Peter M. Groen / knowledgetree

Commit dda53eead84ea1f5fd0136d69ad95c617a84cd6a

Authored by conradverm
1 parent 00fecc34

KTS-2178 

"cross site scripting"
Updated.

Reviewed By: Kevin Fourie

git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@6923 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 1 changed file with 83 additions and 83 deletions
plugins/rssplugin/KTrss.inc.php
  View file @dda53ee
@@ -4,7 +4,7 @@ @@ -4,7 +4,7 @@
4 * License Version 1.1.2 ("License"); You may not use this file except in 4 * License Version 1.1.2 ("License"); You may not use this file except in
5 * compliance with the License. You may obtain a copy of the License at 5 * compliance with the License. You may obtain a copy of the License at
6 * http://www.knowledgetree.com/KPL 6 * http://www.knowledgetree.com/KPL
7 - * 7 + *
8 * Software distributed under the License is distributed on an "AS IS" 8 * Software distributed under the License is distributed on an "AS IS"
9 * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. 9 * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied.
10 * See the License for the specific language governing rights and 10 * See the License for the specific language governing rights and
@@ -15,9 +15,9 @@ @@ -15,9 +15,9 @@
15 * (ii) the KnowledgeTree copyright notice 15 * (ii) the KnowledgeTree copyright notice
16 * in the same form as they appear in the distribution. See the License for 16 * in the same form as they appear in the distribution. See the License for
17 * requirements. 17 * requirements.
18 - * 18 + *
19 * The Original Code is: KnowledgeTree Open Source 19 * The Original Code is: KnowledgeTree Open Source
20 - * 20 + *
21 * The Initial Developer of the Original Code is The Jam Warehouse Software 21 * The Initial Developer of the Original Code is The Jam Warehouse Software
22 * (Pty) Ltd, trading as KnowledgeTree. 22 * (Pty) Ltd, trading as KnowledgeTree.
23 * Portions created by The Jam Warehouse Software (Pty) Ltd are Copyright 23 * Portions created by The Jam Warehouse Software (Pty) Ltd are Copyright
@@ -52,7 +52,7 @@ class KTrss{ @@ -52,7 +52,7 @@ class KTrss{
52 $sQuery = "SELECT id, url, title FROM plugin_rss WHERE user_id = ?"; 52 $sQuery = "SELECT id, url, title FROM plugin_rss WHERE user_id = ?";
53 $aParams = array($iUserId); 53 $aParams = array($iUserId);
54 $aFeeds = DBUtil::getResultArray(array($sQuery, $aParams)); 54 $aFeeds = DBUtil::getResultArray(array($sQuery, $aParams));
55 - 55 +
56 if (PEAR::isError($aFeeds)) { 56 if (PEAR::isError($aFeeds)) {
57 // XXX: log error 57 // XXX: log error
58 return false; 58 return false;
@@ -61,7 +61,7 @@ class KTrss{ @@ -61,7 +61,7 @@ class KTrss{
61 return $aFeeds; 61 return $aFeeds;
62 } 62 }
63 } 63 }
64 - 64 +
65 // Gets full listing of data of documents and folders subscribed to 65 // Gets full listing of data of documents and folders subscribed to
66 function getInternalFeed($iUserId){ 66 function getInternalFeed($iUserId){
67 $documents=KTrss::getDocuments($iUserId); 67 $documents=KTrss::getDocuments($iUserId);
@@ -75,13 +75,13 @@ class KTrss{ @@ -75,13 +75,13 @@ class KTrss{
75 } 75 }
76 return $response; 76 return $response;
77 } 77 }
78 - 78 +
79 // Get list of document subscriptions 79 // Get list of document subscriptions
80 function getDocumentList($iUserId){ 80 function getDocumentList($iUserId){
81 $sQuery = "SELECT document_id as id FROM document_subscriptions WHERE user_id = ?"; 81 $sQuery = "SELECT document_id as id FROM document_subscriptions WHERE user_id = ?";
82 $aParams = array($iUserId); 82 $aParams = array($iUserId);
83 $aDocumentList = DBUtil::getResultArrayKey(array($sQuery, $aParams), 'id'); 83 $aDocumentList = DBUtil::getResultArrayKey(array($sQuery, $aParams), 'id');
84 - 84 +
85 if (PEAR::isError($aDocumentList)) { 85 if (PEAR::isError($aDocumentList)) {
86 // XXX: log error 86 // XXX: log error
87 return false; 87 return false;
@@ -90,13 +90,13 @@ class KTrss{ @@ -90,13 +90,13 @@ class KTrss{
90 return $aDocumentList; 90 return $aDocumentList;
91 } 91 }
92 } 92 }
93 - 93 +
94 // Get list of folder subscriptions 94 // Get list of folder subscriptions
95 function getFolderList($iUserId){ 95 function getFolderList($iUserId){
96 $sQuery = "SELECT folder_id as id, is_tree as tree FROM folder_subscriptions WHERE user_id = ?"; 96 $sQuery = "SELECT folder_id as id, is_tree as tree FROM folder_subscriptions WHERE user_id = ?";
97 $aParams = array($iUserId); 97 $aParams = array($iUserId);
98 $aFolderList = DBUtil::getResultArray(array($sQuery, $aParams)); 98 $aFolderList = DBUtil::getResultArray(array($sQuery, $aParams));
99 - 99 +
100 if (PEAR::isError($aFolderList)) { 100 if (PEAR::isError($aFolderList)) {
101 // XXX: log error 101 // XXX: log error
102 return false; 102 return false;
@@ -105,14 +105,14 @@ class KTrss{ @@ -105,14 +105,14 @@ class KTrss{
105 return $aFolderList; 105 return $aFolderList;
106 } 106 }
107 } 107 }
108 - 108 +
109 // Get data for all documents subscribed to 109 // Get data for all documents subscribed to
110 function getDocuments($iUserId){ 110 function getDocuments($iUserId){
111 $aDList = KTrss::getDocumentList($iUserId); 111 $aDList = KTrss::getDocumentList($iUserId);
112 if($aDList){ 112 if($aDList){
113 foreach($aDList as $document_id){ 113 foreach($aDList as $document_id){
114 $document = KTrss::getOneDocument($document_id, $iUserId); 114 $document = KTrss::getOneDocument($document_id, $iUserId);
115 - if($document){ 115 + if($document){
116 $aDocuments[] = $document; 116 $aDocuments[] = $document;
117 } 117 }
118 } 118 }
@@ -125,7 +125,7 @@ class KTrss{ @@ -125,7 +125,7 @@ class KTrss{
125 return $aDocuments; 125 return $aDocuments;
126 } 126 }
127 } 127 }
128 - 128 +
129 // Get data for all folders subscribed to 129 // Get data for all folders subscribed to
130 function getFolders($iUserId){ 130 function getFolders($iUserId){
131 $aFList = KTrss::getFolderList($iUserId); 131 $aFList = KTrss::getFolderList($iUserId);
@@ -139,7 +139,7 @@ class KTrss{ @@ -139,7 +139,7 @@ class KTrss{
139 } 139 }
140 } 140 }
141 } 141 }
142 - 142 +
143 if (PEAR::isError($aFolders)) { 143 if (PEAR::isError($aFolders)) {
144 // XXX: log error 144 // XXX: log error
145 return false; 145 return false;
@@ -148,13 +148,13 @@ class KTrss{ @@ -148,13 +148,13 @@ class KTrss{
148 return $aFolders; 148 return $aFolders;
149 } 149 }
150 } 150 }
151 - 151 +
152 function getChildrenFolderTransactions($iParentFolderId, $depth = '1'){ 152 function getChildrenFolderTransactions($iParentFolderId, $depth = '1'){
153 if($depth == '1'){ 153 if($depth == '1'){
154 $sQuery = "SELECT id from folders WHERE parent_folder_ids LIKE ?"; 154 $sQuery = "SELECT id from folders WHERE parent_folder_ids LIKE ?";
155 $aParams = array('%'.$iParentFolderId); 155 $aParams = array('%'.$iParentFolderId);
156 }//else 156 }//else
157 - 157 +
158 $aFolderList = DBUtil::getResultArray(array($sQuery, $aParams)); 158 $aFolderList = DBUtil::getResultArray(array($sQuery, $aParams));
159 if (PEAR::isError($aFolderList)) { 159 if (PEAR::isError($aFolderList)) {
160 // XXX: log error 160 // XXX: log error
@@ -162,7 +162,7 @@ class KTrss{ @@ -162,7 +162,7 @@ class KTrss{
162 } 162 }
163 if ($aFolderList) { 163 if ($aFolderList) {
164 foreach($aFolderList as $folderElement){ 164 foreach($aFolderList as $folderElement){
165 - $folder_id = $folderElement['id']; 165 + $folder_id = $folderElement['id'];
166 $aFolderTransactions = array_merge($aFolderTransactions, KTrss::getFolderTransactions($folder_id)); 166 $aFolderTransactions = array_merge($aFolderTransactions, KTrss::getFolderTransactions($folder_id));
167 } 167 }
168 } 168 }
@@ -170,13 +170,13 @@ class KTrss{ @@ -170,13 +170,13 @@ class KTrss{
170 return $aFolderTransactions; 170 return $aFolderTransactions;
171 } 171 }
172 } 172 }
173 - 173 +
174 function getChildrenDocumentTransactions($iParentFolderId, $depth = '1'){ 174 function getChildrenDocumentTransactions($iParentFolderId, $depth = '1'){
175 if($depth == '1'){ 175 if($depth == '1'){
176 $sQuery = "SELECT id from documents WHERE parent_folder_ids LIKE ? "; 176 $sQuery = "SELECT id from documents WHERE parent_folder_ids LIKE ? ";
177 $aParams = array('%'.$iParentFolderId); 177 $aParams = array('%'.$iParentFolderId);
178 }//else 178 }//else
179 - 179 +
180 $aDocumentList = DBUtil::getResultArray(array($sQuery, $aParams)); 180 $aDocumentList = DBUtil::getResultArray(array($sQuery, $aParams));
181 181
182 if (PEAR::isError($aDocumentList)) { 182 if (PEAR::isError($aDocumentList)) {
@@ -185,7 +185,7 @@ class KTrss{ @@ -185,7 +185,7 @@ class KTrss{
185 } 185 }
186 if ($aDocumentList) { 186 if ($aDocumentList) {
187 foreach($aDocumentList as $documentElement){ 187 foreach($aDocumentList as $documentElement){
188 - $document_id = $documentElement['id']; 188 + $document_id = $documentElement['id'];
189 $aDocumentTransactions = array_merge($aDocumentTransactions, KTrss::getDocumentTransactions($document_id)); 189 $aDocumentTransactions = array_merge($aDocumentTransactions, KTrss::getDocumentTransactions($document_id));
190 } 190 }
191 } 191 }
@@ -193,19 +193,19 @@ class KTrss{ @@ -193,19 +193,19 @@ class KTrss{
193 return $aDocumentTransactions; 193 return $aDocumentTransactions;
194 } 194 }
195 } 195 }
196 - 196 +
197 // get information on document 197 // get information on document
198 function getOneDocument($iDocumentId, $iUserId){ 198 function getOneDocument($iDocumentId, $iUserId){
199 $aDData = KTrss::getDocumentData($iUserId, $iDocumentId); 199 $aDData = KTrss::getDocumentData($iUserId, $iDocumentId);
200 $aDTransactions = KTrss::getDocumentTransactions($iDocumentId); 200 $aDTransactions = KTrss::getDocumentTransactions($iDocumentId);
201 if($aDData){ 201 if($aDData){
202 $aDData['itemType'] = 'document'; 202 $aDData['itemType'] = 'document';
203 - 203 +
204 // create mime info 204 // create mime info
205 $aMimeInfo = KTrss::getMimeTypeInfo($iUserId, $iDocumentId); 205 $aMimeInfo = KTrss::getMimeTypeInfo($iUserId, $iDocumentId);
206 $aDData['mimeTypeFName'] = $aMimeInfo['typeFName']; 206 $aDData['mimeTypeFName'] = $aMimeInfo['typeFName'];
207 $aDData['mimeTypeIcon'] = $aMimeInfo['typeIcon']; 207 $aDData['mimeTypeIcon'] = $aMimeInfo['typeIcon'];
208 - 208 +
209 $aDocument[] = $aDData; 209 $aDocument[] = $aDData;
210 $aDocument[] = $aDTransactions; 210 $aDocument[] = $aDTransactions;
211 } 211 }
@@ -216,33 +216,33 @@ class KTrss{ @@ -216,33 +216,33 @@ class KTrss{
216 return $aDocument; 216 return $aDocument;
217 } 217 }
218 } 218 }
219 - 219 +
220 // get information for folder 220 // get information for folder
221 function getOneFolder($iFolderId){ 221 function getOneFolder($iFolderId){
222 $aFData = KTrss::getFolderData($iFolderId); 222 $aFData = KTrss::getFolderData($iFolderId);
223 $aFTransactions = array_merge(KTrss::getChildrenFolderTransactions($iFolderId), KTrss::getFolderTransactions($iFolderId)); 223 $aFTransactions = array_merge(KTrss::getChildrenFolderTransactions($iFolderId), KTrss::getFolderTransactions($iFolderId));
224 $aFTransactions = array_merge($aFTransactions, KTrss::getChildrenDocumentTransactions($iFolderId)); 224 $aFTransactions = array_merge($aFTransactions, KTrss::getChildrenDocumentTransactions($iFolderId));
225 - 225 +
226 $code = 'if (strtotime($a[datetime]) == strtotime($b[datetime])){ 226 $code = 'if (strtotime($a[datetime]) == strtotime($b[datetime])){
227 return 0; 227 return 0;
228 } 228 }
229 return (strtotime($a[datetime]) > strtotime($b[datetime])) ? -1 : 1;'; 229 return (strtotime($a[datetime]) > strtotime($b[datetime])) ? -1 : 1;';
230 - 230 +
231 $compare = create_function('$a,$b', $code); 231 $compare = create_function('$a,$b', $code);
232 - 232 +
233 usort($aFTransactions, $compare); 233 usort($aFTransactions, $compare);
234 for($i=0; $i<4; $i++){ 234 for($i=0; $i<4; $i++){
235 $aFTransactions_new[] = $aFTransactions[$i]; 235 $aFTransactions_new[] = $aFTransactions[$i];
236 } 236 }
237 $aFTransactions = $aFTransactions_new; 237 $aFTransactions = $aFTransactions_new;
238 - 238 +
239 if($aFData){ 239 if($aFData){
240 $aFData['itemType'] = 'folder'; 240 $aFData['itemType'] = 'folder';
241 - 241 +
242 // create mime info 242 // create mime info
243 $aFData['mimeTypeFName'] = 'Folder'; 243 $aFData['mimeTypeFName'] = 'Folder';
244 $aFData['mimeTypeIcon'] = KTrss::getFolderIcon(); 244 $aFData['mimeTypeIcon'] = KTrss::getFolderIcon();
245 - 245 +
246 $aFolder[] = $aFData; 246 $aFolder[] = $aFData;
247 $aFolder[] = $aFTransactions; 247 $aFolder[] = $aFTransactions;
248 $aFolderBox[] = $aFolder; 248 $aFolderBox[] = $aFolder;
@@ -254,7 +254,7 @@ class KTrss{ @@ -254,7 +254,7 @@ class KTrss{
254 return $aFolder; 254 return $aFolder;
255 } 255 }
256 } 256 }
257 - 257 +
258 // Takes in an array as a parameter and returns rss2.0 compatible xml 258 // Takes in an array as a parameter and returns rss2.0 compatible xml
259 function arrayToXML($aItems){ 259 function arrayToXML($aItems){
260 // Build path to host 260 // Build path to host
@@ -282,7 +282,7 @@ class KTrss{ @@ -282,7 +282,7 @@ class KTrss{
282 $sTypeSelect = 'document.transactionhistory&amp;fDocumentId'; 282 $sTypeSelect = 'document.transactionhistory&amp;fDocumentId';
283 } 283 }
284 $feed .= "<item>\n" . 284 $feed .= "<item>\n" .
285 - "<title>".$aItems[0][0][name]."</title>\n" . 285 + "<title>".htmlentities($aItems[0][0][name],ENT_QUOTES, 'UTF-8')."</title>\n" .
286 "<link>".$hostPath."action.php?kt_path_info=ktcore.actions.".$sTypeSelect."=".$aItems[0][0]['id']."</link>\n" . 286 "<link>".$hostPath."action.php?kt_path_info=ktcore.actions.".$sTypeSelect."=".$aItems[0][0]['id']."</link>\n" .
287 "<description>\n" . 287 "<description>\n" .
288 "&lt;table border='0' width='90%'&gt;\n". 288 "&lt;table border='0' width='90%'&gt;\n".
@@ -291,14 +291,14 @@ class KTrss{ @@ -291,14 +291,14 @@ class KTrss{
291 "&lt;a href='".$hostPath."action.php?kt_path_info=ktcore.actions.".$sTypeSelect."=".$aItems[0][0][id]."' &gt;&lt;img src='".$aItems[0][mimeTypeIcon]."' align='left' height='16px' width='16px' alt='' border='0' /&gt;&lt;/a&gt;" . 291 "&lt;a href='".$hostPath."action.php?kt_path_info=ktcore.actions.".$sTypeSelect."=".$aItems[0][0][id]."' &gt;&lt;img src='".$aItems[0][mimeTypeIcon]."' align='left' height='16px' width='16px' alt='' border='0' /&gt;&lt;/a&gt;" .
292 "&lt;/td&gt;\n". 292 "&lt;/td&gt;\n".
293 "&lt;td align='left'&gt; ".$aItems[0][mimeTypeFName]."&lt;/td&gt;\n". 293 "&lt;td align='left'&gt; ".$aItems[0][mimeTypeFName]."&lt;/td&gt;\n".
294 - "&lt;/tr&gt;\n". 294 + "&lt;/tr&gt;\n".
295 "&lt;tr&gt;\n". 295 "&lt;tr&gt;\n".
296 "&lt;td colspan='2'&gt;\n". 296 "&lt;td colspan='2'&gt;\n".
297 ucfirst($aItems[0]['itemType'])." Information (ID: ".$aItems[0][0][id].")&lt;/&gt;\n". 297 ucfirst($aItems[0]['itemType'])." Information (ID: ".$aItems[0][0][id].")&lt;/&gt;\n".
298 "&lt;hr&gt;\n". 298 "&lt;hr&gt;\n".
299 "&lt;table width='95%'&gt;\n". 299 "&lt;table width='95%'&gt;\n".
300 "&lt;tr&gt;\n". 300 "&lt;tr&gt;\n".
301 - "&lt;td&gt;Filename: ".$aItems[0][0][filename]."&lt;/td&gt;\n". 301 + "&lt;td&gt;Filename: ".str_replace('&','&amp;',htmlentities($aItems[0][0][filename],ENT_QUOTES, 'UTF-8'))."&lt;/td&gt;\n".
302 "&lt;td&gt;\n". 302 "&lt;td&gt;\n".
303 "&lt;/tr&gt;\n". 303 "&lt;/tr&gt;\n".
304 "&lt;tr&gt;\n". 304 "&lt;tr&gt;\n".
@@ -326,11 +326,11 @@ class KTrss{ @@ -326,11 +326,11 @@ class KTrss{
326 foreach($aItems[1] as $item){ 326 foreach($aItems[1] as $item){
327 $feed .= "&lt;tr&gt;\n". 327 $feed .= "&lt;tr&gt;\n".
328 "&lt;td&gt;".$item[type]." name:&lt;/td&gt;\n". 328 "&lt;td&gt;".$item[type]." name:&lt;/td&gt;\n".
329 - "&lt;td&gt;".$item[name]."&lt;/td&gt;\n". 329 + "&lt;td&gt;".str_replace('&','&amp;',htmlentities($item[name],ENT_QUOTES, 'UTF-8'))."&lt;/td&gt;\n".
330 "&lt;/tr&gt;\n". 330 "&lt;/tr&gt;\n".
331 "&lt;tr&gt;\n". 331 "&lt;tr&gt;\n".
332 "&lt;td&gt;Path:&lt;/td&gt;\n". 332 "&lt;td&gt;Path:&lt;/td&gt;\n".
333 - "&lt;td&gt;".$item[fullpath]."&lt;/td&gt;\n". 333 + "&lt;td&gt;".str_replace('&','&amp;',htmlentities($item[fullpath],ENT_QUOTES, 'UTF-8'))."&lt;/td&gt;\n".
334 "&lt;/tr&gt;\n". 334 "&lt;/tr&gt;\n".
335 "&lt;tr&gt;\n". 335 "&lt;tr&gt;\n".
336 "&lt;td&gt;Transaction:&lt;/td&gt;\n". 336 "&lt;td&gt;Transaction:&lt;/td&gt;\n".
@@ -338,7 +338,7 @@ class KTrss{ @@ -338,7 +338,7 @@ class KTrss{
338 "&lt;/tr&gt;\n". 338 "&lt;/tr&gt;\n".
339 "&lt;tr&gt;\n". 339 "&lt;tr&gt;\n".
340 "&lt;td&gt;Comment:&lt;/td&gt;\n". 340 "&lt;td&gt;Comment:&lt;/td&gt;\n".
341 - "&lt;td&gt;".$item[comment]."&lt;/td&gt;\n". 341 + "&lt;td&gt;".str_replace('&','&amp;',htmlentities($item[comment],ENT_QUOTES, 'UTF-8'))."&lt;/td&gt;\n".
342 "&lt;/tr&gt;\n". 342 "&lt;/tr&gt;\n".
343 "&lt;tr&gt;\n";if($item[version]){ 343 "&lt;tr&gt;\n";if($item[version]){
344 $feed .= "&lt;td&gt;Version:&lt;/td&gt;\n". 344 $feed .= "&lt;td&gt;Version:&lt;/td&gt;\n".
@@ -354,7 +354,7 @@ class KTrss{ @@ -354,7 +354,7 @@ class KTrss{
354 "&lt;/tr&gt;\n". 354 "&lt;/tr&gt;\n".
355 "&lt;tr&gt;\n". 355 "&lt;tr&gt;\n".
356 "&lt;td colspan='2'&gt;&lt;hr width='100' align='left'&gt;&lt;/td&gt;\n". 356 "&lt;td colspan='2'&gt;&lt;hr width='100' align='left'&gt;&lt;/td&gt;\n".
357 - "&lt;/tr&gt;\n";} 357 + "&lt;/tr&gt;\n";}
358 $feed .= "&lt;/table&gt;\n". 358 $feed .= "&lt;/table&gt;\n".
359 "&lt;/td&gt;\n". 359 "&lt;/td&gt;\n".
360 "&lt;/tr&gt;\n". 360 "&lt;/tr&gt;\n".
@@ -364,10 +364,10 @@ class KTrss{ @@ -364,10 +364,10 @@ class KTrss{
364 } 364 }
365 $feed .= "</channel>\n" . 365 $feed .= "</channel>\n" .
366 "</rss>\n"; 366 "</rss>\n";
367 -  
368 - return $feed; 367 +
  368 + return $feed;
369 } 369 }
370 - 370 +
371 // Takes in an array as a parameter and returns rss2.0 compatible xml 371 // Takes in an array as a parameter and returns rss2.0 compatible xml
372 function errorToXML($sError){ 372 function errorToXML($sError){
373 // Build path to host 373 // Build path to host
@@ -394,21 +394,21 @@ class KTrss{ @@ -394,21 +394,21 @@ class KTrss{
394 "</item>\n"; 394 "</item>\n";
395 $feed .= "</channel>\n" . 395 $feed .= "</channel>\n" .
396 "</rss>\n"; 396 "</rss>\n";
397 -  
398 - return $feed; 397 +
  398 + return $feed;
399 } 399 }
400 - 400 +
401 // Delete feed function 401 // Delete feed function
402 function deleteFeed($iFeedId){ 402 function deleteFeed($iFeedId){
403 $res = DBUtil::autoDelete('plugin_rss', $iFeedId); 403 $res = DBUtil::autoDelete('plugin_rss', $iFeedId);
404 } 404 }
405 - 405 +
406 // Get title for external feed 406 // Get title for external feed
407 function getExternalFeedTitle($iFeedId){ 407 function getExternalFeedTitle($iFeedId){
408 $sQuery = "SELECT title FROM plugin_rss WHERE id = ?"; 408 $sQuery = "SELECT title FROM plugin_rss WHERE id = ?";
409 $aParams = array($iFeedId); 409 $aParams = array($iFeedId);
410 $sFeedTitle = DBUtil::getOneResultKey(array($sQuery, $aParams), 'title'); 410 $sFeedTitle = DBUtil::getOneResultKey(array($sQuery, $aParams), 'title');
411 - 411 +
412 if (PEAR::isError($sFeedTitle)) { 412 if (PEAR::isError($sFeedTitle)) {
413 // XXX: log error 413 // XXX: log error
414 return false; 414 return false;
@@ -417,13 +417,13 @@ class KTrss{ @@ -417,13 +417,13 @@ class KTrss{
417 return $sFeedTitle; 417 return $sFeedTitle;
418 } 418 }
419 } 419 }
420 - 420 +
421 // Get url for external feed 421 // Get url for external feed
422 function getExternalFeedUrl($iFeedId){ 422 function getExternalFeedUrl($iFeedId){
423 $sQuery = "SELECT url FROM plugin_rss WHERE id = ?"; 423 $sQuery = "SELECT url FROM plugin_rss WHERE id = ?";
424 $aParams = array($iFeedId); 424 $aParams = array($iFeedId);
425 $sFeedUrl = DBUtil::getOneResultKey(array($sQuery, $aParams), 'url'); 425 $sFeedUrl = DBUtil::getOneResultKey(array($sQuery, $aParams), 'url');
426 - 426 +
427 if (PEAR::isError($sFeedUrl)) { 427 if (PEAR::isError($sFeedUrl)) {
428 // XXX: log error 428 // XXX: log error
429 return false; 429 return false;
@@ -432,16 +432,16 @@ class KTrss{ @@ -432,16 +432,16 @@ class KTrss{
432 return $sFeedUrl; 432 return $sFeedUrl;
433 } 433 }
434 } 434 }
435 - 435 +
436 // Update external feed data 436 // Update external feed data
437 function updateFeed($iFeedId, $sFeedTitle, $sFeedUrl){ 437 function updateFeed($iFeedId, $sFeedTitle, $sFeedUrl){
438 $sQuery = "UPDATE plugin_rss SET title=?, url=? WHERE id=?"; 438 $sQuery = "UPDATE plugin_rss SET title=?, url=? WHERE id=?";
439 $aParams = array($sFeedTitle, $sFeedUrl, $iFeedId); 439 $aParams = array($sFeedTitle, $sFeedUrl, $iFeedId);
440 $res = DBUtil::runQuery(array($sQuery, $aParams)); 440 $res = DBUtil::runQuery(array($sQuery, $aParams));
441 - 441 +
442 return $res; 442 return $res;
443 } 443 }
444 - 444 +
445 // Create new external feed 445 // Create new external feed
446 function createFeed($sFeedTitle, $sFeedUrl, $iUserId){ 446 function createFeed($sFeedTitle, $sFeedUrl, $iUserId){
447 $aParams = array( 447 $aParams = array(
@@ -453,59 +453,59 @@ class KTrss{ @@ -453,59 +453,59 @@ class KTrss{
453 453
454 return $res; 454 return $res;
455 } 455 }
456 - 456 +
457 // Function to validate that a user has permissions for a specific document 457 // Function to validate that a user has permissions for a specific document
458 function validateDocumentPermissions($iUserId, $iDocumentId){ 458 function validateDocumentPermissions($iUserId, $iDocumentId){
459 // check if user id is in session. If not, set it 459 // check if user id is in session. If not, set it
460 if(!isset($_SESSION["userID"])){ 460 if(!isset($_SESSION["userID"])){
461 - $_SESSION['userID'] = $iUserId; 461 + $_SESSION['userID'] = $iUserId;
462 } 462 }
463 // get document object 463 // get document object
464 $oDocument =& Document::get($iDocumentId); 464 $oDocument =& Document::get($iDocumentId);
465 if (PEAR::isError($oDocument)) { 465 if (PEAR::isError($oDocument)) {
466 return false; 466 return false;
467 } 467 }
468 - 468 +
469 // check permissions for document 469 // check permissions for document
470 if(Permission::userHasDocumentReadPermission($oDocument)){ 470 if(Permission::userHasDocumentReadPermission($oDocument)){
471 - return true; 471 + return true;
472 }else{ 472 }else{
473 return false; 473 return false;
474 } 474 }
475 } 475 }
476 - 476 +
477 // Function to validate that a user has permissions for a specific folder 477 // Function to validate that a user has permissions for a specific folder
478 function validateFolderPermissions($iUserId, $iFolderId){ 478 function validateFolderPermissions($iUserId, $iFolderId){
479 // check if user id is in session. If not, set it 479 // check if user id is in session. If not, set it
480 if(!isset($_SESSION["userID"])){ 480 if(!isset($_SESSION["userID"])){
481 - $_SESSION['userID'] = $iUserId; 481 + $_SESSION['userID'] = $iUserId;
482 } 482 }
483 // get folder object 483 // get folder object
484 $oFolder = Folder::get($iFolderId); 484 $oFolder = Folder::get($iFolderId);
485 if (PEAR::isError($oFolder)) { 485 if (PEAR::isError($oFolder)) {
486 return false; 486 return false;
487 } 487 }
488 - 488 +
489 // check permissions for folder 489 // check permissions for folder
490 if(Permission::userHasFolderReadPermission($oFolder)){ 490 if(Permission::userHasFolderReadPermission($oFolder)){
491 - return true; 491 + return true;
492 }else{ 492 }else{
493 return false; 493 return false;
494 } 494 }
495 } 495 }
496 - 496 +
497 // get icon link for rss 497 // get icon link for rss
498 function getRssLinkIcon(){ 498 function getRssLinkIcon(){
499 // built server path 499 // built server path
500 global $default; 500 global $default;
501 $sHostPath = "http" . ($default->sslEnabled ? "s" : "") . "://".$_SERVER['HTTP_HOST']."/".$GLOBALS['KTRootUrl']."/"; 501 $sHostPath = "http" . ($default->sslEnabled ? "s" : "") . "://".$_SERVER['HTTP_HOST']."/".$GLOBALS['KTRootUrl']."/";
502 - 502 +
503 // create image 503 // create image
504 $icon = "<img src='".$sHostPath."resources/graphics/rss.gif' alt='RSS' border=0/>"; 504 $icon = "<img src='".$sHostPath."resources/graphics/rss.gif' alt='RSS' border=0/>";
505 - 505 +
506 return $icon; 506 return $icon;
507 } 507 }
508 - 508 +
509 // get rss link for a document/folder 509 // get rss link for a document/folder
510 function getRssLink($iItemId, $sItemType){ 510 function getRssLink($iItemId, $sItemType){
511 $item = strToLower($sItemType); 511 $item = strToLower($sItemType);
@@ -514,34 +514,34 @@ class KTrss{ @@ -514,34 +514,34 @@ class KTrss{
514 }else if($item == 'document'){ 514 }else if($item == 'document'){
515 $sItemParameter = '?docId'; 515 $sItemParameter = '?docId';
516 } 516 }
517 - 517 +
518 // built server path 518 // built server path
519 global $default; 519 global $default;
520 $sHostPath = "http" . ($default->sslEnabled ? "s" : "") . "://" . $_SERVER['HTTP_HOST']; 520 $sHostPath = "http" . ($default->sslEnabled ? "s" : "") . "://" . $_SERVER['HTTP_HOST'];
521 - 521 +
522 // build link 522 // build link
523 $sLink = $sHostPath.KTBrowseUtil::buildBaseUrl('rss').$sItemParameter.'='.$iItemId; 523 $sLink = $sHostPath.KTBrowseUtil::buildBaseUrl('rss').$sItemParameter.'='.$iItemId;
524 - 524 +
525 return $sLink; 525 return $sLink;
526 } 526 }
527 - 527 +
528 // get rss icon link 528 // get rss icon link
529 function getImageLink($iItemId, $sItemType){ 529 function getImageLink($iItemId, $sItemType){
530 return "<a href='".KTrss::getRssLink($iItemId, $sItemType)."' target='_blank'>".KTrss::getRssLinkIcon()."</a>"; 530 return "<a href='".KTrss::getRssLink($iItemId, $sItemType)."' target='_blank'>".KTrss::getRssLinkIcon()."</a>";
531 } 531 }
532 - 532 +
533 // get the mime type id for a document 533 // get the mime type id for a document
534 function getDocumentMimeTypeId($iUserId, $iDocumentId){ 534 function getDocumentMimeTypeId($iUserId, $iDocumentId){
535 if(!isset($_SESSION["userID"])){ 535 if(!isset($_SESSION["userID"])){
536 - $_SESSION['userID'] = $iUserId; 536 + $_SESSION['userID'] = $iUserId;
537 } 537 }
538 // get document object 538 // get document object
539 $oDocument =& Document::get($iDocumentId); 539 $oDocument =& Document::get($iDocumentId);
540 - 540 +
541 $docMime = $oDocument->getMimeTypeID(); 541 $docMime = $oDocument->getMimeTypeID();
542 return $docMime; 542 return $docMime;
543 } 543 }
544 - 544 +
545 // get mime information for a document 545 // get mime information for a document
546 function getMimeTypeInfo($iUserId, $iDocumentId){ 546 function getMimeTypeInfo($iUserId, $iDocumentId){
547 global $default; 547 global $default;
@@ -549,27 +549,27 @@ class KTrss{ @@ -549,27 +549,27 @@ class KTrss{
549 $mimeinfo['typeName'] = KTMime::getMimeTypeName($mimeinfo['typeId']); // mime type name 549 $mimeinfo['typeName'] = KTMime::getMimeTypeName($mimeinfo['typeId']); // mime type name
550 $mimeinfo['typeFName'] = KTMime::getFriendlyNameForString($mimeinfo['typeName']); // mime type friendly name 550 $mimeinfo['typeFName'] = KTMime::getFriendlyNameForString($mimeinfo['typeName']); // mime type friendly name
551 $mimeinfo['typeIcon'] = "http" . ($default->sslEnabled ? "s" : "") . "://".$_SERVER['HTTP_HOST']."/".$GLOBALS['KTRootUrl']."/resources/mimetypes/".KTMime::getIconPath($mimeinfo['typeId']).".png"; //icon path 551 $mimeinfo['typeIcon'] = "http" . ($default->sslEnabled ? "s" : "") . "://".$_SERVER['HTTP_HOST']."/".$GLOBALS['KTRootUrl']."/resources/mimetypes/".KTMime::getIconPath($mimeinfo['typeId']).".png"; //icon path
552 - 552 +
553 return $mimeinfo; 553 return $mimeinfo;
554 } 554 }
555 - 555 +
556 // get the default folder icon 556 // get the default folder icon
557 function getFolderIcon(){ 557 function getFolderIcon(){
558 global $default; 558 global $default;
559 return $mimeinfo['typeIcon'] = "http" . ($default->sslEnabled ? "s" : "") . "://".$_SERVER['HTTP_HOST']."/".$GLOBALS['KTRootUrl']."/thirdparty/icon-theme/16x16/mimetypes/x-directory-normal.png"; //icon path 559 return $mimeinfo['typeIcon'] = "http" . ($default->sslEnabled ? "s" : "") . "://".$_SERVER['HTTP_HOST']."/".$GLOBALS['KTRootUrl']."/thirdparty/icon-theme/16x16/mimetypes/x-directory-normal.png"; //icon path
560 } 560 }
561 - 561 +
562 // get a document information 562 // get a document information
563 function getDocumentData($iUserId, $iDocumentId){ 563 function getDocumentData($iUserId, $iDocumentId){
564 if(!isset($_SESSION["userID"])){ 564 if(!isset($_SESSION["userID"])){
565 - $_SESSION['userID'] = $iUserId; 565 + $_SESSION['userID'] = $iUserId;
566 } 566 }
567 // get document object 567 // get document object
568 $oDocument =& Document::get($iDocumentId); 568 $oDocument =& Document::get($iDocumentId);
569 - 569 +
570 $cv = $oDocument->getContentVersionId(); 570 $cv = $oDocument->getContentVersionId();
571 $mv = $oDocument->getMetadataVersionId(); 571 $mv = $oDocument->getMetadataVersionId();
572 - 572 +
573 $sQuery = "SELECT dcv.document_id AS id, dmver.name AS name, dcv.filename AS filename, c.name AS author, o.name AS owner, dtl.name AS type, dwfs.name AS workflow_status " . 573 $sQuery = "SELECT dcv.document_id AS id, dmver.name AS name, dcv.filename AS filename, c.name AS author, o.name AS owner, dtl.name AS type, dwfs.name AS workflow_status " .
574 "FROM documents AS d LEFT JOIN document_content_version AS dcv ON d.id = dcv.document_id " . 574 "FROM documents AS d LEFT JOIN document_content_version AS dcv ON d.id = dcv.document_id " .
575 "LEFT JOIN users AS o ON d.owner_id = o.id " . 575 "LEFT JOIN users AS o ON d.owner_id = o.id " .
@@ -582,14 +582,14 @@ class KTrss{ @@ -582,14 +582,14 @@ class KTrss{
582 "AND dmver.id = ? " . 582 "AND dmver.id = ? " .
583 "AND dcv.id = ? " . 583 "AND dcv.id = ? " .
584 "LIMIT 1"; 584 "LIMIT 1";
585 - 585 +
586 $aParams = array($iDocumentId, $mv, $cv); 586 $aParams = array($iDocumentId, $mv, $cv);
587 $aDocumentData = DBUtil::getResultArray(array($sQuery, $aParams)); 587 $aDocumentData = DBUtil::getResultArray(array($sQuery, $aParams));
588 if($aDocumentData){ 588 if($aDocumentData){
589 return $aDocumentData; 589 return $aDocumentData;
590 } 590 }
591 } 591 }
592 - 592 +
593 // get a folder information 593 // get a folder information
594 function getFolderData($iFolderId){ 594 function getFolderData($iFolderId){
595 $sQuery = "SELECT f.id AS id, f.name AS name, f.name AS filename, c.name AS author, o.name AS owner, f.description AS description " . 595 $sQuery = "SELECT f.id AS id, f.name AS name, f.name AS filename, c.name AS author, o.name AS owner, f.description AS description " .
@@ -598,14 +598,14 @@ class KTrss{ @@ -598,14 +598,14 @@ class KTrss{
598 "LEFT JOIN users AS c ON f.creator_id = c.id " . 598 "LEFT JOIN users AS c ON f.creator_id = c.id " .
599 "WHERE f.id = ? " . 599 "WHERE f.id = ? " .
600 "LIMIT 1"; 600 "LIMIT 1";
601 - 601 +
602 $aParams = array($iFolderId); 602 $aParams = array($iFolderId);
603 $aFolderData = DBUtil::getResultArray(array($sQuery, $aParams)); 603 $aFolderData = DBUtil::getResultArray(array($sQuery, $aParams));
604 if($aFolderData){ 604 if($aFolderData){
605 return $aFolderData; 605 return $aFolderData;
606 } 606 }
607 } 607 }
608 - 608 +
609 // get a listing of the latest 3 transactions for a document 609 // get a listing of the latest 3 transactions for a document
610 function getDocumentTransactions($iDocumentId){ 610 function getDocumentTransactions($iDocumentId){
611 $sQuery = "SELECT DT.datetime AS datetime, 'Document' AS type, DMV.name, D.full_path AS fullpath, DTT.name AS transaction_name, U.name AS user_name, DT.version AS version, DT.comment AS comment " . 611 $sQuery = "SELECT DT.datetime AS datetime, 'Document' AS type, DMV.name, D.full_path AS fullpath, DTT.name AS transaction_name, U.name AS user_name, DT.version AS version, DT.comment AS comment " .
@@ -616,14 +616,14 @@ class KTrss{ @@ -616,14 +616,14 @@ class KTrss{
616 "WHERE DT.document_id = ? " . 616 "WHERE DT.document_id = ? " .
617 "ORDER BY DT.datetime DESC " . 617 "ORDER BY DT.datetime DESC " .
618 "LIMIT 4"; 618 "LIMIT 4";
619 - 619 +
620 $aParams = array($iDocumentId); 620 $aParams = array($iDocumentId);
621 $aDocumentTransactions = DBUtil::getResultArray(array($sQuery, $aParams)); 621 $aDocumentTransactions = DBUtil::getResultArray(array($sQuery, $aParams));
622 if($aDocumentTransactions){ 622 if($aDocumentTransactions){
623 return $aDocumentTransactions; 623 return $aDocumentTransactions;
624 } 624 }
625 } 625 }
626 - 626 +
627 // Get a listing of the latest 3 transactions for a folder 627 // Get a listing of the latest 3 transactions for a folder
628 function getFolderTransactions($iFolderId){ 628 function getFolderTransactions($iFolderId){
629 $sQuery = "SELECT FT.datetime AS datetime, 'Folder' AS type, F.name, F.full_path AS fullpath, DTT.name AS transaction_name, U.name AS user_name, FT.comment AS comment " . 629 $sQuery = "SELECT FT.datetime AS datetime, 'Folder' AS type, F.name, F.full_path AS fullpath, DTT.name AS transaction_name, U.name AS user_name, FT.comment AS comment " .
@@ -633,7 +633,7 @@ class KTrss{ @@ -633,7 +633,7 @@ class KTrss{
633 "WHERE FT.folder_id = ? " . 633 "WHERE FT.folder_id = ? " .
634 "ORDER BY FT.datetime DESC " . 634 "ORDER BY FT.datetime DESC " .
635 "LIMIT 4"; 635 "LIMIT 4";
636 - 636 +
637 $aParams = array($iFolderId); 637 $aParams = array($iFolderId);
638 $aFolderTransactions = DBUtil::getResultArray(array($sQuery, $aParams)); 638 $aFolderTransactions = DBUtil::getResultArray(array($sQuery, $aParams));
639 if($iFolderId){ 639 if($iFolderId){