From 3efdac71977c17aaf01307773c3af5ac5f3f15e5 Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Thu, 26 Mar 2020 07:53:48 +0100
Subject: [PATCH 1/2] construct SeedDMS_AccessOperation after document is known

---
 out/out.RemoveWorkflowFromDocument.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/out/out.RemoveWorkflowFromDocument.php b/out/out.RemoveWorkflowFromDocument.php
index 9d7351aeb..40784dd90 100644
--- a/out/out.RemoveWorkflowFromDocument.php
+++ b/out/out.RemoveWorkflowFromDocument.php
@@ -33,7 +33,6 @@ require_once("inc/inc.Authentication.php");
 
 $tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
 $view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
-$accessop = new SeedDMS_AccessOperation($dms, $document, $user, $settings);
 if (!$user->isAdmin()) {
 	UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
 }
@@ -63,6 +62,7 @@ if (!is_object($workflow)) {
 	UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("document_has_no_workflow"));
 }
 
+$accessop = new SeedDMS_AccessOperation($dms, $document, $user, $settings);
 $folder = $document->getFolder();
 
 if($view) {

From 2c0fb6f4762c54ba41eb11e775240442514a2048 Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Thu, 26 Mar 2020 07:54:27 +0100
Subject: [PATCH 2/2] run names through htmlspecialchars()

---
 views/bootstrap/class.Bootstrap.php          |  2 +-
 views/bootstrap/class.WorkflowActionsMgr.php |  6 +++---
 views/bootstrap/class.WorkflowMgr.php        | 16 ++++++++--------
 views/bootstrap/class.WorkflowStatesMgr.php  |  6 +++---
 4 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/views/bootstrap/class.Bootstrap.php b/views/bootstrap/class.Bootstrap.php
index b97cc8f60..5917f5b81 100644
--- a/views/bootstrap/class.Bootstrap.php
+++ b/views/bootstrap/class.Bootstrap.php
@@ -2408,7 +2408,7 @@ $('body').on('click', '[id^=\"table-row-folder\"] td:nth-child(2)', function(ev)
 				$content .= count($links)."/".count($revlinks)." ".getMLText("linked_documents")."<br />";
 			if($status["status"] == S_IN_WORKFLOW && $workflowmode == 'advanced') {
 				$workflowstate = $latestContent->getWorkflowState();
-				$content .= '<span title="'.getOverallStatusText($status["status"]).': '.$workflow->getName().'">'.$workflowstate->getName().'</span>';
+				$content .= '<span title="'.getOverallStatusText($status["status"]).': '.htmlspecialchars($workflow->getName()).'">'.htmlspecialchars($workflowstate->getName()).'</span>';
 			} else {
 				$content .= getOverallStatusText($status["status"]);
 			}
diff --git a/views/bootstrap/class.WorkflowActionsMgr.php b/views/bootstrap/class.WorkflowActionsMgr.php
index 5963025e1..55bf3aeab 100644
--- a/views/bootstrap/class.WorkflowActionsMgr.php
+++ b/views/bootstrap/class.WorkflowActionsMgr.php
@@ -86,11 +86,11 @@ $(document).ready( function() {
 						$workflow = $transition->getWorkflow();
 						echo "<tr>";
 						echo "<td>";
-						echo $workflow->getName();
+						echo htmlspecialchars($workflow->getName());
 						echo "</td><td>";
-						echo '<i class="icon-circle'.($workflow->getInitState()->getId() == $state->getId() ? ' initstate' : ' in-workflow').'"></i> '.$state->getName();
+						echo '<i class="icon-circle'.($workflow->getInitState()->getId() == $state->getId() ? ' initstate' : ' in-workflow').'"></i> '.htmlspecialchars($state->getName());
 						echo "</td><td>";
-						echo '<i class="icon-circle'.($docstatus == S_RELEASED ? ' released' : ($docstatus == S_REJECTED ? ' rejected' : ' in-workflow')).'"></i> '.$nextstate->getName();
+						echo '<i class="icon-circle'.($docstatus == S_RELEASED ? ' released' : ($docstatus == S_REJECTED ? ' rejected' : ' in-workflow')).'"></i> '.htmlspecialchars($nextstate->getName());
 						echo "</td></tr>";
 					}
 					echo "</tbody>";
diff --git a/views/bootstrap/class.WorkflowMgr.php b/views/bootstrap/class.WorkflowMgr.php
index b0de06218..d918b728d 100644
--- a/views/bootstrap/class.WorkflowMgr.php
+++ b/views/bootstrap/class.WorkflowMgr.php
@@ -117,7 +117,7 @@ $(document).ready(function() {
 			if($path) {
 				$names = array();
 				foreach($path as $state) {
-					$names[] = $state->getName();
+					$names[] = htmlspecialchars($state->getName());
 				}
 				$this->errorMsg(getMLText('workflow_has_cycle').": ".implode(' <i class="icon-arrow-right"></i> ', $names));
 			}
@@ -219,14 +219,14 @@ $(document).ready(function() {
 				if(!$transusers && !$transgroups) {
 					echo " class=\"error\"";
 				}
-				echo "><td>".'<i class="icon-circle'.($workflow->getInitState()->getId() == $state->getId() ? ' initstate' : ' in-workflow').'"></i> '.$state->getName()."<br />";
+				echo "><td>".'<i class="icon-circle'.($workflow->getInitState()->getId() == $state->getId() ? ' initstate' : ' in-workflow').'"></i> '.htmlspecialchars($state->getName())."<br />";
 				$docstatus = $nextstate->getDocumentStatus();
-				echo '<i class="icon-circle'.($docstatus == S_RELEASED ? ' released' : ($docstatus == S_REJECTED ? ' rejected' : ' in-workflow')).'"></i> '.$nextstate->getName();
+				echo '<i class="icon-circle'.($docstatus == S_RELEASED ? ' released' : ($docstatus == S_REJECTED ? ' rejected' : ' in-workflow')).'"></i> '.htmlspecialchars($nextstate->getName());
 				if($docstatus == S_RELEASED || $docstatus == S_REJECTED) {
 					echo "<br /><i class=\"icon-arrow-right\"></i> ".getOverallStatusText($docstatus);
 				}
 				echo "</td>";
-				echo "<td><i class=\"icon-sign-blank workflow-action\"></i> ".$action->getName()."</td>";
+				echo "<td><i class=\"icon-sign-blank workflow-action\"></i> ".htmlspecialchars($action->getName())."</td>";
 				echo "<td>";
 				foreach($transusers as $transuser) {
 					$u = $transuser->getUser();
@@ -237,7 +237,7 @@ $(document).ready(function() {
 					$g = $transgroup->getGroup();
 					echo '<i class="icon-group"></i> '.getMLText('at_least_n_users_of_group',
 						array("number_of_users" => $transgroup->getNumOfUsers(),
-							"group" => $g->getName()));
+							"group" => htmlspecialchars($g->getName())));
 					echo "<br />";
 				}
 				echo "</td>";
@@ -264,20 +264,20 @@ $(document).ready(function() {
 			echo "<select name=\"state\">";
 			$states = $dms->getAllWorkflowStates();
 			foreach($states as $state) {
-				echo "<option value=\"".$state->getID()."\">".$state->getName()."</option>";
+				echo "<option value=\"".$state->getID()."\">".htmlspecialchars($state->getName())."</option>";
 			}
 			echo "</select><br />";
 			echo "<select name=\"nextstate\">";
 			$states = $dms->getAllWorkflowStates();
 			foreach($states as $state) {
-				echo "<option value=\"".$state->getID()."\">".$state->getName()."</option>";
+				echo "<option value=\"".$state->getID()."\">".htmlspecialchars($state->getName())."</option>";
 			}
 			echo "</select>";
 			echo "</td>";
 			echo "<td>";
 			echo "<select name=\"action\">";
 			foreach($actions as $action) {
-				echo "<option value=\"".$action->getID()."\">".$action->getName()."</option>";
+				echo "<option value=\"".$action->getID()."\">".htmlspecialchars($action->getName())."</option>";
 			}
 			echo "</select>";
 			echo "</td>";
diff --git a/views/bootstrap/class.WorkflowStatesMgr.php b/views/bootstrap/class.WorkflowStatesMgr.php
index ea30447b5..a4da2478d 100644
--- a/views/bootstrap/class.WorkflowStatesMgr.php
+++ b/views/bootstrap/class.WorkflowStatesMgr.php
@@ -87,11 +87,11 @@ $(document).ready(function() {
 						$workflow = $transition->getWorkflow();
 						echo "<tr>";
 						echo "<td>";
-						echo $workflow->getName();
+						echo htmlspecialchars($workflow->getName());
 						echo "</td><td>";
-						echo '<i class="icon-circle'.($workflow->getInitState()->getId() == $state->getId() ? ' initstate' : ' in-workflow').'"></i> '.$state->getName();
+						echo '<i class="icon-circle'.($workflow->getInitState()->getId() == $state->getId() ? ' initstate' : ' in-workflow').'"></i> '.htmlspecialchars($state->getName());
 						echo "</td><td>";
-						echo '<i class="icon-circle'.($docstatus == S_RELEASED ? ' released' : ($docstatus == S_REJECTED ? ' rejected' : ' in-workflow')).'"></i> '.$nextstate->getName();
+						echo '<i class="icon-circle'.($docstatus == S_RELEASED ? ' released' : ($docstatus == S_REJECTED ? ' rejected' : ' in-workflow')).'"></i> '.htmlspecialchars($nextstate->getName());
 						echo "</td></tr>";
 					}
 					echo "</tbody>";