Peter M. Groen / knowledgetree

Commit b922b41dac00bd6cd3efe8a192e272d1e5ee304b

Authored by conradverm
1 parent 8e876d99

KTS-2178 

"cross site scripting"
Implemented.

Reviewed By: Kevin Fourie

git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@7007 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 1 changed file with 12 additions and 12 deletions
1 <?php 1 <?php
2 /** 2 /**
3 * $Id$ 3 * $Id$
4 - * 4 + *
5 * The contents of this file are subject to the KnowledgeTree Public 5 * The contents of this file are subject to the KnowledgeTree Public
6 * License Version 1.1.2 ("License"); You may not use this file except in 6 * License Version 1.1.2 ("License"); You may not use this file except in
7 * compliance with the License. You may obtain a copy of the License at 7 * compliance with the License. You may obtain a copy of the License at
8 * http://www.knowledgetree.com/KPL 8 * http://www.knowledgetree.com/KPL
9 - * 9 + *
10 * Software distributed under the License is distributed on an "AS IS" 10 * Software distributed under the License is distributed on an "AS IS"
11 * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. 11 * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied.
12 * See the License for the specific language governing rights and 12 * See the License for the specific language governing rights and
@@ -17,9 +17,9 @@ @@ -17,9 +17,9 @@
17 * (ii) the KnowledgeTree copyright notice 17 * (ii) the KnowledgeTree copyright notice
18 * in the same form as they appear in the distribution. See the License for 18 * in the same form as they appear in the distribution. See the License for
19 * requirements. 19 * requirements.
20 - * 20 + *
21 * The Original Code is: KnowledgeTree Open Source 21 * The Original Code is: KnowledgeTree Open Source
22 - * 22 + *
23 * The Initial Developer of the Original Code is The Jam Warehouse Software 23 * The Initial Developer of the Original Code is The Jam Warehouse Software
24 * (Pty) Ltd, trading as KnowledgeTree. 24 * (Pty) Ltd, trading as KnowledgeTree.
25 * Portions created by The Jam Warehouse Software (Pty) Ltd are Copyright 25 * Portions created by The Jam Warehouse Software (Pty) Ltd are Copyright
@@ -67,23 +67,23 @@ if (!validateUser($_SERVER[&#39;PHP_AUTH_USER&#39;], $_SERVER[&#39;PHP_AUTH_PW&#39;])) { @@ -67,23 +67,23 @@ if (!validateUser($_SERVER[&#39;PHP_AUTH_USER&#39;], $_SERVER[&#39;PHP_AUTH_PW&#39;])) {
67 } else { 67 } else {
68 $user = DBAuthenticator::getUser($_SERVER['PHP_AUTH_USER'], array('id'=>'id',)); 68 $user = DBAuthenticator::getUser($_SERVER['PHP_AUTH_USER'], array('id'=>'id',));
69 $id = $user[$_SERVER['PHP_AUTH_USER']]['id']; 69 $id = $user[$_SERVER['PHP_AUTH_USER']]['id'];
70 -  
71 - 70 +
  71 +
72 if(KTUtil::arrayGet($_REQUEST, 'docId')){ // if a docId parameter is passed 72 if(KTUtil::arrayGet($_REQUEST, 'docId')){ // if a docId parameter is passed
73 // get document id from http request object 73 // get document id from http request object
74 $iDocumentId = KTUtil::arrayGet($_REQUEST, 'docId'); 74 $iDocumentId = KTUtil::arrayGet($_REQUEST, 'docId');
75 - 75 +
76 if(KTrss::validateDocumentPermissions($id, $iDocumentId)){ // if document passes validation check 76 if(KTrss::validateDocumentPermissions($id, $iDocumentId)){ // if document passes validation check
77 // get document info 77 // get document info
78 $aDocumentInfo[] = KTrss::getOneDocument($iDocumentId, $id); 78 $aDocumentInfo[] = KTrss::getOneDocument($iDocumentId, $id);
79 -  
80 - if($aDocumentInfo){ 79 +
  80 + if($aDocumentInfo){
81 // create rss xml for document 81 // create rss xml for document
82 $documentFeed = KTrss::arrayToXML($aDocumentInfo); 82 $documentFeed = KTrss::arrayToXML($aDocumentInfo);
83 }else{ 83 }else{
84 // create rss xml for the error 84 // create rss xml for the error
85 $error = KTrss::errorToXML(_kt('This document has returned a empty response')); 85 $error = KTrss::errorToXML(_kt('This document has returned a empty response'));
86 - } 86 + }
87 }else{ 87 }else{
88 // create rss xml for error 88 // create rss xml for error
89 $error = KTrss::errorToXML(_kt('You are either not authorised to view details on this document or it does not exist.' . 89 $error = KTrss::errorToXML(_kt('You are either not authorised to view details on this document or it does not exist.' .
@@ -101,7 +101,7 @@ if (!validateUser($_SERVER[&#39;PHP_AUTH_USER&#39;], $_SERVER[&#39;PHP_AUTH_PW&#39;])) { @@ -101,7 +101,7 @@ if (!validateUser($_SERVER[&#39;PHP_AUTH_USER&#39;], $_SERVER[&#39;PHP_AUTH_PW&#39;])) {
101 if(KTrss::validateFolderPermissions($id, $iFolderId)){ // if folder passes validation check 101 if(KTrss::validateFolderPermissions($id, $iFolderId)){ // if folder passes validation check
102 // get folder info 102 // get folder info
103 $aFolderInfo[] = KTrss::getOneFolder($iFolderId); 103 $aFolderInfo[] = KTrss::getOneFolder($iFolderId);
104 - 104 +
105 if($aFolderInfo){ 105 if($aFolderInfo){
106 // create rss xml for folder 106 // create rss xml for folder
107 $folderFeed = KTrss::arrayToXML($aFolderInfo); 107 $folderFeed = KTrss::arrayToXML($aFolderInfo);
@@ -121,7 +121,7 @@ if (!validateUser($_SERVER[&#39;PHP_AUTH_USER&#39;], $_SERVER[&#39;PHP_AUTH_PW&#39;])) { @@ -121,7 +121,7 @@ if (!validateUser($_SERVER[&#39;PHP_AUTH_USER&#39;], $_SERVER[&#39;PHP_AUTH_PW&#39;])) {
121 } 121 }
122 }else{ // else do normal rss parsing 122 }else{ // else do normal rss parsing
123 // get full list of subscribed documents and folders 123 // get full list of subscribed documents and folders
124 - $aFullList = array_merge(KTrss::getDocuments($id), KTrss::getFolders($id)); 124 + $aFullList = kt_array_merge(KTrss::getDocuments($id), KTrss::getFolders($id));
125 $internalFeed = KTrss::arrayToXML($aFullList); 125 $internalFeed = KTrss::arrayToXML($aFullList);
126 echo $internalFeed; 126 echo $internalFeed;
127 } 127 }