Peter M. Groen / knowledgetree

Commit 738e8662f1044587256766d746040cc9c1b19d21

Authored by conradverm
1 parent 9ebbf8d0

KTS-2178 

"cross site scripting"
Updated.

Reviewed By: Kevin Fourie

git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@6918 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 1 changed file with 54 additions and 49 deletions
lib/foldermanagement/Folder.inc
  View file @738e866
... ... @@ -8,7 +8,7 @@
8 8 * License Version 1.1.2 ("License"); You may not use this file except in
9 9 * compliance with the License. You may obtain a copy of the License at
10 10 * http://www.knowledgetree.com/KPL
11   - *
  11 + *
12 12 * Software distributed under the License is distributed on an "AS IS"
13 13 * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied.
14 14 * See the License for the specific language governing rights and
... ... @@ -19,9 +19,9 @@
19 19 * (ii) the KnowledgeTree copyright notice
20 20 * in the same form as they appear in the distribution. See the License for
21 21 * requirements.
22   - *
  22 + *
23 23 * The Original Code is: KnowledgeTree Open Source
24   - *
  24 + *
25 25 * The Initial Developer of the Original Code is The Jam Warehouse Software
26 26 * (Pty) Ltd, trading as KnowledgeTree.
27 27 * Portions created by The Jam Warehouse Software (Pty) Ltd are Copyright
... ... @@ -35,7 +35,7 @@ require_once(KT_LIB_DIR . "/documentmanagement/Document.inc");
35 35 require_once(KT_LIB_DIR . "/util/sanitize.inc");
36 36  
37 37 class Folder extends KTEntity {
38   -
  38 +
39 39 /** folder primary key */
40 40 var $iId;
41 41 /** folder name */
... ... @@ -45,7 +45,7 @@ class Folder extends KTEntity {
45 45 /** folder parent primary key */
46 46 var $iParentID;
47 47 /** primary key of user who created folder */
48   - var $iCreatorID;
  48 + var $iCreatorID;
49 49 /** public status of folder */
50 50 var $bIsPublic = false;
51 51 /** comma deliminated string of parent ids */
... ... @@ -74,12 +74,12 @@ class Folder extends KTEntity {
74 74 'bRestrictDocumentTypes' => 'restrict_document_types',
75 75 );
76 76 // }}}
77   -
  77 +
78 78 function getID() { return $this->iId; }
79 79 function getName() { return sanitizeForSQLtoHTML($this->sName); }
80 80 function setName($sNewValue) { $this->sName = sanitizeForSQL($sNewValue); }
81   - function getDescription() { return sanitizeForSQLtoHTML($this->sDescription); }
82   - function setDescription($sNewValue) { $this->sDescription = sanitizeForSQL($sNewValue); }
  81 + function getDescription() { return sanitizeForSQLtoHTML($this->sDescription); }
  82 + function setDescription($sNewValue) { $this->sDescription = sanitizeForSQL($sNewValue); }
83 83 function getParentID() { return $this->iParentID; }
84 84 function setParentID($iNewValue) { $this->iParentID = $iNewValue; }
85 85 function getCreatorID() { return $this->iCreatorID; }
... ... @@ -111,7 +111,7 @@ class Folder extends KTEntity {
111 111  
112 112 /**
113 113 * Returns a comma delimited string containing the parent folder ids, strips leading /
114   - *
  114 + *
115 115 * @return String comma delimited string containing the parent folder ids
116 116 */
117 117 function generateFolderIDs($iFolderId) {
... ... @@ -136,13 +136,13 @@ class Folder extends KTEntity {
136 136 }
137 137 return sprintf('%s,%s,%s', $sParentFolderParentFolderIds, $iParentId, $oFolder->getId());
138 138 }
139   -
  139 +
140 140 /**
141 141 * Recursively generates forward slash deliminated string giving full path of document
142 142 * from file system root url
143 143 */
144 144 function generateFullFolderPath($iFolderId) {
145   - //if the folder is not the root folder
  145 + //if the folder is not the root folder
146 146 if ($iFolderId == 0) {
147 147 return;
148 148 }
... ... @@ -167,13 +167,13 @@ class Folder extends KTEntity {
167 167 }
168 168 return sprintf('%s/%s', $res, $oFolder->getName());
169 169 }
170   -
  170 +
171 171 /**
172 172 * Returns a forward slash deliminated string giving full path of document, strips leading /
173   - */
  173 + */
174 174 function generateFolderPath($iFolderID) {
175 175 $sPath = Folder::generateFullFolderPath($iFolderID);
176   - return $sPath;
  176 + return $sPath;
177 177 }
178 178  
179 179 function _fieldValues () {
... ... @@ -197,7 +197,7 @@ class Folder extends KTEntity {
197 197 global $default;
198 198 return $default->folders_table;
199 199 }
200   -
  200 +
201 201 /**
202 202 * Update the current folder values in the database
203 203 *
... ... @@ -206,7 +206,7 @@ class Folder extends KTEntity {
206 206 function update($bPathChange = false) {
207 207 $res = parent::update();
208 208 if ($res === true) {
209   - if ($bPathChange) {
  209 + if ($bPathChange) {
210 210 // XXX: TransactionCheckPoint
211 211 $this->updateChildPaths($this->iId);
212 212 $this->updateDocumentPaths($this->iId);
... ... @@ -214,15 +214,15 @@ class Folder extends KTEntity {
214 214 }
215 215 return $res;
216 216 }
217   -
  217 +
218 218 function renameFolder($sOldPath) {
219 219 PhysicalFolderManagement::renameFolder($sOldPath, $default->documentRoot . "/" . $this->sFullPath . "/" . $this->sName);
220 220 }
221   -
  221 +
222 222 /**
223 223 * When a folder is renamed, we must update
224 224 * the paths of the children in the database
225   - *
  225 + *
226 226 */
227 227 function updateChildPaths($iId) {
228 228 global $default;
... ... @@ -230,7 +230,7 @@ class Folder extends KTEntity {
230 230 $sql = $default->db;
231 231 $aFolders =& Folder::getByParentId($iId);
232 232 foreach ($aFolders as $oFolder) {
233   - $oFolder->update(true);
  233 + $oFolder->update(true);
234 234 }
235 235 return;
236 236 }
... ... @@ -256,7 +256,7 @@ class Folder extends KTEntity {
256 256 }
257 257 return true;
258 258 }
259   -
  259 +
260 260 /**
261 261 * Returns the documents in this folder
262 262 */
... ... @@ -270,7 +270,7 @@ class Folder extends KTEntity {
270 270 }
271 271 return implode(',', $res);
272 272 }
273   -
  273 +
274 274 function &get($iFolderID) {
275 275 return KTEntityUtil::get('Folder', $iFolderID);
276 276 }
... ... @@ -288,7 +288,7 @@ class Folder extends KTEntity {
288 288 }
289 289 return ($res != 0); // handle pre-existing duplicates gracefully.
290 290 }
291   -
  291 +
292 292 /**
293 293 * Static function
294 294 * Get a list of Documents
... ... @@ -304,13 +304,13 @@ class Folder extends KTEntity {
304 304 /**
305 305 * Static function.
306 306 * Get the full path for a folder
307   - *
308   - * @param Primary key of folder to generate path for
  307 + *
  308 + * @param Primary key of folder to generate path for
309 309 *
310 310 * @return String full path of folder
311 311 */
312 312 function getFolderPath($iFolderID) {
313   - global $default;
  313 + global $default;
314 314 $oFolder = Folder::get($iFolderID);
315 315 $sPath = $default->documentRoot . "/" . $oFolder->getFullPath() . "/" . $oFolder->getName() . "/";
316 316 return $sPath;
... ... @@ -319,18 +319,18 @@ class Folder extends KTEntity {
319 319 /**
320 320 * Static function.
321 321 * Get the full path for a folder as an array
322   - *
323   - * @param int primary key of folder to generate path for
  322 + *
  323 + * @param int primary key of folder to generate path for
324 324 *
325 325 * @return array full path of folder as an array of folderIDs
326 326 */
327 327 function getFolderPathNamesAsArray($iFolderID) {
328 328 global $default;
329 329 $oFolder = Folder::get($iFolderID);
330   - $aPathArray = array();
  330 + $aPathArray = array();
331 331 if ($oFolder) {
332 332 if (strlen($oFolder->getFullPath()) > 0) {
333   - if (strlen($oFolder->getFullPath()) > 1) {
  333 + if (strlen($oFolder->getFullPath()) > 1) {
334 334 $aPathArray = explode("/",$oFolder->getFullPath());
335 335 } else {
336 336 $aPathArray = array($oFolder->getFullPath());
... ... @@ -348,17 +348,17 @@ class Folder extends KTEntity {
348 348 return Folder::getFolderPathNamesAsArray($this->getID());
349 349 }
350 350 // }}}
351   -
  351 +
352 352 /**
353 353 * Static function.
354 354 * Get the full path for a folder as an array
355   - *
356   - * @param int primary key of folder to generate path for
  355 + *
  356 + * @param int primary key of folder to generate path for
357 357 *
358 358 * @return array full path of folder as an array of folderIDs
359 359 */
360 360 function getFolderPathAsArray($iFolderID) {
361   - global $default;
  361 + global $default;
362 362 $oFolder = Folder::get($iFolderID);
363 363 if ($oFolder === false) {
364 364 return false;
... ... @@ -366,36 +366,41 @@ class Folder extends KTEntity {
366 366 if (strlen($oFolder->getParentFolderIDs()) > 0) {
367 367 if ($oFolder->iParentID == 0) {
368 368 $aPathArray = array();
369   - } else if (strlen($oFolder->getParentFolderIDs()) > 1) {
  369 + } else if (strlen($oFolder->getParentFolderIDs()) > 1) {
370 370 $aPathArray = explode(",",$oFolder->getParentFolderIDs());
371 371 } else {
372 372 $aPathArray = array($oFolder->getParentFolderIDs());
373 373 }
374 374 $aPathArray[count($aPathArray)] = $oFolder->getID();
375   - } else {
  375 + } else {
376 376 $aPathArray = array($oFolder->getID());
377   - }
  377 + }
378 378 return $aPathArray;
379 379 }
380   -
  380 +
381 381 /**
382 382 * Static function.
383 383 * Get the path for a folder that will be displated to the user
384   - *
385   - * @param Primary key of folder to generate path for
  384 + *
  385 + * @param Primary key of folder to generate path for
386 386 *
387 387 * @return String full path of folder
388 388 */
389 389 function getFolderDisplayPath($iFolderID) {
390 390 global $default;
391 391 $aPathNamesArray = Folder::getFolderPathNamesAsArray($iFolderID);
  392 +
  393 + foreach($aPathNamesArray as $k=>$v)
  394 + {
  395 + $aPathNamesArray[$k] = sanitizeForHTML($v);
  396 + }
392 397 if (count($aPathNamesArray) > 0) {
393 398 return implode(" » ", $aPathNamesArray);
394 399 } else {
395 400 return "";
396 401 }
397 402 }
398   -
  403 +
399 404 /**
400 405 * Static function
401 406 * Get the primary key of the parent folder
... ... @@ -404,14 +409,14 @@ class Folder extends KTEntity {
404 409 *
405 410 * @return integer primary key of parent folder
406 411 */
407   - function getParentFolderID($iFolderID) {
  412 + function getParentFolderID($iFolderID) {
408 413 if ($iFolderID != 0) {
409 414 $oFolder = Folder::get($iFolderID);
410 415 return $oFolder->getParentFolderID();
411 416 }
412 417 return 0;
413 418 }
414   -
  419 +
415 420 /**
416 421 * Static function
417 422 * Checks if a given folder already exists using the folder name
... ... @@ -431,7 +436,7 @@ class Folder extends KTEntity {
431 436 }
432 437 return false;
433 438 }
434   -
  439 +
435 440 /**
436 441 * Checks if a given folder already exists using the folder name
437 442 *
... ... @@ -441,13 +446,13 @@ class Folder extends KTEntity {
441 446 */
442 447 function folderExistsID($iFolderID) {
443 448 $oFolder = Folder::get($iFolderID);
444   - if (PEAR::isError($oFolder)) {
  449 + if (PEAR::isError($oFolder)) {
445 450 return false; // no such folder, or bad ID
446 451 } else {
447 452 return true;
448 453 }
449 454 }
450   -
  455 +
451 456 /**
452 457 * Get the folder name using the primary key
453 458 *
... ... @@ -463,15 +468,15 @@ class Folder extends KTEntity {
463 468 return $oFolder->getName();
464 469 }
465 470 }
466   -
467   -
  471 +
  472 +
468 473 function getByParentIDAndLookupID($iParentID, $iLookupID) {
469 474 return KTEntityUtil::getByDict('Folder', array(
470 475 'parent_id' => $iParentID,
471 476 'permission_lookup_id' => $iLookupID,
472 477 ), array('multi' => true));
473 478 }
474   -
  479 +
475 480 function getByParentId($iParentID) {
476 481 return KTEntityUtil::getByDict('Folder', array(
477 482 'parent_id' => $iParentID,
... ...