gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-05-12 20:51:30 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

- prevent XSS attacs

Browse Source
This commit is contained in:
steinm 2012-08-28 07:18:00 +00:00
parent 4bb7c9307f
commit 75c2adcfc6
24 changed files with 90 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
out/out.FolderNotify.php
View File

@ -28,7 +28,7 @@ include("../inc/inc.Authentication.php");
if (!isset($_GET["folderid"]) || !is_numeric($_GET["folderid"]) || intval($_GET["folderid"])<1) { if (!isset($_GET["folderid"]) || !is_numeric($_GET["folderid"]) || intval($_GET["folderid"])<1) {
UI::exitError(getMLText("folder_title", array("foldername" => getMLText("invalid_folder_id"))),getMLText("invalid_folder_id")); UI::exitError(getMLText("folder_title", array("foldername" => getMLText("invalid_folder_id"))),getMLText("invalid_folder_id"));
} }
$folderid = $_GET["folderid"]; $folderid = intval($_GET["folderid"]);
$folder = $dms->getFolder($folderid); $folder = $dms->getFolder($folderid);
if (!is_object($folder)) { if (!is_object($folder)) {

2
out/out.KeywordChooser.php
View File

@ -34,7 +34,7 @@ foreach($allusers as $u) {
$categories = $dms->getAllKeywordCategories($userids); $categories = $dms->getAllKeywordCategories($userids);
if($_GET['target']) { if($_GET['target']) {
$target = $_GET['target']; $target = sanitizeString($_GET['target']);
} else { } else {
$target = 'form1'; $target = 'form1';
} }

2
out/out.LogManagement.php
View File

@ -90,7 +90,7 @@ if ($logname && file_exists($settings->_contentDir.$logname)){
UI::contentHeading("&nbsp;"); UI::contentHeading("&nbsp;");
UI::contentContainerStart(); UI::contentContainerStart();
UI::contentSubHeading($logname); UI::contentSubHeading(sanitizeString($logname));
echo "<div class=\"logview\">"; echo "<div class=\"logview\">";
echo "<pre>\n"; echo "<pre>\n";

2
out/out.MoveDocument.php
View File

@ -28,7 +28,7 @@ if (!isset($_GET["documentid"]) || !is_numeric($_GET["documentid"]) || intval($_
UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id")); UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id"));
} }
$documentid = $_GET["documentid"]; $documentid = intval($_GET["documentid"]);
$document = $dms->getDocument($documentid); $document = $dms->getDocument($documentid);
if (!is_object($document)) { if (!is_object($document)) {

2
out/out.MoveFolder.php
View File

@ -29,7 +29,7 @@ if (!isset($_GET["folderid"]) || !is_numeric($_GET["folderid"]) || intval($_GET[
UI::exitError(getMLText("folder_title", array("foldername" => getMLText("invalid_folder_id"))),getMLText("invalid_folder_id")); UI::exitError(getMLText("folder_title", array("foldername" => getMLText("invalid_folder_id"))),getMLText("invalid_folder_id"));
} }
$folderid = $_GET["folderid"]; $folderid = intval($_GET["folderid"]);
$folder = $dms->getFolder($folderid); $folder = $dms->getFolder($folderid);
if (!is_object($folder)) { if (!is_object($folder)) {

2
out/out.OverrideContentStatus.php
View File

@ -29,7 +29,7 @@ if (!isset($_GET["documentid"]) || !is_numeric($_GET["documentid"]) || intval($_
UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id")); UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id"));
} }
$documentid = $_GET["documentid"]; $documentid = intval($_GET["documentid"]);
$document = $dms->getDocument($documentid); $document = $dms->getDocument($documentid);
if (!is_object($document)) { if (!is_object($document)) {

4
out/out.RemoveArchive.php
View File

@ -40,8 +40,8 @@ UI::contentContainerStart();
?> ?>
<form action="../op/op.RemoveArchive.php" name="form1" method="POST"> <form action="../op/op.RemoveArchive.php" name="form1" method="POST">
<input type="Hidden" name="arkname" value="<?php echo $arkname?>"> <input type="Hidden" name="arkname" value="<?php echo sanitizeString($arkname); ?>">
<p><?php printMLText("confirm_rm_backup", array ("arkname" => $arkname));?></p> <p><?php printMLText("confirm_rm_backup", array ("arkname" => sanitizeString($arkname)));?></p>
<input type="Submit" value="<?php printMLText("backup_remove");?>"> <input type="Submit" value="<?php printMLText("backup_remove");?>">
</form> </form>
<?php <?php

2
out/out.RemoveDocument.php
View File

@ -28,7 +28,7 @@ include("../inc/inc.Authentication.php");
if (!isset($_GET["documentid"]) || !is_numeric($_GET["documentid"]) || intval($_GET["documentid"])<1) { if (!isset($_GET["documentid"]) || !is_numeric($_GET["documentid"]) || intval($_GET["documentid"])<1) {
UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id")); UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id"));
} }
$documentid = $_GET["documentid"]; $documentid = intval($_GET["documentid"]);
$document = $dms->getDocument($documentid); $document = $dms->getDocument($documentid);
if (!is_object($document)) { if (!is_object($document)) {

2
out/out.RemoveDocumentFile.php
View File

@ -27,7 +27,7 @@ if (!isset($_GET["documentid"]) || !is_numeric($_GET["documentid"]) || intval($_
UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id")); UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id"));
} }
$documentid = $_GET["documentid"]; $documentid = intval($_GET["documentid"]);
$document = $dms->getDocument($documentid); $document = $dms->getDocument($documentid);
if (!is_object($document)) { if (!is_object($document)) {

4
out/out.RemoveDump.php
View File

@ -40,8 +40,8 @@ UI::contentContainerStart();
?> ?>
<form action="../op/op.RemoveDump.php" name="form1" method="POST"> <form action="../op/op.RemoveDump.php" name="form1" method="POST">
<input type="Hidden" name="dumpname" value="<?php echo $dumpname?>"> <input type="Hidden" name="dumpname" value="<?php echo sanitizeString($dumpname); ?>">
<p><?php printMLText("confirm_rm_dump", array ("dumpname" => $dumpname));?></p> <p><?php printMLText("confirm_rm_dump", array ("dumpname" => sanitizeString($dumpname)));?></p>
<input type="Submit" value="<?php printMLText("dump_remove");?>"> <input type="Submit" value="<?php printMLText("dump_remove");?>">
</form> </form>
<?php <?php

2
out/out.RemoveEvent.php
View File

@ -45,7 +45,7 @@ UI::contentContainerStart();
?> ?>
<form action="../op/op.RemoveEvent.php" name="form1" method="POST"> <form action="../op/op.RemoveEvent.php" name="form1" method="POST">
<input type="Hidden" name="eventid" value="<?php echo $_GET["id"]; ?>"> <input type="Hidden" name="eventid" value="<?php echo intval($_GET["id"]); ?>">
<p><?php printMLText("confirm_rm_event", array ("name" => htmlspecialchars($event["name"])));?></p> <p><?php printMLText("confirm_rm_event", array ("name" => htmlspecialchars($event["name"])));?></p>
<input type="Submit" value="<?php printMLText("delete");?>"> <input type="Submit" value="<?php printMLText("delete");?>">
</form> </form>

2
out/out.RemoveFolderFiles.php
View File

@ -30,7 +30,7 @@ if (!isset($_GET["targetidform3"]) || !is_numeric($_GET["targetidform3"]) || int
UI::exitError(getMLText("admin_tools"),getMLText("invalid_folder_id")); UI::exitError(getMLText("admin_tools"),getMLText("invalid_folder_id"));
} }
$folderid = $_GET["targetidform3"]; $folderid = intval($_GET["targetidform3"]);
$folder = $dms->getFolder($folderid); $folder = $dms->getFolder($folderid);
if (!is_object($folder)) { if (!is_object($folder)) {

2
out/out.RemoveGroup.php
View File

@ -31,7 +31,7 @@ if (!$user->isAdmin()) {
if (!isset($_GET["groupid"]) || !is_numeric($_GET["groupid"]) || intval($_GET["groupid"])<1) { if (!isset($_GET["groupid"]) || !is_numeric($_GET["groupid"]) || intval($_GET["groupid"])<1) {
UI::exitError(getMLText("rm_group"),getMLText("invalid_user_id")); UI::exitError(getMLText("rm_group"),getMLText("invalid_user_id"));
} }
$groupid = $_GET["groupid"]; $groupid = intval($_GET["groupid"]);
$currGroup = $dms->getGroup($groupid); $currGroup = $dms->getGroup($groupid);
if (!is_object($currGroup)) { if (!is_object($currGroup)) {

2
out/out.RemoveLog.php
View File

@ -30,7 +30,7 @@ if (!isset($_GET["logname"]) || !file_exists($settings->_contentDir.$_GET["logna
UI::exitError(getMLText("admin_tools"),getMLText("unknown_id")); UI::exitError(getMLText("admin_tools"),getMLText("unknown_id"));
} }
$logname = $_GET["logname"]; $logname = sanitizeString($_GET["logname"]);
UI::htmlStartPage(getMLText("backup_tools")); UI::htmlStartPage(getMLText("backup_tools"));
UI::globalNavigation(); UI::globalNavigation();

6
out/out.RemoveUser.php
View File

@ -2,7 +2,7 @@
// MyDMS. Document Management System // MyDMS. Document Management System
// Copyright (C) 2002-2005 Markus Westphal // Copyright (C) 2002-2005 Markus Westphal
// Copyright (C) 2006-2008 Malcolm Cowe // Copyright (C) 2006-2008 Malcolm Cowe
// Copyright (C) 2006-2008 Malcolm Cowe // Copyright (C) 2010-2012 Uwe Steinmann
// //
// This program is free software; you can redistribute it and/or modify // This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by // it under the terms of the GNU General Public License as published by
@ -32,7 +32,7 @@ if (!isset($_GET["userid"]) || !is_numeric($_GET["userid"]) || intval($_GET["use
UI::exitError(getMLText("rm_user"),getMLText("invalid_user_id")); UI::exitError(getMLText("rm_user"),getMLText("invalid_user_id"));
} }
$userid = $_GET["userid"]; $userid = intval($_GET["userid"]);
$currUser = $dms->getUser($userid); $currUser = $dms->getUser($userid);
if ($userid==$user->getID()) { if ($userid==$user->getID()) {
@ -67,7 +67,7 @@ UI::contentContainerStart();
continue; continue;
if (isset($_GET["userid"]) && $currUser->getID()==$_GET["userid"]) $selected=$count; if (isset($_GET["userid"]) && $currUser->getID()==$_GET["userid"]) $selected=$count;
print "<option value=\"".$currUser->getID()."\">" . htmlspecialchars($currUser->getLogin()); print "<option value=\"".$currUser->getID()."\">" . htmlspecialchars($currUser->getLogin()." - ".$currUser->getFullName());
} }
?> ?>
</select> </select>

2
out/out.RemoveVersion.php
View File

@ -29,7 +29,7 @@ if (!isset($_GET["documentid"]) || !is_numeric($_GET["documentid"]) || intval($_
UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id")); UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id"));
} }
$documentid = $_GET["documentid"]; $documentid = intval($_GET["documentid"]);
$document = $dms->getDocument($documentid); $document = $dms->getDocument($documentid);
if (!is_object($document)) { if (!is_object($document)) {

2
out/out.ReviewDocument.php
View File

@ -29,7 +29,7 @@ if (!isset($_GET["documentid"]) || !is_numeric($_GET["documentid"]) || intval($_
UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id")); UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id"));
} }
$documentid = $_GET["documentid"]; $documentid = intval($_GET["documentid"]);
$document = $dms->getDocument($documentid); $document = $dms->getDocument($documentid);
if (!is_object($document)) { if (!is_object($document)) {

2
out/out.SetExpires.php
View File

@ -28,7 +28,7 @@ include("../inc/inc.Authentication.php");
if (!isset($_GET["documentid"]) || !is_numeric($_GET["documentid"]) || intval($_GET["documentid"])<1) { if (!isset($_GET["documentid"]) || !is_numeric($_GET["documentid"]) || intval($_GET["documentid"])<1) {
UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id")); UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id"));
} }
$documentid = $_GET["documentid"]; $documentid = intval($_GET["documentid"]);
$document = $dms->getDocument($documentid); $document = $dms->getDocument($documentid);
if (!is_object($document)) { if (!is_object($document)) {

2
out/out.SetReviewersApprovers.php
View File

@ -28,7 +28,7 @@ include("../inc/inc.Authentication.php");
if (!isset($_GET["documentid"]) || !is_numeric($_GET["documentid"]) || intval($_GET["documentid"])<1) { if (!isset($_GET["documentid"]) || !is_numeric($_GET["documentid"]) || intval($_GET["documentid"])<1) {
UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id")); UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id"));
} }
$documentid = $_GET["documentid"]; $documentid = intval($_GET["documentid"]);
$document = $dms->getDocument($documentid); $document = $dms->getDocument($documentid);
if (!is_object($document)) { if (!is_object($document)) {

2
out/out.UpdateDocument.php
View File

@ -28,7 +28,7 @@ include("../inc/inc.Authentication.php");
if (!isset($_GET["documentid"]) || !is_numeric($_GET["documentid"]) || intval($_GET["documentid"])<1) { if (!isset($_GET["documentid"]) || !is_numeric($_GET["documentid"]) || intval($_GET["documentid"])<1) {
UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id")); UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id"));
} }
$documentid = $_GET["documentid"]; $documentid = intval($_GET["documentid"]);
$document = $dms->getDocument($documentid); $document = $dms->getDocument($documentid);
if (!is_object($document)) { if (!is_object($document)) {

2
out/out.UpdateDocument2.php
View File

@ -33,7 +33,7 @@ if(!$settings->_enableLargeFileUpload) {
UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("access_denied")); UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("access_denied"));
} }
$documentid = $_GET["documentid"]; $documentid = intval($_GET["documentid"]);
$document = $dms->getDocument($documentid); $document = $dms->getDocument($documentid);
if (!is_object($document)) { if (!is_object($document)) {

4
out/out.ViewDocument.php
View File

@ -40,7 +40,7 @@ if (!isset($_GET["documentid"]) || !is_numeric($_GET["documentid"]) || intval($_
UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id")); UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id"));
} }
$documentid = $_GET["documentid"]; $documentid = intval($_GET["documentid"]);
$document = $dms->getDocument($documentid); $document = $dms->getDocument($documentid);
if (!is_object($document)) { if (!is_object($document)) {
@ -90,7 +90,7 @@ if ($document->isLocked()) {
<td> <td>
<?php <?php
$owner = $document->getOwner(); $owner = $document->getOwner();
print "<a class=\"infos\" href=\"mailto:".$owner->getEmail()."\">".$owner->getFullName()."</a>"; print "<a class=\"infos\" href=\"mailto:".$owner->getEmail()."\">".htmlspecialchars($owner->getFullName())."</a>";
?> ?>
</td> </td>
</tr> </tr>

6
out/out.ViewEvent.php
View File

@ -27,7 +27,7 @@ if (!isset($_GET["id"])){
UI::exitError(getMLText("event_details"),getMLText("error_occured")); UI::exitError(getMLText("event_details"),getMLText("error_occured"));
} }
$event=getEvent($_GET["id"]); $event=getEvent(intval($_GET["id"]));
if (is_bool($event)&&!$event){ if (is_bool($event)&&!$event){
UI::exitError(getMLText("event_details"),getMLText("error_occured")); UI::exitError(getMLText("event_details"),getMLText("error_occured"));
@ -46,12 +46,12 @@ echo "<table>";
echo "<tr>"; echo "<tr>";
echo "<td>".getMLText("name").": </td>"; echo "<td>".getMLText("name").": </td>";
echo "<td>".$event["name"]."</td>"; echo "<td>".htmlspecialchars($event["name"])."</td>";
echo "</tr>"; echo "</tr>";
echo "<tr>"; echo "<tr>";
echo "<td>".getMLText("comment").": </td>"; echo "<td>".getMLText("comment").": </td>";
echo "<td>".$event["comment"]."</td>"; echo "<td>".htmlspecialchars($event["comment"])."</td>";
echo "</tr>"; echo "</tr>";
echo "<tr>"; echo "<tr>";

2
out/out.ViewFolder.php
View File

@ -29,7 +29,7 @@ if (!isset($_GET["folderid"]) || !is_numeric($_GET["folderid"]) || intval($_GET[
$folderid = $settings->_rootFolderID; $folderid = $settings->_rootFolderID;
} }
else { else {
$folderid = $_GET["folderid"]; $folderid = intval($_GET["folderid"]);
} }
$folder = $dms->getFolder($folderid); $folder = $dms->getFolder($folderid);