diff --git a/.project b/.project new file mode 100644 index 0000000..1157f78 --- /dev/null +++ b/.project @@ -0,0 +1,11 @@ + + + knowledgeTree + Document Management System + + + + + + + diff --git a/config/siteMap.inc b/config/siteMap.inc index 51d3ab3..962e3ce 100644 --- a/config/siteMap.inc +++ b/config/siteMap.inc @@ -64,9 +64,9 @@ $default->siteMap->addPage("deleteFolder", "/presentation/lookAndFeel/knowledgeT // folder access -$default->siteMap->addPage("addGroupFolderLink", "/presentation/lookAndFeel/knowledgeTree/foldermanagement/addGroupFolderLinkBL.php", "Manage Documents", UnitAdmin, "Add Folder Access", false); -$default->siteMap->addPage("modifyGroupFolderLink", "/presentation/lookAndFeel/knowledgeTree/foldermanagement/editGroupFolderLinkBL.php", "Manage Documents", UnitAdmin, "Edit Folder Access", false); -$default->siteMap->addPage("deleteGroupFolderLink", "/presentation/lookAndFeel/knowledgeTree/foldermanagement/deleteGroupFolderLinkBL.php", "Manage Documents", UnitAdmin, "Delete Folder Access", false); +$default->siteMap->addPage("addGroupFolderLink", "/presentation/lookAndFeel/knowledgeTree/foldermanagement/addGroupFolderLinkBL.php", "Manage Documents", User, "Add Folder Access", false); +$default->siteMap->addPage("modifyGroupFolderLink", "/presentation/lookAndFeel/knowledgeTree/foldermanagement/editGroupFolderLinkBL.php", "Manage Documents", User, "Edit Folder Access", false); +$default->siteMap->addPage("deleteGroupFolderLink", "/presentation/lookAndFeel/knowledgeTree/foldermanagement/deleteGroupFolderLinkBL.php", "Manage Documents", User, "Delete Folder Access", false); // document actions $default->siteMap->addPage("modifyDocumentTypeMetaData", "/presentation/lookAndFeel/knowledgeTree/documentmanagement/modifySpecificMetaDataBL.php", "Manage Documents", User, ""); @@ -80,6 +80,7 @@ $default->siteMap->addPage("deleteDependantDocument", "/presentation/lookAndFeel $default->siteMap->addPage("removeDocumentLink", "/presentation/lookAndFeel/knowledgeTree/documentmanagement/removeDocumentLinkBL.php", "Manage Documents", User, "", false); $default->siteMap->addPage("addDocumentLink", "/presentation/lookAndFeel/knowledgeTree/documentmanagement/addDocumentLinkBL.php", "Manage Documents", User, "", false); $default->siteMap->addPage("createDependantDocument", "/presentation/lookAndFeel/knowledgeTree/documentmanagement/createDependantDocumentBL.php", "Manage Documents", User, "", false); +$default->siteMap->addPage("escalateDependantDocument", "/presentation/lookAndFeel/knowledgeTree/documentmanagement/escalateDependantDocumentBL.php", "Manage Documents", User, "", false); $default->siteMap->addPage("addSubscription", "/presentation/lookAndFeel/knowledgeTree/subscriptions/addSubscriptionBL.php", "Manage Documents", User, "Add Folder Subscription"); $default->siteMap->addPage("removeSubscription", "/presentation/lookAndFeel/knowledgeTree/subscriptions/removeSubscriptionBL.php", "Manage Documents", User, "Remove Folder Subscription"); diff --git a/config/tableMappings.inc b/config/tableMappings.inc index 7fc7718..ff4ba03 100644 --- a/config/tableMappings.inc +++ b/config/tableMappings.inc @@ -30,8 +30,6 @@ $default->data_types_table ="data_types"; $default->document_fields_table = "document_fields"; // links document $default->document_fields_link_table = "document_fields_link"; -// meta data value lookup table -$default->document_fields_lookup_tables = "metadata_lookup"; // document subscriptions $default->document_subscriptions_table = "document_subscriptions"; // document transaction types diff --git a/docs/ChangeLog.txt b/docs/ChangeLog.txt index af3395a..94bc2de 100644 --- a/docs/ChangeLog.txt +++ b/docs/ChangeLog.txt @@ -1,13 +1,14 @@ Version 1.2.0 -* Mon Jul 28 2003 Michael Joseph -- Administration menu simplification and consistency. -- Segmented configuration files for ease of maintenance. -- Updated install documentation. -- Archiving- add the ability to search for archived documents and request their restoration. +* Tue Aug 12 2003 Michael Joseph - Document Details and Folder Properties- updated display- javascript content swapping. - Improved display of Document actions- disabled buttons when action not available. +- Add Document- streamlined process by placing all details on one page. +- Archiving- add the ability to search for archived documents and request their restoration. - Deletion of documents is now soft, additional Administration option to expunge/restore deleted documents. +- Administration menu simplification and consistency. - Administration - Cancel document checkout status functionality added. +- Segmented configuration files for ease of maintenance. +- Updated install documentation. - Additional online help files. Version 1.1.2 diff --git a/docs/INSTALL.txt b/docs/INSTALL.txt index 427c96c..0fa387e 100644 --- a/docs/INSTALL.txt +++ b/docs/INSTALL.txt @@ -8,7 +8,9 @@ KnowledgeTree Installation Notes upload_tmp_dir = C:\PHP\uploadtemp upload_max_filesize = 2M session.use_cookies = 1 - + magic_quotes_gpc = On + magic_quotes_runtime = Off + * Move the knowledgeTree folder to the directory it is going to be served from: $ mv knowledgeTree /path/to/your/html/directory/ @@ -19,14 +21,26 @@ KnowledgeTree Installation Notes $ mysql -p dms < sql/tables.sql * Configure your installation by changing the following attributes in config/environment.php: - - $default->fileSystemRoot - - $default->serverName - - $default->sslEnabled - - $default->authenticationClass - - $default->dbUser - - $default->dbPass - - $default->dbHost - - $default->dbName + - The fileSystemRoot property should point to the directory you installed the KnowledgeTree in eg. + $default->fileSystemRoot = "C:\Documents and Settings\michael\Desktop\php\knowledgeTree"; + + - The serverName property should be the name of the webserver you're accessing the KnowledgeTree from eg. + $default->serverName = "localhost"; + + - If the KnowledgeTree is not install in the root of your webserver, ie. you access the KnowledgeTree via a URL like + http://localhost/knowledgeTree, you must set the rootUrl property appropriately. + Eg. If your webserver root is "c:\myWebServerRoot" and you install KnowledgeTree into that directory (ie. + $default->fileSystemRoot = "c:\myWebServerRoot\knowledgeTree") then you must set your as follows: + $default->rootUrl = "/knowledgeTree"; + + - If your webserver is SSL enabled then set this to true (in most cases this will be false) eg. + $default->sslEnabled = false; + + - Set the database properties to point to your MySQL installation + $default->dbUser = "root"; + $default->dbPass = "pass123"; + $default->dbHost = "localhost"; + $default->dbName = "release112"; * Check permissions on the Documents folder - The "/Documents" folder MUST be able to be written to by your web server. diff --git a/docs/TODO.txt b/docs/TODO.txt index d60f4e8..83c71c0 100644 --- a/docs/TODO.txt +++ b/docs/TODO.txt @@ -2,9 +2,11 @@ KnowledgeTree DMS Development TODO List --------------------------------------- (In no particular order after office integration) - - Microsoft Office integration- Open, Edit, Update documents in the KnowledgeTree from within Microsoft Office programs (IN PROGRESS) + +- Search- improve standard search hitrate + - if there are no standard search results then try advanced search? - WebDAV integration - Reporting- Simple usage and statistics report generator - Code Review and Refactoring @@ -40,5 +42,8 @@ KnowledgeTree DMS Development TODO List - Allow overrides on a per document basis - Search - Search for document creator and folder names + - Accomodate custom search terms- $fCustomSearchxxx +- Allow thumbnails for image types (API for any other filetype) +- Permission model- allow breaking of permission inheritance (integrate with serving multiple organisations) $Id$ \ No newline at end of file diff --git a/graphics/logo.jpg b/graphics/logo.jpg index 54f003d..406900d 100644 --- a/graphics/logo.jpg +++ b/graphics/logo.jpg diff --git a/lib/DefaultLookup.inc b/lib/DefaultLookup.inc index 651e81b..ed9a1cc 100644 --- a/lib/DefaultLookup.inc +++ b/lib/DefaultLookup.inc @@ -82,7 +82,7 @@ class DefaultLookup { //don't create the object if it's aready been created if ($this->iId < 0) { $sql = $default->db; - $result = $sql->query("INSERT INTO $this->sTableName (name) VALUES ( '". addslashes($this->sName) . "')"); + $result = $sql->query("INSERT INTO $this->sTableName (name) VALUES ('$this->sName')"); if ($result) { //set the primary key; $this->iId = $sql->insert_id(); @@ -106,7 +106,7 @@ class DefaultLookup { //can only update if the object has been stored if ($this->iId >= 0) { $sql = $default->db; - $result = $sql->query("UPDATE $this->sTableName SET name = '" . addslashes($this->sName) . "' WHERE id = $this->iId"); + $result = $sql->query("UPDATE $this->sTableName SET name = '$this->sName' WHERE id = $this->iId"); if ($result) { return true; } @@ -156,7 +156,7 @@ class DefaultLookup { $result = $sql->query("SELECT * FROM $sTableName WHERE id = $iId"); if ($result) { if ($sql->next_record()) { - $oLookup = & new DefaultLookup($sTableName, stripslashes($sql->f("name"))); + $oLookup = & new DefaultLookup($sTableName, $sql->f("name")); $oLookup->iId = $iId; return $oLookup; } diff --git a/lib/archiving/ArchivingType.inc b/lib/archiving/ArchivingType.inc index 303611c..3abd0fe 100644 --- a/lib/archiving/ArchivingType.inc +++ b/lib/archiving/ArchivingType.inc @@ -82,7 +82,7 @@ class ArchivingType { if ($this->iId < 0) { $sql = $default->db; $result = $sql->query("INSERT INTO $default->archiving_type_lookup_table (name) " . - "VALUES ('" . addslashes($this->sName) . "')"); + "VALUES ('$this->sName')"); if ($result) { //set the current primary key $this->iId = $sql->insert_id(); @@ -103,7 +103,7 @@ class ArchivingType { if ($this->iId >= 0) { $sql = $default->db; $sQuery = "UPDATE $default->archiving_type_lookup_table SET " . - "name = '" . addslashes($this->sName) . "' " . + "name = '$this->sName' " . "WHERE id = $this->iId"; $result = $sql->query($sQuery); if ($result) { diff --git a/lib/archiving/TimeUnit.inc b/lib/archiving/TimeUnit.inc index 070a566..dac7dbc 100644 --- a/lib/archiving/TimeUnit.inc +++ b/lib/archiving/TimeUnit.inc @@ -82,7 +82,7 @@ class TimeUnit { if ($this->iId < 0) { $sql = $default->db; $result = $sql->query("INSERT INTO $default->time_unit_lookup_table (name) " . - "VALUES ('" . addslashes($this->sName) . "')"); + "VALUES ('$this->sName')"); if ($result) { //set the current primary key $this->iId = $sql->insert_id(); @@ -103,7 +103,7 @@ class TimeUnit { if ($this->iId >= 0) { $sql = $default->db; $sQuery = "UPDATE $default->time_unit_lookup_table SET " . - "name = '" . addslashes($this->sName) . "' " . + "name = '$this->sName' " . "WHERE id = $this->iId"; $result = $sql->query($sQuery); if ($result) { diff --git a/lib/authentication/Authenticator.inc b/lib/authentication/Authenticator.inc index 03405e7..9cd5f5f 100644 --- a/lib/authentication/Authenticator.inc +++ b/lib/authentication/Authenticator.inc @@ -76,12 +76,10 @@ class Authenticator { } else { // db access failed - $_SESSION["errorMessage"] = $lang_err_database; $aUserDetails["status"] = 0; } } else { // db access failed - $_SESSION["errorMessage"] = $lang_err_database; $aUserDetails["status"] = 0; } } else { diff --git a/lib/dashboard/DashboardNews.inc b/lib/dashboard/DashboardNews.inc index 3256781..77053d9 100644 --- a/lib/dashboard/DashboardNews.inc +++ b/lib/dashboard/DashboardNews.inc @@ -306,8 +306,8 @@ class DashboardNews { if ($this->iId < 0) { $sql = $default->db; $result = $sql->query("INSERT INTO $default->news_table (synopsis, body, rank, image, image_size, image_mime_type_id, active) " . - "VALUES ('" . addslashes($this->sSynopsis) . "', '" . addslashes($this->sBody) . "', $this->iRank, " . - "'" . addslashes($this->sImage) . "', $this->iImageSize, $this->iImageMimeTypeID, " . ($this->bActive ? "1" : "0") . ")"); + "VALUES ('$this->sSynopsis', '$this->sBody', $this->iRank, " . + "'$this->sImage', $this->iImageSize, $this->iImageMimeTypeID, " . ($this->bActive ? "1" : "0") . ")"); if ($result) { //set the current news item primary key $this->iId = $sql->insert_id(); @@ -334,10 +334,10 @@ class DashboardNews { if ($this->iId >= 0) { $sql = $default->db; $sQuery = "UPDATE " . $default->news_table . " SET " . - "synopsis = '" . addslashes($this->sSynopsis) . "', " . - "body = '" . addslashes($this->sBody) . "', " . + "synopsis = '$this->sSynopsis', " . + "body = '$this->sBody', " . "rank = $this->iRank, " . - "image = '" . addslashes($this->sImage) . "', " . + "image = '$this->sImage', " . "image_size = $this->iImageSize " . ($this->iImageMimeTypeID ? ", image_mime_type_id = $this->iImageMimeTypeID " : " ") . "WHERE id = $this->iId"; @@ -395,7 +395,7 @@ class DashboardNews { $aImage = array( "image" => $sql->f("image"), "filesize" => $sql->f("image_size"), "mimetypeid" => $sql->f("image_mime_type_id") ); - $oDashboardNews = & new DashboardNews(stripslashes($sql->f("synopsis")), stripslashes($sql->f("body")), $sql->f("rank"), $aImage); + $oDashboardNews = & new DashboardNews($sql->f("synopsis"), $sql->f("body"), $sql->f("rank"), $aImage); $oDashboardNews->iId = $iNewsID; $oDashboardNews->setActive($sql->f("active")); return $oDashboardNews; diff --git a/lib/database/lookup.inc b/lib/database/lookup.inc index ff7e1e7..18472b4 100644 --- a/lib/database/lookup.inc +++ b/lib/database/lookup.inc @@ -86,7 +86,7 @@ function lookupField($tableName, $selectFieldName, $whereFieldName, $whereFieldV if ($sql->query($query)) { if ($sql->next_record()) { - return stripslashes($sql->f($selectFieldName)); + return $sql->f($selectFieldName); } else { $_SESSION["errorMessage"] = "$selectFieldName field lookup retrieval failed ($query)."; return false; diff --git a/lib/documentmanagement/DependantDocumentInstance.inc b/lib/documentmanagement/DependantDocumentInstance.inc index 689a8b2..34ac516 100644 --- a/lib/documentmanagement/DependantDocumentInstance.inc +++ b/lib/documentmanagement/DependantDocumentInstance.inc @@ -79,7 +79,7 @@ class DependantDocumentInstance { * */ function setDocumentTitle($sNewValue) { - $this -> sDocumentTitle = $sNewValue; + $this->sDocumentTitle = $sNewValue; } /** @@ -99,7 +99,7 @@ class DependantDocumentInstance { * */ function getTemplateDocumentID() { - return $this -> iTemplateDocumentID; + return $this->iTemplateDocumentID; } /** @@ -109,7 +109,7 @@ class DependantDocumentInstance { * */ function setHasLookup($sNewValue) { - $this -> iTemplateDocumentID = $sNewValue; + $this->iTemplateDocumentID = $sNewValue; } function getParentDocumentID() { @@ -125,17 +125,17 @@ class DependantDocumentInstance { function create() { global $default, $lang_err_database, $lang_err_object_exists; //if the object hasn't been created - if ($this -> iId < 0) { - $sql = $default -> db; - $result = $sql -> query("INSERT INTO $default->dependant_document_instance_table (document_title, user_id,template_document_id, parent_document_id) VALUES ('" . addslashes($this->sDocumentTitle) . "', $this->iUserID, " . (isset($this->iTemplateDocumentID) ? "$this->iTemplateDocumentID" : "NULL") . ", " . $this->iParentDocumentID . ")"); + if ($this->iId < 0) { + $sql = $default->db; + $result = $sql->query("INSERT INTO $default->dependant_document_instance_table (document_title, user_id,template_document_id, parent_document_id) VALUES ('$this->sDocumentTitle', $this->iUserID, " . (isset($this->iTemplateDocumentID) ? "$this->iTemplateDocumentID" : "NULL") . ", " . $this->iParentDocumentID . ")"); if ($result) { - $this -> iId = $sql -> insert_id(); + $this->iId = $sql->insert_id(); return true; } $_SESSION["errorMessage"] = $lang_err_database; return false; } - $_SESSION["errorMessage"] = $lang_err_object_exists."id = ".$this -> iId." table = dependant_document_instance"; + $_SESSION["errorMessage"] = $lang_err_object_exists."id = ".$this->iId." table = dependant_document_instance"; return false; } @@ -148,9 +148,9 @@ class DependantDocumentInstance { function update() { global $default, $lang_err_database, $lang_err_object_key; //only update if the object has been stored - if ($this -> iId > 0) { - $sql = $default -> db; - $result = $sql -> query("UPDATE $default -> owl_dependant_documents SET document_title = '".addslashes($this -> sDocumentTitle)."', user_id = $this->iUserID, template_document_id = $this->iTemplateDocumentID, parent_document_id = $this->iParentDocumentID WHERE id = $this->iId"); + if ($this->iId > 0) { + $sql = $default->db; + $result = $sql->query("UPDATE $default->dependant_document_instance_table SET document_title = '$this->sDocumentTitle', user_id = $this->iUserID, template_document_id = $this->iTemplateDocumentID, parent_document_id = $this->iParentDocumentID WHERE id = $this->iId"); if ($result) { return true; } @@ -170,9 +170,9 @@ class DependantDocumentInstance { function delete() { global $default, $lang_err_database, $lang_err_object_key; //only delete the object if it exists in the database - if ($this -> iId >= 0) { - $sql = $default -> db; - $result = $sql -> query("DELETE FROM $default->dependant_document_instance_table WHERE id = $this->iId"); + if ($this->iId >= 0) { + $sql = $default->db; + $result = $sql->query("DELETE FROM $default->dependant_document_instance_table WHERE id = $this->iId"); if ($result) { return true; } @@ -193,12 +193,12 @@ class DependantDocumentInstance { */ function & get($iDependantDocumentID) { global $default; - $sql = $default -> db; - $result = $sql -> query("SELECT * FROM $default->dependant_document_instance_table WHERE id = $iDependantDocumentID"); + $sql = $default->db; + $result = $sql->query("SELECT * FROM $default->dependant_document_instance_table WHERE id = $iDependantDocumentID"); if ($result) { - if ($sql -> next_record()) { - $oDependantDocument = & new DependantDocumentInstance(stripslashes($sql -> f("document_title")), $sql -> f("user_id"), $sql -> f("template_document_id"), $sql->f("parent_document_id")); - $oDependantDocument -> iId = $sql -> f("id"); + if ($sql->next_record()) { + $oDependantDocument = & new DependantDocumentInstance($sql->f("document_title"), $sql->f("user_id"), $sql->f("template_document_id"), $sql->f("parent_document_id")); + $oDependantDocument->iId = $sql->f("id"); return $oDependantDocument; } $_SESSION["errorMessage"] = $lang_err_object_not_exist."id = ".$iDependantDocumentID." table = $default->dependant_document_instance_table"; diff --git a/lib/documentmanagement/DependantDocumentTemplate.inc b/lib/documentmanagement/DependantDocumentTemplate.inc index 745668f..bdf969d 100644 --- a/lib/documentmanagement/DependantDocumentTemplate.inc +++ b/lib/documentmanagement/DependantDocumentTemplate.inc @@ -133,11 +133,11 @@ class DependantDocumentTemplate { function create() { global $default, $lang_err_database, $lang_err_object_exists; //if the object hasn't been created - if ($this -> iId < 0) { - $sql = $default -> db; - $result = $sql -> query("INSERT INTO $default->dependant_document_template_table (document_title, default_user_id,template_document_id, group_folder_approval_link_id) VALUES ('" . addslashes($this->sDocumentTitle) . "', $this->iDefaultUserID, " . (($this->iTemplateDocumentID == null) ? "NULL" : $this->iTemplateDocumentID) . ", $this->iGroupFolderApprovalLinkID)"); + if ($this->iId < 0) { + $sql = $default->db; + $result = $sql->query("INSERT INTO $default->dependant_document_template_table (document_title, default_user_id,template_document_id, group_folder_approval_link_id) VALUES ('$this->sDocumentTitle', $this->iDefaultUserID, " . (($this->iTemplateDocumentID == null) ? "NULL" : $this->iTemplateDocumentID) . ", $this->iGroupFolderApprovalLinkID)"); if ($result) { - $this -> iId = $sql -> insert_id(); + $this->iId = $sql->insert_id(); return true; } $_SESSION["errorMessage"] = $lang_err_database; @@ -156,9 +156,9 @@ class DependantDocumentTemplate { function update() { global $default, $lang_err_database, $lang_err_object_key; //only update if the object has been stored - if ($this -> iId > 0) { - $sql = $default -> db; - $result = $sql -> query("UPDATE $default->dependant_document_template_table SET document_title = '".addslashes($this -> sDocumentTitle)."', default_user_id = $this->iDefaultUserID, template_document_id = " . (($this->iTemplateDocumentID == null) ? "NULL" : $this->iTemplateDocumentID) . ", group_folder_approval_link_id = $this->iGroupFolderApprovalLinkID WHERE id = $this->iId"); + if ($this->iId > 0) { + $sql = $default->db; + $result = $sql->query("UPDATE $default->dependant_document_template_table SET document_title = '$this->sDocumentTitle', default_user_id = $this->iDefaultUserID, template_document_id = " . (($this->iTemplateDocumentID == null) ? "NULL" : $this->iTemplateDocumentID) . ", group_folder_approval_link_id = $this->iGroupFolderApprovalLinkID WHERE id = $this->iId"); if ($result) { return true; } @@ -178,9 +178,9 @@ class DependantDocumentTemplate { function delete() { global $default, $lang_err_database, $lang_err_object_key; //only delete the object if it exists in the database - if ($this -> iId >= 0) { - $sql = $default -> db; - $result = $sql -> query("DELETE FROM $default->dependant_document_template_table WHERE id = $this->iId"); + if ($this->iId >= 0) { + $sql = $default->db; + $result = $sql->query("DELETE FROM $default->dependant_document_template_table WHERE id = $this->iId"); if ($result) { return true; } @@ -201,13 +201,13 @@ class DependantDocumentTemplate { */ function & get($iDependantDocumentID) { global $default; - $sql = $default -> db; - $result = $sql -> query("SELECT * FROM $default->dependant_document_template_table WHERE id = $iDependantDocumentID"); + $sql = $default->db; + $result = $sql->query("SELECT * FROM $default->dependant_document_template_table WHERE id = $iDependantDocumentID"); if ($result) { - if ($sql -> next_record()) { - $DependantDocumentTemplate = & new DependantDocumentTemplate(stripslashes($sql -> f("document_title")), $sql -> f("default_user_id"), $sql->f("group_folder_approval_link_id"), $sql->f("template_document_id")); - $DependantDocumentTemplate -> iId = $sql -> f("id"); - /*if (!($sql -> f("template_document_id") == null)) { + if ($sql->next_record()) { + $DependantDocumentTemplate = & new DependantDocumentTemplate($sql->f("document_title"), $sql->f("default_user_id"), $sql->f("group_folder_approval_link_id"), $sql->f("template_document_id")); + $DependantDocumentTemplate->iId = $sql->f("id"); + /*if (!($sql->f("template_document_id") == null)) { $DependantDocumentTemplate->setTemplateDocumentID($sql->f("template_document_id")); }*/ return $DependantDocumentTemplate; diff --git a/lib/documentmanagement/Document.inc b/lib/documentmanagement/Document.inc index a295dfd..d3bd591 100644 --- a/lib/documentmanagement/Document.inc +++ b/lib/documentmanagement/Document.inc @@ -276,11 +276,11 @@ class Document { } /** - * Generate a comma delimited string containing - * the parent folder ids - * - * @return String comma delimited string containing the parent folder ids - */ + * Recursive function to generate a comma delimited string containing + * the parent folder ids + * + * @return String comma delimited string containing the parent folder ids + */ function generateParentFolderIDS($iFolderID) { global $default; //if the folder is not the root folder @@ -295,10 +295,20 @@ class Document { } /** - * Forward slash deliminated string giving full path of document - * from file system root url - * - */ + * Returns a comma delimited string containing the parent folder ids, strips leading / + * + * @return String comma delimited string containing the parent folder ids + */ + function generateFolderIDs($iFolderID) { + $sFolderIDs = $this->generateParentFolderIDS($iFolderID); + return substr($sFolderIDs, 1, strlen($sFolderIDs)); + } + + + /** + * Recursively generates forward slash deliminated string giving full path of document + * from file system root url + */ function generateFullFolderPath($iFolderID) { global $default; //if the folder is not the root folder @@ -306,11 +316,23 @@ class Document { $sql = $default->db; $sql->query("SELECT name, parent_id FROM $default->folders_table WHERE ID = $iFolderID"); $sql->next_record(); - return $this->generateFullFolderPath($sql->f("parent_id")) . "/" . stripslashes($sql->f("name")); + return $this->generateFullFolderPath($sql->f("parent_id")) . "/" . $sql->f("name"); } return; } + /** + * Returns a forward slash deliminated string giving full path of document, strips leading / + */ + function generateFolderPath($iFolderID) { + global $default; + $sPath = $this->generateFullFolderPath($iFolderID); + $sPath = substr($sPath, 1, strlen($sPath)); + $sPath = addslashes($sPath); + return $sPath; + } + + /** * Insert the current document into the database * @@ -321,12 +343,10 @@ class Document { //if the id >= 0, then the object has already been created if ($this->iId < 0) { $sql = $default->db; - $sFullPath = $this->generateFullFolderPath($this->iFolderID); - $this->sFullPath = substr($sFullPath, 1, strlen($sFullPath)); - $sParentFolderIDs = $this->generateParentFolderIDS($this->iFolderID); - $this->sParentFolderIDs = substr($sParentFolderIDs, 1, strlen($sParentFolderIDs)); + $this->sFullPath = $this->generateFolderPath($this->iFolderID); + $this->sParentFolderIDs = $this->generateFolderIDs($this->iFolderID); $result = $sql->query("INSERT INTO " . $default->documents_table . " (document_type_id, name, filename, size, creator_id, modified, description, mime_id, folder_id, major_version, minor_version, is_checked_out, checked_out_user_id, parent_folder_ids, full_path, status_id) " . - "VALUES ($this->iDocumentTypeID, '" . addslashes($this->sName) . "', '" . addslashes($this->sFileName) . "', $this->iSize, $this->iCreatorID, '" . getCurrentDateTime() . "', '" . addslashes($this->sDescription) . "', $this->iMimeTypeID, $this->iFolderID, $this->iMajorVersion, $this->iMinorVersion, " . ($this->bIsCheckedOut ? 1 : 0) . ", $this->iCheckedOutUserID, '$this->sParentFolderIDs','" . addslashes($this->sFullPath) . "', $this->iStatusID)"); + "VALUES ($this->iDocumentTypeID, '$this->sName', '$this->sFileName', $this->iSize, $this->iCreatorID, '" . getCurrentDateTime() . "', '$this->sDescription', $this->iMimeTypeID, $this->iFolderID, $this->iMajorVersion, $this->iMinorVersion, " . ($this->bIsCheckedOut ? 1 : 0) . ", $this->iCheckedOutUserID, '$this->sParentFolderIDs','$this->sFullPath', $this->iStatusID)"); if ($result) { //set the current documents primary key $this->iId = $sql->insert_id(); @@ -354,11 +374,11 @@ class Document { "INNER JOIN $default->groups_folders_table AS GFL ON GFL.folder_id = F.id " . "INNER JOIN $default->users_groups_table AS UGL ON UGL.group_id = GFL.group_id " . "WHERE D.id=$this->iId"; - $default->log->info("addDocument groupPerms=$sGroupPerms"); + $default->log->debug("addDocument groupPerms=$sGroupPerms"); if ($sql->query($sGroupPerms)) { - $default->log->info("groupPerms succeeded"); + $default->log->debug("groupPerms succeeded"); } else { - $default->log->info("groupPerms failed"); + $default->log->error("groupPerms failed"); } // role permissions $sRolePerms = "INSERT INTO $default->search_permissions_table (user_id, document_id) " . @@ -367,9 +387,9 @@ class Document { "WHERE document_id=$this->iId"; $default->log->info("addDocument rolePerms=$sRolePerms"); if ($sql->query($sRolePerms)) { - $default->log->info("rolePerms succeeded"); + $default->log->debug("rolePerms succeeded"); } else { - $default->log->info("rolePerms failed"); + $default->log->error("rolePerms failed"); } // public folders @@ -378,11 +398,11 @@ class Document { "FROM $default->users_table AS U, $default->documents_table AS D INNER JOIN $default->folders_table AS F ON D.folder_id = F.id " . "WHERE F.is_public = 1 " . "AND D.id=$this->iId"; - $default->log->info("addDocument publicFolder=$sPublicFolderPerms"); + $default->log->debug("addDocument publicFolder=$sPublicFolderPerms"); if ($sql->query($sPublicFolderPerms)) { - $default->log->info("publicFolder succeeded"); + $default->log->debug("publicFolder succeeded"); } else { - $default->log->info("publicFolder failed"); + $default->log->error("publicFolder failed"); } // creator permissions @@ -390,11 +410,11 @@ class Document { "SELECT creator_id, id " . "FROM $default->documents_table " . "WHERE id=$this->iId"; - $default->log->info("addDocument creatorPerms=$sCreatorPerms"); + $default->log->debug("addDocument creatorPerms=$sCreatorPerms"); if ($sql->query($sCreatorPerms)) { - $default->log->info("creatorPerms succeeded"); + $default->log->debug("creatorPerms succeeded"); } else { - $default->log->info("creatorPerms failed"); + $default->log->error("creatorPerms failed"); } } @@ -409,29 +429,28 @@ class Document { $sql = $default->db; $sQuery = "UPDATE " . $default->documents_table . " SET " . "document_type_id = $this->iDocumentTypeID, " . - "name = '" . addslashes($this->sName) . "', " . - "filename = '" . addslashes($this->sFileName) . "', " . + "name = '$this->sName', " . + "filename = '$this->sFileName', " . "size = $this->iSize, " . "creator_id = $this->iCreatorID, " . "modified = '" . getCurrentDateTime() . "', " . - "description = '" . addslashes($this->sDescription) . "', " . + "description = '$this->sDescription', " . "mime_id = $this->iMimeTypeID, " . "folder_id = $this->iFolderID, " . "major_version = $this->iMajorVersion, " . "minor_version = $this->iMinorVersion, "; - if ($aForMove) { - //only update these if the document is being moved - $sFullPath = $this->generateFullFolderPath($this->iFolderID); - $this->sFullPath = substr($sFullPath, 1, strlen($sFullPath)); - $sParentFolderIDs = $this->generateParentFolderIDS($this->iFolderID); - $this->sParentFolderIDs = substr($sParentFolderIDs, 1, strlen($sParentFolderIDs)); - $sQuery .= "parent_folder_ids = '" . addslashes($this->sParentFolderIDs) . "'," . - "full_path = '" . addslashes($this->sFullPath) . "', "; - } - $sQuery .= "is_checked_out = " . ($this->bIsCheckedOut ? "1" : "0") . ", " . - "checked_out_user_id = $this->iCheckedOutUserID, " . - "status_id = $this->iStatusID " . - "WHERE id = $this->iId"; + if ($aForMove) { + //only update these if the document is being moved + $this->sFullPath = $this->generateFolderPath($this->iFolderID); + $this->sParentFolderIDs = $this->generateFolderIDs($this->iFolderID); + + $sQuery .= "parent_folder_ids = '$this->sParentFolderIDs'," . + "full_path = '$this->sFullPath', "; + } + $sQuery .= "is_checked_out = " . ($this->bIsCheckedOut ? "1" : "0") . ", " . + "checked_out_user_id = $this->iCheckedOutUserID, " . + "status_id = $this->iStatusID " . + "WHERE id = $this->iId"; $result = $sql->query($sQuery); if ($result) { return true; @@ -565,14 +584,14 @@ class Document { // TODO: join on sys_deleted $sql->query("SELECT * FROM $default->documents_table WHERE id = $iDocumentID"); if ($sql->next_record()) { - $oDocument = & new Document(stripslashes($sql->f("name")), stripslashes($sql->f("filename")), $sql->f("size"), $sql->f("creator_id"), $sql->f("mime_id"), $sql->f("folder_id"), $sql->f("description")); + $oDocument = & new Document($sql->f("name"), $sql->f("filename"), $sql->f("size"), $sql->f("creator_id"), $sql->f("mime_id"), $sql->f("folder_id"), $sql->f("description")); $oDocument->setDocumentTypeID($sql->f("document_type_id")); $oDocument->setMajorVersionNumber($sql->f("major_version")); $oDocument->setMinorVersionNumber($sql->f("minor_version")); $oDocument->setIsCheckedOut($sql->f("is_checked_out")); $oDocument->setLastModifiedDate($sql->f("modified")); - $oDocument->sParentFolderIDs = stripslashes($sql->f("parent_folder_ids")); - $oDocument->sFullPath = stripslashes($sql->f("full_path")); + $oDocument->sParentFolderIDs = $sql->f("parent_folder_ids"); + $oDocument->sFullPath = $sql->f("full_path"); $oDocument->setCheckedOutUserID($sql->f("checked_out_user_id")); // FIXME: nasty hack- paying the penalty for adding status_id late in phase 2 $oDocument->setStatusID( ($sql->f("status_id") == "" ? LIVE : $sql->f("status_id")) ); @@ -731,7 +750,7 @@ class Document { global $default; $sql = $default->db; $sQuery = "SELECT * FROM $default->documents_table " . - "WHERE filename = '" . addslashes($sFileName) . "' " . + "WHERE filename = '$sFileName' " . "AND folder_id = $iFolderID " . "AND status_id = " . LIVE; $sql->query($sQuery); diff --git a/lib/documentmanagement/DocumentField.inc b/lib/documentmanagement/DocumentField.inc index 8602b9f..f9a503c 100644 --- a/lib/documentmanagement/DocumentField.inc +++ b/lib/documentmanagement/DocumentField.inc @@ -161,7 +161,7 @@ class DocumentField { //if the object hasn't been created if ($this->iId < 0) { $sql = $default->db; - $result = $sql->query("INSERT INTO " . $default->document_fields_table . " (name, data_type,is_generic,has_lookup) VALUES ('" . addslashes($this->sName) . "', '" . addslashes($this->sDataType) . "', '" . $this->bIsGeneric . "', '" . $this->bHasLookup ."')"); + $result = $sql->query("INSERT INTO " . $default->document_fields_table . " (name, data_type,is_generic,has_lookup) VALUES ('" . $this->sName . "', '" . $this->sDataType . "', '" . $this->bIsGeneric . "', '" . $this->bHasLookup ."')"); if ($result) { $this->iId = $sql->insert_id(); return true; @@ -184,7 +184,7 @@ class DocumentField { //only update if the object has been stored if ($this->iId > 0) { $sql = $default->db; - $result = $sql->query("UPDATE " . $default->document_fields_table . " SET name = '" . addslashes($this->sName) . "', data_type = '" . addslashes($this->sDataType) . "', is_generic = '" . $this->bIsGeneric . "', has_lookup = '" . $this->bHasLookup . "' WHERE id = $this->iId"); + $result = $sql->query("UPDATE " . $default->document_fields_table . " SET name = '" . $this->sName . "', data_type = '" . $this->sDataType . "', is_generic = '" . $this->bIsGeneric . "', has_lookup = '" . $this->bHasLookup . "' WHERE id = $this->iId"); if ($result) { return true; } @@ -231,7 +231,7 @@ class DocumentField { $result = $sql->query("SELECT * FROM $default->document_fields_table WHERE id = $iDocumentFieldsID"); if ($result) { if ($sql->next_record()) { - $oDocumentField = & new DocumentField(stripslashes($sql->f("name")), stripslashes($sql->f("data_type")), $sql->f("is_generic"), $sql->f("has_lookup")); + $oDocumentField = & new DocumentField($sql->f("name"), $sql->f("data_type"), $sql->f("is_generic"), $sql->f("has_lookup")); $oDocumentField->iId = $sql->f("id"); return $oDocumentField; } diff --git a/lib/documentmanagement/DocumentFieldLink.inc b/lib/documentmanagement/DocumentFieldLink.inc index 3ca130c..facbf77 100644 --- a/lib/documentmanagement/DocumentFieldLink.inc +++ b/lib/documentmanagement/DocumentFieldLink.inc @@ -133,7 +133,7 @@ class DocumentFieldLink { if ($this->iId < 0) { $sql = $default->db; $result = $sql->query("INSERT INTO " . $default->document_fields_link_table . " (document_id, document_field_id, value) " . - "VALUES ($this->iDocumentID, $this->iDocumentFieldID, '" . addslashes($this->sValue) . "')"); + "VALUES ($this->iDocumentID, $this->iDocumentFieldID, '$this->sValue')"); if ($result) { //set the current documents primary key $this->iId = $sql->insert_id(); @@ -157,7 +157,7 @@ class DocumentFieldLink { if ($this->iId >= 0) { $sql = $default->db; $result = $sql->query("UPDATE " . $default->document_fields_link_table . " SET " . - "document_id = $this->iDocumentID, document_field_id = $this->iDocumentFieldID, value = '" . addslashes($this->sValue) . "'" . + "document_id = $this->iDocumentID, document_field_id = $this->iDocumentFieldID, value = '$this->sValue'" . "WHERE id = $this->iId"); if ($result) { return true; diff --git a/lib/documentmanagement/DocumentLink.inc b/lib/documentmanagement/DocumentLink.inc index da811fd..dda1f42 100644 --- a/lib/documentmanagement/DocumentLink.inc +++ b/lib/documentmanagement/DocumentLink.inc @@ -75,7 +75,7 @@ class DocumentLink { * */ function setParentDocumentID($iNewValue) { - $this -> iParentDocumentID = $iNewValue; + $this->iParentDocumentID = $iNewValue; } /** @@ -95,7 +95,7 @@ class DocumentLink { * */ function setChildDocumentID($iNewValue) { - $this -> iChildDocumentID = $iNewValue; + $this->iChildDocumentID = $iNewValue; } /** @@ -107,17 +107,17 @@ class DocumentLink { function create() { global $default, $lang_err_database, $lang_err_object_exists; //if the object hasn't been created - if ($this -> iId < 0) { - $sql = $default -> db; - $result = $sql -> query("INSERT INTO " . $default -> owl_document_link_table . " (parent_document_id, child_document_id) VALUES ($this->iParentDocumentID, $this->iChildDocumentID)"); + if ($this->iId < 0) { + $sql = $default->db; + $result = $sql->query("INSERT INTO $default->document_link_table (parent_document_id, child_document_id) VALUES ($this->iParentDocumentID, $this->iChildDocumentID)"); if ($result) { - $this -> iId = $sql -> insert_id(); + $this->iId = $sql->insert_id(); return true; } $_SESSION["errorMessage"] = $lang_err_database; return false; } - $_SESSION["errorMessage"] = $lang_err_object_exists."id = ".$this -> iId." table = document_fields"; + $_SESSION["errorMessage"] = $lang_err_object_exists."id = ".$this->iId." table = document_fields"; return false; } @@ -130,9 +130,9 @@ class DocumentLink { function update() { global $default, $lang_err_database, $lang_err_object_key; //only update if the object has been stored - if ($this -> iId > 0) { - $sql = $default -> db; - $result = $sql -> query("UPDATE ".$default -> owl_document_link_table." SET parent_document_id = $this->iParentDocumentID, child_document_id = $this->iChildDocumentID WHERE id = $this->iId"); + if ($this->iId > 0) { + $sql = $default->db; + $result = $sql->query("UPDATE $default->document_link_table SET parent_document_id = $this->iParentDocumentID, child_document_id = $this->iChildDocumentID WHERE id = $this->iId"); if ($result) { return true; } @@ -152,9 +152,9 @@ class DocumentLink { function delete() { global $default, $lang_err_database, $lang_err_object_key; //only delete the object if it exists in the database - if ($this -> iId >= 0) { - $sql = $default -> db; - $result = $sql -> query("DELETE FROM $default->document_link_table WHERE id = $this->iId"); + if ($this->iId >= 0) { + $sql = $default->db; + $result = $sql->query("DELETE FROM $default->document_link_table WHERE id = $this->iId"); if ($result) { return true; } @@ -175,12 +175,12 @@ class DocumentLink { */ function & get($iDocumentLinkID) { global $default; - $sql = $default -> db; - $result = $sql -> query("SELECT * FROM $default->document_link_table WHERE id = $iDocumentLinkID"); + $sql = $default->db; + $result = $sql->query("SELECT * FROM $default->document_link_table WHERE id = $iDocumentLinkID"); if ($result) { - if ($sql -> next_record()) { - $oDocumentLink = & new DocumentLink($sql -> f("parent_document_id"), $sql -> f("parent_document_id")); - $oDocumentLink -> iId = $sql -> f("id"); + if ($sql->next_record()) { + $oDocumentLink = & new DocumentLink($sql->f("parent_document_id"), $sql->f("parent_document_id")); + $oDocumentLink->iId = $sql->f("id"); return $oDocumentLink; } $_SESSION["errorMessage"] = $lang_err_object_not_exist."id = ".$iDocumentLinkID." table = $default->document_link_table"; diff --git a/lib/documentmanagement/DocumentTransaction.inc b/lib/documentmanagement/DocumentTransaction.inc index 2776a1b..605eb9c 100644 --- a/lib/documentmanagement/DocumentTransaction.inc +++ b/lib/documentmanagement/DocumentTransaction.inc @@ -79,7 +79,7 @@ class DocumentTransaction { $oDocument = & Document::get($iNewDocumentID); if ($oDocument) { $this->sVersion = $oDocument->getMajorVersionNumber() . "." . $oDocument->getMinorVersionNumber(); - $this->sFileName = Folder::getFolderPath($oDocument->getFolderID()) . "/" . $oDocument->getName(); + $this->sFileName = addslashes(Folder::getFolderPath($oDocument->getFolderID()) . "/" . $oDocument->getName()); } $this->iUserID = $_SESSION["userID"]; $this->dDateTime = getCurrentDateTime(); @@ -105,7 +105,7 @@ class DocumentTransaction { if ($this->iId < 0) { $sql = $default->db; $result = $sql->query("INSERT INTO " . $default->document_transactions_table . " (document_id, version, user_id, datetime, ip, filename, comment, transaction_id) " . - "VALUES ($this->iDocumentID, '" . addslashes($this->sVersion) . "', $this->iUserID, '" . addslashes($this->dDateTime) . "', '" . addslashes($this->sIP) . "', '" . addslashes($this->sFileName) . "', '" . addslashes($this->sComment) . "', $this->iTransactionID)"); + "VALUES ($this->iDocumentID, '$this->sVersion', $this->iUserID, '$this->dDateTime', '$this->sIP', '$this->sFileName', '$this->sComment', $this->iTransactionID)"); if ($result) { //object has been stored, set the primary key $this->iId = $sql->insert_id(); @@ -150,7 +150,7 @@ class DocumentTransaction { $sql = $default->db; $sql->query("SELECT * FROM $default->document_transactions_table WHERE id = $iDocumentTransactionID"); if ($sql->next_record()) { - $oDocumentTransaction = & new DocumentTransaction($sql->f("document_id"), stripslashes($sql->f("comment")), $sql->f("transaction_id")); + $oDocumentTransaction = & new DocumentTransaction($sql->f("document_id"), $sql->f("comment"), $sql->f("transaction_id")); $oDocumentTransaction->iId = $sql->f("id"); $oDocumentTransaction->sVersion = $sql->f("version"); $oDocumentTransaction->iUserID = $sql->f("user_id"); diff --git a/lib/documentmanagement/DocumentType.inc b/lib/documentmanagement/DocumentType.inc index a88b563..6287e59 100644 --- a/lib/documentmanagement/DocumentType.inc +++ b/lib/documentmanagement/DocumentType.inc @@ -98,7 +98,7 @@ class DocumentType { }else{ $sql = $default->db; - $result = $sql->query("INSERT INTO " . $default->document_types_table . " (name) VALUES ('" . addslashes($this->sName) . "')"); + $result = $sql->query("INSERT INTO " . $default->document_types_table . " (name) VALUES ('$this->sName')"); if ($result) { $this->iId = $sql->insert_id(); return true; @@ -123,7 +123,7 @@ class DocumentType { //only update if the object has been stored if ($this->iId > 0) { $sql = $default->db; - $result = $sql->query("UPDATE " . $default->document_types_table . " SET name = '" . addslashes($this->sName) . "' WHERE id = $this->iId"); + $result = $sql->query("UPDATE " . $default->document_types_table . " SET name = '$this->sName' WHERE id = $this->iId"); if ($result) { return true; } @@ -204,7 +204,7 @@ class DocumentType { $result = $sql->query("SELECT * FROM ". $default->document_types_table ." WHERE id = $iDocumentTypeID"); if ($result) { if ($sql->next_record()) { - $oDocumentType = & new DocumentType(stripslashes($sql->f("name"))); + $oDocumentType = & new DocumentType($sql->f("name")); $oDocumentType->iId = $sql->f("id"); return $oDocumentType; } diff --git a/lib/documentmanagement/MetaData.inc b/lib/documentmanagement/MetaData.inc index effd4cb..8caef47 100644 --- a/lib/documentmanagement/MetaData.inc +++ b/lib/documentmanagement/MetaData.inc @@ -123,7 +123,7 @@ class MetaData { }else{ $sql = $default->db; - $result = $sql->query("INSERT INTO " . $default->metadata_table . " (document_field_id,name) VALUES ('". $this->iDocFieldID . "','" . addslashes($this->sName) . "')"); + $result = $sql->query("INSERT INTO " . $default->metadata_table . " (document_field_id,name) VALUES ('". $this->iDocFieldID . "','$this->sName')"); if ($result) { $this->iId = $sql->insert_id(); return true; @@ -148,7 +148,7 @@ class MetaData { //only update if the object has been stored if ($this->iId > 0) { $sql = $default->db; - $result = $sql->query("UPDATE " . $default->metadata_table. " SET name = '" . addslashes($this->sName) . "' WHERE id = $this->iId"); + $result = $sql->query("UPDATE " . $default->metadata_table. " SET name = '$this->sName' WHERE id = $this->iId"); if ($result) { return true; } @@ -195,7 +195,7 @@ class MetaData { $result = $sql->query("SELECT * FROM ". $default->metadata_table." WHERE id = $iMetaDataID"); if ($result) { if ($sql->next_record()) { - $oDocumentType = & new MetaData($sql->f("document_field_id"),stripslashes($sql->f("name"))); + $oDocumentType = & new MetaData($sql->f("document_field_id"),$sql->f("name")); $oDocumentType->iId = $sql->f("id"); return $oDocumentType; } diff --git a/lib/documentmanagement/PhysicalDocumentManager.inc b/lib/documentmanagement/PhysicalDocumentManager.inc index fc6acf0..1dff738 100644 --- a/lib/documentmanagement/PhysicalDocumentManager.inc +++ b/lib/documentmanagement/PhysicalDocumentManager.inc @@ -387,7 +387,7 @@ class PhysicalDocumentManager { */ function & createDocumentFromUploadedFile($aFileArray, $iFolderID) { //get the uploaded document information and put it into a document object - $oDocument = & new Document(stripslashes($aFileArray['name']), stripslashes($aFileArray['name']), $aFileArray['size'], $_SESSION["userID"], PhysicalDocumentManager::getMimeTypeID($aFileArray['type'], $aFileArray['name']), $iFolderID); + $oDocument = & new Document($aFileArray['name'], $aFileArray['name'], $aFileArray['size'], $_SESSION["userID"], PhysicalDocumentManager::getMimeTypeID($aFileArray['type'], $aFileArray['name']), $iFolderID); return $oDocument; } diff --git a/lib/foldermanagement/Folder.inc b/lib/foldermanagement/Folder.inc index 1ee39c5..6c85871 100644 --- a/lib/foldermanagement/Folder.inc +++ b/lib/foldermanagement/Folder.inc @@ -206,11 +206,11 @@ class Folder { } /** - * Generate a comma delimited string containing - * the parent folder ids - * - * @return String comma delimited string containing the parent folder ids - */ + * Recursive function to generate a comma delimited string containing + * the parent folder ids + * + * @return String comma delimited string containing the parent folder ids + */ function generateParentFolderIDS($iFolderID) { global $default; //if the folder is not the root folder @@ -225,23 +225,43 @@ class Folder { } /** - * Forward slash deliminated string giving full path of document - * from file system root url - * - */ + * Returns a comma delimited string containing the parent folder ids, strips leading / + * + * @return String comma delimited string containing the parent folder ids + */ + function generateFolderIDs($iFolderID) { + $sFolderIDs = $this->generateParentFolderIDS($iFolderID); + return substr($sFolderIDs, 1, strlen($sFolderIDs)); + } + + /** + * Recursively generates forward slash deliminated string giving full path of document + * from file system root url + */ function generateFullFolderPath($iFolderID) { global $default; //if the folder is not the root folder if ($iFolderID != 0) { $sql = $default->db; $sql->query("SELECT name, parent_id FROM $default->folders_table WHERE ID = $iFolderID"); - $sql->next_record(); - return $this->generateFullFolderPath($sql->f("parent_id")) . "/" . stripslashes($sql->f("name")); + $sql->next_record(); + return $this->generateFullFolderPath($sql->f("parent_id")) . "/" . $sql->f("name"); } return; } /** + * Returns a forward slash deliminated string giving full path of document, strips leading / + */ + function generateFolderPath($iFolderID) { + global $default; + $sPath = $this->generateFullFolderPath($iFolderID); + $sPath = substr($sPath, 1, strlen($sPath)); + $sPath = addslashes($sPath); + return $sPath; + } + + /** * Create the current folder in the database * * @return boolean true and set $this->iId with new primary key, false otherwise and set $_SESSION["errorMessage"] @@ -250,13 +270,11 @@ class Folder { global $default, $lang_err_database; $lang_err_object_exists; //if the object has not already been stored if ($this->iId < 0) { - $this->sFullPath = $this->generateFullFolderPath($this->iParentID); - $this->sFullPath = substr($this->sFullPath, 1, strlen($this->sFullPath)); - $this->sParentFolderIDs = $this->generateParentFolderIDS($this->iParentID); - $this->sParentFolderIDs = substr($this->sParentFolderIDs, 1, strlen($this->sParentFolderIDs)); + $this->sFullPath = $this->generateFolderPath($this->iParentID); + $this->sParentFolderIDs = $this->generateFolderIDs($this->iParentID); $sql = $default->db; $result = $sql->query("INSERT INTO " . $default->folders_table . " (name, description, parent_id, creator_id, unit_id, is_public, full_path, parent_folder_ids) " . - "VALUES ('" . addslashes($this->sName) . "', '" . addslashes($this->sDescription) . "', $this->iParentID, $this->iCreatorID, $this->iUnitID, " . ($this->bIsPublic ? 1 : 0) . ",'" . addslashes($this->sFullPath) . "','" . addslashes($this->sParentFolderIDs) . "')"); + "VALUES ('$this->sName', '$this->sDescription', $this->iParentID, $this->iCreatorID, $this->iUnitID, " . ($this->bIsPublic ? 1 : 0) . ",'$this->sFullPath','$this->sParentFolderIDs')"); if ($result) { $this->iId = $sql->insert_id(); return true; @@ -280,19 +298,16 @@ class Folder { if ($this->iId >= 0) { $sql = $default->db; $sQuery = "UPDATE " . $default->folders_table . " SET " . - "name = '" . addslashes($this->sName) . "', " . - "description = '" . addslashes($this->sDescription) . "', " . + "name = '$this->sName', " . + "description = '$this->sDescription', " . "parent_id = $this->iParentID, " . "creator_id = $this->iCreatorID, " . "unit_id = $this->iUnitID, "; if ($bPathChange) { - $sFullPath = $this->generateFullFolderPath($this->iParentID); - $this->sFullPath = substr($sFullPath, 1, strlen($sFullPath)); - $sParentFolderIDs = $this->generateParentFolderIDS($this->iParentID); - $this->sParentFolderIDs = substr($sParentFolderIDs, 1, strlen($sParentFolderIDs)); - - $sQuery .= "parent_folder_ids = '" . addslashes($this->sParentFolderIDs) . "'," . - "full_path = '" . addslashes($this->sFullPath) . "', "; + $this->sFullPath = $this->generateFolderPath($this->iParentID); + $this->sParentFolderIDs = $this->generateFolderIDs($this->iParentID); + $sQuery .= "parent_folder_ids = '$this->sParentFolderIDs'," . + "full_path = '$this->sFullPath', "; } $sQuery .= "is_public = " . ($this->bIsPublic ? 1 : 0) . " " . "WHERE id = " . $this->iId; @@ -345,9 +360,7 @@ class Folder { while ($sql->next_record()) { $aChildren[count($aChildren)] = $sql->f("id"); Folder::getChildren($sql->f("id"), & $aChildren); - //$sChildString .= $sql->f("id") . "," . Folder::getChildren($sql->f("id")); } - //return $sChildString; return $aChildren; } @@ -401,10 +414,10 @@ class Folder { $sql = $default->db; $sql->query("SELECT * FROM " . $default->folders_table . " WHERE id = " . $iFolderID); if ($sql->next_record()) { - $oFolder = & new Folder(stripslashes($sql->f("name")), stripslashes($sql->f("description")), $sql->f("parent_id"), $sql->f("creator_id"), $sql->f("unit_id"), $sql->f("is_public")); + $oFolder = & new Folder($sql->f("name"), $sql->f("description"), $sql->f("parent_id"), $sql->f("creator_id"), $sql->f("unit_id"), $sql->f("is_public")); $oFolder->iId = $iFolderID; - $oFolder->sFullPath = stripslashes($sql->f("full_path")); - $oFolder->sParentFolderIDs = stripslashes($sql->f("parent_folder_ids")); + $oFolder->sFullPath = $sql->f("full_path"); + $oFolder->sParentFolderIDs = $sql->f("parent_folder_ids"); return $oFolder; } $_SESSION["errorMessage"] = $lang_err_object_not_exist . "id = " . $iFolderID . " table = folders"; @@ -439,7 +452,6 @@ class Folder { $aFolderArray; settype($aFolderArray, "array"); $sql = $default->db; - // TODO: join on sys_deleted $result = $sql->query("SELECT * FROM " . $default->folders_table . (isset($sWhereClause) ? " WHERE " . $sWhereClause : "")); if ($result) { $iCount = 0; @@ -465,7 +477,8 @@ class Folder { function getFolderPath($iFolderID) { global $default; $oFolder = Folder::get($iFolderID); - return $default->documentRoot . "/" . $oFolder->sFullPath . "/" . $oFolder->getName() . "/"; + $sPath = $default->documentRoot . "/" . $oFolder->sFullPath . "/" . $oFolder->getName() . "/"; + return $sPath; } /** @@ -590,10 +603,9 @@ class Folder { * @return true if the folder exists, false otherwise and set $_SESSION["errorMessage"] */ function folderExistsName($sName, $iParentID) { - $sName = addslashes($sName); global $default, $lang_err_folder_exist; $sql = $default->db; - $sql->query("SELECT * FROM " . $default->folders_table . " WHERE name = '" . $sName . "' AND parent_id = " . $iParentID); + $sql->query("SELECT * FROM " . $default->folders_table . " WHERE name = '$sName' AND parent_id = $iParentID"); if ($sql->next_record()) { return true; } @@ -631,7 +643,7 @@ class Folder { $sql = $default->db; $sql->query("SELECT name FROM " . $default->folders_table . " WHERE id = " . $iFolderID); if ($sql->next_record()) { - return stripslashes($sql->f("name")); + return $sql->f("name"); } $_SESSION["errorMessage"] = $lang_err_database; return false; @@ -647,7 +659,7 @@ class Folder { function getFolderID($sFolderName) { global $default, $lang_err_database; $sql = $default->db; - $sql->query("SELECT id FROM " . $default->folders_table . " WHERE name = '" . addslashes($sFolderName) . "'"); + $sql->query("SELECT id FROM " . $default->folders_table . " WHERE name = '$sFolderName'"); if ($sql->next_record()) { return $sql->f("id"); } diff --git a/lib/foldermanagement/PhysicalFolderManagement.inc b/lib/foldermanagement/PhysicalFolderManagement.inc index bcf07d9..04cae34 100644 --- a/lib/foldermanagement/PhysicalFolderManagement.inc +++ b/lib/foldermanagement/PhysicalFolderManagement.inc @@ -37,7 +37,7 @@ class PhysicalFolderManagement { function createFolder($sPath) { // check if a folder with this name exists before creating it if (!file_exists($sPath)) { - return mkdir($sPath, 0755); + return mkdir(rtrim($sPath), 0755); } else { return true; } @@ -51,11 +51,11 @@ class PhysicalFolderManagement { * @return boolean true on successful delete, false otherwise */ function deleteFolder($sPath) { - return rmdir($sPath); + return rmdir(rtrim($sPath)); } function renameFolder($sOldPath, $sNewPath) { - return rename($sOldPath, $sNewPath); + return rename($sOldPath, rtrim($sNewPath)); } } diff --git a/lib/groups/Group.inc b/lib/groups/Group.inc index adec5a9..ee4fd58 100644 --- a/lib/groups/Group.inc +++ b/lib/groups/Group.inc @@ -109,6 +109,23 @@ class Group { } /** + * Checks if this group has users mapped to it or not + */ + function hasRoutingSteps() { + global $default; + + $sql = $default->db; + $query = "SELECT id FROM $default->groups_folders_approval_table WHERE group_id = $this->iId"; + $sql->query($query); + $rows = $sql->num_rows(); + if ($rows > 0){ + return true; + } else { + return false; + } + } + + /** * Create the current object in the database * * @return boolean on successful store, false otherwise and set $_SESSION["errorMessage"] @@ -129,7 +146,7 @@ class Group { return false; } else { $sql = $default->db; - $result = $sql->query("INSERT INTO " . $default->groups_table . " (name, is_sys_admin, is_unit_admin) VALUES ('" . addslashes($this->sName) . "', " . ($this->bIsSysAdmin ? 1 : 0) . ", " . ($this->bIsUnitAdmin ? 1 : 0) . ")"); + $result = $sql->query("INSERT INTO " . $default->groups_table . " (name, is_sys_admin, is_unit_admin) VALUES ('$this->sName', " . ($this->bIsSysAdmin ? 1 : 0) . ", " . ($this->bIsUnitAdmin ? 1 : 0) . ")"); if ($result) { $this->iId = $sql->insert_id(); return true; @@ -153,7 +170,7 @@ class Group { //only update if the object has been stored if ($this->iId > 0) { $sql = $default->db; - $result = $sql->query("UPDATE " . $default->groups_table . " SET name = '" . addslashes($this->sName) . "', is_sys_admin = " . ($this->bIsSysAdmin ? 1 : 0) . ", is_unit_admin = " . ($this->bIsUnitAdmin ? 1 : 0) . " WHERE id = $this->iId"); + $result = $sql->query("UPDATE " . $default->groups_table . " SET name = '$this->sName', is_sys_admin = " . ($this->bIsSysAdmin ? 1 : 0) . ", is_unit_admin = " . ($this->bIsUnitAdmin ? 1 : 0) . " WHERE id = $this->iId"); if ($result) { return true; } @@ -196,7 +213,7 @@ class Group { $result = $sql->query("SELECT * FROM $default->groups_table WHERE id = $iGroupID"); if ($result) { if ($sql->next_record()) { - $oGroup = & new Group(stripslashes($sql->f("name")), $sql->f("is_unit_admin"), $sql->f("is_sys_admin")); + $oGroup = & new Group($sql->f("name"), $sql->f("is_unit_admin"), $sql->f("is_sys_admin")); $oGroup->iId = $iGroupID; return $oGroup; } diff --git a/lib/groups/GroupFolderApprovalLink.inc b/lib/groups/GroupFolderApprovalLink.inc index 25e22db..eadd36c 100644 --- a/lib/groups/GroupFolderApprovalLink.inc +++ b/lib/groups/GroupFolderApprovalLink.inc @@ -223,7 +223,7 @@ class GroupFolderApprovalLink { $oGroupFolderApprovalLink->iId = $iGroupFolderLinkID; return $oGroupFolderApprovalLink; } - $_SESSION["errorMessage"] = $lang_err_object_not_exist . "id = " . $iGroupFolderLinkID . " table = $default-owl_groups_folders_approval_table"; + return false; } $_SESSION["errorMessage"] = $lang_err_database; diff --git a/lib/links/Link.inc b/lib/links/Link.inc index caa7a51..0a0cae7 100644 --- a/lib/links/Link.inc +++ b/lib/links/Link.inc @@ -101,7 +101,7 @@ class Link { }else{ $sql = $default->db; - $result = $sql->query("INSERT INTO " . $default->quicklinks_table . " (name, url, rank) VALUES ('" . addslashes($this->sName) . "', '" . ($this->sUrl) . "', " . ($this->iRank) . ")"); + $result = $sql->query("INSERT INTO " . $default->quicklinks_table . " (name, url, rank) VALUES ('$this->sName', '$this->sUrl', $this->iRank)"); if ($result) { $this->iId = $sql->insert_id(); return true; @@ -126,7 +126,7 @@ class Link { //only update if the object has been stored if ($this->iId > 0) { $sql = $default->db; - $result = $sql->query("UPDATE " . $default->quicklinks_table . " SET name = '" . addslashes($this->sName) . "', url = '" . ($this->sUrl) . "', rank = " . ($this->iRank) . " WHERE id = $this->iId"); + $result = $sql->query("UPDATE " . $default->quicklinks_table . " SET name = '$this->sName', url = '$this->sUrl', rank = $this->iRank WHERE id = $this->iId"); if ($result) { return true; } @@ -174,7 +174,7 @@ class Link { $result = $sql->query("SELECT * FROM $default->quicklinks_table WHERE id = $iLinkID"); if ($result) { if ($sql->next_record()) { - $oLink = & new Link(stripslashes($sql->f("name")), $sql->f("url"), $sql->f("rank")); + $oLink = & new Link($sql->f("name"), $sql->f("url"), $sql->f("rank")); $oLink->iId = $iLinkID; return $oLink; } diff --git a/lib/orgmanagement/Organisation.inc b/lib/orgmanagement/Organisation.inc index 9b6297c..da0795e 100644 --- a/lib/orgmanagement/Organisation.inc +++ b/lib/orgmanagement/Organisation.inc @@ -81,7 +81,7 @@ class Organisation { $_SESSION["errorMessage"] = "Organisation::The name " . $this->sName . " is already in use!"; return false; } else { - $result = $sql->query("INSERT INTO " . $default->organisations_table . " (name) VALUES ('" . addslashes($this->sName) . "')"); + $result = $sql->query("INSERT INTO " . $default->organisations_table . " (name) VALUES ('$this->sName')"); if ($result) { $this->iId = $sql->insert_id(); return true; @@ -104,7 +104,7 @@ class Organisation { //only update if the object has been stored if ($this->iId > 0) { $sql = $default->db; - $result = $sql->query("UPDATE " . $default->organisations_table . " SET name = '" . addslashes($this->sName) . "' WHERE id = $this->iId"); + $result = $sql->query("UPDATE " . $default->organisations_table . " SET name = '$this->sName' WHERE id = $this->iId"); if ($result) { return true; } @@ -160,7 +160,7 @@ class Organisation { $result = $sql->query("SELECT * FROM $default->organisations_table WHERE id = $iOrgID"); if ($result) { if ($sql->next_record()) { - $oOrg = & new Organisation(stripslashes($sql->f("name"))); + $oOrg = & new Organisation($sql->f("name")); $oOrg->iId = $iOrgID; return $oOrg; } diff --git a/lib/roles/Role.inc b/lib/roles/Role.inc index 60cb02a..d18b677 100644 --- a/lib/roles/Role.inc +++ b/lib/roles/Role.inc @@ -113,7 +113,7 @@ class Role { }else { $sql = $default->db; - $result = $sql->query("INSERT INTO " . $default->roles_table . " (name, active, can_read, can_write) VALUES ('" . addslashes($this->sName) . "', " . ($this->bActive ? 1 : 0) . ", " . ($this->bCanRead ? 1 : 0) . ", " . ($this->bCanWrite ? 1 : 0) . ")"); + $result = $sql->query("INSERT INTO " . $default->roles_table . " (name, active, can_read, can_write) VALUES ('$this->sName', " . ($this->bActive ? 1 : 0) . ", " . ($this->bCanRead ? 1 : 0) . ", " . ($this->bCanWrite ? 1 : 0) . ")"); if ($result) { $this->iId = $sql->insert_id(); return true; @@ -137,7 +137,7 @@ class Role { //only update if the object has been stored if ($this->iId > 0) { $sql = $default->db; - $result = $sql->query("UPDATE " . $default->roles_table . " SET name = '" . addslashes($this->sName) . "', active = " . ($this->bActive ? 1 : 0) . ", can_read = " . ($this->bCanRead ? 1 : 0) . ", can_write = " . ($this->bCanWrite ? 1 : 0) . " WHERE id = $this->iId"); + $result = $sql->query("UPDATE " . $default->roles_table . " SET name = '$this->sName', active = " . ($this->bActive ? 1 : 0) . ", can_read = " . ($this->bCanRead ? 1 : 0) . ", can_write = " . ($this->bCanWrite ? 1 : 0) . " WHERE id = $this->iId"); if ($result) { return true; } @@ -197,7 +197,7 @@ class Role { $result = $sql->query("SELECT * FROM $default->roles_table WHERE id = $iRoleID"); if ($result) { if ($sql->next_record()) { - $oRole = & new Role(stripslashes($sql->f("name")), $sql->f("can_read"), $sql->f("can_write")); + $oRole = & new Role($sql->f("name"), $sql->f("can_read"), $sql->f("can_write")); $oRole->iId = $iRoleID; $oRole->bActive = $sql->f("active"); return $oRole; diff --git a/lib/session/control.inc b/lib/session/control.inc index 62349ff..b02398d 100644 --- a/lib/session/control.inc +++ b/lib/session/control.inc @@ -61,9 +61,8 @@ function controllerRedirect($sAction, $sQueryString = "") { function generateLink($sTargetPage, $sQueryString, $sLinkText = "") { global $default; - if (strlen($sQueryString) > 0) { - $sQueryStringDelimiter = (strstr($sTargetPage, "?") ? "&" : "?"); - } + $sQueryStringDelimiter = strlen($sQueryString) > 0 ? (strstr($sTargetPage, "?") ? "&" : "?") : ""; + $sLink = "http" . ($default->sslEnabled ? "s" : "") . "://" . $default->serverName . ((substr($sTargetPage, 0, strlen($default->rootUrl)) != $default->rootUrl) ? $default->rootUrl : "") . $sTargetPage . $sQueryStringDelimiter . $sQueryString; @@ -148,7 +147,7 @@ function checkSessionAndRedirect($bRedirect) { } else { $url = generateControllerUrl("loginForm"); } - $redirect = urlencode($_SERVER[PHP_SELF] . "?" . $_SERVER["QUERY_STRING"]); + $redirect = urlencode($_SERVER["PHP_SELF"] . "?" . $_SERVER["QUERY_STRING"]); if ((strlen($redirect) > 1)) { $default->log->debug("checkSession:: redirect url=$redirect"); // this session verification failure represents either the first visit to diff --git a/lib/unitmanagement/Unit.inc b/lib/unitmanagement/Unit.inc index f8bd629..6f31d2b 100644 --- a/lib/unitmanagement/Unit.inc +++ b/lib/unitmanagement/Unit.inc @@ -89,7 +89,7 @@ class Unit { $_SESSION["errorMessage"] = "Unit::The name " . $this->sName . " is already in use!"; return false; } else { - $result = $sql->query("INSERT INTO " . $default->units_table . " (name) VALUES ('" . addslashes($this->sName) . "')"); + $result = $sql->query("INSERT INTO " . $default->units_table . " (name) VALUES ('$this->sName')"); if ($result) { $this->iId = $sql->insert_id(); // create a new unit root folder @@ -131,7 +131,7 @@ class Unit { $sql = $default->db; // lookup current name before updating $sOldName = lookupField($default->units_table, "name", "id", $this->iId); - $result = $sql->query("UPDATE " . $default->units_table . " SET name = '" . addslashes($this->sName) . "' WHERE id = $this->iId"); + $result = $sql->query("UPDATE " . $default->units_table . " SET name = '$this->sName' WHERE id = $this->iId"); if ($result) { // need to update the units root folder also $iFolderID = Folder::getFolderID($sOldName); @@ -202,7 +202,7 @@ class Unit { $result = $sql->query("SELECT * FROM $default->units_table WHERE id = $iUnitID"); if ($result) { if ($sql->next_record()) { - $oUnit = & new Unit(stripslashes($sql->f("name"))); + $oUnit = & new Unit($sql->f("name")); $oUnit->iId = $iUnitID; return $oUnit; } diff --git a/lib/users/User.inc b/lib/users/User.inc index 621a100..e061fb0 100644 --- a/lib/users/User.inc +++ b/lib/users/User.inc @@ -324,7 +324,7 @@ class User { } else { $result = $sql->query("INSERT INTO " . $default->users_table . " (username, name, password, quota_max, quota_current, email, mobile, email_notification, sms_notification, ldap_dn, max_sessions, language_id) " . - "VALUES ('" . addslashes($this->sUserName) . "', '" . addslashes($this->sName) . "', '" . addslashes(md5($this->sPassword)) . "', $this->iQuotaMax, 0, '" . addslashes($this->sEmail) . "', '" . addslashes($this->sMobile) . "', " . ($this->bEmailNotification ? 1 : 0) . ", " . ($this->bSmsNotification ? 1 : 0) . ", '" . addslashes($this->sLdapDn) . "', $this->iMaxSessions, $this->iLanguageID)"); + "VALUES ('$this->sUserName', '$this->sName', '" . md5($this->sPassword) . "', $this->iQuotaMax, 0, '$this->sEmail', '$this->sMobile', " . ($this->bEmailNotification ? 1 : 0) . ", " . ($this->bSmsNotification ? 1 : 0) . ", '$this->sLdapDn', $this->iMaxSessions, $this->iLanguageID)"); if ($result) { $this->iId = $sql->insert_id(); return true; @@ -360,7 +360,7 @@ class User { } else { $sql = $default->db; - $result = $sql->query("UPDATE " . $default->users_table . " SET username = '" . addslashes($this->sUserName) . "', name = '" . addslashes($this->sName) . "', " . ($this->bPasswordChanged ? "password = '" . addslashes(md5($this->sPassword)) . "', " : " ") . " quota_max = $this->iQuotaMax, email = '" . addslashes($this->sEmail) . "', mobile = '" . addslashes($this->sMobile) . "', email_notification = " . ($this->bEmailNotification ? 1 : 0) . ", sms_notification = " . ($this->bSmsNotification ? 1 : 0) . ", ldap_dn = '" . addslashes($this->sLdapDn) . "', max_sessions = $this->iMaxSessions, language_id = $this->iLanguageID WHERE id = $this->iId"); + $result = $sql->query("UPDATE " . $default->users_table . " SET username = '$this->sUserName', name = '$this->sName', " . ($this->bPasswordChanged ? "password = '" . md5($this->sPassword) . "', " : " ") . " quota_max = $this->iQuotaMax, email = '$this->sEmail', mobile = '$this->sMobile', email_notification = " . ($this->bEmailNotification ? 1 : 0) . ", sms_notification = " . ($this->bSmsNotification ? 1 : 0) . ", ldap_dn = '$this->sLdapDn', max_sessions = $this->iMaxSessions, language_id = $this->iLanguageID WHERE id = $this->iId"); if ($result) { return true; } @@ -430,7 +430,7 @@ class User { $result = $sql->query("SELECT * FROM $default->users_table WHERE id = $iUserID"); if ($result) { if ($sql->next_record()) { - $oUser = & new User(stripslashes($sql->f("username")), stripslashes($sql->f("name")), stripslashes($sql->f("password")), $sql->f("quota_max"), stripslashes($sql->f("email")), stripslashes($sql->f("mobile")), $sql->f("email_notification"), $sql->f("sms_notification"), $sql->f("ldap_dn"), $sql->f("max_sessions"), $sql->f("language_id")); + $oUser = & new User($sql->f("username"), $sql->f("name"), $sql->f("password"), $sql->f("quota_max"), $sql->f("email"), $sql->f("mobile"), $sql->f("email_notification"), $sql->f("sms_notification"), $sql->f("ldap_dn"), $sql->f("max_sessions"), $sql->f("language_id")); $oUser->iId = $iUserID; return $oUser; } diff --git a/lib/visualpatterns/PatternBrowsableSearchResults.inc b/lib/visualpatterns/PatternBrowsableSearchResults.inc index fcbc999..3655d98 100644 --- a/lib/visualpatterns/PatternBrowsableSearchResults.inc +++ b/lib/visualpatterns/PatternBrowsableSearchResults.inc @@ -50,6 +50,8 @@ class PatternBrowseableSearchResults { var $sOrderDirection = "ASC"; /** New QueryString when submitting to self */ var $sQueryString; + /** Search criteria **/ + var $sSearchText; function PatternBrowseableSearchResults($sTmpQuery, $iTmpResultsToDisplay, $aTmpColumns, $aTmpColumnTypes, $aTmpColumnHeaders, $aTmpLinkURLs = null, $aTmpDBQueryStringColumns = null, $aTmpQueryStringVariableNames = null) { $this->sQuery = $sTmpQuery; @@ -82,6 +84,9 @@ class PatternBrowseableSearchResults { function setOrderDirection($sNewValue) { $this->sOrderDirection = $sNewValue; } + function setSearchText($sNewValue) { + $this->sSearchText = $sNewValue; + } /** * Build the HTML string used to render the object @@ -96,43 +101,53 @@ class PatternBrowseableSearchResults { $sSectionName = $default->siteMap->getSectionName(substr($_SERVER["PHP_SELF"], strlen($default->rootUrl), strlen($_SERVER["PHP_SELF"]))); $sTHBGColour = $default->siteMap->getSectionColour($sSectionName, "th"); - //add the limit and offset stuff for cutting down result set - $sLimitQuery = $this->sQuery . " LIMIT " . $this->iStartIndex . ", " . $this->iResultsToDisplay; - $sql = & $default->db; + // run the query first and get the number of rows + $iTotalResults = $this->getResultCount(); + + // now add the limit and offset stuff for cutting down result set + // decrement startIndex because LIMIT starts at zero and startIndex starts at 1 (for display purposes) + $sLimitQuery = $this->sQuery . " LIMIT " . ($this->iStartIndex-1) . ", " . $this->iResultsToDisplay; + + $sql = & $default->db; $sql->query($sLimitQuery); - $sToRender; + if ($sql->num_rows() == 0) { //no results - $sToRender = "\n"; + $sToRender .= "
\n"; $sToRender .= "\n"; $sToRender .= "\n"; $sToRender .= "\n"; $sToRender .= "

No results matched your criteria

\n"; } else { - $sToRender = "\n"; + $sToRender .= "
\n"; + + // display the number of results + $iEndIndex = $this->iStartIndex+$this->iResultsToDisplay-1 < $iTotalResults ? $this->iStartIndex+$this->iResultsToDisplay-1 : $iTotalResults; + + $sToRender .= ""; + $sToRender .= "\n"; + $sToRender .= "\n"; for ($i = 0; $i < count($this->aColumnHeadings); $i++) { if (! (strcmp($this->sOrderByColumn, $this->aColumns[$i]) === false) && (strcmp($this->sOrderByColumn, $this->aColumns[$i]) == 0)) { if (!(strcmp($this->sOrderDirection,"ASC") === false) && (strcmp($this->sOrderDirection,"ASC") == 0)) { - //$sToRender .= "\n"; $sToRender .= "\n"; } else { - //$sToRender .= "\n"; $sToRender .= "\n"; } } else { - //$sToRender .= "\n"; $sToRender .= "\n"; } } $sToRender .= "\n"; $iColour = 0; $iDisplayed = 0; - //limit the result set displayed - while($sql->next_record() && ($iDisplayed < $this->iResultsToDisplay)) { + + //limit the result set displayed + while($sql->next_record()) { $sToRender .= ""; - $iColour++; + $iColour++; $iDisplayed++; for ($i = 0; $i < count($this->aColumns); $i++) { switch ($this->aColumnTypes[$i]) { @@ -141,7 +156,7 @@ class PatternBrowseableSearchResults { $sToRender .= "\n"; break; case 2: - //diplay a checkbox + //display a checkbox $sToRender .= "\n"; break; case 3: @@ -176,43 +191,40 @@ class PatternBrowseableSearchResults { } } $sToRender .= "\n"; - $iDisplayed++; - } + } //if we displayed less results than the number to display //simply pad the table while ($iDisplayed < $this->iResultsToDisplay) { - $sToRender .= "\n"; + $sToRender .= "\n"; $iDisplayed++; } - + $sToRender .= "
Searched the KnowledgeTree for '$this->sSearchText'.
Displaying results $this->iStartIndex - $iEndIndex of $iTotalResults
iStartIndex . "\">" . $this->aColumnHeadings[$i]."" . $this->aColumnHeadings[$i]. "iStartIndex . "\">" . $this->aColumnHeadings[$i]."" . $this->aColumnHeadings[$i]. "iStartIndex . "\">" . $this->aColumnHeadings[$i]."" . $this->aColumnHeadings[$i]. "
" . $sql->f($this->aColumns[$i]) . "" . ($sql->f($this->aColumns[$i]) ? "Yes" : "No") . "
 
 
"; + + $sToRender .= ""; $sToRender .= "\n"; - - $sToRender .= "iStartIndex + $this->iResultsToDisplay) . "\" />\n"; - /* Display only the next button */ - if (($this->iStartIndex + $this->iResultsToDisplay) < $this->getResultCount($sql) && $this->iStartIndex == 0) { - $sToRender .= ""; + $sToRender .= "\n"; } - /* Display both the next and the previous buttons */ - else if (($this->iStartIndex + $this->iResultsToDisplay) < $this->getResultCount($sql) && $this->iStartIndex > 0) { + // Display both the next and the previous buttons + else if (($this->iStartIndex + $this->iResultsToDisplay) < $iTotalResults && $this->iStartIndex > 1) { $sToRender .= ""; $sToRender .= "\n"; } - /* Display only the previous button */ - else if ($this->iStartIndex > 0) { - $sToRender .= ""; - $sToRender .= ""; } @@ -222,11 +234,14 @@ class PatternBrowseableSearchResults { return $sToRender; } - function getResultCount($sql) { + function getResultCount() { + global $default; + $sql = & $default->db; if ($sql->query($this->sQuery)) { return $sql->num_rows(); + } else { + return 0; } - return 0; } } ?> \ No newline at end of file diff --git a/lib/visualpatterns/PatternEditableListFromQuery.inc b/lib/visualpatterns/PatternEditableListFromQuery.inc index 191dd50..9a515b5 100644 --- a/lib/visualpatterns/PatternEditableListFromQuery.inc +++ b/lib/visualpatterns/PatternEditableListFromQuery.inc @@ -139,7 +139,7 @@ class PatternEditableListFromQuery { switch ($this->aDisplayColumnTypes[$i]) { case 1: //plain text field - $sToRender .= "\t\n"; + $sToRender .= "\t\n"; break; case 2: //boolean value diff --git a/lib/visualpatterns/PatternEditableTableSqlQuery.inc b/lib/visualpatterns/PatternEditableTableSqlQuery.inc index e5356a4..90ee6ab 100644 --- a/lib/visualpatterns/PatternEditableTableSqlQuery.inc +++ b/lib/visualpatterns/PatternEditableTableSqlQuery.inc @@ -172,9 +172,9 @@ class PatternEditableTableSqlQuery { //output the value if ($this->aColumnsVisible[$i]) { if ($this->aColumnsEditable[$i]) { - $sToRender .= "\tsUniqueName . "_" . $iRowCount . $i . "_value\" value=\"" . stripslashes($sql->f($this->aStoreColumnNames[$i])) . "\" />\n"; + $sToRender .= "\tsUniqueName . "_" . $iRowCount . $i . "_value\" value=\"" . $sql->f($this->aStoreColumnNames[$i]) . "\" />\n"; } else { - $sToRender .= "\tsUniqueName . "_" . $iRowCount . $i . "_value\" value=\"" . $sql->f($this->aStoreColumnNames[$i]) . "\" />" . stripslashes($sql->f($this->aDisplayColumnNames[$i]))."\n"; + $sToRender .= "\tsUniqueName . "_" . $iRowCount . $i . "_value\" value=\"" . $sql->f($this->aStoreColumnNames[$i]) . "\" />" . $sql->f($this->aDisplayColumnNames[$i])."\n"; } } else { $sToRender .= "\tsUniqueName . "_" . $iRowCount . $i . "_value\" value=\"" . $sql->f($this->aStoreColumnNames[$i]) . "\" />\n"; diff --git a/lib/visualpatterns/PatternListBox.inc b/lib/visualpatterns/PatternListBox.inc index c74bca8..80ad303 100644 --- a/lib/visualpatterns/PatternListBox.inc +++ b/lib/visualpatterns/PatternListBox.inc @@ -164,9 +164,9 @@ class PatternListBox { } while ($sql->next_record()) { if ($this->selectedValue == $sql->f("value")) { - $sToRender .= "\n"; + $sToRender .= "\n"; } else { - $sToRender .= "\n"; + $sToRender .= "\n"; } } if (isset($this->aAdditionalEntries)) { @@ -200,7 +200,7 @@ class PatternListBox { $aValues = array(); while ($sql->next_record()) { $aValues[] = array("value" => $sql->f("value"), - "display" => stripslashes($sql->f("display"))); + "display" => $sql->f("display")); } return $aValues; } diff --git a/lib/visualpatterns/PatternListFromQuery.inc b/lib/visualpatterns/PatternListFromQuery.inc index 43188f6..bb0b77a 100644 --- a/lib/visualpatterns/PatternListFromQuery.inc +++ b/lib/visualpatterns/PatternListFromQuery.inc @@ -127,7 +127,7 @@ class PatternListFromQuery { $sToRender .= "\n"; + $sToRender .= $sql->f($this->aColumns[$i]) . "\n"; } else { $sToRender .= " "; } @@ -153,7 +153,7 @@ class PatternListFromQuery { //$sToRender .= "\n"; //break; case 3: - $sToRender .= "\n"; + $sToRender .= "\n"; break; default: break; diff --git a/lib/visualpatterns/PatternMetaData.inc b/lib/visualpatterns/PatternMetaData.inc index c3f9397..437b5a3 100644 --- a/lib/visualpatterns/PatternMetaData.inc +++ b/lib/visualpatterns/PatternMetaData.inc @@ -44,7 +44,7 @@ class PatternMetaData { function render() { global $default; - $sQuery = "SELECT has_lookup FROM $default->document_fields_table WHERE name LIKE '" . $this->sMetaDataField . "'"; + $sQuery = "SELECT has_lookup FROM $default->document_fields_table WHERE name LIKE '" . addslashes($this->sMetaDataField) . "'"; $sql = $default->db; $sql->query($sQuery); @@ -53,7 +53,7 @@ class PatternMetaData { //is a lookup, so display a drop down list $sWhereClause = "DF.name LIKE '" . $this->sMetaDataField . "'"; $sFromClause = "INNER JOIN $default->document_fields_table AS DF ON ST.document_field_id = DF.id"; - $oPatternListBox = & new PatternListBox("$default->document_fields_lookup_tables", "name", "name", $this->sFormName); + $oPatternListBox = & new PatternListBox("$default->metadata_table", "name", "name", $this->sFormName); if ($this->sValue != null) { $oPatternListBox->setSelectedValue($this->sValue); } @@ -63,7 +63,7 @@ class PatternMetaData { } else { $sToRender = "sFormName . "\" "; if ($this->sValue != null) { - $sToRender .= "value=\"" . stripslashes($this->sValue) . "\" "; + $sToRender .= "value=\"" . $this->sValue . "\" "; } $sToRender .= " />"; return $sToRender; diff --git a/lib/visualpatterns/PatternTableSqlQuery.inc b/lib/visualpatterns/PatternTableSqlQuery.inc index b3921dc..488c35a 100644 --- a/lib/visualpatterns/PatternTableSqlQuery.inc +++ b/lib/visualpatterns/PatternTableSqlQuery.inc @@ -164,9 +164,9 @@ class PatternTableSqlQuery { } if ($sql->f($this->aColumns[$i]) != null) { if ($this->bWordWrap) { - $sToRender .= wordwrap(stripslashes($sql->f($this->aColumns[$i])), 25, " ", 1) . ""; + $sToRender .= wordwrap($sql->f($this->aColumns[$i]), 25, " ", 1) . ""; } else { - $sToRender .= stripslashes($sql->f($this->aColumns[$i])) . ""; + $sToRender .= $sql->f($this->aColumns[$i]) . ""; } } else { $sToRender .= " "; @@ -205,7 +205,7 @@ class PatternTableSqlQuery { } else if ($this->bUseImageURLFromQuery) { $sToRender .= $this->generateImageURL($sql->f("image_url")); } - $sToRender .= stripslashes($sql->f($this->aColumns[$i])) . "\n"; + $sToRender .= $sql->f($this->aColumns[$i]) . "\n"; break; default: break; diff --git a/lib/web/WebDocument.inc b/lib/web/WebDocument.inc index 7c3cea0..0e8763f 100644 --- a/lib/web/WebDocument.inc +++ b/lib/web/WebDocument.inc @@ -1,7 +1,10 @@ db; - $result = $sql->query("INSERT INTO " . $default->web_sites_table . " (web_site_name, web_site_url, web_master_id) VALUES ('" . addslashes($this->sWebSiteName) . "', '" . addslashes($this->sWebSiteURL) . "', $this->iWebMasterID)"); + $result = $sql->query("INSERT INTO " . $default->web_sites_table . " (web_site_name, web_site_url, web_master_id) VALUES ('$this->sWebSiteName', '$this->sWebSiteURL', $this->iWebMasterID)"); if ($result) { $this->iId = $sql->insert_id(); return true; @@ -170,7 +170,7 @@ class WebSite { //only update if the object has been stored if ($this->iId > 0) { $sql = $default->db; - $result = $sql->query("UPDATE " . $default->web_sites_table . " SET web_site_name = '" . addslashes($this->sWebSiteName) . "', web_site_url = '" . addslashes($this->sWebSiteURL) . "', web_master_id = '" . $this->iWebMasterID . "' WHERE id = $this->iId"); + $result = $sql->query("UPDATE " . $default->web_sites_table . " SET web_site_name = '$this->sWebSiteName', web_site_url = '$this->sWebSiteURL', web_master_id = '" . $this->iWebMasterID . "' WHERE id = $this->iId"); if ($result) { return true; } @@ -217,7 +217,7 @@ class WebSite { $result = $sql->query("SELECT * FROM $default->web_sites_table WHERE id = $iWebSiteID"); if ($result) { if ($sql->next_record()) { - $oWebSite = & new WebSite(stripslashes($sql->f("web_site_name")), stripslashes($sql->f("web_site_url")), $sql->f("web_master_id")); + $oWebSite = & new WebSite($sql->f("web_site_name"), $sql->f("web_site_url"), $sql->f("web_master_id")); $oWebSite->iId = $iWebSiteID; return $oWebSite; } diff --git a/presentation/login.php b/presentation/login.php index cb950c6..6be845f 100644 --- a/presentation/login.php +++ b/presentation/login.php @@ -98,7 +98,7 @@ if ($loginAction == "loginForm") { switch ($userDetails["status"]) { // bad credentials case 0: - $url = $url . "&errorMessage=" . urlencode($lang_loginfail); + $url = $url . "&errorMessage=" . urlencode("Login failure"); break; // successfully authenticated case 1: @@ -137,18 +137,18 @@ if ($loginAction == "loginForm") { break; // login disabled case 2: - $url = $url . "&errorMessage=" . urlencode($lang_logindisabled); + $url = $url . "&errorMessage=" . urlencode("Account has been DISABLED, contact the System Adminstrator"); break; // too many sessions case 3 : - $url = $url . "&errorMessage=" . urlencode($lang_toomanysessions); + $url = $url . "&errorMessage=" . urlencode("Maximum sessions for user reached.
Contact the System Administrator"); break; // not a unit user case 4 : $url = $url . "&errorMessage=" . urlencode("Not unit user- contact an Administrator"); break; default : - $url = $url . "&errorMessage=" . urlencode($lang_err_general); + $url = $url . "&errorMessage=" . urlencode("Login failure"); } } else { // didn't receive any login parameters, so redirect login form diff --git a/presentation/lookAndFeel/knowledgeTree/administration/docfieldmanagement/editDocFieldLookupsUI.inc b/presentation/lookAndFeel/knowledgeTree/administration/docfieldmanagement/editDocFieldLookupsUI.inc index f8cd170..c4325be 100644 --- a/presentation/lookAndFeel/knowledgeTree/administration/docfieldmanagement/editDocFieldLookupsUI.inc +++ b/presentation/lookAndFeel/knowledgeTree/administration/docfieldmanagement/editDocFieldLookupsUI.inc @@ -84,7 +84,7 @@ function getGroupPage($fDocFieldID) { $LookupDisplay .= "Current Lookups
\n"; $sQuery = " Select * " . - " From " . $default->document_fields_lookup_tables . + " From " . $default->metadata_table . " WHERE document_field_id=" . $fDocFieldID; $aColumns = array("name"); diff --git a/presentation/lookAndFeel/knowledgeTree/administration/groupmanagement/assignGroupToUnitBL.php b/presentation/lookAndFeel/knowledgeTree/administration/groupmanagement/assignGroupToUnitBL.php index 1c61776..d6e396d 100644 --- a/presentation/lookAndFeel/knowledgeTree/administration/groupmanagement/assignGroupToUnitBL.php +++ b/presentation/lookAndFeel/knowledgeTree/administration/groupmanagement/assignGroupToUnitBL.php @@ -65,7 +65,7 @@ if (checkSession()) { if($unitLink == false) { $oPatternCustom->setHtml(getPage($fGroupID,$fUnitID)); $main->setHasRequiredFields(true); - $main->setFormAction($_SERVER["PHP_SELF"] . "?fGroupSet=1&fGroupAssign=1"); + $main->setFormAction($_SERVER["PHP_SELF"] . "?fGroupAssign=1"); } else { //if it does...then go to failure page $oPatternCustom->setHtml(getPageFail($fGroupID)); diff --git a/presentation/lookAndFeel/knowledgeTree/administration/groupmanagement/assignGroupToUnitUI.inc b/presentation/lookAndFeel/knowledgeTree/administration/groupmanagement/assignGroupToUnitUI.inc index 5c7d3c7..7cc141d 100644 --- a/presentation/lookAndFeel/knowledgeTree/administration/groupmanagement/assignGroupToUnitUI.inc +++ b/presentation/lookAndFeel/knowledgeTree/administration/groupmanagement/assignGroupToUnitUI.inc @@ -80,28 +80,25 @@ function getGotGroupPage($iGroupID,$iUnitID){ // gets main page function getPage($iGroupID, $iUnitID) { global $default; - $oGroup = null; - $oUnit = null; + + $oGroup = Group::get($iGroupID); + if (isset($iUnitID)) { + $oUnit = Unit::get($iUnitID); + } - if (isset($iGroupID)) { - $oGroup = Group::get($iGroupID); - $heading = "\n"; + if ($oUnit) { + $heading = "\n"; } else { - if (Permission::userIsUnitAdministrator()) { + if (Permission::userIsUnitAdministrator() && !Permission::userIsSystemAdministrator()) { $heading = "\n"; } else { $heading = "\n"; } } - - if (isset($iUnitID)) { - $oUnit = Unit::get($iUnitID); - } $sToRender .= renderHeading("Assign Group to Unit"); $sToRender .= "
"; - //$sToRender .= ("Next"); - $sToRender .= ("graphicsUrl/widgets/next.gif\" onClick=\"setActionAndSubmit('" . $_SERVER["PHP_SELF"] . "?fStartIndex=" . ($this->iStartIndex + $this->iResultsToDisplay) . $this->sQueryString . "')\" />"); + $sToRender .= "\n"; + // Display only the next button + if (($this->iStartIndex + $this->iResultsToDisplay) < $iTotalResults && $this->iStartIndex == 1) { + $sToRender .= "             "; + $sToRender .= "graphicsUrl/widgets/next.gif\" onClick=\"setActionAndSubmit('" . $_SERVER["PHP_SELF"] . "?fStartIndex=" . ($this->iStartIndex + $this->iResultsToDisplay) . $this->sQueryString . "')\" />"; $sToRender .= ""; - $sToRender .= ("graphicsUrl/widgets/next.gif\" onClick=\"setActionAndSubmit('" . $_SERVER["PHP_SELF"] . "?fStartIndex=" . ($this->iStartIndex + $this->iResultsToDisplay) . $this->sQueryString . "')\" />"); + $sToRender .= "graphicsUrl/widgets/previous.gif\" onClick=\"setActionAndSubmit('" . $_SERVER["PHP_SELF"] . "?fStartIndex=" . ($this->iStartIndex - $this->iResultsToDisplay) . $this->sQueryString . "')\" />"; $sToRender .= ""; - $sToRender .= ("graphicsUrl/widgets/previous.gif\" onClick=\"setActionAndSubmit('" . $_SERVER["PHP_SELF"] . "?fStartIndex=" . ($this->iStartIndex - $this->iResultsToDisplay) . $this->sQueryString . "')\" />"); + $sToRender .= "graphicsUrl/widgets/next.gif\" onClick=\"setActionAndSubmit('" . $_SERVER["PHP_SELF"] . "?fStartIndex=" . ($this->iStartIndex + $this->iResultsToDisplay) . $this->sQueryString . "')\" />"; $sToRender .= "\n"; - $sToRender .= (" "); - $sToRender .= "\n"; - $sToRender .= ("graphicsUrl/widgets/previous.gif\" onClick=\"setActionAndSubmit('" . $_SERVER["PHP_SELF"] . "?fStartIndex=" . ($this->iStartIndex - $this->iResultsToDisplay) . $this->sQueryString . "')\" />"); + // Display only the previous button + else if ($this->iStartIndex > 1) { + $sToRender .= "\n"; + $sToRender .= "graphicsUrl/widgets/previous.gif\" onClick=\"setActionAndSubmit('" . $_SERVER["PHP_SELF"] . "?fStartIndex=" . ($this->iStartIndex - $this->iResultsToDisplay) . $this->sQueryString . "')\" />"; $sToRender .= "sUniqueName . "_" . $i . "_value\" value=\"" . stripslashes($sql->f($this->aDisplayColumns[$i])) . "\"sUniqueName . "_" . $i . "_value\" value=\"" . $sql->f($this->aDisplayColumns[$i]) . "\"" . $this->aColumnNames[$i] . ""; if ($sql->f($this->aColumns[$i]) != null) { - $sToRender .= stripslashes($sql->f($this->aColumns[$i])) . "" . $this->aColumnNames[$i] . "" . $this->aColumnNames[$i] . "aHyperLinkURL[$i] . "?" . $this->replaceValues($this->aQueryStringText[$i], $sql) . "\">" . stripslashes($sql->f($this->aColumns[$i])) . "" . $this->aColumnNames[$i] . "aHyperLinkURL[$i] . "?" . $this->replaceValues($this->aQueryStringText[$i], $sql) . "\">" . $sql->f($this->aColumns[$i]) . "
Are you Sure you wish to assign the Group to the Unit?
Are you sure you wish to assign the Group to the Unit?
Please Assign a Group to your Unit:
Please Assign a Group to a Unit:
\n"; $sToRender .= $heading; - $sToRender .= "
\n"; $sToRender .= "\n"; $sToRender .= "\n"; $sToRender .= "\n"; @@ -227,7 +224,7 @@ function getGroupDisplay($oGroup) { // display the listbox initially ..then just display the text function getUnitDisplay($oUnit) { global $default; - if (Permission::userIsUnitAdministrator()) { + if (Permission::userIsUnitAdministrator() && !Permission::userIsSystemAdministrator()) { $oUnit = Unit::get(User::getUnitID($_SESSION["userID"])); } if (!isset($oUnit)) { diff --git a/presentation/lookAndFeel/knowledgeTree/administration/groupmanagement/listGroupsUI.inc b/presentation/lookAndFeel/knowledgeTree/administration/groupmanagement/listGroupsUI.inc index fd27f95..1d3d32a 100644 --- a/presentation/lookAndFeel/knowledgeTree/administration/groupmanagement/listGroupsUI.inc +++ b/presentation/lookAndFeel/knowledgeTree/administration/groupmanagement/listGroupsUI.inc @@ -42,22 +42,22 @@ function getUnitDisplay($iUnitID) { function getGroups($fUnitID) { global $default; - $sQuery = "SELECT groups_lookup.id as groupID, units_lookup.name as UnitNameB4, groups_lookup.name as name, 'Edit' , 'Delete', 'Edit Units', " . + $sQuery = "SELECT groups_lookup.id as groupID, units_lookup.name as UnitNameB4, groups_lookup.name as name, 'Edit' , 'Delete', 'Edit Unit', " . "CASE WHEN units_lookup.name Is Null THEN 'No Unit Assigned' ELSE units_lookup.name END AS UnitName " . "FROM (groups_lookup LEFT join groups_units_link on groups_lookup.id = groups_units_link.group_id) " . "LEft join units_lookup on units_lookup.id = groups_units_link.unit_id " . ($fUnitID ? "WHERE groups_units_link.unit_id =$fUnitID " : "") . "ORDER BY groups_lookup.name "; - $aColumns = array("name", "UnitName", "Edit", "Delete", "Edit Units"); - $aColumnNames = array( "Name", "Unit Name", "Edit", "Delete", "Edit Units"); + $aColumns = array("name", "UnitName", "Edit", "Delete", "Edit Unit"); + $aColumnNames = array( "Name", "Unit Name", "Edit", "Delete", "Edit Unit"); $aColumnTypes = array(1,1,3,3,3); $aDBColumnArray = array("groupID"); $aQueryStringVariableNames = array("fGroupID"); $aHyperLinkURL = array( 2=> "$default->rootUrl/control.php?action=editGroup", - 3=> "$default->rootUrl/control.php?action=removeGroup", - 4=> "$default->rootUrl/control.php?action=editGroupUnit"); + 3=> "$default->rootUrl/control.php?action=removeGroup", + 4=> "$default->rootUrl/control.php?action=editGroupUnit"); $oSearchResults = & new PatternTableSqlQuery($sQuery, $aColumns, $aColumnTypes, $aColumnNames, "100%", $aHyperLinkURL,$aDBColumnArray,$aQueryStringVariableNames); $oSearchResults->setDisplayColumnHeadings(true); diff --git a/presentation/lookAndFeel/knowledgeTree/administration/groupmanagement/removeGroupBL.php b/presentation/lookAndFeel/knowledgeTree/administration/groupmanagement/removeGroupBL.php index 0a794f2..39bd263 100644 --- a/presentation/lookAndFeel/knowledgeTree/administration/groupmanagement/removeGroupBL.php +++ b/presentation/lookAndFeel/knowledgeTree/administration/groupmanagement/removeGroupBL.php @@ -31,7 +31,6 @@ if (checkSession()) { require_once("$default->fileSystemRoot/lib/visualpatterns/PatternListBox.inc"); require_once("$default->fileSystemRoot/lib/visualpatterns/PatternEditableListFromQuery.inc"); require_once("removeGroupUI.inc"); - //require_once("../adminUI.inc"); require_once("$default->fileSystemRoot/lib/security/Permission.inc"); require_once("$default->fileSystemRoot/lib/groups/Group.inc"); require_once("$default->fileSystemRoot/presentation/webpageTemplate.inc"); @@ -46,16 +45,20 @@ if (checkSession()) { $oGroup = Group::get($fGroupID); if (!$oGroup->hasUsers()) { if (!$oGroup->hasUnit()) { - if (isset($fForDelete)) { - if ($oGroup->delete()) { - // FIXME: refactor getStatusPage in Html.inc - $oPatternCustom->setHtml(statusPage("Remove Group", "Group successfully removed!", "", "listGroups")); + if (!$oGroup->hasRoutingSteps()) { + if (isset($fForDelete)) { + if ($oGroup->delete()) { + // FIXME: refactor getStatusPage in Html.inc + $oPatternCustom->setHtml(statusPage("Remove Group", "Group successfully removed!", "", "listGroups")); + } else { + $oPatternCustom->setHtml(statusPage("Remove Group", "Group deletion failed!", "There was an error deleting this group. Please try again later.", "listGroups")); + } } else { - $oPatternCustom->setHtml(statusPage("Remove Group", "Group deletion failed!", "There was an error deleting this group. Please try again later.", "listGroups")); + $oPatternCustom->setHtml(getDeletePage($fGroupID)); + $main->setFormAction($_SERVER["PHP_SELF"] . "?fForDelete=1"); } } else { - $oPatternCustom->setHtml(getDeletePage($fGroupID)); - $main->setFormAction($_SERVER["PHP_SELF"] . "?fForDelete=1"); + $oPatternCustom->setHtml(statusPage("Remove Group", "This group is part of a document routing step!", "This group can not be deleted because it is involved in the document routing process.", "listGroups")); } } else { $oPatternCustom->setHtml(statusPage("Remove Group", "This group is in a unit!", "This group can not be deleted because it belongs to a unit.", "listGroups")); diff --git a/presentation/lookAndFeel/knowledgeTree/administration/news/addNewsBL.php b/presentation/lookAndFeel/knowledgeTree/administration/news/addNewsBL.php index 6353735..e83fd66 100644 --- a/presentation/lookAndFeel/knowledgeTree/administration/news/addNewsBL.php +++ b/presentation/lookAndFeel/knowledgeTree/administration/news/addNewsBL.php @@ -6,6 +6,7 @@ require_once("$default->fileSystemRoot/lib/visualpatterns/PatternMainPage.inc"); require_once("$default->fileSystemRoot/lib/visualpatterns/PatternCustom.inc"); require_once("$default->fileSystemRoot/lib/visualpatterns/PatternTableSqlQuery.inc"); require_once("$default->uiDirectory/administration/news/newsUI.inc"); +require_once("$default->uiDirectory/administration/adminUI.inc"); require_once("$default->fileSystemRoot/presentation/Html.inc"); /** * $Id$ diff --git a/presentation/lookAndFeel/knowledgeTree/administration/news/editNewsBL.php b/presentation/lookAndFeel/knowledgeTree/administration/news/editNewsBL.php index c285809..d15e22d 100644 --- a/presentation/lookAndFeel/knowledgeTree/administration/news/editNewsBL.php +++ b/presentation/lookAndFeel/knowledgeTree/administration/news/editNewsBL.php @@ -6,6 +6,7 @@ require_once("$default->fileSystemRoot/lib/visualpatterns/PatternMainPage.inc"); require_once("$default->fileSystemRoot/lib/visualpatterns/PatternCustom.inc"); require_once("$default->fileSystemRoot/lib/visualpatterns/PatternTableSqlQuery.inc"); require_once("$default->uiDirectory/administration/news/newsUI.inc"); +require_once("$default->uiDirectory/administration/adminUI.inc"); require_once("$default->fileSystemRoot/presentation/Html.inc"); /** * $Id$ diff --git a/presentation/lookAndFeel/knowledgeTree/administration/news/removeNewsBL.php b/presentation/lookAndFeel/knowledgeTree/administration/news/removeNewsBL.php index f305ec2..2d5f477 100644 --- a/presentation/lookAndFeel/knowledgeTree/administration/news/removeNewsBL.php +++ b/presentation/lookAndFeel/knowledgeTree/administration/news/removeNewsBL.php @@ -6,6 +6,7 @@ require_once("$default->fileSystemRoot/lib/visualpatterns/PatternMainPage.inc"); require_once("$default->fileSystemRoot/lib/visualpatterns/PatternCustom.inc"); require_once("$default->fileSystemRoot/lib/visualpatterns/PatternTableSqlQuery.inc"); require_once("$default->uiDirectory/administration/news/newsUI.inc"); +require_once("$default->uiDirectory/administration/adminUI.inc"); require_once("$default->fileSystemRoot/presentation/Html.inc"); /** diff --git a/presentation/lookAndFeel/knowledgeTree/administration/orgmanagement/addOrgSuccess.php b/presentation/lookAndFeel/knowledgeTree/administration/orgmanagement/addOrgSuccess.php index e23de59..35fc869 100644 --- a/presentation/lookAndFeel/knowledgeTree/administration/orgmanagement/addOrgSuccess.php +++ b/presentation/lookAndFeel/knowledgeTree/administration/orgmanagement/addOrgSuccess.php @@ -33,7 +33,7 @@ if(checkSession()) { // include the page template (with navbar) require_once("$default->fileSystemRoot/presentation/webpageTemplate.inc"); - $sToRender .= renderHeading("Add Unit"); + $sToRender .= renderHeading("Add Organisation"); $sToRender .= "
Group Name: " . getGroupDisplay($oGroup) . "
\n"; $sToRender .= "\n"; if($fSuccess) { diff --git a/presentation/lookAndFeel/knowledgeTree/administration/orgmanagement/listOrgUI.inc b/presentation/lookAndFeel/knowledgeTree/administration/orgmanagement/listOrgUI.inc index b455382..bdb32c0 100644 --- a/presentation/lookAndFeel/knowledgeTree/administration/orgmanagement/listOrgUI.inc +++ b/presentation/lookAndFeel/knowledgeTree/administration/orgmanagement/listOrgUI.inc @@ -28,16 +28,20 @@ function getOrganisations() { global $default; $sQuery = "SELECT org.id as orgID, org.name as name, " . - "'Edit', 'Delete' " . + //"'Edit', 'Delete' " . + "'Edit'" . "FROM organisations_lookup as org " . "ORDER BY org.name"; - $aColumns = array("name", "Edit", "Delete"); - $aColumnNames = array("Name", "Edit", "Delete"); - $aColumnTypes = array(1,3,3); + //$aColumns = array("name", "Edit", "Delete"); + $aColumns = array("name", "Edit"); + //$aColumnNames = array("Name", "Edit", "Delete"); + $aColumnNames = array("Name", "Edit"); + //$aColumnTypes = array(1,3,3); + $aColumnTypes = array(1,3); $aDBColumnArray = array("orgID"); $aQueryStringVariableNames = array("fOrgID"); - $aHyperLinkURL = array( 1=> "$default->rootUrl/control.php?action=editOrg", - 2=> "$default->rootUrl/control.php?action=removeOrg"); + $aHyperLinkURL = array( 1=> "$default->rootUrl/control.php?action=editOrg"); + //2=> "$default->rootUrl/control.php?action=removeOrg"); $oSearchResults = & new PatternTableSqlQuery($sQuery, $aColumns, $aColumnTypes, $aColumnNames, "100%", $aHyperLinkURL,$aDBColumnArray,$aQueryStringVariableNames); $oSearchResults->setDisplayColumnHeadings(true); return $oSearchResults->render() ; @@ -48,7 +52,7 @@ function getPage() { $sToRender .= renderHeading("Organisation Management"); // add user link - $sToRender .= getAddLink("addOrg", "Add An Organisation"); + //$sToRender .= getAddLink("addOrg", "Add An Organisation"); $sToRender .= getOrganisations(); return $sToRender; } diff --git a/presentation/lookAndFeel/knowledgeTree/administration/rolemanagement/editRoleSuccess.php b/presentation/lookAndFeel/knowledgeTree/administration/rolemanagement/editRoleSuccess.php index dcf214a..d9e4691 100644 --- a/presentation/lookAndFeel/knowledgeTree/administration/rolemanagement/editRoleSuccess.php +++ b/presentation/lookAndFeel/knowledgeTree/administration/rolemanagement/editRoleSuccess.php @@ -43,7 +43,7 @@ if(checkSession()) { $Center .= "\n"; $Center .= "\n"; $Center .= "\n"; - $Center .= "\n"; + $Center .= "\n"; $Center .= "\n"; $Center .= "
rootUrl/control.php?action=listRole\">graphicsUrl/widgets/back.gif\" border = \"0\" />rootUrl/control.php?action=listRoles\">graphicsUrl/widgets/back.gif\" border = \"0\" />
\n"; diff --git a/presentation/lookAndFeel/knowledgeTree/administration/usermanagement/addUserUI.inc b/presentation/lookAndFeel/knowledgeTree/administration/usermanagement/addUserUI.inc index 79f31dd..e1b958b 100644 --- a/presentation/lookAndFeel/knowledgeTree/administration/usermanagement/addUserUI.inc +++ b/presentation/lookAndFeel/knowledgeTree/administration/usermanagement/addUserUI.inc @@ -124,7 +124,7 @@ function getDetailsLDAPPage($sUserName, $aAttributes, $sUserIdentifier) { $sToRender .= "\n"; $sToRender .= "Sms Notification: \n"; $sToRender .= "\n"; - $sToRender .= "Group" . getGroupListBox() . "\n"; + $sToRender .= "Initial Group" . getGroupListBox() . "\n"; $sToRender .= "\n"; $sToRender .= "" . getAddButton() . getCancelButton("listUsers") . ""; $sToRender .= "\n"; diff --git a/presentation/lookAndFeel/knowledgeTree/dashboardBL.php b/presentation/lookAndFeel/knowledgeTree/dashboardBL.php index 815ee64..214fe4d 100644 --- a/presentation/lookAndFeel/knowledgeTree/dashboardBL.php +++ b/presentation/lookAndFeel/knowledgeTree/dashboardBL.php @@ -5,7 +5,7 @@ require_once("../../../config/dmsDefaults.php"); require_once("$default->fileSystemRoot/lib/dashboard/Dashboard.inc"); require_once("$default->fileSystemRoot/lib/dashboard/DashboardNews.inc"); require_once("$default->fileSystemRoot/lib/visualpatterns/PatternCustom.inc"); -require_once("$default->uiDirectory/dashboardUI.inc"); +require_once("dashboardUI.inc"); /** * $Id$ * diff --git a/presentation/lookAndFeel/knowledgeTree/documentmanagement/addDocumentBL.php b/presentation/lookAndFeel/knowledgeTree/documentmanagement/addDocumentBL.php index 82a0213..5565171 100644 --- a/presentation/lookAndFeel/knowledgeTree/documentmanagement/addDocumentBL.php +++ b/presentation/lookAndFeel/knowledgeTree/documentmanagement/addDocumentBL.php @@ -101,7 +101,7 @@ if (checkSession()) { " are meant to be linked for collaboration purposes. As creator of the document, ' " . $oParentDocument->getName() . "', you are requested to " . "please link them manually by browsing to the parent document, " . generateControllerLink("viewDocument","fDocumentID=" . $oParentDocument->getID(), $oParentDocument->getName()) . - " and selecting the link button. " . $oDocument->getName() . " can be found at " . $oDocument->generateFullFolderPath($oDocument->getFolderID()); + " and selecting the link button. " . $oDocument->getName() . " can be found at " . $oDocument->getDisplayPath(); $oEmail = & new Email(); $oEmail->send($oUserDocCreator->getEmail(), "Automatic document linking failed", $sBody); diff --git a/presentation/lookAndFeel/knowledgeTree/documentmanagement/addDocumentUI.inc b/presentation/lookAndFeel/knowledgeTree/documentmanagement/addDocumentUI.inc index 1bb6e20..0c48394 100644 --- a/presentation/lookAndFeel/knowledgeTree/documentmanagement/addDocumentUI.inc +++ b/presentation/lookAndFeel/knowledgeTree/documentmanagement/addDocumentUI.inc @@ -32,8 +32,6 @@ function getDocumentType($iFolderID, $iDocumentTypeID, $iDependantDocumentID = n $oPatternListBox = & new PatternListBox("$default->document_types_table", "name", "id", "fDocumentTypeID",$sWhereClause); $oPatternListBox->setIncludeDefaultValue(true); $oPatternListBox->setFromClause("INNER JOIN $default->folder_doctypes_table AS FDL ON ST.id = FDL.document_type_id"); - $oPatternListBox->setPostBackOnChange(true); - $oPatternListBox->setOnChangeAction("setActionAndSubmit('" . $_SERVER["PHP_SELF"] . "?fFolderID=$iFolderID" . (isset($iDependantDocumentID) ? "&fDependantDocumentID=$iDependantDocumentID" : "") . "')"); if ($iDocumentTypeID) { $oPatternListBox->setSelectedValue($iDocumentTypeID); @@ -41,8 +39,16 @@ function getDocumentType($iFolderID, $iDocumentTypeID, $iDependantDocumentID = n } else { $sHeading = "Please select the document type:"; } - - return "
$sHeading
" . $oPatternListBox->render() . "
"; + + $sToRender = "
$sHeading
" . $oPatternListBox->render() . "
"; + + $sToRender .= "\n\n\n\n"; + return $sToRender; } /** @@ -176,6 +182,7 @@ function getPage($iFolderID, $iDocumentTypeID, $iDependantDocumentID = null, $sM if (Permission::userHasFolderWritePermission($iFolderID)) { $sToRender .= getDocumentType($iFolderID, $iDocumentTypeID, $iDependantDocumentID); $sActionButtons .= generateControllerLink("browse", "fFolderID=$iFolderID", "graphicsUrl/widgets/cancel.gif\" border=\"0\"/>"); + $sActionButtons .= "graphicsUrl/widgets/next.gif\" border=\"0\"/>"; $sToRender .= "\n"; $sToRender .= ""; @@ -189,7 +196,6 @@ function getPage($iFolderID, $iDocumentTypeID, $iDependantDocumentID = null, $sM $sToRender .= "\n"; $sToRender .= ""; $sToRender .= "
$sActionButtons

\n"; - } return $sToRender; @@ -197,7 +203,7 @@ function getPage($iFolderID, $iDocumentTypeID, $iDependantDocumentID = null, $sM function getStatusPage($iFolderID, $sMessage) { $sToRender .= renderHeading("Add Document"); - $sToRender .= renderFolderPath($iFolderID, generateControllerUrl("addDocument", "fFolderID=$iFolderID"), true); + $sToRender .= renderFolderPath($iFolderID, generateControllerUrl("addDocument", "fFolderID=$iFolderID", false), true); $sToRender .= "\n"; $sToRender .= "\n"; diff --git a/presentation/lookAndFeel/knowledgeTree/documentmanagement/escalateDependantDocumentBL.php b/presentation/lookAndFeel/knowledgeTree/documentmanagement/escalateDependantDocumentBL.php new file mode 100644 index 0000000..d14ede8 --- /dev/null +++ b/presentation/lookAndFeel/knowledgeTree/documentmanagement/escalateDependantDocumentBL.php @@ -0,0 +1,102 @@ +fileSystemRoot/lib/visualpatterns/PatternCustom.inc"); + require_once("$default->fileSystemRoot/lib/visualpatterns/PatternListBox.inc"); + require_once("$default->fileSystemRoot/lib/foldermanagement/Folder.inc"); + require_once("$default->fileSystemRoot/lib/documentmanagement/Document.inc"); + require_once("$default->fileSystemRoot/lib/security/Permission.inc"); + require_once("$default->fileSystemRoot/lib/email/Email.inc"); + require_once("$default->fileSystemRoot/lib/documentmanagement/DependantDocumentInstance.inc"); + require_once("$default->fileSystemRoot/presentation/Html.inc"); + require_once("$default->fileSystemRoot/presentation/lookAndFeel/knowledgeTree/foldermanagement/folderUI.inc"); + + $oPatternCustom = & new PatternCustom(); + $sTitle = "Dependant Document Send Escalation Message"; + if ($fInstanceID) { + $oDependantDocument = DependantDocumentInstance::get($fInstanceID); + if ($oDependantDocument) { + if ($fSendMessage) { + $oUser = User::get($oDependantDocument->getUserID()); + if ($oUser) { + if ($oUser->getEmailNotification()) { + $oTemplateDocument = & Document::get($oDependantDocument->getTemplateDocumentID()); + + $sMessage = ""; + $oOriginatingUser = User::get($_SESSION["userID"]); + $oParentDocument = Document::get($oDependantDocument->getParentDocumentID()); + $sMessage = $oUser->getName() . ", you have already received a request to create a new document for the document
" . $oParentDocument->getDisplayPath() . ".
" . + $oOriginatingUser->getName() . " has sent you a reminder message to create and upload this document :
"; + if (strlen($fReminderMessage) > 0) { + $sMessage .= "
Comments:
$fReminderMessage

"; + } + $sMessage .= generateLink("/control.php","action=dashboard","Log onto KnowledgeTree") . " and select the relevant link under the 'Dependant Documents' heading on your dashboard when you are ready to upload it."; + if ($oTemplateDocument) { + $sMessage .= "The document entitled " . generateLink("/control.php", "action=viewDocument&fDocumentID=" . $oTemplateDocument->getID(), $oTemplateDocument->getName()) . " " . + "can be used as a template"; + } + $sMessage .= ""; + + $oEmail = & new Email(); + if ($oEmail->send($oUser->getEmail(), "Dependant document creation reminder message", $sMessage)) { + //go back to the document page you were viewing + redirect(generateControllerUrl("viewDocument", "fDocumentID=" . $oDependantDocument->getParentDocumentID() . "&fShowSection=linkedDocuments")); + } else { + $default->log->error("escalateDependantDocumentBL.php email sending failed"); + $oPatternCustom->setHtml(statusPage($sTitle, $sHeading, "The escalation message could not be sent due to a system error sending the notification.", "viewDocument", "fDocumentID=" . $oDependantDocument->getParentDocumentID() . "&fShowSection=linkedDocuments")); + } + } else { + $default->log->info("escalateDependantDocumentBL.php user id (" . $oUser->getID() . ") doesn't have email notification on =" . arrayToString($oUser)); + $oPatternCustom->setHtml(statusPage($sTitle, $sHeading, "The escalation message could not be sent because " . $oUser->getName() . " has disabled notification", "viewDocument", "fDocumentID=" . $oDependantDocument->getParentDocumentID() . "&fShowSection=linkedDocuments")); + } + } else { + $default->log->info("escalateDependantDocumentBL.php couldn't instantiate user object for id=$fUserID"); + $oPatternCustom->setHtml(statusPage($sTitle, "", "The dependant document user information could not be found.", "viewDocument", "fDocumentID=" . $oDependantDocument->getParentDocumentID() . "&fShowSection=linkedDocuments")); + } + } else { + // display escalation form + $oPatternCustom->setHtml(getPage($oDependantDocument)); + } + } else { + //dependant document instantiation failed- generic error (statusPage) + $oPatternCustom->setHtml(statusPage($sTitle, "", "The dependant document information could not be found.", "browse")); + } + } else { + // error page, no instance id supplied- generic error + $oPatternCustom->setHtml(statusPage($sTitle, "", "The dependant document information could not be found.", "browse")); + } + require_once("$default->fileSystemRoot/presentation/webpageTemplate.inc"); + $main->setCentralPayload($oPatternCustom); + $main->setFormAction($_SERVER["PHP_SELF"]); // . "?fDocumentID=$fInstanceID&fForStore=1"); + $main->render(); +} +?> \ No newline at end of file diff --git a/presentation/lookAndFeel/knowledgeTree/documentmanagement/escalateDependantDocumentUI.inc b/presentation/lookAndFeel/knowledgeTree/documentmanagement/escalateDependantDocumentUI.inc new file mode 100644 index 0000000..f755360 --- /dev/null +++ b/presentation/lookAndFeel/knowledgeTree/documentmanagement/escalateDependantDocumentUI.inc @@ -0,0 +1,72 @@ +getParentDocumentID()); + $iFolderID = $oDocument->getFolderID(); + $sToRender .= renderFolderPath($iFolderID, generateControllerUrl("browse", "fFolderID=$iFolderID"), false); + $sToRender .= "
\n"; + $sToRender .= ""; + $sToRender .= "\n"; + $sToRender .= "\n"; + $sToRender .= "\n"; + + $oUser = User::get($oDependantDocument->getUserID()); + $sToRender .= "\n"; + $sToRender .= "\n"; + $sToRender .= "\n"; + + $oTemplateDocument = Document::get($oDependantDocument->getTemplateDocumentID()); + $sToRender .= "\n"; + $sToRender .= ""; + + $sToRender .= ""; + $sToRender .= "\n"; + $sToRender .= "\n"; + $sToRender .= "\n"; + $sToRender .= "
You have requested that the following document be created:
Document title" . $oDependantDocument->getDocumentTitle() . "
User" . ($oUser ? $oUser->getName() : "Error! No user specified") . "
Template document" . ($oTemplateDocument ? $oTemplateDocument->getDisplayPath() : "No template document") . "
 
To send the user a reminder message, fill in the text box below and click 'Done'
Reminder Message
"; + $sToRender .= "
graphicsUrl/widgets/done.gif\" onClick='return validateForm(document.MainForm);' border=\"0\"/>" . generateControllerLink("viewDocument", "fDocumentID=" . $oDocument->getID() . "&fShowSection=linkedDocuments", "graphicsUrl/widgets/cancel.gif\" border=\"0\"/>") . "
\n"; + $sToRender .= "
\n"; + $sToRender .= "\n"; + $sToRender .= "getID() . "\" />\n"; + + return $sToRender . "\n\n" . getValidationJavaScript(); +} + +function getValidationJavaScript() { + $sToRender .= "\n\n\n\n"; + return $sToRender; +} +?> \ No newline at end of file diff --git a/presentation/lookAndFeel/knowledgeTree/documentmanagement/viewUI.inc b/presentation/lookAndFeel/knowledgeTree/documentmanagement/viewUI.inc index cb0d9c0..46d1222 100644 --- a/presentation/lookAndFeel/knowledgeTree/documentmanagement/viewUI.inc +++ b/presentation/lookAndFeel/knowledgeTree/documentmanagement/viewUI.inc @@ -114,8 +114,8 @@ function renderTypeSpecificMetaData($oDocument, $bEditable) { global $default; $sQuery = "SELECT DF.name AS name, DFL.value AS value " . - "FROM documents AS D INNER JOIN document_fields_link AS DFL ON D.id = DFL.document_id " . - "INNER JOIN document_fields AS DF ON DF.ID = DFL.document_field_id " . + "FROM $default->documents_table AS D INNER JOIN document_fields_link AS DFL ON D.id = DFL.document_id " . + "INNER JOIN $default->document_fields_table AS DF ON DF.ID = DFL.document_field_id " . "WHERE D.id = " . $oDocument->getID() . " " . "AND DF.name NOT LIKE 'Author' " . "AND DF.name NOT LIKE 'Category' " . @@ -200,11 +200,12 @@ function renderDocumentArchiveSettings($oDocument, $bEditable) { function renderEditableDocumentRouting($oDocument) { global $default; - $sQuery = "SELECT D.id as document_id, GFAL.id as id, R.name AS role_name, COALESCE(U.Name, 'Not assigned') AS name, GFAL.precedence AS precedence, COALESCE(FURL.active,0) AS active, COALESCE(FURL.done, 0) AS done, 'Edit' as edit " . - "FROM documents AS D INNER JOIN $default->groups_folders_approval_table AS GFAL ON D.folder_id = GFAL.folder_id " . - "INNER JOIN roles AS R ON GFAL.role_id = R.id " . - "LEFT OUTER JOIN folders_users_roles_link AS FURL ON FURL.group_folder_approval_id = GFAL.id AND FURL.document_id = D.id " . - "LEFT OUTER JOIN users AS U ON FURL.user_id = U.id " . + $sQuery = "SELECT D.id as document_id, GFAL.id as id, R.name AS role_name, COALESCE(U.name, U2.name) AS name, GFAL.precedence AS precedence, COALESCE(FURL.active,0) AS active, COALESCE(FURL.done, 0) AS done, 'Edit User' as edit " . + "FROM $default->documents_table AS D INNER JOIN $default->groups_folders_approval_table AS GFAL ON D.folder_id = GFAL.folder_id " . + "INNER JOIN $default->roles_table AS R ON GFAL.role_id = R.id " . + "LEFT OUTER JOIN $default->folders_user_roles_table AS FURL ON FURL.group_folder_approval_id = GFAL.id AND FURL.document_id = D.id " . + "LEFT OUTER JOIN $default->users_table AS U ON FURL.user_id = U.id " . + "LEFT OUTER JOIN $default->users_table AS U2 ON GFAL.user_id = U2.id " . "WHERE D.id = " . $oDocument->getID() . " " . "ORDER BY GFAL.precedence, role_name ASC"; $aColumns = array("role_name", "name", "precedence", "active", "done", "edit"); @@ -258,10 +259,10 @@ function renderEditableDocumentRouting($oDocument) { function renderNonEditableDocumentRouting($oDocument) { global $default; $sQuery = "SELECT D.id as document_id, GFAL.id as id, R.name AS role_name, COALESCE(U.Name, 'Not assigned') AS name, GFAL.precedence AS precedence, COALESCE(FURL.active,0) AS active, COALESCE(FURL.done, 0) AS done " . - "FROM documents AS D INNER JOIN $default->groups_folders_approval_table AS GFAL ON D.folder_id = GFAL.folder_id " . - "INNER JOIN roles AS R ON GFAL.role_id = R.id " . - "LEFT OUTER JOIN folders_users_roles_link AS FURL ON FURL.group_folder_approval_id = GFAL.id AND FURL.document_id = D.id " . - "LEFT OUTER JOIN users AS U ON FURL.user_id = U.id " . + "FROM $default->documents_table AS D INNER JOIN $default->groups_folders_approval_table AS GFAL ON D.folder_id = GFAL.folder_id " . + "INNER JOIN $default->roles_table AS R ON GFAL.role_id = R.id " . + "LEFT OUTER JOIN $default->folders_user_roles_table AS FURL ON FURL.group_folder_approval_id = GFAL.id AND FURL.document_id = D.id " . + "LEFT OUTER JOIN $default->users_table AS U ON FURL.user_id = U.id " . "WHERE D.id = " . $oDocument->getID() . " " . "ORDER BY GFAL.precedence, role_name ASC"; @@ -295,8 +296,8 @@ function renderEditableLinkedDocuments($oDocument) { global $default; $sQuery = "SELECT D.id AS child_document_id, D.name, DL.id as document_link_id, DL.parent_document_id AS parent_document_id, 'Unlink' AS unlink " . - "FROM documents AS D INNER JOIN document_link AS DL ON D.id = DL.child_document_id " . - "WHERE DL.parent_document_id = " . $oDocument->getID(); + "FROM $default->documents_table AS D INNER JOIN $default->document_link_table AS DL ON D.id = DL.child_document_id " . + "WHERE DL.parent_document_id = " . $oDocument->getID(); $aColumns = array("name", "unlink"); $aColumnHeaders = array("Document"); @@ -324,8 +325,8 @@ function renderNonEditableLinkedDocuments($oDocument) { global $default; $sQuery = "SELECT D.id, D.name " . - "FROM documents AS D INNER JOIN document_link AS DL ON D.id = DL.child_document_id " . - "WHERE DL.parent_document_id = " . $oDocument->getID(); + "FROM $default->documents_table AS D INNER JOIN $default->document_link_table AS DL ON D.id = DL.child_document_id " . + "WHERE DL.parent_document_id = " . $oDocument->getID(); $aColumns = array("name"); $aColumnHeaders = array("Document"); @@ -346,6 +347,37 @@ function renderNonEditableLinkedDocuments($oDocument) { return $sToRender; } +function renderDependantDocuments($oDocument, $bEdit) { + global $default; + // FIXME: only allow escalation if you have write access and are the same user that requested the + // dependant document? + $sQuery = "SELECT DDI.id AS instance_id, DDI.document_title, U.name AS user_name, 'Escalate' AS escalate " . + "FROM $default->dependant_document_instance_table DDI " . + "INNER JOIN $default->users_table AS U ON DDI.user_id = U.id " . + "WHERE DDI.parent_document_id = " . $oDocument->getID(); + + $aColumns = array("document_title", "user_name", "escalate"); + $aColumnHeaders = array("Document Title", "User"); + $aColumnTypes = array(1,1,3); + $aDBColumnArray = array("instance_id"); + $aQueryStringVariableNames = array("fInstanceID"); + $aLinkURLs = array(2=>generateControllerUrl("escalateDependantDocument")); + + $oPatternTableSqlQuery = & new PatternTableSqlQuery($sQuery, $aColumns, $aColumnTypes, $aColumnHeaders, "500", $aLinkURLs, $aDBColumnArray, $aQueryStringVariableNames); + $oPatternTableSqlQuery->setTableHeading("Dependant documents"); + $oPatternTableSqlQuery->setDisplayColumnHeadings(true); + + $sToRender .= "\t\n"; + $sToRender .= "\t\n"; + $sToRender .= "\t\t\n"; + $sToRender .= "\t"; + $sToRender .= "\t\n"; + $sToRender .= "\n"; + $sToRender .= "\t"; + $sToRender .= "\t
" . $oPatternTableSqlQuery->render() . "
rootUrl/control.php?action=addDocumentLink&fDocumentID=" . $oDocument->getID() ."\">graphicsUrl/widgets/add.gif\" border=\"0\"/>
\n"; + return $sToRender; +} + function displayButton($sAction, $sQueryString, $sImageName, $sDisabledText = "") { global $default; // the active is active if there is no disabled text @@ -576,10 +608,10 @@ function getPage($oDocument, $bEdit, $sStatusMessage = "") { $sToRender .= renderSectionDiv("archiveSettings", renderDocumentArchiveSettings($oDocument, $bEdit)); if ($bEdit) { $sToRender .= renderSectionDiv("documentRouting", renderEditableDocumentRouting($oDocument)); - $sToRender .= renderSectionDiv("linkedDocuments", renderEditableLinkedDocuments($oDocument)); + $sToRender .= renderSectionDiv("linkedDocuments", renderEditableLinkedDocuments($oDocument) . renderDependantDocuments($oDocument, $bEdit)); } else { $sToRender .= renderSectionDiv("documentRouting", renderNonEditableDocumentRouting($oDocument)); - $sToRender .= renderSectionDiv("linkedDocuments", renderNonEditableLinkedDocuments($oDocument, $bEdit)); + $sToRender .= renderSectionDiv("linkedDocuments", renderNonEditableLinkedDocuments($oDocument, $bEdit) . renderDependantDocuments($oDocument, $bEdit)); } if (!$default->bNN4) { $sToRender .= ""; diff --git a/presentation/lookAndFeel/knowledgeTree/foldermanagement/addFolderBL.php b/presentation/lookAndFeel/knowledgeTree/foldermanagement/addFolderBL.php index f801136..4fc7781 100644 --- a/presentation/lookAndFeel/knowledgeTree/foldermanagement/addFolderBL.php +++ b/presentation/lookAndFeel/knowledgeTree/foldermanagement/addFolderBL.php @@ -67,11 +67,14 @@ if (checkSession()) { //have a folder name to store if (Permission::userHasFolderWritePermission($fFolderID)) { //check for illegal characters in the folder name - if (strpos($fFolderName, "\\") === false && strpos($fFolderName, ">") === false && - strpos($fFolderName, "<") === false && strpos($fFolderName, ":") === false && - strpos($fFolderName, "*") === false && strpos($fFolderName, "?") === false && - strpos($fFolderName, "|") === false && strpos($fFolderName, "/") === false && - strpos($fFolderName, "\"") === false) { + + // strip slashes from the already EPGCS escaped form input + $sCheckFolderName = stripslashes($fFolderName); + if (strpos($sCheckFolderName, "\\") === false && strpos($sCheckFolderName, ">") === false && + strpos($sCheckFolderName, "<") === false && strpos($sCheckFolderName, ":") === false && + strpos($sCheckFolderName, "*") === false && strpos($sCheckFolderName, "?") === false && + strpos($sCheckFolderName, "|") === false && strpos($sCheckFolderName, "/") === false && + strpos($sCheckFolderName, "\"") === false) { if (Folder::folderExistsName($fFolderName, $fFolderID)) { require_once("$default->fileSystemRoot/presentation/webpageTemplate.inc"); diff --git a/presentation/lookAndFeel/knowledgeTree/foldermanagement/addFolderCollaborationUI.inc b/presentation/lookAndFeel/knowledgeTree/foldermanagement/addFolderCollaborationUI.inc index fd8a195..00291f6 100644 --- a/presentation/lookAndFeel/knowledgeTree/foldermanagement/addFolderCollaborationUI.inc +++ b/presentation/lookAndFeel/knowledgeTree/foldermanagement/addFolderCollaborationUI.inc @@ -70,6 +70,7 @@ function getFolderPath($iFolderID) { function getGroupDropDown($iGroupID, $iFolderID) { global $default; $oPatternListBox = & new PatternListBox("$default->groups_table", "name", "id", "fGroupID"); + $oPatternListBox->setFromClause("INNER JOIN $default->users_groups_table UGL ON UGL.group_id=ST.id"); $oPatternListBox->setPostBackOnChange(true); $oPatternListBox->setOnChangeAction("setActionAndSubmit('" . $_SERVER["PHP_SELF"] . "?fFolderID=$iFolderID');"); if (isset($iGroupID)) { diff --git a/presentation/lookAndFeel/knowledgeTree/foldermanagement/addFolderDocTypeUI.inc b/presentation/lookAndFeel/knowledgeTree/foldermanagement/addFolderDocTypeUI.inc index 2e92315..e85e182 100644 --- a/presentation/lookAndFeel/knowledgeTree/foldermanagement/addFolderDocTypeUI.inc +++ b/presentation/lookAndFeel/knowledgeTree/foldermanagement/addFolderDocTypeUI.inc @@ -29,12 +29,8 @@ function getPage($iFolderID, $iDocumentTypeID) { global $default; $sSectionName = $default->siteMap->getSectionName(substr($_SERVER["PHP_SELF"], strlen($default->rootUrl), strlen($_SERVER["PHP_SELF"]))); $sTDBGColour = $default->siteMap->getSectionColour($sSectionName, "td"); - $sToRender = renderHeading("Add Folder Document Type"); - $sToRender .= "\n"; - $sToRender .= "\n"; - $sToRender .= "\t\n"; - $sToRender .= "\n"; - $sToRender .= "
" . renderFolderPath($iFolderID, "/control.php?action=browse ") . "
\n"; + $sToRender = renderHeading("Add Folder Document Type"); + $sToRender .= renderFolderPath($iFolderID, "/control.php?action=browse"); $sToRender .= "\n"; $sToRender .= "\n"; $sToRender .= "\n"; diff --git a/presentation/lookAndFeel/knowledgeTree/foldermanagement/editUI.inc b/presentation/lookAndFeel/knowledgeTree/foldermanagement/editUI.inc index 496c0b9..2ce7c8b 100644 --- a/presentation/lookAndFeel/knowledgeTree/foldermanagement/editUI.inc +++ b/presentation/lookAndFeel/knowledgeTree/foldermanagement/editUI.inc @@ -52,7 +52,7 @@ function getFolderData($iFolderID, $sDivName, $sStatusMessage = "") { $oPatternListFromQuery->setTableWidth("610"); $sToRender .= "
Document type
"; - if ($sStatusMessage) { + if (strlen($sStatusMessage) > 0) { $sToRender .= ""; } $sToRender .= ""; @@ -70,12 +70,12 @@ function getFolderRouting($iFolderID, $sDivName, $bCollaboration) { global $default; //had to use coalesce and left outer join for user_id because this column was a new addition //and the user_ids for existing documents before this change will be null - $sQuery = "SELECT GFAL.id as id, GFAL.folder_id AS folder_id, G.name AS group_name, G.id AS group_id, GFAL.role_id AS role_id, R.name AS role_name, GFAL.precedence AS precedence, COALESCE(U.id, -1) AS user_id, COALESCE(U.name, 'Not Assigned') AS user_name, 'Edit' as edit, 'Delete' as del, 'Dependant docs' as depn " . - "FROM $default->groups_folders_approval_table AS GFAL INNER JOIN roles AS R ON GFAL.role_id = R.id " . - "INNER JOIN $default->groups_table AS G ON G.id = GFAL.group_id " . - "LEFT OUTER JOIN $default->users_table AS U ON U.id = GFAL.user_id " . - "WHERE GFAL.folder_id = $iFolderID " . - "ORDER BY GFAL.precedence, role_name ASC"; + $sQuery = "SELECT GFAL.id as id, GFAL.folder_id AS folder_id, COALESCE(G.name, 'Not Assigned') AS group_name, G.id AS group_id, GFAL.role_id AS role_id, R.name AS role_name, GFAL.precedence AS precedence, COALESCE(U.id, -1) AS user_id, COALESCE(U.name, 'Not Assigned') AS user_name, 'Edit' as edit, 'Delete' as del, 'Dependant docs' as depn " . + "FROM $default->groups_folders_approval_table AS GFAL INNER JOIN roles AS R ON GFAL.role_id = R.id " . + "LEFT OUTER JOIN $default->groups_table AS G ON G.id = GFAL.group_id " . + "LEFT OUTER JOIN $default->users_table AS U ON U.id = GFAL.user_id " . + "WHERE GFAL.folder_id = $iFolderID " . + "ORDER BY GFAL.precedence, role_name ASC"; $aColumns = array("group_name", "role_name", "precedence", "user_name", "edit", "del", "depn"); $aColumnHeaders = array("Group", "Role", "Seq", "User", "", ""); @@ -89,6 +89,9 @@ function getFolderRouting($iFolderID, $sDivName, $bCollaboration) { $oPatternTableSqlQuery->setDisplayColumnHeadings(true); $sToRender .= "
$sStatusMessage
" . $oPatternListFromQuery->render() . "
"; + if ($bCollaboration) { + $sToRender .= ""; + } $sToRender .= ""; if (!$bCollaboration) { $sToRender .= "\n"; @@ -227,14 +230,7 @@ function getStatusPage($iFolderID, $sStatusMessage) { $sToRender .= "
Documents in this folder are currently undergoing this collaboration process, so these steps can't be altered
" . $oPatternTableSqlQuery->render() . "
"; $sToRender .= ""; - // ugly netscape hacks - if (!$default->bNN4) { - $sToRender .= ""; - } return $sToRender; } ?> \ No newline at end of file diff --git a/presentation/lookAndFeel/knowledgeTree/js/misc.js b/presentation/lookAndFeel/knowledgeTree/js/misc.js index 96d73aa..42d2657 100644 --- a/presentation/lookAndFeel/knowledgeTree/js/misc.js +++ b/presentation/lookAndFeel/knowledgeTree/js/misc.js @@ -73,11 +73,10 @@ function isBlank(formField) { function validRequired(formField,fieldLabel) { var result = true; - if (formField){ switch(formField.type){ case "select-one": - if (formField.selectedIndex == 0 || formField.options[formField.selectedIndex].text == "" || formField.options[formField.selectedIndex].text == "None"){ + if (formField.options[formField.selectedIndex].text == "" || formField.options[formField.selectedIndex].text == "None"){ result = false; } break; diff --git a/presentation/lookAndFeel/knowledgeTree/search/advancedSearchBL.php b/presentation/lookAndFeel/knowledgeTree/search/advancedSearchBL.php index 38c5164..8d48f08 100644 --- a/presentation/lookAndFeel/knowledgeTree/search/advancedSearchBL.php +++ b/presentation/lookAndFeel/knowledgeTree/search/advancedSearchBL.php @@ -52,9 +52,9 @@ if (checkSession()) { $sSQLSearchString = getSQLSearchString($fSearchString); if (!isset($fStartIndex)) { - $fStartIndex = 0; + $fStartIndex = 1; } - $oPatternCustom->setHtml(getSearchResults($sMetaTagIDs,$sSQLSearchString, $fStartIndex, $fToSearch)); + $oPatternCustom->setHtml(getSearchResults($sMetaTagIDs, $sSQLSearchString, $fStartIndex, $fSearchString, $fToSearch)); $main->setCentralPayload($oPatternCustom); $main->render(); } else { diff --git a/presentation/lookAndFeel/knowledgeTree/search/advancedSearchUI.inc b/presentation/lookAndFeel/knowledgeTree/search/advancedSearchUI.inc index 64830cb..f4b187a 100644 --- a/presentation/lookAndFeel/knowledgeTree/search/advancedSearchUI.inc +++ b/presentation/lookAndFeel/knowledgeTree/search/advancedSearchUI.inc @@ -39,7 +39,7 @@ function getMetaData($aMetaTagIDs) { $sCheckAllJavascript = ""; while ($sql->next_record()) { $sCheckAllJavascript .= "document.MainForm.f_adv_$iRecordCount.checked=value;\n"; - $sMetaDataCheckBox = "f("id"), $aMetaTagIDs) . " name=\"f_adv_$iRecordCount\" value=\"" . $sql->f("id") . "\">" . stripslashes($sql->f("name")); + $sMetaDataCheckBox = "f("id"), $aMetaTagIDs) . " name=\"f_adv_$iRecordCount\" value=\"" . $sql->f("id") . "\">" . $sql->f("name"); $iRecordCount++; if (($iRecordCount % 3) == 1) { $sToRender .= "$sMetaDataCheckBox\n"; @@ -95,7 +95,7 @@ function getSearchPage($sSearchString = "", $aMetaTagIDs = array(), $sHeading = return $sToRender . getSearchValidationJavaScript(); } -function getSearchResults($sMetaTagIDs, $sSQLSearchString, $iStartIndex, $sStatus = "Live") { +function getSearchResults($sMetaTagIDs, $sSQLSearchString, $iStartIndex, $sSearchString, $sStatus = "Live") { global $default; $sQuery = "SELECT '" . "$default->graphicsUrl/widgets/dfolder.gif" . "' AS folder_image_url, F.id folder_id, D.id document_id, D.name AS document_name, COUNT(D.id) AS doc_count " . @@ -108,7 +108,7 @@ function getSearchResults($sMetaTagIDs, $sSQLSearchString, $iStartIndex, $sStatu "AND (" . $sSQLSearchString . ") " . "AND SDUL.user_id = " . $_SESSION["userID"] . " " . "AND SL.name='$sStatus' " . - "GROUP BY D.id "; + "GROUP BY D.id " . "ORDER BY doc_count DESC "; $default->log->info("getSearchResults $sQuery"); $aColumns = array("folder_image_url", "document_name", "doc_count"); @@ -120,9 +120,10 @@ function getSearchResults($sMetaTagIDs, $sSQLSearchString, $iStartIndex, $sStatu $oPatternBrowse = & new PatternBrowseableSearchResults($sQuery, 10, $aColumns, $aColumnTypes, $aColumnHeaders, $aLinkURLs, $aDBQueryStringColumns, $aQueryStringVariableNames); $oPatternBrowse->setStartIndex($iStartIndex); + $oPatternBrowse->setSearchText($sSearchString); $sRefreshMessage = "
If your browser displays a 'Warning: Page has Expired' message when you attempt to return to these search results, please click your browser's 'Refresh' button
"; - return renderHeading("Advanced Search") . $oPatternBrowse->render() . $sRefreshMessage . getSearchVariablesHtml($sSearchText, $sMetaTagIDs); + return renderHeading("Advanced Search") . $oPatternBrowse->render() . $sRefreshMessage . getSearchVariablesHtml($sSearchString, $sStatus, $sMetaTagIDs); } function getSearchValidationJavaScript() { @@ -145,9 +146,11 @@ function wasSelected($iID, $aMetaTagIDs) { return ""; } -function getSearchVariablesHtml($sSearchText, $sMetaTagIDs) { +function getSearchVariablesHtml($sSearchText, $sStatus, $sMetaTagIDs) { $aMetaTagIDs = explode(",", $sMetaTagIDs); - $sToRender = "\n\n\n"; + $sToRender = "\n\n\n"; + $sToRender .= "\n\n\n"; + $sToRender .= "\n\n\n"; $sToRender .= "\n"; for ($i = 0; $i < count($aMetaTagIDs); $i++) { $sToRender .= "\n"; diff --git a/presentation/lookAndFeel/knowledgeTree/search/standardSearchBL.php b/presentation/lookAndFeel/knowledgeTree/search/standardSearchBL.php index 1a0047a..d494ffa 100644 --- a/presentation/lookAndFeel/knowledgeTree/search/standardSearchBL.php +++ b/presentation/lookAndFeel/knowledgeTree/search/standardSearchBL.php @@ -41,12 +41,12 @@ if (checkSession()) { require_once("$default->fileSystemRoot/lib/documentmanagement/Document.inc"); require_once("$default->fileSystemRoot/presentation/Html.inc"); require_once("standardSearchUI.inc"); - + if (!isset($fStartIndex)) { - $fStartIndex = 0; + $fStartIndex = 1; } - if (strlen($fBrowseType) > 0) { + if (strlen($fBrowseType) > 0) { //the user was browsing by a specific type switch ($fBrowseType) { case "folder" : diff --git a/presentation/lookAndFeel/knowledgeTree/search/standardSearchUI.inc b/presentation/lookAndFeel/knowledgeTree/search/standardSearchUI.inc index b05e4c2..03b5d77 100644 --- a/presentation/lookAndFeel/knowledgeTree/search/standardSearchUI.inc +++ b/presentation/lookAndFeel/knowledgeTree/search/standardSearchUI.inc @@ -65,7 +65,8 @@ function getSearchResultsByCategory($iFolderID, $sKeywords, $iStartIndex, $sCate $aQueryStringVariableNames = array("fDocumentID", "fFolderID"); $oPatternBrowse = & new PatternBrowseableSearchResults($sQuery, 10, $aColumns, $aColumnTypes, $aColumnHeaders, $aLinkURLs, $aDBQueryStringColumns, $aQueryStringVariableNames); - $oPatternBrowse->setStartIndex($iStartIndex); + $oPatternBrowse->setStartIndex($iStartIndex); + $oPatternBrowse->setSearchText($sKeywords); return getHeading() . $oPatternBrowse->render() . getSearchVariablesHtml($sKeywords, "category", $iFolderID, "", $sCategory, "") . getMessage(); } @@ -98,6 +99,7 @@ function getSearchResultsByDocumentType($iFolderID, $sKeywords, $iStartIndex, $i $oPatternBrowse = & new PatternBrowseableSearchResults($sQuery, 10, $aColumns, $aColumnTypes, $aColumnHeaders, $aLinkURLs, $aDBQueryStringColumns, $aQueryStringVariableNames); $oPatternBrowse->setStartIndex($iStartIndex); + $oPatternBrowse->setSearchText($sKeywords); return getHeading() . $oPatternBrowse->render() . getSearchVariablesHtml($sKeywords, "documentType", $iFolderID, "", "", $iDocTypeID) . getMessage(); } @@ -128,6 +130,7 @@ function getSeachResultsByFolder($iFolderID, $iStartIndex, $sKeywords) { $oPatternBrowse = & new PatternBrowseableSearchResults($sQuery, 10, $aColumns, $aColumnTypes, $aColumnHeaders, $aLinkURLs, $aDBQueryStringColumns, $aQueryStringVariableNames); $oPatternBrowse->setStartIndex($iStartIndex); + $oPatternBrowse->setSearchText($sKeywords); return getHeading() . $oPatternBrowse->render() . getSearchVariablesHtml($sKeywords, "", $iFolderID, "", "", "") . getMessage(); } diff --git a/presentation/lookAndFeel/knowledgeTree/store.inc b/presentation/lookAndFeel/knowledgeTree/store.inc index 9ac0ed3..4a722e7 100644 --- a/presentation/lookAndFeel/knowledgeTree/store.inc +++ b/presentation/lookAndFeel/knowledgeTree/store.inc @@ -96,7 +96,7 @@ function constructQuery($aKeys, $aSuppliedValues = null) { break; case 1: //text - $sQuery .= "'" . addslashes($aValues[$j]) . "', "; + $sQuery .= "'" . $aValues[$j] . "', "; break; case 2: //boolean @@ -121,7 +121,7 @@ function constructQuery($aKeys, $aSuppliedValues = null) { break; case 1: //text - $sQuery .= "'" . addslashes($aValues[count($aColumns) - 1]) . "') "; + $sQuery .= "'" . $aValues[count($aColumns) - 1] . "') "; break; case 2: //boolean @@ -151,7 +151,7 @@ function constructQuery($aKeys, $aSuppliedValues = null) { $sQuery .= $aValues[$j] . ", "; break; case 1: - $sQuery .= "'" . addslashes($aValues[$j]) . "', "; + $sQuery .= "'" . $aValues[$j] . "', "; break; case 2: $sQuery .= ($aValues[$j] ? 1 : 0) . ", "; @@ -171,7 +171,7 @@ function constructQuery($aKeys, $aSuppliedValues = null) { $sQuery .= $aValues[count($aTypes) -1] . " "; break; case 1: - $sQuery .= "'" . addslashes($aValues[count($aTypes) -1]) . "' "; + $sQuery .= "'" . $aValues[count($aTypes) -1] . "' "; break; case 2: $sQuery .= ($aValues[count($aTypes) -1] ? 1 : 0) . " "; diff --git a/sync/sanitiseEscapedData.php b/sync/sanitiseEscapedData.php new file mode 100644 index 0000000..66b41e1 --- /dev/null +++ b/sync/sanitiseEscapedData.php @@ -0,0 +1,54 @@ + "synopsis,body", + "dependant_document_instance" => "document_title", + "dependant_document_template" => "document_title", + "documents" => "name,filename,description,full_path", + "discussion_comments" => "subject,body", + "document_fields" => "name", + "document_fields_link" => "value", + "document_transactions" => "comment", + "document_types_lookup" => "name", + "metadata_lookup" => "name", + "folders" => "name,description,full_path", + "groups_lookup" => "name", + "organisations_lookup" => "name", + "roles" => "name", + "units_lookup" => "name", + "users" => "name", + "web_sites" => "web_site_name"); +echo "
";
+foreach ($aFields as $table => $fields) {
+	$sql = $default->db;
+	$aFields = explode(",", $fields);
+	foreach ($aFields as $field) {
+		//	  select all escaped fields and ids
+		$query = "select id, $field from $table where $field like '%\\\\\\%'";
+		echo $query . "
";
+		$sql->query($query);
+		while ($sql->next_record()) {
+			//	  strip field
+			//$cleanField = stripslashes($sql->f($field));
+			echo "found offending field=" . $sql->f($field). "
";  
+			//	  update it
+			updateField($table, $sql->f("id"), $field, $sql->f($field));
+		}
+	} 
+}
+echo "
"; + +function updateField($table, $id, $fieldName, $value) { + global $default; + $sql = $default->db; + $query = "update $table set $fieldName='$value' where id=$id"; + if ($sql->query($query)) { + echo "successful "; + } else { + echo "unsuccessful "; + } + echo "update query=$query
"; +} +?> \ No newline at end of file