Merged in from DEV trunk...

KTC-399 "Bulk checkout: when you checkout an already checked out document you get an information alert that is not clear" Fixed. If a document is checked out by the current user it now gets added to the downloaded files. Committed by: Megan Watson Reviewed by: Jonathan Byrne KTS-2655 "Error Message On Removing Permissions but action goes ahead anyway" Fixed. Added a check to ensure the user doesn't removed his/her own permission to manage security. Committed by: Megan Watson Reviewed by: Jonathan Byrne KTS-2873 "Double quote (") is not accepted as valid input for metadata when the name of a Lookup field or a Tree field has a Double quote in." Fixed. The values in the sub categories needed to be htmlentities(). Committed by: Megan Watson Reviewed by: Jonathan Byrne KTS-3091 "The name of the open office service needs to be changed in the script to check if its running" Fixed. Changed the name and the paths to match the new stack. Committed by: Megan Watson Reviewed by: Jonathan Byrne KTS-3093 "Creating fieldsets and fields with quotes results in double escaping of names and descriptions" Fixed. Committed By: Conrad Vermeulen Reviewed By: Megan Watson KTS-3096 "Creating workflow, workflow states, workflow transition names with quotes results in double escaping of names and descriptions" Fixed. Committed By: Conrad Vermeulen Reviewed By: Megan Watson KTS-3097 "Field names with quotes was impacting on search2 query builder" Fixed. Committed By: Conrad Vermeulen Reviewed By: Megan Watson KTS-3085 "Storage utilisation plugin does not seem to be working on Windows Vista." Fixed. Unfortunately, df does not work on Vista. We now detect if df has a problem and disable the dashlet accordingly. Committed By: Conrad Vermeulen Reviewed By: Megan Watson KTC-403 "One is able to make a checked out document immutable" Fixed. Added a check to return an error if the document is checked out. Committed By: Jonathan Byrne Reviewed By: Megan Watson KTS-1888 "Expunge page in the DMS Administration section, pagination not working, links to consecutive pages do not work" Fixed. Changed the php file to return the contents of a div and not just a table body so that pagination works in Internet Explorer. Committed By: Jonathan Byrne Reviewed By: Jalaloedien Abrahams git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/STABLE/trunk@8171 c91229c3-7414-0410-bfa2-8a42b809f60b

Merged in from DEV trunk...
KTC-399 "Bulk checkout: when you checkout an already checked out document you get an information alert that is not clear" Fixed. If a document is checked out by the current user it now gets added to the downloaded files. Committed by: Megan Watson Reviewed by: Jonathan Byrne KTS-2655 "Error Message On Removing Permissions but action goes ahead anyway" Fixed. Added a check to ensure the user doesn't removed his/her own permission to manage security. Committed by: Megan Watson Reviewed by: Jonathan Byrne KTS-2873 "Double quote (") is not accepted as valid input for metadata when the name of a Lookup field or a Tree field has a Double quote in." Fixed. The values in the sub categories needed to be htmlentities(). Committed by: Megan Watson Reviewed by: Jonathan Byrne KTS-3091 "The name of the open office service needs to be changed in the script to check if its running" Fixed. Changed the name and the paths to match the new stack. Committed by: Megan Watson Reviewed by: Jonathan Byrne KTS-3093 "Creating fieldsets and fields with quotes results in double escaping of names and descriptions" Fixed. Committed By: Conrad Vermeulen Reviewed By: Megan Watson KTS-3096 "Creating workflow, workflow states, workflow transition names with quotes results in double escaping of names and descriptions" Fixed. Committed By: Conrad Vermeulen Reviewed By: Megan Watson KTS-3097 "Field names with quotes was impacting on search2 query builder" Fixed. Committed By: Conrad Vermeulen Reviewed By: Megan Watson KTS-3085 "Storage utilisation plugin does not seem to be working on Windows Vista." Fixed. Unfortunately, df does not work on Vista. We now detect if df has a problem and disable the dashlet accordingly. Committed By: Conrad Vermeulen Reviewed By: Megan Watson KTC-403 "One is able to make a checked out document immutable" Fixed. Added a check to return an error if the document is checked out. Committed By: Jonathan Byrne Reviewed By: Megan Watson KTS-1888 "Expunge page in the DMS Administration section, pagination not working, links to consecutive pages do not work" Fixed. Changed the php file to return the contents of a div and not just a table body so that pagination works in Internet Explorer. Committed By: Jonathan Byrne Reviewed By: Jalaloedien Abrahams git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/STABLE/trunk@8171 c91229c3-7414-0410-bfa2-8a42b809f60b
kevin_fourie
1 parent cb5c72c3
Showing 17 changed files with 276 additions and 151 deletions
bin/checkopenoffice.php
lib/documentmanagement/DocumentField.inc
lib/documentmanagement/MDTree.inc
lib/groups/GroupUtil.php
lib/metadata/fieldset.inc.php
lib/workflow/workflow.inc.php
lib/workflow/workflowstate.inc.php
lib/workflow/workflowtransition.inc.php
plugins/housekeeper/DiskUsageDashlet.inc.php
plugins/ktcore/KTBulkActions.php
plugins/ktcore/admin/expungeList.php
plugins/ktcore/folder/Permissions.php
plugins/ktstandard/ImmutableActionPlugin.php
resources/js/expungeList.js
search2/search/fieldRegistry.inc.php
search2/search/search.inc.php
templates/ktcore/document/admin/deletedlist.smarty
@@ -42,24 +42,23 @@ require_once(&#39;../config/dmsDefaults.php&#39;);
 // Check if open office is running
 $sCheckOO = SearchHelper::checkOpenOfficeAvailablity();
-
 // If it is running - exit, we don't need to do anything otherwise start it
 if(!empty($sCheckOO)){
-	
+
 	$default->log->debug('Check Open Office Task: Open office service is not running... trying to start it.');
-	
+
     if(OS_WINDOWS){
-    	
+
         // Check the path first
-        $sPath = realpath('../../winserv.exe');
+        $sPath = realpath('../../bin/winserv.exe');
         if(file_exists($sPath)){
-            $sCmd = "\"$sPath\" start kt_openoffice";
+            $sCmd = "\"$sPath\" start ktopenoffice";
             KTUtil::pexec($sCmd);
             exit;
         }
         // If that doesn't work, check for the all start
-        $sPath = realpath('../../bin/allctl.bat');
+        $sPath = realpath('../../bin/dmsctl.bat');
         if(file_exists($sPath)){
             $sCmd = "\"$sPath\" start";
             KTUtil::pexec($sCmd);
@@ -7,32 +7,32 @@
  * KnowledgeTree Open Source Edition
  * Document Management Made Simple
  * Copyright (C) 2004 - 2008 The Jam Warehouse Software (Pty) Limited
- * 
+ *
  * This program is free software; you can redistribute it and/or modify it under
  * the terms of the GNU General Public License version 3 as published by the
  * Free Software Foundation.
- * 
+ *
  * This program is distributed in the hope that it will be useful, but WITHOUT
  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  * FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
  * details.
- * 
+ *
  * You should have received a copy of the GNU General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- * 
+ *
  * You can contact The Jam Warehouse Software (Pty) Limited, Unit 1, Tramber Place,
  * Blake Street, Observatory, 7925 South Africa. or email info@knowledgetree.com.
- * 
+ *
  * The interactive user interfaces in modified source and object code versions
  * of this program must display Appropriate Legal Notices, as required under
  * Section 5 of the GNU General Public License version 3.
- * 
+ *
  * In accordance with Section 7(b) of the GNU General Public License version 3,
  * these Appropriate Legal Notices must retain the display of the "Powered by
- * KnowledgeTree" logo and retain the original copyright notice. If the display of the 
+ * KnowledgeTree" logo and retain the original copyright notice. If the display of the
  * logo is not reasonably feasible for technical reasons, the Appropriate Legal Notices
- * must display the words "Powered by KnowledgeTree" and retain the original 
- * copyright notice. 
+ * must display the words "Powered by KnowledgeTree" and retain the original
+ * copyright notice.
  * Contributor( s): ______________________________________
  */
@@ -79,10 +79,10 @@ class DocumentField extends KTEntity {
 	}
 	function getID() { return $this->iId; }
-	function getName() { return sanitizeForSQLtoHTML($this->sName); }
-	function setName($sNewValue) { $this->sName = sanitizeForSQL($sNewValue); }
-	function setDescription($sNewValue) { $this->sDescription = sanitizeForSQL($sNewValue); }
-	function getDescription() { return sanitizeForSQLtoHTML($this->sDescription); }
+	function getName() { return $this->sName; }
+	function setName($sNewValue) { $this->sName = $sNewValue; }
+	function setDescription($sNewValue) { $this->sDescription = $sNewValue; }
+	function getDescription() { return $this->sDescription; }
 	function getDataType() { return $this->sDataType; }
     function setDataType($sNewValue) { $this->sDataType = $sNewValue; }
 	function getIsGeneric() { return $this->bIsGeneric; }
@@ -289,7 +289,7 @@ class MDTree {
 		    $extraclass = ' inactive';
 		}
-                $treeStr .= '<li class="treenode' . $extraclass . '"><a class="pathnode" onclick="toggleElementClass(\'active\', this.parentNode);toggleElementClass(\'inactive\', this.parentNode);">' . $treeToRender->mapnodes[$subnode_val]->getName() . '</a>';
+                $treeStr .= '<li class="treenode' . $extraclass . '"><a class="pathnode" onclick="toggleElementClass(\'active\', this.parentNode);toggleElementClass(\'inactive\', this.parentNode);">' . htmlentities($treeToRender->mapnodes[$subnode_val]->getName()) . '</a>';
                 $treeStr .= $this->_evilTreeRecursion($subnode_val, $treeToRender, $inputname);
                 $treeStr .= '</li>';
             }
@@ -301,7 +301,8 @@ class MDTree {
                     if ($leaf === $this->activevalue) {
                        $is_selected=' checked="checked"';
                     }
-                    $treeStr .= '<li class="leafnode"><input type="radio" name="'.$inputname.'" value="'.$treeToRender->lookups[$leaf]->getName().'" '.$is_selected.'>' . $treeToRender->lookups[$leaf]->getName() .'</input>';
+                    $sValue = htmlentities($treeToRender->lookups[$leaf]->getName());
+                    $treeStr .= '<li class="leafnode"><input type="radio" name="'.$inputname.'" value="'.$sValue.'" '.$is_selected.'>' . $sValue .'</input>';
                     $treeStr .=  '</li>';            }
                 }
         }
@@ -7,32 +7,32 @@
  * KnowledgeTree Open Source Edition
  * Document Management Made Simple
  * Copyright (C) 2004 - 2008 The Jam Warehouse Software (Pty) Limited
- * 
+ *
  * This program is free software; you can redistribute it and/or modify it under
  * the terms of the GNU General Public License version 3 as published by the
  * Free Software Foundation.
- * 
+ *
  * This program is distributed in the hope that it will be useful, but WITHOUT
  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  * FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
  * details.
- * 
+ *
  * You should have received a copy of the GNU General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- * 
+ *
  * You can contact The Jam Warehouse Software (Pty) Limited, Unit 1, Tramber Place,
  * Blake Street, Observatory, 7925 South Africa. or email info@knowledgetree.com.
- * 
+ *
  * The interactive user interfaces in modified source and object code versions
  * of this program must display Appropriate Legal Notices, as required under
  * Section 5 of the GNU General Public License version 3.
- * 
+ *
  * In accordance with Section 7(b) of the GNU General Public License version 3,
  * these Appropriate Legal Notices must retain the display of the "Powered by
- * KnowledgeTree" logo and retain the original copyright notice. If the display of the 
+ * KnowledgeTree" logo and retain the original copyright notice. If the display of the
  * logo is not reasonably feasible for technical reasons, the Appropriate Legal Notices
- * must display the words "Powered by KnowledgeTree" and retain the original 
- * copyright notice. 
+ * must display the words "Powered by KnowledgeTree" and retain the original
+ * copyright notice.
  * Contributor( s): ______________________________________
  */
@@ -304,6 +304,26 @@ class GroupUtil {
     }
     // }}}
+    function checkUserInGroups($iUserId, $aGroupIds) {
+        $sGroupIds = implode(', ', $aGroupIds);
+
+        global $default;
+        $sTable = $default->users_groups_table;
+        $sQuery = "SELECT count(*) AS cnt FROM $sTable WHERE user_id = ? AND group_id IN (?)";
+        $aParams = array($iUserId, $sGroupIds);
+
+        $res = DBUtil::getOneResult(array($sQuery, $aParams));
+
+        if(PEAR::isError($res) || empty($res)){
+            return false;
+        }
+
+        if($res['cnt'] > 0){
+            return true;
+        }
+        return false;
+    }
+
     // {{{
     function buildGroupArray() {
         global $default;
@@ -5,32 +5,32 @@
  * KnowledgeTree Open Source Edition
  * Document Management Made Simple
  * Copyright (C) 2004 - 2008 The Jam Warehouse Software (Pty) Limited
- * 
+ *
  * This program is free software; you can redistribute it and/or modify it under
  * the terms of the GNU General Public License version 3 as published by the
  * Free Software Foundation.
- * 
+ *
  * This program is distributed in the hope that it will be useful, but WITHOUT
  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  * FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
  * details.
- * 
+ *
  * You should have received a copy of the GNU General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- * 
+ *
  * You can contact The Jam Warehouse Software (Pty) Limited, Unit 1, Tramber Place,
  * Blake Street, Observatory, 7925 South Africa. or email info@knowledgetree.com.
- * 
+ *
  * The interactive user interfaces in modified source and object code versions
  * of this program must display Appropriate Legal Notices, as required under
  * Section 5 of the GNU General Public License version 3.
- * 
+ *
  * In accordance with Section 7(b) of the GNU General Public License version 3,
  * these Appropriate Legal Notices must retain the display of the "Powered by
- * KnowledgeTree" logo and retain the original copyright notice. If the display of the 
+ * KnowledgeTree" logo and retain the original copyright notice. If the display of the
  * logo is not reasonably feasible for technical reasons, the Appropriate Legal Notices
- * must display the words "Powered by KnowledgeTree" and retain the original 
- * copyright notice. 
+ * must display the words "Powered by KnowledgeTree" and retain the original
+ * copyright notice.
  * Contributor( s): ______________________________________
  *
  */
@@ -45,7 +45,7 @@ require_once(KT_LIB_DIR . &quot;/util/sanitize.inc&quot;);
  * Represents the basic grouping of fields into a fieldset.
  */
 class KTFieldset extends KTEntity {
-	
+
 	/** primary key value */
 	var $iId = -1;
 	/** document fieldset name */
@@ -54,7 +54,7 @@ class KTFieldset extends KTEntity {
 	var $sDescription;
 	/** document fieldset namespace */
 	var $sNamespace;
-	
+
 	/** document fieldset mandatory flag */
 	var $bMandatory = false;
 	var $iMasterFieldId;
@@ -70,30 +70,30 @@ class KTFieldset extends KTEntity {
      * is used only by the document management system.
      */
     var $bIsSystem = false;
-	
+
     var $_bUsePearError = true;
-	
+
 	function getId() { return $this->iId; }
-	function getName() { return sanitizeForSQLtoHTML($this->sName); }
-	function setDescription($sNewValue) { $this->sDescription = sanitizeForSQL($sNewValue); }
-	function getDescription() { return sanitizeForSQLtoHTML($this->sDescription); }
-	function setName($sNewValue) { $this->sName = sanitizeForSQL($sNewValue); }
+	function getName() { return $this->sName; }
+	function setDescription($sNewValue) { $this->sDescription = $sNewValue; }
+	function getDescription() { return $this->sDescription; }
+	function setName($sNewValue) { $this->sName = $sNewValue; }
 	function getNamespace() { return $this->sNamespace; }
     function setNamespace($sNewValue) {	$this->sNamespace = $sNewValue; }
 	function getMandatory() { return $this->bMandatory; }
-	function setMandatory($bNewValue) {	$this->bMandatory = $bNewValue; }	
+	function setMandatory($bNewValue) {	$this->bMandatory = $bNewValue; }
 	function getIsConditional () { return $this->bIsConditional; }
-	function setIsConditional ($bNewValue) {	$this->bIsConditional = $bNewValue; }	
+	function setIsConditional ($bNewValue) {	$this->bIsConditional = $bNewValue; }
 	function getMasterFieldId () { return $this->iMasterFieldId; }
-	function setMasterFieldId ($iNewValue) {	$this->iMasterFieldId = $iNewValue; }	
+	function setMasterFieldId ($iNewValue) {	$this->iMasterFieldId = $iNewValue; }
 	function getIsGeneric () { return $this->bIsGeneric; }
-	function setIsGeneric ($bNewValue) {	$this->bIsGeneric = $bNewValue; }	
+	function setIsGeneric ($bNewValue) {	$this->bIsGeneric = $bNewValue; }
 	function getIsComplete () { return $this->bIsComplete; }
-	function setIsComplete ($bNewValue) {	$this->bIsComplete = $bNewValue; }	
+	function setIsComplete ($bNewValue) {	$this->bIsComplete = $bNewValue; }
 	function getIsComplex () { return $this->bIsComplex; }
-	function setIsComplex ($bNewValue) {	$this->bIsComplex = $bNewValue; }	
+	function setIsComplex ($bNewValue) {	$this->bIsComplex = $bNewValue; }
 	function getIsSystem () { return $this->bIsSystem; }
-	function setIsSystem ($bNewValue) {	$this->bIsSystem = $bNewValue; }	
+	function setIsSystem ($bNewValue) {	$this->bIsSystem = $bNewValue; }
     var $_aFieldToSelect = array(
         "iId" => "id",
@@ -108,17 +108,17 @@ class KTFieldset extends KTEntity {
         "bIsComplex" => "is_complex",
         "bIsSystem" => "is_system",
     );
-	
+
     // returns TRUE if all children are lookup enabled, false otherwise.
     function canBeMadeConditional() {
 	if ($this->getIsConditional()) {
 	    return false;
 	}
-	   
+
 	// DEBUG
 	return false;
     }
-	
+
     function _table () {
         return KTUtil::getTableName('fieldsets');
     }
@@ -127,13 +127,13 @@ class KTFieldset extends KTEntity {
-    /* 
+    /*
      * get document types using this field
-     * for listing displays                 
+     * for listing displays
      */
     function &getDocumentTypesUsing($aOptions = null) {
         $bIds = KTUtil::arrayGet($aOptions, 'ids');
-        
+
         $sTable = KTUtil::getTableName('document_type_fieldsets');
         $aQuery = array(
@@ -161,7 +161,7 @@ class KTFieldset extends KTEntity {
     // Static function
     function &get($iId) { return KTEntityUtil::get('KTFieldset', $iId); }
-    function &getList($sWhereClause = null) { return KTEntityUtil::getList2('KTFieldset', $sWhereClause); }	
+    function &getList($sWhereClause = null) { return KTEntityUtil::getList2('KTFieldset', $sWhereClause); }
     function &createFromArray($aOptions) { return KTEntityUtil::createFromArray('KTFieldset', $aOptions); }
 	function &getNonGenericFieldsets($aOptions = null) {
@@ -172,18 +172,18 @@ class KTFieldset extends KTEntity {
             'is_generic' => false,
             'disabled' => false,
         ), $aOptions);
-    }	
+    }
     function &getGenericFieldsets($aOptions = null) {
 	$aOptions = KTUtil::meldOptions(
-	    $aOptions, 
+	    $aOptions,
 	    array('multi' => true,)
 	);
         return KTEntityUtil::getByDict('KTFieldset', array(
             'is_generic' => true,
             'disabled' => false,
         ), $aOptions);
-    }	
+    }
     function &getForDocumentType($oDocumentType, $aOptions = null) {
         $bIds = KTUtil::arrayGet($aOptions, 'ids');
@@ -192,7 +192,7 @@ class KTFieldset extends KTEntity {
         } else {
             $iDocumentTypeId = $oDocumentType;
         }
-        
+
         $sTable = KTUtil::getTableName('document_type_fieldsets');
         $aQuery = array(
             "SELECT fieldset_id FROM $sTable WHERE document_type_id = ?",
@@ -210,22 +210,22 @@ class KTFieldset extends KTEntity {
         }
         return $aRet;
     }
-	
+
 	function &getAssociatedTypes() {
 	    // NOTE:  this returns null if we are generic (all is the wrong answer)
 		if ($this->getIsGeneric()) { return array(); }
-		
+
 		$sTable = KTUtil::getTableName('document_type_fieldsets');
         $aQuery = array(
             "SELECT document_type_id FROM $sTable WHERE fieldset_id = ?",
             array($this->getId()),
         );
         $aIds = DBUtil::getResultArrayKey($aQuery, 'document_type_id');
-		
+
 		$aRet = array();
 		foreach ($aIds as $iID) {
 		    $oType = DocumentType::get($iID);
-			if (!PEAR::isError($oType)) { 
+			if (!PEAR::isError($oType)) {
 			    $aRet[] = $oType;
 			}
 		}
@@ -248,13 +248,13 @@ class KTFieldset extends KTEntity {
             'disabled' => false,
         ));
     }
-    
+
     function &getByName($sName) {
         return KTEntityUtil::getByDict('KTFieldset', array(
             'name' => $sName,
             'disabled' => false,
         ));
-    }	    
+    }
 }
 ?>
@@ -9,32 +9,32 @@
  * KnowledgeTree Open Source Edition
  * Document Management Made Simple
  * Copyright (C) 2004 - 2008 The Jam Warehouse Software (Pty) Limited
- * 
+ *
  * This program is free software; you can redistribute it and/or modify it under
  * the terms of the GNU General Public License version 3 as published by the
  * Free Software Foundation.
- * 
+ *
  * This program is distributed in the hope that it will be useful, but WITHOUT
  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  * FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
  * details.
- * 
+ *
  * You should have received a copy of the GNU General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- * 
+ *
  * You can contact The Jam Warehouse Software (Pty) Limited, Unit 1, Tramber Place,
  * Blake Street, Observatory, 7925 South Africa. or email info@knowledgetree.com.
- * 
+ *
  * The interactive user interfaces in modified source and object code versions
  * of this program must display Appropriate Legal Notices, as required under
  * Section 5 of the GNU General Public License version 3.
- * 
+ *
  * In accordance with Section 7(b) of the GNU General Public License version 3,
  * these Appropriate Legal Notices must retain the display of the "Powered by
- * KnowledgeTree" logo and retain the original copyright notice. If the display of the 
+ * KnowledgeTree" logo and retain the original copyright notice. If the display of the
  * logo is not reasonably feasible for technical reasons, the Appropriate Legal Notices
- * must display the words "Powered by KnowledgeTree" and retain the original 
- * copyright notice. 
+ * must display the words "Powered by KnowledgeTree" and retain the original
+ * copyright notice.
  * Contributor( s): ______________________________________
  */
@@ -59,13 +59,13 @@ class KTWorkflow extends KTEntity {
     var $_bUsePearError = true;
     function getID() { return $this->iId; }
-    function getName() { return sanitizeForSQLtoHTML($this->sName); }
-    function getHumanName() { return sanitizeForSQLtoHTML($this->sHumanName); }
+    function getName() { return ($this->sName); }
+    function getHumanName() { return ($this->sHumanName); }
     function getStartStateId() { return $this->iStartStateId; }
     function getIsEnabled() { return ($this->bEnabled == true); }
     function setID($iId) { $this->iId = $iId; }
-    function setName($sName) { $this->sName = sanitizeForSQL($sName); }
-    function setHumanName($sHumanName) { $this->sHumanName = sanitizeForSQL($sHumanName); }
+    function setName($sName) { $this->sName = ($sName); }
+    function setHumanName($sHumanName) { $this->sHumanName = ($sHumanName); }
     function setStartStateId($iStartStateId) { $this->iStartStateId = $iStartStateId; }
     function setIsEnabled($mValue) { $this->bEnabled = ($mValue == true); }
@@ -98,7 +98,7 @@ class KTWorkflow extends KTEntity {
     function &getByName($sName) {
         return KTEntityUtil::getBy('KTWorkflow', 'name', $sName);
     }
-    
+
     function getIsFunctional() {
         return (($this->getStartStateId() != false) && ($this->getIsEnabled()));
     }
@@ -8,32 +8,32 @@
  * KnowledgeTree Open Source Edition
  * Document Management Made Simple
  * Copyright (C) 2004 - 2008 The Jam Warehouse Software (Pty) Limited
- * 
+ *
  * This program is free software; you can redistribute it and/or modify it under
  * the terms of the GNU General Public License version 3 as published by the
  * Free Software Foundation.
- * 
+ *
  * This program is distributed in the hope that it will be useful, but WITHOUT
  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  * FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
  * details.
- * 
+ *
  * You should have received a copy of the GNU General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- * 
+ *
  * You can contact The Jam Warehouse Software (Pty) Limited, Unit 1, Tramber Place,
  * Blake Street, Observatory, 7925 South Africa. or email info@knowledgetree.com.
- * 
+ *
  * The interactive user interfaces in modified source and object code versions
  * of this program must display Appropriate Legal Notices, as required under
  * Section 5 of the GNU General Public License version 3.
- * 
+ *
  * In accordance with Section 7(b) of the GNU General Public License version 3,
  * these Appropriate Legal Notices must retain the display of the "Powered by
- * KnowledgeTree" logo and retain the original copyright notice. If the display of the 
+ * KnowledgeTree" logo and retain the original copyright notice. If the display of the
  * logo is not reasonably feasible for technical reasons, the Appropriate Legal Notices
- * must display the words "Powered by KnowledgeTree" and retain the original 
- * copyright notice. 
+ * must display the words "Powered by KnowledgeTree" and retain the original
+ * copyright notice.
  * Contributor( s): ______________________________________
  */
@@ -57,20 +57,20 @@ class KTWorkflowState extends KTEntity {
     var $_bUsePearError = true;
     function getId() { return $this->iId; }
-    function getName() { return sanitizeForSQLtoHTML($this->sName); }
-    function getHumanName() { return sanitizeForSQLtoHTML($this->sHumanName); }
+    function getName() { return ($this->sName); }
+    function getHumanName() { return ($this->sHumanName); }
     function getWorkflowId() { return $this->iWorkflowId; }
     function getInformDescriptorId() { return $this->iInformDescriptorId; }
     function setId($iId) { $this->iId = $iId; }
-    function setName($sName) { $this->sName = sanitizeForSQL($sName); }
-    function setHumanName($sHumanName) { $this->sHumanName = sanitizeForSQL($sHumanName); }
+    function setName($sName) { $this->sName = ($sName); }
+    function setHumanName($sHumanName) { $this->sHumanName = ($sHumanName); }
     function setWorkflowId($iWorkflowId) { $this->iWorkflowId = $iWorkflowId; }
     function setInformDescriptorId($iInformDescriptorId) { $this->iInformDescriptorId = $iInformDescriptorId; }
     function _table () {
         return KTUtil::getTableName('workflow_states');
     }
-    
+
     function _ktentityOptions() {
         return array(
             'orderby' => 'human_name',
@@ -128,13 +128,13 @@ class KTWorkflowState extends KTEntity {
             'KTWorkflowState', array(
                 'name' => $sName,
                 'workflow_id' => $iWorkflowId
-            )        
+            )
         );
         // expect KTEntityNoObjects
         if (PEAR::isError($res)) {
             return false;
         }
-        
+
         return true;
     }
@@ -8,32 +8,32 @@
  * KnowledgeTree Open Source Edition
  * Document Management Made Simple
  * Copyright (C) 2004 - 2008 The Jam Warehouse Software (Pty) Limited
- * 
+ *
  * This program is free software; you can redistribute it and/or modify it under
  * the terms of the GNU General Public License version 3 as published by the
  * Free Software Foundation.
- * 
+ *
  * This program is distributed in the hope that it will be useful, but WITHOUT
  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  * FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
  * details.
- * 
+ *
  * You should have received a copy of the GNU General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- * 
+ *
  * You can contact The Jam Warehouse Software (Pty) Limited, Unit 1, Tramber Place,
  * Blake Street, Observatory, 7925 South Africa. or email info@knowledgetree.com.
- * 
+ *
  * The interactive user interfaces in modified source and object code versions
  * of this program must display Appropriate Legal Notices, as required under
  * Section 5 of the GNU General Public License version 3.
- * 
+ *
  * In accordance with Section 7(b) of the GNU General Public License version 3,
  * these Appropriate Legal Notices must retain the display of the "Powered by
- * KnowledgeTree" logo and retain the original copyright notice. If the display of the 
+ * KnowledgeTree" logo and retain the original copyright notice. If the display of the
  * logo is not reasonably feasible for technical reasons, the Appropriate Legal Notices
- * must display the words "Powered by KnowledgeTree" and retain the original 
- * copyright notice. 
+ * must display the words "Powered by KnowledgeTree" and retain the original
+ * copyright notice.
  * Contributor( s): ______________________________________
  */
@@ -67,8 +67,8 @@ class KTWorkflowTransition extends KTEntity {
     var $_bUsePearError = true;
     function getId() { return $this->iId; }
-    function getName() { return sanitizeForSQLtoHTML($this->sName); }
-    function getHumanName() { return sanitizeForSQLtoHTML($this->sHumanName); }
+    function getName() { return ($this->sName); }
+    function getHumanName() { return ($this->sHumanName); }
     function getWorkflowId() { return $this->iWorkflowId; }
     function getTargetStateId() { return $this->iTargetStateId; }
     function getGuardPermissionId() { return $this->iGuardPermissionId; }
@@ -77,8 +77,8 @@ class KTWorkflowTransition extends KTEntity {
     function getGuardConditionId() { return $this->iGuardConditionId; }
     function setId($iId) { $this->iId = $iId; }
-    function setName($sName) { $this->sName = sanitizeForSQL($sName); }
-    function setHumanName($sHumanName) { $this->sHumanName = sanitizeForSQL($sHumanName); }
+    function setName($sName) { $this->sName = ($sName); }
+    function setHumanName($sHumanName) { $this->sHumanName = ($sHumanName); }
     function setWorkflowId($iWorkflowId) { $this->iWorkflowId = $iWorkflowId; }
     function setTargetStateId($iTargetStateId) { $this->iTargetStateId = $iTargetStateId; }
     function setGuardPermissionId($iGuardPermissionId) { $this->iGuardPermissionId = $iGuardPermissionId; }
@@ -89,7 +89,7 @@ class KTWorkflowTransition extends KTEntity {
     function _table () {
         return KTUtil::getTableName('workflow_transitions');
     }
-    
+
     // STATIC
     function _ktentityOptions() {
         return array(
@@ -146,7 +146,7 @@ class KTWorkflowTransition extends KTEntity {
         $oWorkflowState =& KTWorkflowState::get($this->getTargetStateId());
         return sprintf(_kt("%s (to state %s)"), $this->getName(), $oWorkflowState->getName());
     }
-    
+
     // STATIC
     function nameExists($sName, $oWorkflow) {
         $iWorkflowId = KTUtil::getId($oWorkflow);
@@ -154,16 +154,16 @@ class KTWorkflowTransition extends KTEntity {
             'KTWorkflowTransition', array(
                 'name' => $sName,
                 'workflow_id' => $iWorkflowId
-            )        
+            )
         );
         // expect KTEntityNoObjects
         if (PEAR::isError($res)) {
             return false;
         }
-        
+
         return true;
     }
-    
+
 }
 ?>
@@ -61,13 +61,23 @@ class DiskUsageDashlet extends KTBaseDashlet
 		$this->warningPercent = $config->get('DiskUsage/warningThreshold', 15);
 		$this->urgentPercent = $config->get('DiskUsage/urgentThreshold', 5);
-		$this->getUsage();
+		$got_usage = $this->getUsage();
+
+		if ($got_usage == false)
+		{
+			return false;
+		}
 		return Permission::userIsSystemAdministrator();
 	}
 	function getUsage($refresh=false)
 	{
+		if (isset($_SESSION['DiskUsage']['problem']))
+		{
+			return false;
+		}
+
     	$check = true;
     	// check if we have a cached result
 		if (isset($_SESSION['DiskUsage']))
@@ -96,6 +106,13 @@ class DiskUsageDashlet extends KTBaseDashlet
 				$result = shell_exec($cmd." 2>&1");
 			}
+			if (strpos($result, 'cannot read table of mounted file systems') !== false)
+			{
+				$_SESSION['DiskUsage']['problem'] = true;
+				return false;
+			}
+
+
 			$result = explode("\n", $result);
 			unset($result[0]); // gets rid of headings
@@ -135,6 +152,8 @@ class DiskUsageDashlet extends KTBaseDashlet
     		$_SESSION['DiskUsage']['time'] = time();
     		$_SESSION['DiskUsage']['usage'] = $this->usage;
 		}
+
+		return true;
 	}
 	function render()
@@ -49,13 +49,13 @@ class KTBulkDeleteAction extends KTBulkAction {
     function getDisplayName() {
         return _kt('Delete');
     }
-    
+
     function check_entity($oEntity) {
         if(is_a($oEntity, 'Document')) {
             if($oEntity->getImmutable())
             {
             	return PEAR::raiseError(_kt('Document cannot be deleted as it is immutable'));
-            }            
+            }
         }
         return parent::check_entity($oEntity);
     }
@@ -894,11 +894,23 @@ class KTBrowseBulkCheckoutAction extends KTBulkAction {
         $sReason = $this->sReason;
         if(is_a($oEntity, 'Document')) {
-            $res = KTDocumentUtil::checkout($oEntity, $sReason, $this->oUser);
-            if(PEAR::isError($res)) {
-                return PEAR::raiseError($oEntity->getName().': '.$res->getMessage());
+            if($oEntity->getIsCheckedOut()){
+                $checkedOutUser = $oEntity->getCheckedOutUserID();
+                $sUserId = $_SESSION['userID'];
+
+                if($checkedOutUser != $sUserId){
+                    $oCheckedOutUser = User::get($checkedOutUser);
+                    return PEAR::raiseError($oEntity->getName().': '._kt('Document has already been checked out by ').$oCheckedOutUser->getName());
+                }
+            }else{
+                $res = KTDocumentUtil::checkout($oEntity, $sReason, $this->oUser);
+
+                if(PEAR::isError($res)) {
+                    return PEAR::raiseError($oEntity->getName().': '.$res->getMessage());
+                }
             }
+
             if($this->bDownload){
                 if ($this->bNoisy) {
                     $oDocumentTransaction = new DocumentTransaction($oEntity, "Document part of bulk checkout", 'ktstandard.transactions.check_out', array());
@@ -39,8 +39,9 @@ require_once(KT_LIB_DIR . &#39;/browse/browseutil.inc.php&#39;);
 require_once(KT_LIB_DIR . '/documentmanagement/Document.inc');
 require_once(KT_LIB_DIR . '/documentmanagement/DocumentTransaction.inc');
- 
-$aDocuments =& Document::getList("status_id=" . DELETED);
+
+$sWhere = "status_id=" . DELETED;
+$aDocuments =& Document::getList($sWhere);
 $pageNum = $_REQUEST['page'];
@@ -50,6 +51,11 @@ if(fmod($items, 10) &gt; 0){
 }else{
 	$pages = ($items/10);
 }
+
+for($i=1; $i<=$pages; $i++){
+	$aPages[] = $i;
+}
+			
 if($pageNum == 1){
 	$listStart = 0;
 	$listEnd = 9;
@@ -60,13 +66,53 @@ if($pageNum == 1){
 	$listStart = (10*($pageNum-1));
 	$listEnd = $listStart+9;
 }
+
+
+
+$output = "<table class=\"kt_collection\"> 
+				<thead>
+			    <tr>
+	      			<th style=\"width:2em\"><input type=\"checkbox\" onclick=\"toggleSelectFor(this, 'selected_docs')\" title=\"toggle all\"/></th>
+	      			<th>"._kt('Document Name').'</th>
+			        <th>'._kt('Last Modification').'</th>
+	      			<th>'._kt('Deletion Comment').'</th>
+    			</tr>
+  				</thead> 
+				<tbody>';
+				
+
 for($i = $listStart; $i <= $listEnd; $i++){
-	$output .=  "<tr>
-	      <td><input type='checkbox' name='selected_docs[]' value='".$aDocuments[$i]->getId()."'/></td>
+	$output .= "
+				<tr>
+	      <td><input type=\"checkbox\" name=\"selected_docs[]\" value=\"".$aDocuments[$i]->getId()."\"/></td>
 	      <td>".$aDocuments[$i]->getName()."</td>
 	      <td>".$aDocuments[$i]->getLastModifiedDate()."</td>
 	      <td>".$aDocuments[$i]->getLastDeletionComment()."</td>
 	    </tr>";
+	        
 }
+
+
+$output .= '<tfoot>
+  	<tr>
+  		<td colspan="4">
+  			<span style="float: left">'.$items.' '._kt('items, 10 per page').'</span>
+  		</td>
+  	</tr>
+  	<tr>
+  		<td colspan="4">
+  			<div align="center">';
+  			
+  				foreach($aPages as $page){
+					$output .= '<a href="#" onclick="buildList(this.innerHTML)">'.$page.'</a>&nbsp;';
+  				}
+  				
+$output .= '</div>
+		</td>
+  	</tr>
+  </tfoot>
+  </table>
+  </tbody></table>';
+  
 echo $output;
 ?>
@@ -453,11 +453,29 @@ class KTFolderPermissionsAction extends KTFolderAction {
         if (!KTBrowseUtil::inAdminMode($this->oUser, $this->oFolder)) {
             $this->oValidator->userHasPermissionOnItem($this->oUser, $this->_sEditShowPermission, $this->oFolder, $aOptions);
         }
+
+        $aFoo = $_REQUEST['foo'];
+        $aPermissions = KTPermission::getList();
+
+        // Check which groups have permission to manage security
+        $aNewGroups = $aFoo[4]['group'];
+        $aNewRoles = (isset($aFoo[4]['role']) ? $aFoo[4]['role'] : array());
+
+        // Ensure the user is not removing his/her own permission to update the folder permissions (manage security)
+        if(!in_array(-3, $aNewRoles)){
+            $iUserId = $this->oUser->getId();
+            if(!GroupUtil::checkUserInGroups($iUserId, $aNewGroups)){
+                // If user no longer has permission, return an error.
+                $this->addErrorMessage(_kt('The selected permissions cannot be updated. You will no longer have permission to manage security on this folder.'));
+                $this->redirectTo('edit', 'fFolderId=' . $this->oFolder->getId());
+                exit(0);
+            }
+        }
+
+
         require_once(KT_LIB_DIR . '/documentmanagement/observers.inc.php');
         $oPO = KTPermissionObject::get($this->oFolder->getPermissionObjectId());
-        $aFoo = $_REQUEST['foo'];
-        $aPermissions = KTPermission::getList();
         foreach ($aPermissions as $oPermission) {
             $iPermId = $oPermission->getId();
@@ -471,11 +489,11 @@ class KTFolderPermissionsAction extends KTFolderAction {
             'transactionNS' => 'ktcore.transactions.permissions_change',
             'userid' => $_SESSION['userID'],
             'ip' => Session::getClientIP(),
-        ));
+            ));
         $aOptions = array(
             'defaultmessage' => _kt('Error updating permissions'),
             'redirect_to' => array('edit', sprintf('fFolderId=%d', $this->oFolder->getId())),
-        );
+            );
         $this->oValidator->notErrorFalse($oTransaction, $aOptions);
         $po =& new JavascriptObserver($this);
@@ -65,9 +65,17 @@ class KTDocumentImmutableAction extends KTDocumentAction {
     }
     function do_main() {
-        $this->oDocument->setImmutable(true);
-        $this->oDocument->update();
-        controllerRedirect('viewDocument', 'fDocumentId=' .  $this->oDocument->getId());
+        if(!$this->oDocument->getIsCheckedOut())
+        {
+	        $this->oDocument->setImmutable(true);
+	        $this->oDocument->update();
+	        controllerRedirect('viewDocument', 'fDocumentId=' .  $this->oDocument->getId());
+        }
+        else
+        {
+        	$this->addErrorMessage(_kt('Document is checked out and cannot be made immutable'));
+        	controllerRedirect('viewDocument', 'fDocumentId=' .  $this->oDocument->getId());
+        }
     }
 }
@@ -16,7 +16,7 @@ function buildList(value){
 function stateChanged(){ 
 	if (xmlHttp.readyState==4 || xmlHttp.readyState=="complete"){ 
-		document.getElementById("output").innerHTML=xmlHttp.responseText;
+		document.getElementById("tableoutput").innerHTML=xmlHttp.responseText;
 	}
 } 
@@ -259,8 +259,8 @@ class ExprFieldRegistry
 		foreach($result as $record)
 		{
-			$fieldset = $record['fieldset'];
-			$field = $record['field'];
+			$fieldset = addslashes($record['fieldset']);
+			$field = addslashes($record['field']);
 			$fieldsetid = $record['fsid'];
 			$fieldid = $record['fid'];
 			$classname = "MetadataField$fieldid";
@@ -96,7 +96,7 @@ class SearchHelper
 		{
 			if ($dt++ > 0) $documenttypes_str .= ',';
 			$id=$user['id'];
-			$name=$user['name'];
+			$name=(addslashes($user['name']));
 			$documenttypes_str .= "\n\t{id: \"$id\", name: \"$name\"}";
 		}
@@ -139,7 +139,7 @@ class SearchHelper
 		{
 			if ($uo++ > 0) $users_str .= ',';
 			$id=$user['id'];
-			$name=$user['name'];
+			$name=(addslashes($user['name']));
 			$users_str .= "\n\t{id: \"$id\", name: \"$name\"}";
 		}
@@ -159,8 +159,8 @@ class SearchHelper
 		foreach($fields as $field)
 		{
 			if ($fo++ > 0) $fields_str .= ',';
-			$alias = $field['alias'];
-			$display = $field['display'];
+			$alias = (addslashes($field['alias']));
+			$display = (addslashes($field['display']));
 			$type = $field['type'];
 			$fields_str .= "\n\t{alias: \"$alias\", name: \"$display\", type:\"$type\"}";
 		}
@@ -182,7 +182,7 @@ class SearchHelper
         {
         	if ($wo++ > 0) $workflow_str .= ',';
         	$wid = $workflow['id'];
-        	$name = $workflow['name'];
+        	$name = (addslashes($workflow['name']));
         	$workflow_str .= "\n\t{id:\"$wid\", name: \"$name\", states: [ ";
@@ -194,7 +194,7 @@ class SearchHelper
         	{
         		if ($so++>0) $workflow_str .= ',';
 				$sid = $state['id'];
-				$name=$state['name'];
+				$name=(addslashes($state['name']));
 				$result['workflows'][$wid]['states'][$sid] = $state;
 				$workflow_str .= "\n\t\t{id:\"$wid\", name: \"$name\"}";
         	}
@@ -217,8 +217,8 @@ class SearchHelper
         foreach($fieldsets as $fieldset)
         {
         	$fsid=$fieldset['id'];
-        	$name = $fieldset['name'];
-        	$desc = $fieldset['description'];
+        	$name = (addslashes($fieldset['name']));
+        	$desc = (addslashes($fieldset['description']));
         	if ($fso++>0) $fieldset_str .= ',';
         	$fieldset_str .= "\n\t{id:\"$fsid\",name:\"$name\",description:\"$desc\", fields: [";
@@ -231,8 +231,8 @@ class SearchHelper
         	{
         		if ($fo++ >0) $fieldset_str .= ',';
 				$fid = $field['id'];
-				$name= $field['name'];
-				$desc = $field['description'];
+				$name= (addslashes($field['name']));
+				$desc = (addslashes($field['description']));
 				$datatype=$field['datatype'];
 				$control=$field['control'];
         		$fieldset_str .= "\n\t\t{id:\"$fid\", name:\"$name\", description:\"$desc\", datatype:\"$datatype\", control:\"$control\", options: [";
@@ -246,7 +246,7 @@ class SearchHelper
         		{
         			if ($oo++ > 0) $fieldset_str .= ',';
         			$oid = $option['id'];
-					$name= $option['name'];
+					$name= (addslashes($option['name']));
         			$fieldset_str .= "\n\t\t\t{id: \"$oid\", name: \"$name\"}";
         		}
         		$fieldset_str .= ']}';
@@ -17,6 +17,7 @@ can &lt;strong&gt;restore&lt;/strong&gt; them as necessary.{/i18n}&lt;/p&gt;
 {foreach item=oFDoc from=$fullList}
 	<input type="hidden" name="docIds[]" value="{$oFDoc->getId()}">
 {/foreach}
+<div id="tableoutput">
 <table class="kt_collection">
   <thead>
     <tr>
@@ -55,6 +56,7 @@ can &lt;strong&gt;restore&lt;/strong&gt; them as necessary.{/i18n}&lt;/p&gt;
   	</tr>
   </tfoot>
 </table>
+</div>
 <div class="form_actions">
    <input type="submit" name="submit[expunge]" value="{i18n}Expunge{/i18n}" />
    <input type="submit" name="submit[restore]" value="{i18n}Restore{/i18n}" />