From 0026f8c69c474cd22011d3f9a3eecd1023a2af2e Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Wed, 23 Jul 2014 20:51:45 +0200
Subject: [PATCH 1/5] selecting a status or category will not turn of folder
 search

---
 op/op.Search.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/op/op.Search.php b/op/op.Search.php
index 727c1e067..a1733b709 100644
--- a/op/op.Search.php
+++ b/op/op.Search.php
@@ -340,8 +340,8 @@ if(isset($_GET["fullsearch"]) && $_GET["fullsearch"]) {
 	 * also all folders of that user because the status doesn't apply
 	 * to folders.
 	 */
-	if($status)
-		$resultmode = 0x01;
+//	if($status)
+//		$resultmode = 0x01;
 
 	// category
 	$categories = array();
@@ -353,8 +353,8 @@ if(isset($_GET["fullsearch"]) && $_GET["fullsearch"]) {
 	}
 
 	/* Do not search for folders if result shall be filtered by categories. */
-	if($categories)
-		$resultmode = 0x01;
+//	if($categories)
+//		$resultmode = 0x01;
 
 	if (isset($_GET["attributes"]))
 		$attributes = $_GET["attributes"];

From 5641b5b067d09fb006e564b63405aa9eb2102bb2 Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Thu, 24 Jul 2014 07:52:43 +0200
Subject: [PATCH 2/5] propperly initialize $totalDocs in search()

---
 SeedDMS_Core/Core/inc.ClassDMS.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/SeedDMS_Core/Core/inc.ClassDMS.php b/SeedDMS_Core/Core/inc.ClassDMS.php
index 0d9c2c24f..73ed274d1 100644
--- a/SeedDMS_Core/Core/inc.ClassDMS.php
+++ b/SeedDMS_Core/Core/inc.ClassDMS.php
@@ -716,6 +716,7 @@ class SeedDMS_Core_DMS {
 
 		/*--------- Do it all over again for documents -------------*/
 
+		$totalDocs = 0;
 		if($mode & 0x1) {
 			$searchKey = "";
 			$searchFields = array();
@@ -900,7 +901,6 @@ class SeedDMS_Core_DMS {
 			if($searchKey || $searchOwner || $searchCategories || $searchCreateDate || $searchExpirationDate || $searchAttributes || $status) {
 			// Count the number of rows that the search will produce.
 			$resArr = $this->db->getResultArray("SELECT COUNT(*) AS num FROM (SELECT DISTINCT `tblDocuments`.id ".$searchQuery.") a");
-			$totalDocs = 0;
 			if (is_numeric($resArr[0]["num"]) && $resArr[0]["num"]>0) {
 				$totalDocs = (integer)$resArr[0]["num"];
 			}

From 760da5e2b429a16b90ce52f53d2f76addc32e836 Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Thu, 24 Jul 2014 07:53:08 +0200
Subject: [PATCH 3/5] check if pwd is passed in _POST

---
 op/op.Login.php | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/op/op.Login.php b/op/op.Login.php
index 23fb359b0..8d5bb8c39 100644
--- a/op/op.Login.php
+++ b/op/op.Login.php
@@ -50,9 +50,12 @@ if (!isset($login) || strlen($login)==0) {
 	exit;
 }
 
-$pwd = (string) $_POST["pwd"];
-if (get_magic_quotes_gpc()) {
-	$pwd = stripslashes($pwd);
+$pwd = '';
+if(isset($_POST['pwd'])) {
+	$pwd = (string) $_POST["pwd"];
+	if (get_magic_quotes_gpc()) {
+		$pwd = stripslashes($pwd);
+	}
 }
 
 $guestUser = $dms->getUser($settings->_guestID);

From f4e7e451e290d4442d838bb7154e0c50c86c5da9 Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Thu, 24 Jul 2014 07:53:36 +0200
Subject: [PATCH 4/5] check if $_GET["width"] is set before using it

---
 op/op.Preview.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/op/op.Preview.php b/op/op.Preview.php
index f31c243f5..d4428cfaa 100644
--- a/op/op.Preview.php
+++ b/op/op.Preview.php
@@ -67,7 +67,10 @@ if (!is_object($object)) {
 	exit;
 }
 
-$previewer = new SeedDMS_Preview_Previewer($settings->_cacheDir, $_GET["width"]);
+if(!empty($_GET["width"]))
+	$previewer = new SeedDMS_Preview_Previewer($settings->_cacheDir, $_GET["width"]);
+else
+	$previewer = new SeedDMS_Preview_Previewer($settings->_cacheDir);
 if(!$previewer->hasPreview($object))
 	$previewer->createPreview($object);
 header('Content-Type: image/png');

From 9da8b713b825f01507164cd7be6e41cf3271f623 Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Thu, 24 Jul 2014 07:54:08 +0200
Subject: [PATCH 5/5] pass SeedDMS_AccessOperation to view

---
 out/out.EditAttributes.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/out/out.EditAttributes.php b/out/out.EditAttributes.php
index faf22193a..eedb18f72 100644
--- a/out/out.EditAttributes.php
+++ b/out/out.EditAttributes.php
@@ -23,6 +23,7 @@ include("../inc/inc.Utils.php");
 include("../inc/inc.DBInit.php");
 include("../inc/inc.Language.php");
 include("../inc/inc.ClassUI.php");
+include("../inc/inc.ClassAccessOperation.php");
 include("../inc/inc.Authentication.php");
 
 if (!isset($_GET["documentid"]) || !is_numeric($_GET["documentid"]) || intval($_GET["documentid"])<1) {
@@ -41,11 +42,16 @@ if (!is_object($version)) {
 }
 
 $folder = $document->getFolder();
+
+/* Create object for checking access to certain operations */
+$accessop = new SeedDMS_AccessOperation($document, $user, $settings);
+
 $attrdefs = $dms->getAllAttributeDefinitions(array(SeedDMS_Core_AttributeDefinition::objtype_documentcontent, SeedDMS_Core_AttributeDefinition::objtype_all));
 
 $tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
 $view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user, 'folder'=>$folder, 'document'=>$document, 'version'=>$version, 'attrdefs'=>$attrdefs));
 if($view) {
+	$view->setParam('accessobject', $accessop);
 	$view->show();
 	exit;
 }