Peter M. Groen / knowledgetree

Commit 738e8662f1044587256766d746040cc9c1b19d21

Authored by conradverm
1 parent 9ebbf8d0

KTS-2178 

"cross site scripting"
Updated.

Reviewed By: Kevin Fourie

git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@6918 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 1 changed file with 54 additions and 49 deletions
lib/foldermanagement/Folder.inc
  View file @738e866
@@ -8,7 +8,7 @@ @@ -8,7 +8,7 @@
8 * License Version 1.1.2 ("License"); You may not use this file except in 8 * License Version 1.1.2 ("License"); You may not use this file except in
9 * compliance with the License. You may obtain a copy of the License at 9 * compliance with the License. You may obtain a copy of the License at
10 * http://www.knowledgetree.com/KPL 10 * http://www.knowledgetree.com/KPL
11 - * 11 + *
12 * Software distributed under the License is distributed on an "AS IS" 12 * Software distributed under the License is distributed on an "AS IS"
13 * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. 13 * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied.
14 * See the License for the specific language governing rights and 14 * See the License for the specific language governing rights and
@@ -19,9 +19,9 @@ @@ -19,9 +19,9 @@
19 * (ii) the KnowledgeTree copyright notice 19 * (ii) the KnowledgeTree copyright notice
20 * in the same form as they appear in the distribution. See the License for 20 * in the same form as they appear in the distribution. See the License for
21 * requirements. 21 * requirements.
22 - * 22 + *
23 * The Original Code is: KnowledgeTree Open Source 23 * The Original Code is: KnowledgeTree Open Source
24 - * 24 + *
25 * The Initial Developer of the Original Code is The Jam Warehouse Software 25 * The Initial Developer of the Original Code is The Jam Warehouse Software
26 * (Pty) Ltd, trading as KnowledgeTree. 26 * (Pty) Ltd, trading as KnowledgeTree.
27 * Portions created by The Jam Warehouse Software (Pty) Ltd are Copyright 27 * Portions created by The Jam Warehouse Software (Pty) Ltd are Copyright
@@ -35,7 +35,7 @@ require_once(KT_LIB_DIR . "/documentmanagement/Document.inc"); @@ -35,7 +35,7 @@ require_once(KT_LIB_DIR . "/documentmanagement/Document.inc");
35 require_once(KT_LIB_DIR . "/util/sanitize.inc"); 35 require_once(KT_LIB_DIR . "/util/sanitize.inc");
36 36
37 class Folder extends KTEntity { 37 class Folder extends KTEntity {
38 - 38 +
39 /** folder primary key */ 39 /** folder primary key */
40 var $iId; 40 var $iId;
41 /** folder name */ 41 /** folder name */
@@ -45,7 +45,7 @@ class Folder extends KTEntity { @@ -45,7 +45,7 @@ class Folder extends KTEntity {
45 /** folder parent primary key */ 45 /** folder parent primary key */
46 var $iParentID; 46 var $iParentID;
47 /** primary key of user who created folder */ 47 /** primary key of user who created folder */
48 - var $iCreatorID; 48 + var $iCreatorID;
49 /** public status of folder */ 49 /** public status of folder */
50 var $bIsPublic = false; 50 var $bIsPublic = false;
51 /** comma deliminated string of parent ids */ 51 /** comma deliminated string of parent ids */
@@ -74,12 +74,12 @@ class Folder extends KTEntity { @@ -74,12 +74,12 @@ class Folder extends KTEntity {
74 'bRestrictDocumentTypes' => 'restrict_document_types', 74 'bRestrictDocumentTypes' => 'restrict_document_types',
75 ); 75 );
76 // }}} 76 // }}}
77 - 77 +
78 function getID() { return $this->iId; } 78 function getID() { return $this->iId; }
79 function getName() { return sanitizeForSQLtoHTML($this->sName); } 79 function getName() { return sanitizeForSQLtoHTML($this->sName); }
80 function setName($sNewValue) { $this->sName = sanitizeForSQL($sNewValue); } 80 function setName($sNewValue) { $this->sName = sanitizeForSQL($sNewValue); }
81 - function getDescription() { return sanitizeForSQLtoHTML($this->sDescription); }  
82 - function setDescription($sNewValue) { $this->sDescription = sanitizeForSQL($sNewValue); } 81 + function getDescription() { return sanitizeForSQLtoHTML($this->sDescription); }
  82 + function setDescription($sNewValue) { $this->sDescription = sanitizeForSQL($sNewValue); }
83 function getParentID() { return $this->iParentID; } 83 function getParentID() { return $this->iParentID; }
84 function setParentID($iNewValue) { $this->iParentID = $iNewValue; } 84 function setParentID($iNewValue) { $this->iParentID = $iNewValue; }
85 function getCreatorID() { return $this->iCreatorID; } 85 function getCreatorID() { return $this->iCreatorID; }
@@ -111,7 +111,7 @@ class Folder extends KTEntity { @@ -111,7 +111,7 @@ class Folder extends KTEntity {
111 111
112 /** 112 /**
113 * Returns a comma delimited string containing the parent folder ids, strips leading / 113 * Returns a comma delimited string containing the parent folder ids, strips leading /
114 - * 114 + *
115 * @return String comma delimited string containing the parent folder ids 115 * @return String comma delimited string containing the parent folder ids
116 */ 116 */
117 function generateFolderIDs($iFolderId) { 117 function generateFolderIDs($iFolderId) {
@@ -136,13 +136,13 @@ class Folder extends KTEntity { @@ -136,13 +136,13 @@ class Folder extends KTEntity {
136 } 136 }
137 return sprintf('%s,%s,%s', $sParentFolderParentFolderIds, $iParentId, $oFolder->getId()); 137 return sprintf('%s,%s,%s', $sParentFolderParentFolderIds, $iParentId, $oFolder->getId());
138 } 138 }
139 - 139 +
140 /** 140 /**
141 * Recursively generates forward slash deliminated string giving full path of document 141 * Recursively generates forward slash deliminated string giving full path of document
142 * from file system root url 142 * from file system root url
143 */ 143 */
144 function generateFullFolderPath($iFolderId) { 144 function generateFullFolderPath($iFolderId) {
145 - //if the folder is not the root folder 145 + //if the folder is not the root folder
146 if ($iFolderId == 0) { 146 if ($iFolderId == 0) {
147 return; 147 return;
148 } 148 }
@@ -167,13 +167,13 @@ class Folder extends KTEntity { @@ -167,13 +167,13 @@ class Folder extends KTEntity {
167 } 167 }
168 return sprintf('%s/%s', $res, $oFolder->getName()); 168 return sprintf('%s/%s', $res, $oFolder->getName());
169 } 169 }
170 - 170 +
171 /** 171 /**
172 * Returns a forward slash deliminated string giving full path of document, strips leading / 172 * Returns a forward slash deliminated string giving full path of document, strips leading /
173 - */ 173 + */
174 function generateFolderPath($iFolderID) { 174 function generateFolderPath($iFolderID) {
175 $sPath = Folder::generateFullFolderPath($iFolderID); 175 $sPath = Folder::generateFullFolderPath($iFolderID);
176 - return $sPath; 176 + return $sPath;
177 } 177 }
178 178
179 function _fieldValues () { 179 function _fieldValues () {
@@ -197,7 +197,7 @@ class Folder extends KTEntity { @@ -197,7 +197,7 @@ class Folder extends KTEntity {
197 global $default; 197 global $default;
198 return $default->folders_table; 198 return $default->folders_table;
199 } 199 }
200 - 200 +
201 /** 201 /**
202 * Update the current folder values in the database 202 * Update the current folder values in the database
203 * 203 *
@@ -206,7 +206,7 @@ class Folder extends KTEntity { @@ -206,7 +206,7 @@ class Folder extends KTEntity {
206 function update($bPathChange = false) { 206 function update($bPathChange = false) {
207 $res = parent::update(); 207 $res = parent::update();
208 if ($res === true) { 208 if ($res === true) {
209 - if ($bPathChange) { 209 + if ($bPathChange) {
210 // XXX: TransactionCheckPoint 210 // XXX: TransactionCheckPoint
211 $this->updateChildPaths($this->iId); 211 $this->updateChildPaths($this->iId);
212 $this->updateDocumentPaths($this->iId); 212 $this->updateDocumentPaths($this->iId);
@@ -214,15 +214,15 @@ class Folder extends KTEntity { @@ -214,15 +214,15 @@ class Folder extends KTEntity {
214 } 214 }
215 return $res; 215 return $res;
216 } 216 }
217 - 217 +
218 function renameFolder($sOldPath) { 218 function renameFolder($sOldPath) {
219 PhysicalFolderManagement::renameFolder($sOldPath, $default->documentRoot . "/" . $this->sFullPath . "/" . $this->sName); 219 PhysicalFolderManagement::renameFolder($sOldPath, $default->documentRoot . "/" . $this->sFullPath . "/" . $this->sName);
220 } 220 }
221 - 221 +
222 /** 222 /**
223 * When a folder is renamed, we must update 223 * When a folder is renamed, we must update
224 * the paths of the children in the database 224 * the paths of the children in the database
225 - * 225 + *
226 */ 226 */
227 function updateChildPaths($iId) { 227 function updateChildPaths($iId) {
228 global $default; 228 global $default;
@@ -230,7 +230,7 @@ class Folder extends KTEntity { @@ -230,7 +230,7 @@ class Folder extends KTEntity {
230 $sql = $default->db; 230 $sql = $default->db;
231 $aFolders =& Folder::getByParentId($iId); 231 $aFolders =& Folder::getByParentId($iId);
232 foreach ($aFolders as $oFolder) { 232 foreach ($aFolders as $oFolder) {
233 - $oFolder->update(true); 233 + $oFolder->update(true);
234 } 234 }
235 return; 235 return;
236 } 236 }
@@ -256,7 +256,7 @@ class Folder extends KTEntity { @@ -256,7 +256,7 @@ class Folder extends KTEntity {
256 } 256 }
257 return true; 257 return true;
258 } 258 }
259 - 259 +
260 /** 260 /**
261 * Returns the documents in this folder 261 * Returns the documents in this folder
262 */ 262 */
@@ -270,7 +270,7 @@ class Folder extends KTEntity { @@ -270,7 +270,7 @@ class Folder extends KTEntity {
270 } 270 }
271 return implode(',', $res); 271 return implode(',', $res);
272 } 272 }
273 - 273 +
274 function &get($iFolderID) { 274 function &get($iFolderID) {
275 return KTEntityUtil::get('Folder', $iFolderID); 275 return KTEntityUtil::get('Folder', $iFolderID);
276 } 276 }
@@ -288,7 +288,7 @@ class Folder extends KTEntity { @@ -288,7 +288,7 @@ class Folder extends KTEntity {
288 } 288 }
289 return ($res != 0); // handle pre-existing duplicates gracefully. 289 return ($res != 0); // handle pre-existing duplicates gracefully.
290 } 290 }
291 - 291 +
292 /** 292 /**
293 * Static function 293 * Static function
294 * Get a list of Documents 294 * Get a list of Documents
@@ -304,13 +304,13 @@ class Folder extends KTEntity { @@ -304,13 +304,13 @@ class Folder extends KTEntity {
304 /** 304 /**
305 * Static function. 305 * Static function.
306 * Get the full path for a folder 306 * Get the full path for a folder
307 - *  
308 - * @param Primary key of folder to generate path for 307 + *
  308 + * @param Primary key of folder to generate path for
309 * 309 *
310 * @return String full path of folder 310 * @return String full path of folder
311 */ 311 */
312 function getFolderPath($iFolderID) { 312 function getFolderPath($iFolderID) {
313 - global $default; 313 + global $default;
314 $oFolder = Folder::get($iFolderID); 314 $oFolder = Folder::get($iFolderID);
315 $sPath = $default->documentRoot . "/" . $oFolder->getFullPath() . "/" . $oFolder->getName() . "/"; 315 $sPath = $default->documentRoot . "/" . $oFolder->getFullPath() . "/" . $oFolder->getName() . "/";
316 return $sPath; 316 return $sPath;
@@ -319,18 +319,18 @@ class Folder extends KTEntity { @@ -319,18 +319,18 @@ class Folder extends KTEntity {
319 /** 319 /**
320 * Static function. 320 * Static function.
321 * Get the full path for a folder as an array 321 * Get the full path for a folder as an array
322 - *  
323 - * @param int primary key of folder to generate path for 322 + *
  323 + * @param int primary key of folder to generate path for
324 * 324 *
325 * @return array full path of folder as an array of folderIDs 325 * @return array full path of folder as an array of folderIDs
326 */ 326 */
327 function getFolderPathNamesAsArray($iFolderID) { 327 function getFolderPathNamesAsArray($iFolderID) {
328 global $default; 328 global $default;
329 $oFolder = Folder::get($iFolderID); 329 $oFolder = Folder::get($iFolderID);
330 - $aPathArray = array(); 330 + $aPathArray = array();
331 if ($oFolder) { 331 if ($oFolder) {
332 if (strlen($oFolder->getFullPath()) > 0) { 332 if (strlen($oFolder->getFullPath()) > 0) {
333 - if (strlen($oFolder->getFullPath()) > 1) { 333 + if (strlen($oFolder->getFullPath()) > 1) {
334 $aPathArray = explode("/",$oFolder->getFullPath()); 334 $aPathArray = explode("/",$oFolder->getFullPath());
335 } else { 335 } else {
336 $aPathArray = array($oFolder->getFullPath()); 336 $aPathArray = array($oFolder->getFullPath());
@@ -348,17 +348,17 @@ class Folder extends KTEntity { @@ -348,17 +348,17 @@ class Folder extends KTEntity {
348 return Folder::getFolderPathNamesAsArray($this->getID()); 348 return Folder::getFolderPathNamesAsArray($this->getID());
349 } 349 }
350 // }}} 350 // }}}
351 - 351 +
352 /** 352 /**
353 * Static function. 353 * Static function.
354 * Get the full path for a folder as an array 354 * Get the full path for a folder as an array
355 - *  
356 - * @param int primary key of folder to generate path for 355 + *
  356 + * @param int primary key of folder to generate path for
357 * 357 *
358 * @return array full path of folder as an array of folderIDs 358 * @return array full path of folder as an array of folderIDs
359 */ 359 */
360 function getFolderPathAsArray($iFolderID) { 360 function getFolderPathAsArray($iFolderID) {
361 - global $default; 361 + global $default;
362 $oFolder = Folder::get($iFolderID); 362 $oFolder = Folder::get($iFolderID);
363 if ($oFolder === false) { 363 if ($oFolder === false) {
364 return false; 364 return false;
@@ -366,36 +366,41 @@ class Folder extends KTEntity { @@ -366,36 +366,41 @@ class Folder extends KTEntity {
366 if (strlen($oFolder->getParentFolderIDs()) > 0) { 366 if (strlen($oFolder->getParentFolderIDs()) > 0) {
367 if ($oFolder->iParentID == 0) { 367 if ($oFolder->iParentID == 0) {
368 $aPathArray = array(); 368 $aPathArray = array();
369 - } else if (strlen($oFolder->getParentFolderIDs()) > 1) { 369 + } else if (strlen($oFolder->getParentFolderIDs()) > 1) {
370 $aPathArray = explode(",",$oFolder->getParentFolderIDs()); 370 $aPathArray = explode(",",$oFolder->getParentFolderIDs());
371 } else { 371 } else {
372 $aPathArray = array($oFolder->getParentFolderIDs()); 372 $aPathArray = array($oFolder->getParentFolderIDs());
373 } 373 }
374 $aPathArray[count($aPathArray)] = $oFolder->getID(); 374 $aPathArray[count($aPathArray)] = $oFolder->getID();
375 - } else { 375 + } else {
376 $aPathArray = array($oFolder->getID()); 376 $aPathArray = array($oFolder->getID());
377 - } 377 + }
378 return $aPathArray; 378 return $aPathArray;
379 } 379 }
380 - 380 +
381 /** 381 /**
382 * Static function. 382 * Static function.
383 * Get the path for a folder that will be displated to the user 383 * Get the path for a folder that will be displated to the user
384 - *  
385 - * @param Primary key of folder to generate path for 384 + *
  385 + * @param Primary key of folder to generate path for
386 * 386 *
387 * @return String full path of folder 387 * @return String full path of folder
388 */ 388 */
389 function getFolderDisplayPath($iFolderID) { 389 function getFolderDisplayPath($iFolderID) {
390 global $default; 390 global $default;
391 $aPathNamesArray = Folder::getFolderPathNamesAsArray($iFolderID); 391 $aPathNamesArray = Folder::getFolderPathNamesAsArray($iFolderID);
  392 +
  393 + foreach($aPathNamesArray as $k=>$v)
  394 + {
  395 + $aPathNamesArray[$k] = sanitizeForHTML($v);
  396 + }
392 if (count($aPathNamesArray) > 0) { 397 if (count($aPathNamesArray) > 0) {
393 return implode(" » ", $aPathNamesArray); 398 return implode(" » ", $aPathNamesArray);
394 } else { 399 } else {
395 return ""; 400 return "";
396 } 401 }
397 } 402 }
398 - 403 +
399 /** 404 /**
400 * Static function 405 * Static function
401 * Get the primary key of the parent folder 406 * Get the primary key of the parent folder
@@ -404,14 +409,14 @@ class Folder extends KTEntity { @@ -404,14 +409,14 @@ class Folder extends KTEntity {
404 * 409 *
405 * @return integer primary key of parent folder 410 * @return integer primary key of parent folder
406 */ 411 */
407 - function getParentFolderID($iFolderID) { 412 + function getParentFolderID($iFolderID) {
408 if ($iFolderID != 0) { 413 if ($iFolderID != 0) {
409 $oFolder = Folder::get($iFolderID); 414 $oFolder = Folder::get($iFolderID);
410 return $oFolder->getParentFolderID(); 415 return $oFolder->getParentFolderID();
411 } 416 }
412 return 0; 417 return 0;
413 } 418 }
414 - 419 +
415 /** 420 /**
416 * Static function 421 * Static function
417 * Checks if a given folder already exists using the folder name 422 * Checks if a given folder already exists using the folder name
@@ -431,7 +436,7 @@ class Folder extends KTEntity { @@ -431,7 +436,7 @@ class Folder extends KTEntity {
431 } 436 }
432 return false; 437 return false;
433 } 438 }
434 - 439 +
435 /** 440 /**
436 * Checks if a given folder already exists using the folder name 441 * Checks if a given folder already exists using the folder name
437 * 442 *
@@ -441,13 +446,13 @@ class Folder extends KTEntity { @@ -441,13 +446,13 @@ class Folder extends KTEntity {
441 */ 446 */
442 function folderExistsID($iFolderID) { 447 function folderExistsID($iFolderID) {
443 $oFolder = Folder::get($iFolderID); 448 $oFolder = Folder::get($iFolderID);
444 - if (PEAR::isError($oFolder)) { 449 + if (PEAR::isError($oFolder)) {
445 return false; // no such folder, or bad ID 450 return false; // no such folder, or bad ID
446 } else { 451 } else {
447 return true; 452 return true;
448 } 453 }
449 } 454 }
450 - 455 +
451 /** 456 /**
452 * Get the folder name using the primary key 457 * Get the folder name using the primary key
453 * 458 *
@@ -463,15 +468,15 @@ class Folder extends KTEntity { @@ -463,15 +468,15 @@ class Folder extends KTEntity {
463 return $oFolder->getName(); 468 return $oFolder->getName();
464 } 469 }
465 } 470 }
466 -  
467 - 471 +
  472 +
468 function getByParentIDAndLookupID($iParentID, $iLookupID) { 473 function getByParentIDAndLookupID($iParentID, $iLookupID) {
469 return KTEntityUtil::getByDict('Folder', array( 474 return KTEntityUtil::getByDict('Folder', array(
470 'parent_id' => $iParentID, 475 'parent_id' => $iParentID,
471 'permission_lookup_id' => $iLookupID, 476 'permission_lookup_id' => $iLookupID,
472 ), array('multi' => true)); 477 ), array('multi' => true));
473 } 478 }
474 - 479 +
475 function getByParentId($iParentID) { 480 function getByParentId($iParentID) {
476 return KTEntityUtil::getByDict('Folder', array( 481 return KTEntityUtil::getByDict('Folder', array(
477 'parent_id' => $iParentID, 482 'parent_id' => $iParentID,