Peter M. Groen / knowledgetree

Commit 99b80311c9c80695567e127702389fa86fb3ffc4

Authored by kevin_fourie
1 parent 0b60b9ae

Merged in from DEV trunk... 

KTS-2128
"Renaming a folder double sanitizes the new foldername"
Fixed the folder add method too.

Committed By: Kevin
Reviewed By: Isaac


git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/STABLE/trunk@6850 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 1 changed file with 121 additions and 121 deletions
lib/foldermanagement/folderutil.inc.php
  View file @99b8031
... ... @@ -31,7 +31,7 @@
31 31 */
32 32  
33 33 require_once(KT_LIB_DIR . '/storage/storagemanager.inc.php');
34   -require_once(KT_LIB_DIR . '/subscriptions/subscriptions.inc.php');
  34 +require_once(KT_LIB_DIR . '/subscriptions/subscriptions.inc.php');
35 35  
36 36 require_once(KT_LIB_DIR . '/permissions/permission.inc.php');
37 37 require_once(KT_LIB_DIR . '/permissions/permissionutil.inc.php');
... ... @@ -42,7 +42,7 @@ require_once(KT_LIB_DIR . '/foldermanagement/foldertransaction.inc.php');
42 42 require_once(KT_LIB_DIR . '/database/dbutil.inc');
43 43  
44 44 class KTFolderUtil {
45   - function _add ($oParentFolder, $sFolderName, $oUser) {
  45 + function _add($oParentFolder, $sFolderName, $oUser) {
46 46 if (PEAR::isError($oParentFolder)) {
47 47 return $oParentFolder;
48 48 }
... ... @@ -51,10 +51,10 @@ class KTFolderUtil {
51 51 }
52 52 $oStorage =& KTStorageManagerUtil::getSingleton();
53 53 $oFolder =& Folder::createFromArray(array(
54   - 'name' => $sFolderName,
55   - 'description' => $sFolderName,
56   - 'parentid' => $oParentFolder->getID(),
57   - 'creatorid' => $oUser->getID(),
  54 + 'name' => sanitizeForSQL($sFolderName),
  55 + 'description' => sanitizeForSQL($sFolderName),
  56 + 'parentid' => $oParentFolder->getID(),
  57 + 'creatorid' => $oUser->getID(),
58 58 ));
59 59 if (PEAR::isError($oFolder)) {
60 60 return $oFolder;
... ... @@ -67,35 +67,35 @@ class KTFolderUtil {
67 67 return $oFolder;
68 68 }
69 69  
70   - function add ($oParentFolder, $sFolderName, $oUser) {
71   -
72   -
73   - $folderid=$oParentFolder->getId();
  70 + function add($oParentFolder, $sFolderName, $oUser) {
  71 +
  72 +
  73 + $folderid=$oParentFolder->getId();
74 74 // check for conflicts first
75 75 if (Folder::folderExistsName($sFolderName,$folderid)) {
76 76 return PEAR::raiseError(sprintf(_kt('The folder %s already exists.'), $sFolderName));
77 77 }
78   -
79   - $oFolder = KTFolderUtil::_add($oParentFolder, $sFolderName, $oUser);
  78 +
  79 + $oFolder = KTFolderUtil::_add($oParentFolder, $sFolderName, $oUser);
80 80 if (PEAR::isError($oFolder)) {
81 81 return $oFolder;
82 82 }
83   -
  83 +
84 84  
85 85 $oTransaction = KTFolderTransaction::createFromArray(array(
86   - 'folderid' => $oFolder->getId(),
87   - 'comment' => _kt('Folder created'),
88   - 'transactionNS' => 'ktcore.transactions.create',
89   - 'userid' => $oUser->getId(),
90   - 'ip' => Session::getClientIP(),
  86 + 'folderid' => $oFolder->getId(),
  87 + 'comment' => _kt('Folder created'),
  88 + 'transactionNS' => 'ktcore.transactions.create',
  89 + 'userid' => $oUser->getId(),
  90 + 'ip' => Session::getClientIP(),
91 91 ));
92 92  
93 93 // fire subscription alerts for the new folder
94 94 $oSubscriptionEvent = new SubscriptionEvent();
95 95 $oSubscriptionEvent->AddFolder($oFolder, $oParentFolder);
96   -
  96 +
97 97 KTFolderUtil::updateSearchableText($oFolder);
98   -
  98 +
99 99 return $oFolder;
100 100 }
101 101  
... ... @@ -131,7 +131,7 @@ class KTFolderUtil {
131 131  
132 132 // First, deal with SQL, as it, at least, is guaranteed to be atomic
133 133 $table = 'folders';
134   -
  134 +
135 135 if ($oNewParentFolder->getId() == 1) {
136 136 $sNewParentFolderPath = $oNewParentFolder->getName();
137 137 $sNewParentFolderIds = '';
... ... @@ -150,10 +150,10 @@ class KTFolderUtil {
150 150 // Update the moved folder first...
151 151 $sQuery = "UPDATE $table SET full_path = ?, parent_folder_ids = ?, parent_id = ? WHERE id = ?";
152 152 $aParams = array(
153   - sprintf("%s", $sNewParentFolderPath),
154   - $sNewParentFolderIds,
155   - $oNewParentFolder->getID(),
156   - $oFolder->getID(),
  153 + sprintf("%s", $sNewParentFolderPath),
  154 + $sNewParentFolderIds,
  155 + $oNewParentFolder->getID(),
  156 + $oFolder->getID(),
157 157 );
158 158 $res = DBUtil::runQuery(array($sQuery, $aParams));
159 159 if (PEAR::isError($res)) {
... ... @@ -165,14 +165,14 @@ class KTFolderUtil {
165 165 } else {
166 166 $sOldFolderPath = sprintf("%s/%s", $oFolder->getFullPath(), $oFolder->getName());
167 167 }
168   -
  168 +
169 169 $sQuery = "UPDATE $table SET full_path = CONCAT(?, SUBSTRING(full_path FROM ?)), parent_folder_ids = CONCAT(?, SUBSTRING(parent_folder_ids FROM ?)) WHERE full_path LIKE ?";
170 170 $aParams = array(
171   - sprintf("%s", $sNewParentFolderPath),
172   - strlen($oFolder->getFullPath()) + 1,
173   - $sNewParentFolderIds,
174   - strlen($oFolder->getParentFolderIDs()) + 1,
175   - sprintf("%s%%", $sOldFolderPath),
  171 + sprintf("%s", $sNewParentFolderPath),
  172 + strlen($oFolder->getFullPath()) + 1,
  173 + $sNewParentFolderIds,
  174 + strlen($oFolder->getParentFolderIDs()) + 1,
  175 + sprintf("%s%%", $sOldFolderPath),
176 176 );
177 177 $res = DBUtil::runQuery(array($sQuery, $aParams));
178 178 if (PEAR::isError($res)) {
... ... @@ -182,11 +182,11 @@ class KTFolderUtil {
182 182 $table = 'documents';
183 183 $sQuery = "UPDATE $table SET full_path = CONCAT(?, SUBSTRING(full_path FROM ?)), parent_folder_ids = CONCAT(?, SUBSTRING(parent_folder_ids FROM ?)) WHERE full_path LIKE ?";
184 184 $aParams = array(
185   - sprintf("%s", $sNewParentFolderPath),
186   - strlen($oFolder->getFullPath()) + 1,
187   - $sNewParentFolderIds,
188   - strlen($oFolder->getParentFolderIDs()) + 1,
189   - sprintf("%s%%", $sOldFolderPath),
  185 + sprintf("%s", $sNewParentFolderPath),
  186 + strlen($oFolder->getFullPath()) + 1,
  187 + $sNewParentFolderIds,
  188 + strlen($oFolder->getParentFolderIDs()) + 1,
  189 + sprintf("%s%%", $sOldFolderPath),
190 190 );
191 191 $res = DBUtil::runQuery(array($sQuery, $aParams));
192 192 if (PEAR::isError($res)) {
... ... @@ -204,11 +204,11 @@ class KTFolderUtil {
204 204 }
205 205  
206 206 $oTransaction = KTFolderTransaction::createFromArray(array(
207   - 'folderid' => $oFolder->getId(),
208   - 'comment' => $sComment,
209   - 'transactionNS' => 'ktcore.transactions.move',
210   - 'userid' => $oUser->getId(),
211   - 'ip' => Session::getClientIP(),
  207 + 'folderid' => $oFolder->getId(),
  208 + 'comment' => $sComment,
  209 + 'transactionNS' => 'ktcore.transactions.move',
  210 + 'userid' => $oUser->getId(),
  211 + 'ip' => Session::getClientIP(),
212 212 ));
213 213  
214 214 Document::clearAllCaches();
... ... @@ -216,20 +216,20 @@ class KTFolderUtil {
216 216  
217 217 if ($bChangePermissionObject) {
218 218 $aOptions = array(
219   - 'evenifnotowner' => true, // Inherit from parent folder, even though not permission owner
  219 + 'evenifnotowner' => true, // Inherit from parent folder, even though not permission owner
220 220 );
221 221 KTPermissionUtil::inheritPermissionObject($oFolder, $aOptions);
222 222 }
223 223  
224 224 return true;
225 225 }
226   -
  226 +
227 227 function rename($oFolder, $sNewName, $oUser) {
228 228 $oStorage =& KTStorageManagerUtil::getSingleton();
229 229 $sOldName = $oFolder->getName();
230 230 // First, deal with SQL, as it, at least, is guaranteed to be atomic
231 231 $table = "folders";
232   -
  232 +
233 233 $sQuery = "UPDATE $table SET full_path = CONCAT(?, SUBSTRING(full_path FROM ?)) WHERE full_path LIKE ?";
234 234  
235 235 if ($oFolder->getId() == 1) {
... ... @@ -241,9 +241,9 @@ class KTFolderUtil {
241 241  
242 242 }
243 243 $aParams = array(
244   - sprintf("%s", $sNewPath),
245   - strlen($sOldPath) + 1,
246   - sprintf("%s%%", $sOldPath),
  244 + sprintf("%s", $sNewPath),
  245 + strlen($sOldPath) + 1,
  246 + sprintf("%s%%", $sOldPath),
247 247 );
248 248 $res = DBUtil::runQuery(array($sQuery, $aParams));
249 249 if (PEAR::isError($res)) {
... ... @@ -253,9 +253,9 @@ class KTFolderUtil {
253 253 $table = "documents";
254 254 $sQuery = "UPDATE $table SET full_path = CONCAT(?, SUBSTRING(full_path FROM ?)) WHERE full_path LIKE ?";
255 255 $aParams = array(
256   - sprintf("%s", $sNewPath),
257   - strlen($sOldPath) + 1,
258   - sprintf("%s%%", $sOldPath),
  256 + sprintf("%s", $sNewPath),
  257 + strlen($sOldPath) + 1,
  258 + sprintf("%s%%", $sOldPath),
259 259 );
260 260 $res = DBUtil::runQuery(array($sQuery, $aParams));
261 261 if (PEAR::isError($res)) {
... ... @@ -266,16 +266,16 @@ class KTFolderUtil {
266 266 if (PEAR::isError($res)) {
267 267 return $res;
268 268 }
269   -
  269 +
270 270 $oFolder->setName($sNewName);
271 271 $res = $oFolder->update();
272 272  
273 273 $oTransaction = KTFolderTransaction::createFromArray(array(
274   - 'folderid' => $oFolder->getId(),
275   - 'comment' => sprintf(_kt("Renamed from \"%s\" to \"%s\""), $sOldName, $sNewName),
276   - 'transactionNS' => 'ktcore.transactions.rename',
277   - 'userid' => $_SESSION['userID'],
278   - 'ip' => Session::getClientIP(),
  274 + 'folderid' => $oFolder->getId(),
  275 + 'comment' => sprintf(_kt("Renamed from \"%s\" to \"%s\""), $sOldName, $sNewName),
  276 + 'transactionNS' => 'ktcore.transactions.rename',
  277 + 'userid' => $_SESSION['userID'],
  278 + 'ip' => Session::getClientIP(),
279 279 ));
280 280 if (PEAR::isError($oTransaction)) {
281 281 return $oTransaction;
... ... @@ -292,34 +292,34 @@ class KTFolderUtil {
292 292 function exists($oParentFolder, $sName) {
293 293 return Folder::folderExistsName($sName, $oParentFolder->getID());
294 294 }
295   -
296   -
297   -
  295 +
  296 +
  297 +
298 298 /* folderUtil::delete
299   - *
300   - * this function is _much_ more complex than it might seem.
301   - * we need to:
302   - * - recursively identify children
303   - * - validate that permissions are allocated correctly.
304   - * - step-by-step delete.
305   - */
306   -
  299 + *
  300 + * this function is _much_ more complex than it might seem.
  301 + * we need to:
  302 + * - recursively identify children
  303 + * - validate that permissions are allocated correctly.
  304 + * - step-by-step delete.
  305 + */
  306 +
307 307 function delete($oStartFolder, $oUser, $sReason, $aOptions = null) {
308 308 require_once(KT_LIB_DIR . '/unitmanagement/Unit.inc');
309 309  
310 310 $oPerm = KTPermission::getByName('ktcore.permissions.delete');
311 311  
312 312 $bIgnorePermissions = KTUtil::arrayGet($aOptions, 'ignore_permissions');
313   -
  313 +
314 314 $aFolderIds = array(); // of oFolder
315 315 $aDocuments = array(); // of oDocument
316 316 $aFailedDocuments = array(); // of String
317 317 $aFailedFolders = array(); // of String
318   -
  318 +
319 319 $aRemainingFolders = array($oStartFolder->getId());
320   -
  320 +
321 321 DBUtil::startTransaction();
322   -
  322 +
323 323 while (!empty($aRemainingFolders)) {
324 324 $iFolderId = array_pop($aRemainingFolders);
325 325 $oFolder = Folder::get($iFolderId);
... ... @@ -340,15 +340,15 @@ class KTFolderUtil {
340 340 } else {
341 341 $aFolderIds[] = $iFolderId;
342 342 }
343   -
  343 +
344 344 // child documents
345 345 $aChildDocs = Document::getList(array('folder_id = ?',array($iFolderId)));
346 346 foreach ($aChildDocs as $oDoc) {
347 347 if (!$bIgnorePermissions && $oDoc->getImmutable()) {
348   - if (!KTBrowseUtil::inAdminMode($oUser, $oStartFolder)) {
  348 + if (!KTBrowseUtil::inAdminMode($oUser, $oStartFolder)) {
349 349 $aFailedDocuments[] = $oDoc->getName();
350 350 continue;
351   - }
  351 + }
352 352 }
353 353 if ($bIgnorePermissions || (KTPermissionUtil::userHasPermissionOnItem($oUser, $oPerm, $oDoc) && ($oDoc->getIsCheckedOut() == false)) ) {
354 354 $aDocuments[] = $oDoc;
... ... @@ -356,14 +356,14 @@ class KTFolderUtil {
356 356 $aFailedDocuments[] = $oDoc->getName();
357 357 }
358 358 }
359   -
  359 +
360 360 // child folders.
361 361 $aCFIds = Folder::getList(array('parent_id = ?', array($iFolderId)), array('ids' => true));
362 362 $aRemainingFolders = kt_array_merge($aRemainingFolders, $aCFIds);
363 363 }
364 364  
365 365 // FIXME we could subdivide this to provide a per-item display (viz. bulk upload, etc.)
366   -
  366 +
367 367 if ((!empty($aFailedDocuments) || (!empty($aFailedFolders)))) {
368 368 $sFD = '';
369 369 $sFF = '';
... ... @@ -391,23 +391,23 @@ class KTFolderUtil {
391 391 // documents all cleared.
392 392 $sQuery = 'DELETE FROM ' . KTUtil::getTableName('folders') . ' WHERE id IN (' . DBUtil::paramArray($aFolderIds) . ')';
393 393 $aParams = $aFolderIds;
394   -
  394 +
395 395 $res = DBUtil::runQuery(array($sQuery, $aParams));
396 396  
397 397 if (PEAR::isError($res)) {
398 398 DBUtil::rollback();
399 399 return PEAR::raiseError(_kt('Failure deleting folders.'));
400 400 }
401   -
  401 +
402 402 // purge caches
403   - KTEntityUtil::clearAllCaches('Folder');
404   -
  403 + KTEntityUtil::clearAllCaches('Folder');
  404 +
405 405 // and store
406 406 DBUtil::commit();
407   -
  407 +
408 408 return true;
409 409 }
410   -
  410 +
411 411 function copy($oSrcFolder, $oDestFolder, $oUser, $sReason) {
412 412 if (KTFolderUtil::exists($oDestFolder, $oSrcFolder->getName())) {
413 413 return PEAR::raiseError(_kt("Folder with the same name already exists in the new parent folder"));
... ... @@ -417,20 +417,20 @@ class KTFolderUtil {
417 417 //
418 418 $oPerm = KTPermission::getByName('ktcore.permissions.read');
419 419 $oBaseFolderPerm = KTPermission::getByName('ktcore.permissions.addFolder');
420   -
  420 +
421 421 if (!KTPermissionUtil::userHasPermissionOnItem($oUser, $oBaseFolderPerm, $oDestFolder)) {
422 422 return PEAR::raiseError(_kt('You are not allowed to create folders in the destination.'));
423 423 }
424   -
  424 +
425 425 $aFolderIds = array(); // of oFolder
426 426 $aDocuments = array(); // of oDocument
427 427 $aFailedDocuments = array(); // of String
428 428 $aFailedFolders = array(); // of String
429   -
  429 +
430 430 $aRemainingFolders = array($oSrcFolder->getId());
431   -
  431 +
432 432 DBUtil::startTransaction();
433   -
  433 +
434 434 while (!empty($aRemainingFolders)) {
435 435 $iFolderId = array_pop($aRemainingFolders);
436 436 $oFolder = Folder::get($iFolderId);
... ... @@ -438,14 +438,14 @@ class KTFolderUtil {
438 438 DBUtil::rollback();
439 439 return PEAR::raiseError(sprintf(_kt('Failure resolving child folder with id = %d.'), $iFolderId));
440 440 }
441   -
  441 +
442 442 // don't just stop ... plough on.
443 443 if (KTPermissionUtil::userHasPermissionOnItem($oUser, $oPerm, $oFolder)) {
444 444 $aFolderIds[] = $iFolderId;
445 445 } else {
446 446 $aFailedFolders[] = $oFolder->getName();
447 447 }
448   -
  448 +
449 449 // child documents
450 450 $aChildDocs = Document::getList(array('folder_id = ?',array($iFolderId)));
451 451 foreach ($aChildDocs as $oDoc) {
... ... @@ -455,12 +455,12 @@ class KTFolderUtil {
455 455 $aFailedDocuments[] = $oDoc->getName();
456 456 }
457 457 }
458   -
  458 +
459 459 // child folders.
460 460 $aCFIds = Folder::getList(array('parent_id = ?', array($iFolderId)), array('ids' => true));
461 461 $aRemainingFolders = kt_array_merge($aRemainingFolders, $aCFIds);
462 462 }
463   -
  463 +
464 464 if ((!empty($aFailedDocuments) || (!empty($aFailedFolders)))) {
465 465 $sFD = '';
466 466 $sFF = '';
... ... @@ -472,15 +472,15 @@ class KTFolderUtil {
472 472 }
473 473 return PEAR::raiseError(_kt('You do not have permission to copy these items. ') . $sFD . $sFF);
474 474 }
475   -
  475 +
476 476 // first we walk the tree, creating in the new location as we go.
477 477 // essentially this is an "ok" pass.
478   -
479   -
480   - $oStorage =& KTStorageManagerUtil::getSingleton();
481   -
  478 +
  479 +
  480 + $oStorage =& KTStorageManagerUtil::getSingleton();
  481 +
482 482 $aFolderMap = array();
483   -
  483 +
484 484 $sTable = KTUtil::getTableName('folders');
485 485 $sGetQuery = 'SELECT * FROM ' . $sTable . ' WHERE id = ? ';
486 486 $aParams = array($oSrcFolder->getId());
... ... @@ -501,18 +501,18 @@ class KTFolderUtil {
501 501 return $res;
502 502 }
503 503 $aRemainingFolders = Folder::getList(array('parent_id = ?', array($oSrcFolder->getId())), array('ids' => true));
504   -
505   -
  504 +
  505 +
506 506 while (!empty($aRemainingFolders)) {
507 507 $iFolderId = array_pop($aRemainingFolders);
508   -
  508 +
509 509 $aParams = array($iFolderId);
510 510 $aRow = DBUtil::getOneResult(array($sGetQuery, $aParams));
511 511 unset($aRow['id']);
512   -
  512 +
513 513 // since we are nested, we will have solved the parent first.
514   - $aRow['parent_id'] = $aFolderMap[$aRow['parent_id']];
515   -
  514 + $aRow['parent_id'] = $aFolderMap[$aRow['parent_id']];
  515 +
516 516 $id = DBUtil::autoInsert($sTable, $aRow);
517 517 if (PEAR::isError($id)) {
518 518 $oStorage->removeFolder($oNewBaseFolder);
... ... @@ -520,7 +520,7 @@ class KTFolderUtil {
520 520 return $id;
521 521 }
522 522 $aFolderMap[$iFolderId] = $id;
523   -
  523 +
524 524 $oNewFolder = Folder::get($id);
525 525 $res = $oStorage->createFolder($oNewFolder);
526 526 if (PEAR::isError($res)) {
... ... @@ -529,18 +529,18 @@ class KTFolderUtil {
529 529 DBUtil::rollback();
530 530 return $res;
531 531 }
532   -
  532 +
533 533 $aCFIds = Folder::getList(array('parent_id = ?', array($iFolderId)), array('ids' => true));
534 534 $aRemainingFolders = kt_array_merge($aRemainingFolders, $aCFIds);
535 535 }
536   -
537   -
538   - // var_dump($aFolderMap);
539   -
  536 +
  537 +
  538 + // var_dump($aFolderMap);
  539 +
540 540 // now we can go ahead.
541 541 foreach ($aDocuments as $oDocument) {
542 542 $oChildDestinationFolder = Folder::get($aFolderMap[$oDocument->getFolderID()]);
543   -// var_dump($oDocument->getFolderID());
  543 + // var_dump($oDocument->getFolderID());
544 544 $res = KTDocumentUtil::copy($oDocument, $oChildDestinationFolder);
545 545 if (PEAR::isError($res) || ($res === false)) {
546 546 $oStorage->removeFolder($oNewBaseFolder);
... ... @@ -548,33 +548,33 @@ class KTFolderUtil {
548 548 return PEAR::raiseError(_kt('Delete Aborted. Unexpected failure to copydocument: ') . $oDocument->getName() . $res->getMessage());
549 549 }
550 550 }
551   -
  551 +
552 552 // and store
553 553 DBUtil::commit();
554   -
555   - return true;
  554 +
  555 + return true;
556 556 }
557   -
  557 +
558 558 function updateSearchableText($oFolder) {
559   - // very simple function to rebuild the searchable text for this
  559 + // very simple function to rebuild the searchable text for this
560 560 // folder.
561   -
  561 +
562 562 // MyISAM table for fulltext index - no transactions.
563   -
  563 +
564 564 // get the folder text
565 565 // XXX replace this with a trigger / producer set.
566 566 $sSearchableText = $oFolder->getName();
567   -
  567 +
568 568 // do the update.
569 569 $iFolderId = KTUtil::getId($oFolder);
570 570 $sTable = KTUtil::getTableName('folder_searchable_text');
571 571 $aDelete = array(
572   - "folder_id" => $iFolderId,
  572 + "folder_id" => $iFolderId,
573 573 );
574 574 DBUtil::whereDelete($sTable, $aDelete);
575 575 $aInsert = array(
576   - "folder_id" => $iFolderId,
577   - "folder_text" => $sSearchableText,
  576 + "folder_id" => $iFolderId,
  577 + "folder_text" => $sSearchableText,
578 578 );
579 579 return DBUtil::autoInsert($sTable, $aInsert, array('noid' => true));
580 580 }
... ...