Commit e4e9e0f6f754f70f98abfd014dcf2945bba7962c
1 parent
61e001ac
KTS-2178
"cross site scripting" Implemented. Reviewed By: Kevin Fourie git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@7007 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
1 changed file
with
12 additions
and
12 deletions
rss.php
| 1 | 1 | <?php |
| 2 | 2 | /** |
| 3 | 3 | * $Id$ |
| 4 | - * | |
| 4 | + * | |
| 5 | 5 | * The contents of this file are subject to the KnowledgeTree Public |
| 6 | 6 | * License Version 1.1.2 ("License"); You may not use this file except in |
| 7 | 7 | * compliance with the License. You may obtain a copy of the License at |
| 8 | 8 | * http://www.knowledgetree.com/KPL |
| 9 | - * | |
| 9 | + * | |
| 10 | 10 | * Software distributed under the License is distributed on an "AS IS" |
| 11 | 11 | * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. |
| 12 | 12 | * See the License for the specific language governing rights and |
| ... | ... | @@ -17,9 +17,9 @@ |
| 17 | 17 | * (ii) the KnowledgeTree copyright notice |
| 18 | 18 | * in the same form as they appear in the distribution. See the License for |
| 19 | 19 | * requirements. |
| 20 | - * | |
| 20 | + * | |
| 21 | 21 | * The Original Code is: KnowledgeTree Open Source |
| 22 | - * | |
| 22 | + * | |
| 23 | 23 | * The Initial Developer of the Original Code is The Jam Warehouse Software |
| 24 | 24 | * (Pty) Ltd, trading as KnowledgeTree. |
| 25 | 25 | * Portions created by The Jam Warehouse Software (Pty) Ltd are Copyright |
| ... | ... | @@ -67,23 +67,23 @@ if (!validateUser($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])) { |
| 67 | 67 | } else { |
| 68 | 68 | $user = DBAuthenticator::getUser($_SERVER['PHP_AUTH_USER'], array('id'=>'id',)); |
| 69 | 69 | $id = $user[$_SERVER['PHP_AUTH_USER']]['id']; |
| 70 | - | |
| 71 | - | |
| 70 | + | |
| 71 | + | |
| 72 | 72 | if(KTUtil::arrayGet($_REQUEST, 'docId')){ // if a docId parameter is passed |
| 73 | 73 | // get document id from http request object |
| 74 | 74 | $iDocumentId = KTUtil::arrayGet($_REQUEST, 'docId'); |
| 75 | - | |
| 75 | + | |
| 76 | 76 | if(KTrss::validateDocumentPermissions($id, $iDocumentId)){ // if document passes validation check |
| 77 | 77 | // get document info |
| 78 | 78 | $aDocumentInfo[] = KTrss::getOneDocument($iDocumentId, $id); |
| 79 | - | |
| 80 | - if($aDocumentInfo){ | |
| 79 | + | |
| 80 | + if($aDocumentInfo){ | |
| 81 | 81 | // create rss xml for document |
| 82 | 82 | $documentFeed = KTrss::arrayToXML($aDocumentInfo); |
| 83 | 83 | }else{ |
| 84 | 84 | // create rss xml for the error |
| 85 | 85 | $error = KTrss::errorToXML(_kt('This document has returned a empty response')); |
| 86 | - } | |
| 86 | + } | |
| 87 | 87 | }else{ |
| 88 | 88 | // create rss xml for error |
| 89 | 89 | $error = KTrss::errorToXML(_kt('You are either not authorised to view details on this document or it does not exist.' . |
| ... | ... | @@ -101,7 +101,7 @@ if (!validateUser($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])) { |
| 101 | 101 | if(KTrss::validateFolderPermissions($id, $iFolderId)){ // if folder passes validation check |
| 102 | 102 | // get folder info |
| 103 | 103 | $aFolderInfo[] = KTrss::getOneFolder($iFolderId); |
| 104 | - | |
| 104 | + | |
| 105 | 105 | if($aFolderInfo){ |
| 106 | 106 | // create rss xml for folder |
| 107 | 107 | $folderFeed = KTrss::arrayToXML($aFolderInfo); |
| ... | ... | @@ -121,7 +121,7 @@ if (!validateUser($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])) { |
| 121 | 121 | } |
| 122 | 122 | }else{ // else do normal rss parsing |
| 123 | 123 | // get full list of subscribed documents and folders |
| 124 | - $aFullList = array_merge(KTrss::getDocuments($id), KTrss::getFolders($id)); | |
| 124 | + $aFullList = kt_array_merge(KTrss::getDocuments($id), KTrss::getFolders($id)); | |
| 125 | 125 | $internalFeed = KTrss::arrayToXML($aFullList); |
| 126 | 126 | echo $internalFeed; |
| 127 | 127 | } | ... | ... |