gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-12-14 19:42:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

do not htmlspecialchars() keywords, check attributes before setting them

Browse Source
This commit is contained in:
Uwe Steinmann 2017-12-20 11:22:16 +01:00
parent fc09a9408b
commit 5013fb154c
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
restapi/index.php
View File

@ -314,10 +314,12 @@ function createFolder($id) { /* {{{ */
$comment = $app->request()->post('comment'); $comment = $app->request()->post('comment');
$attributes = $app->request()->post('attributes'); $attributes = $app->request()->post('attributes');
$newattrs = array(); $newattrs = array();
foreach($attributes as $attrname=>$attrvalue) { if($attributes) {
$attrdef = $dms->getAttributeDefinitionByName($attrname); foreach($attributes as $attrname=>$attrvalue) {
if($attrdef) { $attrdef = $dms->getAttributeDefinitionByName($attrname);
$newattrs[$attrdef->getID()] = $attrvalue; if($attrdef) {
$newattrs[$attrdef->getID()] = $attrvalue;
}
} }
} }
if($folder = $parent->addSubFolder($name, $comment, $userobj, 0, $newattrs)) { if($folder = $parent->addSubFolder($name, $comment, $userobj, 0, $newattrs)) {
@ -469,7 +471,7 @@ function getDocument($id) { /* {{{ */
'version'=>$lc->getVersion(), 'version'=>$lc->getVersion(),
'orig_filename'=>$lc->getOriginalFileName(), 'orig_filename'=>$lc->getOriginalFileName(),
'size'=>$lc->getFileSize(), 'size'=>$lc->getFileSize(),
'keywords'=>htmlspecialchars($document->getKeywords()), 'keywords'=>$document->getKeywords(),
); );
$app->response()->header('Content-Type', 'application/json'); $app->response()->header('Content-Type', 'application/json');
echo json_encode(array('success'=>true, 'message'=>'', 'data'=>$data)); echo json_encode(array('success'=>true, 'message'=>'', 'data'=>$data));