Peter M. Groen / knowledgetree

Commit a3249ee209db7f4301563eb3a19f0d368bee7a36

Authored by michael
1 parent d1f0c9fd

merged from branch BRANCH_1_2_0_12082003 


git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@2662 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 72 changed files with 743 additions and 376 deletions
.project 0 → 100644
  View file @a3249ee
  1 +<?xml version="1.0" encoding="UTF-8"?>
  2 +<projectDescription>
  3 + <name>knowledgeTree</name>
  4 + <comment>Document Management System</comment>
  5 + <projects>
  6 + </projects>
  7 + <buildSpec>
  8 + </buildSpec>
  9 + <natures>
  10 + </natures>
  11 +</projectDescription>
... ...
config/siteMap.inc
  View file @a3249ee
... ... @@ -64,9 +64,9 @@ $default-&gt;siteMap-&gt;addPage(&quot;deleteFolder&quot;, &quot;/presentation/lookAndFeel/knowledgeT
64 64  
65 65  
66 66 // folder access
67   -$default->siteMap->addPage("addGroupFolderLink", "/presentation/lookAndFeel/knowledgeTree/foldermanagement/addGroupFolderLinkBL.php", "Manage Documents", UnitAdmin, "Add Folder Access", false);
68   -$default->siteMap->addPage("modifyGroupFolderLink", "/presentation/lookAndFeel/knowledgeTree/foldermanagement/editGroupFolderLinkBL.php", "Manage Documents", UnitAdmin, "Edit Folder Access", false);
69   -$default->siteMap->addPage("deleteGroupFolderLink", "/presentation/lookAndFeel/knowledgeTree/foldermanagement/deleteGroupFolderLinkBL.php", "Manage Documents", UnitAdmin, "Delete Folder Access", false);
  67 +$default->siteMap->addPage("addGroupFolderLink", "/presentation/lookAndFeel/knowledgeTree/foldermanagement/addGroupFolderLinkBL.php", "Manage Documents", User, "Add Folder Access", false);
  68 +$default->siteMap->addPage("modifyGroupFolderLink", "/presentation/lookAndFeel/knowledgeTree/foldermanagement/editGroupFolderLinkBL.php", "Manage Documents", User, "Edit Folder Access", false);
  69 +$default->siteMap->addPage("deleteGroupFolderLink", "/presentation/lookAndFeel/knowledgeTree/foldermanagement/deleteGroupFolderLinkBL.php", "Manage Documents", User, "Delete Folder Access", false);
70 70  
71 71 // document actions
72 72 $default->siteMap->addPage("modifyDocumentTypeMetaData", "/presentation/lookAndFeel/knowledgeTree/documentmanagement/modifySpecificMetaDataBL.php", "Manage Documents", User, "");
... ... @@ -80,6 +80,7 @@ $default-&gt;siteMap-&gt;addPage(&quot;deleteDependantDocument&quot;, &quot;/presentation/lookAndFeel
80 80 $default->siteMap->addPage("removeDocumentLink", "/presentation/lookAndFeel/knowledgeTree/documentmanagement/removeDocumentLinkBL.php", "Manage Documents", User, "", false);
81 81 $default->siteMap->addPage("addDocumentLink", "/presentation/lookAndFeel/knowledgeTree/documentmanagement/addDocumentLinkBL.php", "Manage Documents", User, "", false);
82 82 $default->siteMap->addPage("createDependantDocument", "/presentation/lookAndFeel/knowledgeTree/documentmanagement/createDependantDocumentBL.php", "Manage Documents", User, "", false);
  83 +$default->siteMap->addPage("escalateDependantDocument", "/presentation/lookAndFeel/knowledgeTree/documentmanagement/escalateDependantDocumentBL.php", "Manage Documents", User, "", false);
83 84  
84 85 $default->siteMap->addPage("addSubscription", "/presentation/lookAndFeel/knowledgeTree/subscriptions/addSubscriptionBL.php", "Manage Documents", User, "Add Folder Subscription");
85 86 $default->siteMap->addPage("removeSubscription", "/presentation/lookAndFeel/knowledgeTree/subscriptions/removeSubscriptionBL.php", "Manage Documents", User, "Remove Folder Subscription");
... ...
config/tableMappings.inc
  View file @a3249ee
... ... @@ -30,8 +30,6 @@ $default-&gt;data_types_table =&quot;data_types&quot;;
30 30 $default->document_fields_table = "document_fields";
31 31 // links document
32 32 $default->document_fields_link_table = "document_fields_link";
33   -// meta data value lookup table
34   -$default->document_fields_lookup_tables = "metadata_lookup";
35 33 // document subscriptions
36 34 $default->document_subscriptions_table = "document_subscriptions";
37 35 // document transaction types
... ...
docs/ChangeLog.txt
  View file @a3249ee
1 1 Version 1.2.0
2   -* Mon Jul 28 2003 Michael Joseph <michael@jamwarehouse.com>
3   -- Administration menu simplification and consistency.
4   -- Segmented configuration files for ease of maintenance.
5   -- Updated install documentation.
6   -- Archiving- add the ability to search for archived documents and request their restoration.
  2 +* Tue Aug 12 2003 Michael Joseph <michael@jamwarehouse.com>
7 3 - Document Details and Folder Properties- updated display- javascript content swapping.
8 4 - Improved display of Document actions- disabled buttons when action not available.
  5 +- Add Document- streamlined process by placing all details on one page.
  6 +- Archiving- add the ability to search for archived documents and request their restoration.
9 7 - Deletion of documents is now soft, additional Administration option to expunge/restore deleted documents.
  8 +- Administration menu simplification and consistency.
10 9 - Administration - Cancel document checkout status functionality added.
  10 +- Segmented configuration files for ease of maintenance.
  11 +- Updated install documentation.
11 12 - Additional online help files.
12 13  
13 14 Version 1.1.2
... ...
docs/INSTALL.txt
  View file @a3249ee
... ... @@ -8,7 +8,9 @@ KnowledgeTree Installation Notes
8 8 upload_tmp_dir = C:\PHP\uploadtemp
9 9 upload_max_filesize = 2M
10 10 session.use_cookies = 1
11   -
  11 + magic_quotes_gpc = On
  12 + magic_quotes_runtime = Off
  13 +
12 14 * Move the knowledgeTree folder to the directory it is going to be served from:
13 15 $ mv knowledgeTree /path/to/your/html/directory/
14 16  
... ... @@ -19,14 +21,26 @@ KnowledgeTree Installation Notes
19 21 $ mysql -p dms < sql/tables.sql
20 22  
21 23 * Configure your installation by changing the following attributes in config/environment.php:
22   - - $default->fileSystemRoot
23   - - $default->serverName
24   - - $default->sslEnabled
25   - - $default->authenticationClass
26   - - $default->dbUser
27   - - $default->dbPass
28   - - $default->dbHost
29   - - $default->dbName
  24 + - The fileSystemRoot property should point to the directory you installed the KnowledgeTree in eg.
  25 + $default->fileSystemRoot = "C:\Documents and Settings\michael\Desktop\php\knowledgeTree";
  26 +
  27 + - The serverName property should be the name of the webserver you're accessing the KnowledgeTree from eg.
  28 + $default->serverName = "localhost";
  29 +
  30 + - If the KnowledgeTree is not install in the root of your webserver, ie. you access the KnowledgeTree via a URL like
  31 + http://localhost/knowledgeTree, you must set the rootUrl property appropriately.
  32 + Eg. If your webserver root is "c:\myWebServerRoot" and you install KnowledgeTree into that directory (ie.
  33 + $default->fileSystemRoot = "c:\myWebServerRoot\knowledgeTree") then you must set your as follows:
  34 + $default->rootUrl = "/knowledgeTree";
  35 +
  36 + - If your webserver is SSL enabled then set this to true (in most cases this will be false) eg.
  37 + $default->sslEnabled = false;
  38 +
  39 + - Set the database properties to point to your MySQL installation
  40 + $default->dbUser = "root";
  41 + $default->dbPass = "pass123";
  42 + $default->dbHost = "localhost";
  43 + $default->dbName = "release112";
30 44  
31 45 * Check permissions on the Documents folder
32 46 - The "/Documents" folder MUST be able to be written to by your web server.
... ...
docs/TODO.txt
  View file @a3249ee
... ... @@ -2,9 +2,11 @@ KnowledgeTree DMS Development TODO List
2 2 ---------------------------------------
3 3  
4 4 (In no particular order after office integration)
5   -
6 5 - Microsoft Office integration- Open, Edit, Update documents in the KnowledgeTree
7 6 from within Microsoft Office programs (IN PROGRESS)
  7 +
  8 +- Search- improve standard search hitrate
  9 + - if there are no standard search results then try advanced search?
8 10 - WebDAV integration
9 11 - Reporting- Simple usage and statistics report generator
10 12 - Code Review and Refactoring
... ... @@ -40,5 +42,8 @@ KnowledgeTree DMS Development TODO List
40 42 - Allow overrides on a per document basis
41 43 - Search
42 44 - Search for document creator and folder names
  45 + - Accomodate custom search terms- $fCustomSearchxxx
  46 +- Allow thumbnails for image types (API for any other filetype)
  47 +- Permission model- allow breaking of permission inheritance (integrate with serving multiple organisations)
43 48  
44 49 $Id$
45 50 \ No newline at end of file
... ...
graphics/logo.jpg
View file @a3249ee

777 Bytes | W: | H:

576 Bytes | W: | H:

  • 2-up
  • Swipe
  • Onion skin
lib/DefaultLookup.inc
  View file @a3249ee
... ... @@ -82,7 +82,7 @@ class DefaultLookup {
82 82 //don't create the object if it's aready been created
83 83 if ($this->iId < 0) {
84 84 $sql = $default->db;
85   - $result = $sql->query("INSERT INTO $this->sTableName (name) VALUES ( '". addslashes($this->sName) . "')");
  85 + $result = $sql->query("INSERT INTO $this->sTableName (name) VALUES ('$this->sName')");
86 86 if ($result) {
87 87 //set the primary key;
88 88 $this->iId = $sql->insert_id();
... ... @@ -106,7 +106,7 @@ class DefaultLookup {
106 106 //can only update if the object has been stored
107 107 if ($this->iId >= 0) {
108 108 $sql = $default->db;
109   - $result = $sql->query("UPDATE $this->sTableName SET name = '" . addslashes($this->sName) . "' WHERE id = $this->iId");
  109 + $result = $sql->query("UPDATE $this->sTableName SET name = '$this->sName' WHERE id = $this->iId");
110 110 if ($result) {
111 111 return true;
112 112 }
... ... @@ -156,7 +156,7 @@ class DefaultLookup {
156 156 $result = $sql->query("SELECT * FROM $sTableName WHERE id = $iId");
157 157 if ($result) {
158 158 if ($sql->next_record()) {
159   - $oLookup = & new DefaultLookup($sTableName, stripslashes($sql->f("name")));
  159 + $oLookup = & new DefaultLookup($sTableName, $sql->f("name"));
160 160 $oLookup->iId = $iId;
161 161 return $oLookup;
162 162 }
... ...
lib/archiving/ArchivingType.inc
  View file @a3249ee
... ... @@ -82,7 +82,7 @@ class ArchivingType {
82 82 if ($this->iId < 0) {
83 83 $sql = $default->db;
84 84 $result = $sql->query("INSERT INTO $default->archiving_type_lookup_table (name) " .
85   - "VALUES ('" . addslashes($this->sName) . "')");
  85 + "VALUES ('$this->sName')");
86 86 if ($result) {
87 87 //set the current primary key
88 88 $this->iId = $sql->insert_id();
... ... @@ -103,7 +103,7 @@ class ArchivingType {
103 103 if ($this->iId >= 0) {
104 104 $sql = $default->db;
105 105 $sQuery = "UPDATE $default->archiving_type_lookup_table SET " .
106   - "name = '" . addslashes($this->sName) . "' " .
  106 + "name = '$this->sName' " .
107 107 "WHERE id = $this->iId";
108 108 $result = $sql->query($sQuery);
109 109 if ($result) {
... ...
lib/archiving/TimeUnit.inc
  View file @a3249ee
... ... @@ -82,7 +82,7 @@ class TimeUnit {
82 82 if ($this->iId < 0) {
83 83 $sql = $default->db;
84 84 $result = $sql->query("INSERT INTO $default->time_unit_lookup_table (name) " .
85   - "VALUES ('" . addslashes($this->sName) . "')");
  85 + "VALUES ('$this->sName')");
86 86 if ($result) {
87 87 //set the current primary key
88 88 $this->iId = $sql->insert_id();
... ... @@ -103,7 +103,7 @@ class TimeUnit {
103 103 if ($this->iId >= 0) {
104 104 $sql = $default->db;
105 105 $sQuery = "UPDATE $default->time_unit_lookup_table SET " .
106   - "name = '" . addslashes($this->sName) . "' " .
  106 + "name = '$this->sName' " .
107 107 "WHERE id = $this->iId";
108 108 $result = $sql->query($sQuery);
109 109 if ($result) {
... ...
lib/authentication/Authenticator.inc
  View file @a3249ee
... ... @@ -76,12 +76,10 @@ class Authenticator {
76 76 }
77 77 else {
78 78 // db access failed
79   - $_SESSION["errorMessage"] = $lang_err_database;
80 79 $aUserDetails["status"] = 0;
81 80 }
82 81 } else {
83 82 // db access failed
84   - $_SESSION["errorMessage"] = $lang_err_database;
85 83 $aUserDetails["status"] = 0;
86 84 }
87 85 } else {
... ...
lib/dashboard/DashboardNews.inc
  View file @a3249ee
... ... @@ -306,8 +306,8 @@ class DashboardNews {
306 306 if ($this->iId < 0) {
307 307 $sql = $default->db;
308 308 $result = $sql->query("INSERT INTO $default->news_table (synopsis, body, rank, image, image_size, image_mime_type_id, active) " .
309   - "VALUES ('" . addslashes($this->sSynopsis) . "', '" . addslashes($this->sBody) . "', $this->iRank, " .
310   - "'" . addslashes($this->sImage) . "', $this->iImageSize, $this->iImageMimeTypeID, " . ($this->bActive ? "1" : "0") . ")");
  309 + "VALUES ('$this->sSynopsis', '$this->sBody', $this->iRank, " .
  310 + "'$this->sImage', $this->iImageSize, $this->iImageMimeTypeID, " . ($this->bActive ? "1" : "0") . ")");
311 311 if ($result) {
312 312 //set the current news item primary key
313 313 $this->iId = $sql->insert_id();
... ... @@ -334,10 +334,10 @@ class DashboardNews {
334 334 if ($this->iId >= 0) {
335 335 $sql = $default->db;
336 336 $sQuery = "UPDATE " . $default->news_table . " SET " .
337   - "synopsis = '" . addslashes($this->sSynopsis) . "', " .
338   - "body = '" . addslashes($this->sBody) . "', " .
  337 + "synopsis = '$this->sSynopsis', " .
  338 + "body = '$this->sBody', " .
339 339 "rank = $this->iRank, " .
340   - "image = '" . addslashes($this->sImage) . "', " .
  340 + "image = '$this->sImage', " .
341 341 "image_size = $this->iImageSize " .
342 342 ($this->iImageMimeTypeID ? ", image_mime_type_id = $this->iImageMimeTypeID " : " ") .
343 343 "WHERE id = $this->iId";
... ... @@ -395,7 +395,7 @@ class DashboardNews {
395 395 $aImage = array( "image" => $sql->f("image"),
396 396 "filesize" => $sql->f("image_size"),
397 397 "mimetypeid" => $sql->f("image_mime_type_id") );
398   - $oDashboardNews = & new DashboardNews(stripslashes($sql->f("synopsis")), stripslashes($sql->f("body")), $sql->f("rank"), $aImage);
  398 + $oDashboardNews = & new DashboardNews($sql->f("synopsis"), $sql->f("body"), $sql->f("rank"), $aImage);
399 399 $oDashboardNews->iId = $iNewsID;
400 400 $oDashboardNews->setActive($sql->f("active"));
401 401 return $oDashboardNews;
... ...
lib/database/lookup.inc
  View file @a3249ee
... ... @@ -86,7 +86,7 @@ function lookupField($tableName, $selectFieldName, $whereFieldName, $whereFieldV
86 86  
87 87 if ($sql->query($query)) {
88 88 if ($sql->next_record()) {
89   - return stripslashes($sql->f($selectFieldName));
  89 + return $sql->f($selectFieldName);
90 90 } else {
91 91 $_SESSION["errorMessage"] = "$selectFieldName field lookup retrieval failed ($query).";
92 92 return false;
... ...
lib/documentmanagement/DependantDocumentInstance.inc
  View file @a3249ee
... ... @@ -79,7 +79,7 @@ class DependantDocumentInstance {
79 79 *
80 80 */
81 81 function setDocumentTitle($sNewValue) {
82   - $this -> sDocumentTitle = $sNewValue;
  82 + $this->sDocumentTitle = $sNewValue;
83 83 }
84 84  
85 85 /**
... ... @@ -99,7 +99,7 @@ class DependantDocumentInstance {
99 99 *
100 100 */
101 101 function getTemplateDocumentID() {
102   - return $this -> iTemplateDocumentID;
  102 + return $this->iTemplateDocumentID;
103 103 }
104 104  
105 105 /**
... ... @@ -109,7 +109,7 @@ class DependantDocumentInstance {
109 109 *
110 110 */
111 111 function setHasLookup($sNewValue) {
112   - $this -> iTemplateDocumentID = $sNewValue;
  112 + $this->iTemplateDocumentID = $sNewValue;
113 113 }
114 114  
115 115 function getParentDocumentID() {
... ... @@ -125,17 +125,17 @@ class DependantDocumentInstance {
125 125 function create() {
126 126 global $default, $lang_err_database, $lang_err_object_exists;
127 127 //if the object hasn't been created
128   - if ($this -> iId < 0) {
129   - $sql = $default -> db;
130   - $result = $sql -> query("INSERT INTO $default->dependant_document_instance_table (document_title, user_id,template_document_id, parent_document_id) VALUES ('" . addslashes($this->sDocumentTitle) . "', $this->iUserID, " . (isset($this->iTemplateDocumentID) ? "$this->iTemplateDocumentID" : "NULL") . ", " . $this->iParentDocumentID . ")");
  128 + if ($this->iId < 0) {
  129 + $sql = $default->db;
  130 + $result = $sql->query("INSERT INTO $default->dependant_document_instance_table (document_title, user_id,template_document_id, parent_document_id) VALUES ('$this->sDocumentTitle', $this->iUserID, " . (isset($this->iTemplateDocumentID) ? "$this->iTemplateDocumentID" : "NULL") . ", " . $this->iParentDocumentID . ")");
131 131 if ($result) {
132   - $this -> iId = $sql -> insert_id();
  132 + $this->iId = $sql->insert_id();
133 133 return true;
134 134 }
135 135 $_SESSION["errorMessage"] = $lang_err_database;
136 136 return false;
137 137 }
138   - $_SESSION["errorMessage"] = $lang_err_object_exists."id = ".$this -> iId." table = dependant_document_instance";
  138 + $_SESSION["errorMessage"] = $lang_err_object_exists."id = ".$this->iId." table = dependant_document_instance";
139 139 return false;
140 140 }
141 141  
... ... @@ -148,9 +148,9 @@ class DependantDocumentInstance {
148 148 function update() {
149 149 global $default, $lang_err_database, $lang_err_object_key;
150 150 //only update if the object has been stored
151   - if ($this -> iId > 0) {
152   - $sql = $default -> db;
153   - $result = $sql -> query("UPDATE $default -> owl_dependant_documents SET document_title = '".addslashes($this -> sDocumentTitle)."', user_id = $this->iUserID, template_document_id = $this->iTemplateDocumentID, parent_document_id = $this->iParentDocumentID WHERE id = $this->iId");
  151 + if ($this->iId > 0) {
  152 + $sql = $default->db;
  153 + $result = $sql->query("UPDATE $default->dependant_document_instance_table SET document_title = '$this->sDocumentTitle', user_id = $this->iUserID, template_document_id = $this->iTemplateDocumentID, parent_document_id = $this->iParentDocumentID WHERE id = $this->iId");
154 154 if ($result) {
155 155 return true;
156 156 }
... ... @@ -170,9 +170,9 @@ class DependantDocumentInstance {
170 170 function delete() {
171 171 global $default, $lang_err_database, $lang_err_object_key;
172 172 //only delete the object if it exists in the database
173   - if ($this -> iId >= 0) {
174   - $sql = $default -> db;
175   - $result = $sql -> query("DELETE FROM $default->dependant_document_instance_table WHERE id = $this->iId");
  173 + if ($this->iId >= 0) {
  174 + $sql = $default->db;
  175 + $result = $sql->query("DELETE FROM $default->dependant_document_instance_table WHERE id = $this->iId");
176 176 if ($result) {
177 177 return true;
178 178 }
... ... @@ -193,12 +193,12 @@ class DependantDocumentInstance {
193 193 */
194 194 function & get($iDependantDocumentID) {
195 195 global $default;
196   - $sql = $default -> db;
197   - $result = $sql -> query("SELECT * FROM $default->dependant_document_instance_table WHERE id = $iDependantDocumentID");
  196 + $sql = $default->db;
  197 + $result = $sql->query("SELECT * FROM $default->dependant_document_instance_table WHERE id = $iDependantDocumentID");
198 198 if ($result) {
199   - if ($sql -> next_record()) {
200   - $oDependantDocument = & new DependantDocumentInstance(stripslashes($sql -> f("document_title")), $sql -> f("user_id"), $sql -> f("template_document_id"), $sql->f("parent_document_id"));
201   - $oDependantDocument -> iId = $sql -> f("id");
  199 + if ($sql->next_record()) {
  200 + $oDependantDocument = & new DependantDocumentInstance($sql->f("document_title"), $sql->f("user_id"), $sql->f("template_document_id"), $sql->f("parent_document_id"));
  201 + $oDependantDocument->iId = $sql->f("id");
202 202 return $oDependantDocument;
203 203 }
204 204 $_SESSION["errorMessage"] = $lang_err_object_not_exist."id = ".$iDependantDocumentID." table = $default->dependant_document_instance_table";
... ...
lib/documentmanagement/DependantDocumentTemplate.inc
  View file @a3249ee
... ... @@ -133,11 +133,11 @@ class DependantDocumentTemplate {
133 133 function create() {
134 134 global $default, $lang_err_database, $lang_err_object_exists;
135 135 //if the object hasn't been created
136   - if ($this -> iId < 0) {
137   - $sql = $default -> db;
138   - $result = $sql -> query("INSERT INTO $default->dependant_document_template_table (document_title, default_user_id,template_document_id, group_folder_approval_link_id) VALUES ('" . addslashes($this->sDocumentTitle) . "', $this->iDefaultUserID, " . (($this->iTemplateDocumentID == null) ? "NULL" : $this->iTemplateDocumentID) . ", $this->iGroupFolderApprovalLinkID)");
  136 + if ($this->iId < 0) {
  137 + $sql = $default->db;
  138 + $result = $sql->query("INSERT INTO $default->dependant_document_template_table (document_title, default_user_id,template_document_id, group_folder_approval_link_id) VALUES ('$this->sDocumentTitle', $this->iDefaultUserID, " . (($this->iTemplateDocumentID == null) ? "NULL" : $this->iTemplateDocumentID) . ", $this->iGroupFolderApprovalLinkID)");
139 139 if ($result) {
140   - $this -> iId = $sql -> insert_id();
  140 + $this->iId = $sql->insert_id();
141 141 return true;
142 142 }
143 143 $_SESSION["errorMessage"] = $lang_err_database;
... ... @@ -156,9 +156,9 @@ class DependantDocumentTemplate {
156 156 function update() {
157 157 global $default, $lang_err_database, $lang_err_object_key;
158 158 //only update if the object has been stored
159   - if ($this -> iId > 0) {
160   - $sql = $default -> db;
161   - $result = $sql -> query("UPDATE $default->dependant_document_template_table SET document_title = '".addslashes($this -> sDocumentTitle)."', default_user_id = $this->iDefaultUserID, template_document_id = " . (($this->iTemplateDocumentID == null) ? "NULL" : $this->iTemplateDocumentID) . ", group_folder_approval_link_id = $this->iGroupFolderApprovalLinkID WHERE id = $this->iId");
  159 + if ($this->iId > 0) {
  160 + $sql = $default->db;
  161 + $result = $sql->query("UPDATE $default->dependant_document_template_table SET document_title = '$this->sDocumentTitle', default_user_id = $this->iDefaultUserID, template_document_id = " . (($this->iTemplateDocumentID == null) ? "NULL" : $this->iTemplateDocumentID) . ", group_folder_approval_link_id = $this->iGroupFolderApprovalLinkID WHERE id = $this->iId");
162 162 if ($result) {
163 163 return true;
164 164 }
... ... @@ -178,9 +178,9 @@ class DependantDocumentTemplate {
178 178 function delete() {
179 179 global $default, $lang_err_database, $lang_err_object_key;
180 180 //only delete the object if it exists in the database
181   - if ($this -> iId >= 0) {
182   - $sql = $default -> db;
183   - $result = $sql -> query("DELETE FROM $default->dependant_document_template_table WHERE id = $this->iId");
  181 + if ($this->iId >= 0) {
  182 + $sql = $default->db;
  183 + $result = $sql->query("DELETE FROM $default->dependant_document_template_table WHERE id = $this->iId");
184 184 if ($result) {
185 185 return true;
186 186 }
... ... @@ -201,13 +201,13 @@ class DependantDocumentTemplate {
201 201 */
202 202 function & get($iDependantDocumentID) {
203 203 global $default;
204   - $sql = $default -> db;
205   - $result = $sql -> query("SELECT * FROM $default->dependant_document_template_table WHERE id = $iDependantDocumentID");
  204 + $sql = $default->db;
  205 + $result = $sql->query("SELECT * FROM $default->dependant_document_template_table WHERE id = $iDependantDocumentID");
206 206 if ($result) {
207   - if ($sql -> next_record()) {
208   - $DependantDocumentTemplate = & new DependantDocumentTemplate(stripslashes($sql -> f("document_title")), $sql -> f("default_user_id"), $sql->f("group_folder_approval_link_id"), $sql->f("template_document_id"));
209   - $DependantDocumentTemplate -> iId = $sql -> f("id");
210   - /*if (!($sql -> f("template_document_id") == null)) {
  207 + if ($sql->next_record()) {
  208 + $DependantDocumentTemplate = & new DependantDocumentTemplate($sql->f("document_title"), $sql->f("default_user_id"), $sql->f("group_folder_approval_link_id"), $sql->f("template_document_id"));
  209 + $DependantDocumentTemplate->iId = $sql->f("id");
  210 + /*if (!($sql->f("template_document_id") == null)) {
211 211 $DependantDocumentTemplate->setTemplateDocumentID($sql->f("template_document_id"));
212 212 }*/
213 213 return $DependantDocumentTemplate;
... ...
lib/documentmanagement/Document.inc
  View file @a3249ee
... ... @@ -276,11 +276,11 @@ class Document {
276 276 }
277 277  
278 278 /**
279   - * Generate a comma delimited string containing
280   - * the parent folder ids
281   - *
282   - * @return String comma delimited string containing the parent folder ids
283   - */
  279 + * Recursive function to generate a comma delimited string containing
  280 + * the parent folder ids
  281 + *
  282 + * @return String comma delimited string containing the parent folder ids
  283 + */
284 284 function generateParentFolderIDS($iFolderID) {
285 285 global $default;
286 286 //if the folder is not the root folder
... ... @@ -295,10 +295,20 @@ class Document {
295 295 }
296 296  
297 297 /**
298   - * Forward slash deliminated string giving full path of document
299   - * from file system root url
300   - *
301   - */
  298 + * Returns a comma delimited string containing the parent folder ids, strips leading /
  299 + *
  300 + * @return String comma delimited string containing the parent folder ids
  301 + */
  302 + function generateFolderIDs($iFolderID) {
  303 + $sFolderIDs = $this->generateParentFolderIDS($iFolderID);
  304 + return substr($sFolderIDs, 1, strlen($sFolderIDs));
  305 + }
  306 +
  307 +
  308 + /**
  309 + * Recursively generates forward slash deliminated string giving full path of document
  310 + * from file system root url
  311 + */
302 312 function generateFullFolderPath($iFolderID) {
303 313 global $default;
304 314 //if the folder is not the root folder
... ... @@ -306,11 +316,23 @@ class Document {
306 316 $sql = $default->db;
307 317 $sql->query("SELECT name, parent_id FROM $default->folders_table WHERE ID = $iFolderID");
308 318 $sql->next_record();
309   - return $this->generateFullFolderPath($sql->f("parent_id")) . "/" . stripslashes($sql->f("name"));
  319 + return $this->generateFullFolderPath($sql->f("parent_id")) . "/" . $sql->f("name");
310 320 }
311 321 return;
312 322 }
313 323  
  324 + /**
  325 + * Returns a forward slash deliminated string giving full path of document, strips leading /
  326 + */
  327 + function generateFolderPath($iFolderID) {
  328 + global $default;
  329 + $sPath = $this->generateFullFolderPath($iFolderID);
  330 + $sPath = substr($sPath, 1, strlen($sPath));
  331 + $sPath = addslashes($sPath);
  332 + return $sPath;
  333 + }
  334 +
  335 +
314 336 /**
315 337 * Insert the current document into the database
316 338 *
... ... @@ -321,12 +343,10 @@ class Document {
321 343 //if the id >= 0, then the object has already been created
322 344 if ($this->iId < 0) {
323 345 $sql = $default->db;
324   - $sFullPath = $this->generateFullFolderPath($this->iFolderID);
325   - $this->sFullPath = substr($sFullPath, 1, strlen($sFullPath));
326   - $sParentFolderIDs = $this->generateParentFolderIDS($this->iFolderID);
327   - $this->sParentFolderIDs = substr($sParentFolderIDs, 1, strlen($sParentFolderIDs));
  346 + $this->sFullPath = $this->generateFolderPath($this->iFolderID);
  347 + $this->sParentFolderIDs = $this->generateFolderIDs($this->iFolderID);
328 348 $result = $sql->query("INSERT INTO " . $default->documents_table . " (document_type_id, name, filename, size, creator_id, modified, description, mime_id, folder_id, major_version, minor_version, is_checked_out, checked_out_user_id, parent_folder_ids, full_path, status_id) " .
329   - "VALUES ($this->iDocumentTypeID, '" . addslashes($this->sName) . "', '" . addslashes($this->sFileName) . "', $this->iSize, $this->iCreatorID, '" . getCurrentDateTime() . "', '" . addslashes($this->sDescription) . "', $this->iMimeTypeID, $this->iFolderID, $this->iMajorVersion, $this->iMinorVersion, " . ($this->bIsCheckedOut ? 1 : 0) . ", $this->iCheckedOutUserID, '$this->sParentFolderIDs','" . addslashes($this->sFullPath) . "', $this->iStatusID)");
  349 + "VALUES ($this->iDocumentTypeID, '$this->sName', '$this->sFileName', $this->iSize, $this->iCreatorID, '" . getCurrentDateTime() . "', '$this->sDescription', $this->iMimeTypeID, $this->iFolderID, $this->iMajorVersion, $this->iMinorVersion, " . ($this->bIsCheckedOut ? 1 : 0) . ", $this->iCheckedOutUserID, '$this->sParentFolderIDs','$this->sFullPath', $this->iStatusID)");
330 350 if ($result) {
331 351 //set the current documents primary key
332 352 $this->iId = $sql->insert_id();
... ... @@ -354,11 +374,11 @@ class Document {
354 374 "INNER JOIN $default->groups_folders_table AS GFL ON GFL.folder_id = F.id " .
355 375 "INNER JOIN $default->users_groups_table AS UGL ON UGL.group_id = GFL.group_id " .
356 376 "WHERE D.id=$this->iId";
357   - $default->log->info("addDocument groupPerms=$sGroupPerms");
  377 + $default->log->debug("addDocument groupPerms=$sGroupPerms");
358 378 if ($sql->query($sGroupPerms)) {
359   - $default->log->info("groupPerms succeeded");
  379 + $default->log->debug("groupPerms succeeded");
360 380 } else {
361   - $default->log->info("groupPerms failed");
  381 + $default->log->error("groupPerms failed");
362 382 }
363 383 // role permissions
364 384 $sRolePerms = "INSERT INTO $default->search_permissions_table (user_id, document_id) " .
... ... @@ -367,9 +387,9 @@ class Document {
367 387 "WHERE document_id=$this->iId";
368 388 $default->log->info("addDocument rolePerms=$sRolePerms");
369 389 if ($sql->query($sRolePerms)) {
370   - $default->log->info("rolePerms succeeded");
  390 + $default->log->debug("rolePerms succeeded");
371 391 } else {
372   - $default->log->info("rolePerms failed");
  392 + $default->log->error("rolePerms failed");
373 393 }
374 394  
375 395 // public folders
... ... @@ -378,11 +398,11 @@ class Document {
378 398 "FROM $default->users_table AS U, $default->documents_table AS D INNER JOIN $default->folders_table AS F ON D.folder_id = F.id " .
379 399 "WHERE F.is_public = 1 " .
380 400 "AND D.id=$this->iId";
381   - $default->log->info("addDocument publicFolder=$sPublicFolderPerms");
  401 + $default->log->debug("addDocument publicFolder=$sPublicFolderPerms");
382 402 if ($sql->query($sPublicFolderPerms)) {
383   - $default->log->info("publicFolder succeeded");
  403 + $default->log->debug("publicFolder succeeded");
384 404 } else {
385   - $default->log->info("publicFolder failed");
  405 + $default->log->error("publicFolder failed");
386 406 }
387 407  
388 408 // creator permissions
... ... @@ -390,11 +410,11 @@ class Document {
390 410 "SELECT creator_id, id " .
391 411 "FROM $default->documents_table " .
392 412 "WHERE id=$this->iId";
393   - $default->log->info("addDocument creatorPerms=$sCreatorPerms");
  413 + $default->log->debug("addDocument creatorPerms=$sCreatorPerms");
394 414 if ($sql->query($sCreatorPerms)) {
395   - $default->log->info("creatorPerms succeeded");
  415 + $default->log->debug("creatorPerms succeeded");
396 416 } else {
397   - $default->log->info("creatorPerms failed");
  417 + $default->log->error("creatorPerms failed");
398 418 }
399 419 }
400 420  
... ... @@ -409,29 +429,28 @@ class Document {
409 429 $sql = $default->db;
410 430 $sQuery = "UPDATE " . $default->documents_table . " SET " .
411 431 "document_type_id = $this->iDocumentTypeID, " .
412   - "name = '" . addslashes($this->sName) . "', " .
413   - "filename = '" . addslashes($this->sFileName) . "', " .
  432 + "name = '$this->sName', " .
  433 + "filename = '$this->sFileName', " .
414 434 "size = $this->iSize, " .
415 435 "creator_id = $this->iCreatorID, " .
416 436 "modified = '" . getCurrentDateTime() . "', " .
417   - "description = '" . addslashes($this->sDescription) . "', " .
  437 + "description = '$this->sDescription', " .
418 438 "mime_id = $this->iMimeTypeID, " .
419 439 "folder_id = $this->iFolderID, " .
420 440 "major_version = $this->iMajorVersion, " .
421 441 "minor_version = $this->iMinorVersion, ";
422   - if ($aForMove) {
423   - //only update these if the document is being moved
424   - $sFullPath = $this->generateFullFolderPath($this->iFolderID);
425   - $this->sFullPath = substr($sFullPath, 1, strlen($sFullPath));
426   - $sParentFolderIDs = $this->generateParentFolderIDS($this->iFolderID);
427   - $this->sParentFolderIDs = substr($sParentFolderIDs, 1, strlen($sParentFolderIDs));
428   - $sQuery .= "parent_folder_ids = '" . addslashes($this->sParentFolderIDs) . "'," .
429   - "full_path = '" . addslashes($this->sFullPath) . "', ";
430   - }
431   - $sQuery .= "is_checked_out = " . ($this->bIsCheckedOut ? "1" : "0") . ", " .
432   - "checked_out_user_id = $this->iCheckedOutUserID, " .
433   - "status_id = $this->iStatusID " .
434   - "WHERE id = $this->iId";
  442 + if ($aForMove) {
  443 + //only update these if the document is being moved
  444 + $this->sFullPath = $this->generateFolderPath($this->iFolderID);
  445 + $this->sParentFolderIDs = $this->generateFolderIDs($this->iFolderID);
  446 +
  447 + $sQuery .= "parent_folder_ids = '$this->sParentFolderIDs'," .
  448 + "full_path = '$this->sFullPath', ";
  449 + }
  450 + $sQuery .= "is_checked_out = " . ($this->bIsCheckedOut ? "1" : "0") . ", " .
  451 + "checked_out_user_id = $this->iCheckedOutUserID, " .
  452 + "status_id = $this->iStatusID " .
  453 + "WHERE id = $this->iId";
435 454 $result = $sql->query($sQuery);
436 455 if ($result) {
437 456 return true;
... ... @@ -565,14 +584,14 @@ class Document {
565 584 // TODO: join on sys_deleted
566 585 $sql->query("SELECT * FROM $default->documents_table WHERE id = $iDocumentID");
567 586 if ($sql->next_record()) {
568   - $oDocument = & new Document(stripslashes($sql->f("name")), stripslashes($sql->f("filename")), $sql->f("size"), $sql->f("creator_id"), $sql->f("mime_id"), $sql->f("folder_id"), $sql->f("description"));
  587 + $oDocument = & new Document($sql->f("name"), $sql->f("filename"), $sql->f("size"), $sql->f("creator_id"), $sql->f("mime_id"), $sql->f("folder_id"), $sql->f("description"));
569 588 $oDocument->setDocumentTypeID($sql->f("document_type_id"));
570 589 $oDocument->setMajorVersionNumber($sql->f("major_version"));
571 590 $oDocument->setMinorVersionNumber($sql->f("minor_version"));
572 591 $oDocument->setIsCheckedOut($sql->f("is_checked_out"));
573 592 $oDocument->setLastModifiedDate($sql->f("modified"));
574   - $oDocument->sParentFolderIDs = stripslashes($sql->f("parent_folder_ids"));
575   - $oDocument->sFullPath = stripslashes($sql->f("full_path"));
  593 + $oDocument->sParentFolderIDs = $sql->f("parent_folder_ids");
  594 + $oDocument->sFullPath = $sql->f("full_path");
576 595 $oDocument->setCheckedOutUserID($sql->f("checked_out_user_id"));
577 596 // FIXME: nasty hack- paying the penalty for adding status_id late in phase 2
578 597 $oDocument->setStatusID( ($sql->f("status_id") == "" ? LIVE : $sql->f("status_id")) );
... ... @@ -731,7 +750,7 @@ class Document {
731 750 global $default;
732 751 $sql = $default->db;
733 752 $sQuery = "SELECT * FROM $default->documents_table " .
734   - "WHERE filename = '" . addslashes($sFileName) . "' " .
  753 + "WHERE filename = '$sFileName' " .
735 754 "AND folder_id = $iFolderID " .
736 755 "AND status_id = " . LIVE;
737 756 $sql->query($sQuery);
... ...
lib/documentmanagement/DocumentField.inc
  View file @a3249ee
... ... @@ -161,7 +161,7 @@ class DocumentField {
161 161 //if the object hasn't been created
162 162 if ($this->iId < 0) {
163 163 $sql = $default->db;
164   - $result = $sql->query("INSERT INTO " . $default->document_fields_table . " (name, data_type,is_generic,has_lookup) VALUES ('" . addslashes($this->sName) . "', '" . addslashes($this->sDataType) . "', '" . $this->bIsGeneric . "', '" . $this->bHasLookup ."')");
  164 + $result = $sql->query("INSERT INTO " . $default->document_fields_table . " (name, data_type,is_generic,has_lookup) VALUES ('" . $this->sName . "', '" . $this->sDataType . "', '" . $this->bIsGeneric . "', '" . $this->bHasLookup ."')");
165 165 if ($result) {
166 166 $this->iId = $sql->insert_id();
167 167 return true;
... ... @@ -184,7 +184,7 @@ class DocumentField {
184 184 //only update if the object has been stored
185 185 if ($this->iId > 0) {
186 186 $sql = $default->db;
187   - $result = $sql->query("UPDATE " . $default->document_fields_table . " SET name = '" . addslashes($this->sName) . "', data_type = '" . addslashes($this->sDataType) . "', is_generic = '" . $this->bIsGeneric . "', has_lookup = '" . $this->bHasLookup . "' WHERE id = $this->iId");
  187 + $result = $sql->query("UPDATE " . $default->document_fields_table . " SET name = '" . $this->sName . "', data_type = '" . $this->sDataType . "', is_generic = '" . $this->bIsGeneric . "', has_lookup = '" . $this->bHasLookup . "' WHERE id = $this->iId");
188 188 if ($result) {
189 189 return true;
190 190 }
... ... @@ -231,7 +231,7 @@ class DocumentField {
231 231 $result = $sql->query("SELECT * FROM $default->document_fields_table WHERE id = $iDocumentFieldsID");
232 232 if ($result) {
233 233 if ($sql->next_record()) {
234   - $oDocumentField = & new DocumentField(stripslashes($sql->f("name")), stripslashes($sql->f("data_type")), $sql->f("is_generic"), $sql->f("has_lookup"));
  234 + $oDocumentField = & new DocumentField($sql->f("name"), $sql->f("data_type"), $sql->f("is_generic"), $sql->f("has_lookup"));
235 235 $oDocumentField->iId = $sql->f("id");
236 236 return $oDocumentField;
237 237 }
... ...
lib/documentmanagement/DocumentFieldLink.inc
  View file @a3249ee
... ... @@ -133,7 +133,7 @@ class DocumentFieldLink {
133 133 if ($this->iId < 0) {
134 134 $sql = $default->db;
135 135 $result = $sql->query("INSERT INTO " . $default->document_fields_link_table . " (document_id, document_field_id, value) " .
136   - "VALUES ($this->iDocumentID, $this->iDocumentFieldID, '" . addslashes($this->sValue) . "')");
  136 + "VALUES ($this->iDocumentID, $this->iDocumentFieldID, '$this->sValue')");
137 137 if ($result) {
138 138 //set the current documents primary key
139 139 $this->iId = $sql->insert_id();
... ... @@ -157,7 +157,7 @@ class DocumentFieldLink {
157 157 if ($this->iId >= 0) {
158 158 $sql = $default->db;
159 159 $result = $sql->query("UPDATE " . $default->document_fields_link_table . " SET " .
160   - "document_id = $this->iDocumentID, document_field_id = $this->iDocumentFieldID, value = '" . addslashes($this->sValue) . "'" .
  160 + "document_id = $this->iDocumentID, document_field_id = $this->iDocumentFieldID, value = '$this->sValue'" .
161 161 "WHERE id = $this->iId");
162 162 if ($result) {
163 163 return true;
... ...
lib/documentmanagement/DocumentLink.inc
  View file @a3249ee
... ... @@ -75,7 +75,7 @@ class DocumentLink {
75 75 *
76 76 */
77 77 function setParentDocumentID($iNewValue) {
78   - $this -> iParentDocumentID = $iNewValue;
  78 + $this->iParentDocumentID = $iNewValue;
79 79 }
80 80  
81 81 /**
... ... @@ -95,7 +95,7 @@ class DocumentLink {
95 95 *
96 96 */
97 97 function setChildDocumentID($iNewValue) {
98   - $this -> iChildDocumentID = $iNewValue;
  98 + $this->iChildDocumentID = $iNewValue;
99 99 }
100 100  
101 101 /**
... ... @@ -107,17 +107,17 @@ class DocumentLink {
107 107 function create() {
108 108 global $default, $lang_err_database, $lang_err_object_exists;
109 109 //if the object hasn't been created
110   - if ($this -> iId < 0) {
111   - $sql = $default -> db;
112   - $result = $sql -> query("INSERT INTO " . $default -> owl_document_link_table . " (parent_document_id, child_document_id) VALUES ($this->iParentDocumentID, $this->iChildDocumentID)");
  110 + if ($this->iId < 0) {
  111 + $sql = $default->db;
  112 + $result = $sql->query("INSERT INTO $default->document_link_table (parent_document_id, child_document_id) VALUES ($this->iParentDocumentID, $this->iChildDocumentID)");
113 113 if ($result) {
114   - $this -> iId = $sql -> insert_id();
  114 + $this->iId = $sql->insert_id();
115 115 return true;
116 116 }
117 117 $_SESSION["errorMessage"] = $lang_err_database;
118 118 return false;
119 119 }
120   - $_SESSION["errorMessage"] = $lang_err_object_exists."id = ".$this -> iId." table = document_fields";
  120 + $_SESSION["errorMessage"] = $lang_err_object_exists."id = ".$this->iId." table = document_fields";
121 121 return false;
122 122 }
123 123  
... ... @@ -130,9 +130,9 @@ class DocumentLink {
130 130 function update() {
131 131 global $default, $lang_err_database, $lang_err_object_key;
132 132 //only update if the object has been stored
133   - if ($this -> iId > 0) {
134   - $sql = $default -> db;
135   - $result = $sql -> query("UPDATE ".$default -> owl_document_link_table." SET parent_document_id = $this->iParentDocumentID, child_document_id = $this->iChildDocumentID WHERE id = $this->iId");
  133 + if ($this->iId > 0) {
  134 + $sql = $default->db;
  135 + $result = $sql->query("UPDATE $default->document_link_table SET parent_document_id = $this->iParentDocumentID, child_document_id = $this->iChildDocumentID WHERE id = $this->iId");
136 136 if ($result) {
137 137 return true;
138 138 }
... ... @@ -152,9 +152,9 @@ class DocumentLink {
152 152 function delete() {
153 153 global $default, $lang_err_database, $lang_err_object_key;
154 154 //only delete the object if it exists in the database
155   - if ($this -> iId >= 0) {
156   - $sql = $default -> db;
157   - $result = $sql -> query("DELETE FROM $default->document_link_table WHERE id = $this->iId");
  155 + if ($this->iId >= 0) {
  156 + $sql = $default->db;
  157 + $result = $sql->query("DELETE FROM $default->document_link_table WHERE id = $this->iId");
158 158 if ($result) {
159 159 return true;
160 160 }
... ... @@ -175,12 +175,12 @@ class DocumentLink {
175 175 */
176 176 function & get($iDocumentLinkID) {
177 177 global $default;
178   - $sql = $default -> db;
179   - $result = $sql -> query("SELECT * FROM $default->document_link_table WHERE id = $iDocumentLinkID");
  178 + $sql = $default->db;
  179 + $result = $sql->query("SELECT * FROM $default->document_link_table WHERE id = $iDocumentLinkID");
180 180 if ($result) {
181   - if ($sql -> next_record()) {
182   - $oDocumentLink = & new DocumentLink($sql -> f("parent_document_id"), $sql -> f("parent_document_id"));
183   - $oDocumentLink -> iId = $sql -> f("id");
  181 + if ($sql->next_record()) {
  182 + $oDocumentLink = & new DocumentLink($sql->f("parent_document_id"), $sql->f("parent_document_id"));
  183 + $oDocumentLink->iId = $sql->f("id");
184 184 return $oDocumentLink;
185 185 }
186 186 $_SESSION["errorMessage"] = $lang_err_object_not_exist."id = ".$iDocumentLinkID." table = $default->document_link_table";
... ...
lib/documentmanagement/DocumentTransaction.inc
  View file @a3249ee
... ... @@ -79,7 +79,7 @@ class DocumentTransaction {
79 79 $oDocument = & Document::get($iNewDocumentID);
80 80 if ($oDocument) {
81 81 $this->sVersion = $oDocument->getMajorVersionNumber() . "." . $oDocument->getMinorVersionNumber();
82   - $this->sFileName = Folder::getFolderPath($oDocument->getFolderID()) . "/" . $oDocument->getName();
  82 + $this->sFileName = addslashes(Folder::getFolderPath($oDocument->getFolderID()) . "/" . $oDocument->getName());
83 83 }
84 84 $this->iUserID = $_SESSION["userID"];
85 85 $this->dDateTime = getCurrentDateTime();
... ... @@ -105,7 +105,7 @@ class DocumentTransaction {
105 105 if ($this->iId < 0) {
106 106 $sql = $default->db;
107 107 $result = $sql->query("INSERT INTO " . $default->document_transactions_table . " (document_id, version, user_id, datetime, ip, filename, comment, transaction_id) " .
108   - "VALUES ($this->iDocumentID, '" . addslashes($this->sVersion) . "', $this->iUserID, '" . addslashes($this->dDateTime) . "', '" . addslashes($this->sIP) . "', '" . addslashes($this->sFileName) . "', '" . addslashes($this->sComment) . "', $this->iTransactionID)");
  108 + "VALUES ($this->iDocumentID, '$this->sVersion', $this->iUserID, '$this->dDateTime', '$this->sIP', '$this->sFileName', '$this->sComment', $this->iTransactionID)");
109 109 if ($result) {
110 110 //object has been stored, set the primary key
111 111 $this->iId = $sql->insert_id();
... ... @@ -150,7 +150,7 @@ class DocumentTransaction {
150 150 $sql = $default->db;
151 151 $sql->query("SELECT * FROM $default->document_transactions_table WHERE id = $iDocumentTransactionID");
152 152 if ($sql->next_record()) {
153   - $oDocumentTransaction = & new DocumentTransaction($sql->f("document_id"), stripslashes($sql->f("comment")), $sql->f("transaction_id"));
  153 + $oDocumentTransaction = & new DocumentTransaction($sql->f("document_id"), $sql->f("comment"), $sql->f("transaction_id"));
154 154 $oDocumentTransaction->iId = $sql->f("id");
155 155 $oDocumentTransaction->sVersion = $sql->f("version");
156 156 $oDocumentTransaction->iUserID = $sql->f("user_id");
... ...
lib/documentmanagement/DocumentType.inc
  View file @a3249ee
... ... @@ -98,7 +98,7 @@ class DocumentType {
98 98  
99 99 }else{
100 100 $sql = $default->db;
101   - $result = $sql->query("INSERT INTO " . $default->document_types_table . " (name) VALUES ('" . addslashes($this->sName) . "')");
  101 + $result = $sql->query("INSERT INTO " . $default->document_types_table . " (name) VALUES ('$this->sName')");
102 102 if ($result) {
103 103 $this->iId = $sql->insert_id();
104 104 return true;
... ... @@ -123,7 +123,7 @@ class DocumentType {
123 123 //only update if the object has been stored
124 124 if ($this->iId > 0) {
125 125 $sql = $default->db;
126   - $result = $sql->query("UPDATE " . $default->document_types_table . " SET name = '" . addslashes($this->sName) . "' WHERE id = $this->iId");
  126 + $result = $sql->query("UPDATE " . $default->document_types_table . " SET name = '$this->sName' WHERE id = $this->iId");
127 127 if ($result) {
128 128 return true;
129 129 }
... ... @@ -204,7 +204,7 @@ class DocumentType {
204 204 $result = $sql->query("SELECT * FROM ". $default->document_types_table ." WHERE id = $iDocumentTypeID");
205 205 if ($result) {
206 206 if ($sql->next_record()) {
207   - $oDocumentType = & new DocumentType(stripslashes($sql->f("name")));
  207 + $oDocumentType = & new DocumentType($sql->f("name"));
208 208 $oDocumentType->iId = $sql->f("id");
209 209 return $oDocumentType;
210 210 }
... ...
lib/documentmanagement/MetaData.inc
  View file @a3249ee
... ... @@ -123,7 +123,7 @@ class MetaData {
123 123  
124 124 }else{
125 125 $sql = $default->db;
126   - $result = $sql->query("INSERT INTO " . $default->metadata_table . " (document_field_id,name) VALUES ('". $this->iDocFieldID . "','" . addslashes($this->sName) . "')");
  126 + $result = $sql->query("INSERT INTO " . $default->metadata_table . " (document_field_id,name) VALUES ('". $this->iDocFieldID . "','$this->sName')");
127 127 if ($result) {
128 128 $this->iId = $sql->insert_id();
129 129 return true;
... ... @@ -148,7 +148,7 @@ class MetaData {
148 148 //only update if the object has been stored
149 149 if ($this->iId > 0) {
150 150 $sql = $default->db;
151   - $result = $sql->query("UPDATE " . $default->metadata_table. " SET name = '" . addslashes($this->sName) . "' WHERE id = $this->iId");
  151 + $result = $sql->query("UPDATE " . $default->metadata_table. " SET name = '$this->sName' WHERE id = $this->iId");
152 152 if ($result) {
153 153 return true;
154 154 }
... ... @@ -195,7 +195,7 @@ class MetaData {
195 195 $result = $sql->query("SELECT * FROM ". $default->metadata_table." WHERE id = $iMetaDataID");
196 196 if ($result) {
197 197 if ($sql->next_record()) {
198   - $oDocumentType = & new MetaData($sql->f("document_field_id"),stripslashes($sql->f("name")));
  198 + $oDocumentType = & new MetaData($sql->f("document_field_id"),$sql->f("name"));
199 199 $oDocumentType->iId = $sql->f("id");
200 200 return $oDocumentType;
201 201 }
... ...
lib/documentmanagement/PhysicalDocumentManager.inc
  View file @a3249ee
... ... @@ -387,7 +387,7 @@ class PhysicalDocumentManager {
387 387 */
388 388 function & createDocumentFromUploadedFile($aFileArray, $iFolderID) {
389 389 //get the uploaded document information and put it into a document object
390   - $oDocument = & new Document(stripslashes($aFileArray['name']), stripslashes($aFileArray['name']), $aFileArray['size'], $_SESSION["userID"], PhysicalDocumentManager::getMimeTypeID($aFileArray['type'], $aFileArray['name']), $iFolderID);
  390 + $oDocument = & new Document($aFileArray['name'], $aFileArray['name'], $aFileArray['size'], $_SESSION["userID"], PhysicalDocumentManager::getMimeTypeID($aFileArray['type'], $aFileArray['name']), $iFolderID);
391 391 return $oDocument;
392 392 }
393 393  
... ...
lib/foldermanagement/Folder.inc
  View file @a3249ee
... ... @@ -206,11 +206,11 @@ class Folder {
206 206 }
207 207  
208 208 /**
209   - * Generate a comma delimited string containing
210   - * the parent folder ids
211   - *
212   - * @return String comma delimited string containing the parent folder ids
213   - */
  209 + * Recursive function to generate a comma delimited string containing
  210 + * the parent folder ids
  211 + *
  212 + * @return String comma delimited string containing the parent folder ids
  213 + */
214 214 function generateParentFolderIDS($iFolderID) {
215 215 global $default;
216 216 //if the folder is not the root folder
... ... @@ -225,23 +225,43 @@ class Folder {
225 225 }
226 226  
227 227 /**
228   - * Forward slash deliminated string giving full path of document
229   - * from file system root url
230   - *
231   - */
  228 + * Returns a comma delimited string containing the parent folder ids, strips leading /
  229 + *
  230 + * @return String comma delimited string containing the parent folder ids
  231 + */
  232 + function generateFolderIDs($iFolderID) {
  233 + $sFolderIDs = $this->generateParentFolderIDS($iFolderID);
  234 + return substr($sFolderIDs, 1, strlen($sFolderIDs));
  235 + }
  236 +
  237 + /**
  238 + * Recursively generates forward slash deliminated string giving full path of document
  239 + * from file system root url
  240 + */
232 241 function generateFullFolderPath($iFolderID) {
233 242 global $default;
234 243 //if the folder is not the root folder
235 244 if ($iFolderID != 0) {
236 245 $sql = $default->db;
237 246 $sql->query("SELECT name, parent_id FROM $default->folders_table WHERE ID = $iFolderID");
238   - $sql->next_record();
239   - return $this->generateFullFolderPath($sql->f("parent_id")) . "/" . stripslashes($sql->f("name"));
  247 + $sql->next_record();
  248 + return $this->generateFullFolderPath($sql->f("parent_id")) . "/" . $sql->f("name");
240 249 }
241 250 return;
242 251 }
243 252  
244 253 /**
  254 + * Returns a forward slash deliminated string giving full path of document, strips leading /
  255 + */
  256 + function generateFolderPath($iFolderID) {
  257 + global $default;
  258 + $sPath = $this->generateFullFolderPath($iFolderID);
  259 + $sPath = substr($sPath, 1, strlen($sPath));
  260 + $sPath = addslashes($sPath);
  261 + return $sPath;
  262 + }
  263 +
  264 + /**
245 265 * Create the current folder in the database
246 266 *
247 267 * @return boolean true and set $this->iId with new primary key, false otherwise and set $_SESSION["errorMessage"]
... ... @@ -250,13 +270,11 @@ class Folder {
250 270 global $default, $lang_err_database; $lang_err_object_exists;
251 271 //if the object has not already been stored
252 272 if ($this->iId < 0) {
253   - $this->sFullPath = $this->generateFullFolderPath($this->iParentID);
254   - $this->sFullPath = substr($this->sFullPath, 1, strlen($this->sFullPath));
255   - $this->sParentFolderIDs = $this->generateParentFolderIDS($this->iParentID);
256   - $this->sParentFolderIDs = substr($this->sParentFolderIDs, 1, strlen($this->sParentFolderIDs));
  273 + $this->sFullPath = $this->generateFolderPath($this->iParentID);
  274 + $this->sParentFolderIDs = $this->generateFolderIDs($this->iParentID);
257 275 $sql = $default->db;
258 276 $result = $sql->query("INSERT INTO " . $default->folders_table . " (name, description, parent_id, creator_id, unit_id, is_public, full_path, parent_folder_ids) " .
259   - "VALUES ('" . addslashes($this->sName) . "', '" . addslashes($this->sDescription) . "', $this->iParentID, $this->iCreatorID, $this->iUnitID, " . ($this->bIsPublic ? 1 : 0) . ",'" . addslashes($this->sFullPath) . "','" . addslashes($this->sParentFolderIDs) . "')");
  277 + "VALUES ('$this->sName', '$this->sDescription', $this->iParentID, $this->iCreatorID, $this->iUnitID, " . ($this->bIsPublic ? 1 : 0) . ",'$this->sFullPath','$this->sParentFolderIDs')");
260 278 if ($result) {
261 279 $this->iId = $sql->insert_id();
262 280 return true;
... ... @@ -280,19 +298,16 @@ class Folder {
280 298 if ($this->iId >= 0) {
281 299 $sql = $default->db;
282 300 $sQuery = "UPDATE " . $default->folders_table . " SET " .
283   - "name = '" . addslashes($this->sName) . "', " .
284   - "description = '" . addslashes($this->sDescription) . "', " .
  301 + "name = '$this->sName', " .
  302 + "description = '$this->sDescription', " .
285 303 "parent_id = $this->iParentID, " .
286 304 "creator_id = $this->iCreatorID, " .
287 305 "unit_id = $this->iUnitID, ";
288 306 if ($bPathChange) {
289   - $sFullPath = $this->generateFullFolderPath($this->iParentID);
290   - $this->sFullPath = substr($sFullPath, 1, strlen($sFullPath));
291   - $sParentFolderIDs = $this->generateParentFolderIDS($this->iParentID);
292   - $this->sParentFolderIDs = substr($sParentFolderIDs, 1, strlen($sParentFolderIDs));
293   -
294   - $sQuery .= "parent_folder_ids = '" . addslashes($this->sParentFolderIDs) . "'," .
295   - "full_path = '" . addslashes($this->sFullPath) . "', ";
  307 + $this->sFullPath = $this->generateFolderPath($this->iParentID);
  308 + $this->sParentFolderIDs = $this->generateFolderIDs($this->iParentID);
  309 + $sQuery .= "parent_folder_ids = '$this->sParentFolderIDs'," .
  310 + "full_path = '$this->sFullPath', ";
296 311 }
297 312 $sQuery .= "is_public = " . ($this->bIsPublic ? 1 : 0) . " " .
298 313 "WHERE id = " . $this->iId;
... ... @@ -345,9 +360,7 @@ class Folder {
345 360 while ($sql->next_record()) {
346 361 $aChildren[count($aChildren)] = $sql->f("id");
347 362 Folder::getChildren($sql->f("id"), & $aChildren);
348   - //$sChildString .= $sql->f("id") . "," . Folder::getChildren($sql->f("id"));
349 363 }
350   - //return $sChildString;
351 364 return $aChildren;
352 365 }
353 366  
... ... @@ -401,10 +414,10 @@ class Folder {
401 414 $sql = $default->db;
402 415 $sql->query("SELECT * FROM " . $default->folders_table . " WHERE id = " . $iFolderID);
403 416 if ($sql->next_record()) {
404   - $oFolder = & new Folder(stripslashes($sql->f("name")), stripslashes($sql->f("description")), $sql->f("parent_id"), $sql->f("creator_id"), $sql->f("unit_id"), $sql->f("is_public"));
  417 + $oFolder = & new Folder($sql->f("name"), $sql->f("description"), $sql->f("parent_id"), $sql->f("creator_id"), $sql->f("unit_id"), $sql->f("is_public"));
405 418 $oFolder->iId = $iFolderID;
406   - $oFolder->sFullPath = stripslashes($sql->f("full_path"));
407   - $oFolder->sParentFolderIDs = stripslashes($sql->f("parent_folder_ids"));
  419 + $oFolder->sFullPath = $sql->f("full_path");
  420 + $oFolder->sParentFolderIDs = $sql->f("parent_folder_ids");
408 421 return $oFolder;
409 422 }
410 423 $_SESSION["errorMessage"] = $lang_err_object_not_exist . "id = " . $iFolderID . " table = folders";
... ... @@ -439,7 +452,6 @@ class Folder {
439 452 $aFolderArray;
440 453 settype($aFolderArray, "array");
441 454 $sql = $default->db;
442   - // TODO: join on sys_deleted
443 455 $result = $sql->query("SELECT * FROM " . $default->folders_table . (isset($sWhereClause) ? " WHERE " . $sWhereClause : ""));
444 456 if ($result) {
445 457 $iCount = 0;
... ... @@ -465,7 +477,8 @@ class Folder {
465 477 function getFolderPath($iFolderID) {
466 478 global $default;
467 479 $oFolder = Folder::get($iFolderID);
468   - return $default->documentRoot . "/" . $oFolder->sFullPath . "/" . $oFolder->getName() . "/";
  480 + $sPath = $default->documentRoot . "/" . $oFolder->sFullPath . "/" . $oFolder->getName() . "/";
  481 + return $sPath;
469 482 }
470 483  
471 484 /**
... ... @@ -590,10 +603,9 @@ class Folder {
590 603 * @return true if the folder exists, false otherwise and set $_SESSION["errorMessage"]
591 604 */
592 605 function folderExistsName($sName, $iParentID) {
593   - $sName = addslashes($sName);
594 606 global $default, $lang_err_folder_exist;
595 607 $sql = $default->db;
596   - $sql->query("SELECT * FROM " . $default->folders_table . " WHERE name = '" . $sName . "' AND parent_id = " . $iParentID);
  608 + $sql->query("SELECT * FROM " . $default->folders_table . " WHERE name = '$sName' AND parent_id = $iParentID");
597 609 if ($sql->next_record()) {
598 610 return true;
599 611 }
... ... @@ -631,7 +643,7 @@ class Folder {
631 643 $sql = $default->db;
632 644 $sql->query("SELECT name FROM " . $default->folders_table . " WHERE id = " . $iFolderID);
633 645 if ($sql->next_record()) {
634   - return stripslashes($sql->f("name"));
  646 + return $sql->f("name");
635 647 }
636 648 $_SESSION["errorMessage"] = $lang_err_database;
637 649 return false;
... ... @@ -647,7 +659,7 @@ class Folder {
647 659 function getFolderID($sFolderName) {
648 660 global $default, $lang_err_database;
649 661 $sql = $default->db;
650   - $sql->query("SELECT id FROM " . $default->folders_table . " WHERE name = '" . addslashes($sFolderName) . "'");
  662 + $sql->query("SELECT id FROM " . $default->folders_table . " WHERE name = '$sFolderName'");
651 663 if ($sql->next_record()) {
652 664 return $sql->f("id");
653 665 }
... ...
lib/foldermanagement/PhysicalFolderManagement.inc
  View file @a3249ee
... ... @@ -37,7 +37,7 @@ class PhysicalFolderManagement {
37 37 function createFolder($sPath) {
38 38 // check if a folder with this name exists before creating it
39 39 if (!file_exists($sPath)) {
40   - return mkdir($sPath, 0755);
  40 + return mkdir(rtrim($sPath), 0755);
41 41 } else {
42 42 return true;
43 43 }
... ... @@ -51,11 +51,11 @@ class PhysicalFolderManagement {
51 51 * @return boolean true on successful delete, false otherwise
52 52 */
53 53 function deleteFolder($sPath) {
54   - return rmdir($sPath);
  54 + return rmdir(rtrim($sPath));
55 55 }
56 56  
57 57 function renameFolder($sOldPath, $sNewPath) {
58   - return rename($sOldPath, $sNewPath);
  58 + return rename($sOldPath, rtrim($sNewPath));
59 59 }
60 60  
61 61 }
... ...
lib/groups/Group.inc
  View file @a3249ee
... ... @@ -109,6 +109,23 @@ class Group {
109 109 }
110 110  
111 111 /**
  112 + * Checks if this group has users mapped to it or not
  113 + */
  114 + function hasRoutingSteps() {
  115 + global $default;
  116 +
  117 + $sql = $default->db;
  118 + $query = "SELECT id FROM $default->groups_folders_approval_table WHERE group_id = $this->iId";
  119 + $sql->query($query);
  120 + $rows = $sql->num_rows();
  121 + if ($rows > 0){
  122 + return true;
  123 + } else {
  124 + return false;
  125 + }
  126 + }
  127 +
  128 + /**
112 129 * Create the current object in the database
113 130 *
114 131 * @return boolean on successful store, false otherwise and set $_SESSION["errorMessage"]
... ... @@ -129,7 +146,7 @@ class Group {
129 146 return false;
130 147 } else {
131 148 $sql = $default->db;
132   - $result = $sql->query("INSERT INTO " . $default->groups_table . " (name, is_sys_admin, is_unit_admin) VALUES ('" . addslashes($this->sName) . "', " . ($this->bIsSysAdmin ? 1 : 0) . ", " . ($this->bIsUnitAdmin ? 1 : 0) . ")");
  149 + $result = $sql->query("INSERT INTO " . $default->groups_table . " (name, is_sys_admin, is_unit_admin) VALUES ('$this->sName', " . ($this->bIsSysAdmin ? 1 : 0) . ", " . ($this->bIsUnitAdmin ? 1 : 0) . ")");
133 150 if ($result) {
134 151 $this->iId = $sql->insert_id();
135 152 return true;
... ... @@ -153,7 +170,7 @@ class Group {
153 170 //only update if the object has been stored
154 171 if ($this->iId > 0) {
155 172 $sql = $default->db;
156   - $result = $sql->query("UPDATE " . $default->groups_table . " SET name = '" . addslashes($this->sName) . "', is_sys_admin = " . ($this->bIsSysAdmin ? 1 : 0) . ", is_unit_admin = " . ($this->bIsUnitAdmin ? 1 : 0) . " WHERE id = $this->iId");
  173 + $result = $sql->query("UPDATE " . $default->groups_table . " SET name = '$this->sName', is_sys_admin = " . ($this->bIsSysAdmin ? 1 : 0) . ", is_unit_admin = " . ($this->bIsUnitAdmin ? 1 : 0) . " WHERE id = $this->iId");
157 174 if ($result) {
158 175 return true;
159 176 }
... ... @@ -196,7 +213,7 @@ class Group {
196 213 $result = $sql->query("SELECT * FROM $default->groups_table WHERE id = $iGroupID");
197 214 if ($result) {
198 215 if ($sql->next_record()) {
199   - $oGroup = & new Group(stripslashes($sql->f("name")), $sql->f("is_unit_admin"), $sql->f("is_sys_admin"));
  216 + $oGroup = & new Group($sql->f("name"), $sql->f("is_unit_admin"), $sql->f("is_sys_admin"));
200 217 $oGroup->iId = $iGroupID;
201 218 return $oGroup;
202 219 }
... ...
lib/groups/GroupFolderApprovalLink.inc
  View file @a3249ee
... ... @@ -223,7 +223,7 @@ class GroupFolderApprovalLink {
223 223 $oGroupFolderApprovalLink->iId = $iGroupFolderLinkID;
224 224 return $oGroupFolderApprovalLink;
225 225 }
226   - $_SESSION["errorMessage"] = $lang_err_object_not_exist . "id = " . $iGroupFolderLinkID . " table = $default-owl_groups_folders_approval_table";
  226 +
227 227 return false;
228 228 }
229 229 $_SESSION["errorMessage"] = $lang_err_database;
... ...
lib/links/Link.inc
  View file @a3249ee
... ... @@ -101,7 +101,7 @@ class Link {
101 101  
102 102 }else{
103 103 $sql = $default->db;
104   - $result = $sql->query("INSERT INTO " . $default->quicklinks_table . " (name, url, rank) VALUES ('" . addslashes($this->sName) . "', '" . ($this->sUrl) . "', " . ($this->iRank) . ")");
  104 + $result = $sql->query("INSERT INTO " . $default->quicklinks_table . " (name, url, rank) VALUES ('$this->sName', '$this->sUrl', $this->iRank)");
105 105 if ($result) {
106 106 $this->iId = $sql->insert_id();
107 107 return true;
... ... @@ -126,7 +126,7 @@ class Link {
126 126 //only update if the object has been stored
127 127 if ($this->iId > 0) {
128 128 $sql = $default->db;
129   - $result = $sql->query("UPDATE " . $default->quicklinks_table . " SET name = '" . addslashes($this->sName) . "', url = '" . ($this->sUrl) . "', rank = " . ($this->iRank) . " WHERE id = $this->iId");
  129 + $result = $sql->query("UPDATE " . $default->quicklinks_table . " SET name = '$this->sName', url = '$this->sUrl', rank = $this->iRank WHERE id = $this->iId");
130 130 if ($result) {
131 131 return true;
132 132 }
... ... @@ -174,7 +174,7 @@ class Link {
174 174 $result = $sql->query("SELECT * FROM $default->quicklinks_table WHERE id = $iLinkID");
175 175 if ($result) {
176 176 if ($sql->next_record()) {
177   - $oLink = & new Link(stripslashes($sql->f("name")), $sql->f("url"), $sql->f("rank"));
  177 + $oLink = & new Link($sql->f("name"), $sql->f("url"), $sql->f("rank"));
178 178 $oLink->iId = $iLinkID;
179 179 return $oLink;
180 180 }
... ...
lib/orgmanagement/Organisation.inc
  View file @a3249ee
... ... @@ -81,7 +81,7 @@ class Organisation {
81 81 $_SESSION["errorMessage"] = "Organisation::The name " . $this->sName . " is already in use!";
82 82 return false;
83 83 } else {
84   - $result = $sql->query("INSERT INTO " . $default->organisations_table . " (name) VALUES ('" . addslashes($this->sName) . "')");
  84 + $result = $sql->query("INSERT INTO " . $default->organisations_table . " (name) VALUES ('$this->sName')");
85 85 if ($result) {
86 86 $this->iId = $sql->insert_id();
87 87 return true;
... ... @@ -104,7 +104,7 @@ class Organisation {
104 104 //only update if the object has been stored
105 105 if ($this->iId > 0) {
106 106 $sql = $default->db;
107   - $result = $sql->query("UPDATE " . $default->organisations_table . " SET name = '" . addslashes($this->sName) . "' WHERE id = $this->iId");
  107 + $result = $sql->query("UPDATE " . $default->organisations_table . " SET name = '$this->sName' WHERE id = $this->iId");
108 108 if ($result) {
109 109 return true;
110 110 }
... ... @@ -160,7 +160,7 @@ class Organisation {
160 160 $result = $sql->query("SELECT * FROM $default->organisations_table WHERE id = $iOrgID");
161 161 if ($result) {
162 162 if ($sql->next_record()) {
163   - $oOrg = & new Organisation(stripslashes($sql->f("name")));
  163 + $oOrg = & new Organisation($sql->f("name"));
164 164 $oOrg->iId = $iOrgID;
165 165 return $oOrg;
166 166 }
... ...
lib/roles/Role.inc
  View file @a3249ee
... ... @@ -113,7 +113,7 @@ class Role {
113 113 }else
114 114 {
115 115 $sql = $default->db;
116   - $result = $sql->query("INSERT INTO " . $default->roles_table . " (name, active, can_read, can_write) VALUES ('" . addslashes($this->sName) . "', " . ($this->bActive ? 1 : 0) . ", " . ($this->bCanRead ? 1 : 0) . ", " . ($this->bCanWrite ? 1 : 0) . ")");
  116 + $result = $sql->query("INSERT INTO " . $default->roles_table . " (name, active, can_read, can_write) VALUES ('$this->sName', " . ($this->bActive ? 1 : 0) . ", " . ($this->bCanRead ? 1 : 0) . ", " . ($this->bCanWrite ? 1 : 0) . ")");
117 117 if ($result) {
118 118 $this->iId = $sql->insert_id();
119 119 return true;
... ... @@ -137,7 +137,7 @@ class Role {
137 137 //only update if the object has been stored
138 138 if ($this->iId > 0) {
139 139 $sql = $default->db;
140   - $result = $sql->query("UPDATE " . $default->roles_table . " SET name = '" . addslashes($this->sName) . "', active = " . ($this->bActive ? 1 : 0) . ", can_read = " . ($this->bCanRead ? 1 : 0) . ", can_write = " . ($this->bCanWrite ? 1 : 0) . " WHERE id = $this->iId");
  140 + $result = $sql->query("UPDATE " . $default->roles_table . " SET name = '$this->sName', active = " . ($this->bActive ? 1 : 0) . ", can_read = " . ($this->bCanRead ? 1 : 0) . ", can_write = " . ($this->bCanWrite ? 1 : 0) . " WHERE id = $this->iId");
141 141 if ($result) {
142 142 return true;
143 143 }
... ... @@ -197,7 +197,7 @@ class Role {
197 197 $result = $sql->query("SELECT * FROM $default->roles_table WHERE id = $iRoleID");
198 198 if ($result) {
199 199 if ($sql->next_record()) {
200   - $oRole = & new Role(stripslashes($sql->f("name")), $sql->f("can_read"), $sql->f("can_write"));
  200 + $oRole = & new Role($sql->f("name"), $sql->f("can_read"), $sql->f("can_write"));
201 201 $oRole->iId = $iRoleID;
202 202 $oRole->bActive = $sql->f("active");
203 203 return $oRole;
... ...
lib/session/control.inc
  View file @a3249ee
... ... @@ -61,9 +61,8 @@ function controllerRedirect($sAction, $sQueryString = &quot;&quot;) {
61 61 function generateLink($sTargetPage, $sQueryString, $sLinkText = "") {
62 62 global $default;
63 63  
64   - if (strlen($sQueryString) > 0) {
65   - $sQueryStringDelimiter = (strstr($sTargetPage, "?") ? "&" : "?");
66   - }
  64 + $sQueryStringDelimiter = strlen($sQueryString) > 0 ? (strstr($sTargetPage, "?") ? "&" : "?") : "";
  65 +
67 66 $sLink = "http" . ($default->sslEnabled ? "s" : "") . "://" . $default->serverName .
68 67 ((substr($sTargetPage, 0, strlen($default->rootUrl)) != $default->rootUrl) ? $default->rootUrl : "") .
69 68 $sTargetPage . $sQueryStringDelimiter . $sQueryString;
... ... @@ -148,7 +147,7 @@ function checkSessionAndRedirect($bRedirect) {
148 147 } else {
149 148 $url = generateControllerUrl("loginForm");
150 149 }
151   - $redirect = urlencode($_SERVER[PHP_SELF] . "?" . $_SERVER["QUERY_STRING"]);
  150 + $redirect = urlencode($_SERVER["PHP_SELF"] . "?" . $_SERVER["QUERY_STRING"]);
152 151 if ((strlen($redirect) > 1)) {
153 152 $default->log->debug("checkSession:: redirect url=$redirect");
154 153 // this session verification failure represents either the first visit to
... ...
lib/unitmanagement/Unit.inc
  View file @a3249ee
... ... @@ -89,7 +89,7 @@ class Unit {
89 89 $_SESSION["errorMessage"] = "Unit::The name " . $this->sName . " is already in use!";
90 90 return false;
91 91 } else {
92   - $result = $sql->query("INSERT INTO " . $default->units_table . " (name) VALUES ('" . addslashes($this->sName) . "')");
  92 + $result = $sql->query("INSERT INTO " . $default->units_table . " (name) VALUES ('$this->sName')");
93 93 if ($result) {
94 94 $this->iId = $sql->insert_id();
95 95 // create a new unit root folder
... ... @@ -131,7 +131,7 @@ class Unit {
131 131 $sql = $default->db;
132 132 // lookup current name before updating
133 133 $sOldName = lookupField($default->units_table, "name", "id", $this->iId);
134   - $result = $sql->query("UPDATE " . $default->units_table . " SET name = '" . addslashes($this->sName) . "' WHERE id = $this->iId");
  134 + $result = $sql->query("UPDATE " . $default->units_table . " SET name = '$this->sName' WHERE id = $this->iId");
135 135 if ($result) {
136 136 // need to update the units root folder also
137 137 $iFolderID = Folder::getFolderID($sOldName);
... ... @@ -202,7 +202,7 @@ class Unit {
202 202 $result = $sql->query("SELECT * FROM $default->units_table WHERE id = $iUnitID");
203 203 if ($result) {
204 204 if ($sql->next_record()) {
205   - $oUnit = & new Unit(stripslashes($sql->f("name")));
  205 + $oUnit = & new Unit($sql->f("name"));
206 206 $oUnit->iId = $iUnitID;
207 207 return $oUnit;
208 208 }
... ...
lib/users/User.inc
  View file @a3249ee
... ... @@ -324,7 +324,7 @@ class User {
324 324 }
325 325 else {
326 326 $result = $sql->query("INSERT INTO " . $default->users_table . " (username, name, password, quota_max, quota_current, email, mobile, email_notification, sms_notification, ldap_dn, max_sessions, language_id) " .
327   - "VALUES ('" . addslashes($this->sUserName) . "', '" . addslashes($this->sName) . "', '" . addslashes(md5($this->sPassword)) . "', $this->iQuotaMax, 0, '" . addslashes($this->sEmail) . "', '" . addslashes($this->sMobile) . "', " . ($this->bEmailNotification ? 1 : 0) . ", " . ($this->bSmsNotification ? 1 : 0) . ", '" . addslashes($this->sLdapDn) . "', $this->iMaxSessions, $this->iLanguageID)");
  327 + "VALUES ('$this->sUserName', '$this->sName', '" . md5($this->sPassword) . "', $this->iQuotaMax, 0, '$this->sEmail', '$this->sMobile', " . ($this->bEmailNotification ? 1 : 0) . ", " . ($this->bSmsNotification ? 1 : 0) . ", '$this->sLdapDn', $this->iMaxSessions, $this->iLanguageID)");
328 328 if ($result) {
329 329 $this->iId = $sql->insert_id();
330 330 return true;
... ... @@ -360,7 +360,7 @@ class User {
360 360 }
361 361 else {
362 362 $sql = $default->db;
363   - $result = $sql->query("UPDATE " . $default->users_table . " SET username = '" . addslashes($this->sUserName) . "', name = '" . addslashes($this->sName) . "', " . ($this->bPasswordChanged ? "password = '" . addslashes(md5($this->sPassword)) . "', " : " ") . " quota_max = $this->iQuotaMax, email = '" . addslashes($this->sEmail) . "', mobile = '" . addslashes($this->sMobile) . "', email_notification = " . ($this->bEmailNotification ? 1 : 0) . ", sms_notification = " . ($this->bSmsNotification ? 1 : 0) . ", ldap_dn = '" . addslashes($this->sLdapDn) . "', max_sessions = $this->iMaxSessions, language_id = $this->iLanguageID WHERE id = $this->iId");
  363 + $result = $sql->query("UPDATE " . $default->users_table . " SET username = '$this->sUserName', name = '$this->sName', " . ($this->bPasswordChanged ? "password = '" . md5($this->sPassword) . "', " : " ") . " quota_max = $this->iQuotaMax, email = '$this->sEmail', mobile = '$this->sMobile', email_notification = " . ($this->bEmailNotification ? 1 : 0) . ", sms_notification = " . ($this->bSmsNotification ? 1 : 0) . ", ldap_dn = '$this->sLdapDn', max_sessions = $this->iMaxSessions, language_id = $this->iLanguageID WHERE id = $this->iId");
364 364 if ($result) {
365 365 return true;
366 366 }
... ... @@ -430,7 +430,7 @@ class User {
430 430 $result = $sql->query("SELECT * FROM $default->users_table WHERE id = $iUserID");
431 431 if ($result) {
432 432 if ($sql->next_record()) {
433   - $oUser = & new User(stripslashes($sql->f("username")), stripslashes($sql->f("name")), stripslashes($sql->f("password")), $sql->f("quota_max"), stripslashes($sql->f("email")), stripslashes($sql->f("mobile")), $sql->f("email_notification"), $sql->f("sms_notification"), $sql->f("ldap_dn"), $sql->f("max_sessions"), $sql->f("language_id"));
  433 + $oUser = & new User($sql->f("username"), $sql->f("name"), $sql->f("password"), $sql->f("quota_max"), $sql->f("email"), $sql->f("mobile"), $sql->f("email_notification"), $sql->f("sms_notification"), $sql->f("ldap_dn"), $sql->f("max_sessions"), $sql->f("language_id"));
434 434 $oUser->iId = $iUserID;
435 435 return $oUser;
436 436 }
... ...
lib/visualpatterns/PatternBrowsableSearchResults.inc
  View file @a3249ee
... ... @@ -50,6 +50,8 @@ class PatternBrowseableSearchResults {
50 50 var $sOrderDirection = "ASC";
51 51 /** New QueryString when submitting to self */
52 52 var $sQueryString;
  53 + /** Search criteria **/
  54 + var $sSearchText;
53 55  
54 56 function PatternBrowseableSearchResults($sTmpQuery, $iTmpResultsToDisplay, $aTmpColumns, $aTmpColumnTypes, $aTmpColumnHeaders, $aTmpLinkURLs = null, $aTmpDBQueryStringColumns = null, $aTmpQueryStringVariableNames = null) {
55 57 $this->sQuery = $sTmpQuery;
... ... @@ -82,6 +84,9 @@ class PatternBrowseableSearchResults {
82 84 function setOrderDirection($sNewValue) {
83 85 $this->sOrderDirection = $sNewValue;
84 86 }
  87 + function setSearchText($sNewValue) {
  88 + $this->sSearchText = $sNewValue;
  89 + }
85 90  
86 91 /**
87 92 * Build the HTML string used to render the object
... ... @@ -96,43 +101,53 @@ class PatternBrowseableSearchResults {
96 101 $sSectionName = $default->siteMap->getSectionName(substr($_SERVER["PHP_SELF"], strlen($default->rootUrl), strlen($_SERVER["PHP_SELF"])));
97 102 $sTHBGColour = $default->siteMap->getSectionColour($sSectionName, "th");
98 103  
99   - //add the limit and offset stuff for cutting down result set
100   - $sLimitQuery = $this->sQuery . " LIMIT " . $this->iStartIndex . ", " . $this->iResultsToDisplay;
101   - $sql = & $default->db;
  104 + // run the query first and get the number of rows
  105 + $iTotalResults = $this->getResultCount();
  106 +
  107 + // now add the limit and offset stuff for cutting down result set
  108 + // decrement startIndex because LIMIT starts at zero and startIndex starts at 1 (for display purposes)
  109 + $sLimitQuery = $this->sQuery . " LIMIT " . ($this->iStartIndex-1) . ", " . $this->iResultsToDisplay;
  110 +
  111 + $sql = & $default->db;
102 112 $sql->query($sLimitQuery);
103   - $sToRender;
  113 +
104 114 if ($sql->num_rows() == 0) {
105 115 //no results
106   - $sToRender = "<table width=\"100%\" height=\"100%\">\n";
  116 + $sToRender .= "<table width=\"100%\" height=\"100%\">\n";
107 117 $sToRender .= "<tr>\n";
108 118 $sToRender .= "<td><p class=\"errorText\">No results matched your criteria</p></td>\n";
109 119 $sToRender .= "</tr>\n";
110 120 $sToRender .= "</table>\n";
111 121 } else {
112 122  
113   - $sToRender = "<table width=\"100%\" height=\"100%\">\n";
  123 + $sToRender .= "<table width=\"100%\" height=\"100%\">\n";
  124 +
  125 + // display the number of results
  126 + $iEndIndex = $this->iStartIndex+$this->iResultsToDisplay-1 < $iTotalResults ? $this->iStartIndex+$this->iResultsToDisplay-1 : $iTotalResults;
  127 +
  128 + $sToRender .= "<tr><td colspan=\"3\">Searched the KnowledgeTree for '$this->sSearchText'.</td></tr>";
  129 + $sToRender .= "<tr><td colspan=\"3\" align=\"right\">Displaying results $this->iStartIndex - $iEndIndex of $iTotalResults</td></tr>\n";
  130 +
114 131 $sToRender .= "<tr>\n";
115 132 for ($i = 0; $i < count($this->aColumnHeadings); $i++) {
116 133 if (! (strcmp($this->sOrderByColumn, $this->aColumns[$i]) === false) && (strcmp($this->sOrderByColumn, $this->aColumns[$i]) == 0)) {
117 134 if (!(strcmp($this->sOrderDirection,"ASC") === false) && (strcmp($this->sOrderDirection,"ASC") == 0)) {
118   - //$sToRender .= "<th align=\"left\"><a href=\"" . $_SERVER["PHP_SELF"] . "?fOrderBy=" . $this->aColumns[$i] . "&fOrderDirection=DESC&fStartIndex=" . $this->iStartIndex . "\">" . $this->aColumnHeadings[$i]."</a></th>\n";
119 135 $sToRender .= "<th align=\"left\" bgcolor=\"" . $sTHBGColour . "\">" . $this->aColumnHeadings[$i]. "</th>\n";
120 136 } else {
121   - //$sToRender .= "<th align=\"left\"><a href=\"" . $_SERVER["PHP_SELF"] . "?fOrderBy=" . $this->aColumns[$i] . "&fOrderDirection=ASC&fStartIndex=" . $this->iStartIndex . "\">" . $this->aColumnHeadings[$i]."</a></th>\n";
122 137 $sToRender .= "<th align=\"left\" bgcolor=\"" . $sTHBGColour . "\">" . $this->aColumnHeadings[$i]. "</th>\n";
123 138 }
124 139 } else {
125   - //$sToRender .= "<th align=\"left\"><a href=\"" . $_SERVER["PHP_SELF"] . "?fOrderBy=" . $this->aColumns[$i] . "&fOrderDirection=ASC&fStartIndex=" . $this->iStartIndex . "\">" . $this->aColumnHeadings[$i]."</a></th>\n";
126 140 $sToRender .= "<th align=\"left\" bgcolor=\"" . $sTHBGColour . "\">" . $this->aColumnHeadings[$i]. "</th>\n";
127 141 }
128 142 }
129 143 $sToRender .= "</tr>\n";
130 144 $iColour = 0;
131 145 $iDisplayed = 0;
132   - //limit the result set displayed
133   - while($sql->next_record() && ($iDisplayed < $this->iResultsToDisplay)) {
  146 +
  147 + //limit the result set displayed
  148 + while($sql->next_record()) {
134 149 $sToRender .= "<tr bgcolor=\"" . getColour($iColour) . "\">";
135   - $iColour++;
  150 + $iColour++; $iDisplayed++;
136 151  
137 152 for ($i = 0; $i < count($this->aColumns); $i++) {
138 153 switch ($this->aColumnTypes[$i]) {
... ... @@ -141,7 +156,7 @@ class PatternBrowseableSearchResults {
141 156 $sToRender .= "<td>" . $sql->f($this->aColumns[$i]) . "</td>\n";
142 157 break;
143 158 case 2:
144   - //diplay a checkbox
  159 + //display a checkbox
145 160 $sToRender .= "<td>" . ($sql->f($this->aColumns[$i]) ? "Yes" : "No") . "</td>\n";
146 161 break;
147 162 case 3:
... ... @@ -176,43 +191,40 @@ class PatternBrowseableSearchResults {
176 191 }
177 192 }
178 193 $sToRender .= "</tr>\n";
179   - $iDisplayed++;
180   - }
  194 + }
181 195  
182 196 //if we displayed less results than the number to display
183 197 //simply pad the table
184 198 while ($iDisplayed < $this->iResultsToDisplay) {
185   - $sToRender .= "<tr><td>&nbsp</td></tr>\n";
  199 + $sToRender .= "<tr><td>&nbsp;</td></tr>\n";
186 200 $iDisplayed++;
187 201 }
188   -
  202 + $sToRender .= "</table>";
  203 +
  204 + $sToRender .= "<table>";
189 205 $sToRender .= "<tr>\n";
190   -
191   - $sToRender .= "<input type=\"hidden\" name=\"fStartIndex\" value=\"" . ($this->iStartIndex + $this->iResultsToDisplay) . "\" />\n";
192   - /* Display only the next button */
193   - if (($this->iStartIndex + $this->iResultsToDisplay) < $this->getResultCount($sql) && $this->iStartIndex == 0) {
194   - $sToRender .= "<td>";
195   - //$sToRender .= ("<a href=\"" . $_SERVER["PHP_SELF"] . "?fStartIndex=" . ($this->iStartIndex + $this->iResultsToDisplay) . "\">Next</a>");
196   - $sToRender .= ("<input type=\"image\" src=\"$default->graphicsUrl/widgets/next.gif\" onClick=\"setActionAndSubmit('" . $_SERVER["PHP_SELF"] . "?fStartIndex=" . ($this->iStartIndex + $this->iResultsToDisplay) . $this->sQueryString . "')\" />");
  206 + $sToRender .= "<input type=\"hidden\" name=\"fStartIndex\" value=\"$iEndIndex\" />\n";
  207 + // Display only the next button
  208 + if (($this->iStartIndex + $this->iResultsToDisplay) < $iTotalResults && $this->iStartIndex == 1) {
  209 + $sToRender .= "<td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>";
  210 + $sToRender .= "<td align=\"left\">";
  211 + $sToRender .= "<input type=\"image\" src=\"$default->graphicsUrl/widgets/next.gif\" onClick=\"setActionAndSubmit('" . $_SERVER["PHP_SELF"] . "?fStartIndex=" . ($this->iStartIndex + $this->iResultsToDisplay) . $this->sQueryString . "')\" />";
197 212 $sToRender .= "</td>\n";
198 213 }
199   - /* Display both the next and the previous buttons */
200   - else if (($this->iStartIndex + $this->iResultsToDisplay) < $this->getResultCount($sql) && $this->iStartIndex > 0) {
  214 + // Display both the next and the previous buttons
  215 + else if (($this->iStartIndex + $this->iResultsToDisplay) < $iTotalResults && $this->iStartIndex > 1) {
201 216 $sToRender .= "<td>";
202   - $sToRender .= ("<input type=\"image\" src=\"$default->graphicsUrl/widgets/next.gif\" onClick=\"setActionAndSubmit('" . $_SERVER["PHP_SELF"] . "?fStartIndex=" . ($this->iStartIndex + $this->iResultsToDisplay) . $this->sQueryString . "')\" />");
  217 + $sToRender .= "<input type=\"image\" src=\"$default->graphicsUrl/widgets/previous.gif\" onClick=\"setActionAndSubmit('" . $_SERVER["PHP_SELF"] . "?fStartIndex=" . ($this->iStartIndex - $this->iResultsToDisplay) . $this->sQueryString . "')\" />";
203 218 $sToRender .= "</td>";
204 219 $sToRender .= "<td>";
205   - $sToRender .= ("<input type=\"image\" src=\"$default->graphicsUrl/widgets/previous.gif\" onClick=\"setActionAndSubmit('" . $_SERVER["PHP_SELF"] . "?fStartIndex=" . ($this->iStartIndex - $this->iResultsToDisplay) . $this->sQueryString . "')\" />");
  220 + $sToRender .= "<input type=\"image\" src=\"$default->graphicsUrl/widgets/next.gif\" onClick=\"setActionAndSubmit('" . $_SERVER["PHP_SELF"] . "?fStartIndex=" . ($this->iStartIndex + $this->iResultsToDisplay) . $this->sQueryString . "')\" />";
206 221 $sToRender .= "</td>\n";
207 222  
208 223 }
209   - /* Display only the previous button */
210   - else if ($this->iStartIndex > 0) {
211   - $sToRender .= "<td>\n";
212   - $sToRender .= ("&nbsp");
213   - $sToRender .= "</td>";
214   - $sToRender .= "<td>\n";
215   - $sToRender .= ("<input type=\"image\" src=\"$default->graphicsUrl/widgets/previous.gif\" onClick=\"setActionAndSubmit('" . $_SERVER["PHP_SELF"] . "?fStartIndex=" . ($this->iStartIndex - $this->iResultsToDisplay) . $this->sQueryString . "')\" />");
  224 + // Display only the previous button
  225 + else if ($this->iStartIndex > 1) {
  226 + $sToRender .= "<td align=\"left\">\n";
  227 + $sToRender .= "<input type=\"image\" src=\"$default->graphicsUrl/widgets/previous.gif\" onClick=\"setActionAndSubmit('" . $_SERVER["PHP_SELF"] . "?fStartIndex=" . ($this->iStartIndex - $this->iResultsToDisplay) . $this->sQueryString . "')\" />";
216 228 $sToRender .= "</td>";
217 229 }
218 230  
... ... @@ -222,11 +234,14 @@ class PatternBrowseableSearchResults {
222 234 return $sToRender;
223 235 }
224 236  
225   - function getResultCount($sql) {
  237 + function getResultCount() {
  238 + global $default;
  239 + $sql = & $default->db;
226 240 if ($sql->query($this->sQuery)) {
227 241 return $sql->num_rows();
  242 + } else {
  243 + return 0;
228 244 }
229   - return 0;
230 245 }
231 246 }
232 247 ?>
233 248 \ No newline at end of file
... ...
lib/visualpatterns/PatternEditableListFromQuery.inc
  View file @a3249ee
... ... @@ -139,7 +139,7 @@ class PatternEditableListFromQuery {
139 139 switch ($this->aDisplayColumnTypes[$i]) {
140 140 case 1:
141 141 //plain text field
142   - $sToRender .= "\t<td bgcolor=\"" . getColour($i) . "\"><input type=\"text\" size = \"30\" name=\"" . $this->sUniqueName . "_" . $i . "_value\" value=\"" . stripslashes($sql->f($this->aDisplayColumns[$i])) . "\"</td>\n";
  142 + $sToRender .= "\t<td bgcolor=\"" . getColour($i) . "\"><input type=\"text\" size = \"30\" name=\"" . $this->sUniqueName . "_" . $i . "_value\" value=\"" . $sql->f($this->aDisplayColumns[$i]) . "\"</td>\n";
143 143 break;
144 144 case 2:
145 145 //boolean value
... ...
lib/visualpatterns/PatternEditableTableSqlQuery.inc
  View file @a3249ee
... ... @@ -172,9 +172,9 @@ class PatternEditableTableSqlQuery {
172 172 //output the value
173 173 if ($this->aColumnsVisible[$i]) {
174 174 if ($this->aColumnsEditable[$i]) {
175   - $sToRender .= "\t<input type=\"text\" name=\"" . $this->sUniqueName . "_" . $iRowCount . $i . "_value\" value=\"" . stripslashes($sql->f($this->aStoreColumnNames[$i])) . "\" />\n";
  175 + $sToRender .= "\t<input type=\"text\" name=\"" . $this->sUniqueName . "_" . $iRowCount . $i . "_value\" value=\"" . $sql->f($this->aStoreColumnNames[$i]) . "\" />\n";
176 176 } else {
177   - $sToRender .= "\t<input type=\"hidden\" name=\"" . $this->sUniqueName . "_" . $iRowCount . $i . "_value\" value=\"" . $sql->f($this->aStoreColumnNames[$i]) . "\" />" . stripslashes($sql->f($this->aDisplayColumnNames[$i]))."\n";
  177 + $sToRender .= "\t<input type=\"hidden\" name=\"" . $this->sUniqueName . "_" . $iRowCount . $i . "_value\" value=\"" . $sql->f($this->aStoreColumnNames[$i]) . "\" />" . $sql->f($this->aDisplayColumnNames[$i])."\n";
178 178 }
179 179 } else {
180 180 $sToRender .= "\t<input type=\"hidden\" name=\"" . $this->sUniqueName . "_" . $iRowCount . $i . "_value\" value=\"" . $sql->f($this->aStoreColumnNames[$i]) . "\" />\n";
... ...
lib/visualpatterns/PatternListBox.inc
  View file @a3249ee
... ... @@ -164,9 +164,9 @@ class PatternListBox {
164 164 }
165 165 while ($sql->next_record()) {
166 166 if ($this->selectedValue == $sql->f("value")) {
167   - $sToRender .= "<OPTION value=\"" . $sql->f("value") . "\" SELECTED>" . stripslashes($sql->f("display")) . "</OPTION>\n";
  167 + $sToRender .= "<OPTION value=\"" . $sql->f("value") . "\" SELECTED>" . $sql->f("display") . "</OPTION>\n";
168 168 } else {
169   - $sToRender .= "<OPTION value=\"" . $sql->f("value") . "\">" . stripslashes($sql->f("display")) . "</OPTION>\n";
  169 + $sToRender .= "<OPTION value=\"" . $sql->f("value") . "\">" . $sql->f("display") . "</OPTION>\n";
170 170 }
171 171 }
172 172 if (isset($this->aAdditionalEntries)) {
... ... @@ -200,7 +200,7 @@ class PatternListBox {
200 200 $aValues = array();
201 201 while ($sql->next_record()) {
202 202 $aValues[] = array("value" => $sql->f("value"),
203   - "display" => stripslashes($sql->f("display")));
  203 + "display" => $sql->f("display"));
204 204 }
205 205 return $aValues;
206 206 }
... ...
lib/visualpatterns/PatternListFromQuery.inc
  View file @a3249ee
... ... @@ -127,7 +127,7 @@ class PatternListFromQuery {
127 127  
128 128 $sToRender .= "<td nowrap bgcolor=\"$sTDBGColour\">" . $this->aColumnNames[$i] . "</td><td width=\"100%\" bgcolor=\"" . getColour($iColour) ."\">";
129 129 if ($sql->f($this->aColumns[$i]) != null) {
130   - $sToRender .= stripslashes($sql->f($this->aColumns[$i])) . "</td>\n";
  130 + $sToRender .= $sql->f($this->aColumns[$i]) . "</td>\n";
131 131 } else {
132 132 $sToRender .= "&nbsp;</td>";
133 133 }
... ... @@ -153,7 +153,7 @@ class PatternListFromQuery {
153 153 //$sToRender .= "<td bgcolor=\"$sTDBGColour\">" . $this->aColumnNames[$i] . "</td><td bgcolor=\"" . getColour($iColour) ."\"><textarea cols=$this->iTextAreaColumns rows=$this->iTextAreaRows READONLY>" . $sql->f($this->aColumns[$i]) . "</textarea></td>\n";
154 154 //break;
155 155 case 3:
156   - $sToRender .= "<td bgcolor=\"$sTDBGColour\">" . $this->aColumnNames[$i] . "</b></td><td bgcolor=\"" . getColour($iColour) ."\"><a href=\"" . $this->aHyperLinkURL[$i] . "?" . $this->replaceValues($this->aQueryStringText[$i], $sql) . "\">" . stripslashes($sql->f($this->aColumns[$i])) . "</a></td>\n";
  156 + $sToRender .= "<td bgcolor=\"$sTDBGColour\">" . $this->aColumnNames[$i] . "</b></td><td bgcolor=\"" . getColour($iColour) ."\"><a href=\"" . $this->aHyperLinkURL[$i] . "?" . $this->replaceValues($this->aQueryStringText[$i], $sql) . "\">" . $sql->f($this->aColumns[$i]) . "</a></td>\n";
157 157 break;
158 158 default:
159 159 break;
... ...
lib/visualpatterns/PatternMetaData.inc
  View file @a3249ee
... ... @@ -44,7 +44,7 @@ class PatternMetaData {
44 44  
45 45 function render() {
46 46 global $default;
47   - $sQuery = "SELECT has_lookup FROM $default->document_fields_table WHERE name LIKE '" . $this->sMetaDataField . "'";
  47 + $sQuery = "SELECT has_lookup FROM $default->document_fields_table WHERE name LIKE '" . addslashes($this->sMetaDataField) . "'";
48 48  
49 49 $sql = $default->db;
50 50 $sql->query($sQuery);
... ... @@ -53,7 +53,7 @@ class PatternMetaData {
53 53 //is a lookup, so display a drop down list
54 54 $sWhereClause = "DF.name LIKE '" . $this->sMetaDataField . "'";
55 55 $sFromClause = "INNER JOIN $default->document_fields_table AS DF ON ST.document_field_id = DF.id";
56   - $oPatternListBox = & new PatternListBox("$default->document_fields_lookup_tables", "name", "name", $this->sFormName);
  56 + $oPatternListBox = & new PatternListBox("$default->metadata_table", "name", "name", $this->sFormName);
57 57 if ($this->sValue != null) {
58 58 $oPatternListBox->setSelectedValue($this->sValue);
59 59 }
... ... @@ -63,7 +63,7 @@ class PatternMetaData {
63 63 } else {
64 64 $sToRender = "<input type=\"text\" name=\"" . $this->sFormName . "\" ";
65 65 if ($this->sValue != null) {
66   - $sToRender .= "value=\"" . stripslashes($this->sValue) . "\" ";
  66 + $sToRender .= "value=\"" . $this->sValue . "\" ";
67 67 }
68 68 $sToRender .= " />";
69 69 return $sToRender;
... ...
lib/visualpatterns/PatternTableSqlQuery.inc
  View file @a3249ee
... ... @@ -164,9 +164,9 @@ class PatternTableSqlQuery {
164 164 }
165 165 if ($sql->f($this->aColumns[$i]) != null) {
166 166 if ($this->bWordWrap) {
167   - $sToRender .= wordwrap(stripslashes($sql->f($this->aColumns[$i])), 25, " ", 1) . "</td>";
  167 + $sToRender .= wordwrap($sql->f($this->aColumns[$i]), 25, " ", 1) . "</td>";
168 168 } else {
169   - $sToRender .= stripslashes($sql->f($this->aColumns[$i])) . "</td>";
  169 + $sToRender .= $sql->f($this->aColumns[$i]) . "</td>";
170 170 }
171 171 } else {
172 172 $sToRender .= "&nbsp;</td>";
... ... @@ -205,7 +205,7 @@ class PatternTableSqlQuery {
205 205 } else if ($this->bUseImageURLFromQuery) {
206 206 $sToRender .= $this->generateImageURL($sql->f("image_url"));
207 207 }
208   - $sToRender .= stripslashes($sql->f($this->aColumns[$i])) . "</a></td>\n";
  208 + $sToRender .= $sql->f($this->aColumns[$i]) . "</a></td>\n";
209 209 break;
210 210 default:
211 211 break;
... ...
lib/web/WebDocument.inc
  View file @a3249ee
1 1 <?php
2 2  
3 3 DEFINE("PENDING",1);
4   -DEFINE("PUBLISHED", 2);
  4 +// FIXME: duplicate status in Document- need one class that defines all lookup constants
  5 +if (!defined("PUBLISHED")) {
  6 + DEFINE("PUBLISHED", 2);
  7 +}
5 8 DEFINE("NOT_PUBLISHED",3);
6 9 /**
7 10 * $Id$
... ...
lib/web/WebSite.inc
  View file @a3249ee
... ... @@ -146,7 +146,7 @@ class WebSite {
146 146 } else {
147 147  
148 148 $sql = $default->db;
149   - $result = $sql->query("INSERT INTO " . $default->web_sites_table . " (web_site_name, web_site_url, web_master_id) VALUES ('" . addslashes($this->sWebSiteName) . "', '" . addslashes($this->sWebSiteURL) . "', $this->iWebMasterID)");
  149 + $result = $sql->query("INSERT INTO " . $default->web_sites_table . " (web_site_name, web_site_url, web_master_id) VALUES ('$this->sWebSiteName', '$this->sWebSiteURL', $this->iWebMasterID)");
150 150 if ($result) {
151 151 $this->iId = $sql->insert_id();
152 152 return true;
... ... @@ -170,7 +170,7 @@ class WebSite {
170 170 //only update if the object has been stored
171 171 if ($this->iId > 0) {
172 172 $sql = $default->db;
173   - $result = $sql->query("UPDATE " . $default->web_sites_table . " SET web_site_name = '" . addslashes($this->sWebSiteName) . "', web_site_url = '" . addslashes($this->sWebSiteURL) . "', web_master_id = '" . $this->iWebMasterID . "' WHERE id = $this->iId");
  173 + $result = $sql->query("UPDATE " . $default->web_sites_table . " SET web_site_name = '$this->sWebSiteName', web_site_url = '$this->sWebSiteURL', web_master_id = '" . $this->iWebMasterID . "' WHERE id = $this->iId");
174 174 if ($result) {
175 175 return true;
176 176 }
... ... @@ -217,7 +217,7 @@ class WebSite {
217 217 $result = $sql->query("SELECT * FROM $default->web_sites_table WHERE id = $iWebSiteID");
218 218 if ($result) {
219 219 if ($sql->next_record()) {
220   - $oWebSite = & new WebSite(stripslashes($sql->f("web_site_name")), stripslashes($sql->f("web_site_url")), $sql->f("web_master_id"));
  220 + $oWebSite = & new WebSite($sql->f("web_site_name"), $sql->f("web_site_url"), $sql->f("web_master_id"));
221 221 $oWebSite->iId = $iWebSiteID;
222 222 return $oWebSite;
223 223 }
... ...
presentation/login.php
  View file @a3249ee
... ... @@ -98,7 +98,7 @@ if ($loginAction == &quot;loginForm&quot;) {
98 98 switch ($userDetails["status"]) {
99 99 // bad credentials
100 100 case 0:
101   - $url = $url . "&errorMessage=" . urlencode($lang_loginfail);
  101 + $url = $url . "&errorMessage=" . urlencode("Login failure");
102 102 break;
103 103 // successfully authenticated
104 104 case 1:
... ... @@ -137,18 +137,18 @@ if ($loginAction == &quot;loginForm&quot;) {
137 137 break;
138 138 // login disabled
139 139 case 2:
140   - $url = $url . "&errorMessage=" . urlencode($lang_logindisabled);
  140 + $url = $url . "&errorMessage=" . urlencode("Account has been DISABLED, contact the System Adminstrator");
141 141 break;
142 142 // too many sessions
143 143 case 3 :
144   - $url = $url . "&errorMessage=" . urlencode($lang_toomanysessions);
  144 + $url = $url . "&errorMessage=" . urlencode("Maximum sessions for user reached.<br>Contact the System Administrator");
145 145 break;
146 146 // not a unit user
147 147 case 4 :
148 148 $url = $url . "&errorMessage=" . urlencode("Not unit user- contact an Administrator");
149 149 break;
150 150 default :
151   - $url = $url . "&errorMessage=" . urlencode($lang_err_general);
  151 + $url = $url . "&errorMessage=" . urlencode("Login failure");
152 152 }
153 153 } else {
154 154 // didn't receive any login parameters, so redirect login form
... ...
presentation/lookAndFeel/knowledgeTree/administration/docfieldmanagement/editDocFieldLookupsUI.inc
  View file @a3249ee
... ... @@ -84,7 +84,7 @@ function getGroupPage($fDocFieldID) {
84 84  
85 85 $LookupDisplay .= "<b>Current Lookups</b><br>\n";
86 86 $sQuery = " Select * " .
87   - " From " . $default->document_fields_lookup_tables .
  87 + " From " . $default->metadata_table .
88 88 " WHERE document_field_id=" . $fDocFieldID;
89 89  
90 90 $aColumns = array("name");
... ...
presentation/lookAndFeel/knowledgeTree/administration/groupmanagement/assignGroupToUnitBL.php
  View file @a3249ee
... ... @@ -65,7 +65,7 @@ if (checkSession()) {
65 65 if($unitLink == false) {
66 66 $oPatternCustom->setHtml(getPage($fGroupID,$fUnitID));
67 67 $main->setHasRequiredFields(true);
68   - $main->setFormAction($_SERVER["PHP_SELF"] . "?fGroupSet=1&fGroupAssign=1");
  68 + $main->setFormAction($_SERVER["PHP_SELF"] . "?fGroupAssign=1");
69 69 } else {
70 70 //if it does...then go to failure page
71 71 $oPatternCustom->setHtml(getPageFail($fGroupID));
... ...
presentation/lookAndFeel/knowledgeTree/administration/groupmanagement/assignGroupToUnitUI.inc
  View file @a3249ee
... ... @@ -80,28 +80,25 @@ function getGotGroupPage($iGroupID,$iUnitID){
80 80 // gets main page
81 81 function getPage($iGroupID, $iUnitID) {
82 82 global $default;
83   - $oGroup = null;
84   - $oUnit = null;
  83 +
  84 + $oGroup = Group::get($iGroupID);
  85 + if (isset($iUnitID)) {
  86 + $oUnit = Unit::get($iUnitID);
  87 + }
85 88  
86   - if (isset($iGroupID)) {
87   - $oGroup = Group::get($iGroupID);
88   - $heading = "<tr><td colspan=\"2\">Are you Sure you wish to assign the Group to the Unit?</td></tr>\n";
  89 + if ($oUnit) {
  90 + $heading = "<tr><td colspan=\"2\">Are you sure you wish to assign the Group to the Unit?</td></tr>\n";
89 91 } else {
90   - if (Permission::userIsUnitAdministrator()) {
  92 + if (Permission::userIsUnitAdministrator() && !Permission::userIsSystemAdministrator()) {
91 93 $heading = "<tr><td colspan=\"2\">Please Assign a Group to your Unit:</td></tr>\n";
92 94 } else {
93 95 $heading = "<tr><td colspan=\"2\">Please Assign a Group to a Unit:</td></tr>\n";
94 96 }
95 97 }
96   -
97   - if (isset($iUnitID)) {
98   - $oUnit = Unit::get($iUnitID);
99   - }
100 98  
101 99 $sToRender .= renderHeading("Assign Group to Unit");
102 100 $sToRender .= "<table>\n";
103 101 $sToRender .= $heading;
104   - $sToRender .= "<br>\n";
105 102 $sToRender .= "<tr>\n";
106 103 $sToRender .= "</tr>\n";
107 104 $sToRender .= "<td>Group Name: </td><td>" . getGroupDisplay($oGroup) . "</td>\n";
... ... @@ -227,7 +224,7 @@ function getGroupDisplay($oGroup) {
227 224 // display the listbox initially ..then just display the text
228 225 function getUnitDisplay($oUnit) {
229 226 global $default;
230   - if (Permission::userIsUnitAdministrator()) {
  227 + if (Permission::userIsUnitAdministrator() && !Permission::userIsSystemAdministrator()) {
231 228 $oUnit = Unit::get(User::getUnitID($_SESSION["userID"]));
232 229 }
233 230 if (!isset($oUnit)) {
... ...
presentation/lookAndFeel/knowledgeTree/administration/groupmanagement/listGroupsUI.inc
  View file @a3249ee
... ... @@ -42,22 +42,22 @@ function getUnitDisplay($iUnitID) {
42 42  
43 43 function getGroups($fUnitID) {
44 44 global $default;
45   - $sQuery = "SELECT groups_lookup.id as groupID, units_lookup.name as UnitNameB4, groups_lookup.name as name, 'Edit' , 'Delete', 'Edit Units', " .
  45 + $sQuery = "SELECT groups_lookup.id as groupID, units_lookup.name as UnitNameB4, groups_lookup.name as name, 'Edit' , 'Delete', 'Edit Unit', " .
46 46 "CASE WHEN units_lookup.name Is Null THEN '<font color=darkgrey>No Unit Assigned</font>' ELSE units_lookup.name END AS UnitName " .
47 47 "FROM (groups_lookup LEFT join groups_units_link on groups_lookup.id = groups_units_link.group_id) " .
48 48 "LEft join units_lookup on units_lookup.id = groups_units_link.unit_id " .
49 49 ($fUnitID ? "WHERE groups_units_link.unit_id =$fUnitID " : "") .
50 50 "ORDER BY groups_lookup.name ";
51 51  
52   - $aColumns = array("name", "UnitName", "Edit", "Delete", "Edit Units");
53   - $aColumnNames = array( "Name", "Unit Name", "Edit", "Delete", "Edit Units");
  52 + $aColumns = array("name", "UnitName", "Edit", "Delete", "Edit Unit");
  53 + $aColumnNames = array( "Name", "Unit Name", "Edit", "Delete", "Edit Unit");
54 54 $aColumnTypes = array(1,1,3,3,3);
55 55 $aDBColumnArray = array("groupID");
56 56 $aQueryStringVariableNames = array("fGroupID");
57 57  
58 58 $aHyperLinkURL = array( 2=> "$default->rootUrl/control.php?action=editGroup",
59   - 3=> "$default->rootUrl/control.php?action=removeGroup",
60   - 4=> "$default->rootUrl/control.php?action=editGroupUnit");
  59 + 3=> "$default->rootUrl/control.php?action=removeGroup",
  60 + 4=> "$default->rootUrl/control.php?action=editGroupUnit");
61 61  
62 62 $oSearchResults = & new PatternTableSqlQuery($sQuery, $aColumns, $aColumnTypes, $aColumnNames, "100%", $aHyperLinkURL,$aDBColumnArray,$aQueryStringVariableNames);
63 63 $oSearchResults->setDisplayColumnHeadings(true);
... ...
presentation/lookAndFeel/knowledgeTree/administration/groupmanagement/removeGroupBL.php
  View file @a3249ee
... ... @@ -31,7 +31,6 @@ if (checkSession()) {
31 31 require_once("$default->fileSystemRoot/lib/visualpatterns/PatternListBox.inc");
32 32 require_once("$default->fileSystemRoot/lib/visualpatterns/PatternEditableListFromQuery.inc");
33 33 require_once("removeGroupUI.inc");
34   - //require_once("../adminUI.inc");
35 34 require_once("$default->fileSystemRoot/lib/security/Permission.inc");
36 35 require_once("$default->fileSystemRoot/lib/groups/Group.inc");
37 36 require_once("$default->fileSystemRoot/presentation/webpageTemplate.inc");
... ... @@ -46,16 +45,20 @@ if (checkSession()) {
46 45 $oGroup = Group::get($fGroupID);
47 46 if (!$oGroup->hasUsers()) {
48 47 if (!$oGroup->hasUnit()) {
49   - if (isset($fForDelete)) {
50   - if ($oGroup->delete()) {
51   - // FIXME: refactor getStatusPage in Html.inc
52   - $oPatternCustom->setHtml(statusPage("Remove Group", "Group successfully removed!", "", "listGroups"));
  48 + if (!$oGroup->hasRoutingSteps()) {
  49 + if (isset($fForDelete)) {
  50 + if ($oGroup->delete()) {
  51 + // FIXME: refactor getStatusPage in Html.inc
  52 + $oPatternCustom->setHtml(statusPage("Remove Group", "Group successfully removed!", "", "listGroups"));
  53 + } else {
  54 + $oPatternCustom->setHtml(statusPage("Remove Group", "Group deletion failed!", "There was an error deleting this group. Please try again later.", "listGroups"));
  55 + }
53 56 } else {
54   - $oPatternCustom->setHtml(statusPage("Remove Group", "Group deletion failed!", "There was an error deleting this group. Please try again later.", "listGroups"));
  57 + $oPatternCustom->setHtml(getDeletePage($fGroupID));
  58 + $main->setFormAction($_SERVER["PHP_SELF"] . "?fForDelete=1");
55 59 }
56 60 } else {
57   - $oPatternCustom->setHtml(getDeletePage($fGroupID));
58   - $main->setFormAction($_SERVER["PHP_SELF"] . "?fForDelete=1");
  61 + $oPatternCustom->setHtml(statusPage("Remove Group", "This group is part of a document routing step!", "This group can not be deleted because it is involved in the document routing process.", "listGroups"));
59 62 }
60 63 } else {
61 64 $oPatternCustom->setHtml(statusPage("Remove Group", "This group is in a unit!", "This group can not be deleted because it belongs to a unit.", "listGroups"));
... ...
presentation/lookAndFeel/knowledgeTree/administration/news/addNewsBL.php
  View file @a3249ee
... ... @@ -6,6 +6,7 @@ require_once(&quot;$default-&gt;fileSystemRoot/lib/visualpatterns/PatternMainPage.inc&quot;);
6 6 require_once("$default->fileSystemRoot/lib/visualpatterns/PatternCustom.inc");
7 7 require_once("$default->fileSystemRoot/lib/visualpatterns/PatternTableSqlQuery.inc");
8 8 require_once("$default->uiDirectory/administration/news/newsUI.inc");
  9 +require_once("$default->uiDirectory/administration/adminUI.inc");
9 10 require_once("$default->fileSystemRoot/presentation/Html.inc");
10 11 /**
11 12 * $Id$
... ...
presentation/lookAndFeel/knowledgeTree/administration/news/editNewsBL.php
  View file @a3249ee
... ... @@ -6,6 +6,7 @@ require_once(&quot;$default-&gt;fileSystemRoot/lib/visualpatterns/PatternMainPage.inc&quot;);
6 6 require_once("$default->fileSystemRoot/lib/visualpatterns/PatternCustom.inc");
7 7 require_once("$default->fileSystemRoot/lib/visualpatterns/PatternTableSqlQuery.inc");
8 8 require_once("$default->uiDirectory/administration/news/newsUI.inc");
  9 +require_once("$default->uiDirectory/administration/adminUI.inc");
9 10 require_once("$default->fileSystemRoot/presentation/Html.inc");
10 11 /**
11 12 * $Id$
... ...
presentation/lookAndFeel/knowledgeTree/administration/news/removeNewsBL.php
  View file @a3249ee
... ... @@ -6,6 +6,7 @@ require_once(&quot;$default-&gt;fileSystemRoot/lib/visualpatterns/PatternMainPage.inc&quot;);
6 6 require_once("$default->fileSystemRoot/lib/visualpatterns/PatternCustom.inc");
7 7 require_once("$default->fileSystemRoot/lib/visualpatterns/PatternTableSqlQuery.inc");
8 8 require_once("$default->uiDirectory/administration/news/newsUI.inc");
  9 +require_once("$default->uiDirectory/administration/adminUI.inc");
9 10 require_once("$default->fileSystemRoot/presentation/Html.inc");
10 11  
11 12 /**
... ...
presentation/lookAndFeel/knowledgeTree/administration/orgmanagement/addOrgSuccess.php
  View file @a3249ee
... ... @@ -33,7 +33,7 @@ if(checkSession()) {
33 33 // include the page template (with navbar)
34 34 require_once("$default->fileSystemRoot/presentation/webpageTemplate.inc");
35 35  
36   - $sToRender .= renderHeading("Add Unit");
  36 + $sToRender .= renderHeading("Add Organisation");
37 37 $sToRender .= "<table>\n";
38 38 $sToRender .= "<tr>\n";
39 39 if($fSuccess) {
... ...
presentation/lookAndFeel/knowledgeTree/administration/orgmanagement/listOrgUI.inc
  View file @a3249ee
... ... @@ -28,16 +28,20 @@
28 28 function getOrganisations() {
29 29 global $default;
30 30 $sQuery = "SELECT org.id as orgID, org.name as name, " .
31   - "'Edit', 'Delete' " .
  31 + //"'Edit', 'Delete' " .
  32 + "'Edit'" .
32 33 "FROM organisations_lookup as org " .
33 34 "ORDER BY org.name";
34   - $aColumns = array("name", "Edit", "Delete");
35   - $aColumnNames = array("Name", "Edit", "Delete");
36   - $aColumnTypes = array(1,3,3);
  35 + //$aColumns = array("name", "Edit", "Delete");
  36 + $aColumns = array("name", "Edit");
  37 + //$aColumnNames = array("Name", "Edit", "Delete");
  38 + $aColumnNames = array("Name", "Edit");
  39 + //$aColumnTypes = array(1,3,3);
  40 + $aColumnTypes = array(1,3);
37 41 $aDBColumnArray = array("orgID");
38 42 $aQueryStringVariableNames = array("fOrgID");
39   - $aHyperLinkURL = array( 1=> "$default->rootUrl/control.php?action=editOrg",
40   - 2=> "$default->rootUrl/control.php?action=removeOrg");
  43 + $aHyperLinkURL = array( 1=> "$default->rootUrl/control.php?action=editOrg");
  44 + //2=> "$default->rootUrl/control.php?action=removeOrg");
41 45 $oSearchResults = & new PatternTableSqlQuery($sQuery, $aColumns, $aColumnTypes, $aColumnNames, "100%", $aHyperLinkURL,$aDBColumnArray,$aQueryStringVariableNames);
42 46 $oSearchResults->setDisplayColumnHeadings(true);
43 47 return $oSearchResults->render() ;
... ... @@ -48,7 +52,7 @@ function getPage() {
48 52 $sToRender .= renderHeading("Organisation Management");
49 53  
50 54 // add user link
51   - $sToRender .= getAddLink("addOrg", "Add An Organisation");
  55 + //$sToRender .= getAddLink("addOrg", "Add An Organisation");
52 56 $sToRender .= getOrganisations();
53 57 return $sToRender;
54 58 }
... ...
presentation/lookAndFeel/knowledgeTree/administration/rolemanagement/editRoleSuccess.php
  View file @a3249ee
... ... @@ -43,7 +43,7 @@ if(checkSession()) {
43 43 $Center .= "<tr></tr>\n";
44 44 $Center .= "<tr></tr>\n";
45 45 $Center .= "<tr>\n";
46   - $Center .= "<td align = right><a href=\"$default->rootUrl/control.php?action=listRole\"><img src =\"$default->graphicsUrl/widgets/back.gif\" border = \"0\" /></a></td>\n";
  46 + $Center .= "<td align=\"right\"><a href=\"$default->rootUrl/control.php?action=listRoles\"><img src =\"$default->graphicsUrl/widgets/back.gif\" border = \"0\" /></a></td>\n";
47 47 $Center .= "</tr>\n";
48 48 $Center .= "</table>\n";
49 49  
... ...
presentation/lookAndFeel/knowledgeTree/administration/usermanagement/addUserUI.inc
  View file @a3249ee
... ... @@ -124,7 +124,7 @@ function getDetailsLDAPPage($sUserName, $aAttributes, $sUserIdentifier) {
124 124 $sToRender .= "<tr>\n";
125 125 $sToRender .= "<td>Sms Notification: </td><td><input type=\"checkbox\" name=\"fSmsNotification\"/> </td>\n";
126 126 $sToRender .= "</tr>\n";
127   - $sToRender .= "<tr><td><b>Group</b></td><td>" . getGroupListBox() . "</td></tr>\n";
  127 + $sToRender .= "<tr><td><b>Initial Group</b></td><td>" . getGroupListBox() . "</td></tr>\n";
128 128 $sToRender .= "<tr>\n";
129 129 $sToRender .= "<td colspan=\"2\" align=\"right\">" . getAddButton() . getCancelButton("listUsers") . "</td>";
130 130 $sToRender .= "</tr>\n";
... ...
presentation/lookAndFeel/knowledgeTree/dashboardBL.php
  View file @a3249ee
... ... @@ -5,7 +5,7 @@ require_once(&quot;../../../config/dmsDefaults.php&quot;);
5 5 require_once("$default->fileSystemRoot/lib/dashboard/Dashboard.inc");
6 6 require_once("$default->fileSystemRoot/lib/dashboard/DashboardNews.inc");
7 7 require_once("$default->fileSystemRoot/lib/visualpatterns/PatternCustom.inc");
8   -require_once("$default->uiDirectory/dashboardUI.inc");
  8 +require_once("dashboardUI.inc");
9 9 /**
10 10 * $Id$
11 11 *
... ...
presentation/lookAndFeel/knowledgeTree/documentmanagement/addDocumentBL.php
  View file @a3249ee
... ... @@ -101,7 +101,7 @@ if (checkSession()) {
101 101 " are meant to be linked for collaboration purposes. As creator of the document, ' " . $oParentDocument->getName() . "', you are requested to " .
102 102 "please link them manually by browsing to the parent document, " .
103 103 generateControllerLink("viewDocument","fDocumentID=" . $oParentDocument->getID(), $oParentDocument->getName()) .
104   - " and selecting the link button. " . $oDocument->getName() . " can be found at " . $oDocument->generateFullFolderPath($oDocument->getFolderID());
  104 + " and selecting the link button. " . $oDocument->getName() . " can be found at " . $oDocument->getDisplayPath();
105 105  
106 106 $oEmail = & new Email();
107 107 $oEmail->send($oUserDocCreator->getEmail(), "Automatic document linking failed", $sBody);
... ...
presentation/lookAndFeel/knowledgeTree/documentmanagement/addDocumentUI.inc
  View file @a3249ee
... ... @@ -32,8 +32,6 @@ function getDocumentType($iFolderID, $iDocumentTypeID, $iDependantDocumentID = n
32 32 $oPatternListBox = & new PatternListBox("$default->document_types_table", "name", "id", "fDocumentTypeID",$sWhereClause);
33 33 $oPatternListBox->setIncludeDefaultValue(true);
34 34 $oPatternListBox->setFromClause("INNER JOIN $default->folder_doctypes_table AS FDL ON ST.id = FDL.document_type_id");
35   - $oPatternListBox->setPostBackOnChange(true);
36   - $oPatternListBox->setOnChangeAction("setActionAndSubmit('" . $_SERVER["PHP_SELF"] . "?fFolderID=$iFolderID" . (isset($iDependantDocumentID) ? "&fDependantDocumentID=$iDependantDocumentID" : "") . "')");
37 35  
38 36 if ($iDocumentTypeID) {
39 37 $oPatternListBox->setSelectedValue($iDocumentTypeID);
... ... @@ -41,8 +39,16 @@ function getDocumentType($iFolderID, $iDocumentTypeID, $iDependantDocumentID = n
41 39 } else {
42 40 $sHeading = "Please select the document type:";
43 41 }
44   -
45   - return "<table><tr><td><b>$sHeading<b></td></tr><tr><td>" . $oPatternListBox->render() . "</td></tr></table>";
  42 +
  43 + $sToRender = "<table><tr><td><b>$sHeading<b></td></tr><tr><td>" . $oPatternListBox->render() . "</td></tr></table>";
  44 +
  45 + $sToRender .= "\n\n<script language=\"javascript\">\n<!--\n";
  46 + $sToRender .= "function validateForm(theForm) {\n";
  47 + $sToRender .= "\tif (!(validRequired(theForm.fDocumentTypeID, 'Document Type'))) {\n";
  48 + $sToRender .= "\t\treturn false;\n\t}\n";
  49 + $sToRender .= "return true;\n}\n";
  50 + $sToRender .= "//-->\n</script>\n\n";
  51 + return $sToRender;
46 52 }
47 53  
48 54 /**
... ... @@ -176,6 +182,7 @@ function getPage($iFolderID, $iDocumentTypeID, $iDependantDocumentID = null, $sM
176 182 if (Permission::userHasFolderWritePermission($iFolderID)) {
177 183 $sToRender .= getDocumentType($iFolderID, $iDocumentTypeID, $iDependantDocumentID);
178 184 $sActionButtons .= generateControllerLink("browse", "fFolderID=$iFolderID", "<img src=\"$default->graphicsUrl/widgets/cancel.gif\" border=\"0\"/>");
  185 + $sActionButtons .= "<input type=\"image\" src=\"$default->graphicsUrl/widgets/next.gif\" border=\"0\"/>";
179 186  
180 187 $sToRender .= "<table border=\"0\" width=\"100%\" >\n";
181 188 $sToRender .= "<tr><td>$sActionButtons</td></tr>";
... ... @@ -189,7 +196,6 @@ function getPage($iFolderID, $iDocumentTypeID, $iDependantDocumentID = null, $sM
189 196 $sToRender .= "<tr>\n";
190 197 $sToRender .= "</tr>";
191 198 $sToRender .= "</table><br>\n";
192   -
193 199 }
194 200  
195 201 return $sToRender;
... ... @@ -197,7 +203,7 @@ function getPage($iFolderID, $iDocumentTypeID, $iDependantDocumentID = null, $sM
197 203  
198 204 function getStatusPage($iFolderID, $sMessage) {
199 205 $sToRender .= renderHeading("Add Document");
200   - $sToRender .= renderFolderPath($iFolderID, generateControllerUrl("addDocument", "fFolderID=$iFolderID"), true);
  206 + $sToRender .= renderFolderPath($iFolderID, generateControllerUrl("addDocument", "fFolderID=$iFolderID", false), true);
201 207  
202 208 $sToRender .= "<table border=\"0\" width=\"100%\">\n";
203 209 $sToRender .= "<tr>\n";
... ...
presentation/lookAndFeel/knowledgeTree/documentmanagement/escalateDependantDocumentBL.php 0 → 100644
  View file @a3249ee
  1 +<?php
  2 +/**
  3 + * $Id$
  4 + *
  5 + * Business logic for sending a reminder message to the user that was tasked with
  6 + * creating a dependant document.
  7 + *
  8 + * Copyright (c) 2003 Jam Warehouse http://www.jamwarehouse.com
  9 + *
  10 + * This program is free software; you can redistribute it and/or modify
  11 + * it under the terms of the GNU General Public License as published by
  12 + * the Free Software Foundation; either version 2 of the License, or
  13 + * (at your option) any later version.
  14 + *
  15 + * This program is distributed in the hope that it will be useful,
  16 + * but WITHOUT ANY WARRANTY; without even the implied warranty of
  17 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  18 + * GNU General Public License for more details.
  19 + *
  20 + * You should have received a copy of the GNU General Public License
  21 + * along with this program; if not, write to the Free Software
  22 + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
  23 + *
  24 + * @version $Revision$
  25 + * @author Michael Joseph, Jam Warehouse (Pty) Ltd, South Africa
  26 + * @package documentmanagement
  27 + */
  28 +
  29 +require_once("../../../../config/dmsDefaults.php");
  30 +
  31 +if (checkSession()) {
  32 + require_once("escalateDependantDocumentUI.inc");
  33 + require_once("$default->fileSystemRoot/lib/visualpatterns/PatternCustom.inc");
  34 + require_once("$default->fileSystemRoot/lib/visualpatterns/PatternListBox.inc");
  35 + require_once("$default->fileSystemRoot/lib/foldermanagement/Folder.inc");
  36 + require_once("$default->fileSystemRoot/lib/documentmanagement/Document.inc");
  37 + require_once("$default->fileSystemRoot/lib/security/Permission.inc");
  38 + require_once("$default->fileSystemRoot/lib/email/Email.inc");
  39 + require_once("$default->fileSystemRoot/lib/documentmanagement/DependantDocumentInstance.inc");
  40 + require_once("$default->fileSystemRoot/presentation/Html.inc");
  41 + require_once("$default->fileSystemRoot/presentation/lookAndFeel/knowledgeTree/foldermanagement/folderUI.inc");
  42 +
  43 + $oPatternCustom = & new PatternCustom();
  44 + $sTitle = "Dependant Document Send Escalation Message";
  45 + if ($fInstanceID) {
  46 + $oDependantDocument = DependantDocumentInstance::get($fInstanceID);
  47 + if ($oDependantDocument) {
  48 + if ($fSendMessage) {
  49 + $oUser = User::get($oDependantDocument->getUserID());
  50 + if ($oUser) {
  51 + if ($oUser->getEmailNotification()) {
  52 + $oTemplateDocument = & Document::get($oDependantDocument->getTemplateDocumentID());
  53 +
  54 + $sMessage = "<font face=\"arial\" size=\"2\">";
  55 + $oOriginatingUser = User::get($_SESSION["userID"]);
  56 + $oParentDocument = Document::get($oDependantDocument->getParentDocumentID());
  57 + $sMessage = $oUser->getName() . ", you have already received a request to create a new document for the document <br>" . $oParentDocument->getDisplayPath() . ".<br>" .
  58 + $oOriginatingUser->getName() . " has sent you a reminder message to create and upload this document :<br>";
  59 + if (strlen($fReminderMessage) > 0) {
  60 + $sMessage .= "<br>Comments:<br>$fReminderMessage<br><br>";
  61 + }
  62 + $sMessage .= generateLink("/control.php","action=dashboard","Log onto KnowledgeTree") . " and select the relevant link under the 'Dependant Documents' heading on your dashboard when you are ready to upload it.";
  63 + if ($oTemplateDocument) {
  64 + $sMessage .= "The document entitled " . generateLink("/control.php", "action=viewDocument&fDocumentID=" . $oTemplateDocument->getID(), $oTemplateDocument->getName()) . " " .
  65 + "can be used as a template";
  66 + }
  67 + $sMessage .= "</font>";
  68 +
  69 + $oEmail = & new Email();
  70 + if ($oEmail->send($oUser->getEmail(), "Dependant document creation reminder message", $sMessage)) {
  71 + //go back to the document page you were viewing
  72 + redirect(generateControllerUrl("viewDocument", "fDocumentID=" . $oDependantDocument->getParentDocumentID() . "&fShowSection=linkedDocuments"));
  73 + } else {
  74 + $default->log->error("escalateDependantDocumentBL.php email sending failed");
  75 + $oPatternCustom->setHtml(statusPage($sTitle, $sHeading, "The escalation message could not be sent due to a system error sending the notification.", "viewDocument", "fDocumentID=" . $oDependantDocument->getParentDocumentID() . "&fShowSection=linkedDocuments"));
  76 + }
  77 + } else {
  78 + $default->log->info("escalateDependantDocumentBL.php user id (" . $oUser->getID() . ") doesn't have email notification on =" . arrayToString($oUser));
  79 + $oPatternCustom->setHtml(statusPage($sTitle, $sHeading, "The escalation message could not be sent because " . $oUser->getName() . " has disabled notification", "viewDocument", "fDocumentID=" . $oDependantDocument->getParentDocumentID() . "&fShowSection=linkedDocuments"));
  80 + }
  81 + } else {
  82 + $default->log->info("escalateDependantDocumentBL.php couldn't instantiate user object for id=$fUserID");
  83 + $oPatternCustom->setHtml(statusPage($sTitle, "", "The dependant document user information could not be found.", "viewDocument", "fDocumentID=" . $oDependantDocument->getParentDocumentID() . "&fShowSection=linkedDocuments"));
  84 + }
  85 + } else {
  86 + // display escalation form
  87 + $oPatternCustom->setHtml(getPage($oDependantDocument));
  88 + }
  89 + } else {
  90 + //dependant document instantiation failed- generic error (statusPage)
  91 + $oPatternCustom->setHtml(statusPage($sTitle, "", "The dependant document information could not be found.", "browse"));
  92 + }
  93 + } else {
  94 + // error page, no instance id supplied- generic error
  95 + $oPatternCustom->setHtml(statusPage($sTitle, "", "The dependant document information could not be found.", "browse"));
  96 + }
  97 + require_once("$default->fileSystemRoot/presentation/webpageTemplate.inc");
  98 + $main->setCentralPayload($oPatternCustom);
  99 + $main->setFormAction($_SERVER["PHP_SELF"]); // . "?fDocumentID=$fInstanceID&fForStore=1");
  100 + $main->render();
  101 +}
  102 +?>
0 103 \ No newline at end of file
... ...
presentation/lookAndFeel/knowledgeTree/documentmanagement/escalateDependantDocumentUI.inc 0 → 100644
  View file @a3249ee
  1 +<?php
  2 +/**
  3 + * $Id$
  4 + *
  5 + * UI functions for sending a reminder message to the user that was tasked with
  6 + * creating a dependant document.
  7 + *
  8 + * Copyright (c) 2003 Jam Warehouse http://www.jamwarehouse.com
  9 + *
  10 + * This program is free software; you can redistribute it and/or modify
  11 + * it under the terms of the GNU General Public License as published by
  12 + * the Free Software Foundation; either version 2 of the License, or
  13 + * (at your option) any later version.
  14 + *
  15 + * This program is distributed in the hope that it will be useful,
  16 + * but WITHOUT ANY WARRANTY; without even the implied warranty of
  17 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  18 + * GNU General Public License for more details.
  19 + *
  20 + * You should have received a copy of the GNU General Public License
  21 + * along with this program; if not, write to the Free Software
  22 + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
  23 + *
  24 + * @version $Revision$
  25 + * @author Michael Joseph, Jam Warehouse (Pty) Ltd, South Africa
  26 + * @package documentmanagement
  27 + */
  28 +
  29 +function getPage($oDependantDocument) {
  30 + global $default;
  31 + $sToRender = renderHeading("Dependant Document Send Escalation Message");
  32 + $oDocument = Document::get($oDependantDocument->getParentDocumentID());
  33 + $iFolderID = $oDocument->getFolderID();
  34 + $sToRender .= renderFolderPath($iFolderID, generateControllerUrl("browse", "fFolderID=$iFolderID"), false);
  35 + $sToRender .= "<table border=\"0\" width=\"100%\">\n";
  36 + $sToRender .= "<tr><td colspan=\"2\"><strong>You have requested that the following document be created:</strong></td></tr>";
  37 + $sToRender .= "<tr>\n";
  38 + $sToRender .= "<td>Document title</td><td>" . $oDependantDocument->getDocumentTitle() . "</td>\n";
  39 + $sToRender .= "</tr>\n";
  40 +
  41 + $oUser = User::get($oDependantDocument->getUserID());
  42 + $sToRender .= "<tr>\n";
  43 + $sToRender .= "<td>User</td><td>" . ($oUser ? $oUser->getName() : "<font color=\"red\">Error! No user specified</font>") . "</td>\n";
  44 + $sToRender .= "</tr>\n";
  45 +
  46 + $oTemplateDocument = Document::get($oDependantDocument->getTemplateDocumentID());
  47 + $sToRender .= "<tr><td>Template document</td><td>" . ($oTemplateDocument ? $oTemplateDocument->getDisplayPath() : "No template document") . "</td></tr>\n";
  48 + $sToRender .= "<tr><td>&nbsp;</td></tr>";
  49 +
  50 + $sToRender .= "<tr><td colspan=\"2\">To send the user a reminder message, fill in the text box below and click 'Done'</td></tr>";
  51 + $sToRender .= "<tr><td>Reminder Message</td><td><textarea rows=\"5\" cols=\"30\" name=\"fReminderMessage\"></textarea></td></tr>\n";
  52 + $sToRender .= "<tr>\n";
  53 + $sToRender .= "<td><table><tr><td><input type=\"image\" src=\"$default->graphicsUrl/widgets/done.gif\" onClick='return validateForm(document.MainForm);' border=\"0\"/></td>";
  54 + $sToRender .= "<td>" . generateControllerLink("viewDocument", "fDocumentID=" . $oDocument->getID() . "&fShowSection=linkedDocuments", "<img src=\"$default->graphicsUrl/widgets/cancel.gif\" border=\"0\"/>") . "</td></tr></table>\n";
  55 + $sToRender .= "</tr>\n";
  56 + $sToRender .= "</table>\n";
  57 + $sToRender .= "<input type=\"hidden\" name=\"fSendMessage\" value=\"1\" />\n";
  58 + $sToRender .= "<input type=\"hidden\" name=\"fInstanceID\" value=\"" . $oDependantDocument->getID() . "\" />\n";
  59 +
  60 + return $sToRender . "\n\n" . getValidationJavaScript();
  61 +}
  62 +
  63 +function getValidationJavaScript() {
  64 + $sToRender .= "\n\n<script language=\"javascript\">\n<!--\n";
  65 + $sToRender .= "function validateForm(theForm) {\n";
  66 + $sToRender .= "\tif (!(validRequired(theForm.fReminderMessage,'Reminder message'))) {\n";
  67 + $sToRender .= "\t\treturn false;\n\t}\n";
  68 + $sToRender .= "return true;\n}\n";
  69 + $sToRender .= "//-->\n</script>\n\n";
  70 + return $sToRender;
  71 +}
  72 +?>
0 73 \ No newline at end of file
... ...
presentation/lookAndFeel/knowledgeTree/documentmanagement/viewUI.inc
  View file @a3249ee
... ... @@ -114,8 +114,8 @@ function renderTypeSpecificMetaData($oDocument, $bEditable) {
114 114 global $default;
115 115  
116 116 $sQuery = "SELECT DF.name AS name, DFL.value AS value " .
117   - "FROM documents AS D INNER JOIN document_fields_link AS DFL ON D.id = DFL.document_id " .
118   - "INNER JOIN document_fields AS DF ON DF.ID = DFL.document_field_id " .
  117 + "FROM $default->documents_table AS D INNER JOIN document_fields_link AS DFL ON D.id = DFL.document_id " .
  118 + "INNER JOIN $default->document_fields_table AS DF ON DF.ID = DFL.document_field_id " .
119 119 "WHERE D.id = " . $oDocument->getID() . " " .
120 120 "AND DF.name NOT LIKE 'Author' " .
121 121 "AND DF.name NOT LIKE 'Category' " .
... ... @@ -200,11 +200,12 @@ function renderDocumentArchiveSettings($oDocument, $bEditable) {
200 200  
201 201 function renderEditableDocumentRouting($oDocument) {
202 202 global $default;
203   - $sQuery = "SELECT D.id as document_id, GFAL.id as id, R.name AS role_name, COALESCE(U.Name, 'Not assigned') AS name, GFAL.precedence AS precedence, COALESCE(FURL.active,0) AS active, COALESCE(FURL.done, 0) AS done, 'Edit' as edit " .
204   - "FROM documents AS D INNER JOIN $default->groups_folders_approval_table AS GFAL ON D.folder_id = GFAL.folder_id " .
205   - "INNER JOIN roles AS R ON GFAL.role_id = R.id " .
206   - "LEFT OUTER JOIN folders_users_roles_link AS FURL ON FURL.group_folder_approval_id = GFAL.id AND FURL.document_id = D.id " .
207   - "LEFT OUTER JOIN users AS U ON FURL.user_id = U.id " .
  203 + $sQuery = "SELECT D.id as document_id, GFAL.id as id, R.name AS role_name, COALESCE(U.name, U2.name) AS name, GFAL.precedence AS precedence, COALESCE(FURL.active,0) AS active, COALESCE(FURL.done, 0) AS done, 'Edit User' as edit " .
  204 + "FROM $default->documents_table AS D INNER JOIN $default->groups_folders_approval_table AS GFAL ON D.folder_id = GFAL.folder_id " .
  205 + "INNER JOIN $default->roles_table AS R ON GFAL.role_id = R.id " .
  206 + "LEFT OUTER JOIN $default->folders_user_roles_table AS FURL ON FURL.group_folder_approval_id = GFAL.id AND FURL.document_id = D.id " .
  207 + "LEFT OUTER JOIN $default->users_table AS U ON FURL.user_id = U.id " .
  208 + "LEFT OUTER JOIN $default->users_table AS U2 ON GFAL.user_id = U2.id " .
208 209 "WHERE D.id = " . $oDocument->getID() . " " .
209 210 "ORDER BY GFAL.precedence, role_name ASC";
210 211 $aColumns = array("role_name", "name", "precedence", "active", "done", "edit");
... ... @@ -258,10 +259,10 @@ function renderEditableDocumentRouting($oDocument) {
258 259 function renderNonEditableDocumentRouting($oDocument) {
259 260 global $default;
260 261 $sQuery = "SELECT D.id as document_id, GFAL.id as id, R.name AS role_name, COALESCE(U.Name, 'Not assigned') AS name, GFAL.precedence AS precedence, COALESCE(FURL.active,0) AS active, COALESCE(FURL.done, 0) AS done " .
261   - "FROM documents AS D INNER JOIN $default->groups_folders_approval_table AS GFAL ON D.folder_id = GFAL.folder_id " .
262   - "INNER JOIN roles AS R ON GFAL.role_id = R.id " .
263   - "LEFT OUTER JOIN folders_users_roles_link AS FURL ON FURL.group_folder_approval_id = GFAL.id AND FURL.document_id = D.id " .
264   - "LEFT OUTER JOIN users AS U ON FURL.user_id = U.id " .
  262 + "FROM $default->documents_table AS D INNER JOIN $default->groups_folders_approval_table AS GFAL ON D.folder_id = GFAL.folder_id " .
  263 + "INNER JOIN $default->roles_table AS R ON GFAL.role_id = R.id " .
  264 + "LEFT OUTER JOIN $default->folders_user_roles_table AS FURL ON FURL.group_folder_approval_id = GFAL.id AND FURL.document_id = D.id " .
  265 + "LEFT OUTER JOIN $default->users_table AS U ON FURL.user_id = U.id " .
265 266 "WHERE D.id = " . $oDocument->getID() . " " .
266 267 "ORDER BY GFAL.precedence, role_name ASC";
267 268  
... ... @@ -295,8 +296,8 @@ function renderEditableLinkedDocuments($oDocument) {
295 296 global $default;
296 297  
297 298 $sQuery = "SELECT D.id AS child_document_id, D.name, DL.id as document_link_id, DL.parent_document_id AS parent_document_id, 'Unlink' AS unlink " .
298   - "FROM documents AS D INNER JOIN document_link AS DL ON D.id = DL.child_document_id " .
299   - "WHERE DL.parent_document_id = " . $oDocument->getID();
  299 + "FROM $default->documents_table AS D INNER JOIN $default->document_link_table AS DL ON D.id = DL.child_document_id " .
  300 + "WHERE DL.parent_document_id = " . $oDocument->getID();
300 301  
301 302 $aColumns = array("name", "unlink");
302 303 $aColumnHeaders = array("Document");
... ... @@ -324,8 +325,8 @@ function renderNonEditableLinkedDocuments($oDocument) {
324 325 global $default;
325 326  
326 327 $sQuery = "SELECT D.id, D.name " .
327   - "FROM documents AS D INNER JOIN document_link AS DL ON D.id = DL.child_document_id " .
328   - "WHERE DL.parent_document_id = " . $oDocument->getID();
  328 + "FROM $default->documents_table AS D INNER JOIN $default->document_link_table AS DL ON D.id = DL.child_document_id " .
  329 + "WHERE DL.parent_document_id = " . $oDocument->getID();
329 330  
330 331 $aColumns = array("name");
331 332 $aColumnHeaders = array("Document");
... ... @@ -346,6 +347,37 @@ function renderNonEditableLinkedDocuments($oDocument) {
346 347 return $sToRender;
347 348 }
348 349  
  350 +function renderDependantDocuments($oDocument, $bEdit) {
  351 + global $default;
  352 + // FIXME: only allow escalation if you have write access and are the same user that requested the
  353 + // dependant document?
  354 + $sQuery = "SELECT DDI.id AS instance_id, DDI.document_title, U.name AS user_name, 'Escalate' AS escalate " .
  355 + "FROM $default->dependant_document_instance_table DDI " .
  356 + "INNER JOIN $default->users_table AS U ON DDI.user_id = U.id " .
  357 + "WHERE DDI.parent_document_id = " . $oDocument->getID();
  358 +
  359 + $aColumns = array("document_title", "user_name", "escalate");
  360 + $aColumnHeaders = array("Document Title", "User");
  361 + $aColumnTypes = array(1,1,3);
  362 + $aDBColumnArray = array("instance_id");
  363 + $aQueryStringVariableNames = array("fInstanceID");
  364 + $aLinkURLs = array(2=>generateControllerUrl("escalateDependantDocument"));
  365 +
  366 + $oPatternTableSqlQuery = & new PatternTableSqlQuery($sQuery, $aColumns, $aColumnTypes, $aColumnHeaders, "500", $aLinkURLs, $aDBColumnArray, $aQueryStringVariableNames);
  367 + $oPatternTableSqlQuery->setTableHeading("Dependant documents");
  368 + $oPatternTableSqlQuery->setDisplayColumnHeadings(true);
  369 +
  370 + $sToRender .= "\t<table cellspacing=\"0\" cellpadding=\"0\" border=\"0\" width=\"100%\">\n";
  371 + $sToRender .= "\t<tr>\n";
  372 + $sToRender .= "\t\t<td>" . $oPatternTableSqlQuery->render() . "</td>\n";
  373 + $sToRender .= "\t</tr>";
  374 + $sToRender .= "\t<tr>\n";
  375 + $sToRender .= "<td><a href=\"$default->rootUrl/control.php?action=addDocumentLink&fDocumentID=" . $oDocument->getID() ."\"><img src=\"$default->graphicsUrl/widgets/add.gif\" border=\"0\"/></a></td>\n";
  376 + $sToRender .= "\t</tr>";
  377 + $sToRender .= "\t</table>\n";
  378 + return $sToRender;
  379 +}
  380 +
349 381 function displayButton($sAction, $sQueryString, $sImageName, $sDisabledText = "") {
350 382 global $default;
351 383 // the active is active if there is no disabled text
... ... @@ -576,10 +608,10 @@ function getPage($oDocument, $bEdit, $sStatusMessage = &quot;&quot;) {
576 608 $sToRender .= renderSectionDiv("archiveSettings", renderDocumentArchiveSettings($oDocument, $bEdit));
577 609 if ($bEdit) {
578 610 $sToRender .= renderSectionDiv("documentRouting", renderEditableDocumentRouting($oDocument));
579   - $sToRender .= renderSectionDiv("linkedDocuments", renderEditableLinkedDocuments($oDocument));
  611 + $sToRender .= renderSectionDiv("linkedDocuments", renderEditableLinkedDocuments($oDocument) . renderDependantDocuments($oDocument, $bEdit));
580 612 } else {
581 613 $sToRender .= renderSectionDiv("documentRouting", renderNonEditableDocumentRouting($oDocument));
582   - $sToRender .= renderSectionDiv("linkedDocuments", renderNonEditableLinkedDocuments($oDocument, $bEdit));
  614 + $sToRender .= renderSectionDiv("linkedDocuments", renderNonEditableLinkedDocuments($oDocument, $bEdit) . renderDependantDocuments($oDocument, $bEdit));
583 615 }
584 616 if (!$default->bNN4) {
585 617 $sToRender .= "</div>";
... ...
presentation/lookAndFeel/knowledgeTree/foldermanagement/addFolderBL.php
  View file @a3249ee
... ... @@ -67,11 +67,14 @@ if (checkSession()) {
67 67 //have a folder name to store
68 68 if (Permission::userHasFolderWritePermission($fFolderID)) {
69 69 //check for illegal characters in the folder name
70   - if (strpos($fFolderName, "\\") === false && strpos($fFolderName, ">") === false &&
71   - strpos($fFolderName, "<") === false && strpos($fFolderName, ":") === false &&
72   - strpos($fFolderName, "*") === false && strpos($fFolderName, "?") === false &&
73   - strpos($fFolderName, "|") === false && strpos($fFolderName, "/") === false &&
74   - strpos($fFolderName, "\"") === false) {
  70 +
  71 + // strip slashes from the already EPGCS escaped form input
  72 + $sCheckFolderName = stripslashes($fFolderName);
  73 + if (strpos($sCheckFolderName, "\\") === false && strpos($sCheckFolderName, ">") === false &&
  74 + strpos($sCheckFolderName, "<") === false && strpos($sCheckFolderName, ":") === false &&
  75 + strpos($sCheckFolderName, "*") === false && strpos($sCheckFolderName, "?") === false &&
  76 + strpos($sCheckFolderName, "|") === false && strpos($sCheckFolderName, "/") === false &&
  77 + strpos($sCheckFolderName, "\"") === false) {
75 78  
76 79 if (Folder::folderExistsName($fFolderName, $fFolderID)) {
77 80 require_once("$default->fileSystemRoot/presentation/webpageTemplate.inc");
... ...
presentation/lookAndFeel/knowledgeTree/foldermanagement/addFolderCollaborationUI.inc
  View file @a3249ee
... ... @@ -70,6 +70,7 @@ function getFolderPath($iFolderID) {
70 70 function getGroupDropDown($iGroupID, $iFolderID) {
71 71 global $default;
72 72 $oPatternListBox = & new PatternListBox("$default->groups_table", "name", "id", "fGroupID");
  73 + $oPatternListBox->setFromClause("INNER JOIN $default->users_groups_table UGL ON UGL.group_id=ST.id");
73 74 $oPatternListBox->setPostBackOnChange(true);
74 75 $oPatternListBox->setOnChangeAction("setActionAndSubmit('" . $_SERVER["PHP_SELF"] . "?fFolderID=$iFolderID');");
75 76 if (isset($iGroupID)) {
... ...
presentation/lookAndFeel/knowledgeTree/foldermanagement/addFolderDocTypeUI.inc
  View file @a3249ee
... ... @@ -29,12 +29,8 @@ function getPage($iFolderID, $iDocumentTypeID) {
29 29 global $default;
30 30 $sSectionName = $default->siteMap->getSectionName(substr($_SERVER["PHP_SELF"], strlen($default->rootUrl), strlen($_SERVER["PHP_SELF"])));
31 31 $sTDBGColour = $default->siteMap->getSectionColour($sSectionName, "td");
32   - $sToRender = renderHeading("Add Folder Document Type");
33   - $sToRender .= "<table border=\"0\">\n";
34   - $sToRender .= "<tr>\n";
35   - $sToRender .= "\t<td width=\"100%\">" . renderFolderPath($iFolderID, "/control.php?action=browse ") . "</td>\n";
36   - $sToRender .= "</tr>\n";
37   - $sToRender .= "</table>\n";
  32 + $sToRender = renderHeading("Add Folder Document Type");
  33 + $sToRender .= renderFolderPath($iFolderID, "/control.php?action=browse");
38 34 $sToRender .= "<table border=\"0\">\n";
39 35 $sToRender .= "<tr>\n";
40 36 $sToRender .= "<td bgcolor=\"$sTDBGColour\">Document type</td>\n";
... ...
presentation/lookAndFeel/knowledgeTree/foldermanagement/editUI.inc
  View file @a3249ee
... ... @@ -52,7 +52,7 @@ function getFolderData($iFolderID, $sDivName, $sStatusMessage = &quot;&quot;) {
52 52 $oPatternListFromQuery->setTableWidth("610");
53 53  
54 54 $sToRender .= "<table>";
55   - if ($sStatusMessage) {
  55 + if (strlen($sStatusMessage) > 0) {
56 56 $sToRender .= "<tr><td><font color=\"red\">$sStatusMessage</font></td></tr>";
57 57 }
58 58 $sToRender .= "<tr><td>" . $oPatternListFromQuery->render() . "</td></tr>";
... ... @@ -70,12 +70,12 @@ function getFolderRouting($iFolderID, $sDivName, $bCollaboration) {
70 70 global $default;
71 71 //had to use coalesce and left outer join for user_id because this column was a new addition
72 72 //and the user_ids for existing documents before this change will be null
73   - $sQuery = "SELECT GFAL.id as id, GFAL.folder_id AS folder_id, G.name AS group_name, G.id AS group_id, GFAL.role_id AS role_id, R.name AS role_name, GFAL.precedence AS precedence, COALESCE(U.id, -1) AS user_id, COALESCE(U.name, 'Not Assigned') AS user_name, 'Edit' as edit, 'Delete' as del, 'Dependant docs' as depn " .
74   - "FROM $default->groups_folders_approval_table AS GFAL INNER JOIN roles AS R ON GFAL.role_id = R.id " .
75   - "INNER JOIN $default->groups_table AS G ON G.id = GFAL.group_id " .
76   - "LEFT OUTER JOIN $default->users_table AS U ON U.id = GFAL.user_id " .
77   - "WHERE GFAL.folder_id = $iFolderID " .
78   - "ORDER BY GFAL.precedence, role_name ASC";
  73 + $sQuery = "SELECT GFAL.id as id, GFAL.folder_id AS folder_id, COALESCE(G.name, 'Not Assigned') AS group_name, G.id AS group_id, GFAL.role_id AS role_id, R.name AS role_name, GFAL.precedence AS precedence, COALESCE(U.id, -1) AS user_id, COALESCE(U.name, 'Not Assigned') AS user_name, 'Edit' as edit, 'Delete' as del, 'Dependant docs' as depn " .
  74 + "FROM $default->groups_folders_approval_table AS GFAL INNER JOIN roles AS R ON GFAL.role_id = R.id " .
  75 + "LEFT OUTER JOIN $default->groups_table AS G ON G.id = GFAL.group_id " .
  76 + "LEFT OUTER JOIN $default->users_table AS U ON U.id = GFAL.user_id " .
  77 + "WHERE GFAL.folder_id = $iFolderID " .
  78 + "ORDER BY GFAL.precedence, role_name ASC";
79 79  
80 80 $aColumns = array("group_name", "role_name", "precedence", "user_name", "edit", "del", "depn");
81 81 $aColumnHeaders = array("Group", "Role", "Seq", "User", "", "");
... ... @@ -89,6 +89,9 @@ function getFolderRouting($iFolderID, $sDivName, $bCollaboration) {
89 89 $oPatternTableSqlQuery->setDisplayColumnHeadings(true);
90 90  
91 91 $sToRender .= "<table>";
  92 + if ($bCollaboration) {
  93 + $sToRender .= "<tr><td><font color=\"red\">Documents in this folder are currently undergoing this collaboration process, so these steps can't be altered</font></td></tr>";
  94 + }
92 95 $sToRender .= "<tr><td>" . $oPatternTableSqlQuery->render() . "</td></tr>";
93 96 if (!$bCollaboration) {
94 97 $sToRender .= "<tr>\n";
... ... @@ -227,14 +230,7 @@ function getStatusPage($iFolderID, $sStatusMessage) {
227 230  
228 231 $sToRender .= "</table>";
229 232 $sToRender .= "</div>";
230   - // ugly netscape hacks
231   - if (!$default->bNN4) {
232   - $sToRender .= "<div id=\"contentDiv\" style=\"position:relative;visibility:hidden;top:10px;\">";
233   - }
234 233 $sToRender .= getFolderData($iFolderID, "folderData", $sStatusMessage);
235   - if (!$default->bNN4) {
236   - $sToRender .= "</div>";
237   - }
238 234 return $sToRender;
239 235 }
240 236 ?>
241 237 \ No newline at end of file
... ...
presentation/lookAndFeel/knowledgeTree/js/misc.js
  View file @a3249ee
... ... @@ -73,11 +73,10 @@ function isBlank(formField) {
73 73 function validRequired(formField,fieldLabel)
74 74 {
75 75 var result = true;
76   -
77 76 if (formField){
78 77 switch(formField.type){
79 78 case "select-one":
80   - if (formField.selectedIndex == 0 || formField.options[formField.selectedIndex].text == "" || formField.options[formField.selectedIndex].text == "None"){
  79 + if (formField.options[formField.selectedIndex].text == "" || formField.options[formField.selectedIndex].text == "None"){
81 80 result = false;
82 81 }
83 82 break;
... ...
presentation/lookAndFeel/knowledgeTree/search/advancedSearchBL.php
  View file @a3249ee
... ... @@ -52,9 +52,9 @@ if (checkSession()) {
52 52 $sSQLSearchString = getSQLSearchString($fSearchString);
53 53  
54 54 if (!isset($fStartIndex)) {
55   - $fStartIndex = 0;
  55 + $fStartIndex = 1;
56 56 }
57   - $oPatternCustom->setHtml(getSearchResults($sMetaTagIDs,$sSQLSearchString, $fStartIndex, $fToSearch));
  57 + $oPatternCustom->setHtml(getSearchResults($sMetaTagIDs, $sSQLSearchString, $fStartIndex, $fSearchString, $fToSearch));
58 58 $main->setCentralPayload($oPatternCustom);
59 59 $main->render();
60 60 } else {
... ...
presentation/lookAndFeel/knowledgeTree/search/advancedSearchUI.inc
  View file @a3249ee
... ... @@ -39,7 +39,7 @@ function getMetaData($aMetaTagIDs) {
39 39 $sCheckAllJavascript = "";
40 40 while ($sql->next_record()) {
41 41 $sCheckAllJavascript .= "document.MainForm.f_adv_$iRecordCount.checked=value;\n";
42   - $sMetaDataCheckBox = "<input type=\"checkbox\" " . wasSelected($sql->f("id"), $aMetaTagIDs) . " name=\"f_adv_$iRecordCount\" value=\"" . $sql->f("id") . "\"></td><td>" . stripslashes($sql->f("name"));
  42 + $sMetaDataCheckBox = "<input type=\"checkbox\" " . wasSelected($sql->f("id"), $aMetaTagIDs) . " name=\"f_adv_$iRecordCount\" value=\"" . $sql->f("id") . "\"></td><td>" . $sql->f("name");
43 43 $iRecordCount++;
44 44 if (($iRecordCount % 3) == 1) {
45 45 $sToRender .= "<tr><td>$sMetaDataCheckBox</td>\n";
... ... @@ -95,7 +95,7 @@ function getSearchPage($sSearchString = &quot;&quot;, $aMetaTagIDs = array(), $sHeading =
95 95 return $sToRender . getSearchValidationJavaScript();
96 96 }
97 97  
98   -function getSearchResults($sMetaTagIDs, $sSQLSearchString, $iStartIndex, $sStatus = "Live") {
  98 +function getSearchResults($sMetaTagIDs, $sSQLSearchString, $iStartIndex, $sSearchString, $sStatus = "Live") {
99 99 global $default;
100 100  
101 101 $sQuery = "SELECT '" . "$default->graphicsUrl/widgets/dfolder.gif" . "' AS folder_image_url, F.id folder_id, D.id document_id, D.name AS document_name, COUNT(D.id) AS doc_count " .
... ... @@ -108,7 +108,7 @@ function getSearchResults($sMetaTagIDs, $sSQLSearchString, $iStartIndex, $sStatu
108 108 "AND (" . $sSQLSearchString . ") " .
109 109 "AND SDUL.user_id = " . $_SESSION["userID"] . " " .
110 110 "AND SL.name='$sStatus' " .
111   - "GROUP BY D.id ";
  111 + "GROUP BY D.id " .
112 112 "ORDER BY doc_count DESC ";
113 113 $default->log->info("getSearchResults $sQuery");
114 114 $aColumns = array("folder_image_url", "document_name", "doc_count");
... ... @@ -120,9 +120,10 @@ function getSearchResults($sMetaTagIDs, $sSQLSearchString, $iStartIndex, $sStatu
120 120  
121 121 $oPatternBrowse = & new PatternBrowseableSearchResults($sQuery, 10, $aColumns, $aColumnTypes, $aColumnHeaders, $aLinkURLs, $aDBQueryStringColumns, $aQueryStringVariableNames);
122 122 $oPatternBrowse->setStartIndex($iStartIndex);
  123 + $oPatternBrowse->setSearchText($sSearchString);
123 124  
124 125 $sRefreshMessage = "<table><tr><td align=\"center\">If your browser displays a 'Warning: Page has Expired' message when you attempt to return to these search results, please click your browser's 'Refresh' button</td></tr></table>";
125   - return renderHeading("Advanced Search") . $oPatternBrowse->render() . $sRefreshMessage . getSearchVariablesHtml($sSearchText, $sMetaTagIDs);
  126 + return renderHeading("Advanced Search") . $oPatternBrowse->render() . $sRefreshMessage . getSearchVariablesHtml($sSearchString, $sStatus, $sMetaTagIDs);
126 127 }
127 128  
128 129 function getSearchValidationJavaScript() {
... ... @@ -145,9 +146,11 @@ function wasSelected($iID, $aMetaTagIDs) {
145 146 return "";
146 147 }
147 148  
148   -function getSearchVariablesHtml($sSearchText, $sMetaTagIDs) {
  149 +function getSearchVariablesHtml($sSearchText, $sStatus, $sMetaTagIDs) {
149 150 $aMetaTagIDs = explode(",", $sMetaTagIDs);
150   - $sToRender = "\n\n<input type=\"hidden\" name=\"fSearchString\" value=\"$sSearchText\" />\n";
  151 + $sToRender = "\n\n<input type=\"hidden\" name=\"fForSearch\" value=\"1\" />\n";
  152 + $sToRender .= "\n\n<input type=\"hidden\" name=\"fSearchString\" value=\"$sSearchText\" />\n";
  153 + $sToRender .= "\n\n<input type=\"hidden\" name=\"fToSearch\" value=\"$sStatus\" />\n";
151 154 $sToRender .= "<input type=\"hidden\" name=\"adv_search_start\" value=\"\" />\n";
152 155 for ($i = 0; $i < count($aMetaTagIDs); $i++) {
153 156 $sToRender .= "<input type=\"hidden\" name=\"fMetaTag_$i\" value=\"" . $aMetaTagIDs[$i] . "\" />\n";
... ...
presentation/lookAndFeel/knowledgeTree/search/standardSearchBL.php
  View file @a3249ee
... ... @@ -41,12 +41,12 @@ if (checkSession()) {
41 41 require_once("$default->fileSystemRoot/lib/documentmanagement/Document.inc");
42 42 require_once("$default->fileSystemRoot/presentation/Html.inc");
43 43 require_once("standardSearchUI.inc");
44   -
  44 +
45 45 if (!isset($fStartIndex)) {
46   - $fStartIndex = 0;
  46 + $fStartIndex = 1;
47 47 }
48 48  
49   - if (strlen($fBrowseType) > 0) {
  49 + if (strlen($fBrowseType) > 0) {
50 50 //the user was browsing by a specific type
51 51 switch ($fBrowseType) {
52 52 case "folder" :
... ...
presentation/lookAndFeel/knowledgeTree/search/standardSearchUI.inc
  View file @a3249ee
... ... @@ -65,7 +65,8 @@ function getSearchResultsByCategory($iFolderID, $sKeywords, $iStartIndex, $sCate
65 65 $aQueryStringVariableNames = array("fDocumentID", "fFolderID");
66 66  
67 67 $oPatternBrowse = & new PatternBrowseableSearchResults($sQuery, 10, $aColumns, $aColumnTypes, $aColumnHeaders, $aLinkURLs, $aDBQueryStringColumns, $aQueryStringVariableNames);
68   - $oPatternBrowse->setStartIndex($iStartIndex);
  68 + $oPatternBrowse->setStartIndex($iStartIndex);
  69 + $oPatternBrowse->setSearchText($sKeywords);
69 70 return getHeading() . $oPatternBrowse->render() . getSearchVariablesHtml($sKeywords, "category", $iFolderID, "", $sCategory, "") . getMessage();
70 71 }
71 72  
... ... @@ -98,6 +99,7 @@ function getSearchResultsByDocumentType($iFolderID, $sKeywords, $iStartIndex, $i
98 99  
99 100 $oPatternBrowse = & new PatternBrowseableSearchResults($sQuery, 10, $aColumns, $aColumnTypes, $aColumnHeaders, $aLinkURLs, $aDBQueryStringColumns, $aQueryStringVariableNames);
100 101 $oPatternBrowse->setStartIndex($iStartIndex);
  102 + $oPatternBrowse->setSearchText($sKeywords);
101 103 return getHeading() . $oPatternBrowse->render() . getSearchVariablesHtml($sKeywords, "documentType", $iFolderID, "", "", $iDocTypeID) . getMessage();
102 104  
103 105 }
... ... @@ -128,6 +130,7 @@ function getSeachResultsByFolder($iFolderID, $iStartIndex, $sKeywords) {
128 130  
129 131 $oPatternBrowse = & new PatternBrowseableSearchResults($sQuery, 10, $aColumns, $aColumnTypes, $aColumnHeaders, $aLinkURLs, $aDBQueryStringColumns, $aQueryStringVariableNames);
130 132 $oPatternBrowse->setStartIndex($iStartIndex);
  133 + $oPatternBrowse->setSearchText($sKeywords);
131 134 return getHeading() . $oPatternBrowse->render() . getSearchVariablesHtml($sKeywords, "", $iFolderID, "", "", "") . getMessage();
132 135 }
133 136  
... ...
presentation/lookAndFeel/knowledgeTree/store.inc
  View file @a3249ee
... ... @@ -96,7 +96,7 @@ function constructQuery($aKeys, $aSuppliedValues = null) {
96 96 break;
97 97 case 1:
98 98 //text
99   - $sQuery .= "'" . addslashes($aValues[$j]) . "', ";
  99 + $sQuery .= "'" . $aValues[$j] . "', ";
100 100 break;
101 101 case 2:
102 102 //boolean
... ... @@ -121,7 +121,7 @@ function constructQuery($aKeys, $aSuppliedValues = null) {
121 121 break;
122 122 case 1:
123 123 //text
124   - $sQuery .= "'" . addslashes($aValues[count($aColumns) - 1]) . "') ";
  124 + $sQuery .= "'" . $aValues[count($aColumns) - 1] . "') ";
125 125 break;
126 126 case 2:
127 127 //boolean
... ... @@ -151,7 +151,7 @@ function constructQuery($aKeys, $aSuppliedValues = null) {
151 151 $sQuery .= $aValues[$j] . ", ";
152 152 break;
153 153 case 1:
154   - $sQuery .= "'" . addslashes($aValues[$j]) . "', ";
  154 + $sQuery .= "'" . $aValues[$j] . "', ";
155 155 break;
156 156 case 2:
157 157 $sQuery .= ($aValues[$j] ? 1 : 0) . ", ";
... ... @@ -171,7 +171,7 @@ function constructQuery($aKeys, $aSuppliedValues = null) {
171 171 $sQuery .= $aValues[count($aTypes) -1] . " ";
172 172 break;
173 173 case 1:
174   - $sQuery .= "'" . addslashes($aValues[count($aTypes) -1]) . "' ";
  174 + $sQuery .= "'" . $aValues[count($aTypes) -1] . "' ";
175 175 break;
176 176 case 2:
177 177 $sQuery .= ($aValues[count($aTypes) -1] ? 1 : 0) . " ";
... ...
sync/sanitiseEscapedData.php 0 → 100644
  View file @a3249ee
  1 +<?php
  2 +/**
  3 + * Script to remove escape character from text fields
  4 + */
  5 +require_once("../config/dmsDefaults.php");
  6 +$aFields = array( "news" => "synopsis,body",
  7 + "dependant_document_instance" => "document_title",
  8 + "dependant_document_template" => "document_title",
  9 + "documents" => "name,filename,description,full_path",
  10 + "discussion_comments" => "subject,body",
  11 + "document_fields" => "name",
  12 + "document_fields_link" => "value",
  13 + "document_transactions" => "comment",
  14 + "document_types_lookup" => "name",
  15 + "metadata_lookup" => "name",
  16 + "folders" => "name,description,full_path",
  17 + "groups_lookup" => "name",
  18 + "organisations_lookup" => "name",
  19 + "roles" => "name",
  20 + "units_lookup" => "name",
  21 + "users" => "name",
  22 + "web_sites" => "web_site_name");
  23 +echo "<pre>";
  24 +foreach ($aFields as $table => $fields) {
  25 + $sql = $default->db;
  26 + $aFields = explode(",", $fields);
  27 + foreach ($aFields as $field) {
  28 + // select all escaped fields and ids
  29 + $query = "select id, $field from $table where $field like '%\\\\\\%'";
  30 + echo $query . "<br>";
  31 + $sql->query($query);
  32 + while ($sql->next_record()) {
  33 + // strip field
  34 + //$cleanField = stripslashes($sql->f($field));
  35 + echo "found offending field=" . $sql->f($field). "<br>";
  36 + // update it
  37 + updateField($table, $sql->f("id"), $field, $sql->f($field));
  38 + }
  39 + }
  40 +}
  41 +echo "</pre>";
  42 +
  43 +function updateField($table, $id, $fieldName, $value) {
  44 + global $default;
  45 + $sql = $default->db;
  46 + $query = "update $table set $fieldName='$value' where id=$id";
  47 + if ($sql->query($query)) {
  48 + echo "successful ";
  49 + } else {
  50 + echo "unsuccessful ";
  51 + }
  52 + echo "update query=$query<br>";
  53 +}
  54 +?>
0 55 \ No newline at end of file
... ...