Commit 8ebc3e7e87538ab6a9ea885ea95ea79674bbe91c
1 parent
f1015206
Merged in from DEV trunk...
KTS-2178 "cross site scripting" Implemented. Reviewed By: Kevin Fourie git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/STABLE/trunk@6990 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
1 changed file
with
17 additions
and
17 deletions
plugins/tagcloud/TagCloudRedirectPage.php
| @@ -4,7 +4,7 @@ | @@ -4,7 +4,7 @@ | ||
| 4 | * License Version 1.1.2 ("License"); You may not use this file except in | 4 | * License Version 1.1.2 ("License"); You may not use this file except in |
| 5 | * compliance with the License. You may obtain a copy of the License at | 5 | * compliance with the License. You may obtain a copy of the License at |
| 6 | * http://www.knowledgetree.com/KPL | 6 | * http://www.knowledgetree.com/KPL |
| 7 | - * | 7 | + * |
| 8 | * Software distributed under the License is distributed on an "AS IS" | 8 | * Software distributed under the License is distributed on an "AS IS" |
| 9 | * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. | 9 | * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. |
| 10 | * See the License for the specific language governing rights and | 10 | * See the License for the specific language governing rights and |
| @@ -15,9 +15,9 @@ | @@ -15,9 +15,9 @@ | ||
| 15 | * (ii) the KnowledgeTree copyright notice | 15 | * (ii) the KnowledgeTree copyright notice |
| 16 | * in the same form as they appear in the distribution. See the License for | 16 | * in the same form as they appear in the distribution. See the License for |
| 17 | * requirements. | 17 | * requirements. |
| 18 | - * | 18 | + * |
| 19 | * The Original Code is: KnowledgeTree Open Source | 19 | * The Original Code is: KnowledgeTree Open Source |
| 20 | - * | 20 | + * |
| 21 | * The Initial Developer of the Original Code is The Jam Warehouse Software | 21 | * The Initial Developer of the Original Code is The Jam Warehouse Software |
| 22 | * (Pty) Ltd, trading as KnowledgeTree. | 22 | * (Pty) Ltd, trading as KnowledgeTree. |
| 23 | * Portions created by The Jam Warehouse Software (Pty) Ltd are Copyright | 23 | * Portions created by The Jam Warehouse Software (Pty) Ltd are Copyright |
| @@ -26,7 +26,7 @@ | @@ -26,7 +26,7 @@ | ||
| 26 | * Contributor( s): ______________________________________ | 26 | * Contributor( s): ______________________________________ |
| 27 | * | 27 | * |
| 28 | */ | 28 | */ |
| 29 | - | 29 | + |
| 30 | require_once(KT_LIB_DIR . '/plugins/plugin.inc.php'); | 30 | require_once(KT_LIB_DIR . '/plugins/plugin.inc.php'); |
| 31 | require_once(KT_LIB_DIR . '/plugins/pluginregistry.inc.php'); | 31 | require_once(KT_LIB_DIR . '/plugins/pluginregistry.inc.php'); |
| 32 | require_once(KT_LIB_DIR . '/templating/templating.inc.php'); | 32 | require_once(KT_LIB_DIR . '/templating/templating.inc.php'); |
| @@ -55,12 +55,12 @@ class TagCloudRedirectPage extends KTStandardDispatcher { | @@ -55,12 +55,12 @@ class TagCloudRedirectPage extends KTStandardDispatcher { | ||
| 55 | $searchable_text = KTUtil::arrayGet($_REQUEST, 'tag'); | 55 | $searchable_text = KTUtil::arrayGet($_REQUEST, 'tag'); |
| 56 | // set breadcrumbs | 56 | // set breadcrumbs |
| 57 | $this->aBreadcrumbs[] = array('url' => 'dashboard.php', 'name' => _kt('Dashboard')); | 57 | $this->aBreadcrumbs[] = array('url' => 'dashboard.php', 'name' => _kt('Dashboard')); |
| 58 | - $this->aBreadcrumbs[] = array('url' => $_SERVER['PHP_SELF'].'&tag='.$searchable_text, 'name' => _kt('Tag Cloud Search')); | 58 | + $this->aBreadcrumbs[] = array('url' => $_SERVER['PHP_SELF'].'&tag='.htmlentities($searchable_text,ENT_QUOTES,'UTF-8'), 'name' => _kt('Tag Cloud Search')); |
| 59 | // set page title | 59 | // set page title |
| 60 | $sTitle = _kt('Search Results'); | 60 | $sTitle = _kt('Search Results'); |
| 61 | - | ||
| 62 | - $this->oPage->setBreadcrumbDetails($sTitle); | ||
| 63 | - | 61 | + |
| 62 | + $this->oPage->setBreadcrumbDetails($sTitle); | ||
| 63 | + | ||
| 64 | // build criteria set | 64 | // build criteria set |
| 65 | $aCriteriaSet = array( | 65 | $aCriteriaSet = array( |
| 66 | 'join'=>'AND', | 66 | 'join'=>'AND', |
| @@ -79,17 +79,17 @@ class TagCloudRedirectPage extends KTStandardDispatcher { | @@ -79,17 +79,17 @@ class TagCloudRedirectPage extends KTStandardDispatcher { | ||
| 79 | ) | 79 | ) |
| 80 | ) | 80 | ) |
| 81 | ); | 81 | ); |
| 82 | - | ||
| 83 | - | 82 | + |
| 83 | + | ||
| 84 | $this->browseType = 'Folder'; | 84 | $this->browseType = 'Folder'; |
| 85 | $sSearch = md5(serialize($aCriteriaSet)); | 85 | $sSearch = md5(serialize($aCriteriaSet)); |
| 86 | $_SESSION['boolean_search'][$sSearch] = $aCriteriaSet; | 86 | $_SESSION['boolean_search'][$sSearch] = $aCriteriaSet; |
| 87 | 87 | ||
| 88 | - $collection = new AdvancedCollection; | 88 | + $collection = new AdvancedCollection; |
| 89 | $oColumnRegistry = KTColumnRegistry::getSingleton(); | 89 | $oColumnRegistry = KTColumnRegistry::getSingleton(); |
| 90 | $aColumns = $oColumnRegistry->getColumnsForView('ktcore.views.search'); | 90 | $aColumns = $oColumnRegistry->getColumnsForView('ktcore.views.search'); |
| 91 | - $collection->addColumns($aColumns); | ||
| 92 | - | 91 | + $collection->addColumns($aColumns); |
| 92 | + | ||
| 93 | // set a view option | 93 | // set a view option |
| 94 | $aTitleOptions = array( | 94 | $aTitleOptions = array( |
| 95 | 'documenturl' => $GLOBALS['KTRootUrl'] . '/view.php', | 95 | 'documenturl' => $GLOBALS['KTRootUrl'] . '/view.php', |
| @@ -100,13 +100,13 @@ class TagCloudRedirectPage extends KTStandardDispatcher { | @@ -100,13 +100,13 @@ class TagCloudRedirectPage extends KTStandardDispatcher { | ||
| 100 | 'show_folders' => true, | 100 | 'show_folders' => true, |
| 101 | 'show_documents' => true, | 101 | 'show_documents' => true, |
| 102 | )); | 102 | )); |
| 103 | - | 103 | + |
| 104 | $aOptions = $collection->getEnvironOptions(); // extract data from the environment | 104 | $aOptions = $collection->getEnvironOptions(); // extract data from the environment |
| 105 | - | 105 | + |
| 106 | $aOptions['return_url'] = KTUtil::addQueryString('dashboard.php', false); | 106 | $aOptions['return_url'] = KTUtil::addQueryString('dashboard.php', false); |
| 107 | $aOptions['empty_message'] = _kt('No documents or folders match this query.'); | 107 | $aOptions['empty_message'] = _kt('No documents or folders match this query.'); |
| 108 | $aOptions['is_browse'] = true; | 108 | $aOptions['is_browse'] = true; |
| 109 | - | 109 | + |
| 110 | $collection->setOptions($aOptions); | 110 | $collection->setOptions($aOptions); |
| 111 | $collection->setQueryObject(new BooleanSearchQuery($aCriteriaSet)); | 111 | $collection->setQueryObject(new BooleanSearchQuery($aCriteriaSet)); |
| 112 | 112 | ||
| @@ -125,7 +125,7 @@ class TagCloudRedirectPage extends KTStandardDispatcher { | @@ -125,7 +125,7 @@ class TagCloudRedirectPage extends KTStandardDispatcher { | ||
| 125 | 125 | ||
| 126 | ); | 126 | ); |
| 127 | return $oTemplate->render($aTemplateData); | 127 | return $oTemplate->render($aTemplateData); |
| 128 | - | 128 | + |
| 129 | } | 129 | } |
| 130 | } | 130 | } |
| 131 | ?> | 131 | ?> |