gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-06-01 06:27:15 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

do not htmlspecialchars() keywords, check attributes before setting them

Browse Source
This commit is contained in:
Uwe Steinmann 2017-12-20 11:22:16 +01:00
parent fc09a9408b
commit 5013fb154c
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
restapi/index.php
View File

@ -314,10 +314,12 @@ function createFolder($id) { /* {{{ */
$comment = $app->request()->post('comment');
$attributes = $app->request()->post('attributes');
$newattrs = array();
foreach($attributes as $attrname=>$attrvalue) {
$attrdef = $dms->getAttributeDefinitionByName($attrname);
if($attrdef) {
$newattrs[$attrdef->getID()] = $attrvalue;
if($attributes) {
foreach($attributes as $attrname=>$attrvalue) {
$attrdef = $dms->getAttributeDefinitionByName($attrname);
if($attrdef) {
$newattrs[$attrdef->getID()] = $attrvalue;
}
}
}
if($folder = $parent->addSubFolder($name, $comment, $userobj, 0, $newattrs)) {
@ -469,7 +471,7 @@ function getDocument($id) { /* {{{ */
'version'=>$lc->getVersion(),
'orig_filename'=>$lc->getOriginalFileName(),
'size'=>$lc->getFileSize(),
'keywords'=>htmlspecialchars($document->getKeywords()),
'keywords'=>$document->getKeywords(),
);
$app->response()->header('Content-Type', 'application/json');
echo json_encode(array('success'=>true, 'message'=>'', 'data'=>$data));