mirror of
https://git.code.sf.net/p/seeddms/code
synced 2025-02-06 07:04:57 +00:00
Merge branch 'seeddms-4.3.7' into develop
Conflicts: Makefile op/op.Download.php
This commit is contained in:
Uwe Steinmann
commit
468846b19f
|
|
@ -1,3 +1,10 @@
|
|||
--------------------------------------------------------------------------------
|
||||
Changes in version 4.3.7
|
||||
--------------------------------------------------------------------------------
|
||||
- fix some vulnerabilities discovered by Steven Seeley
|
||||
- fix javascript error when clicking on folder in document chooser (Bug #135)
|
||||
- always sort folders/documents in sequence chooser by sequence
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
Changes in version 4.3.6
|
||||
--------------------------------------------------------------------------------
|
||||
|
|
|
|||
2
Makefile
2
Makefile
|
|
@ -1,4 +1,4 @@
|
|||
VERSION=4.3.6
|
||||
VERSION=4.3.7
|
||||
SRC=CHANGELOG inc conf utils index.php languages views op out controllers README.md README.Notification README.Ubuntu drop-tables-innodb.sql styles js TODO LICENSE Makefile webdav install restapi
|
||||
# webapp
|
||||
|
||||
|
|
|
|||
|
|
@ -243,7 +243,7 @@ class SeedDMS_Core_DMS {
|
|||
$this->convertFileTypes = array();
|
||||
$this->version = '@package_version@';
|
||||
if($this->version[0] == '@')
|
||||
$this->version = '4.3.6';
|
||||
$this->version = '4.3.7';
|
||||
} /* }}} */
|
||||
|
||||
function getDB() { /* {{{ */
|
||||
|
|
|
|||
|
|
@ -12,11 +12,11 @@
|
|||
<email>uwe@steinmann.cx</email>
|
||||
<active>yes</active>
|
||||
</lead>
|
||||
<date>2014-03-18</date>
|
||||
<time>16:19:34</time>
|
||||
<date>2014-03-21</date>
|
||||
<time>09:03:59</time>
|
||||
<version>
|
||||
<release>4.3.6</release>
|
||||
<api>4.3.6</api>
|
||||
<release>4.3.7</release>
|
||||
<api>4.3.7</api>
|
||||
</version>
|
||||
<stability>
|
||||
<release>stable</release>
|
||||
|
|
@ -24,8 +24,7 @@
|
|||
</stability>
|
||||
<license uri="http://opensource.org/licenses/gpl-license">GPL License</license>
|
||||
<notes>
|
||||
- add optional parameters $publiconly=false and $user=null to SeedDMS_Core_Document::getDocumentLinks()
|
||||
- add new method SeedDMS_Core_Document::getReverseDocumentLinks()
|
||||
no changes
|
||||
</notes>
|
||||
<contents>
|
||||
<dir baseinstalldir="SeedDMS" name="/">
|
||||
|
|
@ -635,5 +634,22 @@ New release
|
|||
no changes
|
||||
</notes>
|
||||
</release>
|
||||
<release>
|
||||
<date>2014-03-18</date>
|
||||
<time>16:19:34</time>
|
||||
<version>
|
||||
<release>4.3.6</release>
|
||||
<api>4.3.6</api>
|
||||
</version>
|
||||
<stability>
|
||||
<release>stable</release>
|
||||
<api>stable</api>
|
||||
</stability>
|
||||
<license uri="http://opensource.org/licenses/gpl-license">GPL License</license>
|
||||
<notes>
|
||||
- add optional parameters $publiconly=false and $user=null to SeedDMS_Core_Document::getDocumentLinks()
|
||||
- add new method SeedDMS_Core_Document::getReverseDocumentLinks()
|
||||
</notes>
|
||||
</release>
|
||||
</changelog>
|
||||
</package>
|
||||
|
|
|
|||
|
|
@ -12,9 +12,11 @@
|
|||
* @version Release: @package_version@
|
||||
*/
|
||||
|
||||
$refer=urlencode($_SERVER["REQUEST_URI"]);
|
||||
$refer = $_SERVER["REQUEST_URI"];
|
||||
if (!strncmp("/op", $refer, 3)) {
|
||||
$refer="";
|
||||
} else {
|
||||
$refer = urlencode($refer);
|
||||
}
|
||||
if (!isset($_COOKIE["mydms_session"])) {
|
||||
header("Location: " . $settings->_httpRoot . "out/out.Login.php?referuri=".$refer);
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
<?php
|
||||
// MyDMS. Document Management System
|
||||
// Copyright (C) 2002-2005 Markus Westphal
|
||||
// Copyright (C) 2006-2008 Malcolm Cowe
|
||||
// Copyright (C) 2007-2008 Malcolm Cowe
|
||||
// Copyright (C) 2010-2013 Uwe Steinmann
|
||||
//
|
||||
// This program is free software; you can redistribute it and/or modify
|
||||
|
|
@ -20,7 +20,7 @@
|
|||
|
||||
class SeedDMS_Version {
|
||||
|
||||
var $_number = "4.3.6";
|
||||
var $_number = "4.3.7";
|
||||
var $_string = "SeedDMS";
|
||||
|
||||
function SeedDMS_Version() {
|
||||
|
|
|
|||
|
|
@ -116,7 +116,7 @@ function fileExistsInIncludePath($file) { /* {{{ */
|
|||
* Load default settings + set
|
||||
*/
|
||||
define("SEEDDMS_INSTALL", "on");
|
||||
define("SEEDDMS_VERSION", "4.3.6");
|
||||
define("SEEDDMS_VERSION", "4.3.7");
|
||||
|
||||
require_once('../inc/inc.ClassSettings.php');
|
||||
|
||||
|
|
|
|||
|
|
@ -30,14 +30,16 @@ include("../inc/inc.Authentication.php");
|
|||
$file_param_name = 'file';
|
||||
$file_name = $_FILES[ $file_param_name ][ 'name' ];
|
||||
$source_file_path = $_FILES[ $file_param_name ][ 'tmp_name' ];
|
||||
$target_file_path =$settings->_stagingDir.$_POST['fileId']."-".$_POST['partitionIndex'];
|
||||
$fileId = basename($_POST['fileId']);
|
||||
$partitionIndex = (int) $_POST['partitionIndex'];
|
||||
$target_file_path =$settings->_stagingDir.$fileId."-".$partitionIndex;
|
||||
if( move_uploaded_file( $source_file_path, $target_file_path ) ) {
|
||||
if($_POST['partitionIndex']+1 == $_POST['partitionCount']) {
|
||||
$fpnew = fopen($settings->_stagingDir.$_POST['fileId'], 'w+');
|
||||
if($partitionIndex+1 == $_POST['partitionCount']) {
|
||||
$fpnew = fopen($settings->_stagingDir.$fileId, 'w+');
|
||||
for($i=0; $i<$_POST['partitionCount']; $i++) {
|
||||
$content = file_get_contents($settings->_stagingDir.$_POST['fileId']."-".$i, 'r');
|
||||
$content = file_get_contents($settings->_stagingDir.$fileId."-".$i, 'r');
|
||||
fwrite($fpnew, $content);
|
||||
unlink($settings->_stagingDir.$_POST['fileId']."-".$i);
|
||||
unlink($settings->_stagingDir.$fileId."-".$i);
|
||||
}
|
||||
fclose($fpnew);
|
||||
|
||||
|
|
@ -166,7 +168,7 @@ if( move_uploaded_file( $source_file_path, $target_file_path ) ) {
|
|||
}
|
||||
}
|
||||
|
||||
$userfiletmp = $settings->_stagingDir.$_POST['fileId'];;
|
||||
$userfiletmp = $settings->_stagingDir.$fileId;
|
||||
$userfiletype = $_FILES[ $file_param_name ]["type"];
|
||||
$userfilename = $_FILES[ $file_param_name ]["name"];
|
||||
|
||||
|
|
|
|||
|
|
@ -113,6 +113,7 @@ if (isset($_GET["version"])) {
|
|||
readfile($dms->contentDir . $file->getPath());
|
||||
|
||||
} elseif (isset($_GET["arkname"])) {
|
||||
$filename = basename($_GET["arkname"]);
|
||||
|
||||
// backup download
|
||||
|
||||
|
|
@ -120,17 +121,17 @@ if (isset($_GET["version"])) {
|
|||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
if (!isset($_GET["arkname"]) || !file_exists($settings->_contentDir.$_GET["arkname"]) ) {
|
||||
if (!isset($filename) || !file_exists($settings->_contentDir.$filename) ) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("unknown_id"));
|
||||
}
|
||||
|
||||
header('Content-Description: File Transfer');
|
||||
//header("Content-Type: application/force-download; name=\"" . $_GET["arkname"] . "\"");
|
||||
//header("Content-Type: application/force-download; name=\"" . $filename . "\"");
|
||||
//header("Content-Type: application/octet-stream");
|
||||
header("Content-Type: application/zip");
|
||||
header("Content-Transfer-Encoding: binary");
|
||||
header("Content-Length: " . filesize($settings->_contentDir . $_GET["arkname"] ));
|
||||
header("Content-Disposition: attachment; filename=\"" .$_GET["arkname"] . "\"");
|
||||
header("Content-Length: " . filesize($settings->_contentDir . $filename ));
|
||||
header("Content-Disposition: attachment; filename=\"" .$filename . "\"");
|
||||
// header("Expires: 0");
|
||||
//header("Content-Type: " . $content->getMimeType());
|
||||
//header("Cache-Control: no-cache, must-revalidate");
|
||||
|
|
@ -138,10 +139,15 @@ if (isset($_GET["version"])) {
|
|||
header("Cache-Control: public");
|
||||
//header("Pragma: no-cache");
|
||||
|
||||
<<<<<<< HEAD
|
||||
ob_clean();
|
||||
readfile($settings->_contentDir .$_GET["arkname"] );
|
||||
=======
|
||||
readfile($settings->_contentDir .$filename );
|
||||
>>>>>>> seeddms-4.3.7
|
||||
|
||||
} elseif (isset($_GET["logname"])) {
|
||||
$filename = basename($_GET["logname"]);
|
||||
|
||||
// log download
|
||||
|
||||
|
|
@ -149,18 +155,23 @@ if (isset($_GET["version"])) {
|
|||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
if (!isset($_GET["logname"]) || !file_exists($settings->_contentDir.$_GET["logname"]) ) {
|
||||
if (!isset($filename) || !file_exists($settings->_contentDir.$filename) ) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("unknown_id"));
|
||||
}
|
||||
|
||||
header("Content-Type: text/plain; name=\"" . $_GET["logname"] . "\"");
|
||||
header("Content-Type: text/plain; name=\"" . $filename . "\"");
|
||||
header("Content-Transfer-Encoding: binary");
|
||||
header("Content-Length: " . filesize($settings->_contentDir . $_GET["logname"] ));
|
||||
header("Content-Disposition: attachment; filename=\"" .$_GET["logname"] . "\"");
|
||||
header("Content-Length: " . filesize($settings->_contentDir . $filename ));
|
||||
header("Content-Disposition: attachment; filename=\"" .$filename . "\"");
|
||||
header("Cache-Control: must-revalidate");
|
||||
<<<<<<< HEAD
|
||||
|
||||
ob_clean();
|
||||
readfile($settings->_contentDir .$_GET["logname"] );
|
||||
=======
|
||||
|
||||
readfile($settings->_contentDir .$filename );
|
||||
>>>>>>> seeddms-4.3.7
|
||||
|
||||
} elseif (isset($_GET["vfile"])) {
|
||||
|
||||
|
|
@ -192,6 +203,7 @@ if (isset($_GET["version"])) {
|
|||
readfile($dms->contentDir . $document->getDir() .$settings->_versioningFileName);
|
||||
|
||||
} elseif (isset($_GET["dumpname"])) {
|
||||
$filename = basename($_GET["dumpname"]);
|
||||
|
||||
// dump file download
|
||||
|
||||
|
|
@ -199,23 +211,27 @@ if (isset($_GET["version"])) {
|
|||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
if (!isset($_GET["dumpname"]) || !file_exists($settings->_contentDir.$_GET["dumpname"]) ) {
|
||||
if (!isset($filename) || !file_exists($settings->_contentDir.$filename) ) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("unknown_id"));
|
||||
}
|
||||
|
||||
header("Content-Type: application/zip; name=\"" . $_GET["dumpname"] . "\"");
|
||||
//header("Content-Type: application/force-download; name=\"" . $_GET["dumpname"] . "\"");
|
||||
header("Content-Type: application/zip; name=\"" . $filename . "\"");
|
||||
//header("Content-Type: application/force-download; name=\"" . $filename . "\"");
|
||||
header("Content-Transfer-Encoding: binary");
|
||||
header("Content-Length: " . filesize($settings->_contentDir . $_GET["dumpname"] ));
|
||||
header("Content-Disposition: attachment; filename=\"" .$_GET["dumpname"] . "\"");
|
||||
header("Content-Length: " . filesize($settings->_contentDir . $filename ));
|
||||
header("Content-Disposition: attachment; filename=\"" .$filename . "\"");
|
||||
//header("Expires: 0");
|
||||
//header("Content-Type: " . $content->getMimeType());
|
||||
//header("Cache-Control: no-cache, must-revalidate");
|
||||
header("Cache-Control: must-revalidate");
|
||||
//header("Pragma: no-cache");
|
||||
|
||||
<<<<<<< HEAD
|
||||
ob_clean();
|
||||
readfile($settings->_contentDir .$_GET["dumpname"] );
|
||||
=======
|
||||
readfile($settings->_contentDir .$filename );
|
||||
>>>>>>> seeddms-4.3.7
|
||||
}
|
||||
|
||||
add_log_line();
|
||||
|
|
|
|||
|
|
@ -300,10 +300,10 @@ if (isset($_COOKIE["mydms_session"])) {
|
|||
// Using urldecode() on an element in $_GET or $_REQUEST could have unexpected and dangerous results.
|
||||
|
||||
if (isset($_POST["referuri"]) && strlen($_POST["referuri"])>0) {
|
||||
$referuri = urldecode($_POST["referuri"]);
|
||||
$referuri = trim(urldecode($_POST["referuri"]));
|
||||
}
|
||||
else if (isset($_GET["referuri"]) && strlen($_GET["referuri"])>0) {
|
||||
$referuri = urldecode($_GET["referuri"]);
|
||||
$referuri = trim(urldecode($_GET["referuri"]));
|
||||
}
|
||||
|
||||
$controller->setParam('user', $user);
|
||||
|
|
|
|||
|
|
@ -28,14 +28,16 @@ include("../inc/inc.Authentication.php");
|
|||
$file_param_name = 'file';
|
||||
$file_name = $_FILES[ $file_param_name ][ 'name' ];
|
||||
$source_file_path = $_FILES[ $file_param_name ][ 'tmp_name' ];
|
||||
$target_file_path =$settings->_stagingDir.$_POST['fileId']."-".$_POST['partitionIndex'];
|
||||
$fileId = basename($_POST['fileId']);
|
||||
$partitionIndex = (int) $_POST['partitionIndex'];
|
||||
$target_file_path =$settings->_stagingDir.$fileId."-".$partitionIndex;
|
||||
if( move_uploaded_file( $source_file_path, $target_file_path ) ) {
|
||||
if($_POST['partitionIndex']+1 == $_POST['partitionCount']) {
|
||||
$fpnew = fopen($settings->_stagingDir.$_POST['fileId'], 'w+');
|
||||
if($partitionIndex+1 == $_POST['partitionCount']) {
|
||||
$fpnew = fopen($settings->_stagingDir.$fileId, 'w+');
|
||||
for($i=0; $i<$_POST['partitionCount']; $i++) {
|
||||
$content = file_get_contents($settings->_stagingDir.$_POST['fileId']."-".$i, 'r');
|
||||
$content = file_get_contents($settings->_stagingDir.$fileId."-".$i, 'r');
|
||||
fwrite($fpnew, $content);
|
||||
unlink($settings->_stagingDir.$_POST['fileId']."-".$i);
|
||||
unlink($settings->_stagingDir.$fileId."-".$i);
|
||||
}
|
||||
fclose($fpnew);
|
||||
|
||||
|
|
@ -65,7 +67,7 @@ if( move_uploaded_file( $source_file_path, $target_file_path ) ) {
|
|||
|
||||
$comment = $_POST["comment"];
|
||||
|
||||
$userfiletmp = $settings->_stagingDir.$_POST['fileId'];;
|
||||
$userfiletmp = $settings->_stagingDir.$fileId;
|
||||
$userfiletype = $_FILES[ $file_param_name ]["type"];
|
||||
$userfilename = $_FILES[ $file_param_name ]["name"];
|
||||
|
||||
|
|
|
|||
|
|
@ -139,7 +139,7 @@ function addFiles()
|
|||
</tr>
|
||||
<tr>
|
||||
<td><?php printMLText("sequence");?>:</td>
|
||||
<td><?php $this->printSequenceChooser($folder->getDocuments());?></td>
|
||||
<td><?php $this->printSequenceChooser($folder->getDocuments('s'));?></td>
|
||||
</tr>
|
||||
<?php
|
||||
$attrdefs = $dms->getAllAttributeDefinitions(array(SeedDMS_Core_AttributeDefinition::objtype_document, SeedDMS_Core_AttributeDefinition::objtype_all));
|
||||
|
|
|
|||
|
|
@ -87,7 +87,7 @@ function checkForm()
|
|||
</tr>
|
||||
<tr>
|
||||
<td class="inputDescription"><?php printMLText("sequence");?>:</td>
|
||||
<td><?php $this->printSequenceChooser($folder->getSubFolders());?></td>
|
||||
<td><?php $this->printSequenceChooser($folder->getSubFolders('s'));?></td>
|
||||
</tr>
|
||||
<?php
|
||||
$attrdefs = $dms->getAllAttributeDefinitions(array(SeedDMS_Core_AttributeDefinition::objtype_folder, SeedDMS_Core_AttributeDefinition::objtype_all));
|
||||
|
|
|
|||
|
|
@ -767,6 +767,8 @@ function documentSelected<?php echo $formName ?>(id, name) {
|
|||
$('#docid<?php echo $formName ?>').val(id);
|
||||
$('#choosedocsearch').val(name);
|
||||
modalDocChooser<?php echo $formName ?>.modal('hide');
|
||||
}
|
||||
function folderSelected<?php echo $formName ?>(id, name) {
|
||||
}
|
||||
</script>
|
||||
<?php
|
||||
|
|
|
|||
|
|
@ -136,7 +136,7 @@ function checkForm()
|
|||
print "<tr>";
|
||||
print "<td class=\"inputDescription\">" . getMLText("sequence") . ":</td>";
|
||||
print "<td>";
|
||||
$this->printSequenceChooser($folder->getDocuments(), $document->getID());
|
||||
$this->printSequenceChooser($folder->getDocuments('s'), $document->getID());
|
||||
print "</td></tr>";
|
||||
}
|
||||
if($attrdefs) {
|
||||
|
|
|
|||
|
|
@ -95,7 +95,7 @@ function checkForm()
|
|||
print "<tr>";
|
||||
print "<td>" . getMLText("sequence") . ":</td>";
|
||||
print "<td>";
|
||||
$this->printSequenceChooser($parent->getSubFolders(), $folder->getID());
|
||||
$this->printSequenceChooser($parent->getSubFolders('s'), $folder->getID());
|
||||
print "</td></tr>\n";
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user