mirror of
https://git.code.sf.net/p/seeddms/code
synced 2025-02-06 07:04:57 +00:00
- remove sanitizeString() where possible
This commit is contained in:
steinm
parent
73f4c8d90d
commit
a027d7c962
|
|
@ -44,10 +44,10 @@ if ($folder->getAccessMode($user) < M_READWRITE) {
|
|||
UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
$comment = sanitizeString($_POST["comment"]);
|
||||
$version_comment = sanitizeString($_POST["version_comment"]);
|
||||
$comment = $_POST["comment"];
|
||||
$version_comment = $_POST["version_comment"];
|
||||
|
||||
$keywords = sanitizeString($_POST["keywords"]);
|
||||
$keywords = $_POST["keywords"];
|
||||
$categories = preg_replace('/[^0-9,]+/', '', $_POST["categoryidform1"]);
|
||||
|
||||
$reqversion = (int)$_POST["reqversion"];
|
||||
|
|
@ -150,7 +150,7 @@ for ($file_num=0;$file_num<count($_FILES["userfile"]["tmp_name"]);$file_num++){
|
|||
else $fileType = substr($userfilename, $lastDotIndex);
|
||||
|
||||
if ((count($_FILES["userfile"]["tmp_name"])==1)&&($_POST["name"]!=""))
|
||||
$name = sanitizeString($_POST["name"]);
|
||||
$name = $_POST["name"];
|
||||
else $name = basename($userfilename);
|
||||
|
||||
$cats = array();
|
||||
|
|
|
|||
|
|
@ -44,8 +44,8 @@ if (!isset($_POST["name"]) || !isset($_POST["comment"]) ) {
|
|||
UI::exitError(getMLText("add_event"),getMLText("error_occured"));
|
||||
}
|
||||
|
||||
$name = sanitizeString($_POST["name"]);
|
||||
$comment = sanitizeString($_POST["comment"]);
|
||||
$name = $_POST["name"];
|
||||
$comment = $_POST["comment"];
|
||||
$from = mktime(0,0,0, intval($_POST["frommonth"]), intval($_POST["fromday"]), intval($_POST["fromyear"]));
|
||||
$to = mktime(23,59,59, intval($_POST["tomonth"]), intval($_POST["today"]), intval($_POST["toyear"]));
|
||||
|
||||
|
|
|
|||
|
|
@ -46,8 +46,8 @@ if (is_uploaded_file($_FILES["userfile"]["tmp_name"]) && $_FILES["userfile"]["si
|
|||
UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("uploading_failed"));
|
||||
}
|
||||
|
||||
$name = sanitizeString($_POST["name"]);
|
||||
$comment = sanitizeString($_POST["comment"]);
|
||||
$name = $_POST["name"];
|
||||
$comment = $_POST["comment"];
|
||||
|
||||
if($_FILES["userfile"]["error"]) {
|
||||
UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("error_occured"));
|
||||
|
|
|
|||
|
|
@ -60,10 +60,10 @@ if( move_uploaded_file( $source_file_path, $target_file_path ) ) {
|
|||
$userfiletype = $_FILES[ $file_param_name ]["type"];
|
||||
$userfilename = $_FILES[ $file_param_name ]["name"];
|
||||
|
||||
$name = sanitizeString($_POST["name"]);
|
||||
$name = $_POST["name"];
|
||||
if(!$name)
|
||||
$name = $userfilename;
|
||||
$comment = sanitizeString($_POST["comment"]);
|
||||
$comment = $_POST["comment"];
|
||||
|
||||
$lastDotIndex = strrpos(basename($userfilename), ".");
|
||||
if (is_bool($lastDotIndex) && !$lastDotIndex)
|
||||
|
|
|
|||
|
|
@ -59,16 +59,16 @@ if( move_uploaded_file( $source_file_path, $target_file_path ) ) {
|
|||
}
|
||||
|
||||
if(isset($_POST["comment"]))
|
||||
$comment = sanitizeString($_POST["comment"]);
|
||||
$comment = $_POST["comment"];
|
||||
else
|
||||
$comment = '';
|
||||
if(isset($_POST['version_comment']))
|
||||
$version_comment = sanitizeString($_POST["version_comment"]);
|
||||
$version_comment = $_POST["version_comment"];
|
||||
else
|
||||
$version_comment = '';
|
||||
|
||||
if(isset($_POST["keywords"]))
|
||||
$keywords = sanitizeString($_POST["keywords"]);
|
||||
$keywords = $_POST["keywords"];
|
||||
else
|
||||
$keywords = '';
|
||||
|
||||
|
|
@ -164,7 +164,7 @@ if( move_uploaded_file( $source_file_path, $target_file_path ) ) {
|
|||
else $fileType = substr($userfilename, $lastDotIndex);
|
||||
|
||||
if($_POST["name"] != "")
|
||||
$name = sanitizeString($_POST["name"]);
|
||||
$name = $_POST["name"];
|
||||
else
|
||||
$name = basename($userfilename);
|
||||
|
||||
|
|
|
|||
|
|
@ -49,8 +49,8 @@ if (!is_numeric($sequence)) {
|
|||
UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("invalid_sequence"));
|
||||
}
|
||||
|
||||
$name = sanitizeString($_POST["name"]);
|
||||
$comment = sanitizeString($_POST["comment"]);
|
||||
$name = $_POST["name"];
|
||||
$comment = $_POST["comment"];
|
||||
$subFolder = $folder->addSubFolder($name, $comment, $user, $sequence);
|
||||
|
||||
if (is_object($subFolder)) {
|
||||
|
|
|
|||
|
|
@ -74,7 +74,7 @@ if (!isset($_POST["approvalStatus"]) || !is_numeric($_POST["approvalStatus"]) ||
|
|||
|
||||
if ($_POST["approvalType"] == "ind") {
|
||||
|
||||
$comment = sanitizeString($_POST["comment"]);
|
||||
$comment = $_POST["comment"];
|
||||
if(0 > $latestContent->setApprovalByInd($user, $user, $_POST["approvalStatus"], $comment)) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("approval_update_failed"));
|
||||
}
|
||||
|
|
@ -106,7 +106,7 @@ if ($_POST["approvalType"] == "ind") {
|
|||
}
|
||||
}
|
||||
else if ($_POST["approvalType"] == "grp") {
|
||||
$comment = sanitizeString($_POST["comment"]);
|
||||
$comment = $_POST["comment"];
|
||||
$group = $dms->getGroup($_POST['approvalGroup']);
|
||||
if(0 > $latestContent->setApprovalByGrp($group, $user, $_POST["approvalStatus"], $comment)) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("approval_update_failed"));
|
||||
|
|
|
|||
|
|
@ -33,7 +33,7 @@ $action = $_GET["action"];
|
|||
//Neue Kategorie anlegen -----------------------------------------------------------------------------
|
||||
if ($action == "addcategory") {
|
||||
|
||||
$name = sanitizeString($_GET["name"]);
|
||||
$name = $_GET["name"];
|
||||
if (is_object($dms->getDocumentCategoryByName($name))) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("category_exists"));
|
||||
}
|
||||
|
|
@ -74,7 +74,7 @@ else if ($action == "editcategory") {
|
|||
UI::exitError(getMLText("admin_tools"),getMLText("unknown_document_category"));
|
||||
}
|
||||
|
||||
$name = sanitizeString($_GET["name"]);
|
||||
$name = $_GET["name"];
|
||||
if (!$category->setName($name)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("error_occured"));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -32,8 +32,8 @@ $action = $_GET["action"];
|
|||
|
||||
//Neue Kategorie anlegen -----------------------------------------------------------------------------
|
||||
if ($action == "addcategory") {
|
||||
|
||||
$name = sanitizeString($_GET["name"]);
|
||||
|
||||
$name = $_GET["name"];
|
||||
if (is_object($dms->getKeywordCategoryByName($name, $user->getID()))) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("keyword_exists"));
|
||||
}
|
||||
|
|
@ -83,7 +83,7 @@ else if ($action == "editcategory") {
|
|||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
$name = sanitizeString($_GET["name"]);
|
||||
$name = $_GET["name"];
|
||||
if (!$category->setName($name)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("error_occured"));
|
||||
}
|
||||
|
|
@ -99,7 +99,7 @@ else if ($action == "newkeywords") {
|
|||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
$keywords = sanitizeString($_GET["keywords"]);
|
||||
$keywords = $_GET["keywords"];
|
||||
|
||||
if (!$category->addKeywordList($keywords)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("error_occured"));
|
||||
|
|
@ -129,7 +129,7 @@ else if ($action == "editkeywords")
|
|||
}
|
||||
$keywordsid = $_GET["keywordsid"];
|
||||
|
||||
$keywords = sanitizeString($_GET["keywords"]);
|
||||
$keywords = $_GET["keywords"];
|
||||
if (!$category->editKeywordList($keywordsid, $keywords)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("error_occured"));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -52,7 +52,7 @@ if (!is_object($version)) {
|
|||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_version"));
|
||||
}
|
||||
|
||||
$comment = sanitizeString($_POST["comment"]);
|
||||
$comment = $_POST["comment"];
|
||||
|
||||
if (($oldcomment = $version->getComment()) != $comment) {
|
||||
if($version->setComment($comment)) {
|
||||
|
|
|
|||
|
|
@ -44,9 +44,9 @@ if ($document->getAccessMode($user) < M_READWRITE) {
|
|||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
$name = sanitizeString($_POST["name"]);
|
||||
$comment = sanitizeString($_POST["comment"]);
|
||||
$keywords = sanitizeString($_POST["keywords"]);
|
||||
$name = $_POST["name"];
|
||||
$comment = $_POST["comment"];
|
||||
$keywords = $_POST["keywords"];
|
||||
$categories = preg_replace('/[^0-9,]+/', '', $_POST["categoryidform1"]);
|
||||
$sequence = $_POST["sequence"];
|
||||
if (!is_numeric($sequence)) {
|
||||
|
|
|
|||
|
|
@ -48,8 +48,8 @@ if (!isset($_POST["eventid"])) {
|
|||
UI::exitError(getMLText("edit_event"),getMLText("error_occured"));
|
||||
}
|
||||
|
||||
$name = sanitizeString($_POST["name"]);
|
||||
$comment = sanitizeString($_POST["comment"]);
|
||||
$name = $_POST["name"];
|
||||
$comment = $_POST["comment"];
|
||||
$from = mktime(0,0,0, intval($_POST["frommonth"]), intval($_POST["fromday"]), intval($_POST["fromyear"]));
|
||||
$to = mktime(23,59,59, intval($_POST["tomonth"]), intval($_POST["today"]), intval($_POST["toyear"]));
|
||||
|
||||
|
|
|
|||
|
|
@ -43,8 +43,8 @@ if ($folder->getAccessMode($user) < M_READWRITE) {
|
|||
UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
$name = sanitizeString($_POST["name"]);
|
||||
$comment = sanitizeString($_POST["comment"]);
|
||||
$name = $_POST["name"];
|
||||
$comment = $_POST["comment"];
|
||||
$sequence = $_POST["sequence"];
|
||||
if (!is_numeric($sequence)) {
|
||||
$sequence = "keep";
|
||||
|
|
|
|||
|
|
@ -32,9 +32,9 @@ if (!$user->isAdmin() && ($settings->_disableSelfEdit)) {
|
|||
UI::exitError(getMLText("edit_user_details"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
$fullname = sanitizeString($_POST["fullname"]);
|
||||
$email = sanitizeString($_POST["email"]);
|
||||
$comment = sanitizeString($_POST["comment"]);
|
||||
$fullname = $_POST["fullname"];
|
||||
$email = $_POST["email"];
|
||||
$comment = $_POST["comment"];
|
||||
|
||||
if (isset($_POST["pwd"]) && ($_POST["pwd"] != ""))
|
||||
$user->setPwd(md5($_POST["pwd"]));
|
||||
|
|
|
|||
|
|
@ -37,8 +37,8 @@ else if (isset($_POST["action"])) $action = $_POST["action"];
|
|||
//Neue Gruppe anlegen -----------------------------------------------------------------------------
|
||||
if ($action == "addgroup") {
|
||||
|
||||
$name = sanitizeString($_GET["name"]);
|
||||
$comment = sanitizeString($_GET["comment"]);
|
||||
$name = $_GET["name"];
|
||||
$comment = $_GET["comment"];
|
||||
|
||||
if (is_object($dms->getGroupByName($name))) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("group_exists"));
|
||||
|
|
@ -87,8 +87,8 @@ else if ($action == "editgroup") {
|
|||
UI::exitError(getMLText("admin_tools"),getMLText("invalid_group_id"));
|
||||
}
|
||||
|
||||
$name = sanitizeString($_GET["name"]);
|
||||
$comment = sanitizeString($_GET["comment"]);
|
||||
$name = $_GET["name"];
|
||||
$comment = $_GET["comment"];
|
||||
|
||||
if ($group->getName() != $name)
|
||||
$group->setName($name);
|
||||
|
|
|
|||
|
|
@ -37,7 +37,7 @@ function _printMessage($heading, $message) {
|
|||
}
|
||||
|
||||
if (isset($_REQUEST["login"])) {
|
||||
$login = sanitizeString($_REQUEST["login"]);
|
||||
$login = $_REQUEST["login"];
|
||||
$login = str_replace("*", "", $login);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -65,7 +65,7 @@ if ($overallStatus["status"] == S_REJECTED || $overallStatus["status"] == S_EXPI
|
|||
$reviewStatus = $content->getReviewStatus();
|
||||
$approvalStatus = $content->getApprovalStatus();
|
||||
$overrideStatus = $_POST["overrideStatus"];
|
||||
$comment = sanitizeString($_POST["comment"]);
|
||||
$comment = $_POST["comment"];
|
||||
|
||||
if ($overrideStatus != $overallStatus["status"]) {
|
||||
|
||||
|
|
|
|||
|
|
@ -70,7 +70,7 @@ if (!isset($_POST["reviewStatus"]) || !is_numeric($_POST["reviewStatus"]) ||
|
|||
|
||||
if ($_POST["reviewType"] == "ind") {
|
||||
|
||||
$comment = sanitizeString($_POST["comment"]);
|
||||
$comment = $_POST["comment"];
|
||||
if(0 > $latestContent->setReviewByInd($user, $user, $_POST["reviewStatus"], $comment)) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("review_update_failed"));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -109,7 +109,7 @@ function markQuery($str, $tag = "b") {
|
|||
// in the database: keywords, name and comment.
|
||||
|
||||
if (isset($_GET["query"]) && is_string($_GET["query"])) {
|
||||
$query = sanitizeString($_GET["query"]);
|
||||
$query = $_GET["query"];
|
||||
}
|
||||
else {
|
||||
$query = "";
|
||||
|
|
|
|||
|
|
@ -49,7 +49,7 @@ if (!is_object($folder)) {
|
|||
// in the database: keywords, name and comment.
|
||||
|
||||
if (isset($_GET["query"]) && is_string($_GET["query"])) {
|
||||
$query = sanitizeString($_GET["query"]);
|
||||
$query = $_GET["query"];
|
||||
}
|
||||
else {
|
||||
$query = "";
|
||||
|
|
|
|||
|
|
@ -51,7 +51,7 @@ if ($document->isLocked()) {
|
|||
|
||||
if (is_uploaded_file($_FILES["userfile"]["tmp_name"]) && $_FILES["userfile"]["size"] > 0 && $_FILES['userfile']['error']==0) {
|
||||
|
||||
$comment = sanitizeString($_POST["comment"]);
|
||||
$comment = $_POST["comment"];
|
||||
$userfiletmp = $_FILES["userfile"]["tmp_name"];
|
||||
$userfiletype = sanitizeString($_FILES["userfile"]["type"]);
|
||||
$userfilename = sanitizeString($_FILES["userfile"]["name"]);
|
||||
|
|
|
|||
|
|
@ -63,7 +63,7 @@ if( move_uploaded_file( $source_file_path, $target_file_path ) ) {
|
|||
else $document->setLocked(false);
|
||||
}
|
||||
|
||||
$comment = sanitizeString($_POST["comment"]);
|
||||
$comment = $_POST["comment"];
|
||||
|
||||
$userfiletmp = $settings->_stagingDir.$_POST['fileId'];;
|
||||
$userfiletype = $_FILES[ $file_param_name ]["type"];
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@ if (isset($_REQUEST["action"])) {
|
|||
if ($action == "addcategory") {
|
||||
|
||||
if (isset($_REQUEST["name"]) && $_REQUEST["name"]) {
|
||||
$name = sanitizeString($_REQUEST["name"]);
|
||||
$name = $_REQUEST["name"];
|
||||
|
||||
$newCategory = $dms->addKeywordCategory($user->getID(), $name);
|
||||
if (!$newCategory) {
|
||||
|
|
@ -85,7 +85,7 @@ else if ($action == "editcategory") {
|
|||
UI::exitError(getMLText("personal_default_keywords"),getMLText("access_denied"));
|
||||
}
|
||||
if (isset($_REQUEST["name"]) && $_REQUEST["name"]) {
|
||||
$name = sanitizeString($_REQUEST["name"]);
|
||||
$name = $_REQUEST["name"];
|
||||
|
||||
if (!$category->setName($name)) {
|
||||
UI::exitError(getMLText("personal_default_keywords"),getMLText("error_occured"));
|
||||
|
|
@ -112,10 +112,10 @@ else if ($action == "newkeywords") {
|
|||
}
|
||||
|
||||
if (isset($_POST["keywords"])) {
|
||||
$keywords = sanitizeString($_POST["keywords"]);
|
||||
$keywords = $_POST["keywords"];
|
||||
}
|
||||
else {
|
||||
$keywords = sanitizeString($_GET["keywords"]);
|
||||
$keywords = $_GET["keywords"];
|
||||
}
|
||||
if (!$category->addKeywordList($keywords)) {
|
||||
UI::exitError(getMLText("personal_default_keywords"),getMLText("error_occured"));
|
||||
|
|
|
|||
|
|
@ -37,10 +37,10 @@ else $action=NULL;
|
|||
//Neuen Benutzer anlegen --------------------------------------------------------------------------
|
||||
if ($action == "adduser") {
|
||||
|
||||
$login = sanitizeString($_POST["login"]);
|
||||
$name = sanitizeString($_POST["name"]);
|
||||
$email = sanitizeString($_POST["email"]);
|
||||
$comment = sanitizeString($_POST["comment"]);
|
||||
$login = $_POST["login"];
|
||||
$name = $_POST["name"];
|
||||
$email = $_POST["email"];
|
||||
$comment = $_POST["comment"];
|
||||
$role = preg_replace('/[^0-2]+/', '', $_POST["role"]);
|
||||
$isHidden = (isset($_POST["ishidden"]) && $_POST["ishidden"]==1 ? 1 : 0);
|
||||
|
||||
|
|
@ -145,11 +145,11 @@ else if ($action == "edituser") {
|
|||
UI::exitError(getMLText("admin_tools"),getMLText("invalid_user_id"));
|
||||
}
|
||||
|
||||
$login = sanitizeString($_POST["login"]);
|
||||
$login = $_POST["login"]);
|
||||
$pwd = $_POST["pwd"];
|
||||
$name = sanitizeString($_POST["name"]);
|
||||
$email = sanitizeString($_POST["email"]);
|
||||
$comment = sanitizeString($_POST["comment"]);
|
||||
$name = $_POST["name"];
|
||||
$email = $_POST["email"];
|
||||
$comment = $_POST["comment"];
|
||||
$role = preg_replace('/[^0-2]+/', '', $_POST["role"]);
|
||||
$isHidden = (isset($_POST["ishidden"]) && $_POST["ishidden"]==1 ? 1 : 0);
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user