Peter M. Groen / knowledgetree

Commit d79a6769666164f07832a70f7ff94a4f7c566c32

Authored by kevin_fourie
1 parent 03c98e98

Merged in from DEV trunk... 

KTS-2178
"cross site scripting"
Implemented.

Committed By: Conrad
Reviewed By: Kevin

git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/STABLE/trunk@6981 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 29 changed files with 103 additions and 103 deletions
plugins/tagcloud/templates/TagCloud/dashlet.smarty
  View file @d79a676
@@ -2,8 +2,8 @@ @@ -2,8 +2,8 @@
2 <style type="text/css"> 2 <style type="text/css">
3 #tagcloud a, a.link, a.visited, a.hover, a.active { 3 #tagcloud a, a.link, a.visited, a.hover, a.active {
4 4
5 -color: gray;  
6 -border-bottom: 0px; 5 +color: gray;
  6 +border-bottom: 0px;
7 text-decoration: none; 7 text-decoration: none;
8 8
9 } 9 }
@@ -17,9 +17,9 @@ There are no tags defined or accessible. @@ -17,9 +17,9 @@ There are no tags defined or accessible.
17 {else} 17 {else}
18 <div id=tagcloud> 18 <div id=tagcloud>
19 {foreach from=$tags key=tag item=size} 19 {foreach from=$tags key=tag item=size}
20 -  
21 - <a href="{$url}&tag={$tag|urlencode}" style="font-size: {$size}px">{$tag}</a>&nbsp;  
22 - 20 +
  21 + <a href="{$url}&tag={$tag|urlencode}" style="font-size: {$size}px">{$tag|sanitize}</a>&nbsp;
  22 +
23 {/foreach} 23 {/foreach}
24 </div> 24 </div>
25 {/if} 25 {/if}
templates/kt3/fields/base.smarty
  View file @d79a676
@@ -11,5 +11,5 @@ @@ -11,5 +11,5 @@
11 <p class="errorMessage"></p> 11 <p class="errorMessage"></p>
12 {/if} 12 {/if}
13 13
14 - <input type="text" name="{$name}" {if $has_id}id="{$id}"{/if} {if $has_value}value="{$value}"{/if}{if ($options.autocomplete === false)}autocomplete="off"{/if} {if $options.width}size="{$options.width}"{/if} /><input type="hidden" name="kt_core_fieldsets_expect[{$name}]" value ="1" /> 14 + <input type="text" name="{$name}" {if $has_id}id="{$id}"{/if} {if $has_value}value="{$value|sanitize}"{/if}{if ($options.autocomplete === false)}autocomplete="off"{/if} {if $options.width}size="{$options.width}"{/if} /><input type="hidden" name="kt_core_fieldsets_expect[{$name}]" value ="1" />
15 </div> 15 </div>
templates/kt3/fields/password.smarty
  View file @d79a676
@@ -11,5 +11,5 @@ @@ -11,5 +11,5 @@
11 <p class="errorMessage"></p> 11 <p class="errorMessage"></p>
12 {/if} 12 {/if}
13 13
14 - <input type="password" name="{$name}" {if $has_id}id="{$id}"{/if} {if $has_value}value="{$value}"{/if}{if ($options.autocomplete === false)}autocomplete="off"{/if}/><input type="hidden" name="kt_core_fieldsets_expect[{$name}]" value ="1" /> 14 + <input type="password" name="{$name}" {if $has_id}id="{$id}"{/if} {if $has_value}value="{$value|sanitize}"{/if}{if ($options.autocomplete === false)}autocomplete="off"{/if}/><input type="hidden" name="kt_core_fieldsets_expect[{$name}]" value ="1" />
15 </div> 15 </div>
templates/kt3/fields/statictext.smarty
  View file @d79a676
@@ -10,7 +10,7 @@ @@ -10,7 +10,7 @@
10 {else} 10 {else}
11 <p class="errorMessage"></p> 11 <p class="errorMessage"></p>
12 {/if} 12 {/if}
13 -  
14 - <p {if $has_id}id="{$id}"{/if}>{if $has_value}{$value}{/if}</p> 13 +
  14 + <p {if $has_id}id="{$id}"{/if}>{if $has_value}{$value|sanitize}{/if}</p>
15 <!-- <input type="hidden" name="kt_core_fieldsets_expect[{$name}]" value ="1" /> --> 15 <!-- <input type="hidden" name="kt_core_fieldsets_expect[{$name}]" value ="1" /> -->
16 </div> 16 </div>
templates/kt3/fields/text.smarty
  View file @d79a676
@@ -10,11 +10,11 @@ @@ -10,11 +10,11 @@
10 {else} 10 {else}
11 <p class="errorMessage"></p> 11 <p class="errorMessage"></p>
12 {/if} 12 {/if}
13 - 13 +
14 <textarea name="{$name}" 14 <textarea name="{$name}"
15 {if $has_id} id="{$id}"{/if} 15 {if $has_id} id="{$id}"{/if}
16 {if $options.rows} rows="{$options.rows}"{else} rows="7"{/if} 16 {if $options.rows} rows="{$options.rows}"{else} rows="7"{/if}
17 {if $options.cols} cols="{$options.cols}"{else} cols="45"{/if} 17 {if $options.cols} cols="{$options.cols}"{else} cols="45"{/if}
18 - >{if $has_value}{$value}{/if}</textarea> 18 + >{if $has_value}{$value|sanitize}{/if}</textarea>
19 <input type="hidden" name="kt_core_fieldsets_expect[{$name}]" value ="1" /> 19 <input type="hidden" name="kt_core_fieldsets_expect[{$name}]" value ="1" />
20 </div> 20 </div>
templates/kt3/notifications/subscriptions.AddDocument.smarty
  View file @d79a676
1 -<dt class="actionitem subscription">{$info.title}</dt> 1 +<dt class="actionitem subscription">{$info.title|sanitize}</dt>
2 <dd class="actionmessage"> 2 <dd class="actionmessage">
3 <!-- could break this up. --> 3 <!-- could break this up. -->
4 - {i18n arg_object_name=$info.object_name}The document "#object_name#" was added{/i18n}{if ($info.location_name !== null)} {i18n arg_location_name=$info.location_name}to "#location_name#"{/i18n}{/if}{if ($info.has_actor)} {i18n arg_actor_name=$info.actor_name}by #actor_name#{/i18n}{/if}. 4 + {i18n arg_object_name=$info.object_name|sanitize}The document "#object_name#" was added{/i18n}{if ($info.location_name !== null)} {i18n arg_location_name=$info.location_name}to "#location_name#"{/i18n}{/if}{if ($info.has_actor)} {i18n arg_actor_name=$info.actor_name}by #actor_name#{/i18n}{/if}.
5 <div class="actionoptions"> 5 <div class="actionoptions">
6 {if !$is_broken} 6 {if !$is_broken}
7 <a href="{ktLink base="notify.php" query="id=`$info.notify_id`"}">{i18n}View Document{/i18n}</a> 7 <a href="{ktLink base="notify.php" query="id=`$info.notify_id`"}">{i18n}View Document{/i18n}</a>
templates/kt3/notifications/subscriptions.AddFolder.smarty
  View file @d79a676
1 -<dt class="actionitem subscription">{$info.title}</dt> 1 +<dt class="actionitem subscription">{$info.title|sanitize}</dt>
2 <dd class="actionmessage"> 2 <dd class="actionmessage">
3 <!-- could break this up. --> 3 <!-- could break this up. -->
4 - {i18n arg_object_name=$info.object_name}The folder "#object_name#" was added{/i18n}{if ($info.location_name !== null)} {i18n arg_location_name=$info.location_name}to "#location_name#"{/i18n}{/if}{if ($info.has_actor)} {i18n arg_actor_name=$info.actor_name}by #actor_name#{/i18n}{/if}. 4 + {i18n arg_object_name=$info.object_name|sanitize}The folder "#object_name#" was added{/i18n}{if ($info.location_name !== null)} {i18n arg_location_name=$info.location_name}to "#location_name#"{/i18n}{/if}{if ($info.has_actor)} {i18n arg_actor_name=$info.actor_name}by #actor_name#{/i18n}{/if}.
5 <div class="actionoptions"> 5 <div class="actionoptions">
6 {if !$is_broken} 6 {if !$is_broken}
7 <a href="{ktLink base="notify.php" query="id=`$info.notify_id`"}">{i18n}View New Folder{/i18n}</a> 7 <a href="{ktLink base="notify.php" query="id=`$info.notify_id`"}">{i18n}View New Folder{/i18n}</a>
templates/kt3/notifications/subscriptions.ArchivedDocument.smarty
  View file @d79a676
1 -<dt class="actionitem subscription">{$info.title}</dt> 1 +<dt class="actionitem subscription">{$info.title|sanitize}</dt>
2 <dd class="actionmessage"> 2 <dd class="actionmessage">
3 <!-- could break this up. --> 3 <!-- could break this up. -->
4 - {i18n arg_object_name=$info.object_name}The document "#object_name#"{/i18n}{if ($info.location_name !== null)} {i18n arg_location_name=$info.location_name}from "#location_name#"{/i18n}{/if} {i18n}was archived{/i18n}{if ($info.has_actor)} {i18n arg_actor_name=$info.actor_name}by #actor_name#{/i18n}{/if}.  
5 - <div class="actionoptions"> 4 + {i18n arg_object_name=$info.object_name|sanitize}The document "#object_name#"{/i18n}{if ($info.location_name !== null)} {i18n arg_location_name=$info.location_name}from "#location_name#"{/i18n}{/if} {i18n}was archived{/i18n}{if ($info.has_actor)} {i18n arg_actor_name=$info.actor_name}by #actor_name#{/i18n}{/if}.
  5 + <div class="actionoptions">
6 <a href="{ktLink base="notify.php" query="id=`$info.notify_id`&notify_action=clear"}">{i18n}Clear Alert{/i18n}</a> 6 <a href="{ktLink base="notify.php" query="id=`$info.notify_id`&notify_action=clear"}">{i18n}Clear Alert{/i18n}</a>
7 </div> 7 </div>
8 </dd> 8 </dd>
templates/kt3/notifications/subscriptions.CheckInDocument.smarty
  View file @d79a676
1 -<dt class="actionitem subscription">{$info.title}</dt> 1 +<dt class="actionitem subscription">{$info.title|sanitize}</dt>
2 <dd class="actionmessage"> 2 <dd class="actionmessage">
3 <!-- could break this up. --> 3 <!-- could break this up. -->
4 - {i18n arg_object_name=$info.object_name}The document "#object_name#" has been checked in{/i18n}{if ($info.has_actor)} {i18n arg_actor_name=$info.actor_name}by #actor_name#{/i18n}{/if}{if ($info.location_name !== null)}, {i18n arg_location_name=$info.location_name}in the folder "#location_name#"{/i18n}{/if}.  
5 - <div class="actionoptions"> 4 + {i18n arg_object_name=$info.object_name|sanitize}The document "#object_name#" has been checked in{/i18n}{if ($info.has_actor)} {i18n arg_actor_name=$info.actor_name}by #actor_name#{/i18n}{/if}{if ($info.location_name !== null)}, {i18n arg_location_name=$info.location_name}in the folder "#location_name#"{/i18n}{/if}.
  5 + <div class="actionoptions">
6 {if !$is_broken} 6 {if !$is_broken}
7 <a href="{ktLink base="notify.php" query="id=`$info.notify_id`"}">{i18n}View Document{/i18n}</a> 7 <a href="{ktLink base="notify.php" query="id=`$info.notify_id`"}">{i18n}View Document{/i18n}</a>
8 {else} 8 {else}
templates/kt3/notifications/subscriptions.CheckOutDocument.smarty
  View file @d79a676
1 -<dt class="actionitem subscription">{$info.title}</dt> 1 +<dt class="actionitem subscription">{$info.title|sanitize}</dt>
2 <dd class="actionmessage"> 2 <dd class="actionmessage">
3 <!-- could break this up. --> 3 <!-- could break this up. -->
4 - {i18n arg_object_name=$info.object_name}The document "#object_name#" has been checked out{/i18n}{if ($info.has_actor)} {i18n arg_actor_name=$info.actor_name}by #actor_name#{/i18n}{/if}{if ($info.location_name !== null)}, {i18n arg_location_name=$info.location_name}from the folder "#location_name#"{/i18n}{/if}.  
5 - <div class="actionoptions"> 4 + {i18n arg_object_name=$info.object_name|sanitize}The document "#object_name#" has been checked out{/i18n}{if ($info.has_actor)} {i18n arg_actor_name=$info.actor_name}by #actor_name#{/i18n}{/if}{if ($info.location_name !== null)}, {i18n arg_location_name=$info.location_name}from the folder "#location_name#"{/i18n}{/if}.
  5 + <div class="actionoptions">
6 {if !$is_broken} 6 {if !$is_broken}
7 <a href="{ktLink base="notify.php" query="id=`$info.notify_id`"}">{i18n}View Document{/i18n}</a> 7 <a href="{ktLink base="notify.php" query="id=`$info.notify_id`"}">{i18n}View Document{/i18n}</a>
8 {else} 8 {else}
templates/kt3/notifications/subscriptions.DiscussDocument.smarty
  View file @d79a676
1 -<dt class="actionitem subscription">{$info.title}</dt> 1 +<dt class="actionitem subscription">{$info.title|sanitize}</dt>
2 <dd class="actionmessage"> 2 <dd class="actionmessage">
3 <!-- could break this up. --> 3 <!-- could break this up. -->
4 - {if ($info.has_actor)}  
5 - {$info.actor_name} {i18n}has added to the discussion around document{/i18n} "{$info.object_name}".  
6 - {else}  
7 - The discussion around document "{$info.object_name}" has been updated. 4 + {if ($info.has_actor)}
  5 + {$info.actor_name} {i18n}has added to the discussion around document{/i18n} "{$info.object_name|sanitize}".
  6 + {else}
  7 + The discussion around document "{$info.object_name|sanitize}" has been updated.
8 {/if} 8 {/if}
9 - <div class="actionoptions"> 9 + <div class="actionoptions">
10 {if !$is_broken} 10 {if !$is_broken}
11 <a href="{ktLink base="notify.php" query="id=`$info.notify_id`"}">{i18n}View Document{/i18n}</a> 11 <a href="{ktLink base="notify.php" query="id=`$info.notify_id`"}">{i18n}View Document{/i18n}</a>
12 {else} 12 {else}
templates/kt3/notifications/subscriptions.ModifyDocument.smarty
  View file @d79a676
1 -<dt class="actionitem subscription">{$info.title}</dt> 1 +<dt class="actionitem subscription">{$info.title|sanitize}</dt>
2 <dd class="actionmessage"> 2 <dd class="actionmessage">
3 <!-- could break this up. --> 3 <!-- could break this up. -->
4 - {i18n arg_object_name=$info.object_name}The document "#object_name#" has been changed{/i18n}{if ($info.location_name !== null)} {i18n arg_location_name=$info.location_name}in the folder "#location_name#"{/i18n}{/if}{if ($info.has_actor)} {i18n arg_actor_name=$info.actor_name}by #actor_name#{/i18n}{/if}.  
5 - <div class="actionoptions"> 4 + {i18n arg_object_name=$info.object_name|sanitize}The document "#object_name#" has been changed{/i18n}{if ($info.location_name !== null)} {i18n arg_location_name=$info.location_name}in the folder "#location_name#"{/i18n}{/if}{if ($info.has_actor)} {i18n arg_actor_name=$info.actor_name}by #actor_name#{/i18n}{/if}.
  5 + <div class="actionoptions">
6 {if !$is_broken} 6 {if !$is_broken}
7 <a href="{ktLink base="notify.php" query="id=`$info.notify_id`"}">{i18n}View Document{/i18n}</a> 7 <a href="{ktLink base="notify.php" query="id=`$info.notify_id`"}">{i18n}View Document{/i18n}</a>
8 {else} 8 {else}
templates/kt3/notifications/subscriptions.MoveDocument.smarty
  View file @d79a676
1 -<dt class="actionitem subscription">{$info.title}</dt> 1 +<dt class="actionitem subscription">{$info.title|sanitize}</dt>
2 <dd class="actionmessage"> 2 <dd class="actionmessage">
3 <!-- could break this up. --> 3 <!-- could break this up. -->
4 - {i18n arg_object_name=$info.object_name}The document "#object_name#" has been moved{/i18n}{if ($info.location_name !== null)} {i18n arg_location_name=$info.location_name}to the folder "#location_name#"{/i18n}{/if}{if ($info.has_actor)} {i18n arg_actor_name=$info.actor_name}by #actor_name#{/i18n}{/if}.  
5 - <div class="actionoptions"> 4 + {i18n arg_object_name=$info.object_name|sanitize}The document "#object_name#" has been moved{/i18n}{if ($info.location_name !== null)} {i18n arg_location_name=$info.location_name}to the folder "#location_name#"{/i18n}{/if}{if ($info.has_actor)} {i18n arg_actor_name=$info.actor_name}by #actor_name#{/i18n}{/if}.
  5 + <div class="actionoptions">
6 {if !$is_broken} 6 {if !$is_broken}
7 <a href="{ktLink base="notify.php" query="id=`$info.notify_id`"}">{i18n}View New Location{/i18n}</a> 7 <a href="{ktLink base="notify.php" query="id=`$info.notify_id`"}">{i18n}View New Location{/i18n}</a>
8 {else} 8 {else}
9 <span class="descriptiveText">{i18n}Location is no longer available{/i18n}</span> 9 <span class="descriptiveText">{i18n}Location is no longer available{/i18n}</span>
10 {/if} 10 {/if}
11 - 11 +
12 | <a href="{ktLink base="notify.php" query="id=`$info.notify_id`&notify_action=clear"}">{i18n}Clear Alert{/i18n}</a> 12 | <a href="{ktLink base="notify.php" query="id=`$info.notify_id`&notify_action=clear"}">{i18n}Clear Alert{/i18n}</a>
13 </div> 13 </div>
14 </dd> 14 </dd>
templates/kt3/notifications/subscriptions.RemoveChildDocument.smarty
  View file @d79a676
1 -<dt class="actionitem subscription">{$info.title}</dt> 1 +<dt class="actionitem subscription">{$info.title|sanitize}</dt>
2 <dd class="actionmessage"> 2 <dd class="actionmessage">
3 <!-- could break this up. --> 3 <!-- could break this up. -->
4 - {i18n arg_object_name=$info.object_name}The document "#object_name#" has been removed{/i18n}{if ($info.location_name !== null)} {i18n arg_location_name=$info.location_name}from the folder "#location_name#"{/i18n} ({i18n}to which you are subscribed{/i18n}){/if}{if ($info.has_actor)} {i18n arg_actor_name=$info.actor_name}by #actor_name#{/i18n}{/if}.  
5 - <div class="actionoptions"> 4 + {i18n arg_object_name=$info.object_name|sanitize}The document "#object_name#" has been removed{/i18n}{if ($info.location_name !== null)} {i18n arg_location_name=$info.location_name}from the folder "#location_name#"{/i18n} ({i18n}to which you are subscribed{/i18n}){/if}{if ($info.has_actor)} {i18n arg_actor_name=$info.actor_name}by #actor_name#{/i18n}{/if}.
  5 + <div class="actionoptions">
6 {if !$is_broken} 6 {if !$is_broken}
7 <a href="{ktLink base="notify.php" query="id=`$info.notify_id`"}">{i18n}View Folder{/i18n}</a> 7 <a href="{ktLink base="notify.php" query="id=`$info.notify_id`"}">{i18n}View Folder{/i18n}</a>
8 {else} 8 {else}
templates/kt3/notifications/subscriptions.RemoveChildFolder.smarty
  View file @d79a676
1 -<dt class="actionitem subscription">{$info.title}</dt> 1 +<dt class="actionitem subscription">{$info.title|sanitize}</dt>
2 <dd class="actionmessage"> 2 <dd class="actionmessage">
3 <!-- could break this up. --> 3 <!-- could break this up. -->
4 - {i18n arg_object_name=$info.object_name}The folder "#object_name#" has been removed{/i18n}{if ($info.location_name !== null)} {i18n arg_location_name=$info.location_name}from "#location_name#"{/i18n}{/if}{if ($info.has_actor)} {i18n arg_actor_name=$info.actor_name}by #actor_name#{/i18n}{/if}. 4 + {i18n arg_object_name=$info.object_name|sanitize}The folder "#object_name#" has been removed{/i18n}{if ($info.location_name !== null)} {i18n arg_location_name=$info.location_name}from "#location_name#"{/i18n}{/if}{if ($info.has_actor)} {i18n arg_actor_name=$info.actor_name}by #actor_name#{/i18n}{/if}.
5 <div class="actionoptions"> 5 <div class="actionoptions">
6 {if !$is_broken} 6 {if !$is_broken}
7 - <a href="{ktLink base="notify.php" query="id=`$info.notify_id`"}">{i18n}View Folder{/i18n}</a> 7 + <a href="{ktLink base="notify.php" query="id=`$info.notify_id`"}">{i18n}View Folder{/i18n}</a>
8 {else} 8 {else}
9 <span class="descriptiveText">{i18n}Location is no longer available{/i18n}</span> 9 <span class="descriptiveText">{i18n}Location is no longer available{/i18n}</span>
10 {/if} 10 {/if}
11 - 11 +
12 | <a href="{ktLink base="notify.php" query="id=`$info.notify_id`&notify_action=clear"}">{i18n}Clear Alert{/i18n}</a> 12 | <a href="{ktLink base="notify.php" query="id=`$info.notify_id`&notify_action=clear"}">{i18n}Clear Alert{/i18n}</a>
13 </div> 13 </div>
14 </dd> 14 </dd>
templates/kt3/notifications/subscriptions.RemoveSubscribedDocument.smarty
  View file @d79a676
1 -<dt class="actionitem subscription">{$info.title}</dt> 1 +<dt class="actionitem subscription">{$info.title|sanitize}</dt>
2 <dd class="actionmessage"> 2 <dd class="actionmessage">
3 <!-- could break this up. --> 3 <!-- could break this up. -->
4 - {i18n arg_object_name=$info.object_name}The document "#object_name#" to which you were subscribed, has been removed{/i18n}{if ($info.has_actor)} {i18n arg_actor_name=$info.actor_name}by #actor_name#{/i18n}{/if}.  
5 - <div class="actionoptions"> 4 + {i18n arg_object_name=$info.object_name|sanitize}The document "#object_name#" to which you were subscribed, has been removed{/i18n}{if ($info.has_actor)} {i18n arg_actor_name=$info.actor_name}by #actor_name#{/i18n}{/if}.
  5 + <div class="actionoptions">
6 <a href="{ktLink base="notify.php" query="id=`$info.notify_id`&notify_action=clear"}">{i18n}Clear Alert{/i18n}</a> 6 <a href="{ktLink base="notify.php" query="id=`$info.notify_id`&notify_action=clear"}">{i18n}Clear Alert{/i18n}</a>
7 </div> 7 </div>
8 </dd> 8 </dd>
templates/kt3/notifications/subscriptions.RemoveSubscribedFolder.smarty
  View file @d79a676
1 -<dt class="actionitem subscription">{$info.title}</dt> 1 +<dt class="actionitem subscription">{$info.title|sanitize}</dt>
2 <dd class="actionmessage"> 2 <dd class="actionmessage">
3 <!-- could break this up. --> 3 <!-- could break this up. -->
4 - {i18n arg_object_name=$info.object_name}The folder "#object_name#" to which you were subscribed, has been removed{/i18n}{if ($info.has_actor)} {i18n arg_actor_name=$info.actor_name}by #actor_name#{/i18n}{/if}.  
5 - <div class="actionoptions"> 4 + {i18n arg_object_name=$info.object_name|sanitize}The folder "#object_name#" to which you were subscribed, has been removed{/i18n}{if ($info.has_actor)} {i18n arg_actor_name=$info.actor_name}by #actor_name#{/i18n}{/if}.
  5 + <div class="actionoptions">
6 <a href="{ktLink base="notify.php" query="id=`$info.notify_id`&notify_action=clear"}">{i18n}Clear Alert{/i18n}</a> 6 <a href="{ktLink base="notify.php" query="id=`$info.notify_id`&notify_action=clear"}">{i18n}Clear Alert{/i18n}</a>
7 </div> 7 </div>
8 </dd> 8 </dd>
templates/kt3/notifications/subscriptions.RestoreDocument.smarty
  View file @d79a676
1 -<dt class="actionitem subscription">{$info.title}</dt> 1 +<dt class="actionitem subscription">{$info.title|sanitize}</dt>
2 <dd class="actionmessage"> 2 <dd class="actionmessage">
3 <!-- could break this up. --> 3 <!-- could break this up. -->
4 - {i18n arg_object_name=$info.object_name}The document "#object_name#" has been restored by an administrator.{/i18n}  
5 - <div class="actionoptions"> 4 + {i18n arg_object_name=$info.object_name|sanitize}The document "#object_name#" has been restored by an administrator.{/i18n}
  5 + <div class="actionoptions">
6 <a href="{ktLink base="notify.php" query="id=`$info.notify_id`&notify_action=clear"}">{i18n}Clear Alert{/i18n}</a> 6 <a href="{ktLink base="notify.php" query="id=`$info.notify_id`&notify_action=clear"}">{i18n}Clear Alert{/i18n}</a>
7 </div> 7 </div>
8 </dd> 8 </dd>
templates/kt3/notifications/subscriptions.generic.smarty
  View file @d79a676
1 -<dt class="actionitem subscription">{$info.title}</dt> 1 +<dt class="actionitem subscription">{$info.title|sanitize}</dt>
2 <dd class="actionmessage"> 2 <dd class="actionmessage">
3 <div class="actionoptions"> 3 <div class="actionoptions">
4 <a href="{ktLink base="notify.php" query="id=`$info.notify_id`&notify_action=clear"}">{i18n}Clear Alert{/i18n}</a> 4 <a href="{ktLink base="notify.php" query="id=`$info.notify_id`&notify_action=clear"}">{i18n}Clear Alert{/i18n}</a>
templates/kt3/reorderdisplay.smarty
  View file @d79a676
@@ -16,7 +16,7 @@ @@ -16,7 +16,7 @@
16 <td> 16 <td>
17 <input type="hidden" class="reorder-field" name="position[]" value="{$iPosition}" /> 17 <input type="hidden" class="reorder-field" name="position[]" value="{$iPosition}" />
18 <input type="hidden" name="id[]" value="{$aItem.id}" /> 18 <input type="hidden" name="id[]" value="{$aItem.id}" />
19 - {$aItem.title} 19 + {$aItem.title|sanitize}
20 </td> 20 </td>
21 <td><a href="#" class="reorder-up ktAction ktMoveUp">&nbsp;</a></td> 21 <td><a href="#" class="reorder-up ktAction ktMoveUp">&nbsp;</a></td>
22 <td><a href="#" class="reorder-down ktAction ktMoveDown">&nbsp;</a></td> 22 <td><a href="#" class="reorder-down ktAction ktMoveDown">&nbsp;</a></td>
templates/kt3/standard_page.smarty
  View file @d79a676
@@ -182,7 +182,7 @@ @@ -182,7 +182,7 @@
182 <div class="error_dashlet_rightrepeat_bottom"></div> 182 <div class="error_dashlet_rightrepeat_bottom"></div>
183 <div class="error_dashlet_leftrepeat_bottom"></div> 183 <div class="error_dashlet_leftrepeat_bottom"></div>
184 {foreach item=sError from=$page->errStack} 184 {foreach item=sError from=$page->errStack}
185 - <p>{$sError}</p> 185 + <p>{$sError|sanitize}</p>
186 {/foreach} 186 {/foreach}
187 <div class="error_dashlet_topleft_small"></div> 187 <div class="error_dashlet_topleft_small"></div>
188 <div class="error_dashlet_toprepeat_small"></div> 188 <div class="error_dashlet_toprepeat_small"></div>
@@ -199,7 +199,7 @@ @@ -199,7 +199,7 @@
199 <div class="info_dashlet_rightrepeat_bottom"></div> 199 <div class="info_dashlet_rightrepeat_bottom"></div>
200 <div class="info_dashlet_leftrepeat_bottom"></div> 200 <div class="info_dashlet_leftrepeat_bottom"></div>
201 {foreach item=sInfo from=$page->infoStack} 201 {foreach item=sInfo from=$page->infoStack}
202 - <p>{$sInfo}</p> 202 + <p>{$sInfo|sanitize}</p>
203 {/foreach} 203 {/foreach}
204 <div class="info_dashlet_topleft_small"></div> 204 <div class="info_dashlet_topleft_small"></div>
205 <div class="info_dashlet_toprepeat_small"></div> 205 <div class="info_dashlet_toprepeat_small"></div>
templates/kt3/view_folder_history.smarty
  View file @d79a676
1 -<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Folder Transaction History{/i18n}:<br />{$folder->getName()}</h2> 1 +<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Folder Transaction History{/i18n}:<br />{$folder->getName()|sanitize}</h2>
2 2
3 <p class="descriptiveText">{i18n}This page provides details of all activities that have been carried out on the folder.{/i18n}</p> 3 <p class="descriptiveText">{i18n}This page provides details of all activities that have been carried out on the folder.{/i18n}</p>
4 4
templates/ktcore/action/delete.smarty
  View file @d79a676
1 -<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Delete Document{/i18n}:<br />{$context->oDocument->getName()}</h2> 1 +<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Delete Document{/i18n}:<br />{$context->oDocument->getName()|sanitize}</h2>
2 2
3 <p class="descriptiveText">{i18n}Deleting a document marks it as no longer 3 <p class="descriptiveText">{i18n}Deleting a document marks it as no longer
4 being displayed. The document management system does not remove the 4 being displayed. The document management system does not remove the
templates/ktcore/document/admin/force_checkin_confirm.smarty
  View file @d79a676
@@ -5,11 +5,11 @@ @@ -5,11 +5,11 @@
5 <h3>{i18n}Document Details{/i18n}</h3> 5 <h3>{i18n}Document Details{/i18n}</h3>
6 <dl class="metadata"> 6 <dl class="metadata">
7 <dt>{i18n}Document Name{/i18n}</dt> 7 <dt>{i18n}Document Name{/i18n}</dt>
8 - <dd>{$document->getName()}</dd>  
9 - 8 + <dd>{$document->getName()|sanitize}</dd>
  9 +
10 <dt>{i18n}Location{/i18n}</dt> 10 <dt>{i18n}Location{/i18n}</dt>
11 <dd>{$document->getDisplayPath()}</dd> 11 <dd>{$document->getDisplayPath()}</dd>
12 - 12 +
13 <dt>{i18n}Checked out by{/i18n}</dt> 13 <dt>{i18n}Checked out by{/i18n}</dt>
14 {if ($checkout_user !== null)} 14 {if ($checkout_user !== null)}
15 <dd> 15 <dd>
templates/ktcore/document/edit.smarty
  View file @d79a676
@@ -11,7 +11,7 @@ @@ -11,7 +11,7 @@
11 11
12 {$context->oPage->requireCSSResource('resources/css/kt-treewidget.css')} 12 {$context->oPage->requireCSSResource('resources/css/kt-treewidget.css')}
13 13
14 -<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Edit Metadata{/i18n}:<br />{$context->oDocument->getName()}</h2> 14 +<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Edit Metadata{/i18n}:<br />{$context->oDocument->getName()|sanitize}</h2>
15 15
16 {capture assign=link}{addQS}action=selectType&fDocumentId={$document->getId()}{/addQS}{/capture} 16 {capture assign=link}{addQS}action=selectType&fDocumentId={$document->getId()}{/addQS}{/capture}
17 <p class="descriptiveText">{i18n arg_link=$link arg_name=$type_name}Change the <strong><a href="#link#">document type</a></strong>. The current type is "#name#"{/i18n}</p> 17 <p class="descriptiveText">{i18n arg_link=$link arg_name=$type_name}Change the <strong><a href="#link#">document type</a></strong>. The current type is "#name#"{/i18n}</p>
templates/ktcore/workflow/editState.smarty
  View file @d79a676
@@ -20,7 +20,7 @@ td.false { background-color: #ffaaaa; text-align: centre } @@ -20,7 +20,7 @@ td.false { background-color: #ffaaaa; text-align: centre }
20 {/literal}{/capture} 20 {/literal}{/capture}
21 {$context->oPage->requireCSSStandalone($sCSS)} 21 {$context->oPage->requireCSSStandalone($sCSS)}
22 22
23 -<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}State{/i18n}:<br />{$oState->getName()}</h2> 23 +<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}State{/i18n}:<br />{$oState->getName()|sanitize}</h2>
24 24
25 <p class="descriptiveText">{i18n}As documents move through their lifecycle, they 25 <p class="descriptiveText">{i18n}As documents move through their lifecycle, they
26 are placed in certain <strong>states</strong>. For example, an invoice 26 are placed in certain <strong>states</strong>. For example, an invoice
templates/ktcore/workflow/editTransition.smarty
  View file @d79a676
1 -<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Transition{/i18n}:<br />{$oTransition->getName()}</h2> 1 +<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Transition{/i18n}:<br />{$oTransition->getName()|sanitize}</h2>
2 2
3 <form action="{$smarty.server.PHP_SELF}" method="POST"> 3 <form action="{$smarty.server.PHP_SELF}" method="POST">
4 <fieldset> 4 <fieldset>
@@ -32,79 +32,79 @@ requirement.{/i18n}&lt;/p&gt; @@ -32,79 +32,79 @@ requirement.{/i18n}&lt;/p&gt;
32 occur when a transition is performed, and to control who can perform the transition. Some triggers 32 occur when a transition is performed, and to control who can perform the transition. Some triggers
33 perform <strong>both</strong> of these functions, especially if performing the action requires that 33 perform <strong>both</strong> of these functions, especially if performing the action requires that
34 certain conditions are in place before the action will occur.{/i18n}</p> 34 certain conditions are in place before the action will occur.{/i18n}</p>
35 - 35 +
36 <form method="POST" action="{$smarty.server.PHP_SELF}"> 36 <form method="POST" action="{$smarty.server.PHP_SELF}">
37 37
38 <input type="hidden" name="action" value="addTrigger" /> 38 <input type="hidden" name="action" value="addTrigger" />
39 <input type="hidden" name="fWorkflowId" value="{$oWorkflow->getId()}" /> 39 <input type="hidden" name="fWorkflowId" value="{$oWorkflow->getId()}" />
40 <input type="hidden" name="fTransitionId" value="{$oTransition->getId()}" /> 40 <input type="hidden" name="fTransitionId" value="{$oTransition->getId()}" />
41 - 41 +
42 {foreach item=oWidget from=$add_trigger_fields} 42 {foreach item=oWidget from=$add_trigger_fields}
43 {$oWidget->render()} 43 {$oWidget->render()}
44 - {/foreach}  
45 - 44 + {/foreach}
  45 +
46 <div class="form_actions"> 46 <div class="form_actions">
47 <input type="submit" value="Add Trigger" /> 47 <input type="submit" value="Add Trigger" />
48 </div> 48 </div>
49 </form> 49 </form>
50 - 50 +
51 <h3>{i18n}Guards{/i18n}</h3> 51 <h3>{i18n}Guards{/i18n}</h3>
52 - 52 +
53 <p class="descriptiveText">{i18n}Items which control whether a given user can perform this transition 53 <p class="descriptiveText">{i18n}Items which control whether a given user can perform this transition
54 on a specific document. <strong>All of these must allow the user to perform the transition.</strong>{/i18n}</p> 54 on a specific document. <strong>All of these must allow the user to perform the transition.</strong>{/i18n}</p>
55 {if empty($aGuardTriggers)} 55 {if empty($aGuardTriggers)}
56 - <div class="ktInfoMessage"><span>{i18n}Anybody (with the ability to see the document) can perform this transition.{/i18n}</span></div> 56 + <div class="ktInfoMessage"><span>{i18n}Anybody (with the ability to see the document) can perform this transition.{/i18n}</span></div>
57 {else} 57 {else}
58 - 58 +
59 <table class="kt_collection narrow" cellspacing="0"> 59 <table class="kt_collection narrow" cellspacing="0">
60 <thead> 60 <thead>
61 <tr> 61 <tr>
62 - <th>{i18n}Trigger{/i18n}</th>  
63 - <th>{i18n}Configuration{/i18n}</th>  
64 - <th>{i18n}Edit{/i18n}</th>  
65 - <th>{i18n}Delete{/i18n}</th>  
66 - </tr>  
67 - </thead> 62 + <th>{i18n}Trigger{/i18n}</th>
  63 + <th>{i18n}Configuration{/i18n}</th>
  64 + <th>{i18n}Edit{/i18n}</th>
  65 + <th>{i18n}Delete{/i18n}</th>
  66 + </tr>
  67 + </thead>
68 <tbody> 68 <tbody>
69 {foreach from=$aGuardTriggers item=oTrigger} 69 {foreach from=$aGuardTriggers item=oTrigger}
70 <tr> 70 <tr>
71 <td>{$oTrigger->getName()}</td> 71 <td>{$oTrigger->getName()}</td>
72 <td>{$oTrigger->getConfigDescription()}</td> 72 <td>{$oTrigger->getConfigDescription()}</td>
73 <td>{if $oTrigger->bIsConfigurable}<a class="ktAction ktEdit" href="{addQS}action=editTrigger&fWorkflowId={$oWorkflow->getId()}&fTransitionId={$oTransition->getId()}&fTriggerInstanceId={$oTrigger->getConfigId()}{/addQS}">edit</a>{else}&mdash;{/if}</td> 73 <td>{if $oTrigger->bIsConfigurable}<a class="ktAction ktEdit" href="{addQS}action=editTrigger&fWorkflowId={$oWorkflow->getId()}&fTransitionId={$oTransition->getId()}&fTriggerInstanceId={$oTrigger->getConfigId()}{/addQS}">edit</a>{else}&mdash;{/if}</td>
74 - <td><a class="ktAction ktDelete" href="{addQS}action=deleteTrigger&fWorkflowId={$oWorkflow->getId()}&fTransitionId={$oTransition->getId()}&fTriggerInstanceId={$oTrigger->getConfigId()}{/addQS}">delete</a></td> 74 + <td><a class="ktAction ktDelete" href="{addQS}action=deleteTrigger&fWorkflowId={$oWorkflow->getId()}&fTransitionId={$oTransition->getId()}&fTriggerInstanceId={$oTrigger->getConfigId()}{/addQS}">delete</a></td>
75 </tr> 75 </tr>
76 - {/foreach} 76 + {/foreach}
77 </tbody> 77 </tbody>
78 - </table>  
79 - 78 + </table>
  79 +
80 {/if} 80 {/if}
81 <h3>Actions</h3> 81 <h3>Actions</h3>
82 82
83 - <p class="descriptiveText">{i18n}Actions which are performed when the document follows the transition.{/i18n}</p> 83 + <p class="descriptiveText">{i18n}Actions which are performed when the document follows the transition.{/i18n}</p>
84 {if empty($aActionTriggers)} 84 {if empty($aActionTriggers)}
85 - <div class="ktInfoMessage"><span>{i18n}No actions are performed when this transition occurs.{/i18n}</span></div> 85 + <div class="ktInfoMessage"><span>{i18n}No actions are performed when this transition occurs.{/i18n}</span></div>
86 {else} 86 {else}
87 - 87 +
88 <table class="kt_collection narrow" cellspacing="0"> 88 <table class="kt_collection narrow" cellspacing="0">
89 <thead> 89 <thead>
90 <tr> 90 <tr>
91 - <th>{i18n}Trigger{/i18n}</th>  
92 - <th>{i18n}Configuration{/i18n}</th>  
93 - <th>{i18n}Edit{/i18n}</th>  
94 - <th>{i18n}Delete{/i18n}</th>  
95 - </tr>  
96 - </thead> 91 + <th>{i18n}Trigger{/i18n}</th>
  92 + <th>{i18n}Configuration{/i18n}</th>
  93 + <th>{i18n}Edit{/i18n}</th>
  94 + <th>{i18n}Delete{/i18n}</th>
  95 + </tr>
  96 + </thead>
97 <tbody> 97 <tbody>
98 {foreach from=$aActionTriggers item=oTrigger} 98 {foreach from=$aActionTriggers item=oTrigger}
99 <tr> 99 <tr>
100 <td>{$oTrigger->getName()}</td> 100 <td>{$oTrigger->getName()}</td>
101 <td>{$oTrigger->getConfigDescription()}</td> 101 <td>{$oTrigger->getConfigDescription()}</td>
102 <td>{if $oTrigger->bIsConfigurable}<a class="ktAction ktEdit" href="{addQS}action=editTrigger&fWorkflowId={$oWorkflow->getId()}&fTransitionId={$oTransition->getId()}&fTriggerInstanceId={$oTrigger->getConfigId()}{/addQS}">edit</a>{else}&mdash;{/if}</td> 102 <td>{if $oTrigger->bIsConfigurable}<a class="ktAction ktEdit" href="{addQS}action=editTrigger&fWorkflowId={$oWorkflow->getId()}&fTransitionId={$oTransition->getId()}&fTriggerInstanceId={$oTrigger->getConfigId()}{/addQS}">edit</a>{else}&mdash;{/if}</td>
103 - <td><a class="ktAction ktDelete" href="{addQS}action=deleteTrigger&fWorkflowId={$oWorkflow->getId()}&fTransitionId={$oTransition->getId()}&fTriggerInstanceId={$oTrigger->getConfigId()}{/addQS}">delete</a></td> 103 + <td><a class="ktAction ktDelete" href="{addQS}action=deleteTrigger&fWorkflowId={$oWorkflow->getId()}&fTransitionId={$oTransition->getId()}&fTriggerInstanceId={$oTrigger->getConfigId()}{/addQS}">delete</a></td>
104 </tr> 104 </tr>
105 - {/foreach} 105 + {/foreach}
106 </tbody> 106 </tbody>
107 - </table>  
108 -  
109 - {/if} 107 + </table>
  108 +
  109 + {/if}
110 </fieldset> 110 </fieldset>
templates/ktcore/workflow/editWorkflow.smarty
  View file @d79a676
1 {$context->oPage->requireCSSResource('resources/css/workflow-admin.css')} 1 {$context->oPage->requireCSSResource('resources/css/workflow-admin.css')}
2 2
3 -<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Workflow Overview{/i18n}:<br />{$oWorkflow->getName()}</h2> 3 +<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Workflow Overview{/i18n}:<br />{$oWorkflow->getName()|sanitize}</h2>
4 4
5 5
6 <form action="{$smarty.server.PHP_SELF}" method="POST"> 6 <form action="{$smarty.server.PHP_SELF}" method="POST">
@@ -34,17 +34,17 @@ or use the &quot;Workflow&quot; menu on the left to create new ones.{/i18n}&lt;/p&gt; @@ -34,17 +34,17 @@ or use the &quot;Workflow&quot; menu on the left to create new ones.{/i18n}&lt;/p&gt;
34 <li>{i18n}Notified groups & roles{/i18n}: 34 <li>{i18n}Notified groups & roles{/i18n}:
35 {$context->getNotificationStringForState($oState)} 35 {$context->getNotificationStringForState($oState)}
36 </li> 36 </li>
37 - 37 +
38 <li>{i18n}Controlled Actions available{/i18n}: 38 <li>{i18n}Controlled Actions available{/i18n}:
39 {$context->getActionStringForState($oState)} 39 {$context->getActionStringForState($oState)}
40 </li> 40 </li>
41 - 41 +
42 <li>{i18n}Permissions overridden{/i18n}: {$context->getPermissionStringForState($oState)}</li> 42 <li>{i18n}Permissions overridden{/i18n}: {$context->getPermissionStringForState($oState)}</li>
43 - 43 +
44 <li>{i18n}Transitions available{/i18n}: 44 <li>{i18n}Transitions available{/i18n}:
45 {$context->getTransitionFromStringForState($oState)} 45 {$context->getTransitionFromStringForState($oState)}
46 </li> 46 </li>
47 - 47 +
48 <li>{i18n}Transitions to this state{/i18n}: 48 <li>{i18n}Transitions to this state{/i18n}:
49 {$context->getTransitionToStringForState($oState)} 49 {$context->getTransitionToStringForState($oState)}
50 </li> 50 </li>
templates/ktstandard/PDFPlugin/PDFPlugin.smarty
  View file @d79a676
1 -<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Generate PDF of{/i18n}:<br />{$context->oDocument->getName()}</h2> 1 +<h2><img src="{if $config->get("ui/morphEnabled") == '1'}{$rootUrl}/skins/kts_{$config->get("ui/morphTo")}/title_bullet.png{else}{$rootUrl}/resources/graphics/title_bullet.png{/if}"/>{i18n}Generate PDF of{/i18n}:<br />{$context->oDocument->getName()|sanitize}</h2>
2 2
3 {$form->render()} 3 {$form->render()}