mirror of
https://git.code.sf.net/p/seeddms/code
synced 2025-02-06 07:04:57 +00:00
- fixed possible xss security holes
This commit is contained in:
steinm
parent
71d0efd1f1
commit
5e11a14c42
|
|
@ -105,6 +105,7 @@ $docAccess = $folder->getApproversList();
|
|||
</table><br>
|
||||
|
||||
<form action="../op/op.AddDocument.php" enctype="multipart/form-data" method="post" name="form1" onsubmit="return checkForm();">
|
||||
<?php echo createHiddenFieldWithKey('adddocument'); ?>
|
||||
<input type="hidden" name="folderid" value="<?php print $folderid; ?>">
|
||||
<input type="hidden" name="showtree" value="<?php echo showtree();?>">
|
||||
<table>
|
||||
|
|
|
|||
|
|
@ -40,10 +40,10 @@ $folder = $document->getFolder();
|
|||
$docPathHTML = getFolderPathHTML($folder, true). " / <a href=\"../out/out.ViewDocument.php?documentid=".$documentid."\">".htmlspecialchars($document->getName())."</a>";
|
||||
|
||||
if ($document->getAccessMode($user) < M_READWRITE) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
UI::htmlStartPage(getMLText("document_title", array("documentname" => $document->getName())));
|
||||
UI::htmlStartPage(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))));
|
||||
UI::globalNavigation($folder);
|
||||
UI::pageNavigation($docPathHTML, "view_document");
|
||||
|
||||
|
|
|
|||
|
|
@ -40,10 +40,10 @@ $folder = $document->getFolder();
|
|||
$docPathHTML = getFolderPathHTML($folder, true). " / <a href=\"../out/out.ViewDocument.php?documentid=".$documentid."\">".htmlspecialchars($document->getName())."</a>";
|
||||
|
||||
if ($document->getAccessMode($user) < M_READWRITE) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
UI::htmlStartPage(getMLText("document_title", array("documentname" => $document->getName())));
|
||||
UI::htmlStartPage(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))));
|
||||
UI::globalNavigation($folder);
|
||||
UI::pageNavigation($docPathHTML, "view_document");
|
||||
|
||||
|
|
|
|||
|
|
@ -41,10 +41,10 @@ if (!is_object($folder)) {
|
|||
$folderPathHTML = getFolderPathHTML($folder, true);
|
||||
|
||||
if ($folder->getAccessMode($user) < M_READWRITE) {
|
||||
UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("access_denied"));
|
||||
UI::exitError(getMLText("folder_title", array("foldername" => htmlspecialchars($folder->getName()))),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
UI::htmlStartPage(getMLText("folder_title", array("foldername" => $folder->getName())));
|
||||
UI::htmlStartPage(getMLText("folder_title", array("foldername" => htmlspecialchars($folder->getName()))));
|
||||
UI::globalNavigation($folder);
|
||||
UI::pageNavigation($folderPathHTML, "view_folder", $folder);
|
||||
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@
|
|||
// Copyright (C) 2002-2005 Markus Westphal
|
||||
// Copyright (C) 2006-2008 Malcolm Cowe
|
||||
// Copyright (C) 2010 Matteo Lucarelli
|
||||
// Copyright (C) 2010-2012 Uwe Steinmann
|
||||
//
|
||||
// This program is free software; you can redistribute it and/or modify
|
||||
// it under the terms of the GNU General Public License as published by
|
||||
|
|
@ -37,12 +38,11 @@ if (!is_object($folder)) {
|
|||
$folderPathHTML = getFolderPathHTML($folder, true);
|
||||
|
||||
if ($folder->getAccessMode($user) < M_READWRITE) {
|
||||
UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("access_denied"));
|
||||
UI::exitError(getMLText("folder_title", array("foldername" => htmlspecialchars($folder->getName()))),getMLText("access_denied"));
|
||||
}
|
||||
?>
|
||||
|
||||
<?php
|
||||
UI::htmlStartPage(getMLText("folder_title", array("foldername" => $folder->getName())));
|
||||
UI::htmlStartPage(getMLText("folder_title", array("foldername" => htmlspecialchars($folder->getName()))));
|
||||
UI::globalNavigation($folder);
|
||||
UI::pageNavigation($folderPathHTML, "view_folder", $folder);
|
||||
UI::contentHeading(getMLText("add_subfolder"));
|
||||
|
|
@ -71,6 +71,7 @@ function checkForm()
|
|||
</script>
|
||||
|
||||
<form action="../op/op.AddSubFolder.php" name="form1" onsubmit="return checkForm();" method="POST">
|
||||
<?php echo createHiddenFieldWithKey('addsubfolder'); ?>
|
||||
<input type="Hidden" name="folderid" value="<?php print $folderid;?>">
|
||||
<input type="Hidden" name="showtree" value="<?php echo showtree();?>">
|
||||
<table>
|
||||
|
|
|
|||
|
|
@ -40,31 +40,31 @@ $folder = $document->getFolder();
|
|||
$docPathHTML = getFolderPathHTML($folder, true). " / <a href=\"../out/out.ViewDocument.php?documentid=".$documentid."\">".htmlspecialchars($document->getName())."</a>";
|
||||
|
||||
if ($document->getAccessMode($user) < M_READ) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
if (!isset($_GET["version"]) || !is_numeric($_GET["version"]) || intval($_GET["version"])<1) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_version"));
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_version"));
|
||||
}
|
||||
$version = $_GET["version"];
|
||||
$content = $document->getContentByVersion($version);
|
||||
if (!is_object($content)) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_version"));
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_version"));
|
||||
}
|
||||
|
||||
// operation is admitted only for last deocument version
|
||||
$latestContent = $document->getLatestContent();
|
||||
if ($latestContent->getVersion()!=$version) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_version"));
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_version"));
|
||||
}
|
||||
// verify if document has expired
|
||||
if ($document->hasExpired()){
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
$approvals = $latestContent->getApprovalStatus();
|
||||
if(!$approvals) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("no_action"));
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("no_action"));
|
||||
}
|
||||
|
||||
foreach($approvals as $approval) {
|
||||
|
|
@ -74,7 +74,7 @@ foreach($approvals as $approval) {
|
|||
}
|
||||
}
|
||||
|
||||
UI::htmlStartPage(getMLText("document_title", array("documentname" => $document->getName())));
|
||||
UI::htmlStartPage(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))));
|
||||
UI::globalNavigation($folder);
|
||||
UI::pageNavigation($docPathHTML, "view_document");
|
||||
UI::contentHeading(getMLText("submit_approval"));
|
||||
|
|
|
|||
|
|
@ -49,10 +49,10 @@ $folder = $document->getFolder();
|
|||
$docPathHTML = getFolderPathHTML($folder, true). " / <a href=\"../out/out.ViewDocument.php?documentid=".$documentid."\">".htmlspecialchars($document->getName())."</a>";
|
||||
|
||||
if ($document->getAccessMode($user) < M_ALL) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
UI::htmlStartPage(getMLText("document_title", array("documentname" => $document->getName())));
|
||||
UI::htmlStartPage(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))));
|
||||
UI::globalNavigation($folder);
|
||||
UI::pageNavigation($docPathHTML, "view_document");
|
||||
|
||||
|
|
@ -223,9 +223,9 @@ if (count($accessList["users"]) != 0 || count($accessList["groups"]) != 0) {
|
|||
print "<input type=\"Hidden\" name=\"action\" value=\"delaccess\">\n";
|
||||
print "<input type=\"Hidden\" name=\"groupid\" value=\"".$groupObj->getID()."\">\n";
|
||||
print "<input type=\"Image\" class=\"mimeicon\" src=\"images/del.gif\">".getMLText("delete")." ";
|
||||
print "</form>";
|
||||
print "</span></td>\n";
|
||||
print "</tr>\n";
|
||||
print "</form>";
|
||||
}
|
||||
|
||||
print "</table><br>";
|
||||
|
|
@ -246,7 +246,7 @@ foreach ($allUsers as $userObj) {
|
|||
if ($userObj->isGuest() || in_array($userObj->getID(), $memusers)) {
|
||||
continue;
|
||||
}
|
||||
print "<option value=\"".$userObj->getID()."\">" . htmlspecialchars($currUser->getLogin() . " - " . $userObj->getFullName()) . "</option>\n";
|
||||
print "<option value=\"".$userObj->getID()."\">" . htmlspecialchars($userObj->getLogin() . " - " . $userObj->getFullName()) . "</option>\n";
|
||||
}
|
||||
?>
|
||||
</select>
|
||||
|
|
|
|||
|
|
@ -37,15 +37,15 @@ if (!is_object($document)) {
|
|||
}
|
||||
|
||||
$folder = $document->getFolder();
|
||||
$docPathHTML = getFolderPathHTML($folder, true). " / <a href=\"../out/out.ViewDocument.php?documentid=".$documentid."\">".$document->getName()."</a>";
|
||||
$docPathHTML = getFolderPathHTML($folder, true). " / <a href=\"../out/out.ViewDocument.php?documentid=".$documentid."\">".htmlspecialchars($document->getName())."</a>";
|
||||
|
||||
if ($document->getAccessMode($user) < M_READ) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
$notifyList = $document->getNotifyList();
|
||||
|
||||
UI::htmlStartPage(getMLText("document_title", array("documentname" => $document->getName())));
|
||||
UI::htmlStartPage(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))));
|
||||
UI::globalNavigation($folder);
|
||||
UI::pageNavigation($docPathHTML, "view_document");
|
||||
|
||||
|
|
|
|||
|
|
@ -37,21 +37,21 @@ if (!is_object($document)) {
|
|||
}
|
||||
|
||||
$folder = $document->getFolder();
|
||||
$docPathHTML = getFolderPathHTML($folder, true). " / <a href=\"../out/out.ViewDocument.php?documentid=".$documentid."\">".$document->getName()."</a>";
|
||||
$docPathHTML = getFolderPathHTML($folder, true). " / <a href=\"../out/out.ViewDocument.php?documentid=".$documentid."\">".htmlspecialchars($document->getName())."</a>";
|
||||
|
||||
if ($document->getAccessMode($user) < M_READ) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
if (!isset($_GET["version"]) || !is_numeric($_GET["version"]) || intval($_GET["version"])<1) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_version"));
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_version"));
|
||||
}
|
||||
|
||||
$version = $_GET["version"];
|
||||
$version = $document->getContentByVersion($version);
|
||||
|
||||
if (!is_object($version)) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_version"));
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_version"));
|
||||
}
|
||||
|
||||
// if version is last got out.ViewDocument
|
||||
|
|
@ -64,7 +64,7 @@ $status = $version->getStatus();
|
|||
$reviewStatus = $version->getReviewStatus();
|
||||
$approvalStatus = $version->getApprovalStatus();
|
||||
|
||||
UI::htmlStartPage(getMLText("document_title", array("documentname" => $document->getName())));
|
||||
UI::htmlStartPage(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))));
|
||||
UI::globalNavigation($folder);
|
||||
UI::pageNavigation($docPathHTML, "view_document");
|
||||
UI::contentHeading(getMLText("document_infos"));
|
||||
|
|
|
|||
|
|
@ -42,10 +42,10 @@ $versionid = $_GET["version"];
|
|||
$version = $document->getContentByVersion($versionid);
|
||||
|
||||
if (!is_object($version)) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_version"));
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_version"));
|
||||
}
|
||||
|
||||
UI::htmlStartPage(getMLText("document_title", array("documentname" => $document->getName())));
|
||||
UI::htmlStartPage(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))));
|
||||
UI::globalNavigation($folder);
|
||||
UI::pageNavigation($docPathHTML, "view_document");
|
||||
|
||||
|
|
@ -76,6 +76,7 @@ UI::contentHeading(getMLText("edit_comment"));
|
|||
UI::contentContainerStart();
|
||||
?>
|
||||
<form action="../op/op.EditComment.php" name="form1" onsubmit="return checkForm();" method="POST">
|
||||
<?php echo createHiddenFieldWithKey('editcomment'); ?>
|
||||
<input type="Hidden" name="documentid" value="<?php print $documentid;?>">
|
||||
<input type="Hidden" name="version" value="<?php print $versionid;?>">
|
||||
<table cellpadding="3">
|
||||
|
|
|
|||
|
|
@ -38,10 +38,10 @@ $folder = $document->getFolder();
|
|||
$docPathHTML = getFolderPathHTML($folder, true). " / <a href=\"../out/out.ViewDocument.php?documentid=".$documentid."\">".htmlspecialchars($document->getName())."</a>";
|
||||
|
||||
if ($document->getAccessMode($user) < M_READWRITE) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
UI::htmlStartPage(getMLText("document_title", array("documentname" => $document->getName())));
|
||||
UI::htmlStartPage(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))));
|
||||
UI::globalNavigation($folder);
|
||||
UI::pageNavigation($docPathHTML, "view_document");
|
||||
|
||||
|
|
|
|||
|
|
@ -38,10 +38,10 @@ if (!is_object($folder)) {
|
|||
$folderPathHTML = getFolderPathHTML($folder, true);
|
||||
|
||||
if ($folder->getAccessMode($user) < M_READWRITE) {
|
||||
UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("access_denied"));
|
||||
UI::exitError(getMLText("folder_title", array("foldername" => htmlspecialchars($folder->getName()))),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
UI::htmlStartPage(getMLText("folder_title", array("foldername" => $folder->getName())));
|
||||
UI::htmlStartPage(getMLText("folder_title", array("foldername" => htmlspecialchars($folder->getName()))));
|
||||
UI::globalNavigation($folder);
|
||||
UI::pageNavigation($folderPathHTML, "view_folder", $folder);
|
||||
|
||||
|
|
|
|||
|
|
@ -47,10 +47,10 @@ if (!is_object($folder)) {
|
|||
$folderPathHTML = getFolderPathHTML($folder, true);
|
||||
|
||||
if ($folder->getAccessMode($user) < M_ALL) {
|
||||
UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("access_denied"));
|
||||
UI::exitError(getMLText("folder_title", array("foldername" => htmlspecialchars($folder->getName()))),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
UI::htmlStartPage(getMLText("folder_title", array("foldername" => $folder->getName())));
|
||||
UI::htmlStartPage(getMLText("folder_title", array("foldername" => htmlspecialchars($folder->getName()))));
|
||||
UI::globalNavigation($folder);
|
||||
UI::pageNavigation($folderPathHTML, "view_folder", $folder);
|
||||
|
||||
|
|
@ -84,6 +84,7 @@ if ($user->isAdmin()) {
|
|||
UI::contentSubHeading(getMLText("set_owner"));
|
||||
?>
|
||||
<form action="../op/op.FolderAccess.php">
|
||||
<?php echo createHiddenFieldWithKey('folderaccess'); ?>
|
||||
<input type="Hidden" name="action" value="setowner">
|
||||
<input type="Hidden" name="folderid" value="<?php print $folderid;?>">
|
||||
<?php printMLText("owner");?> : <select name="ownerid">
|
||||
|
|
@ -95,7 +96,7 @@ if ($user->isAdmin()) {
|
|||
print "<option value=\"".$currUser->getID()."\"";
|
||||
if ($currUser->getID() == $owner->getID())
|
||||
print " selected";
|
||||
print ">" . htmlspecialchars($currUser->getFullname()) . "</option>\n";
|
||||
print ">" . htmlspecialchars($currUser->getLogin() . " - " . $currUser->getFullname()) . "</option>\n";
|
||||
}
|
||||
?>
|
||||
</select>
|
||||
|
|
@ -109,14 +110,37 @@ if ($folderid != $settings->_rootFolderID && $folder->getParent()){
|
|||
UI::contentSubHeading(getMLText("access_inheritance"));
|
||||
|
||||
if ($folder->inheritsAccess()) {
|
||||
printMLText("inherits_access_msg", array(
|
||||
"copyurl" => "../op/op.FolderAccess.php?folderid=".$folderid."&action=notinherit&mode=copy",
|
||||
"emptyurl" => "../op/op.FolderAccess.php?folderid=".$folderid."&action=notinherit&mode=empty"));
|
||||
printMLText("inherits_access_msg");
|
||||
?>
|
||||
<p>
|
||||
<form action="../op/op.FolderAccess.php" style="display: inline-block;">
|
||||
<?php echo createHiddenFieldWithKey('folderaccess'); ?>
|
||||
<input type="hidden" name="folderid" value="<?php print $folderid;?>">
|
||||
<input type="hidden" name="action" value="notinherit">
|
||||
<input type="hidden" name="mode" value="copy">
|
||||
<input type="submit" value="<?php printMLText("inherits_access_copy_msg")?>">
|
||||
</form>
|
||||
<form action="../op/op.FolderAccess.php" style="display: inline-block;">
|
||||
<?php echo createHiddenFieldWithKey('folderaccess'); ?>
|
||||
<input type="hidden" name="folderid" value="<?php print $folderid;?>">
|
||||
<input type="hidden" name="action" value="notinherit">
|
||||
<input type="hidden" name="mode" value="empty">
|
||||
<input type="submit" value="<?php printMLText("inherits_access_empty_msg")?>">
|
||||
</form>
|
||||
</p>
|
||||
<?php
|
||||
UI::contentContainerEnd();
|
||||
UI::htmlEndPage();
|
||||
exit();
|
||||
}
|
||||
printMLText("does_not_inherit_access_msg", array("inheriturl" => "../op/op.FolderAccess.php?folderid=".$folderid."&action=inherit"));
|
||||
?>
|
||||
<form action="../op/op.FolderAccess.php">
|
||||
<?php echo createHiddenFieldWithKey('folderaccess'); ?>
|
||||
<input type="hidden" name="folderid" value="<?php print $folderid;?>">
|
||||
<input type="hidden" name="action" value="inherit">
|
||||
<input type="submit" value="<?php printMLText("does_not_inherit_access_msg")?>">
|
||||
</form>
|
||||
<?php
|
||||
}
|
||||
|
||||
$accessList = $folder->getAccessList();
|
||||
|
|
@ -124,6 +148,7 @@ $accessList = $folder->getAccessList();
|
|||
UI::contentSubHeading(getMLText("default_access"));
|
||||
?>
|
||||
<form action="../op/op.FolderAccess.php">
|
||||
<?php echo createHiddenFieldWithKey('folderaccess'); ?>
|
||||
<input type="Hidden" name="folderid" value="<?php print $folderid;?>">
|
||||
<input type="Hidden" name="action" value="setdefault">
|
||||
<?php printAccessModeSelection($folder->getDefaultAccess()); ?>
|
||||
|
|
@ -140,47 +165,68 @@ if ((count($accessList["users"]) != 0) || (count($accessList["groups"]) != 0)) {
|
|||
|
||||
foreach ($accessList["users"] as $userAccess) {
|
||||
$userObj = $userAccess->getUser();
|
||||
print "<tr>\n";
|
||||
print "<td><img src=\"images/usericon.gif\" class=\"mimeicon\"></td>\n";
|
||||
print "<td>". htmlspecialchars($userObj->getFullName()) . "</td>\n";
|
||||
print "<form action=\"../op/op.FolderAccess.php\">\n";
|
||||
echo createHiddenFieldWithKey('folderaccess')."\n";
|
||||
print "<input type=\"Hidden\" name=\"folderid\" value=\"".$folderid."\">\n";
|
||||
print "<input type=\"Hidden\" name=\"action\" value=\"editaccess\">\n";
|
||||
print "<input type=\"Hidden\" name=\"userid\" value=\"".$userObj->getID()."\">\n";
|
||||
print "<tr>\n";
|
||||
print "<td><img src=\"images/usericon.gif\" class=\"mimeicon\"></td>\n";
|
||||
print "<td>". htmlspecialchars($userObj->getFullName()) . "</td>\n";
|
||||
print "<td>\n";
|
||||
printAccessModeSelection($userAccess->getMode());
|
||||
print "</td>\n";
|
||||
print "<td><span class=\"actions\">\n";
|
||||
print "<input type=\"Image\" class=\"mimeicon\" src=\"images/save.gif\">".getMLText("save")." ";
|
||||
print "<a href=\"../op/op.FolderAccess.php?folderid=".$folderid."&action=delaccess&userid=".$userObj->getID()."\"><img src=\"images/del.gif\" class=\"mimeicon\"></a>".getMLText("delete");
|
||||
print "</span></td></tr>\n";
|
||||
print "</span></td>\n";
|
||||
print "</form>\n";
|
||||
print "<td><span class=\"actions\">\n";
|
||||
print "<form action=\"../op/op.FolderAccess.php\">\n";
|
||||
echo createHiddenFieldWithKey('folderaccess')."\n";
|
||||
print "<input type=\"Hidden\" name=\"folderid\" value=\"".$folderid."\">\n";
|
||||
print "<input type=\"Hidden\" name=\"action\" value=\"delaccess\">\n";
|
||||
print "<input type=\"Hidden\" name=\"userid\" value=\"".$userObj->getID()."\">\n";
|
||||
print "<input type=\"Image\" class=\"mimeicon\" src=\"images/del.gif\">".getMLText("delete")." ";
|
||||
print "</form>\n";
|
||||
print "<span></td>\n";
|
||||
print "</tr>\n";
|
||||
}
|
||||
|
||||
foreach ($accessList["groups"] as $groupAccess) {
|
||||
$groupObj = $groupAccess->getGroup();
|
||||
$mode = $groupAccess->getMode();
|
||||
print "<tr>";
|
||||
print "<td><img src=\"images/groupicon.gif\" class=\"mimeicon\"></td>";
|
||||
print "<td>". htmlspecialchars($groupObj->getName()) . "</td>";
|
||||
print "<form action=\"../op/op.FolderAccess.php\">";
|
||||
echo createHiddenFieldWithKey('folderaccess')."\n";
|
||||
print "<input type=\"Hidden\" name=\"folderid\" value=\"".$folderid."\">";
|
||||
print "<input type=\"Hidden\" name=\"action\" value=\"editaccess\">";
|
||||
print "<input type=\"Hidden\" name=\"groupid\" value=\"".$groupObj->getID()."\">";
|
||||
print "<tr>";
|
||||
print "<td><img src=\"images/groupicon.gif\" class=\"mimeicon\"></td>";
|
||||
print "<td>". htmlspecialchars($groupObj->getName()) . "</td>";
|
||||
print "<td>";
|
||||
printAccessModeSelection($groupAccess->getMode());
|
||||
print "</td>\n";
|
||||
print "<td><span class=\"actions\">\n";
|
||||
print "<input type=\"Image\" class=\"mimeicon\" src=\"images/save.gif\">".getMLText("save")." ";
|
||||
print "<a href=\"../op/op.FolderAccess.php?folderid=".$folderid."&action=delaccess&groupid=".$groupObj->getID()."\"><img src=\"images/del.gif\" class=\"mimeicon\"></a>".getMLText("delete");
|
||||
print "</span></td></tr>\n";
|
||||
print "</span></td>\n";
|
||||
print "</form>";
|
||||
print "<td><span class=\"actions\">\n";
|
||||
print "<form action=\"../op/op.FolderAccess.php\">\n";
|
||||
echo createHiddenFieldWithKey('folderaccess')."\n";
|
||||
print "<input type=\"Hidden\" name=\"folderid\" value=\"".$folderid."\">\n";
|
||||
print "<input type=\"Hidden\" name=\"action\" value=\"delaccess\">\n";
|
||||
print "<input type=\"Hidden\" name=\"groupid\" value=\"".$groupObj->getID()."\">\n";
|
||||
print "<input type=\"Image\" class=\"mimeicon\" src=\"images/del.gif\">".getMLText("delete")." ";
|
||||
print "</form>";
|
||||
print "</span></td>\n";
|
||||
print "</tr>\n";
|
||||
}
|
||||
|
||||
print "</table><br>";
|
||||
}
|
||||
?>
|
||||
<form action="../op/op.FolderAccess.php" name="form1" onsubmit="return checkForm();">
|
||||
<?php echo createHiddenFieldWithKey('folderaccess'); ?>
|
||||
<input type="Hidden" name="folderid" value="<?php print $folderid?>">
|
||||
<input type="Hidden" name="action" value="addaccess">
|
||||
<table>
|
||||
|
|
@ -194,7 +240,7 @@ foreach ($allUsers as $userObj) {
|
|||
if ($userObj->isGuest()) {
|
||||
continue;
|
||||
}
|
||||
print "<option value=\"".$userObj->getID()."\">" . htmlspecialchars($userObj->getFullName()) . "\n";
|
||||
print "<option value=\"".$userObj->getID()."\">" . htmlspecialchars($userObj->getLogin() . " - " . $userObj->getFullName()) . "</option>\n";
|
||||
}
|
||||
?>
|
||||
</select>
|
||||
|
|
|
|||
|
|
@ -39,10 +39,10 @@ $folder = $document->getFolder();
|
|||
$docPathHTML = getFolderPathHTML($folder, true). " / <a href=\"../out/out.ViewDocument.php?documentid=".$documentid."\">".htmlspecialchars($document->getName())."</a>";
|
||||
|
||||
if ($document->getAccessMode($user) < M_READWRITE) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
UI::htmlStartPage(getMLText("document_title", array("documentname" => $document->getName())));
|
||||
UI::htmlStartPage(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))));
|
||||
UI::globalNavigation($folder);
|
||||
UI::pageNavigation($docPathHTML, "view_document");
|
||||
UI::contentHeading(getMLText("move_document"));
|
||||
|
|
|
|||
|
|
@ -39,14 +39,14 @@ if (!is_object($folder)) {
|
|||
$folderPathHTML = getFolderPathHTML($folder, true);
|
||||
|
||||
if ($folderid == $settings->_rootFolderID || !$folder->getParent()) {
|
||||
UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("cannot_move_root"));
|
||||
UI::exitError(getMLText("folder_title", array("foldername" => htmlspecialchars($folder->getName()))),getMLText("cannot_move_root"));
|
||||
}
|
||||
|
||||
if ($folder->getAccessMode($user) < M_READWRITE) {
|
||||
UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("access_denied"));
|
||||
UI::exitError(getMLText("folder_title", array("foldername" => htmlspecialchars($folder->getName()))),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
UI::htmlStartPage(getMLText("folder_title", array("foldername" => $folder->getName())));
|
||||
UI::htmlStartPage(getMLText("folder_title", array("foldername" => htmlspecialchars($folder->getName()))));
|
||||
UI::globalNavigation($folder);
|
||||
UI::pageNavigation($folderPathHTML, "view_folder", $folder);
|
||||
UI::contentHeading(getMLText("move_folder"));
|
||||
|
|
|
|||
|
|
@ -40,31 +40,31 @@ $folder = $document->getFolder();
|
|||
$docPathHTML = getFolderPathHTML($folder, true). " / <a href=\"../out/out.ViewDocument.php?documentid=".$documentid."\">".htmlspecialchars($document->getName())."</a>";
|
||||
|
||||
if ($document->getAccessMode($user) < M_ALL) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
if (!isset($_GET["version"]) || !is_numeric($_GET["version"]) || intval($_GET["version"])<1) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_version"));
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_version"));
|
||||
}
|
||||
|
||||
$version = $_GET["version"];
|
||||
$content = $document->getContentByVersion($version);
|
||||
|
||||
if (!is_object($content)) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_version"));
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_version"));
|
||||
}
|
||||
|
||||
$overallStatus = $content->getStatus();
|
||||
|
||||
// status change control
|
||||
if ($overallStatus["status"] == S_REJECTED || $overallStatus["status"] == S_EXPIRED || $overallStatus["status"] == S_DRAFT_REV || $overallStatus["status"] == S_DRAFT_APP ) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("cannot_change_final_states"));
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("cannot_change_final_states"));
|
||||
}
|
||||
|
||||
$reviewStatus = $content->getReviewStatus();
|
||||
$approvalStatus = $content->getApprovalStatus();
|
||||
|
||||
UI::htmlStartPage(getMLText("document_title", array("documentname" => $document->getName())));
|
||||
UI::htmlStartPage(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))));
|
||||
UI::globalNavigation($folder);
|
||||
UI::pageNavigation($docPathHTML, "view_document");
|
||||
|
||||
|
|
|
|||
|
|
@ -39,10 +39,10 @@ $folder = $document->getFolder();
|
|||
$docPathHTML = getFolderPathHTML($folder, true). " / <a href=\"../out/out.ViewDocument.php?documentid=".$documentid."\">".htmlspecialchars($document->getName())."</a>";
|
||||
|
||||
if ($document->getAccessMode($user) < M_ALL) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
UI::htmlStartPage(getMLText("document_title", array("documentname" => $document->getName())));
|
||||
UI::htmlStartPage(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))));
|
||||
UI::globalNavigation($folder);
|
||||
UI::pageNavigation($docPathHTML, "view_document");
|
||||
UI::contentHeading(getMLText("rm_document"));
|
||||
|
|
|
|||
|
|
@ -38,22 +38,22 @@ $folder = $document->getFolder();
|
|||
$docPathHTML = getFolderPathHTML($folder, true). " / <a href=\"../out/out.ViewDocument.php?documentid=".$documentid."\">".htmlspecialchars($document->getName())."</a>";
|
||||
|
||||
if (!isset($_GET["fileid"]) || !is_numeric($_GET["fileid"]) || intval($_GET["fileid"])<1) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_file_id"));
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_file_id"));
|
||||
}
|
||||
|
||||
$fileid = $_GET["fileid"];
|
||||
$file = $document->getDocumentFile($fileid);
|
||||
|
||||
if (!is_object($file)) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_file_id"));
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_file_id"));
|
||||
}
|
||||
|
||||
if (($document->getAccessMode($user) < M_ALL)&&($user->getID()!=$file->getUserID())) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
|
||||
UI::htmlStartPage(getMLText("document_title", array("documentname" => $document->getName())));
|
||||
UI::htmlStartPage(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))));
|
||||
UI::globalNavigation($folder);
|
||||
UI::pageNavigation($docPathHTML, "view_document");
|
||||
UI::contentHeading(getMLText("rm_file"));
|
||||
|
|
@ -64,7 +64,7 @@ UI::contentContainerStart();
|
|||
<?php echo createHiddenFieldWithKey('removedocumentfile'); ?>
|
||||
<input type="Hidden" name="documentid" value="<?php echo $documentid?>">
|
||||
<input type="Hidden" name="fileid" value="<?php echo $fileid?>">
|
||||
<p><?php printMLText("confirm_rm_file", array ("documentname" => $document->getName(), "name" => htmlspecialchars($file->getName())));?></p>
|
||||
<p><?php printMLText("confirm_rm_file", array ("documentname" => htmlspecialchars($document->getName()), "name" => htmlspecialchars($file->getName())));?></p>
|
||||
<input type="Submit" value="<?php printMLText("rm_file");?>">
|
||||
</form>
|
||||
<?php
|
||||
|
|
|
|||
|
|
@ -38,14 +38,14 @@ if (!is_object($folder)) {
|
|||
$folderPathHTML = getFolderPathHTML($folder, true);
|
||||
|
||||
if ($folderid == $settings->_rootFolderID || !$folder->getParent()) {
|
||||
UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("cannot_rm_root"));
|
||||
UI::exitError(getMLText("folder_title", array("foldername" => htmlspecialchars($folder->getName()))),getMLText("cannot_rm_root"));
|
||||
}
|
||||
|
||||
if ($folder->getAccessMode($user) < M_ALL) {
|
||||
UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("access_denied"));
|
||||
UI::exitError(getMLText("folder_title", array("foldername" => htmlspecialchars($folder->getName()))),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
UI::htmlStartPage(getMLText("folder_title", array("foldername" => $folder->getName())));
|
||||
UI::htmlStartPage(getMLText("folder_title", array("foldername" => htmlspecialchars($folder->getName()))));
|
||||
UI::globalNavigation($folder);
|
||||
UI::pageNavigation($folderPathHTML, "view_folder", $folder);
|
||||
UI::contentHeading(getMLText("rm_folder"));
|
||||
|
|
|
|||
|
|
@ -40,21 +40,21 @@ $folder = $document->getFolder();
|
|||
$docPathHTML = getFolderPathHTML($folder, true). " / <a href=\"../out/out.ViewDocument.php?documentid=".$documentid."\">".htmlspecialchars($document->getName())."</a>";
|
||||
|
||||
if ($document->getAccessMode($user) < M_ALL) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
if (!isset($_GET["version"]) || !is_numeric($_GET["version"]) || intval($_GET["version"])<1) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_version"));
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_version"));
|
||||
}
|
||||
|
||||
$version = $_GET["version"];
|
||||
$version = $document->getContentByVersion($version);
|
||||
|
||||
if (!is_object($version)) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_version"));
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_version"));
|
||||
}
|
||||
|
||||
UI::htmlStartPage(getMLText("document_title", array("documentname" => $document->getName())));
|
||||
UI::htmlStartPage(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))));
|
||||
UI::globalNavigation($folder);
|
||||
UI::pageNavigation($docPathHTML, "view_document");
|
||||
UI::contentHeading(getMLText("rm_version"));
|
||||
|
|
@ -62,6 +62,7 @@ UI::contentContainerStart();
|
|||
|
||||
?>
|
||||
<form action="../op/op.RemoveVersion.php" name="form1" method="POST">
|
||||
<?php echo createHiddenFieldWithKey('removeversion'); ?>
|
||||
<input type="Hidden" name="documentid" value="<?php echo $documentid?>">
|
||||
<input type="Hidden" name="version" value="<?php echo $version->getVersion()?>">
|
||||
<p><?php printMLText("confirm_rm_version", array ("documentname" => htmlspecialchars($document->getName()), "version" => $version->getVersion()));?></p>
|
||||
|
|
|
|||
|
|
@ -40,31 +40,31 @@ $folder = $document->getFolder();
|
|||
$docPathHTML = getFolderPathHTML($folder, true). " / <a href=\"../out/out.ViewDocument.php?documentid=".$documentid."\">".htmlspecialchars($document->getName())."</a>";
|
||||
|
||||
if ($document->getAccessMode($user) < M_READ) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
if (!isset($_GET["version"]) || !is_numeric($_GET["version"]) || intval($_GET["version"])<1) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_version"));
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_version"));
|
||||
}
|
||||
$version = $_GET["version"];
|
||||
$content = $document->getContentByVersion($version);
|
||||
if (!is_object($content)) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_version"));
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_version"));
|
||||
}
|
||||
|
||||
// operation is admitted only for last deocument version
|
||||
$latestContent = $document->getLatestContent();
|
||||
if ($latestContent->getVersion()!=$version) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_version"));
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_version"));
|
||||
}
|
||||
// verify if document has expired
|
||||
if ($document->hasExpired()){
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
$reviews = $latestContent->getReviewStatus();
|
||||
if(!$reviews) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("no_action"));
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("no_action"));
|
||||
}
|
||||
|
||||
foreach($reviews as $review) {
|
||||
|
|
@ -74,7 +74,7 @@ foreach($reviews as $review) {
|
|||
}
|
||||
}
|
||||
|
||||
UI::htmlStartPage(getMLText("document_title", array("documentname" => $document->getName())));
|
||||
UI::htmlStartPage(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))));
|
||||
UI::globalNavigation($folder);
|
||||
UI::pageNavigation($docPathHTML, "view_document");
|
||||
UI::contentHeading(getMLText("submit_review"));
|
||||
|
|
|
|||
|
|
@ -39,10 +39,10 @@ $folder = $document->getFolder();
|
|||
$docPathHTML = getFolderPathHTML($folder, true). " / <a href=\"../out/out.ViewDocument.php?documentid=".$documentid."\">".htmlspecialchars($document->getName())."</a>";
|
||||
|
||||
if ($document->getAccessMode($user) < M_READWRITE) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
UI::htmlStartPage(getMLText("document_title", array("documentname" => $document->getName())));
|
||||
UI::htmlStartPage(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))));
|
||||
UI::globalNavigation($folder);
|
||||
UI::pageNavigation($docPathHTML, "view_document");
|
||||
UI::contentHeading(getMLText("set_expiry"));
|
||||
|
|
|
|||
|
|
@ -39,11 +39,11 @@ $folder = $document->getFolder();
|
|||
$docPathHTML = getFolderPathHTML($folder, true). " / <a href=\"../out/out.ViewDocument.php?documentid=".$documentid."\">".htmlspecialchars($document->getName())."</a>";
|
||||
|
||||
if ($document->getAccessMode($user) < M_ALL) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
if (!isset($_GET["version"]) || !is_numeric($_GET["version"]) || intval($_GET["version"]<1)) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_version"));
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_version"));
|
||||
}
|
||||
|
||||
$version = $_GET["version"];
|
||||
|
|
@ -51,15 +51,15 @@ $content = $document->getContentByVersion($version);
|
|||
$overallStatus = $content->getStatus();
|
||||
|
||||
if (!is_object($content)) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_version"));
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_version"));
|
||||
}
|
||||
|
||||
// control for document state
|
||||
if ($overallStatus["status"]==S_REJECTED || $overallStatus["status"]==S_OBSOLETE ) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("cannot_assign_invalid_state"));
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("cannot_assign_invalid_state"));
|
||||
}
|
||||
|
||||
UI::htmlStartPage(getMLText("document_title", array("documentname" => $document->getName())));
|
||||
UI::htmlStartPage(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))));
|
||||
UI::globalNavigation($folder);
|
||||
UI::pageNavigation($docPathHTML, "view_document");
|
||||
UI::contentHeading(getMLText("change_assignments"));
|
||||
|
|
|
|||
|
|
@ -39,10 +39,10 @@ $folder = $document->getFolder();
|
|||
$docPathHTML = getFolderPathHTML($folder, true). " / <a href=\"../out/out.ViewDocument.php?documentid=".$documentid."\">".htmlspecialchars($document->getName())."</a>";
|
||||
|
||||
if ($document->getAccessMode($user) < M_READWRITE) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
UI::htmlStartPage(getMLText("document_title", array("documentname" => $document->getName())));
|
||||
UI::htmlStartPage(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))));
|
||||
UI::globalNavigation($folder);
|
||||
UI::pageNavigation($docPathHTML, "view_document");
|
||||
|
||||
|
|
@ -158,8 +158,8 @@ $docAccess = $document->getApproversList();
|
|||
$mandatory=false;
|
||||
foreach ($res as $r) if ($r['reviewerUserID']==$usr->getID()) $mandatory=true;
|
||||
|
||||
if ($mandatory) print "<li class=\"cbSelectItem\"><input type='checkbox' checked='checked' disabled='disabled'>". htmlspecialchars($usr->getFullName());
|
||||
else print "<li class=\"cbSelectItem\"><input id='revInd".$usr->getID()."' type='checkbox' name='indReviewers[]' value='". $usr->getID() ."'>". htmlspecialchars($usr->getFullName());
|
||||
if ($mandatory) print "<li class=\"cbSelectItem\"><input type='checkbox' checked='checked' disabled='disabled'>". htmlspecialchars($usr->getFullName())."</li>";
|
||||
else print "<li class=\"cbSelectItem\"><input id='revInd".$usr->getID()."' type='checkbox' name='indReviewers[]' value='". $usr->getID() ."'>". htmlspecialchars($usr->getFullName())."</li>";
|
||||
}
|
||||
?>
|
||||
</ul>
|
||||
|
|
@ -173,8 +173,8 @@ $docAccess = $document->getApproversList();
|
|||
$mandatory=false;
|
||||
foreach ($res as $r) if ($r['reviewerGroupID']==$grp->getID()) $mandatory=true;
|
||||
|
||||
if ($mandatory) print "<li class=\"cbSelectItem\"><input type='checkbox' checked='checked' disabled='disabled'>".htmlspecialchars($grp->getName());
|
||||
else print "<li class=\"cbSelectItem\"><input id='revGrp".$grp->getID()."' type='checkbox' name='grpReviewers[]' value='". $grp->getID() ."'>".htmlspecialchars($grp->getName());
|
||||
if ($mandatory) print "<li class=\"cbSelectItem\"><input type='checkbox' checked='checked' disabled='disabled'>".htmlspecialchars($grp->getName())."</li>";
|
||||
else print "<li class=\"cbSelectItem\"><input id='revGrp".$grp->getID()."' type='checkbox' name='grpReviewers[]' value='". $grp->getID() ."'>".htmlspecialchars($grp->getName())."</li>";
|
||||
}
|
||||
?>
|
||||
</ul>
|
||||
|
|
@ -195,8 +195,8 @@ $docAccess = $document->getApproversList();
|
|||
$mandatory=false;
|
||||
foreach ($res as $r) if ($r['approverUserID']==$usr->getID()) $mandatory=true;
|
||||
|
||||
if ($mandatory) print "<li class=\"cbSelectItem\"><input type='checkbox' checked='checked' disabled='disabled'>". htmlspecialchars($usr->getFullName());
|
||||
else print "<li class=\"cbSelectItem\"><input id='appInd".$usr->getID()."' type='checkbox' name='indApprovers[]' value='". $usr->getID() ."'>". htmlspecialchars($usr->getFullName());
|
||||
if ($mandatory) print "<li class=\"cbSelectItem\"><input type='checkbox' checked='checked' disabled='disabled'>". htmlspecialchars($usr->getFullName())."</li>";
|
||||
else print "<li class=\"cbSelectItem\"><input id='appInd".$usr->getID()."' type='checkbox' name='indApprovers[]' value='". $usr->getID() ."'>". htmlspecialchars($usr->getFullName())."</li>";
|
||||
}
|
||||
?>
|
||||
</ul>
|
||||
|
|
|
|||
|
|
@ -44,14 +44,14 @@ $folder = $document->getFolder();
|
|||
$docPathHTML = getFolderPathHTML($folder, true). " / <a href=\"../out/out.ViewDocument.php?documentid=".$documentid."\">".htmlspecialchars($document->getName())."</a>";
|
||||
|
||||
if ($document->getAccessMode($user) < M_READWRITE) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
UI::htmlStartPage(getMLText("document_title", array("documentname" => $document->getName())));
|
||||
UI::htmlStartPage(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))));
|
||||
UI::globalNavigation($folder);
|
||||
UI::pageNavigation($docPathHTML, "view_document");
|
||||
|
||||
UI::contentHeading(getMLText("update_document") . ": " . $document->getName());
|
||||
UI::contentHeading(getMLText("update_document") . ": " . htmlspecialchars($document->getName()));
|
||||
UI::contentContainerStart();
|
||||
|
||||
if ($document->isLocked()) {
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
// Copyright (C) 2002-2005 Markus Westphal
|
||||
// Copyright (C) 2006-2008 Malcolm Cowe
|
||||
// Copyright (C) 2010 Matteo Lucarelli
|
||||
// Copyright (C) 2011 Uwe Steinmann
|
||||
// Copyright (C) 2010-2012 Uwe Steinmann
|
||||
//
|
||||
// This program is free software; you can redistribute it and/or modify
|
||||
// it under the terms of the GNU General Public License as published by
|
||||
|
|
@ -51,7 +51,7 @@ $folder = $document->getFolder();
|
|||
$docPathHTML = getFolderPathHTML($folder, true). " / ".htmlspecialchars($document->getName());
|
||||
|
||||
if ($document->getAccessMode($user) < M_READ) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
if ($document->verifyLastestContentExpriry()){
|
||||
|
|
@ -67,7 +67,7 @@ $approvalStatus = $latestContent->getApprovalStatus();
|
|||
// verify if file exists
|
||||
$file_exists=file_exists($dms->contentDir . $latestContent->getPath());
|
||||
|
||||
UI::htmlStartPage(getMLText("document_title", array("documentname" => $document->getName())));
|
||||
UI::htmlStartPage(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))));
|
||||
UI::globalNavigation($folder);
|
||||
UI::pageNavigation($docPathHTML, "view_document");
|
||||
UI::contentHeading(getMLText("document_infos"));
|
||||
|
|
|
|||
|
|
@ -46,10 +46,10 @@ if (isset($_GET["orderby"]) && strlen($_GET["orderby"])==1 ) {
|
|||
$folderPathHTML = getFolderPathHTML($folder);
|
||||
|
||||
if ($folder->getAccessMode($user) < M_READ) {
|
||||
UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("access_denied"));
|
||||
UI::exitError(getMLText("folder_title", array("foldername" => htmlspecialchars($folder->getName()))),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
UI::htmlStartPage(getMLText("folder_title", array("foldername" => $folder->getName())));
|
||||
UI::htmlStartPage(getMLText("folder_title", array("foldername" => htmlspecialchars($folder->getName()))));
|
||||
|
||||
UI::globalNavigation($folder);
|
||||
UI::pageNavigation($folderPathHTML, "view_folder", $folder);
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user