Merged in from DEV trunk...

WSA-111 "DocumentType is not escaped correctly on query to database" Fixed. Committed By: Conrad Vermeulen Reviewed By: Megan Watson KTS-2877 "Full path on document and folder in database is misleading" Fixed. Committed By: Conrad Vermeulen Reviewed By: Megan Watson git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/STABLE/trunk@8082 c91229c3-7414-0410-bfa2-8a42b809f60b

Merged in from DEV trunk...
WSA-111 "DocumentType is not escaped correctly on query to database" Fixed. Committed By: Conrad Vermeulen Reviewed By: Megan Watson KTS-2877 "Full path on document and folder in database is misleading" Fixed. Committed By: Conrad Vermeulen Reviewed By: Megan Watson git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/STABLE/trunk@8082 c91229c3-7414-0410-bfa2-8a42b809f60b
kevin_fourie
1 parent b9e7d8f2
Showing 6 changed files with 32 additions and 12 deletions
ktapi/ktapi.inc.php
ktwebservice/nunit/document_add.cs
ktwebservice/nunit/document_detail.cs
ktwebservice/nunit/document_system_metadata.cs
ktwebservice/nunit/folder.cs
ktwebservice/webservice.php
@@ -361,11 +361,11 @@ class KTAPI
 	 */
 	function get_documenttypeid($documenttype)
 	{
-		$sql = "SELECT id FROM document_types_lookup WHERE name='$documenttype' and disabled=0";
+		$sql = array("SELECT id FROM document_types_lookup WHERE name=? and disabled=0", $documenttype);
 		$row = DBUtil::getOneResult($sql);
 		if (is_null($row) || PEAR::isError($row))
 		{
-			return new PEAR_Error(KTAPI_ERROR_DOCUMENT_TYPE_INVALID);
+			return new KTAPI_DocumentTypeError(KTAPI_ERROR_DOCUMENT_TYPE_INVALID, $row);
 		}
 		$documenttypeid = $row['id'];
 		return $documenttypeid;
@@ -373,7 +373,7 @@ class KTAPI
  
 	function get_link_type_id($linktype)
 	{
-		$sql = "SELECT id FROM document_link_types WHERE name='$linktype'";
+		$sql = array("SELECT id FROM document_link_types WHERE name=?",$linktype);
 		$row = DBUtil::getOneResult($sql);
 		if (is_null($row) || PEAR::isError($row))
 		{
@@ -426,10 +426,22 @@ class KTAPI
 		return $result;
 	}
  
+	/**
+	 * This should actually not be in ktapi, but in webservice
+	 *
+	 * @param unknown_type $document_type
+	 * @return unknown
+	 */
 	function get_document_type_metadata($document_type='Default')
 	{
     	// now get document type specifc ids
     	$typeid =$this->get_documenttypeid($document_type);
+
+    	if (is_a($typeid, 'KTAPI_DocumentTypeError'))
+    	{
+			return $typeid;
+    	}
+
     	if (is_null($typeid) || PEAR::isError($typeid))
     	{
     		$response['message'] = $typeid->getMessage();
@@ -112,7 +112,7 @@ namespace MonoTests.KnowledgeTree
  
 			Assert.AreEqual("n/a",response1.workflow_state);
  
-			Assert.AreEqual("Root Folder/" + folder + "/kt unit test1", response1.full_path);
+			Assert.AreEqual("/" + folder + "/kt unit test1", response1.full_path);
  
 			this._docId = response1.document_id;
 	    	}
@@ -68,7 +68,7 @@ namespace MonoTests.KnowledgeTree
 			Assert.AreEqual("n/a", response.custom_document_no);
 			Assert.AreEqual("n/a", response.oem_document_no);
 			Assert.AreEqual("Default", response.document_type);
-			Assert.AreEqual("Root Folder/kt unit test1", response.full_path);
+			Assert.AreEqual("/kt unit test1", response.full_path);
 			Assert.AreEqual("kt_unit_test1.txt", response.filename);
 			Assert.AreEqual(this._content.Length + 1, response.filesize);
 			Assert.AreEqual(this._folderId, response.folder_id);
@@ -125,6 +125,13 @@ namespace MonoTests.KnowledgeTree
 			Assert.AreEqual("2007-01-17 00:00:00", update_resp.created_date);
 	    	}
  
+	    [Test]
+	    public void TestBadCharsInDocType()
+	    {
+	    	kt_metadata_response resp = this._kt.get_document_type_metadata(this._session, "'''´`\"\"\\/:&;!.~,$%()|<>#=[]*?");
+	    	Assert.AreEqual(26, resp.status_code);
+	    }
+
 		[Test]
 		public void CheckinSmallDocumentWithMetadataTest()
 		{
@@ -173,7 +180,7 @@ namespace MonoTests.KnowledgeTree
 			Assert.AreEqual("2007-01-17 00:00:00", update_resp.created_date);
 	    	}
  
-		[Test]
+		//[Test]
 		public void AddDocumentWithMetadataTest()
 		{
 			kt_metadata_fieldset[] fs = new kt_metadata_fieldset[1];
@@ -210,7 +217,7 @@ namespace MonoTests.KnowledgeTree
  
  
  
-			 for (int i =0;i<2;i++)
+			 for (int i =0;i<1;i++)
 			{
 			FileUploader uploader = new FileUploader( );
  
@@ -30,7 +30,7 @@ namespace MonoTests.KnowledgeTree
 			Assert.AreEqual(1, response.id);
 			Assert.AreEqual("Root Folder", response.folder_name);
 			Assert.AreEqual(0, response.parent_id);
-			Assert.AreEqual("Root Folder", response.full_path);
+			Assert.AreEqual("/", response.full_path);
     		}
  
 		[Test]
@@ -81,13 +81,13 @@ namespace MonoTests.KnowledgeTree
 			Assert.AreEqual(0,response.status_code);
 			Assert.AreEqual(this._folder_id,response.folder_id);
 			Assert.AreEqual("kt_unit_test", response.folder_name);
-			Assert.AreEqual("Root Folder/kt_unit_test", response.full_path);
+			Assert.AreEqual("kt_unit_test", response.full_path);
  
 	    		kt_folder_contents response2 = this._kt.get_folder_contents(this._session, this._subfolder_id, 1, "DF");
 			Assert.AreEqual(0, response2.status_code);
 			Assert.AreEqual(this._subfolder_id, response2.folder_id);
 			Assert.AreEqual("subfolder", response2.folder_name);
-			Assert.AreEqual("Root Folder/kt_unit_test/subfolder", response2.full_path);
+			Assert.AreEqual("kt_unit_test/subfolder", response2.full_path);
 	    }
  
 		[Test]
@@ -101,7 +101,7 @@ namespace MonoTests.KnowledgeTree
 			Assert.AreEqual(this._subfolder_id, response2.id);
 			Assert.AreEqual("subfolde'r2", response2.folder_name);
 			Assert.AreEqual(this._folder_id, response2.parent_id);
-			Assert.AreEqual("Root Folder/kt_unit_test/subfolde'r2", response2.full_path);
+			Assert.AreEqual("kt_unit_test/subfolde'r2", response2.full_path);
 	    }
  
 		[Test]
@@ -3279,9 +3279,10 @@ class KTWebService
     		return new SOAP_Value('return',"{urn:$this->namespace}kt_metadata_response", $kt);
     	}
  
-    	$response = KTWebService::_status(KTWS_ERR_INVALID_DOCUMENT);
+    	$response = KTWebService::_status(KTWS_ERR_INVALID_DOCUMENT_TYPE);
  
     	$metadata = $kt->get_document_type_metadata($document_type);
+
     	if (PEAR::isError($metadata))
     	{
     		$response['message'] = $metadata->getMessage();