gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2024-11-26 23:42:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

better checking of passed arguments

Browse Source
This commit is contained in:
Uwe Steinmann 2021-09-18 17:50:32 +02:00
parent e765737d93
commit 578aa30bc5
1 changed files with 59 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
SeedDMS_Core/Core/inc.ClassDMS.php
View File

@ -2298,8 +2298,10 @@ class SeedDMS_Core_DMS {
$queryStr = "SELECT * FROM `tblKeywordCategories` WHERE `id` = " . (int) $id;
$resArr = $this->db->getResultArray($queryStr);
if ((is_bool($resArr) && !$resArr) || (count($resArr) != 1))
if (is_bool($resArr) && !$resArr)
return false;
if (count($resArr) != 1)
return null;
$resArr = $resArr[0];
$cat = new SeedDMS_Core_Keywordcategory($resArr["id"], $resArr["owner"], $resArr["name"]);
@ -2308,10 +2310,15 @@ class SeedDMS_Core_DMS {
} /* }}} */
function getKeywordCategoryByName($name, $userID) { /* {{{ */
if (!is_numeric($userID) || $userID < 1)
return false;
$name = trim($name);
$queryStr = "SELECT * FROM `tblKeywordCategories` WHERE `name` = " . $this->db->qstr($name) . " AND `owner` = " . (int) $userID;
$resArr = $this->db->getResultArray($queryStr);
if ((is_bool($resArr) && !$resArr) || (count($resArr) != 1))
if (is_bool($resArr) && !$resArr)
return false;
if (count($resArr) != 1)
return null;
$resArr = $resArr[0];
$cat = new SeedDMS_Core_Keywordcategory($resArr["id"], $resArr["owner"], $resArr["name"]);
@ -2356,12 +2363,13 @@ class SeedDMS_Core_DMS {
function addKeywordCategory($userID, $name) { /* {{{ */
if (!is_numeric($userID) || $userID < 1)
return false;
if(!trim($name))
$name = trim($name);
if(!$name)
return false;
if (is_object($this->getKeywordCategoryByName(trim($name), $userID))) {
if (is_object($this->getKeywordCategoryByName($name, $userID))) {
return false;
}
$queryStr = "INSERT INTO `tblKeywordCategories` (`owner`, `name`) VALUES (".(int) $userID.", ".$this->db->qstr(trim($name)).")";
$queryStr = "INSERT INTO `tblKeywordCategories` (`owner`, `name`) VALUES (".(int) $userID.", ".$this->db->qstr($name).")";
if (!$this->db->getResult($queryStr))
return false;
@ -2420,6 +2428,7 @@ class SeedDMS_Core_DMS {
* @return SeedDMS_Core_DocumentCategory|boolean instance of {@link SeedDMS_Core_DocumentCategory}
*/
function getDocumentCategoryByName($name) { /* {{{ */
$name = trim($name);
if (!$name) return false;
$queryStr = "SELECT * FROM `tblCategory` where `name`=".$this->db->qstr($name);
@ -2435,12 +2444,13 @@ class SeedDMS_Core_DMS {
} /* }}} */
function addDocumentCategory($name) { /* {{{ */
if(!trim($name))
$name = trim($name);
if(!$name)
return false;
if (is_object($this->getDocumentCategoryByName(trim($name)))) {
if (is_object($this->getDocumentCategoryByName($name))) {
return false;
}
$queryStr = "INSERT INTO `tblCategory` (`name`) VALUES (".$this->db->qstr(trim($name)).")";
$queryStr = "INSERT INTO `tblCategory` (`name`) VALUES (".$this->db->qstr($name).")";
if (!$this->db->getResult($queryStr))
return false;
@ -2573,6 +2583,7 @@ class SeedDMS_Core_DMS {
* @return SeedDMS_Core_AttributeDefinition|boolean instance of {@link SeedDMS_Core_AttributeDefinition} or false
*/
function getAttributeDefinitionByName($name) { /* {{{ */
$name = trim($name);
if (!$name) return false;
$queryStr = "SELECT * FROM `tblAttributeDefinitions` WHERE `name` = " . $this->db->qstr($name);
@ -2635,9 +2646,14 @@ class SeedDMS_Core_DMS {
* @return bool|SeedDMS_Core_User
*/
function addAttributeDefinition($name, $objtype, $type, $multiple=0, $minvalues=0, $maxvalues=1, $valueset='', $regex='') { /* {{{ */
$name = trim($name);
if(!$name)
return false;
if (is_object($this->getAttributeDefinitionByName($name))) {
return false;
}
if(!$objtype)
return false;
if(!$type)
return false;
if(trim($valueset)) {
@ -2692,9 +2708,12 @@ class SeedDMS_Core_DMS {
* Return workflow by its Id
*
* @param integer $id internal id of workflow
* @return SeedDMS_Core_Workflow|bool of instances of {@link SeedDMS_Core_Workflow} or false
* @return SeedDMS_Core_Workflow|bool of instances of {@link SeedDMS_Core_Workflow}, null if no workflow was found or false
*/
function getWorkflow($id) { /* {{{ */
if (!is_numeric($id))
return false;
$queryStr = "SELECT * FROM `tblWorkflows` WHERE `id`=".intval($id);
$resArr = $this->db->getResultArray($queryStr);
@ -2702,7 +2721,7 @@ class SeedDMS_Core_DMS {
return false;
if(!$resArr)
return false;
return null;
$initstate = $this->getWorkflowState($resArr[0]['initstate']);
@ -2716,9 +2735,10 @@ class SeedDMS_Core_DMS {
* Return workflow by its name
*
* @param string $name name of workflow
* @return SeedDMS_Core_Workflow|bool of instances of {@link SeedDMS_Core_Workflow} or false
* @return SeedDMS_Core_Workflow|bool of instances of {@link SeedDMS_Core_Workflow} or null if no workflow was found or false
*/
function getWorkflowByName($name) { /* {{{ */
$name = trim($name);
if (!$name) return false;
$queryStr = "SELECT * FROM `tblWorkflows` WHERE `name`=".$this->db->qstr($name);
@ -2728,7 +2748,7 @@ class SeedDMS_Core_DMS {
return false;
if(!$resArr)
return false;
return null;
$initstate = $this->getWorkflowState($resArr[0]['initstate']);
@ -2747,6 +2767,9 @@ class SeedDMS_Core_DMS {
*/
function addWorkflow($name, $initstate) { /* {{{ */
$db = $this->db;
$name = trim($name);
if(!$name)
return false;
if (is_object($this->getWorkflowByName($name))) {
return false;
}
@ -2773,8 +2796,11 @@ class SeedDMS_Core_DMS {
$queryStr = "SELECT * FROM `tblWorkflowStates` WHERE `id` = " . (int) $id;
$resArr = $this->db->getResultArray($queryStr);
if (is_bool($resArr) && $resArr == false) return false;
if (count($resArr) != 1) return false;
if (is_bool($resArr) && $resArr == false)
return false;
if (count($resArr) != 1)
return null;
$resArr = $resArr[0];
@ -2790,6 +2816,7 @@ class SeedDMS_Core_DMS {
* @return bool|SeedDMS_Core_Workflow_State or false
*/
function getWorkflowStateByName($name) { /* {{{ */
$name = trim($name);
if (!$name) return false;
$queryStr = "SELECT * FROM `tblWorkflowStates` WHERE `name`=".$this->db->qstr($name);
@ -2799,7 +2826,7 @@ class SeedDMS_Core_DMS {
return false;
if(!$resArr)
return false;
return null;
$resArr = $resArr[0];
@ -2840,6 +2867,9 @@ class SeedDMS_Core_DMS {
*/
function addWorkflowState($name, $docstatus) { /* {{{ */
$db = $this->db;
$name = trim($name);
if(!$name)
return false;
if (is_object($this->getWorkflowStateByName($name))) {
return false;
}
@ -2866,8 +2896,11 @@ class SeedDMS_Core_DMS {
$queryStr = "SELECT * FROM `tblWorkflowActions` WHERE `id` = " . (int) $id;
$resArr = $this->db->getResultArray($queryStr);
if (is_bool($resArr) && $resArr == false) return false;
if (count($resArr) != 1) return false;
if (is_bool($resArr) && $resArr == false)
return false;
if (count($resArr) != 1)
return null;
$resArr = $resArr[0];
@ -2885,13 +2918,17 @@ class SeedDMS_Core_DMS {
* @return SeedDMS_Core_Workflow_Action|bool instance of {@link SeedDMS_Core_Workflow_Action} or false
*/
function getWorkflowActionByName($name) { /* {{{ */
$name = trim($name);
if (!$name) return false;
$queryStr = "SELECT * FROM `tblWorkflowActions` WHERE `name` = " . $this->db->qstr($name);
$resArr = $this->db->getResultArray($queryStr);
if (is_bool($resArr) && $resArr == false) return false;
if (count($resArr) != 1) return false;
if (is_bool($resArr) && $resArr == false)
return false;
if (count($resArr) != 1)
return null;
$resArr = $resArr[0];
@ -2931,6 +2968,9 @@ class SeedDMS_Core_DMS {
*/
function addWorkflowAction($name) { /* {{{ */
$db = $this->db;
$name = trim($name);
if(!$name)
return false;
if (is_object($this->getWorkflowActionByName($name))) {
return false;
}