Commit 8ebc3e7e87538ab6a9ea885ea95ea79674bbe91c
1 parent
f1015206
Merged in from DEV trunk...
KTS-2178 "cross site scripting" Implemented. Reviewed By: Kevin Fourie git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/STABLE/trunk@6990 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
1 changed file
with
17 additions
and
17 deletions
plugins/tagcloud/TagCloudRedirectPage.php
| ... | ... | @@ -4,7 +4,7 @@ |
| 4 | 4 | * License Version 1.1.2 ("License"); You may not use this file except in |
| 5 | 5 | * compliance with the License. You may obtain a copy of the License at |
| 6 | 6 | * http://www.knowledgetree.com/KPL |
| 7 | - * | |
| 7 | + * | |
| 8 | 8 | * Software distributed under the License is distributed on an "AS IS" |
| 9 | 9 | * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. |
| 10 | 10 | * See the License for the specific language governing rights and |
| ... | ... | @@ -15,9 +15,9 @@ |
| 15 | 15 | * (ii) the KnowledgeTree copyright notice |
| 16 | 16 | * in the same form as they appear in the distribution. See the License for |
| 17 | 17 | * requirements. |
| 18 | - * | |
| 18 | + * | |
| 19 | 19 | * The Original Code is: KnowledgeTree Open Source |
| 20 | - * | |
| 20 | + * | |
| 21 | 21 | * The Initial Developer of the Original Code is The Jam Warehouse Software |
| 22 | 22 | * (Pty) Ltd, trading as KnowledgeTree. |
| 23 | 23 | * Portions created by The Jam Warehouse Software (Pty) Ltd are Copyright |
| ... | ... | @@ -26,7 +26,7 @@ |
| 26 | 26 | * Contributor( s): ______________________________________ |
| 27 | 27 | * |
| 28 | 28 | */ |
| 29 | - | |
| 29 | + | |
| 30 | 30 | require_once(KT_LIB_DIR . '/plugins/plugin.inc.php'); |
| 31 | 31 | require_once(KT_LIB_DIR . '/plugins/pluginregistry.inc.php'); |
| 32 | 32 | require_once(KT_LIB_DIR . '/templating/templating.inc.php'); |
| ... | ... | @@ -55,12 +55,12 @@ class TagCloudRedirectPage extends KTStandardDispatcher { |
| 55 | 55 | $searchable_text = KTUtil::arrayGet($_REQUEST, 'tag'); |
| 56 | 56 | // set breadcrumbs |
| 57 | 57 | $this->aBreadcrumbs[] = array('url' => 'dashboard.php', 'name' => _kt('Dashboard')); |
| 58 | - $this->aBreadcrumbs[] = array('url' => $_SERVER['PHP_SELF'].'&tag='.$searchable_text, 'name' => _kt('Tag Cloud Search')); | |
| 58 | + $this->aBreadcrumbs[] = array('url' => $_SERVER['PHP_SELF'].'&tag='.htmlentities($searchable_text,ENT_QUOTES,'UTF-8'), 'name' => _kt('Tag Cloud Search')); | |
| 59 | 59 | // set page title |
| 60 | 60 | $sTitle = _kt('Search Results'); |
| 61 | - | |
| 62 | - $this->oPage->setBreadcrumbDetails($sTitle); | |
| 63 | - | |
| 61 | + | |
| 62 | + $this->oPage->setBreadcrumbDetails($sTitle); | |
| 63 | + | |
| 64 | 64 | // build criteria set |
| 65 | 65 | $aCriteriaSet = array( |
| 66 | 66 | 'join'=>'AND', |
| ... | ... | @@ -79,17 +79,17 @@ class TagCloudRedirectPage extends KTStandardDispatcher { |
| 79 | 79 | ) |
| 80 | 80 | ) |
| 81 | 81 | ); |
| 82 | - | |
| 83 | - | |
| 82 | + | |
| 83 | + | |
| 84 | 84 | $this->browseType = 'Folder'; |
| 85 | 85 | $sSearch = md5(serialize($aCriteriaSet)); |
| 86 | 86 | $_SESSION['boolean_search'][$sSearch] = $aCriteriaSet; |
| 87 | 87 | |
| 88 | - $collection = new AdvancedCollection; | |
| 88 | + $collection = new AdvancedCollection; | |
| 89 | 89 | $oColumnRegistry = KTColumnRegistry::getSingleton(); |
| 90 | 90 | $aColumns = $oColumnRegistry->getColumnsForView('ktcore.views.search'); |
| 91 | - $collection->addColumns($aColumns); | |
| 92 | - | |
| 91 | + $collection->addColumns($aColumns); | |
| 92 | + | |
| 93 | 93 | // set a view option |
| 94 | 94 | $aTitleOptions = array( |
| 95 | 95 | 'documenturl' => $GLOBALS['KTRootUrl'] . '/view.php', |
| ... | ... | @@ -100,13 +100,13 @@ class TagCloudRedirectPage extends KTStandardDispatcher { |
| 100 | 100 | 'show_folders' => true, |
| 101 | 101 | 'show_documents' => true, |
| 102 | 102 | )); |
| 103 | - | |
| 103 | + | |
| 104 | 104 | $aOptions = $collection->getEnvironOptions(); // extract data from the environment |
| 105 | - | |
| 105 | + | |
| 106 | 106 | $aOptions['return_url'] = KTUtil::addQueryString('dashboard.php', false); |
| 107 | 107 | $aOptions['empty_message'] = _kt('No documents or folders match this query.'); |
| 108 | 108 | $aOptions['is_browse'] = true; |
| 109 | - | |
| 109 | + | |
| 110 | 110 | $collection->setOptions($aOptions); |
| 111 | 111 | $collection->setQueryObject(new BooleanSearchQuery($aCriteriaSet)); |
| 112 | 112 | |
| ... | ... | @@ -125,7 +125,7 @@ class TagCloudRedirectPage extends KTStandardDispatcher { |
| 125 | 125 | |
| 126 | 126 | ); |
| 127 | 127 | return $oTemplate->render($aTemplateData); |
| 128 | - | |
| 128 | + | |
| 129 | 129 | } |
| 130 | 130 | } |
| 131 | 131 | ?> | ... | ... |