Peter M. Groen / knowledgetree

Commit dda53eead84ea1f5fd0136d69ad95c617a84cd6a

Authored by conradverm
1 parent 00fecc34

KTS-2178 

"cross site scripting"
Updated.

Reviewed By: Kevin Fourie

git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@6923 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 1 changed file with 83 additions and 83 deletions
plugins/rssplugin/KTrss.inc.php
  View file @dda53ee
... ... @@ -4,7 +4,7 @@
4 4 * License Version 1.1.2 ("License"); You may not use this file except in
5 5 * compliance with the License. You may obtain a copy of the License at
6 6 * http://www.knowledgetree.com/KPL
7   - *
  7 + *
8 8 * Software distributed under the License is distributed on an "AS IS"
9 9 * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied.
10 10 * See the License for the specific language governing rights and
... ... @@ -15,9 +15,9 @@
15 15 * (ii) the KnowledgeTree copyright notice
16 16 * in the same form as they appear in the distribution. See the License for
17 17 * requirements.
18   - *
  18 + *
19 19 * The Original Code is: KnowledgeTree Open Source
20   - *
  20 + *
21 21 * The Initial Developer of the Original Code is The Jam Warehouse Software
22 22 * (Pty) Ltd, trading as KnowledgeTree.
23 23 * Portions created by The Jam Warehouse Software (Pty) Ltd are Copyright
... ... @@ -52,7 +52,7 @@ class KTrss{
52 52 $sQuery = "SELECT id, url, title FROM plugin_rss WHERE user_id = ?";
53 53 $aParams = array($iUserId);
54 54 $aFeeds = DBUtil::getResultArray(array($sQuery, $aParams));
55   -
  55 +
56 56 if (PEAR::isError($aFeeds)) {
57 57 // XXX: log error
58 58 return false;
... ... @@ -61,7 +61,7 @@ class KTrss{
61 61 return $aFeeds;
62 62 }
63 63 }
64   -
  64 +
65 65 // Gets full listing of data of documents and folders subscribed to
66 66 function getInternalFeed($iUserId){
67 67 $documents=KTrss::getDocuments($iUserId);
... ... @@ -75,13 +75,13 @@ class KTrss{
75 75 }
76 76 return $response;
77 77 }
78   -
  78 +
79 79 // Get list of document subscriptions
80 80 function getDocumentList($iUserId){
81 81 $sQuery = "SELECT document_id as id FROM document_subscriptions WHERE user_id = ?";
82 82 $aParams = array($iUserId);
83 83 $aDocumentList = DBUtil::getResultArrayKey(array($sQuery, $aParams), 'id');
84   -
  84 +
85 85 if (PEAR::isError($aDocumentList)) {
86 86 // XXX: log error
87 87 return false;
... ... @@ -90,13 +90,13 @@ class KTrss{
90 90 return $aDocumentList;
91 91 }
92 92 }
93   -
  93 +
94 94 // Get list of folder subscriptions
95 95 function getFolderList($iUserId){
96 96 $sQuery = "SELECT folder_id as id, is_tree as tree FROM folder_subscriptions WHERE user_id = ?";
97 97 $aParams = array($iUserId);
98 98 $aFolderList = DBUtil::getResultArray(array($sQuery, $aParams));
99   -
  99 +
100 100 if (PEAR::isError($aFolderList)) {
101 101 // XXX: log error
102 102 return false;
... ... @@ -105,14 +105,14 @@ class KTrss{
105 105 return $aFolderList;
106 106 }
107 107 }
108   -
  108 +
109 109 // Get data for all documents subscribed to
110 110 function getDocuments($iUserId){
111 111 $aDList = KTrss::getDocumentList($iUserId);
112 112 if($aDList){
113 113 foreach($aDList as $document_id){
114 114 $document = KTrss::getOneDocument($document_id, $iUserId);
115   - if($document){
  115 + if($document){
116 116 $aDocuments[] = $document;
117 117 }
118 118 }
... ... @@ -125,7 +125,7 @@ class KTrss{
125 125 return $aDocuments;
126 126 }
127 127 }
128   -
  128 +
129 129 // Get data for all folders subscribed to
130 130 function getFolders($iUserId){
131 131 $aFList = KTrss::getFolderList($iUserId);
... ... @@ -139,7 +139,7 @@ class KTrss{
139 139 }
140 140 }
141 141 }
142   -
  142 +
143 143 if (PEAR::isError($aFolders)) {
144 144 // XXX: log error
145 145 return false;
... ... @@ -148,13 +148,13 @@ class KTrss{
148 148 return $aFolders;
149 149 }
150 150 }
151   -
  151 +
152 152 function getChildrenFolderTransactions($iParentFolderId, $depth = '1'){
153 153 if($depth == '1'){
154 154 $sQuery = "SELECT id from folders WHERE parent_folder_ids LIKE ?";
155 155 $aParams = array('%'.$iParentFolderId);
156 156 }//else
157   -
  157 +
158 158 $aFolderList = DBUtil::getResultArray(array($sQuery, $aParams));
159 159 if (PEAR::isError($aFolderList)) {
160 160 // XXX: log error
... ... @@ -162,7 +162,7 @@ class KTrss{
162 162 }
163 163 if ($aFolderList) {
164 164 foreach($aFolderList as $folderElement){
165   - $folder_id = $folderElement['id'];
  165 + $folder_id = $folderElement['id'];
166 166 $aFolderTransactions = array_merge($aFolderTransactions, KTrss::getFolderTransactions($folder_id));
167 167 }
168 168 }
... ... @@ -170,13 +170,13 @@ class KTrss{
170 170 return $aFolderTransactions;
171 171 }
172 172 }
173   -
  173 +
174 174 function getChildrenDocumentTransactions($iParentFolderId, $depth = '1'){
175 175 if($depth == '1'){
176 176 $sQuery = "SELECT id from documents WHERE parent_folder_ids LIKE ? ";
177 177 $aParams = array('%'.$iParentFolderId);
178 178 }//else
179   -
  179 +
180 180 $aDocumentList = DBUtil::getResultArray(array($sQuery, $aParams));
181 181  
182 182 if (PEAR::isError($aDocumentList)) {
... ... @@ -185,7 +185,7 @@ class KTrss{
185 185 }
186 186 if ($aDocumentList) {
187 187 foreach($aDocumentList as $documentElement){
188   - $document_id = $documentElement['id'];
  188 + $document_id = $documentElement['id'];
189 189 $aDocumentTransactions = array_merge($aDocumentTransactions, KTrss::getDocumentTransactions($document_id));
190 190 }
191 191 }
... ... @@ -193,19 +193,19 @@ class KTrss{
193 193 return $aDocumentTransactions;
194 194 }
195 195 }
196   -
  196 +
197 197 // get information on document
198 198 function getOneDocument($iDocumentId, $iUserId){
199 199 $aDData = KTrss::getDocumentData($iUserId, $iDocumentId);
200 200 $aDTransactions = KTrss::getDocumentTransactions($iDocumentId);
201 201 if($aDData){
202 202 $aDData['itemType'] = 'document';
203   -
  203 +
204 204 // create mime info
205 205 $aMimeInfo = KTrss::getMimeTypeInfo($iUserId, $iDocumentId);
206 206 $aDData['mimeTypeFName'] = $aMimeInfo['typeFName'];
207 207 $aDData['mimeTypeIcon'] = $aMimeInfo['typeIcon'];
208   -
  208 +
209 209 $aDocument[] = $aDData;
210 210 $aDocument[] = $aDTransactions;
211 211 }
... ... @@ -216,33 +216,33 @@ class KTrss{
216 216 return $aDocument;
217 217 }
218 218 }
219   -
  219 +
220 220 // get information for folder
221 221 function getOneFolder($iFolderId){
222 222 $aFData = KTrss::getFolderData($iFolderId);
223 223 $aFTransactions = array_merge(KTrss::getChildrenFolderTransactions($iFolderId), KTrss::getFolderTransactions($iFolderId));
224 224 $aFTransactions = array_merge($aFTransactions, KTrss::getChildrenDocumentTransactions($iFolderId));
225   -
  225 +
226 226 $code = 'if (strtotime($a[datetime]) == strtotime($b[datetime])){
227 227 return 0;
228 228 }
229 229 return (strtotime($a[datetime]) > strtotime($b[datetime])) ? -1 : 1;';
230   -
  230 +
231 231 $compare = create_function('$a,$b', $code);
232   -
  232 +
233 233 usort($aFTransactions, $compare);
234 234 for($i=0; $i<4; $i++){
235 235 $aFTransactions_new[] = $aFTransactions[$i];
236 236 }
237 237 $aFTransactions = $aFTransactions_new;
238   -
  238 +
239 239 if($aFData){
240 240 $aFData['itemType'] = 'folder';
241   -
  241 +
242 242 // create mime info
243 243 $aFData['mimeTypeFName'] = 'Folder';
244 244 $aFData['mimeTypeIcon'] = KTrss::getFolderIcon();
245   -
  245 +
246 246 $aFolder[] = $aFData;
247 247 $aFolder[] = $aFTransactions;
248 248 $aFolderBox[] = $aFolder;
... ... @@ -254,7 +254,7 @@ class KTrss{
254 254 return $aFolder;
255 255 }
256 256 }
257   -
  257 +
258 258 // Takes in an array as a parameter and returns rss2.0 compatible xml
259 259 function arrayToXML($aItems){
260 260 // Build path to host
... ... @@ -282,7 +282,7 @@ class KTrss{
282 282 $sTypeSelect = 'document.transactionhistory&amp;fDocumentId';
283 283 }
284 284 $feed .= "<item>\n" .
285   - "<title>".$aItems[0][0][name]."</title>\n" .
  285 + "<title>".htmlentities($aItems[0][0][name],ENT_QUOTES, 'UTF-8')."</title>\n" .
286 286 "<link>".$hostPath."action.php?kt_path_info=ktcore.actions.".$sTypeSelect."=".$aItems[0][0]['id']."</link>\n" .
287 287 "<description>\n" .
288 288 "&lt;table border='0' width='90%'&gt;\n".
... ... @@ -291,14 +291,14 @@ class KTrss{
291 291 "&lt;a href='".$hostPath."action.php?kt_path_info=ktcore.actions.".$sTypeSelect."=".$aItems[0][0][id]."' &gt;&lt;img src='".$aItems[0][mimeTypeIcon]."' align='left' height='16px' width='16px' alt='' border='0' /&gt;&lt;/a&gt;" .
292 292 "&lt;/td&gt;\n".
293 293 "&lt;td align='left'&gt; ".$aItems[0][mimeTypeFName]."&lt;/td&gt;\n".
294   - "&lt;/tr&gt;\n".
  294 + "&lt;/tr&gt;\n".
295 295 "&lt;tr&gt;\n".
296 296 "&lt;td colspan='2'&gt;\n".
297 297 ucfirst($aItems[0]['itemType'])." Information (ID: ".$aItems[0][0][id].")&lt;/&gt;\n".
298 298 "&lt;hr&gt;\n".
299 299 "&lt;table width='95%'&gt;\n".
300 300 "&lt;tr&gt;\n".
301   - "&lt;td&gt;Filename: ".$aItems[0][0][filename]."&lt;/td&gt;\n".
  301 + "&lt;td&gt;Filename: ".str_replace('&','&amp;',htmlentities($aItems[0][0][filename],ENT_QUOTES, 'UTF-8'))."&lt;/td&gt;\n".
302 302 "&lt;td&gt;\n".
303 303 "&lt;/tr&gt;\n".
304 304 "&lt;tr&gt;\n".
... ... @@ -326,11 +326,11 @@ class KTrss{
326 326 foreach($aItems[1] as $item){
327 327 $feed .= "&lt;tr&gt;\n".
328 328 "&lt;td&gt;".$item[type]." name:&lt;/td&gt;\n".
329   - "&lt;td&gt;".$item[name]."&lt;/td&gt;\n".
  329 + "&lt;td&gt;".str_replace('&','&amp;',htmlentities($item[name],ENT_QUOTES, 'UTF-8'))."&lt;/td&gt;\n".
330 330 "&lt;/tr&gt;\n".
331 331 "&lt;tr&gt;\n".
332 332 "&lt;td&gt;Path:&lt;/td&gt;\n".
333   - "&lt;td&gt;".$item[fullpath]."&lt;/td&gt;\n".
  333 + "&lt;td&gt;".str_replace('&','&amp;',htmlentities($item[fullpath],ENT_QUOTES, 'UTF-8'))."&lt;/td&gt;\n".
334 334 "&lt;/tr&gt;\n".
335 335 "&lt;tr&gt;\n".
336 336 "&lt;td&gt;Transaction:&lt;/td&gt;\n".
... ... @@ -338,7 +338,7 @@ class KTrss{
338 338 "&lt;/tr&gt;\n".
339 339 "&lt;tr&gt;\n".
340 340 "&lt;td&gt;Comment:&lt;/td&gt;\n".
341   - "&lt;td&gt;".$item[comment]."&lt;/td&gt;\n".
  341 + "&lt;td&gt;".str_replace('&','&amp;',htmlentities($item[comment],ENT_QUOTES, 'UTF-8'))."&lt;/td&gt;\n".
342 342 "&lt;/tr&gt;\n".
343 343 "&lt;tr&gt;\n";if($item[version]){
344 344 $feed .= "&lt;td&gt;Version:&lt;/td&gt;\n".
... ... @@ -354,7 +354,7 @@ class KTrss{
354 354 "&lt;/tr&gt;\n".
355 355 "&lt;tr&gt;\n".
356 356 "&lt;td colspan='2'&gt;&lt;hr width='100' align='left'&gt;&lt;/td&gt;\n".
357   - "&lt;/tr&gt;\n";}
  357 + "&lt;/tr&gt;\n";}
358 358 $feed .= "&lt;/table&gt;\n".
359 359 "&lt;/td&gt;\n".
360 360 "&lt;/tr&gt;\n".
... ... @@ -364,10 +364,10 @@ class KTrss{
364 364 }
365 365 $feed .= "</channel>\n" .
366 366 "</rss>\n";
367   -
368   - return $feed;
  367 +
  368 + return $feed;
369 369 }
370   -
  370 +
371 371 // Takes in an array as a parameter and returns rss2.0 compatible xml
372 372 function errorToXML($sError){
373 373 // Build path to host
... ... @@ -394,21 +394,21 @@ class KTrss{
394 394 "</item>\n";
395 395 $feed .= "</channel>\n" .
396 396 "</rss>\n";
397   -
398   - return $feed;
  397 +
  398 + return $feed;
399 399 }
400   -
  400 +
401 401 // Delete feed function
402 402 function deleteFeed($iFeedId){
403 403 $res = DBUtil::autoDelete('plugin_rss', $iFeedId);
404 404 }
405   -
  405 +
406 406 // Get title for external feed
407 407 function getExternalFeedTitle($iFeedId){
408 408 $sQuery = "SELECT title FROM plugin_rss WHERE id = ?";
409 409 $aParams = array($iFeedId);
410 410 $sFeedTitle = DBUtil::getOneResultKey(array($sQuery, $aParams), 'title');
411   -
  411 +
412 412 if (PEAR::isError($sFeedTitle)) {
413 413 // XXX: log error
414 414 return false;
... ... @@ -417,13 +417,13 @@ class KTrss{
417 417 return $sFeedTitle;
418 418 }
419 419 }
420   -
  420 +
421 421 // Get url for external feed
422 422 function getExternalFeedUrl($iFeedId){
423 423 $sQuery = "SELECT url FROM plugin_rss WHERE id = ?";
424 424 $aParams = array($iFeedId);
425 425 $sFeedUrl = DBUtil::getOneResultKey(array($sQuery, $aParams), 'url');
426   -
  426 +
427 427 if (PEAR::isError($sFeedUrl)) {
428 428 // XXX: log error
429 429 return false;
... ... @@ -432,16 +432,16 @@ class KTrss{
432 432 return $sFeedUrl;
433 433 }
434 434 }
435   -
  435 +
436 436 // Update external feed data
437 437 function updateFeed($iFeedId, $sFeedTitle, $sFeedUrl){
438 438 $sQuery = "UPDATE plugin_rss SET title=?, url=? WHERE id=?";
439 439 $aParams = array($sFeedTitle, $sFeedUrl, $iFeedId);
440 440 $res = DBUtil::runQuery(array($sQuery, $aParams));
441   -
  441 +
442 442 return $res;
443 443 }
444   -
  444 +
445 445 // Create new external feed
446 446 function createFeed($sFeedTitle, $sFeedUrl, $iUserId){
447 447 $aParams = array(
... ... @@ -453,59 +453,59 @@ class KTrss{
453 453  
454 454 return $res;
455 455 }
456   -
  456 +
457 457 // Function to validate that a user has permissions for a specific document
458 458 function validateDocumentPermissions($iUserId, $iDocumentId){
459 459 // check if user id is in session. If not, set it
460 460 if(!isset($_SESSION["userID"])){
461   - $_SESSION['userID'] = $iUserId;
  461 + $_SESSION['userID'] = $iUserId;
462 462 }
463 463 // get document object
464 464 $oDocument =& Document::get($iDocumentId);
465 465 if (PEAR::isError($oDocument)) {
466 466 return false;
467 467 }
468   -
  468 +
469 469 // check permissions for document
470 470 if(Permission::userHasDocumentReadPermission($oDocument)){
471   - return true;
  471 + return true;
472 472 }else{
473 473 return false;
474 474 }
475 475 }
476   -
  476 +
477 477 // Function to validate that a user has permissions for a specific folder
478 478 function validateFolderPermissions($iUserId, $iFolderId){
479 479 // check if user id is in session. If not, set it
480 480 if(!isset($_SESSION["userID"])){
481   - $_SESSION['userID'] = $iUserId;
  481 + $_SESSION['userID'] = $iUserId;
482 482 }
483 483 // get folder object
484 484 $oFolder = Folder::get($iFolderId);
485 485 if (PEAR::isError($oFolder)) {
486 486 return false;
487 487 }
488   -
  488 +
489 489 // check permissions for folder
490 490 if(Permission::userHasFolderReadPermission($oFolder)){
491   - return true;
  491 + return true;
492 492 }else{
493 493 return false;
494 494 }
495 495 }
496   -
  496 +
497 497 // get icon link for rss
498 498 function getRssLinkIcon(){
499 499 // built server path
500 500 global $default;
501 501 $sHostPath = "http" . ($default->sslEnabled ? "s" : "") . "://".$_SERVER['HTTP_HOST']."/".$GLOBALS['KTRootUrl']."/";
502   -
  502 +
503 503 // create image
504 504 $icon = "<img src='".$sHostPath."resources/graphics/rss.gif' alt='RSS' border=0/>";
505   -
  505 +
506 506 return $icon;
507 507 }
508   -
  508 +
509 509 // get rss link for a document/folder
510 510 function getRssLink($iItemId, $sItemType){
511 511 $item = strToLower($sItemType);
... ... @@ -514,34 +514,34 @@ class KTrss{
514 514 }else if($item == 'document'){
515 515 $sItemParameter = '?docId';
516 516 }
517   -
  517 +
518 518 // built server path
519 519 global $default;
520 520 $sHostPath = "http" . ($default->sslEnabled ? "s" : "") . "://" . $_SERVER['HTTP_HOST'];
521   -
  521 +
522 522 // build link
523 523 $sLink = $sHostPath.KTBrowseUtil::buildBaseUrl('rss').$sItemParameter.'='.$iItemId;
524   -
  524 +
525 525 return $sLink;
526 526 }
527   -
  527 +
528 528 // get rss icon link
529 529 function getImageLink($iItemId, $sItemType){
530 530 return "<a href='".KTrss::getRssLink($iItemId, $sItemType)."' target='_blank'>".KTrss::getRssLinkIcon()."</a>";
531 531 }
532   -
  532 +
533 533 // get the mime type id for a document
534 534 function getDocumentMimeTypeId($iUserId, $iDocumentId){
535 535 if(!isset($_SESSION["userID"])){
536   - $_SESSION['userID'] = $iUserId;
  536 + $_SESSION['userID'] = $iUserId;
537 537 }
538 538 // get document object
539 539 $oDocument =& Document::get($iDocumentId);
540   -
  540 +
541 541 $docMime = $oDocument->getMimeTypeID();
542 542 return $docMime;
543 543 }
544   -
  544 +
545 545 // get mime information for a document
546 546 function getMimeTypeInfo($iUserId, $iDocumentId){
547 547 global $default;
... ... @@ -549,27 +549,27 @@ class KTrss{
549 549 $mimeinfo['typeName'] = KTMime::getMimeTypeName($mimeinfo['typeId']); // mime type name
550 550 $mimeinfo['typeFName'] = KTMime::getFriendlyNameForString($mimeinfo['typeName']); // mime type friendly name
551 551 $mimeinfo['typeIcon'] = "http" . ($default->sslEnabled ? "s" : "") . "://".$_SERVER['HTTP_HOST']."/".$GLOBALS['KTRootUrl']."/resources/mimetypes/".KTMime::getIconPath($mimeinfo['typeId']).".png"; //icon path
552   -
  552 +
553 553 return $mimeinfo;
554 554 }
555   -
  555 +
556 556 // get the default folder icon
557 557 function getFolderIcon(){
558 558 global $default;
559 559 return $mimeinfo['typeIcon'] = "http" . ($default->sslEnabled ? "s" : "") . "://".$_SERVER['HTTP_HOST']."/".$GLOBALS['KTRootUrl']."/thirdparty/icon-theme/16x16/mimetypes/x-directory-normal.png"; //icon path
560 560 }
561   -
  561 +
562 562 // get a document information
563 563 function getDocumentData($iUserId, $iDocumentId){
564 564 if(!isset($_SESSION["userID"])){
565   - $_SESSION['userID'] = $iUserId;
  565 + $_SESSION['userID'] = $iUserId;
566 566 }
567 567 // get document object
568 568 $oDocument =& Document::get($iDocumentId);
569   -
  569 +
570 570 $cv = $oDocument->getContentVersionId();
571 571 $mv = $oDocument->getMetadataVersionId();
572   -
  572 +
573 573 $sQuery = "SELECT dcv.document_id AS id, dmver.name AS name, dcv.filename AS filename, c.name AS author, o.name AS owner, dtl.name AS type, dwfs.name AS workflow_status " .
574 574 "FROM documents AS d LEFT JOIN document_content_version AS dcv ON d.id = dcv.document_id " .
575 575 "LEFT JOIN users AS o ON d.owner_id = o.id " .
... ... @@ -582,14 +582,14 @@ class KTrss{
582 582 "AND dmver.id = ? " .
583 583 "AND dcv.id = ? " .
584 584 "LIMIT 1";
585   -
  585 +
586 586 $aParams = array($iDocumentId, $mv, $cv);
587 587 $aDocumentData = DBUtil::getResultArray(array($sQuery, $aParams));
588 588 if($aDocumentData){
589 589 return $aDocumentData;
590 590 }
591 591 }
592   -
  592 +
593 593 // get a folder information
594 594 function getFolderData($iFolderId){
595 595 $sQuery = "SELECT f.id AS id, f.name AS name, f.name AS filename, c.name AS author, o.name AS owner, f.description AS description " .
... ... @@ -598,14 +598,14 @@ class KTrss{
598 598 "LEFT JOIN users AS c ON f.creator_id = c.id " .
599 599 "WHERE f.id = ? " .
600 600 "LIMIT 1";
601   -
  601 +
602 602 $aParams = array($iFolderId);
603 603 $aFolderData = DBUtil::getResultArray(array($sQuery, $aParams));
604 604 if($aFolderData){
605 605 return $aFolderData;
606 606 }
607 607 }
608   -
  608 +
609 609 // get a listing of the latest 3 transactions for a document
610 610 function getDocumentTransactions($iDocumentId){
611 611 $sQuery = "SELECT DT.datetime AS datetime, 'Document' AS type, DMV.name, D.full_path AS fullpath, DTT.name AS transaction_name, U.name AS user_name, DT.version AS version, DT.comment AS comment " .
... ... @@ -616,14 +616,14 @@ class KTrss{
616 616 "WHERE DT.document_id = ? " .
617 617 "ORDER BY DT.datetime DESC " .
618 618 "LIMIT 4";
619   -
  619 +
620 620 $aParams = array($iDocumentId);
621 621 $aDocumentTransactions = DBUtil::getResultArray(array($sQuery, $aParams));
622 622 if($aDocumentTransactions){
623 623 return $aDocumentTransactions;
624 624 }
625 625 }
626   -
  626 +
627 627 // Get a listing of the latest 3 transactions for a folder
628 628 function getFolderTransactions($iFolderId){
629 629 $sQuery = "SELECT FT.datetime AS datetime, 'Folder' AS type, F.name, F.full_path AS fullpath, DTT.name AS transaction_name, U.name AS user_name, FT.comment AS comment " .
... ... @@ -633,7 +633,7 @@ class KTrss{
633 633 "WHERE FT.folder_id = ? " .
634 634 "ORDER BY FT.datetime DESC " .
635 635 "LIMIT 4";
636   -
  636 +
637 637 $aParams = array($iFolderId);
638 638 $aFolderTransactions = DBUtil::getResultArray(array($sQuery, $aParams));
639 639 if($iFolderId){
... ...