gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-03-12 00:45:34 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

much better checking of passed parameters in addDocumentLink()

Browse Source
This commit is contained in:
Uwe Steinmann 2021-09-24 10:12:05 +02:00
parent 77de9bfaae
commit 7a606ca1fb
1 changed files with 23 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
SeedDMS_Core/Core/inc.ClassDocument.php
View File

@ -2219,20 +2219,39 @@ class SeedDMS_Core_Document extends SeedDMS_Core_Object { /* {{{ */
function addDocumentLink($targetID, $userID, $public) { /* {{{ */
$db = $this->_dms->getDB();
$public = ($public) ? "1" : "0";
$public = ($public) ? 1 : 0;
$queryStr = "INSERT INTO `tblDocumentLinks` (`document`, `target`, `userID`, `public`) VALUES (".$this->_id.", ".(int)$targetID.", ".(int)$userID.", ".(int)$public.")";
if (!is_numeric($targetID) || $targetID < 1)
return false;
if ($targetID == $this->_id)
return false;
if (!is_numeric($userID) || $userID < 1)
return false;
if(!($target = $this->_dms->getDocument($targetID)))
return false;
if(!($user = $this->_dms->getUser($userID)))
return false;
$queryStr = "INSERT INTO `tblDocumentLinks` (`document`, `target`, `userID`, `public`) VALUES (".$this->_id.", ".(int)$targetID.", ".(int)$userID.", ".$public.")";
if (!$db->getResult($queryStr))
return false;
unset($this->_documentLinks);
return true;
$id = $db->getInsertID('tblDocumentLinks');
$link = new SeedDMS_Core_DocumentLink($id, $this, $target, $user->getId(), $public);
return $link;
} /* }}} */
function removeDocumentLink($linkID) { /* {{{ */
$db = $this->_dms->getDB();
if (!is_numeric($linkID)) return false;
if (!is_numeric($linkID) || $linkID < 1)
return false;
$queryStr = "DELETE FROM `tblDocumentLinks` WHERE `document` = " . $this->_id ." AND `id` = " . (int) $linkID;
if (!$db->getResult($queryStr)) return false;