Peter M. Groen / knowledgetree

Commit ce95c25aa75a0a72872b46487567f07c697efd84

Authored by Kevin Fourie
1 parent 12d01051

Merged in from STABLE trunk... 

KTS-2088
"The " in the name of a Document Type, Transition or State does not reflect in Edit mode"
Fixed with lots of other similar issues.

Committed By: Kevin
Reviewed By: Conrad

git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@6771 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 34 changed files with 133 additions and 94 deletions
lib/actions/bulkaction.php
  View file @ce95c25
... ... @@ -41,6 +41,8 @@ require_once(KT_LIB_DIR . '/documentmanagement/documentutil.inc.php');
41 41  
42 42 require_once(KT_LIB_DIR . '/widgets/forms.inc.php');
43 43  
  44 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
  45 +
44 46 class KTBulkAction extends KTStandardDispatcher {
45 47 var $sName;
46 48 var $sDescription;
... ... @@ -119,15 +121,15 @@ class KTBulkAction extends KTStandardDispatcher {
119 121 }
120 122  
121 123 function getName() {
122   - return $this->sName;
  124 + return sanitizeForSQLtoHTML($this->sName);
123 125 }
124 126  
125 127 function getDisplayName() {
126   - return $this->sDisplayName;
  128 + return sanitizeForSQLtoHTML($this->sDisplayName);
127 129 }
128 130  
129 131 function getDescription() {
130   - return $this->sDescription;
  132 + return sanitizeForSQLtoHTML($this->sDescription);
131 133 }
132 134  
133 135 function customiseInfo($aInfo) {
... ...
lib/actions/documentaction.inc.php
  View file @ce95c25
... ... @@ -33,6 +33,7 @@ require_once(KT_LIB_DIR . '/actions/actionregistry.inc.php');
33 33 require_once(KT_LIB_DIR . '/workflow/workflowutil.inc.php');
34 34 require_once(KT_LIB_DIR . '/dispatcher.inc.php');
35 35 require_once(KT_LIB_DIR . '/browse/browseutil.inc.php');
  36 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
36 37  
37 38 class KTDocumentAction extends KTStandardDispatcher {
38 39 var $sName;
... ... @@ -147,17 +148,17 @@ class KTDocumentAction extends KTStandardDispatcher {
147 148 }
148 149  
149 150 function getName() {
150   - return $this->sName;
  151 + return sanitizeForSQLtoHTML($this->sName);
151 152 }
152 153  
153 154 function getDisplayName() {
154 155 // Should be overridden by the i18nised display name
155 156 // This is here solely for backwards compatibility
156   - return $this->sDisplayName;
  157 + return sanitizeForSQLtoHTML($this->sDisplayName);
157 158 }
158 159  
159 160 function getDescription() {
160   - return $this->sDescription;
  161 + return sanitizeForSQLtoHTML($this->sDescription);
161 162 }
162 163  
163 164 function customiseInfo($aInfo) {
... ...
lib/actions/folderaction.inc.php
  View file @ce95c25
... ... @@ -32,6 +32,7 @@
32 32 require_once(KT_LIB_DIR . '/dispatcher.inc.php');
33 33 require_once(KT_LIB_DIR . '/actions/actionregistry.inc.php');
34 34 require_once(KT_LIB_DIR . '/browse/browseutil.inc.php');
  35 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
35 36  
36 37 class KTFolderAction extends KTStandardDispatcher {
37 38 var $sName;
... ... @@ -111,17 +112,17 @@ class KTFolderAction extends KTStandardDispatcher {
111 112 }
112 113  
113 114 function getName() {
114   - return $this->sName;
  115 + return sanitizeForSQLtoHTML($this->sName);
115 116 }
116 117  
117 118 function getDisplayName() {
118 119 // This should be overridden by the i18nised display name
119 120 // This implementation is only here for backwards compatibility
120   - return $this->sDisplayName;
  121 + return sanitizeForSQLtoHTML($this->sDisplayName);
121 122 }
122 123  
123 124 function getDescription() {
124   - return $this->sDescription;
  125 + return sanitizeForSQLtoHTML($this->sDescription);
125 126 }
126 127  
127 128 function customiseInfo($aInfo) {
... ...
lib/authentication/authenticationprovider.inc.php
  View file @ce95c25
... ... @@ -30,6 +30,7 @@
30 30 */
31 31  
32 32 require_once(KT_LIB_DIR . '/dispatcher.inc.php');
  33 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
33 34  
34 35 class KTAuthenticationProvider extends KTStandardDispatcher {
35 36 var $sName;
... ... @@ -77,7 +78,7 @@ class KTAuthenticationProvider extends KTStandardDispatcher {
77 78 }
78 79  
79 80 function getName() {
80   - return $this->sName;
  81 + return sanitizeForSQLtoHTML($this->sName);
81 82 }
82 83 function getNamespace() {
83 84 return $this->sNamespace;
... ...
lib/authentication/authenticationsource.inc.php
  View file @ce95c25
... ... @@ -31,6 +31,7 @@
31 31  
32 32 require_once(KT_LIB_DIR . '/users/User.inc');
33 33 require_once(KT_LIB_DIR . '/ktentity.inc');
  34 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
34 35  
35 36 class KTAuthenticationSource extends KTEntity {
36 37 var $sName;
... ... @@ -52,13 +53,13 @@ class KTAuthenticationSource extends KTEntity {
52 53  
53 54 var $_bUsePearError = true;
54 55  
55   - function getName() { return $this->sName; }
  56 + function getName() { return sanitizeForSQLtoHTML($this->sName); }
56 57 function getNamespace() { return $this->sNamespace; }
57 58 function getAuthenticationProvider() { return $this->sAuthenticationProvider; }
58 59 function getConfig() { return $this->sConfig; }
59 60 function getIsUserSource() { return $this->bIsUserSource; }
60 61 function getIsGroupSource() { return $this->bIsGroupSource; }
61   - function setName($sName) { $this->sName = $sName; }
  62 + function setName($sName) { $this->sName = sanitizeForSQL($sName); }
62 63 function setNamespace($sNamespace) { $this->sNamespace = $sNamespace; }
63 64 function setAuthenticationProvider($sAuthenticationProvider) { $this->sAuthenticationProvider = $sAuthenticationProvider; }
64 65 function setConfig($sConfig) { $this->sConfig = $sConfig; }
... ...
lib/authentication/interceptor.inc.php
  View file @ce95c25
... ... @@ -31,6 +31,7 @@
31 31 */
32 32  
33 33 require_once(KT_LIB_DIR . '/dispatcher.inc.php');
  34 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
34 35  
35 36 class KTInterceptor extends KTStandardDispatcher {
36 37 var $sName;
... ... @@ -48,7 +49,7 @@ class KTInterceptor extends KTStandardDispatcher {
48 49 }
49 50  
50 51 function getName() {
51   - return $this->sName;
  52 + return sanitizeForSQLtoHTML($this->sName);
52 53 }
53 54  
54 55 function getNamespace() {
... ...
lib/authentication/interceptorinstances.inc.php
  View file @ce95c25
... ... @@ -32,6 +32,7 @@
32 32  
33 33 require_once(KT_LIB_DIR . '/users/User.inc');
34 34 require_once(KT_LIB_DIR . '/ktentity.inc');
  35 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
35 36  
36 37 class KTInterceptorInstance extends KTEntity {
37 38 var $sName;
... ... @@ -48,10 +49,10 @@ class KTInterceptorInstance extends KTEntity {
48 49  
49 50 var $_bUsePearError = true;
50 51  
51   - function getName() { return $this->sName; }
  52 + function getName() { return sanitizeForSQLtoHTML($this->sName); }
52 53 function getInterceptorNamespace() { return $this->sInterceptorNamespace; }
53 54 function getConfig() { return $this->sConfig; }
54   - function setName($sName) { $this->sName = $sName; }
  55 + function setName($sName) { $this->sName = sanitizeForSQL($sName); }
55 56 function setInterceptorNamespace($mValue) { $this->sInterceptorNamespace = $mValue; }
56 57 function setConfig($sConfig) { $this->sConfig = $sConfig; }
57 58  
... ...
lib/browse/Criteria.inc
  View file @ce95c25
... ... @@ -43,6 +43,8 @@ require_once(KT_LIB_DIR . '/workflow/workflow.inc.php');
43 43  
44 44 require_once(KT_LIB_DIR . '/browse/criteriaregistry.php');
45 45  
  46 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
  47 +
46 48  
47 49 class BrowseCriterion {
48 50 var $sDisplay;
... ... @@ -168,7 +170,7 @@ class BrowseCriterion {
168 170  
169 171  
170 172 function getName() {
171   - return $this->sDocumentField;
  173 + return sanitizeForSQLtoHTML($this->sDocumentField);
172 174 }
173 175  
174 176 function getID() {
... ...
lib/browse/advancedcolumns.inc.php
  View file @ce95c25
1 1 <?php
2 2  
  3 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
  4 +
3 5 // more advanced, intelligent columns.
4 6  
5 7 class AdvancedColumn {
... ... @@ -81,7 +83,7 @@ class AdvancedColumn {
81 83 function addToDocumentQuery() { return array(null, null, null); }
82 84  
83 85 function getName() {
84   - return $this->label;
  86 + return sanitizeForSQLtoHTML($this->label);
85 87 }
86 88  
87 89 function getEntryId() {
... ...
lib/documentmanagement/DocumentField.inc
  View file @ce95c25
... ... @@ -33,6 +33,7 @@
33 33 require_once(KT_LIB_DIR . '/documentmanagement/MetaData.inc');
34 34 require_once(KT_LIB_DIR . '/metadata/metadatautil.inc.php');
35 35 require_once(KT_LIB_DIR . '/documentmanagement/DocumentType.inc');
  36 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
36 37  
37 38 class DocumentField extends KTEntity {
38 39  
... ... @@ -72,10 +73,10 @@ class DocumentField extends KTEntity {
72 73 }
73 74  
74 75 function getID() { return $this->iId; }
75   - function getName() { return $this->sName; }
76   - function setName($sNewValue) { $this->sName = $sNewValue; }
77   - function setDescription($sNewValue) { $this->sDescription = $sNewValue; }
78   - function getDescription() { return $this->sDescription; }
  76 + function getName() { return sanitizeForSQLtoHTML($this->sName); }
  77 + function setName($sNewValue) { $this->sName = sanitizeForSQL($sNewValue); }
  78 + function setDescription($sNewValue) { $this->sDescription = sanitizeForSQL($sNewValue); }
  79 + function getDescription() { return sanitizeForSQLtoHTML($this->sDescription); }
79 80 function getDataType() { return $this->sDataType; }
80 81 function setDataType($sNewValue) { $this->sDataType = $sNewValue; }
81 82 function getIsGeneric() { return $this->bIsGeneric; }
... ...
lib/documentmanagement/DocumentFieldLink.inc
  View file @ce95c25
... ... @@ -30,6 +30,8 @@
30 30 * Contributor( s): ______________________________________
31 31 */
32 32  
  33 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
  34 +
33 35 class DocumentFieldLink extends KTEntity {
34 36  
35 37 /** document field link primary key */
... ... @@ -121,7 +123,7 @@ class DocumentFieldLink extends KTEntity {
121 123 *
122 124 */
123 125 function getValue() {
124   - return sanitizeForHTML($this->sValue);
  126 + return sanitizeForSQLtoHTML($this->sValue);
125 127 }
126 128  
127 129 /**
... ...
lib/documentmanagement/DocumentTransactionType.inc.php
  View file @ce95c25
... ... @@ -31,6 +31,7 @@
31 31  
32 32 require_once(KT_LIB_DIR . "/ktentity.inc");
33 33 require_once(KT_LIB_DIR . "/util/ktutil.inc");
  34 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
34 35  
35 36 class KTDocumentTransactionType extends KTEntity {
36 37 /** primary key */
... ... @@ -47,10 +48,10 @@ class KTDocumentTransactionType extends KTEntity {
47 48 var $_bUsePearError = true;
48 49  
49 50 function getID() { return $this->iId; }
50   - function getName() { return $this->sName; }
  51 + function getName() { return sanitizeForSQLtoHTML($this->sName); }
51 52 function getNamespace() { return $this->sNamespace; }
52 53 function setID($iId) { $this->iId = $iId; }
53   - function setName($sName) { $this->sName = $sName; }
  54 + function setName($sName) { $this->sName = sanitizeForSQL($sName); }
54 55 function setNamespace($sNamespace) { $this->sNamespace = $sNamespace; }
55 56  
56 57 function _table () {
... ...
lib/documentmanagement/DocumentType.inc
  View file @ce95c25
... ... @@ -30,6 +30,8 @@
30 30 * Contributor( s): ______________________________________
31 31 */
32 32  
  33 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
  34 +
33 35 class DocumentType extends KTEntity {
34 36  
35 37 /** primary key value */
... ... @@ -60,8 +62,8 @@ class DocumentType extends KTEntity {
60 62 }
61 63  
62 64 function getID() { return $this->iId; }
63   - function getName() { return $this->sName; }
64   - function setName($sNewValue) { $this->sName = $sNewValue; }
  65 + function getName() { return sanitizeForSQLtoHTML($this->sName); }
  66 + function setName($sNewValue) { $this->sName = sanitizeForSQL($sNewValue); }
65 67 function getDisabled() { return $this->bDisabled; }
66 68 function setDisabled($bNewValue) { $this->bDisabled = ($bNewValue) ? true : false; }
67 69  
... ...
lib/documentmanagement/LinkType.inc
  View file @ce95c25
... ... @@ -31,6 +31,7 @@
31 31 */
32 32  
33 33 require_once(KT_DIR . '/lib/ktentity.inc');
  34 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
34 35  
35 36 class LinkType extends KTEntity {
36 37 var $sName;
... ... @@ -49,25 +50,25 @@ class LinkType extends KTEntity {
49 50 }
50 51  
51 52 function getDescription() {
52   - return $this->sDescription;
  53 + return sanitizeForSQLtoHTML($this->sDescription);
53 54 }
54 55  
55 56 function setDescription($sNewValue) {
56   - $this->sDescription = $sNewValue;
  57 + $this->sDescription = sanitizeForSQL($sNewValue);
57 58 }
58 59  
59 60 function getName() {
60   - return $this->sName;
  61 + return sanitizeForSQLtoHTML($this->sName);
61 62 }
62 63  
63 64 function setName($sNewValue) {
64   - $this->sName = $sNewValue;
  65 + $this->sName = sanitizeForSQL($sNewValue);
65 66 }
66 67  
67 68 function _fieldValues () {
68 69 return array(
69   - 'name' => $this->sName,
70   - 'description' => $this->sDescription,
  70 + 'name' => sanitizeForSQLtoHTML($this->sName),
  71 + 'description' => sanitizeForSQLtoHTML($this->sDescription),
71 72 );
72 73 }
73 74  
... ...
lib/documentmanagement/MDTree.inc
  View file @ce95c25
... ... @@ -33,6 +33,7 @@ require_once(KT_LIB_DIR . &quot;/ktentity.inc&quot;);
33 33 //require_once("../../../../../config/dmsDefaults.php"); // gak.
34 34 require_once(KT_LIB_DIR . "/documentmanagement/DocumentField.inc");
35 35 require_once(KT_LIB_DIR . "/documentmanagement/MetaData.inc");
  36 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
36 37  
37 38 class MDTreeNode extends KTEntity {
38 39 /** boilerplate DB code. */
... ... @@ -55,8 +56,8 @@ class MDTreeNode extends KTEntity {
55 56 function setID($iId) { $this->iId = $iId; }
56 57 function getFieldId() { return $this->iFieldId; }
57 58 function setFieldId($iFieldId) { $this->iFieldId = $iFieldId; }
58   - function getName() { return $this ->sName; }
59   - function setName($sName) { $this->sName = $sName; }
  59 + function getName() { return sanitizeForSQLtoHTML($this->sName); }
  60 + function setName($sName) { $this->sName = sanitizeForSQL($sName); }
60 61 function getParentNode() { return $this->iParentNode; }
61 62 function setParentNode($iNode) { $this->iParentNode = $iParentNode; }
62 63  
... ...
lib/documentmanagement/MetaData.inc
  View file @ce95c25
... ... @@ -29,6 +29,9 @@
29 29 * All Rights Reserved.
30 30 * Contributor( s): ______________________________________
31 31 */
  32 +
  33 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
  34 +
32 35 class MetaData extends KTEntity {
33 36  
34 37 /** primary key value */
... ... @@ -71,8 +74,8 @@ class MetaData extends KTEntity {
71 74 }
72 75  
73 76 function getID() { return $this->iId; }
74   - function getName() { return $this->sName; }
75   - function setName($sNewValue) { $this->sName = $sNewValue; }
  77 + function getName() { return sanitizeForSQLtoHTML($this->sName); }
  78 + function setName($sNewValue) { $this->sName = sanitizeForSQL($sNewValue); }
76 79 function getDocFieldId() { return $this->iDocFieldId; }
77 80 function setDocFieldId($iNewValue) { $this->iDocFieldId = $iNewValue; }
78 81 function getTreeParent() { return $this->iTreeParent; }
... ...
lib/documentmanagement/documentmetadataversion.inc.php
  View file @ce95c25
... ... @@ -30,6 +30,7 @@
30 30 */
31 31  
32 32 require_once(KT_LIB_DIR . '/ktentity.inc');
  33 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
33 34  
34 35 class KTDocumentMetadataVersion extends KTEntity {
35 36 var $_bUsePearError = true;
... ...
lib/foldermanagement/Folder.inc
  View file @ce95c25
... ... @@ -32,6 +32,7 @@
32 32  
33 33 require_once(KT_LIB_DIR . "/foldermanagement/PhysicalFolderManagement.inc");
34 34 require_once(KT_LIB_DIR . "/documentmanagement/Document.inc");
  35 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
35 36  
36 37 class Folder extends KTEntity {
37 38  
... ...
lib/groups/Group.inc
  View file @ce95c25
... ... @@ -31,6 +31,7 @@
31 31 */
32 32  
33 33 require_once(KT_LIB_DIR . '/unitmanagement/Unit.inc');
  34 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
34 35  
35 36 class Group extends KTEntity {
36 37  
... ... @@ -89,8 +90,8 @@ class Group extends KTEntity {
89 90 function setUnitAdmin($bNewValue) { $this->bIsUnitAdmin = $bNewValue; }
90 91 function getSysAdmin() { return $this->bIsSysAdmin; }
91 92 function setSysAdmin($bNewValue) { $this->bIsSysAdmin = $bNewValue; }
92   - function getName() { return $this->sName; }
93   - function setName($sNewValue) { $this->sName = $sNewValue; }
  93 + function getName() { return sanitizeForSQLtoHTML($this->sName); }
  94 + function setName($sNewValue) { $this->sName = sanitizeForSQL($sNewValue); }
94 95 function getUnitId() { return $this->iUnitId; }
95 96 function setUnitId($iNewValue) { $this->iUnitId = $iNewValue; }
96 97 function getAuthenticationDetails() { return $this->sAuthenticationDetails; }
... ...
lib/help/helpreplacement.inc.php
  View file @ce95c25
... ... @@ -30,6 +30,7 @@
30 30 */
31 31  
32 32 require_once(KT_LIB_DIR . "/ktentity.inc");
  33 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
33 34  
34 35 class KTHelpReplacement extends KTEntity {
35 36 /** primary key */
... ... @@ -50,13 +51,13 @@ class KTHelpReplacement extends KTEntity {
50 51 var $_bUsePearError = true;
51 52  
52 53 function getID() { return $this->iId; }
53   - function getName() { return $this->sName; }
54   - function getDescription() { return $this->sDescription; }
55   - function getTitle() { return $this->sTitle; }
  54 + function getName() { return sanitizeForSQLtoHTML($this->sName); }
  55 + function getDescription() { return sanitizeForSQLtoHTML($this->sDescription); }
  56 + function getTitle() { return sanitizeForSQLtoHTML($this->sTitle); }
56 57 function setID($iId) { $this->iId = $iId; }
57   - function setName($sName) { $this->sName = $sName; }
58   - function setDescription($sDescription) { $this->sDescription = $sDescription; }
59   - function setTitle($sTitle) { $this->sTitle= $sTitle; }
  58 + function setName($sName) { $this->sName = sanitizeForSQL($sName); }
  59 + function setDescription($sDescription) { $this->sDescription = sanitizeForSQL($sDescription); }
  60 + function setTitle($sTitle) { $this->sTitle= sanitizeForSQL($sTitle); }
60 61  
61 62 function _table () {
62 63 global $default;
... ...
lib/metadata/fieldbehaviour.inc.php
  View file @ce95c25
... ... @@ -33,6 +33,7 @@
33 33 */
34 34  
35 35 require_once(KT_LIB_DIR . "/ktentity.inc");
  36 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
36 37  
37 38 class KTFieldBehaviour extends KTEntity {
38 39 var $iId = -1;
... ... @@ -50,12 +51,12 @@ class KTFieldBehaviour extends KTEntity {
50 51 var $_bUsePearError = true;
51 52  
52 53 function getID() { return $this->iId; }
53   - function getName() { return $this->sName; }
54   - function getHumanName() { return $this->sHumanName; }
  54 + function getName() { return sanitizeForSQLtoHTML($this->sName); }
  55 + function getHumanName() { return sanitizeForSQLtoHTML($this->sHumanName); }
55 56 function getFieldID() { return $this->iFieldID; }
56 57 function setID($iId) { $this->iId = $iId; }
57   - function setName($sName) { $this->sName = $sName; }
58   - function setHumanName($sHumanName) { $this->sHumanName = $sHumanName; }
  58 + function setName($sName) { $this->sName = sanitizeForSQL($sName); }
  59 + function setHumanName($sHumanName) { $this->sHumanName = sanitizeForSQL($sHumanName); }
59 60 function setFieldID($iFieldID) { $this->iFieldID = $iFieldID; }
60 61  
61 62 function _table () {
... ...
lib/metadata/fieldset.inc.php
  View file @ce95c25
... ... @@ -31,6 +31,7 @@
31 31  
32 32 require_once(KT_LIB_DIR . "/ktentity.inc");
33 33 require_once(KT_LIB_DIR . "/documentmanagement/DocumentField.inc");
  34 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
34 35  
35 36 /**
36 37 * class KTFieldset
... ... @@ -67,10 +68,10 @@ class KTFieldset extends KTEntity {
67 68 var $_bUsePearError = true;
68 69  
69 70 function getId() { return $this->iId; }
70   - function getName() { return $this->sName; }
71   - function setDescription($sNewValue) { $this->sDescription = $sNewValue; }
72   - function getDescription() { return $this->sDescription; }
73   - function setName($sNewValue) { $this->sName = $sNewValue; }
  71 + function getName() { return sanitizeForSQLtoHTML($this->sName); }
  72 + function setDescription($sNewValue) { $this->sDescription = sanitizeForSQL($sNewValue); }
  73 + function getDescription() { return sanitizeForSQLtoHTML($this->sDescription); }
  74 + function setName($sNewValue) { $this->sName = sanitizeForSQL($sNewValue); }
74 75 function getNamespace() { return $this->sNamespace; }
75 76 function setNamespace($sNewValue) { $this->sNamespace = $sNewValue; }
76 77 function getMandatory() { return $this->bMandatory; }
... ...
lib/permissions/permission.inc.php
  View file @ce95c25
... ... @@ -30,6 +30,7 @@
30 30 */
31 31  
32 32 require_once(KT_LIB_DIR . "/ktentity.inc");
  33 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
33 34  
34 35 class KTPermission extends KTEntity {
35 36 /** primary key */
... ... @@ -51,12 +52,12 @@ class KTPermission extends KTEntity {
51 52 var $_bUsePearError = true;
52 53  
53 54 function getID() { return $this->iId; }
54   - function getName() { return $this->sName; }
55   - function getHumanName() { return _kt($this->sHumanName); }
  55 + function getName() { return sanitizeForSQLtoHTML($this->sName); }
  56 + function getHumanName() { return sanitizeForSQLtoHTML($this->sHumanName); }
56 57 function getBuiltIn() { return $this->bBuiltIn; }
57 58 function setID($iId) { $this->iId = $iId; }
58   - function setName($sName) { $this->sName = $sName; }
59   - function setHumanName($sHumanName) { $this->sHumanName = $sHumanName; }
  59 + function setName($sName) { $this->sName = sanitizeForSQL($sName); }
  60 + function setHumanName($sHumanName) { $this->sHumanName = sanitizeForSQL($sHumanName); }
60 61 function setBuiltIn($sBuiltIn) { $this->sBuiltIn = $sBuiltIn; }
61 62  
62 63 function _table () {
... ...
lib/roles/Role.inc
  View file @ce95c25
... ... @@ -32,6 +32,7 @@
32 32  
33 33 require_once(KT_LIB_DIR . "/ktentity.inc");
34 34 require_once(KT_LIB_DIR . "/util/ktutil.inc");
  35 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
35 36  
36 37 class Role extends KTEntity {
37 38  
... ... @@ -59,8 +60,8 @@ class Role extends KTEntity {
59 60 var $_bUsePearError = true;
60 61  
61 62 function getId() { return $this->iId; }
62   - function getName() { return $this->sName; }
63   - function setName($sNewValue) { $this->sName = $sNewValue; }
  63 + function getName() { return sanitizeForSQLtoHTML($this->sName); }
  64 + function setName($sNewValue) { $this->sName = sanitizeForSQL($sNewValue); }
64 65  
65 66 function _fieldValues () { return array(
66 67 'name' => $this->sName,
... ...
lib/search/savedsearch.inc.php
  View file @ce95c25
... ... @@ -30,6 +30,7 @@
30 30 */
31 31  
32 32 require_once(KT_LIB_DIR . '/ktentity.inc');
  33 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
33 34  
34 35 /**
35 36 * Saved searches allow for common searches to be saved.
... ... @@ -110,14 +111,14 @@ class KTSavedSearch extends KTEntity {
110 111  
111 112 // {{{ getters/setters
112 113 function getId() { return $this->iId; }
113   - function getName() { return $this->sName; }
  114 + function getName() { return sanitizeForSQLtoHTML($this->sName); }
114 115 function getNamespace() { return $this->sNamespace; }
115 116 function getIsCondition() { return $this->bIsCondition; }
116 117 function getIsComplete() { return $this->bIsComplete; }
117 118 function getUserId() { return $this->iUserId; }
118 119 function getSearch() { return $this->aSearch; }
119 120 function setId($iId) { $this->iId = $iId; }
120   - function setName($sName) { $this->sName = $sName; }
  121 + function setName($sName) { $this->sName = sanitizeForSQL($sName); }
121 122 function setNamespace($sNamespace) { $this->sNamespace = $sNamespace; }
122 123 function setIsCondition($bIsCondition) { $this->bIsCondition = $bIsCondition; }
123 124 function setIsComplete($bIsComplete) { $this->bIsComplete = $bIsComplete; }
... ...
lib/unitmanagement/Unit.inc
  View file @ce95c25
... ... @@ -28,6 +28,8 @@
28 28 * Contributor( s): ______________________________________
29 29 */
30 30  
  31 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
  32 +
31 33 class Unit extends KTEntity {
32 34 var $_bUsePearError = true;
33 35  
... ... @@ -45,8 +47,8 @@ class Unit extends KTEntity {
45 47 return KTUtil::getTableName('units');
46 48 }
47 49  
48   - function getName() { return $this->sName; }
49   - function setName($sNewValue) { $this->sName = $sNewValue; }
  50 + function getName() { return sanitizeForSQLtoHTML($this->sName); }
  51 + function setName($sNewValue) { $this->sName = sanitizeForSQL($sNewValue); }
50 52 function getFolderId() { return $this->iFolderId; }
51 53 function setFolderId($iNewValue) { $this->iFolderId = $iNewValue; }
52 54  
... ...
lib/users/User.inc
  View file @ce95c25
... ... @@ -32,6 +32,7 @@
32 32  
33 33 require_once(KT_LIB_DIR . '/database/dbutil.inc');
34 34 require_once(KT_LIB_DIR . '/ktentity.inc');
  35 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
35 36  
36 37 define('ADMIN_USER_ID', 1);
37 38  
... ... @@ -114,19 +115,19 @@ class User extends KTEntity {
114 115 }
115 116  
116 117  
117   - function getUserName() { return $this->sUserName; }
118   - function setUserName($sNewValue) { $this->sUserName = $sNewValue; }
119   - function getPassword() { return $this->sPassword; }
120   - function setPassword($sNewValue) { $this->sPassword = $sNewValue; $this->bPasswordChanged = true; }
  118 + function getUserName() { return sanitizeForSQLtoHTML($this->sUserName); }
  119 + function setUserName($sNewValue) { $this->sUserName = sanitizeForSQL($sNewValue); }
  120 + function getPassword() { return sanitizeForSQLtoHTML($this->sPassword); }
  121 + function setPassword($sNewValue) { $this->sPassword = sanitizeForSQL($sNewValue); $this->bPasswordChanged = true; }
121 122 function getQuotaMax() { return $this->iQuotaMax; }
122 123 function setQuotaMax($iNewValue) { $this->iQuotaMax = $iNewValue; }
123   - function setName($sNewValue) { $this->sName = $sNewValue; }
124   - function getName() { return $this->sName; }
  124 + function setName($sNewValue) { $this->sName = sanitizeForSQL($sNewValue); }
  125 + function getName() { return sanitizeForSQLtoHTML($this->sName); }
125 126 function getQuotaCurrent() { return $this->iQuotaCurrent; }
126   - function getEmail() { return $this->sEmail; }
127   - function setEmail($sNewValue) { $this->sEmail = $sNewValue; }
128   - function getMobile() { return $this->sMobile; }
129   - function setMobile($sNewValue) { $this->sMobile = $sNewValue; }
  127 + function getEmail() { return sanitizeForSQLtoHTML($this->sEmail); }
  128 + function setEmail($sNewValue) { $this->sEmail = sanitizeForSQL($sNewValue); }
  129 + function getMobile() { return sanitizeForSQLtoHTML($this->sMobile); }
  130 + function setMobile($sNewValue) { $this->sMobile = sanitizeForSQL($sNewValue); }
130 131 function getEmailNotification() { return $this->bEmailNotification; }
131 132 function setEmailNotification($bNewValue) { $this->bEmailNotification = KTUtil::anyToBool($bNewValue); }
132 133 function getSmsNotification() { return $this->bSmsNotification; }
... ...
lib/workflow/workflow.inc.php
  View file @ce95c25
... ... @@ -33,6 +33,7 @@
33 33 */
34 34  
35 35 require_once(KT_LIB_DIR . "/ktentity.inc");
  36 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
36 37  
37 38 class KTWorkflow extends KTEntity {
38 39 var $iId = -1;
... ... @@ -52,13 +53,13 @@ class KTWorkflow extends KTEntity {
52 53 var $_bUsePearError = true;
53 54  
54 55 function getID() { return $this->iId; }
55   - function getName() { return $this->sName; }
56   - function getHumanName() { return $this->sHumanName; }
  56 + function getName() { return sanitizeForSQLtoHTML($this->sName); }
  57 + function getHumanName() { return sanitizeForSQLtoHTML($this->sHumanName); }
57 58 function getStartStateId() { return $this->iStartStateId; }
58 59 function getIsEnabled() { return ($this->bEnabled == true); }
59 60 function setID($iId) { $this->iId = $iId; }
60   - function setName($sName) { $this->sName = $sName; }
61   - function setHumanName($sHumanName) { $this->sHumanName = $sHumanName; }
  61 + function setName($sName) { $this->sName = sanitizeForSQL($sName); }
  62 + function setHumanName($sHumanName) { $this->sHumanName = sanitizeForSQL($sHumanName); }
62 63 function setStartStateId($iStartStateId) { $this->iStartStateId = $iStartStateId; }
63 64 function setIsEnabled($mValue) { $this->bEnabled = ($mValue == true); }
64 65  
... ...
lib/workflow/workflowstate.inc.php
  View file @ce95c25
... ... @@ -32,6 +32,7 @@
32 32 */
33 33  
34 34 require_once(KT_LIB_DIR . "/ktentity.inc");
  35 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
35 36  
36 37 class KTWorkflowState extends KTEntity {
37 38 var $iId = -1;
... ... @@ -50,13 +51,13 @@ class KTWorkflowState extends KTEntity {
50 51 var $_bUsePearError = true;
51 52  
52 53 function getId() { return $this->iId; }
53   - function getName() { return $this->sName; }
54   - function getHumanName() { return $this->sHumanName; }
  54 + function getName() { return sanitizeForSQLtoHTML($this->sName); }
  55 + function getHumanName() { return sanitizeForSQLtoHTML($this->sHumanName); }
55 56 function getWorkflowId() { return $this->iWorkflowId; }
56 57 function getInformDescriptorId() { return $this->iInformDescriptorId; }
57 58 function setId($iId) { $this->iId = $iId; }
58   - function setName($sName) { $this->sName = $sName; }
59   - function setHumanName($sHumanName) { $this->sHumanName = $sHumanName; }
  59 + function setName($sName) { $this->sName = sanitizeForSQL($sName); }
  60 + function setHumanName($sHumanName) { $this->sHumanName = sanitizeForSQL($sHumanName); }
60 61 function setWorkflowId($iWorkflowId) { $this->iWorkflowId = $iWorkflowId; }
61 62 function setInformDescriptorId($iInformDescriptorId) { $this->iInformDescriptorId = $iInformDescriptorId; }
62 63  
... ...
lib/workflow/workflowtransition.inc.php
  View file @ce95c25
... ... @@ -33,6 +33,7 @@
33 33  
34 34 require_once(KT_LIB_DIR . "/ktentity.inc");
35 35 require_once(KT_LIB_DIR . "/workflow/workflowutil.inc.php");
  36 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
36 37  
37 38 class KTWorkflowTransition extends KTEntity {
38 39 var $iId = -1;
... ... @@ -60,8 +61,8 @@ class KTWorkflowTransition extends KTEntity {
60 61 var $_bUsePearError = true;
61 62  
62 63 function getId() { return $this->iId; }
63   - function getName() { return $this->sName; }
64   - function getHumanName() { return $this->sHumanName; }
  64 + function getName() { return sanitizeForSQLtoHTML($this->sName); }
  65 + function getHumanName() { return sanitizeForSQLtoHTML($this->sHumanName); }
65 66 function getWorkflowId() { return $this->iWorkflowId; }
66 67 function getTargetStateId() { return $this->iTargetStateId; }
67 68 function getGuardPermissionId() { return $this->iGuardPermissionId; }
... ... @@ -70,8 +71,8 @@ class KTWorkflowTransition extends KTEntity {
70 71 function getGuardConditionId() { return $this->iGuardConditionId; }
71 72  
72 73 function setId($iId) { $this->iId = $iId; }
73   - function setName($sName) { $this->sName = $sName; }
74   - function setHumanName($sHumanName) { $this->sHumanName = $sHumanName; }
  74 + function setName($sName) { $this->sName = sanitizeForSQL($sName); }
  75 + function setHumanName($sHumanName) { $this->sHumanName = sanitizeForSQL($sHumanName); }
75 76 function setWorkflowId($iWorkflowId) { $this->iWorkflowId = $iWorkflowId; }
76 77 function setTargetStateId($iTargetStateId) { $this->iTargetStateId = $iTargetStateId; }
77 78 function setGuardPermissionId($iGuardPermissionId) { $this->iGuardPermissionId = $iGuardPermissionId; }
... ...
lib/workflow/workflowtrigger.inc.php
  View file @ce95c25
... ... @@ -36,6 +36,7 @@
36 36 */
37 37  
38 38 //require_once(KT_LIB_DIR . '/workflow/workflowtriggerinstance');
  39 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
39 40  
40 41 class KTWorkflowTrigger {
41 42 var $sNamespace = 'ktcore.workflowtriggers.abstractbase';
... ... @@ -72,7 +73,7 @@ class KTWorkflowTrigger {
72 73 );
73 74 }
74 75  
75   - function getName() { return $this->sFriendlyName; }
  76 + function getName() { return sanitizeForSQLtoHTML($this->sFriendlyName); }
76 77 function getNamespace() { return $this->sNamespace; }
77 78 function getConfigId() { return $this->oTriggerInstance->getId(); }
78 79  
... ...
plugins/ktcore/KTDocumentActions.php
  View file @ce95c25
... ... @@ -882,7 +882,7 @@ class KTDocumentMoveAction extends KTDocumentAction {
882 882 $oForm->addWidget(
883 883 array('ktcore.widgets.string', array(
884 884 'label' => _kt('Document Title'),
885   - 'value' => $this->oDocument->getName(),
  885 + 'value' => sanitizeForHTML($this->oDocument->getName()),
886 886 'important_description' => _kt('Please indicate a new title to use to resolve any title conflicts.'),
887 887 'name' => 'name',
888 888 'required' => true,
... ... @@ -898,7 +898,7 @@ class KTDocumentMoveAction extends KTDocumentAction {
898 898 $oForm->addWidget(
899 899 array('ktcore.widgets.string', array(
900 900 'label' => _kt('Filename'),
901   - 'value' => $this->oDocument->getFilename(),
  901 + 'value' => sanitizeForHTML($this->oDocument->getFilename()),
902 902 'important_description' => _kt('Please indicate a new filename to use to resolve any conflicts.'),
903 903 'name' => 'filename',
904 904 'required' => true,
... ... @@ -1083,7 +1083,7 @@ class KTDocumentCopyAction extends KTDocumentAction {
1083 1083 $oForm->addWidget(
1084 1084 array('ktcore.widgets.string', array(
1085 1085 'label' => _kt('Document Title'),
1086   - 'value' => $this->oDocument->getName(),
  1086 + 'value' => sanitizeForHTML($this->oDocument->getName()),
1087 1087 'important_description' => _kt('Please indicate a new title to use to resolve any title conflicts.'),
1088 1088 'name' => 'name',
1089 1089 'required' => true,
... ... @@ -1099,7 +1099,7 @@ class KTDocumentCopyAction extends KTDocumentAction {
1099 1099 $oForm->addWidget(
1100 1100 array('ktcore.widgets.string', array(
1101 1101 'label' => _kt('Filename'),
1102   - 'value' => $this->oDocument->getFilename(),
  1102 + 'value' => sanitizeForHTML($this->oDocument->getFilename()),
1103 1103 'important_description' => _kt('Please indicate a new filename to use to resolve any conflicts.'),
1104 1104 'name' => 'filename',
1105 1105 'required' => true,
... ...
plugins/ktcore/admin/workflowsv2.php
  View file @ce95c25
... ... @@ -422,7 +422,7 @@ class KTWorkflowAdminV2 extends KTAdminDispatcher {
422 422 'description' => _kt("Each workflow must have a unique name."),
423 423 'name' => 'workflow_name',
424 424 'required' => true,
425   - 'value' => $this->oWorkflow->getName(),
  425 + 'value' => sanitizeForHTML($this->oWorkflow->getName()),
426 426 )),
427 427 array('ktcore.widgets.entityselection', array(
428 428 'label' => _kt("Starting State"),
... ... @@ -911,7 +911,7 @@ class KTWorkflowAdminV2 extends KTAdminDispatcher {
911 911 'label' => _kt('State Name'),
912 912 'description' => _kt('As documents progress through their lifecycle, they pass through a number of <strong>states</strong>. These states describe a step in the process the document must follow. Examples of states include "reviewed","submitted" or "pending". State names must be unique, and this includes states already in this workflow.'),
913 913 'required' => true,
914   - 'value' => $oState->getName(),
  914 + 'value' => sanitizeForHTML($oState->getName()),
915 915 )),
916 916 ));
917 917  
... ... @@ -1002,7 +1002,7 @@ class KTWorkflowAdminV2 extends KTAdminDispatcher {
1002 1002 'label' => _kt('Transition Name'),
1003 1003 'description' => _kt('In order to move between states, users will cause "transitions" to occur. These transitions represent processes followed, e.g. "review document", "distribute invoice" or "publish". Transition names must be unique within the workflow (e.g. within this workflow, you can only have one transition called "publish")'),
1004 1004 'required' => true,
1005   - 'value' => $oTransition->getName(),
  1005 + 'value' => sanitizeForHTML($oTransition->getName()),
1006 1006 )),
1007 1007 ));
1008 1008  
... ...
preferences.php
  View file @ce95c25
... ... @@ -70,14 +70,14 @@ class PreferencesDispatcher extends KTStandardDispatcher {
70 70 'description' => _kt('Your full name. This is shown in reports and listings. e.g. <strong>John Smith</strong>'),
71 71 'required' => true,
72 72 'name' => 'name',
73   - 'value' => $this->oUser->getName(),
  73 + 'value' => sanitizeForHTML($this->oUser->getName()),
74 74 'autocomplete' => false)),
75 75 array('ktcore.widgets.string', array(
76 76 'label' => _kt('Email Address'),
77 77 'description' => _kt('Your email address. Notifications and alerts are mailed to this address if <strong>email notifications</strong> is set below. e.g. <strong>jsmith@acme.com</strong>'),
78 78 'required' => false,
79 79 'name' => 'email_address',
80   - 'value' => $this->oUser->getEmail(),
  80 + 'value' => sanitizeForHTML($this->oUser->getEmail()),
81 81 'autocomplete' => false)),
82 82 array('ktcore.widgets.boolean', array(
83 83 'label' => _kt('Email Notifications'),
... ...