From 5b5ac45e21a0dda2b1aaa44d95b93368e7a08cf7 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Thu, 3 Mar 2022 12:41:42 +0100 Subject: [PATCH 01/14] no need to create access restriction class --- out/out.PasswordForgotten.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/out/out.PasswordForgotten.php b/out/out.PasswordForgotten.php index 636044ab4..2573d8d59 100644 --- a/out/out.PasswordForgotten.php +++ b/out/out.PasswordForgotten.php @@ -32,7 +32,7 @@ include $settings->_rootDir . "languages/" . $settings->_language . "/lang.inc"; $tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME'])); $view = UI::factory($theme, $tmp[1], array('dms'=>$dms)); -$accessop = new SeedDMS_AccessOperation($dms, null, $user, $settings); +//$accessop = new SeedDMS_AccessOperation($dms, null, $user, $settings); if (isset($_REQUEST["referuri"]) && strlen($_REQUEST["referuri"])>0) { $referrer = $_REQUEST["referuri"]; @@ -40,9 +40,8 @@ if (isset($_REQUEST["referuri"]) && strlen($_REQUEST["referuri"])>0) { $referrer = ''; } if($view) { - $view->setParam('accessobject', $accessop); $view->setParam('referrer', $referrer); - $view->setParam('accessobject', $accessop); +// $view->setParam('accessobject', $accessop); $view($_GET); exit; } From 10876c64953a7bdbc81586a745da2065a2f77144 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Thu, 3 Mar 2022 12:45:49 +0100 Subject: [PATCH 02/14] check if attribute is a string before using it in an sql statement --- SeedDMS_Core/Core/inc.ClassDMS.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/SeedDMS_Core/Core/inc.ClassDMS.php b/SeedDMS_Core/Core/inc.ClassDMS.php index 32cb15d70..6b02de3c6 100644 --- a/SeedDMS_Core/Core/inc.ClassDMS.php +++ b/SeedDMS_Core/Core/inc.ClassDMS.php @@ -1542,7 +1542,7 @@ class SeedDMS_Core_DMS { if(is_string($attribute)) $attribute = array($attribute); $searchAttributes[] = "EXISTS (SELECT NULL FROM `tblFolderAttributes` WHERE `tblFolderAttributes`.`attrdef`=".$attrdefid." AND (`tblFolderAttributes`.`value` like '%".$valueset[0].implode("%' OR `tblFolderAttributes`.`value` like '%".$valueset[0], $attribute)."%') AND `tblFolderAttributes`.`folder`=`tblFolders`.`id`)"; - } else { + } elseif(is_string($attribute)) { $searchAttributes[] = "EXISTS (SELECT NULL FROM `tblFolderAttributes` WHERE `tblFolderAttributes`.`attrdef`=".$attrdefid." AND `tblFolderAttributes`.`value`='".$attribute."' AND `tblFolderAttributes`.`folder`=`tblFolders`.`id`)"; } } else { @@ -1554,7 +1554,7 @@ class SeedDMS_Core_DMS { $kkll[] = "`tblFolderAttributes`.`value`<='".$attribute['to']."'"; if($kkll) $searchAttributes[] = "EXISTS (SELECT NULL FROM `tblFolderAttributes` WHERE `tblFolderAttributes`.`attrdef`=".$attrdefid." AND ".implode(' AND ', $kkll)." AND `tblFolderAttributes`.`folder`=`tblFolders`.`id`)"; - } else { + } elseif(is_string($attribute)) { $searchAttributes[] = "EXISTS (SELECT NULL FROM `tblFolderAttributes` WHERE `tblFolderAttributes`.`attrdef`=".$attrdefid." AND `tblFolderAttributes`.`value` like '%".$attribute."%' AND `tblFolderAttributes`.`folder`=`tblFolders`.`id`)"; } } From 37d49474fdb37e5c6303efa2823c3d2478cf584f Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Fri, 4 Mar 2022 08:14:20 +0100 Subject: [PATCH 03/14] fix searching for document content with a custom attribute having a value set --- SeedDMS_Core/Core/inc.ClassDMS.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SeedDMS_Core/Core/inc.ClassDMS.php b/SeedDMS_Core/Core/inc.ClassDMS.php index 6b02de3c6..04daed032 100644 --- a/SeedDMS_Core/Core/inc.ClassDMS.php +++ b/SeedDMS_Core/Core/inc.ClassDMS.php @@ -1755,7 +1755,7 @@ class SeedDMS_Core_DMS { } } if($attrdef->getObjType() == SeedDMS_Core_AttributeDefinition::objtype_documentcontent || $attrdef->getObjType() == SeedDMS_Core_AttributeDefinition::objtype_all) { - if($attrdef->getValueSet()) { + if($valueset = $attrdef->getValueSet()) { if($attrdef->getMultipleValues()) { /** @noinspection PhpUndefinedVariableInspection */ if(is_string($attribute)) From c83c2c21f4b1026d4ac460a13f5658bc12cd4fc9 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Fri, 4 Mar 2022 08:14:41 +0100 Subject: [PATCH 04/14] add note for 5.1.25 --- SeedDMS_Core/package.xml | 1 + 1 file changed, 1 insertion(+) diff --git a/SeedDMS_Core/package.xml b/SeedDMS_Core/package.xml index b06963a7f..39fb25552 100644 --- a/SeedDMS_Core/package.xml +++ b/SeedDMS_Core/package.xml @@ -29,6 +29,7 @@ - backport setFileType() from 6.0.x - add SeedDMS_Core_File::fileExtension() - add callbacks on onPostUpdateAttribute, onPostRemoveAttribute, onPostAddAttribute +- fix searching for document content with a custom attribute having a value set From 8e542b448f3a8691434da443453c20a20c787e07 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Fri, 4 Mar 2022 08:15:38 +0100 Subject: [PATCH 05/14] include Exception.php --- SeedDMS_SQLiteFTS/SQLiteFTS.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/SeedDMS_SQLiteFTS/SQLiteFTS.php b/SeedDMS_SQLiteFTS/SQLiteFTS.php index 0a3b710e8..338a79e1c 100644 --- a/SeedDMS_SQLiteFTS/SQLiteFTS.php +++ b/SeedDMS_SQLiteFTS/SQLiteFTS.php @@ -41,4 +41,9 @@ require_once('SQLiteFTS/QueryHit.php'); */ require_once('SQLiteFTS/IndexedDocument.php'); +/** + * @uses SeedDMS_SQLiteFTS_Exception + */ +require_once('SQLiteFTS/Exception.php'); + ?> From fe43b944c91e39f25d7fa67f2365814a6857b71f Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Fri, 4 Mar 2022 08:15:52 +0100 Subject: [PATCH 06/14] throw exeption in find() --- SeedDMS_SQLiteFTS/SQLiteFTS/Indexer.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/SeedDMS_SQLiteFTS/SQLiteFTS/Indexer.php b/SeedDMS_SQLiteFTS/SQLiteFTS/Indexer.php index 71de007e8..fd2ec197c 100644 --- a/SeedDMS_SQLiteFTS/SQLiteFTS/Indexer.php +++ b/SeedDMS_SQLiteFTS/SQLiteFTS/Indexer.php @@ -190,7 +190,8 @@ class SeedDMS_SQLiteFTS_Indexer { $sql .= " WHERE docs MATCH ".$this->_conn->quote($query); $res = $this->_conn->query($sql." GROUP BY `".$facetname."`"); if(!$res) - return false; + throw new SeedDMS_SQLiteFTS_Exception("Counting records in facet \"$facetname\" failed."); +// return false; $facets[$facetname] = array(); foreach($res as $row) { if($row[$facetname] && $row['c']) { @@ -220,7 +221,8 @@ class SeedDMS_SQLiteFTS_Indexer { $sql .= " WHERE docs MATCH ".$this->_conn->quote($query); $res = $this->_conn->query($sql." GROUP BY `record_type`"); if(!$res) - return false; + throw new SeedDMS_SQLiteFTS_Exception("Counting records in facet \"record_type\" failed."); +// return false; $facets['record_type'] = array('document'=>0, 'folder'=>0); foreach($res as $row) { $facets['record_type'][$row['record_type']] = $row['c']; @@ -239,6 +241,8 @@ class SeedDMS_SQLiteFTS_Indexer { if(!empty($limit['offset'])) $sql .= " OFFSET ".(int) $limit['offset']; $res = $this->_conn->query($sql); + if(!$res) + throw new SeedDMS_SQLiteFTS_Exception("Searching for documents failed."); $hits = array(); if($res) { foreach($res as $rec) { From e4fb5d525556f863f2112595bcaee176102fa92d Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Fri, 4 Mar 2022 08:17:07 +0100 Subject: [PATCH 07/14] set session to null if login fails to prevent warning when error msg is shown --- op/op.Login.php | 1 + 1 file changed, 1 insertion(+) diff --git a/op/op.Login.php b/op/op.Login.php index 541ccb936..e9763ff97 100644 --- a/op/op.Login.php +++ b/op/op.Login.php @@ -89,6 +89,7 @@ $controller->setParam('sesstheme', $sesstheme); $controller->setParam('referuri', $referuri); $controller->setParam('session', $session); if(!$controller->run()) { + $session = null; add_log_line("login failed", PEAR_LOG_ERR); _printMessage(getMLText($controller->getErrorMsg()), getMLText($controller->getErrorMsg())."\n"); exit; From 210f5cb1c44021ccc818e387662709f1b9cf2b7b Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Fri, 4 Mar 2022 08:17:34 +0100 Subject: [PATCH 08/14] no need to include inc.ClassEmailNotify.php --- op/op.PasswordForgotten.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/op/op.PasswordForgotten.php b/op/op.PasswordForgotten.php index c51794fc1..bfe719972 100644 --- a/op/op.PasswordForgotten.php +++ b/op/op.PasswordForgotten.php @@ -27,17 +27,16 @@ include("../inc/inc.Extension.php"); include("../inc/inc.DBInit.php"); include("../inc/inc.ClassSession.php"); include("../inc/inc.ClassUI.php"); -include("../inc/inc.ClassEmailNotify.php"); +//include("../inc/inc.ClassEmailNotify.php"); include $settings->_rootDir . "languages/" . $settings->_language . "/lang.inc"; function _printMessage($heading, $message) { - UI::htmlStartPage($heading, "password"); UI::globalBanner(); UI::pageNavigation($heading); UI::contentContainer($message."

" . getMLText("login") . "

\n"); - UI::htmlEndPage(); + UI::htmlEndPage(); return; } From a4afc1cfa71a208f7b08655009d1fe433de22473 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Fri, 4 Mar 2022 08:18:30 +0100 Subject: [PATCH 09/14] cast status to int when indexing it --- SeedDMS_SQLiteFTS/SQLiteFTS/Search.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SeedDMS_SQLiteFTS/SQLiteFTS/Search.php b/SeedDMS_SQLiteFTS/SQLiteFTS/Search.php index a227b24e1..d9a793974 100644 --- a/SeedDMS_SQLiteFTS/SQLiteFTS/Search.php +++ b/SeedDMS_SQLiteFTS/SQLiteFTS/Search.php @@ -113,7 +113,7 @@ class SeedDMS_SQliteFTS_Search { if(!empty($fields['status'])) { if($querystr) $querystr .= ' AND '; - $status = array_map(function($v){return $v+10;}, $fields['status']); + $status = array_map(function($v){return (int)$v+10;}, $fields['status']); $querystr .= '(status:'; $querystr .= implode(' OR status:', $status); $querystr .= ')'; From 8fdc15119838d00579f0fc1a246afbde5e48e7d0 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Fri, 4 Mar 2022 08:20:45 +0100 Subject: [PATCH 10/14] check if passed categories actually exist --- out/out.Search.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/out/out.Search.php b/out/out.Search.php index 8f11fe025..2c1e21368 100644 --- a/out/out.Search.php +++ b/out/out.Search.php @@ -69,9 +69,10 @@ if($fullsearch) { $category = $_GET['category']; foreach($_GET['category'] as $catid) { if($catid) { - $cat = $dms->getDocumentCategory($catid); - $categories[] = $cat; - $categorynames[] = $cat->getName(); + if($cat = $dms->getDocumentCategory($catid)) { + $categories[] = $cat; + $categorynames[] = $cat->getName(); + } } } } From 27b207f4dbf1e44259414a7f2a7c147151eea139 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Fri, 4 Mar 2022 08:21:03 +0100 Subject: [PATCH 11/14] add note --- SeedDMS_SQLiteFTS/package.xml | 1 + 1 file changed, 1 insertion(+) diff --git a/SeedDMS_SQLiteFTS/package.xml b/SeedDMS_SQLiteFTS/package.xml index a550a95b0..0c397f520 100644 --- a/SeedDMS_SQLiteFTS/package.xml +++ b/SeedDMS_SQLiteFTS/package.xml @@ -26,6 +26,7 @@ - close pipes in execWithTimeout(), also return exit code of command - add support for fts5 (make it the default) - add class SeedDMS_SQLiteFTS_Field +- throw exeption in find() instead of returning false From 4d0b9a651131ae54a784923e0f9b156254c74f65 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Fri, 4 Mar 2022 08:23:49 +0100 Subject: [PATCH 12/14] start new version 1.0.17 --- SeedDMS_SQLiteFTS/package.xml | 27 +++++++++++++++++++++------ 1 file changed, 21 insertions(+), 6 deletions(-) diff --git a/SeedDMS_SQLiteFTS/package.xml b/SeedDMS_SQLiteFTS/package.xml index 0c397f520..a0d990920 100644 --- a/SeedDMS_SQLiteFTS/package.xml +++ b/SeedDMS_SQLiteFTS/package.xml @@ -11,11 +11,11 @@ uwe@steinmann.cx yes - 2021-05-10 + 2022-03-04 - 1.0.16 - 1.0.16 + 1.0.17 + 1.0.17 stable @@ -23,9 +23,6 @@ GPL License -- close pipes in execWithTimeout(), also return exit code of command -- add support for fts5 (make it the default) -- add class SeedDMS_SQLiteFTS_Field - throw exeption in find() instead of returning false @@ -337,5 +334,23 @@ add user to list of terms - add indexing folders + + 2021-05-10 + + + 1.0.16 + 1.0.16 + + + stable + stable + + GPL License + +- close pipes in execWithTimeout(), also return exit code of command +- add support for fts5 (make it the default) +- add class SeedDMS_SQLiteFTS_Field + + From 1c4fbbed96dc96faced24188a95a1aef2cc1426b Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Fri, 4 Mar 2022 08:27:17 +0100 Subject: [PATCH 13/14] fix php warning in getAttributeEditField() --- views/bootstrap/class.Bootstrap.php | 4 ++-- views/bootstrap4/class.Bootstrap4.php | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/views/bootstrap/class.Bootstrap.php b/views/bootstrap/class.Bootstrap.php index 2abdc1d56..b4a43c96b 100644 --- a/views/bootstrap/class.Bootstrap.php +++ b/views/bootstrap/class.Bootstrap.php @@ -1811,7 +1811,7 @@ $(document).ready(function() { $content .= $this->getDocumentChooserHtml("attr".$attrdef->getId(), $target, $fieldname."[".$attrdef->getId()."]"); break; case SeedDMS_Core_AttributeDefinition::type_user: - $objvalue = $attribute ? (is_object($attribute) ? $attribute->getValueAsArray() : $attribute) : array(); + $objvalue = $attribute ? (is_object($attribute) ? $attribute->getValueAsArray() : (is_string($attribute) ? [$attribute] : $attribute)) : array(); $users = $dms->getAllUsers(); if($users) { $allowempty = $attrdef->getMinValues() == 0; @@ -1831,7 +1831,7 @@ $(document).ready(function() { } break; case SeedDMS_Core_AttributeDefinition::type_group: - $objvalue = $attribute ? (is_object($attribute) ? $attribute->getValueAsArray() : $attribute) : array(); + $objvalue = $attribute ? (is_object($attribute) ? $attribute->getValueAsArray() : (is_string($attribute) ? [$attribute] : $attribute)) : array(); $groups = $dms->getAllGroups(); if($groups) { $allowempty = $attrdef->getMinValues() == 0; diff --git a/views/bootstrap4/class.Bootstrap4.php b/views/bootstrap4/class.Bootstrap4.php index 1dabe4e01..181c1238e 100644 --- a/views/bootstrap4/class.Bootstrap4.php +++ b/views/bootstrap4/class.Bootstrap4.php @@ -1856,7 +1856,7 @@ $(document).ready(function() { $content .= $this->getDocumentChooserHtml("attr".$attrdef->getId(), $target, $fieldname."[".$attrdef->getId()."]"); break; case SeedDMS_Core_AttributeDefinition::type_user: - $objvalue = $attribute ? (is_object($attribute) ? $attribute->getValueAsArray() : $attribute) : array(); + $objvalue = $attribute ? (is_object($attribute) ? $attribute->getValueAsArray() : (is_string($attribute) ? [$attribute] : $attribute)) : array(); $users = $dms->getAllUsers(); if($users) { $allowempty = $attrdef->getMinValues() == 0; @@ -1876,7 +1876,7 @@ $(document).ready(function() { } break; case SeedDMS_Core_AttributeDefinition::type_group: - $objvalue = $attribute ? (is_object($attribute) ? $attribute->getValueAsArray() : $attribute) : array(); + $objvalue = $attribute ? (is_object($attribute) ? $attribute->getValueAsArray() : (is_string($attribute) ? [$attribute] : $attribute)) : array(); $groups = $dms->getAllGroups(); if($groups) { $allowempty = $attrdef->getMinValues() == 0; From c5dbe1995d5fbcc15dbad3415b62a1180a759d46 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Fri, 4 Mar 2022 08:27:46 +0100 Subject: [PATCH 14/14] fix possible cross side scripting --- views/bootstrap/class.Help.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/views/bootstrap/class.Help.php b/views/bootstrap/class.Help.php index 39283c9fa..610de136a 100644 --- a/views/bootstrap/class.Help.php +++ b/views/bootstrap/class.Help.php @@ -60,7 +60,7 @@ class SeedDMS_View_Help extends SeedDMS_Theme_Style { $this->columnEnd(); $this->columnStart(8); ?> - + params['session']->getLanguage()."/help/".$context.".html";