gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-03-11 00:15:34 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

- get rid of function sanitizeString()

Browse Source
This commit is contained in:
steinm 2011-12-01 14:11:07 +00:00
parent c89d082e75
commit 9fdcd9ab1f
3 changed files with 231 additions and 231 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
out/out.CategoryChooser.php
View File

@ -23,8 +23,8 @@ include("../inc/inc.DBInit.php");
include("../inc/inc.Language.php"); include("../inc/inc.Language.php");
include("../inc/inc.Authentication.php"); include("../inc/inc.Authentication.php");
$form = sanitizeString($_GET["form"]); $form = preg_replace('/[^A-Za-z0-9_]+/', '', $_GET["form"]);
$selcats = sanitizeString($_GET["cats"]); $selcats = preg_replace('/[^0-9,]+/', '', $_GET["cats"]);
UI::htmlStartPage(getMLText("choose_target_category")); UI::htmlStartPage(getMLText("choose_target_category"));
UI::globalBanner(); UI::globalBanner();

300
out/out.DocumentChooser.php
View File

@ -1,151 +1,151 @@
<?php <?php
// MyDMS. Document Management System // MyDMS. Document Management System
// Copyright (C) 2002-2005 Markus Westphal // Copyright (C) 2002-2005 Markus Westphal
// Copyright (C) 2006-2008 Malcolm Cowe // Copyright (C) 2006-2008 Malcolm Cowe
// Copyright (C) 2006-2008 Malcolm Cowe // Copyright (C) 2006-2008 Malcolm Cowe
// //
// This program is free software; you can redistribute it and/or modify // This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by // it under the terms of the GNU General Public License as published by
// the Free Software Foundation; either version 2 of the License, or // the Free Software Foundation; either version 2 of the License, or
// (at your option) any later version. // (at your option) any later version.
// //
// This program is distributed in the hope that it will be useful, // This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of // but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details. // GNU General Public License for more details.
// //
// You should have received a copy of the GNU General Public License // You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software // along with this program; if not, write to the Free Software
// Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. // Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
include("../inc/inc.Settings.php");
include("../inc/inc.ClassUI.php");
include("../inc/inc.DBInit.php");
include("../inc/inc.Language.php");
include("../inc/inc.Authentication.php");
$folderid = intval($_GET["folderid"]);
$form = sanitizeString($_GET["form"]);
function getImgPath($img) { include("../inc/inc.Settings.php");
global $theme; include("../inc/inc.ClassUI.php");
include("../inc/inc.DBInit.php");
if ( is_file("../themes/$theme/images/$img") ) include("../inc/inc.Language.php");
{ include("../inc/inc.Authentication.php");
return "../themes/$theme/images/$img";
} $folderid = intval($_GET["folderid"]);
return "../out/images/$img"; $form = preg_replace('/[^A-Za-z0-9_]+/', '', $_GET["form"]);
}
function getImgPath($img) {
function printTree($path, $level = 0) global $theme;
{
GLOBAL $user, $form; if ( is_file("../themes/$theme/images/$img") )
{
$folder = $path[$level]; return "../themes/$theme/images/$img";
$subFolders = LetoDMS_Core_DMS::filterAccess($folder->getSubFolders(), $user, M_READ); }
$documents = LetoDMS_Core_DMS::filterAccess($folder->getDocuments(), $user, M_READ); return "../out/images/$img";
}
if ($level+1 < count($path))
$nextFolderID = $path[$level+1]->getID(); function printTree($path, $level = 0)
else {
$nextFolderID = -1; GLOBAL $user, $form;
if ($level == 0) { $folder = $path[$level];
print "<ul style='list-style-type: none;'>\n"; $subFolders = LetoDMS_Core_DMS::filterAccess($folder->getSubFolders(), $user, M_READ);
} $documents = LetoDMS_Core_DMS::filterAccess($folder->getDocuments(), $user, M_READ);
print " <li>\n";
print "<img class='treeicon' src=\""; if ($level+1 < count($path))
if ($level == 0) UI::printImgPath("minus.png"); $nextFolderID = $path[$level+1]->getID();
else if (count($subFolders) + count($documents) > 0) UI::printImgPath("minus.png"); else
else UI::printImgPath("blank.png"); $nextFolderID = -1;
print "\" border=0>\n";
if ($folder->getAccessMode($user) >= M_READ) { if ($level == 0) {
print "<a class=\"foldertree_selectable\" href=\"javascript:folderSelected(" . $folder->getID() . ", '" . sanitizeString($folder->getName()) . "')\">"; print "<ul style='list-style-type: none;'>\n";
print "<img src=\"".UI::getImgPath("folder_opened.gif")."\" border=0>".$folder->getName()."</a>\n"; }
} print " <li>\n";
else print "<img class='treeicon' src=\"";
print "<img src=\"".UI::getImgPath("folder_opened.gif")."\" width=18 height=18 border=0>".$folder->getName()."\n"; if ($level == 0) UI::printImgPath("minus.png");
print " </li>\n"; else if (count($subFolders) + count($documents) > 0) UI::printImgPath("minus.png");
else UI::printImgPath("blank.png");
print "<ul style='list-style-type: none;'>"; print "\" border=0>\n";
if ($folder->getAccessMode($user) >= M_READ) {
for ($i = 0; $i < count($subFolders); $i++) { print "<a class=\"foldertree_selectable\" href=\"javascript:folderSelected(" . $folder->getID() . ", '" . sanitizeString($folder->getName()) . "')\">";
if ($subFolders[$i]->getID() == $nextFolderID) print "<img src=\"".UI::getImgPath("folder_opened.gif")."\" border=0>".$folder->getName()."</a>\n";
printTree($path, $level+1); }
else { else
print "<li>\n"; print "<img src=\"".UI::getImgPath("folder_opened.gif")."\" width=18 height=18 border=0>".$folder->getName()."\n";
$subFolders_ = LetoDMS_Core_DMS::filterAccess($subFolders[$i]->getSubFolders(), $user, M_READ); print " </li>\n";
$documents_ = LetoDMS_Core_DMS::filterAccess($subFolders[$i]->getDocuments(), $user, M_READ);
print "<ul style='list-style-type: none;'>";
if (count($subFolders_) + count($documents_) > 0)
print "<a href=\"out.DocumentChooser.php?form=$form&folderid=".$subFolders[$i]->getID()."\"><img class='treeicon' src=\"".getImgPath("plus.png")."\" border=0></a>"; for ($i = 0; $i < count($subFolders); $i++) {
else if ($subFolders[$i]->getID() == $nextFolderID)
print "<img class='treeicon' src=\"".getImgPath("blank.png")."\">"; printTree($path, $level+1);
print "<img src=\"".getImgPath("folder_closed.gif")."\" border=0>".$subFolders[$i]->getName()."\n"; else {
print "</li>"; print "<li>\n";
} $subFolders_ = LetoDMS_Core_DMS::filterAccess($subFolders[$i]->getSubFolders(), $user, M_READ);
} $documents_ = LetoDMS_Core_DMS::filterAccess($subFolders[$i]->getDocuments(), $user, M_READ);
for ($i = 0; $i < count($documents); $i++) {
print "<li>\n"; if (count($subFolders_) + count($documents_) > 0)
print "<img class='treeicon' src=\"images/blank.png\">"; print "<a href=\"out.DocumentChooser.php?form=$form&folderid=".$subFolders[$i]->getID()."\"><img class='treeicon' src=\"".getImgPath("plus.png")."\" border=0></a>";
print "<a class=\"foldertree_selectable\" href=\"javascript:documentSelected(".$documents[$i]->getID().",'".sanitizeString($documents[$i]->getName())."');\"><img src=\"images/file.gif\" border=0>".$documents[$i]->getName()."</a>"; else
print "</li>"; print "<img class='treeicon' src=\"".getImgPath("blank.png")."\">";
} print "<img src=\"".getImgPath("folder_closed.gif")."\" border=0>".$subFolders[$i]->getName()."\n";
print "</li>";
print "</ul>\n"; }
if ($level == 0) { }
print "</ul>\n"; for ($i = 0; $i < count($documents); $i++) {
} print "<li>\n";
print "<img class='treeicon' src=\"images/blank.png\">";
} print "<a class=\"foldertree_selectable\" href=\"javascript:documentSelected(".$documents[$i]->getID().",'".sanitizeString($documents[$i]->getName())."');\"><img src=\"images/file.gif\" border=0>".$documents[$i]->getName()."</a>";
print "</li>";
UI::htmlStartPage(getMLText("choose_target_document")); }
UI::globalBanner();
UI::pageNavigation(getMLText("choose_target_document")); print "</ul>\n";
?> if ($level == 0) {
print "</ul>\n";
<script language="JavaScript"> }
function decodeString(s) {
s = new String(s); }
s = s.replace(/&amp;/, "&");
s = s.replace(/&#0037;/, "%"); // percent UI::htmlStartPage(getMLText("choose_target_document"));
s = s.replace(/&quot;/, "\""); // double quote UI::globalBanner();
s = s.replace(/&#0047;&#0042;/, "/*"); // start of comment UI::pageNavigation(getMLText("choose_target_document"));
s = s.replace(/&#0042;&#0047;/, "*/"); // end of comment ?>
s = s.replace(/&lt;/, "<");
s = s.replace(/&gt;/, ">"); <script language="JavaScript">
s = s.replace(/&#0061;/, "="); function decodeString(s) {
s = s.replace(/&#0041;/, ")"); s = new String(s);
s = s.replace(/&#0040;/, "("); s = s.replace(/&amp;/, "&");
s = s.replace(/&#0039;/, "'"); s = s.replace(/&#0037;/, "%"); // percent
s = s.replace(/&#0043;/, "+"); s = s.replace(/&quot;/, "\""); // double quote
s = s.replace(/&#0047;&#0042;/, "/*"); // start of comment
return s; s = s.replace(/&#0042;&#0047;/, "*/"); // end of comment
} s = s.replace(/&lt;/, "<");
s = s.replace(/&gt;/, ">");
var targetName; s = s.replace(/&#0061;/, "=");
var targetID; s = s.replace(/&#0041;/, ")");
s = s.replace(/&#0040;/, "(");
function documentSelected(id, name) { s = s.replace(/&#0039;/, "'");
targetName.value = decodeString(name); s = s.replace(/&#0043;/, "+");
targetID.value = id;
window.close(); return s;
return true; }
}
</script> var targetName;
var targetID;
<?php
$folder = $dms->getFolder($folderid); function documentSelected(id, name) {
UI::contentContainerStart(); targetName.value = decodeString(name);
printTree($folder->getPath()); targetID.value = id;
UI::contentContainerEnd(); window.close();
?> return true;
}
<script language="JavaScript"> </script>
targetName = opener.document.<?php echo $form?>.docname<?php print $form ?>;
targetID = opener.document.<?php echo $form?>.docid<?php print $form ?>; <?php
</script> $folder = $dms->getFolder($folderid);
UI::contentContainerStart();
<?php printTree($folder->getPath());
UI::htmlEndPage(); UI::contentContainerEnd();
?> ?>
<script language="JavaScript">
targetName = opener.document.<?php echo $form?>.docname<?php print $form ?>;
targetID = opener.document.<?php echo $form?>.docid<?php print $form ?>;
</script>
<?php
UI::htmlEndPage();
?>

158
out/out.FolderChooser.php
View File

@ -1,37 +1,37 @@
<?php <?php
// MyDMS. Document Management System // MyDMS. Document Management System
// Copyright (C) 2002-2005 Markus Westphal // Copyright (C) 2002-2005 Markus Westphal
// Copyright (C) 2006-2008 Malcolm Cowe // Copyright (C) 2006-2008 Malcolm Cowe
// //
// This program is free software; you can redistribute it and/or modify // This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by // it under the terms of the GNU General Public License as published by
// the Free Software Foundation; either version 2 of the License, or // the Free Software Foundation; either version 2 of the License, or
// (at your option) any later version. // (at your option) any later version.
// //
// This program is distributed in the hope that it will be useful, // This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of // but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details. // GNU General Public License for more details.
// //
// You should have received a copy of the GNU General Public License // You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software // along with this program; if not, write to the Free Software
// Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. // Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
include("../inc/inc.Settings.php"); include("../inc/inc.Settings.php");
include("../inc/inc.ClassUI.php"); include("../inc/inc.ClassUI.php");
include("../inc/inc.DBInit.php"); include("../inc/inc.DBInit.php");
include("../inc/inc.Language.php"); include("../inc/inc.Language.php");
include("../inc/inc.Authentication.php"); include("../inc/inc.Authentication.php");
$form = sanitizeString($_GET["form"]); $form = preg_replace('/[^A-Za-z0-9_]+/', '', $_GET["form"]);
$mode = intval($_GET["mode"]); $mode = intval($_GET["mode"]);
$exclude = intval($_GET["exclude"]); $exclude = intval($_GET["exclude"]);
UI::htmlStartPage(getMLText("choose_target_folder")); UI::htmlStartPage(getMLText("choose_target_folder"));
UI::globalBanner(); UI::globalBanner();
UI::pageNavigation(getMLText("choose_target_folder")); UI::pageNavigation(getMLText("choose_target_folder"));
?> ?>
<script language="JavaScript"> <script language="JavaScript">
function toggleTree(id){ function toggleTree(id){
@ -42,49 +42,49 @@ function toggleTree(id){
else obj.style.display = "none"; else obj.style.display = "none";
} }
function decodeString(s) { function decodeString(s) {
s = new String(s); s = new String(s);
s = s.replace(/&amp;/, "&"); s = s.replace(/&amp;/, "&");
s = s.replace(/&#0037;/, "%"); // percent s = s.replace(/&#0037;/, "%"); // percent
s = s.replace(/&quot;/, "\""); // double quote s = s.replace(/&quot;/, "\""); // double quote
s = s.replace(/&#0047;&#0042;/, "/*"); // start of comment s = s.replace(/&#0047;&#0042;/, "/*"); // start of comment
s = s.replace(/&#0042;&#0047;/, "*/"); // end of comment s = s.replace(/&#0042;&#0047;/, "*/"); // end of comment
s = s.replace(/&lt;/, "<"); s = s.replace(/&lt;/, "<");
s = s.replace(/&gt;/, ">"); s = s.replace(/&gt;/, ">");
s = s.replace(/&#0061;/, "="); s = s.replace(/&#0061;/, "=");
s = s.replace(/&#0041;/, ")"); s = s.replace(/&#0041;/, ")");
s = s.replace(/&#0040;/, "("); s = s.replace(/&#0040;/, "(");
s = s.replace(/&#0039;/, "'"); s = s.replace(/&#0039;/, "'");
s = s.replace(/&#0043;/, "+"); s = s.replace(/&#0043;/, "+");
return s; return s;
} }
var targetName; var targetName;
var targetID; var targetID;
function folderSelected(id, name) { function folderSelected(id, name) {
targetName.value = decodeString(name); targetName.value = decodeString(name);
targetID.value = id; targetID.value = id;
window.close(); window.close();
return true; return true;
} }
</script> </script>
<?php <?php
UI::contentContainerStart(); UI::contentContainerStart();
UI::printFoldersTree($mode, $exclude, $settings->_rootFolderID); UI::printFoldersTree($mode, $exclude, $settings->_rootFolderID);
UI::contentContainerEnd(); UI::contentContainerEnd();
?> ?>
<script language="JavaScript"> <script language="JavaScript">
targetName = opener.document.<?php echo $form?>.targetname<?php print $form ?>; targetName = opener.document.<?php echo $form?>.targetname<?php print $form ?>;
targetID = opener.document.<?php echo $form?>.targetid<?php print $form ?>; targetID = opener.document.<?php echo $form?>.targetid<?php print $form ?>;
</script> </script>
<?php <?php
UI::htmlEndPage(); UI::htmlEndPage();
?> ?>