diff --git a/CHANGELOG b/CHANGELOG index 70b9d71ef..7a90ae4b1 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -325,6 +325,9 @@ Changes in version 5.1.40 -------------------------------------------------------------------------------- - fix saving user data when language selection is turned of (Closes: #568) +- add much better support for new storage drivers +- fix possible xss attacks +- saver way to collect plugin configuration -------------------------------------------------------------------------------- Changes in version 5.1.39 diff --git a/doc/README.Converters b/doc/README.Converters index 8f83c1307..32a73f72f 100644 --- a/doc/README.Converters +++ b/doc/README.Converters @@ -49,6 +49,9 @@ application/vnd.openxmlformats-officedocument.wordprocessingml.document application/msword catdoc %s +application/vnd.oasis.opendocument.text + odt2txt %s + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx2csv -d tab %s diff --git a/inc/inc.ClassExtensionMgr.php b/inc/inc.ClassExtensionMgr.php index 2db53d0f9..f8f0a06ca 100644 --- a/inc/inc.ClassExtensionMgr.php +++ b/inc/inc.ClassExtensionMgr.php @@ -210,13 +210,19 @@ class SeedDMS_Extension_Mgr { $fp = @fopen(self::getExtensionsConfFile(), "w"); if($fp) { if($extensions) { + $EXT_CONF = []; foreach($extensions as $_ext) { if(file_exists($this->extdir . "/" . $_ext . "/conf.php")) { - $content = file_get_contents($this->extdir . "/" . $_ext . "/conf.php"); - fwrite($fp, $content); + include $this->extdir . "/" . $_ext . "/conf.php"; +// $content = file_get_contents($this->extdir . "/" . $_ext . "/conf.php"); +// fwrite($fp, $content); } } } +// fclose($fp); +// $fp = @fopen(self::getExtensionsConfFile(), "w"); + fwrite($fp, 'get('/{path:.*}', function($request, $response) { + $app->get('/{path:.*}', function($request, $response) use ($settings) { return $response ->withHeader('Location', $settings->_httpRoot.'out/out.ViewFolder.php') ->withStatus(302); diff --git a/views/bootstrap/class.Bootstrap.php b/views/bootstrap/class.Bootstrap.php index e99dd1070..3532d134e 100644 --- a/views/bootstrap/class.Bootstrap.php +++ b/views/bootstrap/class.Bootstrap.php @@ -3417,7 +3417,7 @@ $('body').on('click', '[id^=\"table-row-folder\"] td:nth-child(2)', function(ev) $extracontent = array_merge($extracontent, $ec); $content .= ""; - if (file_exists($dms->contentDir . $latestContent->getPath())) { + if ($latestContent->exists()) { $previewhtml = $this->callHook('documentListPreview', $previewer, $document, $latestContent); if(is_string($previewhtml)) $content .= $previewhtml; diff --git a/views/bootstrap/class.Clipboard.php b/views/bootstrap/class.Clipboard.php index cce60ab47..7899bb055 100644 --- a/views/bootstrap/class.Clipboard.php +++ b/views/bootstrap/class.Clipboard.php @@ -52,12 +52,12 @@ class SeedDMS_View_Clipboard extends SeedDMS_Theme_Style { $subitems = []; foreach($clipboard['folders'] as $folderid) { if($folder = $this->params['dms']->getFolder($folderid)) { - $subitems[] = array('label'=>' '.$folder->getName(), 'link'=>$this->params['settings']->_httpRoot."out/out.ViewFolder.php?folderid=".$folder->getID(), 'class'=>"table-row-folder droptarget", 'attributes'=>array(array('data-droptarget', "folder_".$folder->getID()), array('rel', "folder_".$folder->getID()), array('data-name', htmlspecialchars($folder->getName(), ENT_QUOTES)))); + $subitems[] = array('label'=>' '.htmlspecialchars($folder->getName()), 'link'=>$this->params['settings']->_httpRoot."out/out.ViewFolder.php?folderid=".$folder->getID(), 'class'=>"table-row-folder droptarget", 'attributes'=>array(array('data-droptarget', "folder_".$folder->getID()), array('rel', "folder_".$folder->getID()), array('data-name', htmlspecialchars($folder->getName(), ENT_QUOTES)))); } } foreach($clipboard['docs'] as $docid) { if($document = $this->params['dms']->getDocument($docid)) - $subitems[] = array('label'=>' '.$document->getName(), 'link'=>$this->params['settings']->_httpRoot."out/out.ViewDocument.php?documentid=".$document->getID(), 'class'=>"table-row-document droptarget", 'attributes'=>array(array('data-droptarget', "document_".$document->getID()), array('rel', "document_".$document->getID()), array('formtoken', createFormKey('')), array('data-name', htmlspecialchars($document->getName(), ENT_QUOTES)))); + $subitems[] = array('label'=>' '.htmlspecialchars($document->getName()), 'link'=>$this->params['settings']->_httpRoot."out/out.ViewDocument.php?documentid=".$document->getID(), 'class'=>"table-row-document droptarget", 'attributes'=>array(array('data-droptarget', "document_".$document->getID()), array('rel', "document_".$document->getID()), array('formtoken', createFormKey('')), array('data-name', htmlspecialchars($document->getName(), ENT_QUOTES)))); } if((count($clipboard['docs']) + count($clipboard['folders'])) > 0) { $subitems[] = array('divider'=>true); diff --git a/views/bootstrap/class.Info.php b/views/bootstrap/class.Info.php index 119f85f10..88c118c5f 100644 --- a/views/bootstrap/class.Info.php +++ b/views/bootstrap/class.Info.php @@ -13,11 +13,6 @@ * @version Release: @package_version@ */ -/** - * Include parent class - */ -//require_once("class.Bootstrap.php"); - /** * Class which outputs the html page for Info view * @@ -60,17 +55,30 @@ class SeedDMS_View_Info extends SeedDMS_Theme_Style { $this->rowStart(); $this->columnStart(6); $this->contentHeading(getMLText("seeddms_info")); - $seedextensions = $extmgr->getExtensionConfiguration(); echo "\n"; echo "\n\n"; - echo ""; - echo "\n"; + echo "\n"; echo "\n\n\n"; $dbversion = $dms->getDBVersion(); - echo "\n"; + echo "\n"; if($user->isAdmin()) { - echo "\n"; + $storage = $dms->getStorage(); + echo "\n"; + echo "\n"; + } + echo "\n
".getMLText("name"); - echo "".getMLText("name")."
".getMLText('seeddms_version')."".$version->version()."
".getMLText('seeddms_version')."".$version->version()."
".getMLText('database_schema_version')."".$dbversion['major'].".".$dbversion['minor'].".".$dbversion['subminor']."
".getMLText('database_schema_version')."".$dbversion['major'].".".$dbversion['minor'].".".$dbversion['subminor']."
".getMLText('storage')."".($storage ? $storage->info() : "legacy")."
\n"; + + if($user->isAdmin()) { + $this->contentHeading(getMLText("extension_info")); + echo "\n"; + echo "\n\n"; + echo ""; + echo ""; + echo "\n"; + echo "\n"; + echo "\n\n\n"; + $seedextensions = $extmgr->getExtensionConfiguration(); foreach($seedextensions as $extname=>$extconf) { echo ""; echo "\n"; } + echo "\n
".getMLText("name"); + echo "".getMLText("version")."
"; if(!$settings->extensionIsDisabled($extname)) @@ -85,8 +93,8 @@ class SeedDMS_View_Info extends SeedDMS_Theme_Style { echo "".$extname."
".$extconf['title']."		".$extconf['version']."
\n"; } - echo "\n\n"; $this->columnEnd(); $this->columnStart(6); if($user->isAdmin()) { diff --git a/views/bootstrap/class.Settings.php b/views/bootstrap/class.Settings.php index 90d4cc404..8c762ec68 100644 --- a/views/bootstrap/class.Settings.php +++ b/views/bootstrap/class.Settings.php @@ -724,7 +724,7 @@ if(($kkk = $this->callHook('getFullSearchEngine')) && is_array($kkk)) switch($conf['type']) { case 'checkbox': ?> - " value="">" value="1" _extensions[$extname][$confkey]) && $settings->_extensions[$extname][$confkey]) echo 'checked'; ?> /> + " value="">" value="1" _extensions[$extname][$confkey]) && $settings->_extensions[$extname][$confkey]) echo 'checked'; ?> /> callHook('getFullSearchEngine')) && is_array($kkk)) $order = empty($conf['order']) ? '' : $conf['order']; if(!empty($conf['options'])) { $selections = empty($settings->_extensions[$extname][$confkey]) ? array() : explode(",", $settings->_extensions[$extname][$confkey]); - echo ""; if(is_array($conf['options'])) { $options = $conf['options']; } elseif(is_string($conf['options']) && $conf['options'] == 'hook') { diff --git a/views/bootstrap/class.Tasks.php b/views/bootstrap/class.Tasks.php index 4c778b8cd..419ebbc5c 100644 --- a/views/bootstrap/class.Tasks.php +++ b/views/bootstrap/class.Tasks.php @@ -298,7 +298,7 @@ class SeedDMS_View_Tasks extends SeedDMS_Theme_Style { $subitems = []; foreach($tasks['review'] as $t) { $doc = $dms->getDocument($t['id']); - $subitems[] = array('label'=>$doc->getName(), 'link'=>$this->params['settings']->_httpRoot."out/out.ViewDocument.php?documentid=".$doc->getID()."¤ttab=revapp", 'class'=>"table-row-document", 'rel'=>"document_".$doc->getID()); + $subitems[] = array('label'=>htmlspecialchars($doc->getName()), 'link'=>$this->params['settings']->_httpRoot."out/out.ViewDocument.php?documentid=".$doc->getID()."¤ttab=revapp", 'class'=>"table-row-document", 'rel'=>"document_".$doc->getID()); } $menuitems['tasks']['children']['review'] = array('label'=>getMLText('documents_to_review'), 'children'=>$subitems); @@ -307,7 +307,7 @@ class SeedDMS_View_Tasks extends SeedDMS_Theme_Style { $subitems = []; foreach($tasks['approval'] as $t) { $doc = $dms->getDocument($t['id']); - $subitems[] = array('label'=>$doc->getName(), 'link'=>$this->params['settings']->_httpRoot."out/out.ViewDocument.php?documentid=".$doc->getID()."¤ttab=revapp", 'class'=>"table-row-document", 'rel'=>"document_".$doc->getID()); + $subitems[] = array('label'=>htmlspecialchars($doc->getName()), 'link'=>$this->params['settings']->_httpRoot."out/out.ViewDocument.php?documentid=".$doc->getID()."¤ttab=revapp", 'class'=>"table-row-document", 'rel'=>"document_".$doc->getID()); } $menuitems['tasks']['children']['approval'] = array('label'=>getMLText('documents_to_approve'), 'children'=>$subitems); } @@ -315,7 +315,7 @@ class SeedDMS_View_Tasks extends SeedDMS_Theme_Style { $subitems = []; foreach($tasks['workflow'] as $t) { $doc = $dms->getDocument($t['id']); - $subitems[] = array('label'=>$doc->getName(), 'link'=>$this->params['settings']->_httpRoot."out/out.ViewDocument.php?documentid=".$doc->getID()."¤ttab=workflow", 'class'=>"table-row-document", 'rel'=>"document_".$doc->getID()); + $subitems[] = array('label'=>htmlspecialchars($doc->getName()), 'link'=>$this->params['settings']->_httpRoot."out/out.ViewDocument.php?documentid=".$doc->getID()."¤ttab=workflow", 'class'=>"table-row-document", 'rel'=>"document_".$doc->getID()); } $menuitems['tasks']['children']['workflow'] = array('label'=>getMLText('documents_to_trigger_workflow'), 'children'=>$subitems); } @@ -347,7 +347,7 @@ class SeedDMS_View_Tasks extends SeedDMS_Theme_Style { $subitems = []; foreach($tasks['rejected'] as $t) { $doc = $dms->getDocument($t['id']); - $subitems[] = array('label'=>$doc->getName(), 'link'=>$this->params['settings']->_httpRoot."out/out.ViewDocument.php?documentid=".$doc->getID()."¤ttab=docinfo", 'class'=>"table-row-document", 'rel'=>"document_".$doc->getID()); + $subitems[] = array('label'=>htmlspecialchars($doc->getName()), 'link'=>$this->params['settings']->_httpRoot."out/out.ViewDocument.php?documentid=".$doc->getID()."¤ttab=docinfo", 'class'=>"table-row-document", 'rel'=>"document_".$doc->getID()); } $menuitems['tasks']['children']['rejected'] = array('label'=>getMLText('documents_rejected'), 'children'=>$subitems); } diff --git a/views/bootstrap/class.ViewDocument.php b/views/bootstrap/class.ViewDocument.php index f99c24f21..65b010578 100644 --- a/views/bootstrap/class.ViewDocument.php +++ b/views/bootstrap/class.ViewDocument.php @@ -321,7 +321,7 @@ $(document).ready( function() { foreach($files as $file) { - $file_exists=file_exists($dms->contentDir . $file->getPath()); + $file_exists = $file->exists();//file_exists($dms->contentDir . $file->getPath()); $responsibleUser = $file->getUser(); @@ -357,7 +357,7 @@ $(document).ready( function() { print "
  • ".htmlspecialchars($file->getOriginalFileName())."
    • \n"; if ($file_exists) { $realmimetype = $file->getRealMimeType(); - print "
  • ".SeedDMS_Core_File::format_filesize(filesize($dms->contentDir . $file->getPath())) ." bytes, ".htmlspecialchars($file->getMimeType())."
    • "; + print "
  • ".SeedDMS_Core_File::format_filesize($file->size()) ." bytes, ".htmlspecialchars($file->getMimeType())."
    • "; } else print "
  • ".htmlspecialchars($file->getMimeType())." - ".getMLText("document_deleted")."
    • "; print "
  • ".getMLText("uploaded_by")." getEmail())."\">".htmlspecialchars($responsibleUser->getFullName())."
    • "; @@ -733,7 +733,7 @@ $(document).ready( function() { $previewwidthdetail = $this->params['previewWidthDetail']; // verify if file exists - $file_exists=file_exists($dms->contentDir . $latestContent->getPath()); + $file_exists = $latestContent->exists(); //file_exists($dms->contentDir . $latestContent->getPath()); $status = $latestContent->getStatus(); @@ -2050,4 +2050,3 @@ $(document).ready( function() { $this->htmlEndPage(); } /* }}} */ } -?> diff --git a/views/bootstrap4/class.Bootstrap4.php b/views/bootstrap4/class.Bootstrap4.php index 0dfb89c9a..b106741a9 100644 --- a/views/bootstrap4/class.Bootstrap4.php +++ b/views/bootstrap4/class.Bootstrap4.php @@ -3390,7 +3390,7 @@ $('body').on('click', '[id^=\"table-row-folder\"] td:nth-child(2)', function(ev) $extracontent = array_merge($extracontent, $ec); $content .= ""; - if (file_exists($dms->contentDir . $latestContent->getPath())) { + if ($latestContent->exists()) { $previewhtml = $this->callHook('documentListPreview', $previewer, $document, $latestContent); if(is_string($previewhtml)) $content .= $previewhtml;