mirror of
https://git.code.sf.net/p/seeddms/code
synced 2025-03-11 16:35:38 +00:00
- fixed more xss security holes
This commit is contained in:
steinm
parent
de8a438678
commit
52fbc5bc29
|
|
@ -25,33 +25,37 @@ include("../inc/inc.ClassUI.php");
|
|||
include("../inc/inc.ClassEmail.php");
|
||||
include("../inc/inc.Authentication.php");
|
||||
|
||||
if (!isset($_GET["folderid"]) || !is_numeric($_GET["folderid"]) || intval($_GET["folderid"])<1) {
|
||||
if(!checkFormKey('foldernotify')) {
|
||||
UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("invalid_request_token"));
|
||||
}
|
||||
|
||||
if (!isset($_POST["folderid"]) || !is_numeric($_POST["folderid"]) || intval($_POST["folderid"])<1) {
|
||||
UI::exitError(getMLText("folder_title", array("foldername" => getMLText("invalid_folder_id"))),getMLText("invalid_folder_id"));
|
||||
}
|
||||
|
||||
$folderid = $_GET["folderid"];
|
||||
$folderid = $_POST["folderid"];
|
||||
$folder = $dms->getFolder($folderid);
|
||||
|
||||
if (!is_object($folder)) {
|
||||
UI::exitError(getMLText("folder_title", array("foldername" => getMLText("invalid_folder_id"))),getMLText("invalid_folder_id"));
|
||||
}
|
||||
|
||||
if (!isset($_GET["action"]) || (strcasecmp($_GET["action"], "delnotify") && strcasecmp($_GET["action"], "addnotify"))) {
|
||||
if (!isset($_POST["action"]) || (strcasecmp($_POST["action"], "delnotify") && strcasecmp($_POST["action"], "addnotify"))) {
|
||||
UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("invalid_action"));
|
||||
}
|
||||
$action = $_GET["action"];
|
||||
$action = $_POST["action"];
|
||||
|
||||
if (isset($_GET["userid"]) && (!is_numeric($_GET["userid"]) || $_GET["userid"]<-1)) {
|
||||
if (isset($_POST["userid"]) && (!is_numeric($_POST["userid"]) || $_POST["userid"]<-1)) {
|
||||
UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("unknown_user"));
|
||||
}
|
||||
$userid = $_GET["userid"];
|
||||
$userid = $_POST["userid"];
|
||||
|
||||
if (isset($_GET["groupid"]) && (!is_numeric($_GET["groupid"]) || $_GET["groupid"]<-1)) {
|
||||
if (isset($_POST["groupid"]) && (!is_numeric($_POST["groupid"]) || $_POST["groupid"]<-1)) {
|
||||
UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("unknown_group"));
|
||||
}
|
||||
$groupid = $_GET["groupid"];
|
||||
$groupid = $_POST["groupid"];
|
||||
|
||||
if (isset($_GET["groupid"])&&$_GET["groupid"]!=-1){
|
||||
if (isset($_POST["groupid"])&&$_POST["groupid"]!=-1){
|
||||
$group=$dms->getGroup($groupid);
|
||||
if (!$group->isMember($user,true) && !$user->isAdmin())
|
||||
UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("access_denied"));
|
||||
|
|
|
|||
|
|
@ -200,23 +200,23 @@ foreach ($resArr['docs'] as $document) {
|
|||
else {
|
||||
$lc = $document->getLatestContent();
|
||||
print "<tr>";
|
||||
$docName = $document->getName();
|
||||
$docName = htmlspecialchars($document->getName());
|
||||
print "<td><a class=\"standardText\" href=\"../out/out.ViewDocument.php?documentid=".$document->getID()."\">/";
|
||||
$folder = $document->getFolder();
|
||||
$path = $folder->getPath();
|
||||
for ($i = 1; $i < count($path); $i++) {
|
||||
print $path[$i]->getName()."/";
|
||||
print htmlspecialchars($path[$i]->getName())."/";
|
||||
}
|
||||
print $docName;
|
||||
print "</a></td>";
|
||||
|
||||
$owner = $document->getOwner();
|
||||
print "<td>".$owner->getFullName()."</td>";
|
||||
print "<td>".htmlspecialchars($owner->getFullName())."</td>";
|
||||
print "<td>".getOverallStatusText($lc->getStatus()). "</td>";
|
||||
|
||||
print "<td class=\"center\">".$lc->getVersion()."</td>";
|
||||
|
||||
$comment = $document->getComment();
|
||||
$comment = htmlspecialchars($document->getComment());
|
||||
if (strlen($comment) > 50) $comment = substr($comment, 0, 47) . "...";
|
||||
print "<td>".$comment."</td>";
|
||||
print "</tr>\n";
|
||||
|
|
|
|||
|
|
@ -125,11 +125,11 @@ foreach ($approvalStatus["indstatus"] as $st) {
|
|||
}
|
||||
|
||||
print "<tr>\n";
|
||||
print "<td><a href=\"out.DocumentVersionDetail.php?documentid=".$st["documentID"]."&version=".$st["version"]."\">".$docIdx[$st["documentID"]][$st["version"]]["name"]."</a></td>";
|
||||
print "<td>".$docIdx[$st["documentID"]][$st["version"]]["ownerName"]."</td>";
|
||||
print "<td><a href=\"out.DocumentVersionDetail.php?documentid=".$st["documentID"]."&version=".$st["version"]."\">".htmlspecialchars($docIdx[$st["documentID"]][$st["version"]]["name"])."</a></td>";
|
||||
print "<td>".htmlspecialchars($docIdx[$st["documentID"]][$st["version"]]["ownerName"])."</td>";
|
||||
print "<td>".getOverallStatusText($docIdx[$st["documentID"]][$st["version"]]["status"])."</td>";
|
||||
print "<td>".$st["version"]."</td>";
|
||||
print "<td>".$st["date"]." ". $docIdx[$st["documentID"]][$st["version"]]["statusName"] ."</td>";
|
||||
print "<td>".$st["date"]." ". htmlspecialchars($docIdx[$st["documentID"]][$st["version"]]["statusName"]) ."</td>";
|
||||
print "<td>".(!$docIdx[$st["documentID"]][$st["version"]]["expires"] ? "-":getReadableDate($docIdx[$st["documentID"]][$st["version"]]["expires"]))."</td>";
|
||||
print "</tr>\n";
|
||||
}
|
||||
|
|
@ -166,11 +166,11 @@ foreach ($approvalStatus["grpstatus"] as $st) {
|
|||
}
|
||||
|
||||
print "<tr>\n";
|
||||
print "<td><a href=\"out.DocumentVersionDetail.php?documentid=".$st["documentID"]."&version=".$st["version"]."\">".$docIdx[$st["documentID"]][$st["version"]]["name"]."</a></td>";
|
||||
print "<td>".$docIdx[$st["documentID"]][$st["version"]]["ownerName"]."</td>";
|
||||
print "<td><a href=\"out.DocumentVersionDetail.php?documentid=".$st["documentID"]."&version=".$st["version"]."\">".htmlspecialchars($docIdx[$st["documentID"]][$st["version"]]["name"])."</a></td>";
|
||||
print "<td>".htmlspecialchars($docIdx[$st["documentID"]][$st["version"]]["ownerName"])."</td>";
|
||||
print "<td>".getOverallStatusText($docIdx[$st["documentID"]][$st["version"]]["status"])."</td>";
|
||||
print "<td>".$st["version"]."</td>";
|
||||
print "<td>".$st["date"]." ". $docIdx[$st["documentID"]][$st["version"]]["statusName"] ."</td>";
|
||||
print "<td>".$st["date"]." ". htmlspecialchars($docIdx[$st["documentID"]][$st["version"]]["statusName"]) ."</td>";
|
||||
print "<td>".(!$docIdx[$st["documentID"]][$st["version"]]["expires"] ? "-":getReadableDate($docIdx[$st["documentID"]][$st["version"]]["expires"]))."</td>";
|
||||
print "</tr>\n";
|
||||
}
|
||||
|
|
|
|||
|
|
@ -83,7 +83,15 @@ else {
|
|||
print "<td><img src=\"images/usericon.gif\" class=\"mimeicon\"></td>";
|
||||
print "<td>" . htmlspecialchars($userNotify->getFullName()) . "</td>";
|
||||
if ($user->isAdmin() || $user->getID() == $userNotify->getID()) {
|
||||
print "<td><a href=\"../op/op.FolderNotify.php?folderid=". $folderid . "&action=delnotify&userid=".$userNotify->getID()."\"><img src=\"images/del.gif\" class=\"mimeicon\"></a>".getMLText("delete")."</td>";
|
||||
print "<td>";
|
||||
print "<form action=\"../op/op.FolderNotify.php\" method=\"post\">\n";
|
||||
echo createHiddenFieldWithKey('foldernotify')."\n";
|
||||
print "<input type=\"Hidden\" name=\"folderid\" value=\"".$folderid."\">\n";
|
||||
print "<input type=\"Hidden\" name=\"action\" value=\"delnotify\">\n";
|
||||
print "<input type=\"Hidden\" name=\"userid\" value=\"".$userNotify->getID()."\">\n";
|
||||
print "<input type=\"Image\" class=\"mimeicon\" src=\"images/del.gif\">".getMLText("delete")." ";
|
||||
print "</form>\n";
|
||||
print "</td>";
|
||||
}else print "<td></td>";
|
||||
print "</tr>";
|
||||
$userNotifyIDs[] = $userNotify->getID();
|
||||
|
|
@ -94,7 +102,15 @@ else {
|
|||
print "<td><img src=\"images/groupicon.gif\" class=\"mimeicon\"></td>";
|
||||
print "<td>" . htmlspecialchars($groupNotify->getName()) . "</td>";
|
||||
if ($user->isAdmin() || $groupNotify->isMember($user,true)) {
|
||||
print "<td><a href=\"../op/op.FolderNotify.php?folderid=". $folderid . "&action=delnotify&groupid=".$groupNotify->getID()."\"><img src=\"images/del.gif\" class=\"mimeicon\"></a>".getMLText("delete")."</td>";
|
||||
print "<td>";
|
||||
print "<form action=\"../op/op.FolderNotify.php\" method=\"post\">\n";
|
||||
echo createHiddenFieldWithKey('foldernotify')."\n";
|
||||
print "<input type=\"Hidden\" name=\"folderid\" value=\"".$folderid."\">\n";
|
||||
print "<input type=\"Hidden\" name=\"action\" value=\"delnotify\">\n";
|
||||
print "<input type=\"Hidden\" name=\"groupid\" value=\"".$groupNotify->getID()."\">\n";
|
||||
print "<input type=\"Image\" class=\"mimeicon\" src=\"images/del.gif\">".getMLText("delete")." ";
|
||||
print "</form>\n";
|
||||
print "</td>";
|
||||
}else print "<td></td>";
|
||||
print "</tr>";
|
||||
$groupNotifyIDs[] = $groupNotify->getID();
|
||||
|
|
@ -104,7 +120,8 @@ print "</table>\n";
|
|||
|
||||
?>
|
||||
<br>
|
||||
<form action="../op/op.FolderNotify.php" name="form1" onsubmit="return checkForm();">
|
||||
<form action="../op/op.FolderNotify.php" method="post" name="form1" onsubmit="return checkForm();">
|
||||
<?php echo createHiddenFieldWithKey('foldernotify'); ?>
|
||||
<input type="Hidden" name="folderid" value="<?php print $folderid?>">
|
||||
<input type="Hidden" name="action" value="addnotify">
|
||||
<table>
|
||||
|
|
|
|||
|
|
@ -75,7 +75,7 @@ foreach ($groups as $group){
|
|||
|
||||
echo "<li>".htmlspecialchars($member->getFullName());
|
||||
if ($member->getEmail()!="")
|
||||
echo " (<a href=\"mailto:".$member->getEmail()."\">".$member->getEmail()."</a>)";
|
||||
echo " (<a href=\"mailto:".htmlspecialchars($member->getEmail())."\">".htmlspecialchars($member->getEmail())."</a>)";
|
||||
foreach($managers as $manager)
|
||||
if($manager->getId() == $member->getId())
|
||||
echo ", ".getMLText("manager");
|
||||
|
|
|
|||
|
|
@ -128,7 +128,7 @@ foreach ($reviewStatus["indstatus"] as $st) {
|
|||
print "<td>".htmlspecialchars($docIdx[$st["documentID"]][$st["version"]]["ownerName"])."</td>";
|
||||
print "<td>".getOverallStatusText($docIdx[$st["documentID"]][$st["version"]]["status"])."</td>";
|
||||
print "<td>".$st["version"]."</td>";
|
||||
print "<td>".$st["date"]." ". $docIdx[$st["documentID"]][$st["version"]]["statusName"] ."</td>";
|
||||
print "<td>".$st["date"]." ". htmlspecialchars($docIdx[$st["documentID"]][$st["version"]]["statusName"]) ."</td>";
|
||||
print "<td>".(!$docIdx[$st["documentID"]][$st["version"]]["expires"] ? "-":getReadableDate($docIdx[$st["documentID"]][$st["version"]]["expires"]))."</td>";
|
||||
print "</tr>\n";
|
||||
}
|
||||
|
|
@ -168,7 +168,7 @@ foreach ($reviewStatus["grpstatus"] as $st) {
|
|||
print "<td>".htmlspecialchars($docIdx[$st["documentID"]][$st["version"]]["ownerName"])."</td>";
|
||||
print "<td>".getOverallStatusText($docIdx[$st["documentID"]][$st["version"]]["status"])."</td>";
|
||||
print "<td>".$st["version"]."</td>";
|
||||
print "<td>".$st["date"]." ". $docIdx[$st["documentID"]][$st["version"]]["statusName"] ."</td>";
|
||||
print "<td>".$st["date"]." ". htmlspecialchars($docIdx[$st["documentID"]][$st["version"]]["statusName"]) ."</td>";
|
||||
print "<td>".(!$docIdx[$st["documentID"]][$st["version"]]["expires"] ? "-":getReadableDate($docIdx[$st["documentID"]][$st["version"]]["expires"]))."</td>";
|
||||
print "</tr>\n";
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user