore.actions.document.view';
211   - var $sIconClass = 'download';
  211 + var $sIconClass = 'download';
212 212  
213 213 function getDisplayName() {
214 214 return _kt('Download');
... ... @@ -230,13 +230,13 @@ class KTDocumentViewAction extends KTDocumentAction {
230 230 } else {
231 231 $res = $oStorage->download($this->oDocument);
232 232 }
233   -
  233 +
234 234 if ($res === false) {
235 235 $this->addErrorMessage(_kt('The file you requested is not available - please contact the system administrator if this is incorrect.'));
236 236 redirect(generateControllerLink('viewDocument',sprintf(_kt('fDocumentId=%d'),$this->oDocument->getId())));
237   - exit(0);
  237 + exit(0);
238 238 }
239   -
  239 +
240 240 $oDocumentTransaction = & new DocumentTransaction($this->oDocument, _kt('Document downloaded'), 'ktcore.transactions.download', $aOptions);
241 241 $oDocumentTransaction->create();
242 242 exit(0);
... ... @@ -258,7 +258,7 @@ class KTDocumentCheckOutAction extends KTDocumentAction {
258 258 return _kt('Checkout');
259 259 }
260 260  
261   - function getInfo() {
  261 + function getInfo() {
262 262 if ($this->oDocument->getIsCheckedOut()) {
263 263 return null;
264 264 }
... ... @@ -272,10 +272,10 @@ class KTDocumentCheckOutAction extends KTDocumentAction {
272 272 return $res;
273 273 }
274 274 // since we actually check the doc out, then download it ...
275   - if (($_REQUEST[$this->event_var] == 'checkout_final') && ($this->oDocument->getCheckedOutUserID() == $_SESSION['userID'])) {
276   - return true;
  275 + if (($_REQUEST[$this->event_var] == 'checkout_final') && ($this->oDocument->getCheckedOutUserID() == $_SESSION['userID'])) {
  276 + return true;
277 277 }
278   -
  278 +
279 279 // "normal".
280 280 if ($this->oDocument->getIsCheckedOut()) {
281 281 $_SESSION['KTErrorMessage'][] = _kt('This document is already checked out');
... ... @@ -317,9 +317,9 @@ class KTDocumentCheckOutAction extends KTDocumentAction {
317 317 array('ktcore.validators.boolean', array(
318 318 'test' => 'download_file',
319 319 'output' => 'download_file',
320   - )),
  320 + )),
321 321 ));
322   -
  322 +
323 323 return $oForm;
324 324 }
325 325  
... ... @@ -337,13 +337,13 @@ class KTDocumentCheckOutAction extends KTDocumentAction {
337 337 }
338 338  
339 339 function do_checkout() {
340   -
  340 +
341 341 $oForm = $this->form_checkout();
342 342 $res = $oForm->validate();
343 343 if (!empty($res['errors'])) {
344 344 return $oForm->handleError();
345 345 }
346   -
  346 +
347 347 $data = $res['results'];
348 348  
349 349 $oTemplate =& $this->oValidator->validateTemplate('ktcore/action/checkout_final');
... ... @@ -354,17 +354,17 @@ class KTDocumentCheckOutAction extends KTDocumentAction {
354 354 if (PEAR::isError($res)) {
355 355 return $this->errorRedirectToMain(sprintf(_kt('Failed to check out the document: %s'), $res->getMessage()));
356 356 }
357   -
358 357  
359   -
  358 +
  359 +
360 360 $this->commitTransaction();
361   -
  361 +
362 362 if (!$data['download_file']) {
363 363 $this->addInfoMessage(_kt('Document checked out.'));
364 364 redirect(KTBrowseUtil::getUrlForDocument($this->oDocument));
365 365 exit(0);
366 366 }
367   -
  367 +
368 368 $oTemplate->setData(array(
369 369 'context' => &$this,
370 370 'reason' => $sReason,
... ... @@ -376,7 +376,7 @@ class KTDocumentCheckOutAction extends KTDocumentAction {
376 376 $sReason = KTUtil::arrayGet($_REQUEST, 'reason');
377 377 $this->oValidator->notEmpty($sReason);
378 378  
379   -
  379 +
380 380 $oStorage =& KTStorageManagerUtil::getSingleton();
381 381 $oStorage->download($this->oDocument, true);
382 382 exit(0);
... ... @@ -446,33 +446,33 @@ class KTDocumentCheckInAction extends KTDocumentAction {
446 446 'context' => &$this,
447 447 'file_upload' => true, // otherwise the post is not received.
448 448 ));
449   -
  449 +
450 450 $major_inc = sprintf('%d.%d', $this->oDocument->getMajorVersionNumber()+1, 0);
451   - $minor_inc = sprintf('%d.%d', $this->oDocument->getMajorVersionNumber(), $this->oDocument->getMinorVersionNumber()+1);
452   -
  451 + $minor_inc = sprintf('%d.%d', $this->oDocument->getMajorVersionNumber(), $this->oDocument->getMinorVersionNumber()+1);
  452 +
453 453 $oForm->setWidgets(array(
454 454 array('ktcore.widgets.file', array(
455 455 'label' => _kt('File'),
456   - 'description' => sprintf(_kt('Please specify the file you wish to upload. Unless you also indicate that you are changing its filename (see "Force Original Filename" below), this will need to be called <strong>%s</strong>'), $this->oDocument->getFilename()),
  456 + 'description' => sprintf(_kt('Please specify the file you wish to upload. Unless you also indicate that you are changing its filename (see "Force Original Filename" below), this will need to be called <strong>%s</strong>'), htmlentities($this->oDocument->getFilename(),ENT_QUOTES,'UTF-8')),
457 457 'name' => 'file',
458 458 'basename' => 'file',
459 459 'required' => true,
460 460 )),
461 461 array('ktcore.widgets.boolean',array(
462   - 'label' => _kt('Major Update'),
463   - 'description' => sprintf(_kt('If this is checked, then the document\'s version number will be increased to %s. Otherwise, it will be considered a minor update, and the version number will be %s.'), $major_inc, $minor_inc),
464   - 'name' => 'major_update',
  462 + 'label' => _kt('Major Update'),
  463 + 'description' => sprintf(_kt('If this is checked, then the document\'s version number will be increased to %s. Otherwise, it will be considered a minor update, and the version number will be %s.'), $major_inc, $minor_inc),
  464 + 'name' => 'major_update',
465 465 'value' => false,
466   - )),
  466 + )),
467 467 array('ktcore.widgets.reason', array(
468 468 'label' => _kt('Reason'),
469 469 'description' => _kt('Please describe the changes you made to the document. Bear in mind that you can use a maximum of <strong>250</strong> characters.'),
470 470 'name' => 'reason',
471 471 )),
472 472 array('ktcore.widgets.boolean',array(
473   - 'label' => _kt('Force Original Filename'),
474   - 'description' => sprintf(_kt('If this is checked, the uploaded document must have the same filename as the original: <strong>%s</strong>'), $this->oDocument->getFilename()),
475   - 'name' => 'forcefilename',
  473 + 'label' => _kt('Force Original Filename'),
  474 + 'description' => sprintf(_kt('If this is checked, the uploaded document must have the same filename as the original: <strong>%s</strong>'), htmlentities($this->oDocument->getFilename(),ENT_QUOTES,'UTF-8')),
  475 + 'name' => 'forcefilename',
476 476 'value' => true,
477 477 )),
478 478 ));
... ... @@ -485,17 +485,17 @@ class KTDocumentCheckInAction extends KTDocumentAction {
485 485 array('ktcore.validators.boolean', array(
486 486 'test' => 'major_update',
487 487 'output' => 'major_update',
488   - )),
  488 + )),
489 489 array('ktcore.validators.file', array(
490 490 'test' => 'file',
491 491 'output' => 'file',
492   - )),
  492 + )),
493 493 array('ktcore.validators.boolean', array(
494 494 'test' => 'forcefilename',
495 495 'output' => 'forcefilename',
496   - )),
  496 + )),
497 497 ));
498   -
  498 +
499 499 return $oForm;
500 500 }
501 501  
... ... @@ -503,7 +503,7 @@ class KTDocumentCheckInAction extends KTDocumentAction {
503 503 function do_main() {
504 504 $this->oPage->setBreadcrumbDetails(_kt('Checkin'));
505 505 $oTemplate =& $this->oValidator->validateTemplate('ktcore/action/checkin');
506   -
  506 +
507 507 $oForm = $this->form_main();
508 508  
509 509 $oTemplate->setData(array(
... ... @@ -517,24 +517,24 @@ class KTDocumentCheckInAction extends KTDocumentAction {
517 517 $oForm = $this->form_main();
518 518 $res = $oForm->validate();
519 519 $data = $res['results'];
520   -
  520 +
521 521 $extra_errors = array();
522   -
  522 +
523 523 if ($data['forcefilename'] && ($data['file']['name'] != $this->oDocument->getFilename())) {
524   - $extra_errors['file'] = sprintf(_kt('The file you uploaded was not called "%s". If you wish to change the filename, please set "Force Original Filename" below to false. '), $this->oDocument->getFilename());
  524 + $extra_errors['file'] = sprintf(_kt('The file you uploaded was not called "%s". If you wish to change the filename, please set "Force Original Filename" below to false. '), htmlentities($this->oDocument->getFilename(),ENT_QUOTES,'UTF-8'));
525 525 }
526   -
  526 +
527 527 if (!empty($res['errors']) || !empty($extra_errors)) {
528 528 return $oForm->handleError(null, $extra_errors);
529 529 }
530   -
  530 +
531 531 $sReason = $data['reason'];
532   -
  532 +
533 533 $sCurrentFilename = $this->oDocument->getFileName();
534 534 $sNewFilename = $data['file']['name'];
535 535  
536 536 $aOptions = array();
537   -
  537 +
538 538 if ($data['major_update']) {
539 539 $aOptions['major_update'] = true;
540 540 }
... ... @@ -542,7 +542,7 @@ class KTDocumentCheckInAction extends KTDocumentAction {
542 542 if ($sCurrentFilename != $sNewFilename) {
543 543 $aOptions['newfilename'] = $sNewFilename;
544 544 }
545   -
  545 +
546 546 $res = KTDocumentUtil::checkin($this->oDocument, $data['file']['tmp_name'], $sReason, $this->oUser, $aOptions);
547 547 if (PEAR::isError($res)) {
548 548 $this->errorRedirectToMain(_kt('An error occurred while trying to check in the document'), 'fDocumentId=' . $this->oDocument->getId() . '&reason=' . $sReason);
... ... @@ -561,7 +561,7 @@ class KTDocumentCancelCheckOutAction extends KTDocumentAction {
561 561 var $_sShowPermission = 'ktcore.permissions.write';
562 562 var $bAllowInAdminMode = true;
563 563 var $bInAdminMode = null;
564   - var $sIconClass = 'cancel_checkout';
  564 + var $sIconClass = 'cancel_checkout';
565 565  
566 566 function getDisplayName() {
567 567 return _kt('Cancel Checkout');
... ... @@ -573,10 +573,10 @@ class KTDocumentCancelCheckOutAction extends KTDocumentAction {
573 573 }
574 574 if (is_null($this->bInAdminMode)) {
575 575 $oFolder = Folder::get($this->oDocument->getFolderId());
576   - if (KTBrowseUtil::inAdminMode($this->oUser, $oFolder)) {
  576 + if (KTBrowseUtil::inAdminMode($this->oUser, $oFolder)) {
577 577 $this->bAdminMode = true;
578   - return parent::getInfo();
579   - }
  578 + return parent::getInfo();
  579 + }
580 580 } else if ($this->bInAdminMode == true) {
581 581 return parent::getInfo();
582 582 }
... ... @@ -588,7 +588,7 @@ class KTDocumentCancelCheckOutAction extends KTDocumentAction {
588 588  
589 589 function check() {
590 590 $res = parent::check();
591   -
  591 +
592 592 if ($res !== true) {
593 593 return $res;
594 594 }
... ... @@ -600,10 +600,10 @@ class KTDocumentCancelCheckOutAction extends KTDocumentAction {
600 600 // hard override if we're in admin mode for this doc.
601 601 if (is_null($this->bInAdminMode)) {
602 602 $oFolder = Folder::get($this->oDocument->getFolderId());
603   - if (KTBrowseUtil::inAdminMode($this->oUser, $oFolder)) {
  603 + if (KTBrowseUtil::inAdminMode($this->oUser, $oFolder)) {
604 604 $this->bAdminMode = true;
605   - return true;
606   - }
  605 + return true;
  606 + }
607 607 } else if ($this->bInAdminMode == true) {
608 608 return true;
609 609 }
... ... @@ -639,16 +639,16 @@ class KTDocumentCancelCheckOutAction extends KTDocumentAction {
639 639 'output' => 'reason',
640 640 )),
641 641 ));
642   -
  642 +
643 643 return $oForm;
644 644 }
645 645  
646 646 function do_main() {
647 647 $this->oPage->setBreadcrumbDetails(_kt('cancel checkout'));
648 648 $oTemplate =& $this->oValidator->validateTemplate('ktcore/action/cancel_checkout');
649   -
  649 +
650 650 $oForm = $this->form_main();
651   -
  651 +
652 652 $oTemplate->setData(array(
653 653 'context' => &$this,
654 654 'form' => $oForm,
... ... @@ -663,9 +663,9 @@ class KTDocumentCancelCheckOutAction extends KTDocumentAction {
663 663 if (!empty($res['errors'])) {
664 664 return $oForm->handleError();
665 665 }
666   -
  666 +
667 667 $data = $res['results'];
668   -
  668 +
669 669 $this->startTransaction();
670 670 // actually do the checkin.
671 671 $this->oDocument->setIsCheckedOut(0);
... ... @@ -675,7 +675,7 @@ class KTDocumentCancelCheckOutAction extends KTDocumentAction {
675 675 $this->rollbackTransaction();
676 676 return $this->errorRedirectToMain(_kt('Failed to force the document\'s checkin.'),sprintf('fDocumentId=%d'),$this->oDocument->getId());
677 677 }
678   -
  678 +
679 679 // checkout cancelled transaction
680 680 $oDocumentTransaction = & new DocumentTransaction($this->oDocument, $data['reason'], 'ktcore.transactions.force_checkin');
681 681 $res = $oDocumentTransaction->create();
... ... @@ -683,7 +683,7 @@ class KTDocumentCancelCheckOutAction extends KTDocumentAction {
683 683 $this->rollbackTransaction();
684 684 return $this->errorRedirectToMain(_kt('Failed to force the document\'s checkin.'),sprintf('fDocumentId=%d'),$this->oDocument->getId());
685 685 }
686   - $this->commitTransaction();
  686 + $this->commitTransaction();
687 687 redirect(KTBrowseUtil::getUrlForDocument($this->oDocument));
688 688 }
689 689 }
... ... @@ -746,7 +746,7 @@ class KTDocumentDeleteAction extends KTDocumentAction {
746 746 'output' => 'reason',
747 747 )),
748 748 ));
749   -
  749 +
750 750 return $oForm;
751 751 }
752 752  
... ... @@ -770,17 +770,17 @@ class KTDocumentDeleteAction extends KTDocumentAction {
770 770 if (!empty($res['errors'])) {
771 771 return $oForm->handleError();
772 772 }
773   -
  773 +
774 774 $sReason = $data['reason'];
775   -
  775 +
776 776 $fFolderId = $this->oDocument->getFolderId();
777 777 $res = KTDocumentUtil::delete($this->oDocument, $sReason);
778 778 if (PEAR::isError($res)) {
779 779 $this->errorRedirectToMain(sprintf(_kt('Unexpected failure deleting document: %s'), $res->getMessage()));
780   - }
  780 + }
781 781  
782 782 $_SESSION['KTInfoMessage'][] = sprintf(_kt('Document "%s" Deleted.'),$this->oDocument->getName());
783   -
  783 +
784 784 controllerRedirect('browse', 'fFolderId=' . $fFolderId);
785 785 exit(0);
786 786 }
... ... @@ -838,15 +838,15 @@ class KTDocumentMoveAction extends KTDocumentAction {
838 838 'cancel_url' => KTBrowseUtil::getUrlForDocument($this->oDocument),
839 839 'fail_action' => 'main',
840 840 'context' => $this,
841   - ));
  841 + ));
842 842  
843 843 /*
844 844 * This is somewhat more complex than most forms, since the "filename"
845 845 * and title shouldn't appear unless there's a clash.
846 846 *
847 847 * This is still not the most elegant solution.
848   - */
849   -
  848 + */
  849 +
850 850 $oForm->setWidgets(array(
851 851 array('ktcore.widgets.foldercollection', array(
852 852 'label' => _kt('Target Folder'),
... ... @@ -861,8 +861,8 @@ class KTDocumentMoveAction extends KTDocumentAction {
861 861 'name' => 'reason',
862 862 )),
863 863 ));
864   -
865   -
  864 +
  865 +
866 866 $oForm->setValidators(array(
867 867 array('ktcore.validators.string', array(
868 868 'test' => 'reason',
... ... @@ -874,10 +874,10 @@ class KTDocumentMoveAction extends KTDocumentAction {
874 874 'test' => 'browse',
875 875 'output' => 'browse',
876 876 )),
877   - ));
878   -
  877 + ));
  878 +
879 879 // here's the ugly bit.
880   -
  880 +
881 881 $err = $oForm->getErrors();
882 882 if (!empty($err['name']) || !empty($err['filename'])) {
883 883 $oForm->addWidget(
... ... @@ -914,7 +914,7 @@ class KTDocumentMoveAction extends KTDocumentAction {
914 914 }
915 915 return $oForm;
916 916 }
917   -
  917 +
918 918 function do_move() {
919 919 $oForm = $this->form_move();
920 920 $res = $oForm->validate();
... ... @@ -926,59 +926,59 @@ class KTDocumentMoveAction extends KTDocumentAction {
926 926 if ($data['browse']->getId() == $this->oDocument->getFolderID()) {
927 927 $extra_errors['browse'] = _kt('You cannot move the document within the same folder.');
928 928 } else {
929   - $bNameClash = KTDocumentUtil::nameExists($data['browse'], $this->oDocument->getName());
  929 + $bNameClash = KTDocumentUtil::nameExists($data['browse'], $this->oDocument->getName());
930 930 if ($bNameClash && isset($data['name'])) {
931 931 $name = $data['name'];
932   - $bNameClash = KTDocumentUtil::nameExists($data['browse'], $name);
  932 + $bNameClash = KTDocumentUtil::nameExists($data['browse'], $name);
933 933 } else {
934 934 $name = $this->oDocument->getName();
935 935 }
936 936 if ($bNameClash) {
937 937 $extra_errors['name'] = _kt('A document with this title already exists in your chosen folder. Please choose a different folder, or specify a new title for the copied document.');
938 938 }
939   -
940   - $bFileClash = KTDocumentUtil::fileExists($data['browse'], $this->oDocument->getFilename());
  939 +
  940 + $bFileClash = KTDocumentUtil::fileExists($data['browse'], $this->oDocument->getFilename());
941 941 if ($bFileClash && isset($data['filename'])) {
942 942 $filename = $data['filename'];
943   - $bFileClash = KTDocumentUtil::fileExists($data['browse'], $filename);
  943 + $bFileClash = KTDocumentUtil::fileExists($data['browse'], $filename);
944 944 } else {
945 945 $filename = $this->oDocument->getFilename();
946   - }
  946 + }
947 947 if ($bFileClash) {
948 948 $extra_errors['filename'] = _kt('A document with this filename already exists in your chosen folder. Please choose a different folder, or specify a new filename for the copied document.');
949 949 }
950   -
  950 +
951 951 if (!Permission::userHasFolderWritePermission($data['browse'])) {
952 952 $extra_errors['browse'] = _kt('You do not have permission to create new documents in that folder.');
953 953 }
954 954 }
955 955 }
956   -
  956 +
957 957 if (!empty($errors) || !empty($extra_errors)) {
958   - return $oForm->handleError(null, $extra_errors);
  958 + return $oForm->handleError(null, $extra_errors);
959 959 }
960   -
  960 +
961 961 $this->startTransaction();
962 962 // now try update it.
963   -
  963 +
964 964 $res = KTDocumentUtil::move($this->oDocument, $data['browse'], $this->oUser, $sReason);
965 965 if (PEAR::isError($oNewDoc)) {
966 966 $this->errorRedirectTo('main', _kt('Failed to move document: ') . $oNewDoc->getMessage());
967 967 exit(0);
968 968 }
969   -
  969 +
970 970 $this->oDocument->setName($name); // if needed.
971 971 $this->oDocument->setFilename($filename); // if needed.
972   -
  972 +
973 973 $res = $this->oDocument->update();
974 974 if (PEAR::isError($res)) {
975 975 return $this->errorRedirectTo('main', _kt('Failed to move document: ') . $res->getMessage());
976 976 }
977 977  
978 978 $this->commitTransaction();
979   -
  979 +
980 980 controllerRedirect('viewDocument', 'fDocumentId=' . $this->oDocument->getId());
981   - exit(0);
  981 + exit(0);
982 982 }
983 983  
984 984 }
... ... @@ -1009,7 +1009,7 @@ class KTDocumentCopyAction extends KTDocumentAction {
1009 1009 if ($this->oDocument->getIsCheckedOut()) {
1010 1010 return null;
1011 1011 }
1012   -
  1012 +
1013 1013 return parent::getInfo();
1014 1014 }
1015 1015  
... ... @@ -1028,7 +1028,7 @@ class KTDocumentCopyAction extends KTDocumentAction {
1028 1028 $this->oDocumentFolder = $this->oValidator->validateFolder($this->oDocument->getFolderId());
1029 1029 return true;
1030 1030 }
1031   -
  1031 +
1032 1032 function form_copyselection() {
1033 1033 $oForm = new KTForm;
1034 1034 $oForm->setOptions(array(
... ... @@ -1039,15 +1039,15 @@ class KTDocumentCopyAction extends KTDocumentAction {
1039 1039 'cancel_url' => KTBrowseUtil::getUrlForDocument($this->oDocument),
1040 1040 'fail_action' => 'main',
1041 1041 'context' => $this,
1042   - ));
  1042 + ));
1043 1043  
1044 1044 /*
1045 1045 * This is somewhat more complex than most forms, since the "filename"
1046 1046 * and title shouldn't appear unless there's a clash.
1047 1047 *
1048 1048 * This is still not the most elegant solution.
1049   - */
1050   -
  1049 + */
  1050 +
1051 1051 $oForm->setWidgets(array(
1052 1052 array('ktcore.widgets.foldercollection', array(
1053 1053 'label' => _kt('Target Folder'),
... ... @@ -1062,8 +1062,8 @@ class KTDocumentCopyAction extends KTDocumentAction {
1062 1062 'name' => 'reason',
1063 1063 )),
1064 1064 ));
1065   -
1066   -
  1065 +
  1066 +
1067 1067 $oForm->setValidators(array(
1068 1068 array('ktcore.validators.string', array(
1069 1069 'test' => 'reason',
... ... @@ -1075,10 +1075,10 @@ class KTDocumentCopyAction extends KTDocumentAction {
1075 1075 'test' => 'browse',
1076 1076 'output' => 'browse',
1077 1077 )),
1078   - ));
1079   -
  1078 + ));
  1079 +
1080 1080 // here's the ugly bit.
1081   -
  1081 +
1082 1082 $err = $oForm->getErrors();
1083 1083 if (!empty($err['name']) || !empty($err['filename'])) {
1084 1084 $oForm->addWidget(
... ... @@ -1122,7 +1122,7 @@ class KTDocumentCopyAction extends KTDocumentAction {
1122 1122 return $oForm->renderPage(_kt('Copy Document') . ': ' . $this->oDocument->getName());
1123 1123 }
1124 1124  
1125   - function do_copy() {
  1125 + function do_copy() {
1126 1126 $oForm = $this->form_copyselection();
1127 1127 $res = $oForm->validate();
1128 1128 $errors = $res['errors'];
... ... @@ -1131,59 +1131,59 @@ class KTDocumentCopyAction extends KTDocumentAction {
1131 1131  
1132 1132  
1133 1133 if (!is_null($data['browse'])) {
1134   - $bNameClash = KTDocumentUtil::nameExists($data['browse'], $this->oDocument->getName());
  1134 + $bNameClash = KTDocumentUtil::nameExists($data['browse'], $this->oDocument->getName());
1135 1135 if ($bNameClash && isset($data['name'])) {
1136 1136 $name = $data['name'];
1137   - $bNameClash = KTDocumentUtil::nameExists($data['browse'], $name);
  1137 + $bNameClash = KTDocumentUtil::nameExists($data['browse'], $name);
1138 1138 } else {
1139 1139 $name = $this->oDocument->getName();
1140 1140 }
1141 1141 if ($bNameClash) {
1142 1142 $extra_errors['name'] = _kt('A document with this title already exists in your chosen folder. Please choose a different folder, or specify a new title for the copied document.');
1143 1143 }
1144   -
1145   - $bFileClash = KTDocumentUtil::fileExists($data['browse'], $this->oDocument->getFilename());
  1144 +
  1145 + $bFileClash = KTDocumentUtil::fileExists($data['browse'], $this->oDocument->getFilename());
1146 1146  
1147 1147 if ($bFileClash && isset($data['filename'])) {
1148 1148 $filename = $data['filename'];
1149   - $bFileClash = KTDocumentUtil::fileExists($data['browse'], $filename);
  1149 + $bFileClash = KTDocumentUtil::fileExists($data['browse'], $filename);
1150 1150 } else {
1151 1151 $filename = $this->oDocument->getFilename();
1152   - }
  1152 + }
1153 1153 if ($bFileClash) {
1154 1154 $extra_errors['filename'] = _kt('A document with this filename already exists in your chosen folder. Please choose a different folder, or specify a new filename for the copied document.');
1155 1155 }
1156   -
  1156 +
1157 1157 if (!Permission::userHasFolderWritePermission($data['browse'])) {
1158 1158 $extra_errors['browse'] = _kt('You do not have permission to create new documents in that folder.');
1159 1159 }
1160 1160 }
1161   -
  1161 +
1162 1162 if (!empty($errors) || !empty($extra_errors)) {
1163   - return $oForm->handleError(null, $extra_errors);
  1163 + return $oForm->handleError(null, $extra_errors);
1164 1164 }
1165   -
  1165 +
1166 1166 // FIXME agree on document-duplication rules re: naming, etc.
1167   -
  1167 +
1168 1168 $this->startTransaction();
1169 1169 // now try update it.
1170   -
  1170 +
1171 1171 $oNewDoc = KTDocumentUtil::copy($this->oDocument, $data['browse'], $sReason);
1172 1172 if (PEAR::isError($oNewDoc)) {
1173 1173 $this->errorRedirectTo('main', _kt('Failed to copy document: ') . $oNewDoc->getMessage(), sprintf('fDocumentId=%d&fFolderId=%d', $this->oDocument->getId(), $this->oFolder->getId()));
1174 1174 exit(0);
1175 1175 }
1176   -
  1176 +
1177 1177 $oNewDoc->setName($name);
1178 1178 $oNewDoc->setFilename($filename);
1179   -
  1179 +
1180 1180 $res = $oNewDoc->update();
1181 1181 if (PEAR::isError($res)) {
1182 1182 return $this->errorRedirectTo('main', _kt('Failed to copy document: ') . $res->getMessage(), sprintf('fDocumentId=%d&fFolderId=%d', $this->oDocument->getId(), $this->oFolder->getId()));
1183 1183 }
1184 1184  
1185 1185 $this->commitTransaction();
1186   -
  1186 +
1187 1187 // FIXME do we need to refactor all trigger usage into the util function?
1188 1188 $oKTTriggerRegistry = KTTriggerRegistry::getSingleton();
1189 1189 $aTriggers = $oKTTriggerRegistry->getTriggers('copyDocument', 'postValidate');
... ... @@ -1198,13 +1198,13 @@ class KTDocumentCopyAction extends KTDocumentAction {
1198 1198 $oTrigger->setInfo($aInfo);
1199 1199 $ret = $oTrigger->postValidate();
1200 1200 }
1201   -
  1201 +
1202 1202 //$aOptions = array('user' => $oUser);
1203 1203 //$oDocumentTransaction = & new DocumentTransaction($oNewDoc, 'Document copied from old version.', 'ktcore.transactions.create', $aOptions);
1204 1204 //$res = $oDocumentTransaction->create();
1205   -
  1205 +
1206 1206 $_SESSION['KTInfoMessage'][] = _kt('Document copied.');
1207   -
  1207 +
1208 1208 controllerRedirect('viewDocument', 'fDocumentId=' . $oNewDoc->getId());
1209 1209 exit(0);
1210 1210 }
... ... @@ -1252,10 +1252,10 @@ class KTDocumentArchiveAction extends KTDocumentAction {
1252 1252 'output' => 'reason',
1253 1253 )),
1254 1254 ));
1255   -
  1255 +
1256 1256 return $oForm;
1257 1257 }
1258   -
  1258 +
1259 1259 function do_main() {
1260 1260 $this->oPage->setBreadcrumbDetails(_kt('Archive Document'));
1261 1261 $oTemplate =& $this->oValidator->validateTemplate('ktcore/action/archive');
... ... @@ -1270,16 +1270,16 @@ class KTDocumentArchiveAction extends KTDocumentAction {
1270 1270 }
1271 1271  
1272 1272 function do_archive() {
1273   -
  1273 +
1274 1274 $oForm = $this->form_main();
1275 1275 $res = $oForm->validate();
1276 1276 $data = $res['results'];
1277 1277 if (!empty($res['errors'])) {
1278 1278 return $oForm->handleError();
1279 1279 }
1280   -
  1280 +
1281 1281 $sReason = $data['reason'];
1282   -
  1282 +
1283 1283 $this->startTransaction();
1284 1284 $this->oDocument->setStatusID(ARCHIVED);
1285 1285 $res = $this->oDocument->update();
... ... @@ -1290,7 +1290,7 @@ class KTDocumentArchiveAction extends KTDocumentAction {
1290 1290 }
1291 1291 $oDocumentTransaction = & new DocumentTransaction($this->oDocument, sprintf(_kt('Document archived: %s'), $sReason), 'ktcore.transactions.update');
1292 1292 $oDocumentTransaction->create();
1293   -
  1293 +
1294 1294 $this->commitTransaction();
1295 1295  
1296 1296 $oKTTriggerRegistry = KTTriggerRegistry::getSingleton();
... ... @@ -1320,11 +1320,11 @@ class KTDocumentArchiveAction extends KTDocumentAction {
1320 1320 class KTDocumentWorkflowAction extends KTDocumentAction {
1321 1321 var $sName = 'ktcore.actions.document.workflow';
1322 1322 var $_sShowPermission = 'ktcore.permissions.read';
1323   -
1324   - var $sHelpPage = 'ktcore/user/workflow.html';
  1323 +
  1324 + var $sHelpPage = 'ktcore/user/workflow.html';
1325 1325  
1326 1326 function predispatch() {
1327   - $this->persistParams(array('fTransitionId'));
  1327 + $this->persistParams(array('fTransitionId'));
1328 1328 }
1329 1329  
1330 1330 function getDisplayName() {
... ... @@ -1350,7 +1350,7 @@ class KTDocumentWorkflowAction extends KTDocumentAction {
1350 1350 }
1351 1351  
1352 1352 $fieldErrors = null;
1353   -
  1353 +
1354 1354 $transition_fields = array();
1355 1355 if ($aTransitions) {
1356 1356 $aVocab = array();
... ... @@ -1364,8 +1364,8 @@ class KTDocumentWorkflowAction extends KTDocumentAction {
1364 1364 $fieldOptions = array('vocab' => $aVocab);
1365 1365 $transition_fields[] = new KTLookupWidget(_kt('Transition to perform'), _kt('The transition listed will cause the document to change from its current state to the listed destination state.'), 'fTransitionId', null, $this->oPage, true, null, $fieldErrors, $fieldOptions);
1366 1366 $transition_fields[] = new KTTextWidget(
1367   - _kt('Reason for transition'), _kt('Describe why this document qualifies to be changed from its current state to the destination state of the transition chosen.'),
1368   - 'fComments', '',
  1367 + _kt('Reason for transition'), _kt('Describe why this document qualifies to be changed from its current state to the destination state of the transition chosen.'),
  1368 + 'fComments', '',
1369 1369 $this->oPage, true, null, null,
1370 1370 array('cols' => 80, 'rows' => 4));
1371 1371 }
... ... @@ -1399,7 +1399,7 @@ class KTDocumentWorkflowAction extends KTDocumentAction {
1399 1399  
1400 1400 function do_performTransition() {
1401 1401 $oDocument =& $this->oValidator->validateDocument($_REQUEST['fDocumentId']);
1402   - $oTransition =& $this->oValidator->validateWorkflowTransition($_REQUEST['fTransitionId']);
  1402 + $oTransition =& $this->oValidator->validateWorkflowTransition($_REQUEST['fTransitionId']);
1403 1403  
1404 1404 $aErrorOptions = array(
1405 1405 'redirect_to' => array('main', sprintf('fDocumentId=%d', $_REQUEST['fDocumentId'])),
... ... @@ -1407,7 +1407,7 @@ class KTDocumentWorkflowAction extends KTDocumentAction {
1407 1407 );
1408 1408  
1409 1409 $sComments =& $this->oValidator->validateString($_REQUEST['fComments'], $aErrorOptions);
1410   -
  1410 +
1411 1411 $oUser =& User::get($_SESSION['userID']);
1412 1412 $res = KTWorkflowUtil::performTransitionOnDocument($oTransition, $oDocument, $oUser, $sComments);
1413 1413  
... ... @@ -1420,7 +1420,7 @@ class KTDocumentWorkflowAction extends KTDocumentAction {
1420 1420 array('fDocumentId' => $oDocument->getId()));
1421 1421 }
1422 1422 }
1423   -
  1423 +
1424 1424 function form_quicktransition() {
1425 1425  
1426 1426 $oForm = new KTForm;
... ... @@ -1446,36 +1446,36 @@ class KTDocumentWorkflowAction extends KTDocumentAction {
1446 1446 'test' => 'reason',
1447 1447 'max_length' => 250,
1448 1448 'output' => 'reason',
1449   - )),
  1449 + )),
1450 1450 ));
1451   -
  1451 +
1452 1452 return $oForm;
1453 1453 }
1454 1454  
1455 1455 function do_quicktransition() {
1456 1456 // make sure this gets through.
1457 1457 $this->persistParams(array('fTransitionId'));
1458   -
  1458 +
1459 1459 $transition_id = $_REQUEST['fTransitionId'];
1460 1460 $oTransition = KTWorkflowTransition::get($transition_id);
1461   -
  1461 +
1462 1462 $oForm = $this->form_quicktransition();
1463 1463 return $oForm->renderPage(sprintf(_kt('Perform Transition: %s'), $oTransition->getName()));
1464 1464 }
1465   -
  1465 +
1466 1466 function do_performquicktransition() {
1467 1467 $oForm = $this->form_quicktransition();
1468 1468 $res = $oForm->validate();
1469   -
  1469 +
1470 1470 if (!empty($res['errors'])) {
1471 1471 return $oForm->handleError();
1472   - }
1473   -
  1472 + }
  1473 +
1474 1474 $this->startTransaction();
1475   -
  1475 +
1476 1476 $data = $res['results'];
1477 1477 $oTransition = KTWorkflowTransition::get($_REQUEST['fTransitionId']);
1478   -
  1478 +
1479 1479 $res = KTWorkflowUtil::performTransitionOnDocument($oTransition, $this->oDocument, $this->oUser, $data['reason']);
1480 1480  
1481 1481 if(!Permission::userHasDocumentReadPermission($this->oDocument)) {
... ... @@ -1483,10 +1483,10 @@ class KTDocumentWorkflowAction extends KTDocumentAction {
1483 1483 $_SESSION['KTInfoMessage'][] = _kt('Transition performed') . '. ' . _kt('You no longer have permission to view this document');
1484 1484 controllerRedirect('browse', sprintf('fFolderId=%d', $this->oDocument->getFolderId()));
1485 1485 } else {
1486   - $this->commitTransaction();
  1486 + $this->commitTransaction();
1487 1487 $_SESSION['KTInfoMessage'][] = _kt('Transition performed');
1488 1488 controllerRedirect('viewDocument', sprintf('fDocumentId=%d', $this->oDocument->getId()));
1489   - }
  1489 + }
1490 1490 }
1491 1491  
1492 1492 }
... ... @@ -1499,7 +1499,7 @@ class KTOwnershipChangeAction extends KTDocumentAction {
1499 1499 function getDisplayName() {
1500 1500 return _kt('Change Document Ownership');
1501 1501 }
1502   -
  1502 +
1503 1503 function form_owner() {
1504 1504 $oForm = new KTForm;
1505 1505 $oForm->setOptions(array(
... ... @@ -1529,49 +1529,49 @@ class KTOwnershipChangeAction extends KTDocumentAction {
1529 1529 'output' => 'user',
1530 1530 )),
1531 1531 ));
1532   -
  1532 +
1533 1533 return $oForm;
1534 1534 }
1535 1535  
1536   - function do_main() {
  1536 + function do_main() {
1537 1537 $this->oPage->setBreadcrumbDetails(_kt('Changing Ownership'));
1538 1538 $oTemplate =& $this->oValidator->validateTemplate('ktcore/document/ownershipchangeaction');
1539   -
  1539 +
1540 1540 $change_form = $this->form_owner();
1541   -
  1541 +
1542 1542 $oTemplate->setData(array(
1543 1543 'context' => $this,
1544 1544 'form' => $change_form,
1545   - ));
  1545 + ));
1546 1546 return $oTemplate->render();
1547 1547 }
1548   -
  1548 +
1549 1549 function do_reown() {
1550 1550 $oForm = $this->form_owner();
1551 1551 $res = $oForm->validate();
1552 1552 $data = $res['results'];
1553 1553 $errors = $res['errors'];
1554   -
  1554 +
1555 1555 if (!empty($errors)) {
1556   - return $oForm->handleError();
  1556 + return $oForm->handleError();
1557 1557 }
1558 1558  
1559 1559 $oUser = $data['user'];
1560   -
  1560 +
1561 1561 $this->startTransaction();
1562   -
  1562 +
1563 1563 $this->oDocument->setOwnerID($oUser->getId());
1564 1564 $res = $this->oDocument->update();
1565 1565 if (PEAR::isError($res)) {
1566 1566 $this->errorRedirectToMain(sprintf(_kt('Failed to update document: %s'), $res->getMessage()), sprintf('fDocumentId=%d', $this->oDocument->getId()));
1567 1567 }
1568   -
  1568 +
1569 1569 $res = KTPermissionUtil::updatePermissionLookup($this->oDocument);
1570   -
  1570 +
1571 1571 if (PEAR::isError($res)) {
1572 1572 $this->errorRedirectToMain(sprintf(_kt('Failed to update document: %s'), $res->getMessage()), sprintf('fDocumentId=%d', $this->oDocument->getId()));
1573 1573 }
1574   -
  1574 +
1575 1575 $this->successRedirectToMain(_kt('Ownership changed.'), sprintf('fDocumentId=%d', $this->oDocument->getId()));
1576 1576 }
1577 1577 }
... ...