gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2024-11-26 15:32:13 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
c40cb44c79
seeddms-code/out/out.RemoveDocumentFile.php

74 lines
3.2 KiB
PHP
Raw Normal View History

- move all sources into trunk
2010-10-29 13:19:51 +00:00
<?php
// MyDMS. Document Management System
// Copyright (C) 2010 Matteo Lucarelli
//
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation; either version 2 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
include("../inc/inc.Settings.php");
- getFolderPathHTML() is now a function in inc/inc.Utils.php because it uses links only known by the calling application
2010-12-22 08:50:57 +00:00
include("../inc/inc.Utils.php");
- move all sources into trunk
2010-10-29 13:19:51 +00:00
include("../inc/inc.DBInit.php");
include("../inc/inc.Language.php");
include("../inc/inc.ClassUI.php");
include("../inc/inc.Authentication.php");
if (!isset($_GET["documentid"]) || !is_numeric($_GET["documentid"]) || intval($_GET["documentid"])<1) {
UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id"));
}
- prevent XSS attacs
2012-08-28 07:18:00 +00:00
$documentid = intval($_GET["documentid"]);
- first step to get rid of global variables from all files in inc/ - added new Class LetoDMS_DMS which represents the DMS, contains all settings for the DMS and the database connection. A document and a folder have a reference to the DMS
2010-11-12 22:47:41 +00:00
$document = $dms->getDocument($documentid);
- move all sources into trunk
2010-10-29 13:19:51 +00:00
if (!is_object($document)) {
UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id"));
}
$folder = $document->getFolder();
- use htmlspecialchars() whenever data from the database is output (this does currently break the output, because data was already encoded when saved)
2011-12-02 16:23:36 +00:00
$docPathHTML = getFolderPathHTML($folder, true). " / <a href=\"../out/out.ViewDocument.php?documentid=".$documentid."\">".htmlspecialchars($document->getName())."</a>";
- move all sources into trunk
2010-10-29 13:19:51 +00:00
if (!isset($_GET["fileid"]) || !is_numeric($_GET["fileid"]) || intval($_GET["fileid"])<1) {
- fixed possible xss security holes
2012-09-05 21:00:14 +00:00
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_file_id"));
- move all sources into trunk
2010-10-29 13:19:51 +00:00
}
$fileid = $_GET["fileid"];
- first step to get rid of global variables from all files in inc/ - added new Class LetoDMS_DMS which represents the DMS, contains all settings for the DMS and the database connection. A document and a folder have a reference to the DMS
2010-11-12 22:47:41 +00:00
$file = $document->getDocumentFile($fileid);
- move all sources into trunk
2010-10-29 13:19:51 +00:00
if (!is_object($file)) {
- fixed possible xss security holes
2012-09-05 21:00:14 +00:00
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_file_id"));
- move all sources into trunk
2010-10-29 13:19:51 +00:00
}
if (($document->getAccessMode($user) < M_ALL)&&($user->getID()!=$file->getUserID())) {
- fixed possible xss security holes
2012-09-05 21:00:14 +00:00
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied"));
- move all sources into trunk
2010-10-29 13:19:51 +00:00
}
- fixed possible xss security holes
2012-09-05 21:00:14 +00:00
UI::htmlStartPage(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))));
- move all sources into trunk
2010-10-29 13:19:51 +00:00
UI::globalNavigation($folder);
UI::pageNavigation($docPathHTML, "view_document");
UI::contentHeading(getMLText("rm_file"));
UI::contentContainerStart();
?>
<form action="../op/op.RemoveDocumentFile.php" name="form1" method="POST">
- lots of fixes to prevent CSRF attacks
2012-08-29 20:37:22 +00:00
<?php echo createHiddenFieldWithKey('removedocumentfile'); ?>
- move all sources into trunk
2010-10-29 13:19:51 +00:00
<input type="Hidden" name="documentid" value="<?php echo $documentid?>">
<input type="Hidden" name="fileid" value="<?php echo $fileid?>">
- fixed possible xss security holes
2012-09-05 21:00:14 +00:00
<p><?php printMLText("confirm_rm_file", array ("documentname" => htmlspecialchars($document->getName()), "name" => htmlspecialchars($file->getName())));?></p>
- move all sources into trunk
2010-10-29 13:19:51 +00:00
<input type="Submit" value="<?php printMLText("rm_file");?>">
</form>
<?php
UI::contentContainerEnd();
UI::htmlEndPage();
?>
Reference in New Issue Copy Permalink