gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-02-11 09:35:00 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge branch 'seeddms-4.3.4' into develop

Browse Source 
Conflicts:
	Makefile
	op/op.RemoveFolder.php
This commit is contained in:
Uwe Steinmann 2014-02-26 23:12:40 +01:00
commit 50d939cd8e
9 changed files with 56 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG
View File

@ -8,7 +8,9 @@
- add missing file views/bootstrap/class.RemoveFolderFileѕ.php (Bug #101)
- unlinked documents/folders can be moved into root folder
- take out debug echo statement (Bug #125)
- fix some errors in notification mails
- fix some security holes
- add initial version of REST api
--------------------------------------------------------------------------------
Changes in version 4.3.3

4
Makefile
View File

@ -1,6 +1,6 @@
VERSION=4.3.4
SRC=CHANGELOG inc conf utils index.php languages views op out controllers README.md README.Notification README.Ubuntu drop-tables-innodb.sql styles js TODO LICENSE Makefile webdav install
#restapi webapp
SRC=CHANGELOG inc conf utils index.php languages views op out controllers README.md README.Notification README.Ubuntu drop-tables-innodb.sql styles js TODO LICENSE Makefile webdav install restapi
# webapp
EXTENSIONS := \
dynamic_content.tar.gz\

14
op/op.AddFile2.php
View File

@ -28,14 +28,16 @@ include("../inc/inc.Authentication.php");
$file_param_name = 'file';
$file_name = $_FILES[ $file_param_name ][ 'name' ];
$source_file_path = $_FILES[ $file_param_name ][ 'tmp_name' ];
$target_file_path =$settings->_stagingDir.$_POST['fileId']."-".$_POST['partitionIndex'];
$fileId = basename($_POST['fileId']);
$partitionIndex = (int) $_POST['partitionIndex'];
$target_file_path =$settings->_stagingDir.$fileId."-".$partitionIndex;
if( move_uploaded_file( $source_file_path, $target_file_path ) ) {
if($_POST['partitionIndex']+1 == $_POST['partitionCount']) {
$fpnew = fopen($settings->_stagingDir.$_POST['fileId'], 'w+');
if($partitionIndex+1 == $_POST['partitionCount']) {
$fpnew = fopen($settings->_stagingDir.$fileId, 'w+');
for($i=0; $i<$_POST['partitionCount']; $i++) {
$content = file_get_contents($settings->_stagingDir.$_POST['fileId']."-".$i, 'r');
$content = file_get_contents($settings->_stagingDir.$fileId."-".$i, 'r');
fwrite($fpnew, $content);
unlink($settings->_stagingDir.$_POST['fileId']."-".$i);
unlink($settings->_stagingDir.$fileId."-".$i);
}
fclose($fpnew);
@ -56,7 +58,7 @@ if( move_uploaded_file( $source_file_path, $target_file_path ) ) {
echo getMLText("access_denied");
}
$userfiletmp = $settings->_stagingDir.$_POST['fileId'];;
$userfiletmp = $settings->_stagingDir.$fileId;
$userfiletype = $_FILES[ $file_param_name ]["type"];
$userfilename = $_FILES[ $file_param_name ]["name"];

1
op/op.AddSubFolder.php
View File

@ -98,6 +98,7 @@ if (is_object($subFolder)) {
$message = "new_subfolder_email_body";
$params = array();
$params['name'] = $subFolder->getName();
$params['folder_name'] = $folder->getName();
$params['folder_path'] = $folder->getFolderPathPlain();
$params['username'] = $user->getFullName();
$params['comment'] = $comment;

4
op/op.Login.php
View File

@ -278,7 +278,7 @@ if (isset($_COOKIE["mydms_session"])) {
/* Load session */
$dms_session = $_COOKIE["mydms_session"];
if(!$resArr = $session->load($dms_session)) {
setcookie("mydms_session", $dms_session, time()-3600, $settings->_httpRoot); //delete cookie
setcookie("mydms_session", $dms_session, time()-3600, $settings->_httpRoot, null, null, true); //delete cookie
header("Location: " . $settings->_httpRoot . "out/out.Login.php?referuri=".$refer);
exit;
} else {
@ -296,7 +296,7 @@ if (isset($_COOKIE["mydms_session"])) {
$lifetime = time() + intval($settings->_cookieLifetime);
else
$lifetime = 0;
setcookie("mydms_session", $id, $lifetime, $settings->_httpRoot);
setcookie("mydms_session", $id, $lifetime, $settings->_httpRoot, null, null, true);
}
// TODO: by the PHP manual: The superglobals $_GET and $_REQUEST are already decoded.

35
op/op.RemoveFolder.php
View File

@ -64,6 +64,7 @@ if(!$controller->run()) {
UI::exitError(getMLText("folder_title", array("foldername" => getMLText("invalid_folder_id"))),getMLText("invalid_folder_id"));
}
<<<<<<< HEAD
if ($notifier) {
$subject = "folder_deleted_email_subject";
$message = "folder_deleted_email_body";
@ -76,6 +77,40 @@ if ($notifier) {
$notifier->toList($user, $nl["users"], $subject, $message, $params);
foreach ($nl["groups"] as $grp) {
$notifier->toGroup($user, $grp, $subject, $message, $params);
=======
$nl = $folder->getNotifyList();
$foldername = $folder->getName();
if ($folder->remove()) {
// Send notification to subscribers.
if ($notifier) {
/*
$subject = "###SITENAME###: ".$folder->getName()." - ".getMLText("folder_deleted_email");
$message = getMLText("folder_deleted_email")."\r\n";
$message .=
getMLText("name").": ".$folder->getName()."\r\n".
getMLText("folder").": ".$folder->getFolderPathPlain()."\r\n".
getMLText("comment").": ".$folder->getComment()."\r\n".
"URL: ###URL_PREFIX###out/out.ViewFolder.php?folderid=".$folder->getID()."\r\n";
$notifier->toList($user, $folder->_notifyList["users"], $subject, $message);
foreach ($folder->_notifyList["groups"] as $grp) {
$notifier->toGroup($user, $grp, $subject, $message);
}
*/
$subject = "folder_deleted_email_subject";
$message = "folder_deleted_email_body";
$params = array();
$params['name'] = $foldername;
$params['folder_path'] = $parent->getFolderPathPlain();
$params['username'] = $user->getFullName();
$params['sitename'] = $settings->_siteName;
$params['http_root'] = $settings->_httpRoot;
$params['url'] = "http".((isset($_SERVER['HTTPS']) && (strcmp($_SERVER['HTTPS'],'off')!=0)) ? "s" : "")."://".$_SERVER['HTTP_HOST'].$settings->_httpRoot."out/out.ViewFolder.php?folderid=".$parent->getID();
$notifier->toList($user, $nl["users"], $subject, $message, $params);
foreach ($nl["groups"] as $grp) {
$notifier->toGroup($user, $grp, $subject, $message, $params);
}
>>>>>>> seeddms-4.3.4
}
}

2
out/out.LogManagement.php
View File

@ -27,7 +27,7 @@ if (!$user->isAdmin()) {
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
}
if (isset($_GET["logname"])) $logname=$_GET["logname"];
if (isset($_GET["logname"])) $logname=basename($_GET["logname"]);
else $logname=NULL;
if (isset($_GET["mode"])) $mode=$_GET["mode"];

8
views/bootstrap/class.LogManagement.php
View File

@ -137,15 +137,11 @@ class SeedDMS_View_LogManagement extends SeedDMS_Bootstrap_Style {
<?php
$this->htmlEndPage();
} elseif(file_exists($this->contentdir.$logname)){
// $this->htmlStartPage(getMLText("backup_tools"));
// $this->contentSubHeading(sanitizeString($logname));
echo $logname."<pre>\n";
readfile($this->contentdir.$logname);
echo "</pre>\n";
// echo "</body>\n</html>\n";
} else {
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
}
} /* }}} */

4
views/bootstrap/class.Search.php
View File

@ -110,7 +110,7 @@ class SeedDMS_View_Search extends SeedDMS_Bootstrap_Style {
<tr>
<td><?php printMLText("search_query");?>:</td>
<td>
<input type="text" name="query" value="<?php echo $this->query; ?>" />
<input type="text" name="query" value="<?php echo htmlspecialchars($this->query); ?>" />
<select name="mode">
<option value="1" <?php echo ($mode=='AND') ? "selected" : ""; ?>><?php printMLText("search_mode_and");?>
<option value="0"<?php echo ($mode=='OR') ? "selected" : ""; ?>><?php printMLText("search_mode_or");?>
@ -246,7 +246,7 @@ class SeedDMS_View_Search extends SeedDMS_Bootstrap_Style {
<tr>
<td><?php printMLText("search_query");?>:</td>
<td>
<input type="text" name="query" value="<?php echo $this->query; ?>" />
<input type="text" name="query" value="<?php echo htmlspecialchars($this->query); ?>" />
<!--
<select name="mode">
<option value="1" selected><?php printMLText("search_mode_and");?>