diff --git a/op/op.AddDocument.php b/op/op.AddDocument.php index a8afee7b7..ed9e62abb 100644 --- a/op/op.AddDocument.php +++ b/op/op.AddDocument.php @@ -44,10 +44,10 @@ if ($folder->getAccessMode($user) < M_READWRITE) { UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("access_denied")); } -$comment = sanitizeString($_POST["comment"]); -$version_comment = sanitizeString($_POST["version_comment"]); +$comment = $_POST["comment"]; +$version_comment = $_POST["version_comment"]; -$keywords = sanitizeString($_POST["keywords"]); +$keywords = $_POST["keywords"]; $categories = preg_replace('/[^0-9,]+/', '', $_POST["categoryidform1"]); $reqversion = (int)$_POST["reqversion"]; @@ -150,7 +150,7 @@ for ($file_num=0;$file_num $folder->getName())),getMLText("uploading_failed")); } -$name = sanitizeString($_POST["name"]); -$comment = sanitizeString($_POST["comment"]); +$name = $_POST["name"]; +$comment = $_POST["comment"]; if($_FILES["userfile"]["error"]) { UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("error_occured")); diff --git a/op/op.AddFile2.php b/op/op.AddFile2.php index c51f6ca7f..88257bd0a 100644 --- a/op/op.AddFile2.php +++ b/op/op.AddFile2.php @@ -60,10 +60,10 @@ if( move_uploaded_file( $source_file_path, $target_file_path ) ) { $userfiletype = $_FILES[ $file_param_name ]["type"]; $userfilename = $_FILES[ $file_param_name ]["name"]; - $name = sanitizeString($_POST["name"]); + $name = $_POST["name"]; if(!$name) $name = $userfilename; - $comment = sanitizeString($_POST["comment"]); + $comment = $_POST["comment"]; $lastDotIndex = strrpos(basename($userfilename), "."); if (is_bool($lastDotIndex) && !$lastDotIndex) diff --git a/op/op.AddMultiDocument.php b/op/op.AddMultiDocument.php index f22e4a951..b828591db 100644 --- a/op/op.AddMultiDocument.php +++ b/op/op.AddMultiDocument.php @@ -59,16 +59,16 @@ if( move_uploaded_file( $source_file_path, $target_file_path ) ) { } if(isset($_POST["comment"])) - $comment = sanitizeString($_POST["comment"]); + $comment = $_POST["comment"]; else $comment = ''; if(isset($_POST['version_comment'])) - $version_comment = sanitizeString($_POST["version_comment"]); + $version_comment = $_POST["version_comment"]; else $version_comment = ''; if(isset($_POST["keywords"])) - $keywords = sanitizeString($_POST["keywords"]); + $keywords = $_POST["keywords"]; else $keywords = ''; @@ -164,7 +164,7 @@ if( move_uploaded_file( $source_file_path, $target_file_path ) ) { else $fileType = substr($userfilename, $lastDotIndex); if($_POST["name"] != "") - $name = sanitizeString($_POST["name"]); + $name = $_POST["name"]; else $name = basename($userfilename); diff --git a/op/op.AddSubFolder.php b/op/op.AddSubFolder.php index 3d86252d7..db03b9307 100644 --- a/op/op.AddSubFolder.php +++ b/op/op.AddSubFolder.php @@ -49,8 +49,8 @@ if (!is_numeric($sequence)) { UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("invalid_sequence")); } -$name = sanitizeString($_POST["name"]); -$comment = sanitizeString($_POST["comment"]); +$name = $_POST["name"]; +$comment = $_POST["comment"]; $subFolder = $folder->addSubFolder($name, $comment, $user, $sequence); if (is_object($subFolder)) { diff --git a/op/op.ApproveDocument.php b/op/op.ApproveDocument.php index f808626cc..bfef644d4 100644 --- a/op/op.ApproveDocument.php +++ b/op/op.ApproveDocument.php @@ -74,7 +74,7 @@ if (!isset($_POST["approvalStatus"]) || !is_numeric($_POST["approvalStatus"]) || if ($_POST["approvalType"] == "ind") { - $comment = sanitizeString($_POST["comment"]); + $comment = $_POST["comment"]; if(0 > $latestContent->setApprovalByInd($user, $user, $_POST["approvalStatus"], $comment)) { UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("approval_update_failed")); } @@ -106,7 +106,7 @@ if ($_POST["approvalType"] == "ind") { } } else if ($_POST["approvalType"] == "grp") { - $comment = sanitizeString($_POST["comment"]); + $comment = $_POST["comment"]; $group = $dms->getGroup($_POST['approvalGroup']); if(0 > $latestContent->setApprovalByGrp($group, $user, $_POST["approvalStatus"], $comment)) { UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("approval_update_failed")); diff --git a/op/op.Categories.php b/op/op.Categories.php index e8a8aeb63..36cf84915 100644 --- a/op/op.Categories.php +++ b/op/op.Categories.php @@ -33,7 +33,7 @@ $action = $_GET["action"]; //Neue Kategorie anlegen ----------------------------------------------------------------------------- if ($action == "addcategory") { - $name = sanitizeString($_GET["name"]); + $name = $_GET["name"]; if (is_object($dms->getDocumentCategoryByName($name))) { UI::exitError(getMLText("admin_tools"),getMLText("category_exists")); } @@ -74,7 +74,7 @@ else if ($action == "editcategory") { UI::exitError(getMLText("admin_tools"),getMLText("unknown_document_category")); } - $name = sanitizeString($_GET["name"]); + $name = $_GET["name"]; if (!$category->setName($name)) { UI::exitError(getMLText("admin_tools"),getMLText("error_occured")); } diff --git a/op/op.DefaultKeywords.php b/op/op.DefaultKeywords.php index 0df6d328f..d026876f8 100644 --- a/op/op.DefaultKeywords.php +++ b/op/op.DefaultKeywords.php @@ -32,8 +32,8 @@ $action = $_GET["action"]; //Neue Kategorie anlegen ----------------------------------------------------------------------------- if ($action == "addcategory") { - - $name = sanitizeString($_GET["name"]); + + $name = $_GET["name"]; if (is_object($dms->getKeywordCategoryByName($name, $user->getID()))) { UI::exitError(getMLText("admin_tools"),getMLText("keyword_exists")); } @@ -83,7 +83,7 @@ else if ($action == "editcategory") { UI::exitError(getMLText("admin_tools"),getMLText("access_denied")); } - $name = sanitizeString($_GET["name"]); + $name = $_GET["name"]; if (!$category->setName($name)) { UI::exitError(getMLText("admin_tools"),getMLText("error_occured")); } @@ -99,7 +99,7 @@ else if ($action == "newkeywords") { UI::exitError(getMLText("admin_tools"),getMLText("access_denied")); } - $keywords = sanitizeString($_GET["keywords"]); + $keywords = $_GET["keywords"]; if (!$category->addKeywordList($keywords)) { UI::exitError(getMLText("admin_tools"),getMLText("error_occured")); @@ -129,7 +129,7 @@ else if ($action == "editkeywords") } $keywordsid = $_GET["keywordsid"]; - $keywords = sanitizeString($_GET["keywords"]); + $keywords = $_GET["keywords"]; if (!$category->editKeywordList($keywordsid, $keywords)) { UI::exitError(getMLText("admin_tools"),getMLText("error_occured")); } diff --git a/op/op.EditComment.php b/op/op.EditComment.php index 5eb6cd296..b49daeb22 100644 --- a/op/op.EditComment.php +++ b/op/op.EditComment.php @@ -52,7 +52,7 @@ if (!is_object($version)) { UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_version")); } -$comment = sanitizeString($_POST["comment"]); +$comment = $_POST["comment"]; if (($oldcomment = $version->getComment()) != $comment) { if($version->setComment($comment)) { diff --git a/op/op.EditDocument.php b/op/op.EditDocument.php index b67242ec4..6359f2114 100644 --- a/op/op.EditDocument.php +++ b/op/op.EditDocument.php @@ -44,9 +44,9 @@ if ($document->getAccessMode($user) < M_READWRITE) { UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied")); } -$name = sanitizeString($_POST["name"]); -$comment = sanitizeString($_POST["comment"]); -$keywords = sanitizeString($_POST["keywords"]); +$name = $_POST["name"]; +$comment = $_POST["comment"]; +$keywords = $_POST["keywords"]; $categories = preg_replace('/[^0-9,]+/', '', $_POST["categoryidform1"]); $sequence = $_POST["sequence"]; if (!is_numeric($sequence)) { diff --git a/op/op.EditEvent.php b/op/op.EditEvent.php index 7d13053a4..f8f3e4d87 100644 --- a/op/op.EditEvent.php +++ b/op/op.EditEvent.php @@ -48,8 +48,8 @@ if (!isset($_POST["eventid"])) { UI::exitError(getMLText("edit_event"),getMLText("error_occured")); } -$name = sanitizeString($_POST["name"]); -$comment = sanitizeString($_POST["comment"]); +$name = $_POST["name"]; +$comment = $_POST["comment"]; $from = mktime(0,0,0, intval($_POST["frommonth"]), intval($_POST["fromday"]), intval($_POST["fromyear"])); $to = mktime(23,59,59, intval($_POST["tomonth"]), intval($_POST["today"]), intval($_POST["toyear"])); diff --git a/op/op.EditFolder.php b/op/op.EditFolder.php index 881e001a4..45aca6f7f 100644 --- a/op/op.EditFolder.php +++ b/op/op.EditFolder.php @@ -43,8 +43,8 @@ if ($folder->getAccessMode($user) < M_READWRITE) { UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("access_denied")); } -$name = sanitizeString($_POST["name"]); -$comment = sanitizeString($_POST["comment"]); +$name = $_POST["name"]; +$comment = $_POST["comment"]; $sequence = $_POST["sequence"]; if (!is_numeric($sequence)) { $sequence = "keep"; diff --git a/op/op.EditUserData.php b/op/op.EditUserData.php index a9cf60241..154ed7c2f 100644 --- a/op/op.EditUserData.php +++ b/op/op.EditUserData.php @@ -32,9 +32,9 @@ if (!$user->isAdmin() && ($settings->_disableSelfEdit)) { UI::exitError(getMLText("edit_user_details"),getMLText("access_denied")); } -$fullname = sanitizeString($_POST["fullname"]); -$email = sanitizeString($_POST["email"]); -$comment = sanitizeString($_POST["comment"]); +$fullname = $_POST["fullname"]; +$email = $_POST["email"]; +$comment = $_POST["comment"]; if (isset($_POST["pwd"]) && ($_POST["pwd"] != "")) $user->setPwd(md5($_POST["pwd"])); diff --git a/op/op.GroupMgr.php b/op/op.GroupMgr.php index 84cb18ff4..44c7ce337 100644 --- a/op/op.GroupMgr.php +++ b/op/op.GroupMgr.php @@ -37,8 +37,8 @@ else if (isset($_POST["action"])) $action = $_POST["action"]; //Neue Gruppe anlegen ----------------------------------------------------------------------------- if ($action == "addgroup") { - $name = sanitizeString($_GET["name"]); - $comment = sanitizeString($_GET["comment"]); + $name = $_GET["name"]; + $comment = $_GET["comment"]; if (is_object($dms->getGroupByName($name))) { UI::exitError(getMLText("admin_tools"),getMLText("group_exists")); @@ -87,8 +87,8 @@ else if ($action == "editgroup") { UI::exitError(getMLText("admin_tools"),getMLText("invalid_group_id")); } - $name = sanitizeString($_GET["name"]); - $comment = sanitizeString($_GET["comment"]); + $name = $_GET["name"]; + $comment = $_GET["comment"]; if ($group->getName() != $name) $group->setName($name); diff --git a/op/op.Login.php b/op/op.Login.php index 96952c404..25214e676 100644 --- a/op/op.Login.php +++ b/op/op.Login.php @@ -37,7 +37,7 @@ function _printMessage($heading, $message) { } if (isset($_REQUEST["login"])) { - $login = sanitizeString($_REQUEST["login"]); + $login = $_REQUEST["login"]; $login = str_replace("*", "", $login); } diff --git a/op/op.OverrideContentStatus.php b/op/op.OverrideContentStatus.php index e3b96aab3..182bbecad 100644 --- a/op/op.OverrideContentStatus.php +++ b/op/op.OverrideContentStatus.php @@ -65,7 +65,7 @@ if ($overallStatus["status"] == S_REJECTED || $overallStatus["status"] == S_EXPI $reviewStatus = $content->getReviewStatus(); $approvalStatus = $content->getApprovalStatus(); $overrideStatus = $_POST["overrideStatus"]; -$comment = sanitizeString($_POST["comment"]); +$comment = $_POST["comment"]; if ($overrideStatus != $overallStatus["status"]) { diff --git a/op/op.ReviewDocument.php b/op/op.ReviewDocument.php index bf2e20771..68057bf09 100644 --- a/op/op.ReviewDocument.php +++ b/op/op.ReviewDocument.php @@ -70,7 +70,7 @@ if (!isset($_POST["reviewStatus"]) || !is_numeric($_POST["reviewStatus"]) || if ($_POST["reviewType"] == "ind") { - $comment = sanitizeString($_POST["comment"]); + $comment = $_POST["comment"]; if(0 > $latestContent->setReviewByInd($user, $user, $_POST["reviewStatus"], $comment)) { UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("review_update_failed")); } diff --git a/op/op.Search.php b/op/op.Search.php index eb93bc85a..afe08e36c 100644 --- a/op/op.Search.php +++ b/op/op.Search.php @@ -109,7 +109,7 @@ function markQuery($str, $tag = "b") { // in the database: keywords, name and comment. if (isset($_GET["query"]) && is_string($_GET["query"])) { - $query = sanitizeString($_GET["query"]); + $query = $_GET["query"]; } else { $query = ""; diff --git a/op/op.SearchFulltext.php b/op/op.SearchFulltext.php index f376949c0..0fda9fd04 100644 --- a/op/op.SearchFulltext.php +++ b/op/op.SearchFulltext.php @@ -49,7 +49,7 @@ if (!is_object($folder)) { // in the database: keywords, name and comment. if (isset($_GET["query"]) && is_string($_GET["query"])) { - $query = sanitizeString($_GET["query"]); + $query = $_GET["query"]; } else { $query = ""; diff --git a/op/op.UpdateDocument.php b/op/op.UpdateDocument.php index 9223bccfb..cf680a9c8 100644 --- a/op/op.UpdateDocument.php +++ b/op/op.UpdateDocument.php @@ -51,7 +51,7 @@ if ($document->isLocked()) { if (is_uploaded_file($_FILES["userfile"]["tmp_name"]) && $_FILES["userfile"]["size"] > 0 && $_FILES['userfile']['error']==0) { - $comment = sanitizeString($_POST["comment"]); + $comment = $_POST["comment"]; $userfiletmp = $_FILES["userfile"]["tmp_name"]; $userfiletype = sanitizeString($_FILES["userfile"]["type"]); $userfilename = sanitizeString($_FILES["userfile"]["name"]); diff --git a/op/op.UpdateDocument2.php b/op/op.UpdateDocument2.php index dd9b48974..c8437bf8e 100644 --- a/op/op.UpdateDocument2.php +++ b/op/op.UpdateDocument2.php @@ -63,7 +63,7 @@ if( move_uploaded_file( $source_file_path, $target_file_path ) ) { else $document->setLocked(false); } - $comment = sanitizeString($_POST["comment"]); + $comment = $_POST["comment"]; $userfiletmp = $settings->_stagingDir.$_POST['fileId'];; $userfiletype = $_FILES[ $file_param_name ]["type"]; diff --git a/op/op.UserDefaultKeywords.php b/op/op.UserDefaultKeywords.php index b6371aabe..756d83daf 100644 --- a/op/op.UserDefaultKeywords.php +++ b/op/op.UserDefaultKeywords.php @@ -36,7 +36,7 @@ if (isset($_REQUEST["action"])) { if ($action == "addcategory") { if (isset($_REQUEST["name"]) && $_REQUEST["name"]) { - $name = sanitizeString($_REQUEST["name"]); + $name = $_REQUEST["name"]; $newCategory = $dms->addKeywordCategory($user->getID(), $name); if (!$newCategory) { @@ -85,7 +85,7 @@ else if ($action == "editcategory") { UI::exitError(getMLText("personal_default_keywords"),getMLText("access_denied")); } if (isset($_REQUEST["name"]) && $_REQUEST["name"]) { - $name = sanitizeString($_REQUEST["name"]); + $name = $_REQUEST["name"]; if (!$category->setName($name)) { UI::exitError(getMLText("personal_default_keywords"),getMLText("error_occured")); @@ -112,10 +112,10 @@ else if ($action == "newkeywords") { } if (isset($_POST["keywords"])) { - $keywords = sanitizeString($_POST["keywords"]); + $keywords = $_POST["keywords"]; } else { - $keywords = sanitizeString($_GET["keywords"]); + $keywords = $_GET["keywords"]; } if (!$category->addKeywordList($keywords)) { UI::exitError(getMLText("personal_default_keywords"),getMLText("error_occured")); diff --git a/op/op.UsrMgr.php b/op/op.UsrMgr.php index b384846a0..52b22f89a 100644 --- a/op/op.UsrMgr.php +++ b/op/op.UsrMgr.php @@ -37,10 +37,10 @@ else $action=NULL; //Neuen Benutzer anlegen -------------------------------------------------------------------------- if ($action == "adduser") { - $login = sanitizeString($_POST["login"]); - $name = sanitizeString($_POST["name"]); - $email = sanitizeString($_POST["email"]); - $comment = sanitizeString($_POST["comment"]); + $login = $_POST["login"]; + $name = $_POST["name"]; + $email = $_POST["email"]; + $comment = $_POST["comment"]; $role = preg_replace('/[^0-2]+/', '', $_POST["role"]); $isHidden = (isset($_POST["ishidden"]) && $_POST["ishidden"]==1 ? 1 : 0); @@ -145,11 +145,11 @@ else if ($action == "edituser") { UI::exitError(getMLText("admin_tools"),getMLText("invalid_user_id")); } - $login = sanitizeString($_POST["login"]); + $login = $_POST["login"]); $pwd = $_POST["pwd"]; - $name = sanitizeString($_POST["name"]); - $email = sanitizeString($_POST["email"]); - $comment = sanitizeString($_POST["comment"]); + $name = $_POST["name"]; + $email = $_POST["email"]; + $comment = $_POST["comment"]; $role = preg_replace('/[^0-2]+/', '', $_POST["role"]); $isHidden = (isset($_POST["ishidden"]) && $_POST["ishidden"]==1 ? 1 : 0);