gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-05-12 12:41:30 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

- do not use sanitizeString() if not needed

Browse Source
This commit is contained in:
steinm 2011-12-01 21:35:00 +00:00
parent 112d2b4f0d
commit 57777f2498
1 changed files with 183 additions and 195 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

378
op/op.UserDefaultKeywords.php
View File

@ -1,202 +1,190 @@
<?php <?php
// MyDMS. Document Management System // MyDMS. Document Management System
// Copyright (C) 2002-2005 Markus Westphal // Copyright (C) 2002-2005 Markus Westphal
// Copyright (C) 2006-2008 Malcolm Cowe // Copyright (C) 2006-2008 Malcolm Cowe
// //
// This program is free software; you can redistribute it and/or modify // This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by // it under the terms of the GNU General Public License as published by
// the Free Software Foundation; either version 2 of the License, or // the Free Software Foundation; either version 2 of the License, or
// (at your option) any later version. // (at your option) any later version.
// //
// This program is distributed in the hope that it will be useful, // This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of // but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details. // GNU General Public License for more details.
// //
// You should have received a copy of the GNU General Public License // You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software // along with this program; if not, write to the Free Software
// Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. // Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
include("../inc/inc.Settings.php"); include("../inc/inc.Settings.php");
include("../inc/inc.DBInit.php"); include("../inc/inc.DBInit.php");
include("../inc/inc.Language.php"); include("../inc/inc.Language.php");
include("../inc/inc.ClassUI.php"); include("../inc/inc.ClassUI.php");
include("../inc/inc.Authentication.php"); include("../inc/inc.Authentication.php");
if ($user->isGuest()) { if ($user->isGuest()) {
UI::exitError(getMLText("edit_default_keywords"),getMLText("access_denied")); UI::exitError(getMLText("edit_default_keywords"),getMLText("access_denied"));
} }
if (isset($_POST["action"])) { $action = '';
$action = sanitizeString($_POST["action"]); if (isset($_REQUEST["action"])) {
} $action = $_REQUEST["action"];
else { }
$action = sanitizeString($_GET["action"]);
} /* Create new category ------------------------------------------------ */
if ($action == "addcategory") {
//Neue Kategorie anlegen -----------------------------------------------------------------------------
if ($action == "addcategory") { if (isset($_REQUEST["name"]) && $_REQUEST["name"]) {
$name = sanitizeString($_REQUEST["name"]);
if (isset($_POST["name"])) {
$name = sanitizeString($_POST["name"]); $newCategory = $dms->addKeywordCategory($user->getID(), $name);
} if (!$newCategory) {
else { UI::exitError(getMLText("personal_default_keywords"),getMLText("error_occured"));
$name = sanitizeString($_GET["name"]);
}
$newCategory = $dms->addKeywordCategory($user->getID(), $name);
if (!$newCategory) {
UI::exitError(getMLText("personal_default_keywords"),getMLText("error_occured"));
}
$categoryid=$newCategory->getID();
}
//Kategorie löschen ----------------------------------------------------------------------------------
else if ($action == "removecategory") {
if (isset($_POST["categoryid"])) {
$categoryid = intval($_POST["categoryid"]);
}
else {
$categoryid = intval($_GET["categoryid"]);
}
$category = $dms->getKeywordCategory($categoryid);
if (is_object($category)) {
$owner = $category->getOwner();
if ($owner->getID() != $user->getID()) {
UI::exitError(getMLText("personal_default_keywords"),getMLText("access_denied"));
}
if (!$category->remove()) {
UI::exitError(getMLText("personal_default_keywords"),getMLText("error_occured"));
}
}
else UI::exitError(getMLText("personal_default_keywords"),getMLText("error_occured"));
$categoryid=-1;
}
//Kategorie bearbeiten: Neuer Name --------------------------------------------------------------------
else if ($action == "editcategory") {
if (isset($_POST["categoryid"])) {
$categoryid = intval($_POST["categoryid"]);
}
else {
$categoryid = intval($_GET["categoryid"]);
}
$category = $dms->getKeywordCategory($categoryid);
if (is_object($category)) {
$owner = $category->getOwner();
if ($owner->getID() != $user->getID()) {
UI::exitError(getMLText("personal_default_keywords"),getMLText("access_denied"));
}
if (isset($_POST["name"])) {
$name = sanitizeString($_POST["name"]);
}
else {
$name = sanitizeString($_GET["name"]);
}
if (!$category->setName($name)) {
UI::exitError(getMLText("personal_default_keywords"),getMLText("error_occured"));
}
}
else UI::exitError(getMLText("personal_default_keywords"),getMLText("error_occured"));
}
//Kategorie bearbeiten: Neue Stichwortliste ----------------------------------------------------------
else if ($action == "newkeywords") {
if (isset($_POST["categoryid"])) {
$categoryid = intval($_POST["categoryid"]);
}
else {
$categoryid = intval($_GET["categoryid"]);
}
$category = $dms->getKeywordCategory($categoryid);
if (is_object($category)) {
$owner = $category->getOwner();
if ($owner->getID() != $user->getID()) {
UI::exitError(getMLText("personal_default_keywords"),getMLText("access_denied"));
}
if (isset($_POST["keywords"])) {
$keywords = sanitizeString($_POST["keywords"]);
}
else {
$keywords = sanitizeString($_GET["keywords"]);
}
if (!$category->addKeywordList($keywords)) {
UI::exitError(getMLText("personal_default_keywords"),getMLText("error_occured"));
}
}
else UI::exitError(getMLText("personal_default_keywords"),getMLText("error_occured"));
}
//Kategorie bearbeiten: Stichwortliste bearbeiten ----------------------------------------------------------
else if ($action == "editkeywords") {
if (isset($_POST["categoryid"])) {
$categoryid = intval($_POST["categoryid"]);
}
else {
$categoryid = intval($_GET["categoryid"]);
}
$category = $dms->getKeywordCategory($categoryid);
if (is_object($category)) {
$owner = $category->getOwner();
if ($owner->getID() != $user->getID()) {
UI::exitError(getMLText("personal_default_keywords"),getMLText("access_denied"));
}
if (isset($_POST["keywordsid"])) {
$keywordsid = intval($_POST["keywordsid"]);
}
else {
$keywordsid = intval($_GET["keywordsid"]);
}
if (!is_numeric($keywordsid)) {
UI::exitError(getMLText("personal_default_keywords"),getMLText("unknown_keyword_category"));
} }
$categoryid=$newCategory->getID();
if (!$category->editKeywordList($keywordsid, $_POST["keywords"])) { } else {
UI::exitError(getMLText("personal_default_keywords"),getMLText("error_occured")); UI::exitError(getMLText("personal_default_keywords"),getMLText("error_occured"));
} }
} }
else UI::exitError(getMLText("personal_default_keywords"),getMLText("error_occured"));
}
/* Delete category ---------------------------------------------------- */
//Kategorie bearbeiten: Neue Stichwortliste löschen ---------------------------------------------------------- else if ($action == "removecategory") {
$categoryid = 0;
if (isset($_REQUEST["categoryid"]) && $_REQUEST["categoryid"]) {
$categoryid = intval($_POST["categoryid"]);
}
$category = $dms->getKeywordCategory($categoryid);
if (is_object($category)) {
$owner = $category->getOwner();
if ($owner->getID() != $user->getID()) {
UI::exitError(getMLText("personal_default_keywords"),getMLText("access_denied"));
}
if (!$category->remove()) {
UI::exitError(getMLText("personal_default_keywords"),getMLText("error_occured"));
}
} else {
UI::exitError(getMLText("personal_default_keywords"),getMLText("error_occured"));
}
$categoryid=-1;
}
/* Edit category: new name -------------------------------------------- */
else if ($action == "editcategory") {
$categoryid = 0;
if (isset($_REQUEST["categoryid"]) && $_REQUEST["categoryid"]) {
$categoryid = intval($_POST["categoryid"]);
}
$category = $dms->getKeywordCategory($categoryid);
if (is_object($category)) {
$owner = $category->getOwner();
if ($owner->getID() != $user->getID()) {
UI::exitError(getMLText("personal_default_keywords"),getMLText("access_denied"));
}
if (isset($_REQUEST["name"]) && $_REQUEST["name"]) {
$name = sanitizeString($_REQUEST["name"]);
if (!$category->setName($name)) {
UI::exitError(getMLText("personal_default_keywords"),getMLText("error_occured"));
}
} else {
UI::exitError(getMLText("personal_default_keywords"),getMLText("error_occured"));
}
}
else UI::exitError(getMLText("personal_default_keywords"),getMLText("error_occured"));
}
/* Edit category: new keyword list ----------------------------------- */
else if ($action == "newkeywords") {
$categoryid = 0;
if (isset($_REQUEST["categoryid"]) && $_REQUEST["categoryid"]) {
$categoryid = intval($_POST["categoryid"]);
}
$category = $dms->getKeywordCategory($categoryid);
if (is_object($category)) {
$owner = $category->getOwner();
if ($owner->getID() != $user->getID()) {
UI::exitError(getMLText("personal_default_keywords"),getMLText("access_denied"));
}
if (isset($_POST["keywords"])) {
$keywords = sanitizeString($_POST["keywords"]);
}
else {
$keywords = sanitizeString($_GET["keywords"]);
}
if (!$category->addKeywordList($keywords)) {
UI::exitError(getMLText("personal_default_keywords"),getMLText("error_occured"));
}
}
else UI::exitError(getMLText("personal_default_keywords"),getMLText("error_occured"));
}
/* Edit category: edit keyword list ----------------------------------*/
else if ($action == "editkeywords") {
$categoryid = 0;
if (isset($_REQUEST["categoryid"]) && $_REQUEST["categoryid"]) {
$categoryid = intval($_POST["categoryid"]);
}
$category = $dms->getKeywordCategory($categoryid);
if (is_object($category)) {
$owner = $category->getOwner();
if ($owner->getID() != $user->getID()) {
UI::exitError(getMLText("personal_default_keywords"),getMLText("access_denied"));
}
if (isset($_POST["keywordsid"])) {
$keywordsid = intval($_POST["keywordsid"]);
}
else {
$keywordsid = intval($_GET["keywordsid"]);
}
if (!is_numeric($keywordsid)) {
UI::exitError(getMLText("personal_default_keywords"),getMLText("unknown_keyword_category"));
}
if (!$category->editKeywordList($keywordsid, $_POST["keywords"])) {
UI::exitError(getMLText("personal_default_keywords"),getMLText("error_occured"));
}
}
else UI::exitError(getMLText("personal_default_keywords"),getMLText("error_occured"));
}
/* Edit category: delete keyword list -------------------------------- */
else if ($action == "removekeywords") { else if ($action == "removekeywords") {
if (isset($_POST["categoryid"])) { $categoryid = 0;
$categoryid = intval($_POST["categoryid"]); if (isset($_REQUEST["categoryid"]) && $_REQUEST["categoryid"]) {
} $categoryid = intval($_POST["categoryid"]);
else { }
$categoryid = intval($_GET["categoryid"]); $category = $dms->getKeywordCategory($categoryid);
} if (is_object($category)) {
$category = $dms->getKeywordCategory($categoryid); $owner = $category->getOwner();
if (is_object($category)) { if ($owner->getID() != $user->getID()) {
$owner = $category->getOwner(); UI::exitError(getMLText("personal_default_keywords"),getMLText("access_denied"));
if ($owner->getID() != $user->getID()) { }
UI::exitError(getMLText("personal_default_keywords"),getMLText("access_denied")); if (isset($_POST["keywordsid"])) {
} $keywordsid = intval($_POST["keywordsid"]);
if (isset($_POST["keywordsid"])) { }
$keywordsid = intval($_POST["keywordsid"]); else {
} $keywordsid = intval($_GET["keywordsid"]);
else { }
$keywordsid = intval($_GET["keywordsid"]); if (!is_numeric($keywordsid)) {
} UI::exitError(getMLText("personal_default_keywords"),getMLText("unknown_keyword_category"));
if (!is_numeric($keywordsid)) { }
UI::exitError(getMLText("personal_default_keywords"),getMLText("unknown_keyword_category")); if (!$category->removeKeywordList($keywordsid)) {
} UI::exitError(getMLText("personal_default_keywords"),getMLText("error_occured"));
if (!$category->removeKeywordList($keywordsid)) { }
UI::exitError(getMLText("personal_default_keywords"),getMLText("error_occured")); }
} else UI::exitError(getMLText("personal_default_keywords"),getMLText("error_occured"));
} }
else UI::exitError(getMLText("personal_default_keywords"),getMLText("error_occured"));
}
header("Location:../out/out.UserDefaultKeywords.php?categoryid=".$categoryid); header("Location:../out/out.UserDefaultKeywords.php?categoryid=".$categoryid);
?> ?>