Don't rely on register_globals or similar mechanisms to access request

parameters. Either use KTUtil::extractGPC to bring specific parameters to global scope or access them via the $_REQUEST array. git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@3005 c91229c3-7414-0410-bfa2-8a42b809f60b

Don't rely on register_globals or similar mechanisms to access request
parameters. Either use KTUtil::extractGPC to bring specific parameters to global scope or access them via the $_REQUEST array. git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@3005 c91229c3-7414-0410-bfa2-8a42b809f60b
nbm
1 parent 132d5ecf
Showing 137 changed files with 397 additions and 134 deletions
presentation/login.php
presentation/lookAndFeel/knowledgeTree/administration/doccheckoutmanagement/editDocCheckoutBL.php
presentation/lookAndFeel/knowledgeTree/administration/doccheckoutmanagement/editDocCheckoutUI.inc
presentation/lookAndFeel/knowledgeTree/administration/docfieldmanagement/addDocFieldSuccess.php
presentation/lookAndFeel/knowledgeTree/administration/docfieldmanagement/editDocFieldBL.php
presentation/lookAndFeel/knowledgeTree/administration/docfieldmanagement/editDocFieldLookupsBL.php
presentation/lookAndFeel/knowledgeTree/administration/docfieldmanagement/editDocFieldLookupsUI.inc
presentation/lookAndFeel/knowledgeTree/administration/docfieldmanagement/listDocFieldsBL.php
presentation/lookAndFeel/knowledgeTree/administration/docfieldmanagement/metadatamanagement/addMetaDataBL.php
presentation/lookAndFeel/knowledgeTree/administration/docfieldmanagement/metadatamanagement/editMetaDataBL.php
presentation/lookAndFeel/knowledgeTree/administration/docfieldmanagement/metadatamanagement/removeMetaDataBL.php
presentation/lookAndFeel/knowledgeTree/administration/docfieldmanagement/removeDocFieldBL.php
presentation/lookAndFeel/knowledgeTree/administration/docfieldmanagement/removeDocFieldUI.inc
presentation/lookAndFeel/knowledgeTree/administration/doctypemanagement/addDocTypeFieldsLinkBL.php
presentation/lookAndFeel/knowledgeTree/administration/doctypemanagement/addDocTypeSuccess.php
presentation/lookAndFeel/knowledgeTree/administration/doctypemanagement/editDocTypeBL.php
presentation/lookAndFeel/knowledgeTree/administration/doctypemanagement/editDocTypeFieldsBL.php
presentation/lookAndFeel/knowledgeTree/administration/doctypemanagement/listDocTypesBL.php
presentation/lookAndFeel/knowledgeTree/administration/doctypemanagement/removeDocTypeBL.php
presentation/lookAndFeel/knowledgeTree/administration/documentmanagement/expungeDeletedDocumentsBL.php
@@ -32,7 +32,7 @@ require_once(&quot;Html.inc&quot;);
  
 global $default;
  
-if ($loginAction == "loginForm") {
+if ($_REQUEST['loginAction'] == "loginForm") {
     // TODO: build login form using PatternMainPage
     print "<html>
     <head>
@@ -86,16 +86,16 @@ if ($loginAction == &quot;loginForm&quot;) {
     </body>
     </html>";
  
-} elseif ($loginAction == "login") {
+} elseif ($_REQUEST['loginAction'] == "login") {
     // set default url for login failure
     // with redirect appended if set
     $url = $url . "login.php?loginAction=loginForm" . (isset($redirect) ? "&redirect=" . urlencode($redirect) : "");
  
     // if requirements are met and we have a username and password to authenticate
-    if( isset($fUserName) && isset($fPassword) ) {
+    if (isset($_REQUEST['fUserName']) && isset($_REQUEST['fPassword']) ) {
         // verifies the login and password of the user
         $dbAuth = new $default->authenticationClass;
-        $userDetails = $dbAuth->login($fUserName, $fPassword);
+        $userDetails = $dbAuth->login($_REQUEST['fUserName'], $_REQUEST['fPassword']);
  
         switch ($userDetails["status"]) {
             // bad credentials
@@ -26,6 +26,8 @@
  */
 require_once("../../../../../config/dmsDefaults.php");
  
+KTUtil::extractGPC('fDocumentID', 'fUpdate');
+
 if (checkSession()) {
 	require_once("$default->fileSystemRoot/lib/visualpatterns/PatternListBox.inc");
 	require_once("$default->fileSystemRoot/lib/visualpatterns/PatternEditableListFromQuery.inc");
@@ -34,10 +34,10 @@ function getErrorPage($sMessage) {
 	return statusPage(_("Edit Document Checkout"), _("Error checking in document"), $sMessage, "listDocs");
 }	
  
-function getEditCheckoutPage($fDocumentID){
+function getEditCheckoutPage($iDocumentID){
 	global $default;
  
-	$oDocument = Document::get($fDocumentID);
+	$oDocument = Document::get($iDocumentID);
 	$oUser = User::get($oDocument->getCheckedOutUserID());
 	$sToRender .= renderHeading(_("Edit Document Checkout"));	
 	$sToRender .= "<table>\n";
@@ -45,7 +45,7 @@ function getEditCheckoutPage($fDocumentID){
 	$sToRender .= "<tr><td width=\"20%\">" . _("Path") . "</td><td><b>" . $oDocument->getDisplayPath() . "</b></td></tr>";
 	$sToRender .= "<tr><td>" . _("Checked Out By") . "</td><td><b>" . ($oUser ? $oUser->getName() : _("Unknown")) . "</b></td></tr>";
  	$sToRender .= "<input type=\"hidden\" name=\"fUpdate\" value=\"1\">\n";
- 	$sToRender .= "<input type=\"hidden\" name=\"fDocumentID\" value=\"$fDocumentID\">\n";
+ 	$sToRender .= "<input type=\"hidden\" name=\"fDocumentID\" value=\"$iDocumentID\">\n";
 	$sToRender .= "<tr>\n";
 	$sToRender .= "<td colspan=\"2\" align=right>\n";	
 	$sToRender .= getUpdateButton();	
@@ -27,6 +27,8 @@
  
 require_once("../../../../../config/dmsDefaults.php");
  
+KTUtil::extractGPC('fDocFieldID');
+
 if(checkSession()) {
 	require_once("$default->fileSystemRoot/lib/documentmanagement/DocumentField.inc");
  
@@ -34,6 +34,8 @@
 */
 require_once("../../../../../config/dmsDefaults.php");
  
+KTUtil::extractGPC('fDocFieldDataType', 'fDocFieldHasLookup', 'fDocFieldID', 'fDocFieldIsGeneric', 'fDocFieldName', 'fForStore');
+
 if (checkSession()) {
 	require_once("$default->fileSystemRoot/lib/visualpatterns/PatternListBox.inc");
 	require_once("$default->fileSystemRoot/lib/visualpatterns/PatternEditableListFromQuery.inc");
@@ -99,4 +101,4 @@ if (checkSession()) {
     $main->setHasRequiredFields(true);
 	$main->render();	
 }
-?>
 \ No newline at end of file
+?>
@@ -27,6 +27,8 @@
  
 require_once("../../../../../config/dmsDefaults.php");
  
+KTUtil::extractGPC('fDeleteConfirmed', 'fDocFieldID', 'fGroupID', 'fGroupSet', 'fOtherGroupID', 'fUserID', 'faGroupID');
+
 if (checkSession()) {
     require_once("$default->fileSystemRoot/lib/visualpatterns/PatternListBox.inc");
     require_once("$default->fileSystemRoot/lib/visualpatterns/PatternCreate.inc");
@@ -77,15 +77,15 @@ function getPage($iUserID) {
  
  
 // get page for removal
-function getGroupPage($fDocFieldID) {
+function getGroupPage($iDocFieldID) {
     global $default;
  
-    $oDocField = DocumentField::get($fDocFieldID);    
+    $oDocField = DocumentField::get($iDocFieldID);    
  
     $LookupDisplay .= "<b>" . _("Current Lookups") . "</b><br>\n";	
 	$sQuery = 	" Select * " .	
 				" From " . $default->metadata_table .
-				" WHERE document_field_id=" . $fDocFieldID;        
+				" WHERE document_field_id=" . $iDocFieldID;        
  
  	$aColumns = array("name");
     $aColumnNames = array(_("Lookup name"));
@@ -122,20 +122,20 @@ function getGroupPage($fDocFieldID) {
     $sToRender .= "<table border=0 cellspacing=1>\n";
     $sToRender .= "<tr><td><b>Options</b></td></tr>";
     $sToRender .= "<tr><td width=200 bgcolor=$sBgColor>";
-    $sToRender .= "<br><a href=\"$default->rootUrl/control.php?action=addMetaDataForField&fDocFieldID=$fDocFieldID\">&nbsp;&nbsp;" . _("Add Document Field Lookups") . "</a><br><br>";
+    $sToRender .= "<br><a href=\"$default->rootUrl/control.php?action=addMetaDataForField&fDocFieldID=$iDocFieldID\">&nbsp;&nbsp;" . _("Add Document Field Lookups") . "</a><br><br>";
     $sToRender .= "</td><td>"; 	
     $sToRender .= "</td></tr>";
  
-	$iDocFieldLookupCount = DocumentField::getLookupCount($fDocFieldID);
+	$iDocFieldLookupCount = DocumentField::getLookupCount($iDocFieldID);
 	if ($iDocFieldLookupCount > 0) {
  
 		$sToRender .= "<tr><td width=200 bgcolor=$sBgColor>";
-	    $sToRender .= "<br><a href=\"$default->rootUrl/control.php?action=editMetadataForField&fDocFieldID=$fDocFieldID\">&nbsp;&nbsp;" . _("Edit Document Field Lookups") . "</a><br><br>";
+	    $sToRender .= "<br><a href=\"$default->rootUrl/control.php?action=editMetadataForField&fDocFieldID=$iDocFieldID\">&nbsp;&nbsp;" . _("Edit Document Field Lookups") . "</a><br><br>";
 	    $sToRender .= "</td><td>"; 	
 	    $sToRender .= "</td></tr>";
  
 	    $sToRender .= "<tr><td width=200 bgcolor=$sBgColor>";
-	    $sToRender .= "<br><a href=\"$default->rootUrl/control.php?action=removeMetaDataFromField&fDocFieldID=$fDocFieldID\">&nbsp;&nbsp;" . _("Remove Document Field Lookups") . "</a><br><br>";
+	    $sToRender .= "<br><a href=\"$default->rootUrl/control.php?action=removeMetaDataFromField&fDocFieldID=$iDocFieldID\">&nbsp;&nbsp;" . _("Remove Document Field Lookups") . "</a><br><br>";
 	    $sToRender .= "</td><td>";    
 	    $sToRender .= "</td></tr>";
 	}
@@ -148,7 +148,7 @@ function getGroupPage($fDocFieldID) {
 }
  
 // get page for removal
-function getDeleteConfirmedPage($iUserID,$fGroupID) {
+function getDeleteConfirmedPage($iUserID,$iGroupID) {
     global $default;
     $oUser = null;
     $oGroup = null;
@@ -160,8 +160,8 @@ function getDeleteConfirmedPage($iUserID,$fGroupID) {
     }
  
     // change headings if User selected
-    if (isset($fGroupID)) {
-        $oGroup = Group::get($fGroupID);
+    if (isset($iGroupID)) {
+        $oGroup = Group::get($iGroupID);
         $Groupdisplay = "<td>" . _("Group Name") . ": " . $oGroup->getName() . "</td>\n";
     }
  
@@ -26,6 +26,9 @@
  */
  
 require_once("../../../../../config/dmsDefaults.php");
+
+KTUtil::extractGPC('fGroupID');
+
 require_once("$default->fileSystemRoot/lib/users/User.inc");    
 require_once("$default->fileSystemRoot/lib/security/Permission.inc");
 require_once("$default->fileSystemRoot/lib/visualpatterns/PatternCustom.inc");    
@@ -43,4 +46,4 @@ if (checkSession()) {
 	$main->setFormAction($_SERVER['PHP_SELF']);	
     $main->render();	
 }
-?>
 \ No newline at end of file
+?>
@@ -26,6 +26,8 @@
  */
 require_once("../../../../../../config/dmsDefaults.php");
  
+KTUtil::extractGPC('fDocFieldID', 'fForStore', 'fMetaDataName');
+
 if (checkSession()) {
     require_once("$default->fileSystemRoot/lib/visualpatterns/PatternListBox.inc");
     require_once("$default->fileSystemRoot/lib/visualpatterns/PatternEditableListFromQuery.inc");
@@ -27,6 +27,8 @@
  
 require_once("../../../../../../config/dmsDefaults.php");
  
+KTUtil::extractGPC('fDocFieldID', 'fForStore', 'fMetaDataID', 'fMetaDataName', 'fOldMetaDataName', 'fSelected');
+
 if (checkSession()) {
     require_once("$default->fileSystemRoot/lib/visualpatterns/PatternListBox.inc");
     require_once("$default->fileSystemRoot/lib/visualpatterns/PatternEditableListFromQuery.inc");
@@ -27,6 +27,8 @@
  
 require_once("../../../../../../config/dmsDefaults.php");
  
+KTUtil::extractGPC('fDocFieldID', 'fForDelete', 'fMetaDataID', 'fMetaDataName', 'fSelected');
+
 if (checkSession()) {
     require_once("$default->fileSystemRoot/lib/visualpatterns/PatternListBox.inc");
     require_once("$default->fileSystemRoot/lib/visualpatterns/PatternEditableListFromQuery.inc");
@@ -71,4 +73,4 @@ if (checkSession()) {
     $main->setCentralPayload($oPatternCustom);
     $main->render();
 }
-?>
 \ No newline at end of file
+?>
@@ -27,6 +27,8 @@
  
 require_once("../../../../../config/dmsDefaults.php");
  
+KTUtil::extractGPC('fDocFieldID', 'fForDelete');
+
 if (checkSession()) {
 	require_once("$default->fileSystemRoot/lib/visualpatterns/PatternListBox.inc");
 	require_once("$default->fileSystemRoot/lib/visualpatterns/PatternEditableListFromQuery.inc");
@@ -26,11 +26,11 @@
  */
  
 // gets the delete stuff
-function getDeletePage($fDocFieldID) {
+function getDeletePage($iDocFieldID) {
     global $default;
     $oDocField = null;
-    if (isset($fDocFieldID)) {
-        $oDocField = DocumentField::get($fDocFieldID);
+    if (isset($iDocFieldID)) {
+        $oDocField = DocumentField::get($iDocFieldID);
         $sHeading = "<b>" . _("Are you sure you wish to Remove this Document Field?") . ":</b>\n";
     } else {
         $sHeading = _("Please select a Document Field:");
@@ -27,6 +27,9 @@
  
 require_once("../../../../../config/dmsDefaults.php");
  
+KTUtil::extractGPC('fAdd', 'fDataType', 'fDocTypeID', 'fFieldID', 'fFromList', 'fNewField');
+
+// XXX: huh?
 global $default;
  
 if (checkSession()) {
@@ -27,6 +27,9 @@
  
 require_once("../../../../../config/dmsDefaults.php");
  
+KTUtil::extractGPC('fDocTypeID');
+
+// XXX: huh?
 global $default;
  
 if(checkSession()) {
@@ -27,6 +27,10 @@
  
 require_once("../../../../../config/dmsDefaults.php");
  
+KTUtil::extractGPC('fAdd', 'fDocFieldTypeID', 'fDocTypeID', 'fDocTypeName');
+KTUtil::extractGPC('fDocTypeSelected', 'fEdit', 'fFieldID', 'fIsMandatory');
+KTUtil::extractGPC('fMandatory', 'fRemove', 'fUpdate', 'fUpdateMandatory');
+
 if (checkSession()) {
 	require_once("$default->fileSystemRoot/lib/visualpatterns/PatternListBox.inc");
 	require_once("$default->fileSystemRoot/lib/visualpatterns/PatternEditableListFromQuery.inc");
@@ -27,6 +27,8 @@
  
 require_once("../../../../../config/dmsDefaults.php");
  
+KTUtil::extractGPC('fConfirm', 'fDocFieldID', 'fDocTypeID', 'fIsMandatory', 'fRemove', 'fUpdateMandatory');
+
 if (checkSession()) {
 	require_once("$default->fileSystemRoot/lib/visualpatterns/PatternListBox.inc");
 	require_once("$default->fileSystemRoot/lib/visualpatterns/PatternEditableListFromQuery.inc");
@@ -26,6 +26,9 @@
  */
  
 require_once("../../../../../config/dmsDefaults.php");
+
+KTUtil::extractGPC('fGroupID');
+
 require_once("$default->fileSystemRoot/lib/users/User.inc");    
 require_once("$default->fileSystemRoot/lib/security/Permission.inc");
 require_once("$default->fileSystemRoot/lib/visualpatterns/PatternCustom.inc");    
@@ -43,4 +46,4 @@ if (checkSession()) {
 	$main->setFormAction($_SERVER['PHP_SELF']);	
     $main->render();	
 }
-?>
 \ No newline at end of file
+?>
@@ -27,6 +27,8 @@
  
 require_once("../../../../../config/dmsDefaults.php");
  
+KTUtil::extractGPC('fDocTypeID', 'fDocTypeName', 'fForDelete');
+
 if (checkSession()) {
 	require_once("$default->fileSystemRoot/lib/visualpatterns/PatternListBox.inc");
 	require_once("$default->fileSystemRoot/lib/visualpatterns/PatternEditableListFromQuery.inc");
 <?php
  
 require_once("../../../../../config/dmsDefaults.php");
+
+KTUtil::extractGPC('fConfirm', 'fDocumentIDs');
+
 require_once("$default->fileSystemRoot/lib/documentmanagement/Document.inc");
 require_once("$default->fileSystemRoot/lib/documentmanagement/DocumentTransaction.inc");
 require_once("$default->fileSystemRoot/lib/documentmanagement/PhysicalDocumentManager.inc");
@@ -98,4 +101,4 @@ if (checkSession()) {
 	$main->setFormAction($_SERVER["PHP_SELF"]);
 	$main->render();
 }
-?>
 \ No newline at end of file
+?>
 <?php
  
 require_once("../../../../../config/dmsDefaults.php");
+
+KTUtil::extractGPC('fDocumentID', 'fDocumentIDs');
+
 require_once("$default->fileSystemRoot/lib/documentmanagement/Document.inc");
 require_once("$default->fileSystemRoot/lib/visualpatterns/PatternMainPage.inc");
 require_once("$default->fileSystemRoot/lib/visualpatterns/PatternCustom.inc");
@@ -54,4 +57,4 @@ if (checkSession()) {
 	$main->setFormAction($_SERVER["PHP_SELF"]);
 	$main->render();
 }
-?>
 \ No newline at end of file
+?>
 <?php
  
 require_once("../../../../../config/dmsDefaults.php");
+
+KTUtil::extractGPC('fConfirm', 'fDocumentIDs', 'fSearchString');
+
 require_once("$default->fileSystemRoot/lib/documentmanagement/Document.inc");
 require_once("$default->fileSystemRoot/lib/archiving/ArchiveRestorationRequest.inc");
 require_once("$default->fileSystemRoot/lib/email/Email.inc");
 <?php
  
 require_once("../../../../../config/dmsDefaults.php");
+
+KTUtil::extractGPC('fConfirmed', 'fDocumentID', 'fFolderID', 'fForMove');
+
 require_once("$default->fileSystemRoot/lib/documentmanagement/Document.inc");
 require_once("$default->fileSystemRoot/lib/documentmanagement/DocumentTransaction.inc");
 require_once("$default->fileSystemRoot/lib/documentmanagement/PhysicalDocumentManager.inc");
@@ -26,6 +26,9 @@
  */
  
 require_once("../../../../../config/dmsDefaults.php");
+
+KTUtil::extractGPC('fGroupName', 'fUnitID');
+
 require_once("$default->fileSystemRoot/lib/visualpatterns/PatternListBox.inc");
 require_once("$default->fileSystemRoot/lib/visualpatterns/PatternCreate.inc");
 require_once("$default->fileSystemRoot/lib/groups/Group.inc");
@@ -27,6 +27,8 @@
  
 require_once("../../../../../config/dmsDefaults.php");
  
+KTUtil::extractGPC('fGroupAssign', 'fGroupID', 'fGroupSet', 'fUnitID');
+
 if (checkSession()) {
     require_once("$default->fileSystemRoot/lib/visualpatterns/PatternListBox.inc");
     require_once("$default->fileSystemRoot/lib/visualpatterns/PatternCreate.inc");
@@ -27,6 +27,8 @@
  
 require_once("../../../../../config/dmsDefaults.php");
  
+KTUtil::extractGPC('fForStore', 'fFromCreate', 'fGroupID', 'fGroupName', 'fGroupSysAdmin', 'fGroupUnitAdmin');
+
 if (checkSession()) {
     require_once("$default->fileSystemRoot/lib/visualpatterns/PatternListBox.inc");
     require_once("$default->fileSystemRoot/lib/visualpatterns/PatternEditableListFromQuery.inc");
@@ -27,6 +27,8 @@
  
 require_once("../../../../../config/dmsDefaults.php");
  
+KTUtil::extractGPC('fDeleteConfirmed', 'fGroupID', 'fOtherGroupID', 'fUnitSet', 'fUserID', 'fUserSet');
+
 if (checkSession()) {
     require_once("$default->fileSystemRoot/lib/visualpatterns/PatternListBox.inc");
     require_once("$default->fileSystemRoot/lib/visualpatterns/PatternCreate.inc");
@@ -55,12 +55,12 @@ function getPage($iUserID) {
     return $sToRender;
 }
  
-function getGroupUnitsList($fGroupID){
+function getGroupUnitsList($iGroupID){
  
     $sQuery = 	"SELECT groups_lookup.id as groupID, units_lookup.name as name, units_lookup.id as UnitID  " .
 				"FROM (groups_lookup inner join groups_units_link on groups_lookup.id = groups_units_link.group_id) " .
 				"inner join units_lookup on units_lookup.id = groups_units_link.unit_id " .
-				"Where groups_lookup.id = $fGroupID " .
+				"Where groups_lookup.id = $iGroupID " .
 				"ORDER BY groups_lookup.name ";
  
  
@@ -132,7 +132,7 @@ function getUnitPage($iGroupID) {
 }
  
 // get page for removal
-function getDeleteConfirmedPage($iUserID,$fGroupID) {
+function getDeleteConfirmedPage($iUserID,$iGroupID) {
     global $default;
     $oUser = null;
     $oGroup = null;
@@ -144,8 +144,8 @@ function getDeleteConfirmedPage($iUserID,$fGroupID) {
     }
  
     // change headings if User selected
-    if (isset($fGroupID)) {
-        $oGroup = Group::get($fGroupID);
+    if (isset($iGroupID)) {
+        $oGroup = Group::get($iGroupID);
         $Groupdisplay = "<td>" . _("Group Name") . ": " . $oGroup->getName() . "</td>\n";
     }
  
@@ -26,6 +26,7 @@
  
 require_once("../../../../../config/dmsDefaults.php");
  
+KTUtil::extractGPC('fAssign', 'fGroupID');
  
 /*
  * Update all Users/Group association
@@ -26,6 +26,9 @@
  */
  
 require_once("../../../../../config/dmsDefaults.php");
+
+KTUtil::extractGPC('fUnitID');
+
 require_once("$default->fileSystemRoot/lib/users/User.inc");    
 require_once("$default->fileSystemRoot/lib/security/Permission.inc");
 require_once("$default->fileSystemRoot/lib/visualpatterns/PatternCustom.inc");    
@@ -27,6 +27,8 @@
  
 require_once("../../../../../config/dmsDefaults.php");
  
+KTUtil::extractGPC('fForDelete', 'fGroupID');
+
 if (checkSession()) {
 	require_once("$default->fileSystemRoot/lib/visualpatterns/PatternListBox.inc");
 	require_once("$default->fileSystemRoot/lib/visualpatterns/PatternEditableListFromQuery.inc");
@@ -27,6 +27,8 @@
  
 require_once("../../../../../config/dmsDefaults.php");
  
+KTUtil::extractGPC('fDeleteConfirmed', 'fGroupID', 'fGroupSet', 'fUnitID');
+
 if (checkSession()) {
     require_once("$default->fileSystemRoot/lib/visualpatterns/PatternListBox.inc");
     require_once("$default->fileSystemRoot/lib/visualpatterns/PatternCreate.inc");
@@ -25,12 +25,12 @@
  * @package administration.groupmanagement
  */
  
-function getNoUnitPage($fGroupID){
+function getNoUnitPage($iGroupID){
 	global $default;
 	$sToRender .= "<table><tr><td>\n";
 	$sToRender .= "<br>" . _("Group does not belong to an existing Unit.") . "\n";
 	$sToRender .= "</td><td></td></tr><tr><td></td><td>\n";
-	$sToRender .= "<a href=\"$default->rootUrl/control.php?action=editGroupUnit&fGroupID=$fGroupID\"><img src =\"" . KTHtml::getBackButton() . "\" border = \"0\" /></a>\n";
+	$sToRender .= "<a href=\"$default->rootUrl/control.php?action=editGroupUnit&fGroupID=$iGroupID\"><img src =\"" . KTHtml::getBackButton() . "\" border = \"0\" /></a>\n";
 	$sToRender .= "</td></tr></table>\n";
 	return $sToRender;
  
@@ -27,6 +27,9 @@
  
 require_once("../../../../../config/dmsDefaults.php");
  
+KTUtil::extractGPC('fLinkID');
+
+// XXX: huh?
 global $default;
  
 if(checkSession()) {
@@ -26,6 +26,8 @@
  */
 require_once("../../../../../config/dmsDefaults.php");
  
+KTUtil::extractGPC('fForStore', 'fLinkID', 'fLinkName', 'fRank', 'fUrl');
+
 if (checkSession()) {
 	require_once("$default->fileSystemRoot/lib/visualpatterns/PatternListBox.inc");
 	require_once("$default->fileSystemRoot/lib/visualpatterns/PatternEditableListFromQuery.inc");
@@ -26,6 +26,9 @@
  */
  
 require_once("../../../../../config/dmsDefaults.php");
+
+KTUtil::extractGPC('fGroupID');
+
 require_once("$default->fileSystemRoot/lib/visualpatterns/PatternCreate.inc");
 require_once("$default->fileSystemRoot/presentation/lookAndFeel/knowledgeTree/foldermanagement/folderUI.inc");
 require_once("$default->fileSystemRoot/lib/foldermanagement/Folder.inc");
@@ -47,4 +50,4 @@ if (checkSession()) {
 	$main->setFormAction($_SERVER['PHP_SELF']);	
     $main->render();	
 }
-?>
 \ No newline at end of file
+?>
@@ -26,6 +26,8 @@
  */
 require_once("../../../../../config/dmsDefaults.php");
  
+KTUtil::extractGPC('fForDelete', 'fLinkID', 'fLinkName');
+
 if (checkSession()) {
 	require_once("$default->fileSystemRoot/lib/visualpatterns/PatternListBox.inc");
 	require_once("$default->fileSystemRoot/lib/visualpatterns/PatternEditableListFromQuery.inc");
 <?php
  
 require_once("../../../../../config/dmsDefaults.php");
+
+KTUtil::extractGPC('fActive', 'fBody', 'fRank', 'fStore', 'fSynopsis');
+
 require_once("$default->fileSystemRoot/lib/dashboard/DashboardNews.inc");
 require_once("$default->fileSystemRoot/lib/visualpatterns/PatternMainPage.inc");
 require_once("$default->fileSystemRoot/lib/visualpatterns/PatternCustom.inc");
 <?php
  
 require_once("../../../../../config/dmsDefaults.php");
+
+KTUtil::extractGPC('fActive', 'fBody', 'fNewsID', 'fRank', 'fSynopsis', 'fUpdate');
+
 require_once("$default->fileSystemRoot/lib/dashboard/DashboardNews.inc");
 require_once("$default->fileSystemRoot/lib/visualpatterns/PatternMainPage.inc");
 require_once("$default->fileSystemRoot/lib/visualpatterns/PatternCustom.inc");
 <?php
  
 require_once("../../../../../config/dmsDefaults.php");
+
+KTUtil::extractGPC('fNewsID');
+
 require_once("$default->fileSystemRoot/lib/dashboard/DashboardNews.inc");
 require_once("$default->fileSystemRoot/lib/visualpatterns/PatternMainPage.inc");
 require_once("$default->fileSystemRoot/lib/visualpatterns/PatternCustom.inc");
@@ -51,4 +54,4 @@ if (checkSession()) {
 	$main->setCentralPayload($oContent);
 	$main->render();	
 } 
-?>
 \ No newline at end of file
+?>
 <?php
  
 require_once("../../../../../config/dmsDefaults.php");
+
+KTUtil::extractGPC('fNewsID');
+
 require_once("$default->fileSystemRoot/lib/dashboard/DashboardNews.inc");
 require_once("$default->fileSystemRoot/lib/visualpatterns/PatternMainPage.inc");
 require_once("$default->fileSystemRoot/lib/visualpatterns/PatternCustom.inc");
@@ -52,4 +55,4 @@ if (checkSession()) {
 	$main->setCentralPayload($oContent);
 	$main->render();	
 } 
-?>
 \ No newline at end of file
+?>
 <?php
  
 require_once("../../../../../config/dmsDefaults.php");
+
+KTUtil::extractGPC('fDeleteConfirmed', 'fNewsID');
+
 require_once("$default->fileSystemRoot/lib/dashboard/DashboardNews.inc");
 require_once("$default->fileSystemRoot/lib/visualpatterns/PatternMainPage.inc");
 require_once("$default->fileSystemRoot/lib/visualpatterns/PatternCustom.inc");
@@ -26,6 +26,9 @@
  */
 require_once("../../../../../config/dmsDefaults.php");
  
+KTUtil::extractGPC('fSuccess');
+
+// XXX: copious default
 global $default;
  
 if(checkSession()) {
@@ -26,6 +26,8 @@
  */
 require_once("../../../../../config/dmsDefaults.php");
  
+KTUtil::extractGPC('fForStore', 'fOrgID', 'fOrgName');
+
 if (checkSession()) {
 	require_once("$default->fileSystemRoot/lib/visualpatterns/PatternListBox.inc");
 	require_once("$default->fileSystemRoot/lib/visualpatterns/PatternEditableListFromQuery.inc");
@@ -26,6 +26,9 @@
  */
  
 require_once("../../../../../config/dmsDefaults.php");
+
+KTUtil::extractGPC('fGroupID');
+
 require_once("$default->fileSystemRoot/lib/users/User.inc");    
 require_once("$default->fileSystemRoot/lib/security/Permission.inc");
 require_once("$default->fileSystemRoot/lib/visualpatterns/PatternCustom.inc");    
@@ -43,4 +46,4 @@ if (checkSession()) {
 	$main->setFormAction($_SERVER['PHP_SELF']);	
     $main->render();	
 }
-?>
 \ No newline at end of file
+?>
@@ -26,6 +26,8 @@
  */
 require_once("../../../../../config/dmsDefaults.php");
  
+KTUtil::extractGPC('fForDelete', 'fOrgID', 'fOrgName');
+
 if (checkSession()) {
     require_once("$default->fileSystemRoot/lib/visualpatterns/PatternListBox.inc");
     require_once("$default->fileSystemRoot/lib/visualpatterns/PatternEditableListFromQuery.inc");
@@ -26,6 +26,8 @@
  */
 require_once("../../../../../config/dmsDefaults.php");
  
+KTUtil::extractGPC('fActive', 'fForStore', 'fFromCreate', 'fReadable', 'fRoleID', 'fRoleName', 'fWriteable');
+
 if (checkSession()) {
     require_once("$default->fileSystemRoot/lib/visualpatterns/PatternListBox.inc");
     require_once("$default->fileSystemRoot/lib/visualpatterns/PatternEditableListFromQuery.inc");
@@ -26,6 +26,9 @@
  */
  
 require_once("../../../../../config/dmsDefaults.php");
+
+KTUtil::extractGPC('fGroupID');
+
 require_once("$default->fileSystemRoot/lib/users/User.inc");    
 require_once("$default->fileSystemRoot/lib/security/Permission.inc");
 require_once("$default->fileSystemRoot/lib/visualpatterns/PatternCustom.inc");    
@@ -26,6 +26,8 @@
  */
 require_once("../../../../../config/dmsDefaults.php");
  
+KTUtil::extractGPC('fForDelete', 'fRoleID', 'fRoleName');
+
 if (checkSession()) {
     require_once("$default->fileSystemRoot/lib/visualpatterns/PatternListBox.inc");
     require_once("$default->fileSystemRoot/lib/visualpatterns/PatternEditableListFromQuery.inc");
@@ -26,6 +26,8 @@
  */
 require_once("../../../../../config/dmsDefaults.php");
  
+KTUtil::extractGPC('fForStore');
+
 if (checkSession()) {
 	require_once("$default->fileSystemRoot/lib/System.inc");
     require_once("$default->fileSystemRoot/lib/visualpatterns/PatternCustom.inc");
@@ -48,4 +50,4 @@ if (checkSession()) {
     $main->setCentralPayload($oPatternCustom);
     $main->render();
 }
-?>
 \ No newline at end of file
+?>
@@ -25,6 +25,9 @@
  * @package administration.unitmanagement
  */
 require_once("../../../../../config/dmsDefaults.php");
+
+KTUtil::extractGPC('fForStore', 'fOrgID', 'fUnitName');
+
 require_once("$default->fileSystemRoot/lib/visualpatterns/PatternListBox.inc");
 require_once("$default->fileSystemRoot/lib/visualpatterns/PatternCreate.inc");
 require_once("$default->fileSystemRoot/lib/unitmanagement/Unit.inc");
@@ -26,6 +26,8 @@
  */
 require_once("../../../../../config/dmsDefaults.php");
  
+KTUtil::extractGPC('fAdd', 'fForStore', 'fOrgID', 'fUnitID', 'fUnitName');
+
 if (checkSession()) {
     require_once("$default->fileSystemRoot/lib/visualpatterns/PatternListBox.inc");
     require_once("$default->fileSystemRoot/lib/visualpatterns/PatternCreate.inc");
@@ -26,6 +26,8 @@
  */
 require_once("../../../../../config/dmsDefaults.php");
  
+KTUtil::extractGPC('fForStore', 'fUnitID', 'fUnitName');
+
 if (checkSession()) {
     require_once("$default->fileSystemRoot/lib/visualpatterns/PatternListBox.inc");
     require_once("$default->fileSystemRoot/lib/visualpatterns/PatternEditableListFromQuery.inc");
@@ -27,6 +27,8 @@
  
 require_once("../../../../../config/dmsDefaults.php");
  
+KTUtil::extractGPC('fDeleteConfirmed', 'fGroupID', 'fGroupSet', 'fOtherGroupID', 'fUnitID', 'fUserID', 'fUserSet');
+
 if (checkSession()) {
     require_once("$default->fileSystemRoot/lib/visualpatterns/PatternListBox.inc");
     require_once("$default->fileSystemRoot/lib/visualpatterns/PatternCreate.inc");
@@ -25,10 +25,10 @@
  * @package administration.unitmanagement
  */
  
-function getOrgPage($fUnitID = null){
+function getOrgPage($iUnitID = null){
 	global $default;
  
-	$aUnitOrgLink = UnitOrganisationLink::getList("WHERE unit_id = $fUnitID");
+	$aUnitOrgLink = UnitOrganisationLink::getList("WHERE unit_id = $iUnitID");
  
 	if (count($aUnitOrgLink) > 0 ){
 		$oLink = $aUnitOrgLink[0];
@@ -73,7 +73,7 @@ function getOrgPage($fUnitID = null){
  
 	$sToRender .= "</td>\n";
 	$sToRender .= "<td>\n";
-	$sToRender .= getUnitOrgEdit($bNoOrg, $fUnitID);
+	$sToRender .= getUnitOrgEdit($bNoOrg, $iUnitID);
 	$sToRender .= "</td>\n";        
     $sToRender .= "</table>\n";
  
@@ -82,7 +82,7 @@ function getOrgPage($fUnitID = null){
  
 }
  
-function getUnitOrgEdit($bNoOrg, $fUnitID = null){
+function getUnitOrgEdit($bNoOrg, $iUnitID = null){
 	global $default;
  
 	$sBgColor = "#F5F6EE";
@@ -91,12 +91,12 @@ function getUnitOrgEdit($bNoOrg, $fUnitID = null){
     $sToRender .= "  <tr><td><b>" . _("Options") . "</b></td></tr>";
     if ($bNoOrg) {
 	    $sToRender .= "  <tr><td bgcolor=$sBgColor>";
-	    $sToRender .= "  <br>&nbsp;&nbsp;<a href=\"$default->rootUrl/control.php?action=addUnitToOrg&fUnitID=" . $fUnitID . "\">" . _("Add Unit to an Organisation") . "</a><br><br>";
+	    $sToRender .= "  <br>&nbsp;&nbsp;<a href=\"$default->rootUrl/control.php?action=addUnitToOrg&fUnitID=" . $iUnitID . "\">" . _("Add Unit to an Organisation") . "</a><br><br>";
 	    $sToRender .= "  </td><td>";	    
 	    $sToRender .= "  </td></tr>";
     } else {
 	    $sToRender .= "  <tr><td bgcolor=$sBgColor>";
-	    $sToRender .= "  <br>&nbsp;&nbsp;<a href=\"$default->rootUrl/control.php?action=removeUnitFromOrg&fUnitID=" . $fUnitID  . "\">" . _("Remove Unit from an Organisation") . "</a><br><br>";
+	    $sToRender .= "  <br>&nbsp;&nbsp;<a href=\"$default->rootUrl/control.php?action=removeUnitFromOrg&fUnitID=" . $iUnitID  . "\">" . _("Remove Unit from an Organisation") . "</a><br><br>";
 	    $sToRender .= "  </td><td>";	    
 	    $sToRender .= "  </td></tr>";
     }
@@ -25,6 +25,9 @@
  * @package administration.unitmanagement
  */
 require_once("../../../../../config/dmsDefaults.php");
+
+KTUtil::extractGPC('fOrganisationID');
+
 require_once("$default->fileSystemRoot/lib/users/User.inc");    
 require_once("$default->fileSystemRoot/lib/security/Permission.inc");
 require_once("$default->fileSystemRoot/lib/visualpatterns/PatternCustom.inc");    
@@ -42,4 +45,4 @@ if (checkSession()) {
 	$main->setFormAction($_SERVER['PHP_SELF']);	
     $main->render();	
 }
-?>
 \ No newline at end of file
+?>
@@ -24,17 +24,17 @@
  * @author Omar Rahbeeni, Jam Warehouse (Pty) Ltd, South Africa
  * @package administration.unitmanagement
  */
-function getOrganisationDisplay($fOrganisationID) {
+function getOrganisationDisplay($iOrganisationID) {
 	global $default;
-	$oPatternListBox = & new PatternListBox($default->organisations_table, "name", "id", "fOrganisationID");
+	$oPatternListBox = & new PatternListBox($default->organisations_table, "name", "id", "iOrganisationID");
 	$oPatternListBox->setPostBackOnChange(true);
-	if ($fOrganisationID != 0) {
-		$oPatternListBox->setSelectedValue($fOrganisationID);
+	if ($iOrganisationID != 0) {
+		$oPatternListBox->setSelectedValue($iOrganisationID);
 	}
 	return "<table><tr><td><b>" . _("Filter By Organisation") . " </b></td><td>" . $oPatternListBox->render() . "</td></tr></table>";	        
 }
  
-function getUnits($fOrganisationID) {
+function getUnits($iOrganisationID) {
 	global $default;
  
 	$sQuery = 	"SELECT units_lookup.id as unitID, units_lookup.name as name, " . 
@@ -43,7 +43,7 @@ function getUnits($fOrganisationID) {
 				"FROM (units_lookup " .
 				"LEFT JOIN units_organisations_link ON units_lookup.id = units_organisations_link.unit_id) " . 
 				"LEFT JOIN organisations_lookup ON units_organisations_link.organisation_id = organisations_lookup.id " .
-				($fOrganisationID ? "WHERE units_organisations_link.organisation_id = $fOrganisationID " : "") .					
+				($iOrganisationID ? "WHERE units_organisations_link.organisation_id = $iOrganisationID " : "") .					
 				"ORDER BY units_lookup.name";
  
     $aColumns = array("name", "OrgName", "Edit", "Delete");//, "Edit Organisations");
@@ -61,13 +61,13 @@ function getUnits($fOrganisationID) {
     return $oSearchResults->render() ;	
 }
  
-function getPage($fOrganisationID) {
+function getPage($iOrganisationID) {
 	global $default;
 	$sToRender .= renderHeading(_("Unit Management"));
  
 	$sToRender .= getAddLink("addUnit", _("Add A Unit"));
-	//$sToRender .= getOrganisationDisplay($fOrganisationID);
-	$sToRender .= getUnits($fOrganisationID);
+	//$sToRender .= getOrganisationDisplay($iOrganisationID);
+	$sToRender .= getUnits($iOrganisationID);
 	return $sToRender;
 }
 ?>
@@ -27,6 +27,8 @@
  
 require_once("../../../../../config/dmsDefaults.php");
  
+KTUtil::extractGPC('fForDeleteConfirmed', 'fUnitID');
+
 if (checkSession()) {
     require_once("$default->fileSystemRoot/lib/visualpatterns/PatternListBox.inc");
     require_once("$default->fileSystemRoot/lib/visualpatterns/PatternEditableListFromQuery.inc");
@@ -27,6 +27,8 @@
  
 require_once("../../../../../config/dmsDefaults.php");
  
+KTUtil::extractGPC('fForStore', 'fOrgID', 'fRemove', 'fUnitID', 'fUnitName');
+
 if (checkSession()) {
     require_once("$default->fileSystemRoot/lib/visualpatterns/PatternListBox.inc");
     require_once("$default->fileSystemRoot/lib/visualpatterns/PatternCreate.inc");
@@ -26,6 +26,11 @@
  */
  
 require_once("../../../../../config/dmsDefaults.php");
+
+KTUtil::extractGPC('fAddToDb', 'fEmail', 'fEmailNotification', 'fFromDb');
+KTUtil::extractGPC('fGroupID', 'fLdap', 'fMobile', 'fName', 'fPassword');
+KTUtil::extractGPC('fSearch', 'fSelectedUser', 'fUsername');
+
 require_once("$default->fileSystemRoot/lib/visualpatterns/PatternListBox.inc");
 require_once("$default->fileSystemRoot/lib/visualpatterns/PatternCreate.inc");
 require_once("$default->fileSystemRoot/lib/users/User.inc");
@@ -147,4 +152,4 @@ if (checkSession()) {
     $main->setHasRequiredFields(true);
     $main->render();
 }
-?>
 \ No newline at end of file
+?>
@@ -27,6 +27,8 @@
  
 require_once("../../../../../config/dmsDefaults.php");
  
+KTUtil::extractGPC('fSuccess', 'fUserID');
+
 if (checkSession()) {
 	require_once("$default->fileSystemRoot/lib/visualpatterns/PatternListBox.inc");
 	require_once("$default->fileSystemRoot/lib/visualpatterns/PatternEditableListFromQuery.inc");
@@ -27,6 +27,7 @@
  
 require_once("../../../../../config/dmsDefaults.php");
  
+KTUtil::extractGPC('fAssign', 'fUserID', 'fUserSet');
  
 /*
  * Update all User/Groups association
@@ -26,6 +26,9 @@
  */
  
 require_once("../../../../../config/dmsDefaults.php");
+
+KTUtil::extractGPC('fGroupID', 'fName');
+
 require_once("$default->fileSystemRoot/lib/users/User.inc");    
 require_once("$default->fileSystemRoot/lib/security/Permission.inc");
 require_once("$default->fileSystemRoot/lib/visualpatterns/PatternCustom.inc");    
@@ -51,7 +51,7 @@ function getNameDisplay($sName) {
        return "<table><tr><td><b>" . _("Filter By Name") . " </b></td><td><input type=\"text\" size=\"20\" name=\"fName\" value=\"$sName\" /> <input type=\"button\" value=\"Go\" onCLick=\"document.MainForm.submit()\"></td></tr></table>";
 }
  
-function getUsers($fGroupID, $sName) {
+function getUsers($iGroupID, $sName) {
 	global $default;
 	// changed from inner to outer joins to include users that aren't in any groups (Stefano Ciancio [s.ciancio@pisa.iol.it]) 
 	$sQuery = 	"SELECT DISTINCT U.id as userID, U.name as name, U.username, " . 
@@ -60,8 +60,8 @@ function getUsers($fGroupID, $sName) {
 				"LEFT OUTER JOIN $default->users_groups_table UGL ON U.id = UGL.user_id " .
 				"LEFT OUTER JOIN $default->groups_table GL ON UGL.group_id = GL.id ";
 	// filter by group				
-	if ($fGroupID) {
-		$sWhereClause = "WHERE UGL.group_id = $fGroupID ";
+	if ($iGroupID) {
+		$sWhereClause = "WHERE UGL.group_id = $iGroupID ";
 	}
 	// filter by name				
 	if ($sName) {
@@ -93,7 +93,7 @@ function getUsers($fGroupID, $sName) {
     return $oSearchResults->render() ;	
 }
  
-function getPage($fGroupID, $sName) {
+function getPage($iGroupID, $sName) {
 	global $default;
 	$sToRender .= renderHeading(_("User Management"));
  
@@ -101,9 +101,9 @@ function getPage($fGroupID, $sName) {
 	if (Permission::userIsSystemAdministrator()) {
 		$sToRender .= getAddLink("addUser", _("Add A User"));
 	}
-	$sToRender .= getGroupDisplay($fGroupID);
+	$sToRender .= getGroupDisplay($iGroupID);
 	$sToRender .= getNameDisplay($sName);
-	$sToRender .= getUsers($fGroupID, $sName);
+	$sToRender .= getUsers($iGroupID, $sName);
 	return $sToRender;
 }
 ?>
@@ -27,6 +27,8 @@
  
 require_once("../../../../../config/dmsDefaults.php");
  
+KTUtil::extractGPC('fForUpdate', 'fNewPassword', 'fNewPasswordConfirm', 'fUserID');
+
 if (checkSession()) {	
 	require_once("$default->fileSystemRoot/lib/security/Permission.inc");	
 	require_once("$default->fileSystemRoot/lib/users/User.inc");
@@ -27,6 +27,8 @@
  
 require_once("../../../../../config/dmsDefaults.php");
  
+KTUtil::extractGPC('fForDeleteConfirmed', 'fUserID', 'fUserName');
+
 if (checkSession()) {
     require_once("$default->fileSystemRoot/lib/visualpatterns/PatternListBox.inc");
     require_once("$default->fileSystemRoot/lib/visualpatterns/PatternEditableListFromQuery.inc");
@@ -36,7 +36,7 @@ if(checkSession()) {
     $Center .= renderHeading(_("Add Website"));
     $Center .= "<TABLE BORDER=\"0\" CELLSPACING=\"2\" CELLPADDING=\"2\">\n";
     $Center .= "<tr>\n";
-    if($fWebSiteID != -1) {
+    if($_REQUEST['fWebSiteID'] != -1) {
         $Center .= "<td><b>" . _("New Website Added SuccessFully") . "!<b></td>\n";
     } else {
         $Center .= "<td><b>" . _("Addition Unsuccessful") . "</b>...</td>\n";
@@ -27,6 +27,8 @@
  
 require_once("../../../../../config/dmsDefaults.php");
  
+KTUtil::extractGPC('fForStore', 'fWebMasterID', 'fWebSiteID', 'fWebSiteName', 'fWebSiteURL');
+
 if (checkSession()) {
     require_once("$default->fileSystemRoot/lib/visualpatterns/PatternListBox.inc");
     require_once("$default->fileSystemRoot/lib/visualpatterns/PatternEditableListFromQuery.inc");
@@ -37,10 +37,10 @@ require_once(&quot;listWebsitesUI.inc&quot;);
  
 if (checkSession()) {	
     $oPatternCustom = & new PatternCustom();
-    $oPatternCustom->setHtml(getPage($fGroupID));
+    $oPatternCustom->setHtml(getPage($_REQUEST['fGroupID']));
 	require_once("$default->fileSystemRoot/presentation/webpageTemplate.inc");
 	$main->setCentralPayload($oPatternCustom);
 	$main->setFormAction($_SERVER['PHP_SELF']);	
     $main->render();	
 }
-?>
 \ No newline at end of file
+?>
@@ -43,12 +43,12 @@ if (checkSession()) {
 	$oPatternCustom = & new PatternCustom();	
  
 	// get main page
-	if (isset($fWebSiteID)) {
-		$oWebSite = Website::get($fWebSiteID);
+	if (isset($_REQUEST['fWebSiteID'])) {
+		$oWebSite = Website::get($_REQUEST['fWebSiteID']);
 	    // if delete entry
-		if (isset($fForDelete)) {
+		if (array_key_exists('fForDelete', $_REQUEST)) {
  
-			$oWebSite->setWebSiteName($fWebSiteName);
+			$oWebSite->setWebSiteName($_REQUEST['fWebSiteName']);
  
 			if ($oWebSite->delete()) {
 				$oPatternCustom->setHtml(getDeleteSuccessPage());
@@ -62,7 +62,7 @@ if (checkSession()) {
 				$oPatternCustom->setHtml(statusPage(_("Remove Website"), _("This website can not be removed since it is still in use."), "", "listWebsites"));
 			} else { 
 				// ask for confirmation
-				$oPatternCustom->setHtml(getDeletePage($fWebSiteID));
+				$oPatternCustom->setHtml(getDeletePage($_REQUEST['fWebSiteID']));
 				$main->setFormAction($_SERVER["PHP_SELF"] . "?fForDelete=1");
 			}
 		}
@@ -97,8 +97,8 @@ if ($oObject-&gt;create()) {
 }
  
 //redirect the user
-if (isset($fRedirectURL)) {
-	redirect(strip_tags(urldecode($fRedirectURL)) . $oObject->iId . "&fSuccess=" . $bSuccess);
+if (array_key_exists('fRedirectURL', $_REQUEST)) {
+	redirect(strip_tags(urldecode($_REQUEST['fRedirectURL'])) . $oObject->iId . "&fSuccess=" . $bSuccess);
 } else {
 	redirect("$default->rootUrl/control.php");
 }
 <?php
  
 require_once("../../../../../config/dmsDefaults.php");
+
+KTUtil::extractGPC('fNewsID');
+
 require_once("$default->fileSystemRoot/lib/dashboard/DashboardNews.inc");
  
 /**
@@ -33,4 +36,4 @@ if (isset($fNewsID)) {
 	$oNews = DashboardNews::get($fNewsID);
 	$oNews->displayImage();
 }
-?>
 \ No newline at end of file
+?>
 <?php
  
 require_once("../../../../../config/dmsDefaults.php");
+
+KTUtil::extractGPC('fNewsID');
+
 require_once("$default->fileSystemRoot/lib/dashboard/DashboardNews.inc");
 require_once("$default->uiDirectory/dashboardUI.inc");
  
@@ -41,4 +44,4 @@ if (checkSession()) {
 		}
 	}
 }
-?>
 \ No newline at end of file
+?>
@@ -26,6 +26,9 @@
  */
  
 require_once("../../../../config/dmsDefaults.php");
+
+KTUtil::extractGPC('fAddCommentSubmit', 'fComment', 'fCommentID', 'fDocumentID', 'fInReplyTo', 'fNewComment', 'fNewThread', 'fReplyComment', 'fSubject', 'fThreadID');
+
 require_once("$default->fileSystemRoot/lib/visualpatterns/PatternCreate.inc");
 require_once("$default->fileSystemRoot/lib/visualpatterns/PatternMainPage.inc");    
 require_once("addCommentUI.inc"); //###    
@@ -41,28 +41,28 @@ function getSubmitSuccessPage($iDocumentID){
 /** 
  *	Display the ADD COMMENT page   
  *
- *	@param $fDocumentID -> a valid Document ID
+ *	@param $iDocumentID -> a valid Document ID
  *	@param $sSubject -> a Subject text
  *	@param $sBody -> a Body text 
  */
-function getAddComment($fDocumentID, $sSubject, $sBody, $iCommentID, $fNewComment = null, $fThreadID) {
+function getAddComment($iDocumentID, $sSubject, $sBody, $iCommentID, $iNewComment = null, $iThreadID) {
 	global $default;
  
 	$sHeading = _("Add a Comment");
 	$sToRender .= renderHeading($sHeading);
-	$sToRender .= displayDocumentPath($fDocumentID);	
+	$sToRender .= displayDocumentPath($iDocumentID);	
 	$sToRender .= "<table width=\"100%\" border=\"0\" cellpadding=0 ><tr><td></td>\n";	
 	$sToRender .= "<td align=right width=500>";
 	$sToRender .= "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;";
 	$sToRender .= "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;";
 	$sToRender .= "<input onmouseover=\"this.style.cursor='hand'\" type=\"image\" src=\"" . KTHtml::getSubmitButton() . "\" border=0></td>";	
-	if ($fNewComment>0) {	// If user is creating a new comment
-		$sToRender .= "<td width=\"10\" valign=top><a href=\"" . generateControllerLink("viewDiscussion", "fForDiscussion=1&fDocumentID=$fDocumentID") . "\"><img src=\"" . KTHtml::getCancelButton() . "\" border=0 ></a></td></tr>\n";
-		$sToRender .= "<input type=\"hidden\" name=\"fNewComment\" value=\"1\"/>";
+	if ($iNewComment>0) {	// If user is creating a new comment
+		$sToRender .= "<td width=\"10\" valign=top><a href=\"" . generateControllerLink("viewDiscussion", "fForDiscussion=1&fDocumentID=$iDocumentID") . "\"><img src=\"" . KTHtml::getCancelButton() . "\" border=0 ></a></td></tr>\n";
+		$sToRender .= "<input type=\"hidden\" name=\"iNewComment\" value=\"1\"/>";
 	} else {				// If the user is replying to a comment
 		$sToRender .= "<input type=\"hidden\" name=\"fInReplyTo\" value=\"$iCommentID\"/>";
-		$sToRender .= "<input type=\"hidden\" name=\"fThreadID\" value=\"". $fThreadID . "\"/>";
-		$sToRender .= "<td width=\"10\" valign=top><a href=\"" . generateControllerLink("viewComment", "fViewComment=1&iDocumentID=$fDocumentID&iCommentID=$iCommentID") . "\"><img src=\"" . KTHtml::getCancelButton() . "\" border=0 ></a></td></tr>\n";		
+		$sToRender .= "<input type=\"hidden\" name=\"fThreadID\" value=\"". $iThreadID . "\"/>";
+		$sToRender .= "<td width=\"10\" valign=top><a href=\"" . generateControllerLink("viewComment", "fViewComment=1&iDocumentID=$iDocumentID&iCommentID=$iCommentID") . "\"><img src=\"" . KTHtml::getCancelButton() . "\" border=0 ></a></td></tr>\n";		
 	}
 	$sToRender .= "<br><tr><td valign=\"top\" width=10><b>Subject</b></td><td colspan=2>\n";
 	$sToRender .= "<input type=\"text\" style=\"width:385\" name=\"fSubject\" value=\"$sSubject\"></td></tr>\n";
@@ -26,6 +26,9 @@
  */
  
 require_once("../../../../config/dmsDefaults.php");
+
+KTUtil::extractGPC('fDocumentID', 'fForDiscussion');
+
 require_once("viewDiscussionUI.inc");     
 require_once("$default->fileSystemRoot/presentation/lookAndFeel/knowledgeTree/foldermanagement/folderUI.inc");
 require_once("$default->fileSystemRoot/lib/documentmanagement/Document.inc");
@@ -48,14 +48,14 @@ function getViewFailPage($sMessage) {
 /** 
  *	Page to create a new thread
  *
- *	@param $fDocumentID -> a valid document ID
+ *	@param $iDocumentID -> a valid document ID
  */
-function getNewThreadOption($fDocumentID) {
+function getNewThreadOption($iDocumentID) {
 	global $default;   
 	$sToRender .= _("Would you like to create a new Discussion thread for this document?");
 	$sToRender .= "&nbsp;&nbsp;&nbsp;";
-	$sToRender .= "<a href=\"" . generateControllerLink("addComment", "fDocumentID=" . $fDocumentID . "&fNewThread=1") . "\"><img src=\"" . KTHtml::getNewButton() . "\" border=\"0\"></a>";
-	$sToRender .= "<a href=\"" . generateControllerLink("viewDocument", "fDocumentID=" . $fDocumentID) . "\"><img src=\"" . KTHtml::getCancelButton() . "\" border=\"0\"></a>";
+	$sToRender .= "<a href=\"" . generateControllerLink("addComment", "fDocumentID=" . $iDocumentID . "&fNewThread=1") . "\"><img src=\"" . KTHtml::getNewButton() . "\" border=\"0\"></a>";
+	$sToRender .= "<a href=\"" . generateControllerLink("viewDocument", "fDocumentID=" . $iDocumentID) . "\"><img src=\"" . KTHtml::getCancelButton() . "\" border=\"0\"></a>";
 	return $sToRender;
 }
  
@@ -31,6 +31,8 @@
  
 require_once("../../../../config/dmsDefaults.php");
  
+KTUtil::extractGPC('fFolderID', 'fStore', 'fDocumentTypeID', 'fName', 'fDependantDocumentID');
+
 if (checkSession()) {
     require_once("$default->fileSystemRoot/lib/visualpatterns/PatternTableSqlQuery.inc");
     require_once("$default->fileSystemRoot/lib/visualpatterns/PatternMetaData.inc");
@@ -31,6 +31,8 @@
  
 require_once("../../../../config/dmsDefaults.php");
  
+KTUtil::extractGPC('fDocumentID', 'fForStore', 'fTargetDocumentID');
+
 if (checkSession()) {
 	require_once("$default->fileSystemRoot/lib/documentmanagement/Document.inc");
 	require_once("$default->fileSystemRoot/lib/documentmanagement/DocumentLink.inc");
@@ -26,6 +26,9 @@
  */
  
 require_once("../../../../../config/dmsDefaults.php");
+
+KTUtil::extractGPC('fArchivingTypeID', 'fDocumentID', 'fDocumentTransactionID', 'fExpirationDate', 'fStore', 'fTimeUnitID', 'fUnits'); 
+
 require_once("$default->fileSystemRoot/lib/documentmanagement/Document.inc");
  
 require_once("$default->fileSystemRoot/lib/archiving/DocumentArchiveSettingsFactory.inc");
 <?php
  
 require_once("../../../../../config/dmsDefaults.php");
+
+KTUtil::extractGPC('fConfirmed', 'fDocumentID');
+
 require_once("$default->fileSystemRoot/lib/archiving/DocumentArchiveSettingsFactory.inc");
 require_once("$default->fileSystemRoot/lib/documentmanagement/Document.inc");
 require_once("$default->fileSystemRoot/lib/subscriptions/SubscriptionEngine.inc");
@@ -25,6 +25,8 @@
  * @package documentmanagement.archiving
  */
  
+KTUtil::extractGPC('fArchivingTypeID', 'fDocumentID');
+
 /**
  * Displays an error message
  */
@@ -26,6 +26,9 @@
  */
  
 require_once("../../../../../config/dmsDefaults.php");
+
+KTUtil::extractGPC('fDelete', 'fDocumentID', 'fDocumentTransactionID', 'fExpirationDate', 'fStore', 'fTimeUnitID', 'fUnits');
+
 require_once("$default->fileSystemRoot/lib/documentmanagement/Document.inc");
  
 require_once("$default->fileSystemRoot/lib/archiving/DocumentArchiveSettingsFactory.inc");
 <?php
  
 require_once("../../../../../config/dmsDefaults.php");
+
+KTUtil::extractGPC('fDocumentID');
+
 require_once("$default->fileSystemRoot/lib/documentmanagement/Document.inc");
 require_once("$default->fileSystemRoot/lib/archiving/ArchiveRestorationRequest.inc");
 require_once("$default->fileSystemRoot/lib/email/Email.inc");
@@ -91,4 +94,4 @@ if (checkSession()) {
 	$main->setHasRequiredFields(true);			
 	$main->render();
 } 
-?>
 \ No newline at end of file
+?>
 <?php
  
 require_once("../../../../config/dmsDefaults.php");
+
+KTUtil::extractGPC('fActions', 'fBrowseType', 'fDocumentIDs', 'fFolderID', 'fSortBy', 'fSortDirection');
+
 require_once("$default->fileSystemRoot/lib/browse/BrowserFactory.inc");
 require_once("$default->fileSystemRoot/lib/browse/Browser.inc");
 require_once("$default->fileSystemRoot/lib/documentmanagement/DocumentType.inc");
 <?php
  
+/// XXX: extractGPC in UI?(!)
+KTUtil::extractGPC('fBrowseType', 'fCategoryName', 'fDocumentTypeID', 'fFolderID');
+
 require_once("$default->fileSystemRoot/presentation/Html.inc");
 require_once("$default->uiDirectory/foldermanagement/folderUI.inc");
 require_once("$default->uiDirectory/documentmanagement/documentUI.inc");
 require_once("$default->uiDirectory/foldermanagement/addFolderUI.inc");
+
 /**
  * $Id$
  *
@@ -30,6 +30,8 @@
  
 require_once("../../../../config/dmsDefaults.php");
  
+KTUtil::extractGPC('fDocumentID', 'fForStore', 'fFolderID', 'fCheckInComment', 'fCheckInType');
+
 if (checkSession()) {
     require_once("$default->fileSystemRoot/lib/email/Email.inc");
  
@@ -30,6 +30,8 @@
  
 require_once("../../../../config/dmsDefaults.php");
  
+KTUtil::extractGPC('fDocumentID', 'fForStore', 'fCheckOutComment');
+
 if (checkSession()) {
  
     require_once("$default->fileSystemRoot/lib/email/Email.inc");
@@ -35,6 +35,8 @@
  
 require_once("../../../../config/dmsDefaults.php");
  
+KTUtil::extractGPC('fDocumentID', 'fFolderCollaborationID', 'fIsActive', 'fIsDone', 'fForStore', 'fUserID');
+
 if (checkSession()) {
 	require_once("$default->fileSystemRoot/lib/visualpatterns/PatternListBox.inc");
 	require_once("$default->fileSystemRoot/lib/foldermanagement/FolderCollaboration.inc");
@@ -52,7 +54,6 @@ if (checkSession()) {
 	require_once("documentUI.inc");
 	require_once("collaborationUI.inc");
  
-	
 	//if the required form variabled are set
 	if (isset($fFolderCollaborationID) && isset($fDocumentID)) {
 		//if the user has write permission for the document
@@ -27,6 +27,8 @@
  
 require_once("../../../../config/dmsDefaults.php");
  
+KTUtil::extractGPC('fDocumentID', 'fComment', 'fForStore');
+
 require_once("$default->fileSystemRoot/lib/security/Permission.inc");
  
 require_once("$default->fileSystemRoot/lib/email/Email.inc");
@@ -59,13 +59,13 @@ function getRole($iRoleID) {
 	return $oPatternListBox->render();*/
 }
  
-function getDocumentRoutingPage($iGroupID, $iUserID, $iRoleID, $iSequenceNumber, $fDocumentID) {
+function getDocumentRoutingPage($iGroupID, $iUserID, $iRoleID, $iSequenceNumber, $iDocumentID) {
 	global $default;
 	$sSectionName = $default->siteMap->getSectionName(substr($_SERVER["PHP_SELF"], strlen($default->rootUrl), strlen($_SERVER["PHP_SELF"])));
 	$sTDBGColour = $default->siteMap->getSectionColour($sSectionName, "td");
 	$sTHBGColour = $default->siteMap->getSectionColour($sSectionName, "th");
 	return 	renderHeading(_("Edit Document Approval Routing")) .
-			displayDocumentPath($fDocumentID) .
+			displayDocumentPath($iDocumentID) .
 			"<table cellspacing=2, cellpadding=2, border=0>\n" .
 			"<caption><b>" . _("Document Routing") . "</b></caption>\n" .
 			"<tr>\n" .
@@ -85,7 +85,7 @@ function getDocumentRoutingPage($iGroupID, $iUserID, $iRoleID, $iSequenceNumber,
 			"<td colspan=\"2\">&nbsp</td>\n" .
 			"</tr>\n" .
 			"<tr>\n" .
-			"<td><b><input type=\"image\" src=\"" . KTHtml::getUpdateButton() . "\" border=\"0\"/></b></td><td>" . generateControllerLink("viewDocument", "fDocumentID=$fDocumentID&fShowSection=documentRouting", "<img src=\"" . KTHtml::getCancelButton() . "\" border=\"0\"/>") . "</td>\n" .
+			"<td><b><input type=\"image\" src=\"" . KTHtml::getUpdateButton() . "\" border=\"0\"/></b></td><td>" . generateControllerLink("viewDocument", "fDocumentID=$iDocumentID&fShowSection=documentRouting", "<img src=\"" . KTHtml::getCancelButton() . "\" border=\"0\"/>") . "</td>\n" .
 			"</tr>\n" .
 			"</table>\n";
 }
@@ -28,6 +28,8 @@
  
 require_once("../../../../config/dmsDefaults.php");
  
+KTUtil::extractGPC('fDocumentID', 'fDocumentTitle', 'fForStore', 'fTargetDocumentID', 'fTemplateDocument', 'fUnitID', 'fUserID');
+
 if (checkSession()) {
 	require_once("createDependantDocumentUI.inc");
 	require_once("$default->fileSystemRoot/lib/visualpatterns/PatternCustom.inc");
@@ -39,7 +41,7 @@ if (checkSession()) {
 	require_once("$default->fileSystemRoot/lib/documentmanagement/DependantDocumentInstance.inc");
 	require_once("$default->fileSystemRoot/presentation/Html.inc");
 	require_once("$default->fileSystemRoot/presentation/lookAndFeel/knowledgeTree/foldermanagement/folderUI.inc");
-	
+
 	if (isset($fForStore)) {
 		$oDependantDocument = & new DependantDocumentInstance($fDocumentTitle, $fUserID, $fTargetDocumentID, $fDocumentID);		
 		if ($oDependantDocument->create()) {		
@@ -27,6 +27,9 @@
  */
  
 require_once("../../../../config/dmsDefaults.php");
+
+KTUtil::extractGPC('fDeleteConfirmed', 'fDocumentIDs');
+
 require_once("$default->fileSystemRoot/lib/foldermanagement/Folder.inc");
 require_once("$default->fileSystemRoot/lib/foldermanagement/FolderUserRole.inc");
 require_once("$default->fileSystemRoot/lib/users/User.inc");
@@ -44,7 +47,6 @@ require_once(&quot;deleteDocumentUI.inc&quot;);
  
 $aNondeletedDocs = array();
  
-
 if (checkSession()) {
  
   if (isset($fDocumentIDs)) {
@@ -24,18 +24,18 @@
  * @author Rob Cherry, Jam Warehouse (Pty) Ltd, South Africa
  * @package documentmanagement
  */
-function getPage($fDocumentIDs) {
+function getPage($aDocumentIDs) {
 	global $default;
     $sToRender  = renderHeading(_("Delete Document"));
 	$sToRender .= "<table border=\"0\">\n";
 	$sToRender .= "<tr>\n";
 	$sToRender .= "<td>" . _("You have chosen to delete the following document(s):") . " <br><br></td>\n";
  
-	for ($i = 0; $i < count($fDocumentIDs); $i++) {
-	  $oDocument = Document::get($fDocumentIDs[$i]);
+	for ($i = 0; $i < count($aDocumentIDs); $i++) {
+	  $oDocument = Document::get($aDocumentIDs[$i]);
 	$sToRender .= "<tr>\n";
 	  $sToRender .= "<td>&nbsp;&nbsp;'" .  $oDocument->getDisplayPath() . "'</td>\n";
-	  $sQueryString .= "fDocumentIDs[]=$fDocumentIDs[$i]&";
+	  $sQueryString .= "fDocumentIDs[]=$aDocumentIDs[$i]&";
 	}
 	$sToRender .= "<tr><tr><tr><tr>\n";
  
@@ -30,6 +30,8 @@
  
 require_once("../../../../config/dmsDefaults.php");
  
+KTUtil::extractGPC('fDocumentID', 'fForInlineView', 'fVersion');
+
 require_once("$default->fileSystemRoot/lib/security/Permission.inc");
 require_once("$default->fileSystemRoot/lib/documentmanagement/PhysicalDocumentManager.inc");
 require_once("$default->fileSystemRoot/lib/documentmanagement/DocumentTransaction.inc");
@@ -26,6 +26,9 @@
  */
  
 require_once("../../../../config/dmsDefaults.php");
+
+KTUtil::extractGPC('fComment', 'fDocumentID', 'fSendEmail');
+
 require_once("$default->fileSystemRoot/lib/security/Permission.inc");
 require_once("$default->fileSystemRoot/lib/documentmanagement/Document.inc");
 require_once("$default->fileSystemRoot/lib/email/Email.inc");
@@ -28,6 +28,8 @@
  
 require_once("../../../../config/dmsDefaults.php");
  
+KTUtil::extractGPC('fInstanceID', 'fReminderMessage', 'fSendMessage', 'fUserID');
+
 if (checkSession()) {
 	require_once("escalateDependantDocumentUI.inc");
 	require_once("$default->fileSystemRoot/lib/visualpatterns/PatternCustom.inc");
@@ -34,6 +34,8 @@
  
 require_once("../../../../config/dmsDefaults.php");
  
+KTUtil::extractGPC('fDocumentID', 'fDocumentName', 'fDocumentTypeID', 'fFirstEdit', 'fForUpdate');
+	
 if (checkSession()) {
  
 	require_once("$default->fileSystemRoot/lib/security/Permission.inc");
@@ -49,7 +51,7 @@ if (checkSession()) {
 	require_once("$default->fileSystemRoot/presentation/lookAndFeel/knowledgeTree/documentmanagement/documentUI.inc");
 	require_once("$default->fileSystemRoot/presentation/lookAndFeel/knowledgeTree/foldermanagement/folderUI.inc");				
 	require_once("$default->fileSystemRoot/presentation/Html.inc");
-	
+
 	$oDocument = & Document::get($fDocumentID);
 	if (Permission::userHasDocumentWritePermission($oDocument)) {
 		//if the user has write permission
@@ -31,6 +31,8 @@
  
 require_once("../../../../config/dmsDefaults.php");
  
+KTUtil::extractGPC('fDocumentID', 'fFirstEdit');
+
 if (checkSession()) {
  
 	require_once("$default->fileSystemRoot/lib/security/Permission.inc");
@@ -41,8 +43,7 @@ if (checkSession()) {
 	require_once("$default->fileSystemRoot/presentation/Html.inc");
 	require_once("documentUI.inc");
 	require_once("modifyGenericMetaDataUI.inc");
-	
-	
+
 	$oDocument = Document::get($fDocumentID);
 	if (Permission::userHasDocumentWritePermission($oDocument)) {
  
@@ -49,7 +49,7 @@ function getEditableGenericMetaData($iDocumentID, $iDocumentTypeID) {
  
 }
  
-function getPage($iDocumentID, $iDocumentTypeID, $fFirstEdit) {
+function getPage($iDocumentID, $iDocumentTypeID, $bFirstEdit) {
 	global $default;
  
 	$sToRender .= renderHeading(_("Edit Generic Meta Data"));
@@ -68,7 +68,7 @@ function getPage($iDocumentID, $iDocumentTypeID, $fFirstEdit) {
 	$sToRender .= "<td>\n";
 	$sToRender .= "<input type=\"image\" src=\"" . KTHtml::getUpdateButton() . "\" border=\"0\"/>\n";
 	$sToRender .= "</td>\n";
-	if (!isset($fFirstEdit)) {
+	if (!isset($bFirstEdit)) {
 		//can't cancel if you're uploading for the first time, must fill out the generic meta data
 		$sToRender .= "<td>\n";
 		$sToRender .= "<a href=\"$default->rootUrl/control.php?action=viewDocument&fDocumentID=$iDocumentID&fShowSection=genericMetaData\"><img src=\"" . KTHtml::getCancelButton() . "\" border=\"0\" /></a>\n";