2010-12-16 09:29:49 +00:00
|
|
|
<?php
|
|
|
|
// MyDMS. Document Management System
|
|
|
|
// Copyright (C) 2002-2005 Markus Westphal
|
2010-10-29 13:19:51 +00:00
|
|
|
// Copyright (C) 2006-2008 Malcolm Cowe
|
2010-12-16 09:29:49 +00:00
|
|
|
// Copyright (C) 2010 Matteo Lucarelli
|
|
|
|
//
|
|
|
|
// This program is free software; you can redistribute it and/or modify
|
|
|
|
// it under the terms of the GNU General Public License as published by
|
|
|
|
// the Free Software Foundation; either version 2 of the License, or
|
|
|
|
// (at your option) any later version.
|
|
|
|
//
|
|
|
|
// This program is distributed in the hope that it will be useful,
|
|
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
// GNU General Public License for more details.
|
|
|
|
//
|
|
|
|
// You should have received a copy of the GNU General Public License
|
|
|
|
// along with this program; if not, write to the Free Software
|
|
|
|
// Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
2010-10-29 13:19:51 +00:00
|
|
|
|
2010-12-16 09:29:49 +00:00
|
|
|
function formatted_size($size_bytes) { /* {{{ */
|
2010-10-29 13:19:51 +00:00
|
|
|
if ($size_bytes>1000000000) return number_format($size_bytes/1000000000,1,".","")." GBytes";
|
|
|
|
else if ($size_bytes>1000000) return number_format($size_bytes/1000000,1,".","")." MBytes";
|
|
|
|
else if ($size_bytes>1000) return number_format($size_bytes/1000,1,".","")." KBytes";
|
|
|
|
return number_format($size_bytes,0,"","")." Bytes";
|
2010-12-16 09:29:49 +00:00
|
|
|
} /* }}} */
|
|
|
|
|
|
|
|
function getReadableDate($timestamp) {
|
|
|
|
return date("d.m.Y", $timestamp);
|
2010-10-29 13:19:51 +00:00
|
|
|
}
|
|
|
|
|
2010-12-16 09:29:49 +00:00
|
|
|
function getLongReadableDate($timestamp) {
|
|
|
|
return date("d/m/Y H:i", $timestamp);
|
2010-10-29 13:19:51 +00:00
|
|
|
}
|
|
|
|
|
2010-12-16 09:29:49 +00:00
|
|
|
//
|
|
|
|
// The original string sanitizer, kept for reference.
|
|
|
|
//function sanitizeString($string) {
|
|
|
|
// $string = str_replace("'", "'", $string);
|
|
|
|
// $string = str_replace("--", "", $string);
|
|
|
|
// $string = str_replace("<", "<", $string);
|
|
|
|
// $string = str_replace(">", ">", $string);
|
|
|
|
// $string = str_replace("/*", "", $string);
|
|
|
|
// $string = str_replace("*/", "", $string);
|
|
|
|
// $string = str_replace("\"", """, $string);
|
|
|
|
//
|
|
|
|
// return $string;
|
|
|
|
//}
|
|
|
|
|
|
|
|
function sanitizeString($string) { /* {{{ */
|
|
|
|
|
|
|
|
$string = (string) $string;
|
|
|
|
if (get_magic_quotes_gpc()) {
|
|
|
|
$string = stripslashes($string);
|
|
|
|
}
|
|
|
|
|
2011-12-02 09:13:07 +00:00
|
|
|
// The following three are against sql injection. They are not
|
|
|
|
// needed anymore because strings are quoted propperly when saved into
|
|
|
|
// the database.
|
|
|
|
// $string = str_replace("\\", "\\\\", $string);
|
|
|
|
// $string = str_replace("--", "\-\-", $string);
|
|
|
|
// $string = str_replace(";", "\;", $string);
|
2010-12-16 09:29:49 +00:00
|
|
|
// Use HTML entities to represent the other characters that have special
|
|
|
|
// meaning in SQL. These can be easily converted back to ASCII / UTF-8
|
|
|
|
// with a decode function if need be.
|
|
|
|
$string = str_replace("&", "&", $string);
|
|
|
|
$string = str_replace("%", "%", $string); // percent
|
|
|
|
$string = str_replace("\"", """, $string); // double quote
|
|
|
|
$string = str_replace("/*", "/*", $string); // start of comment
|
|
|
|
$string = str_replace("*/", "*/", $string); // end of comment
|
|
|
|
$string = str_replace("<", "<", $string);
|
|
|
|
$string = str_replace(">", ">", $string);
|
|
|
|
$string = str_replace("=", "=", $string);
|
|
|
|
$string = str_replace(")", ")", $string);
|
|
|
|
$string = str_replace("(", "(", $string);
|
|
|
|
$string = str_replace("'", "'", $string);
|
|
|
|
$string = str_replace("+", "+", $string);
|
|
|
|
|
|
|
|
return trim($string);
|
|
|
|
} /* }}} */
|
|
|
|
|
|
|
|
function mydmsDecodeString($string) { /* {{{ */
|
|
|
|
|
|
|
|
$string = (string)$string;
|
|
|
|
|
|
|
|
$string = str_replace("&", "&", $string);
|
|
|
|
$string = str_replace("%", "%", $string); // percent
|
|
|
|
$string = str_replace(""", "\"", $string); // double quote
|
|
|
|
$string = str_replace("/*", "/*", $string); // start of comment
|
|
|
|
$string = str_replace("*/", "*/", $string); // end of comment
|
|
|
|
$string = str_replace("<", "<", $string);
|
|
|
|
$string = str_replace(">", ">", $string);
|
|
|
|
$string = str_replace("=", "=", $string);
|
|
|
|
$string = str_replace(")", ")", $string);
|
|
|
|
$string = str_replace("(", "(", $string);
|
|
|
|
$string = str_replace("'", "'", $string);
|
|
|
|
$string = str_replace("+", "+", $string);
|
|
|
|
|
|
|
|
return $string;
|
|
|
|
} /* }}} */
|
|
|
|
|
|
|
|
function createVersionigFile($document) { /* {{{ */
|
|
|
|
global $settings, $dms;
|
2010-10-29 13:19:51 +00:00
|
|
|
|
|
|
|
// if directory has been removed recreate it
|
2011-01-28 07:41:26 +00:00
|
|
|
if (!file_exists($dms->contentDir . $document->getDir()))
|
|
|
|
if (!LetoDMS_Core_File::makeDir($dms->contentDir . $document->getDir())) return false;
|
2010-10-29 13:19:51 +00:00
|
|
|
|
2011-01-28 07:41:26 +00:00
|
|
|
$handle = fopen($dms->contentDir . $document->getDir() .$settings-> _versioningFileName , "wb");
|
2010-10-29 13:19:51 +00:00
|
|
|
|
|
|
|
if (is_bool($handle)&&!$handle) return false;
|
|
|
|
|
2011-12-05 14:52:05 +00:00
|
|
|
$tmp = $document->getName()." (ID ".$document->getID()."\n\n";
|
2010-10-29 13:19:51 +00:00
|
|
|
fwrite($handle, $tmp);
|
|
|
|
|
|
|
|
$owner = $document->getOwner();
|
|
|
|
$tmp = getMLText("owner")." = ".$owner->getFullName()." <".$owner->getEmail().">\n";
|
|
|
|
fwrite($handle, $tmp);
|
|
|
|
|
2010-12-16 09:29:49 +00:00
|
|
|
$tmp = getMLText("creation_date")." = ".getLongReadableDate($document->getDate())."\n";
|
2010-10-29 13:19:51 +00:00
|
|
|
fwrite($handle, $tmp);
|
|
|
|
|
|
|
|
$latestContent = $document->getLatestContent();
|
|
|
|
$tmp = "\n### ".getMLText("current_version")." ###\n\n";
|
|
|
|
fwrite($handle, $tmp);
|
|
|
|
|
|
|
|
$tmp = getMLText("version")." = ".$latestContent->getVersion()."\n";
|
|
|
|
fwrite($handle, $tmp);
|
2010-12-16 09:29:49 +00:00
|
|
|
|
2010-10-29 13:19:51 +00:00
|
|
|
$tmp = getMLText("file")." = ".$latestContent->getOriginalFileName()." (".$latestContent->getMimeType().")\n";
|
|
|
|
fwrite($handle, $tmp);
|
2010-12-16 09:29:49 +00:00
|
|
|
|
2011-12-05 14:52:05 +00:00
|
|
|
$tmp = getMLText("comment")." = ". $latestContent->getComment()."\n";
|
2010-10-29 13:19:51 +00:00
|
|
|
fwrite($handle, $tmp);
|
|
|
|
|
2010-12-16 09:29:49 +00:00
|
|
|
$status = $latestContent->getStatus();
|
2010-10-29 13:19:51 +00:00
|
|
|
$tmp = getMLText("status")." = ".getOverallStatusText($status["status"])."\n";
|
|
|
|
fwrite($handle, $tmp);
|
|
|
|
|
|
|
|
$reviewStatus = $latestContent->getReviewStatus();
|
|
|
|
$tmp = "\n### ".getMLText("reviewers")." ###\n";
|
|
|
|
fwrite($handle, $tmp);
|
|
|
|
|
|
|
|
foreach ($reviewStatus as $r) {
|
|
|
|
|
2010-12-16 09:29:49 +00:00
|
|
|
switch ($r["type"]) {
|
|
|
|
case 0: // Reviewer is an individual.
|
|
|
|
$required = $dms->getUser($r["required"]);
|
|
|
|
if (!is_object($required)) $reqName = getMLText("unknown_user")." = ".$r["required"];
|
|
|
|
else $reqName = getMLText("user")." = ".$required->getFullName();
|
|
|
|
break;
|
|
|
|
case 1: // Reviewer is a group.
|
|
|
|
$required = $dms->getGroup($r["required"]);
|
|
|
|
if (!is_object($required)) $reqName = getMLText("unknown_group")." = ".$r["required"];
|
|
|
|
else $reqName = getMLText("group")." = ".$required->getName();
|
2010-10-29 13:19:51 +00:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
$tmp = "\n".$reqName."\n";
|
|
|
|
fwrite($handle, $tmp);
|
2010-12-16 09:29:49 +00:00
|
|
|
|
2010-10-29 13:19:51 +00:00
|
|
|
$tmp = getMLText("status")." = ".getReviewStatusText($r["status"])."\n";
|
|
|
|
fwrite($handle, $tmp);
|
2010-12-16 09:29:49 +00:00
|
|
|
|
2011-12-05 14:52:05 +00:00
|
|
|
$tmp = getMLText("comment")." = ". $r["comment"]."\n";
|
2010-10-29 13:19:51 +00:00
|
|
|
fwrite($handle, $tmp);
|
2010-12-16 09:29:49 +00:00
|
|
|
|
2010-10-29 13:19:51 +00:00
|
|
|
$tmp = getMLText("last_update")." = ".$r["date"]."\n";
|
|
|
|
fwrite($handle, $tmp);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
2010-12-16 09:29:49 +00:00
|
|
|
|
2010-10-29 13:19:51 +00:00
|
|
|
$approvalStatus = $latestContent->getApprovalStatus();
|
|
|
|
$tmp = "\n### ".getMLText("approvers")." ###\n";
|
|
|
|
fwrite($handle, $tmp);
|
|
|
|
|
|
|
|
foreach ($approvalStatus as $r) {
|
|
|
|
|
2010-12-16 09:29:49 +00:00
|
|
|
switch ($r["type"]) {
|
|
|
|
case 0: // Reviewer is an individual.
|
|
|
|
$required = $dms->getUser($r["required"]);
|
|
|
|
if (!is_object($required)) $reqName = getMLText("unknown_user")." = ".$r["required"];
|
|
|
|
else $reqName = getMLText("user")." = ".$required->getFullName();
|
|
|
|
break;
|
|
|
|
case 1: // Reviewer is a group.
|
|
|
|
$required = $dms->getGroup($r["required"]);
|
|
|
|
if (!is_object($required)) $reqName = getMLText("unknown_group")." = ".$r["required"];
|
|
|
|
else $reqName = getMLText("group")." = ".$required->getName();
|
2010-10-29 13:19:51 +00:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
$tmp = "\n".$reqName."\n";
|
|
|
|
fwrite($handle, $tmp);
|
2010-12-16 09:29:49 +00:00
|
|
|
|
2010-10-29 13:19:51 +00:00
|
|
|
$tmp = getMLText("status")." = ".getApprovalStatusText($r["status"])."\n";
|
|
|
|
fwrite($handle, $tmp);
|
2010-12-16 09:29:49 +00:00
|
|
|
|
2011-12-05 14:52:05 +00:00
|
|
|
$tmp = getMLText("comment")." = ". $r["comment"]."\n";
|
2010-10-29 13:19:51 +00:00
|
|
|
fwrite($handle, $tmp);
|
2010-12-16 09:29:49 +00:00
|
|
|
|
2010-10-29 13:19:51 +00:00
|
|
|
$tmp = getMLText("last_update")." = ".$r["date"]."\n";
|
|
|
|
fwrite($handle, $tmp);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
$versions = $document->getContent();
|
|
|
|
$tmp = "\n### ".getMLText("previous_versions")." ###\n";
|
|
|
|
fwrite($handle, $tmp);
|
2010-12-16 09:29:49 +00:00
|
|
|
|
2010-10-29 13:19:51 +00:00
|
|
|
for ($i = count($versions)-2; $i >= 0; $i--){
|
|
|
|
|
2010-12-16 09:29:49 +00:00
|
|
|
$version = $versions[$i];
|
2010-10-29 13:19:51 +00:00
|
|
|
$status = $version->getStatus();
|
|
|
|
|
|
|
|
$tmp = "\n".getMLText("version")." = ".$version->getVersion()."\n";
|
|
|
|
fwrite($handle, $tmp);
|
2010-12-16 09:29:49 +00:00
|
|
|
|
2010-10-29 13:19:51 +00:00
|
|
|
$tmp = getMLText("file")." = ".$version->getOriginalFileName()." (".$version->getMimeType().")\n";
|
|
|
|
fwrite($handle, $tmp);
|
2010-12-16 09:29:49 +00:00
|
|
|
|
2011-12-05 14:52:05 +00:00
|
|
|
$tmp = getMLText("comment")." = ". $version->getComment()."\n";
|
2010-10-29 13:19:51 +00:00
|
|
|
fwrite($handle, $tmp);
|
|
|
|
|
2010-12-16 09:29:49 +00:00
|
|
|
$status = $latestContent->getStatus();
|
2010-10-29 13:19:51 +00:00
|
|
|
$tmp = getMLText("status")." = ".getOverallStatusText($status["status"])."\n";
|
|
|
|
fwrite($handle, $tmp);
|
|
|
|
|
|
|
|
}
|
2010-12-16 09:29:49 +00:00
|
|
|
|
2010-10-29 13:19:51 +00:00
|
|
|
fclose($handle);
|
|
|
|
return true;
|
2010-12-16 09:29:49 +00:00
|
|
|
} /* }}} */
|
2010-10-29 13:19:51 +00:00
|
|
|
|
2010-12-16 09:29:49 +00:00
|
|
|
function add_log_line($msg="") { /* {{{ */
|
2011-05-16 15:44:59 +00:00
|
|
|
global $logger, $user;
|
|
|
|
|
|
|
|
if(!$logger) return;
|
|
|
|
|
|
|
|
$logger->log($user->getLogin()." (".$_SERVER['REMOTE_ADDR'].") ".basename($_SERVER["REQUEST_URI"], ".php").$msg);
|
|
|
|
} /* }}} */
|
|
|
|
|
|
|
|
function _add_log_line($msg="") { /* {{{ */
|
2010-10-29 13:19:51 +00:00
|
|
|
global $settings,$user;
|
|
|
|
|
|
|
|
if ($settings->_logFileEnable!=TRUE) return;
|
|
|
|
|
|
|
|
if ($settings->_logFileRotation=="h") $logname=date("YmdH", time());
|
|
|
|
else if ($settings->_logFileRotation=="d") $logname=date("Ymd", time());
|
|
|
|
else $logname=date("Ym", time());
|
|
|
|
|
|
|
|
if($h = fopen($settings->_contentDir.$logname.".log", "a")) {
|
|
|
|
fwrite($h,date("Y/m/d H:i", time())." ".$user->getLogin()." (".$_SERVER['REMOTE_ADDR'].") ".basename($_SERVER["REQUEST_URI"], ".php").$msg."\n");
|
|
|
|
fclose($h);
|
|
|
|
}
|
2010-12-16 09:29:49 +00:00
|
|
|
} /* }}} */
|
2010-10-29 13:19:51 +00:00
|
|
|
|
2010-12-22 08:50:57 +00:00
|
|
|
function getFolderPathHTML($folder, $tagAll=false) { /* {{{ */
|
|
|
|
$path = $folder->getPath();
|
|
|
|
$txtpath = "";
|
|
|
|
for ($i = 0; $i < count($path); $i++) {
|
|
|
|
if ($i +1 < count($path)) {
|
|
|
|
$txtpath .= "<a href=\"../out/out.ViewFolder.php?folderid=".$path[$i]->getID()."&showtree=".showtree()."\">".
|
2011-12-03 11:08:26 +00:00
|
|
|
htmlspecialchars($path[$i]->getName())."</a> / ";
|
2010-12-22 08:50:57 +00:00
|
|
|
}
|
|
|
|
else {
|
|
|
|
$txtpath .= ($tagAll ? "<a href=\"../out/out.ViewFolder.php?folderid=".$path[$i]->getID()."&showtree=".showtree()."\">".
|
2011-12-03 11:08:26 +00:00
|
|
|
htmlspecialchars($path[$i]->getName())."</a>" : htmlspecialchars($path[$i]->getName()));
|
2010-12-22 08:50:57 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
return $txtpath;
|
|
|
|
} /* }}} */
|
|
|
|
|
2010-12-16 09:29:49 +00:00
|
|
|
function showtree() { /* {{{ */
|
2010-10-29 13:19:51 +00:00
|
|
|
global $settings;
|
|
|
|
|
2012-08-28 06:39:15 +00:00
|
|
|
if (isset($_GET["showtree"])) return intval($_GET["showtree"]);
|
2010-11-12 22:47:41 +00:00
|
|
|
else if ($settings->_enableFolderTree==0) return 0;
|
2010-10-29 13:19:51 +00:00
|
|
|
|
|
|
|
return 1;
|
2010-12-16 09:29:49 +00:00
|
|
|
} /* }}} */
|
|
|
|
|
2012-08-29 20:49:42 +00:00
|
|
|
/**
|
|
|
|
* Create a unique key which is used for form validation to prevent
|
|
|
|
* CSRF attacks. The key is added to a any form that has to be secured
|
|
|
|
* as a hidden field. Once the form is submitted the key is compared
|
|
|
|
* to the current key in the session and the request is only executed
|
|
|
|
* if both are equal. The key is derived from the session id, a configurable
|
|
|
|
* encryption key and form identifierer.
|
|
|
|
*
|
|
|
|
* @param string $formid individual form identifier
|
|
|
|
* @return string session key
|
|
|
|
*/
|
|
|
|
function createFormKey($formid='') { /* {{{ */
|
|
|
|
global $settings, $session;
|
|
|
|
|
|
|
|
if($id = $session->getId()) {
|
|
|
|
return md5($id.$settings->_encryptionKey.$formid);
|
|
|
|
} else {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
} /* }}} */
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Create a hidden field with the name 'formtoken' and set its value
|
|
|
|
* to the key returned by createFormKey()
|
|
|
|
*
|
|
|
|
* @param string $formid individual form identifier
|
|
|
|
* @return string input field for html formular
|
|
|
|
*/
|
|
|
|
function createHiddenFieldWithKey($formid='') { /* {{{ */
|
|
|
|
return '<input type="hidden" name="formtoken" value="'.createFormKey($formid).'" />';
|
|
|
|
} /* }}} */
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Check if the form key in the POST variable 'formtoken' has the value
|
|
|
|
* of key returned by createFormKey()
|
|
|
|
*
|
|
|
|
* @param string $formid individual form identifier
|
|
|
|
* @return boolean true if key matches otherwise false
|
|
|
|
*/
|
|
|
|
function checkFormKey($formid='') { /* {{{ */
|
|
|
|
if(isset($_POST['formtoken']) && $_POST['formtoken'] == createFormKey($formid))
|
|
|
|
return true;
|
|
|
|
|
|
|
|
return false;
|
|
|
|
} /* }}} */
|
2010-12-16 09:29:49 +00:00
|
|
|
?>
|