gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-10-30 20:51:22 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

- merge from trunk with lots of security fixes

Browse Source
This commit is contained in:
steinm 2012-08-31 08:49:33 +00:00
commit d30fa0b141
63 changed files with 505 additions and 442 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
CHANGELOG
View File

@ -8,10 +8,15 @@
- added autocompletion to document chooser
- do not list documents in search result which cannot be accessed by the user
-------------------------------------------------------------------------------
Changes in version 3.3.8
--------------------------------------------------------------------------------
- more security fixes for preventing CSRF attacks
--------------------------------------------------------------------------------
Changes in version 3.3.7
--------------------------------------------------------------------------------
- major security update which fixeѕ lots of possible XSS and CSRF attacts
- major security update which fixeѕ lots of possible XSS and CSRF attacks
- comment is no longer needed when adding a user, email is now required (this
time it is really changed)

2
LetoDMS_Core/Core/inc.ClassDMS.php
View File

@ -940,7 +940,7 @@ class LetoDMS_Core_DMS {
}
if($role == '')
$role = '0';
$queryStr = "INSERT INTO tblUsers (login, pwd, fullName, email, language, theme, comment, role, hidden, disable, pwdExpiration) VALUES ('".$login."', '".$pwd."', '".$fullName."', '".$email."', '".$language."', '".$theme."', '".$comment."', '".$role."', '".$isHidden."', '".$isDisabled."', '".$pwdexpiration."')";
$queryStr = "INSERT INTO tblUsers (login, pwd, fullName, email, language, theme, comment, role, hidden, disabled, pwdExpiration) VALUES ('".$login."', '".$pwd."', '".$fullName."', '".$email."', '".$language."', '".$theme."', '".$comment."', '".$role."', '".$isHidden."', '".$isDisabled."', '".$pwdexpiration."')";
$res = $this->db->getResult($queryStr);
if (!$res)
return false;

2
Makefile
View File

@ -1,4 +1,4 @@
VERSION=3.4.0-pre1
VERSION=3.4.0
SRC=CHANGELOG* inc conf utils index.php languages op out README README.Notification reset_db.sql drop-tables-innodb.sql delete_all_contents.sql styles js TODO LICENSE Makefile webdav install
dist:

12
inc/inc.ClassSession.php
View File

@ -57,6 +57,7 @@ class LetoDMS_Session {
*/
function __construct($db) { /* {{{ */
$this->db = $db;
$this->id = false;
} /* }}} */
/**
@ -75,6 +76,7 @@ class LetoDMS_Session {
$queryStr = "UPDATE tblSessions SET lastAccess = " . mktime() . " WHERE id = " . $this->db->qstr($id);
if (!$this->db->getResult($queryStr))
return false;
$this->id = $id;
return $resArr[0];
} /* }}} */
@ -123,7 +125,17 @@ class LetoDMS_Session {
if (!$this->db->getResult($queryStr)) {
return false;
}
$this->id = false;
return true;
} /* }}} */
/**
* Get session id
*
* @return string session id
*/
function getId() { /* {{{ */
return $this->id;
} /* }}} */
}
?>

5
inc/inc.ClassSettings.php
View File

@ -53,6 +53,9 @@ class Settings { /* {{{ */
// Restricted access: only allow users to log in if they have an entry in
// the local database (irrespective of successful authentication with LDAP).
var $_restricted = true;
// abitray string used for creation of unique identifiers (e.g. the form
// key created by createFormKey())
var $_encryptionKey = '';
// Strict form checking
var $_strictFormCheck = false;
// Path to where letoDMS is located
@ -300,6 +303,7 @@ class Settings { /* {{{ */
$this->_passwordExpiration = intval($tab["passwordExpiration"]);
$this->_passwordHistory = intval($tab["passwordHistory"]);
$this->_loginFailure = intval($tab["loginFailure"]);
$this->_encryptionKey = strval($tab["encryptionKey"]);
$this->_restricted = Settings::boolVal($tab["restricted"]);
$this->_enableUserImage = Settings::boolVal($tab["enableUserImage"]);
$this->_disableSelfEdit = Settings::boolVal($tab["disableSelfEdit"]);
@ -525,6 +529,7 @@ class Settings { /* {{{ */
$this->setXMLAttributValue($node, "passwordExpiration", $this->_passwordExpiration);
$this->setXMLAttributValue($node, "passwordHistory", $this->_passwordHistory);
$this->setXMLAttributValue($node, "loginFailure", $this->_loginFailure);
$this->setXMLAttributValue($node, "encryptionKey", $this->_encryptionKey);
$this->setXMLAttributValue($node, "restricted", $this->_restricted);
$this->setXMLAttributValue($node, "enableUserImage", $this->_enableUserImage);
$this->setXMLAttributValue($node, "disableSelfEdit", $this->_disableSelfEdit);

56
inc/inc.Utils.php
View File

@ -280,4 +280,60 @@ function showtree() { /* {{{ */
return 1;
} /* }}} */
/**
* Create a unique key which is used for form validation to prevent
* CSRF attacks. The key is added to a any form that has to be secured
* as a hidden field. Once the form is submitted the key is compared
* to the current key in the session and the request is only executed
* if both are equal. The key is derived from the session id, a configurable
* encryption key and form identifierer.
*
* @param string $formid individual form identifier
* @return string session key
*/
function createFormKey($formid='') { /* {{{ */
global $settings, $session;
if($id = $session->getId()) {
return md5($id.$settings->_encryptionKey.$formid);
} else {
return false;
}
} /* }}} */
/**
* Create a hidden field with the name 'formtoken' and set its value
* to the key returned by createFormKey()
*
* @param string $formid individual form identifier
* @return string input field for html formular
*/
function createHiddenFieldWithKey($formid='') { /* {{{ */
return '<input type="hidden" name="formtoken" value="'.createFormKey($formid).'" />';
} /* }}} */
/**
* Check if the form key in the POST or GET request variable 'formtoken'
* has the value of key returned by createFormKey(). Request to modify
* data in the DMS should always use POST because it is harder to run
* CSRF attacks using POST than GET.
*
* @param string $formid individual form identifier
* @param string $method defines if the form data is pass via GET or
* POST (default)
* @return boolean true if key matches otherwise false
*/
function checkFormKey($formid='', $method='POST') { /* {{{ */
switch($method) {
case 'GET':
if(isset($_GET['formtoken']) && $_GET['formtoken'] == createFormKey($formid))
return true;
break;
default:
if(isset($_POST['formtoken']) && $_POST['formtoken'] == createFormKey($formid))
return true;
}
return false;
} /* }}} */
?>

147
install.txt
View File

@ -1,147 +0,0 @@
NOTE:
creare il db mydms
crere utente mydms con permessi sul db
mysql -D mydms -u mydms -pmydms < create_tables.sql
installare adodb versione 4
modificare inc/inc.Settings.php
-------------------------------------------------------------------
MyDMS 1.7.2 Installation Instructions
-------------------------------------------------------------------
1. Requirements
MyDMS is a web-based application written in PHP. It uses the MySQL RDBMS to
manage the documents that are loaded into the application.
Make sure you have PHP 4.0 or higher installed, and MySQL 4 or higher. MyDMS
will work with PHP running in CGI-mode as well as running as module under
apache. If you want to give your users the opportunity of uploading passport
photos you have to enable the gd-library (but the rest of MyDMS will
work without gd, too).
You will also need to download and install the ADODB database
abstraction library from http://adodb.sf.net/ since MyDMS relies
upon it for all database connectivity.
2. Installation & Configuration
Unzip the downloaded file (mydms-1.7.2.zip) in a directory that is
accessible via your web server.
You will also need to create a directory where the uploaded files
are stored. This directory should not be accessible via your
web-server for security reasons (create it outside of your www-root
directory or put an appropriate .htaccess file in it).
Download the ADODB package from SourceForge. The URL for the ADODB project
page is:
http://adodb.sourceforge.net/
Extract the distribution into a suitable directory. For example, one can
extract the files into the MyDMS root directory.
Next you should set up your Database. Use the included script
create_tables.sql. Since the exact procedure differs on the
different database-systems I cannot give you a detailed instruction
here. Post any questions concering this problem to the MyDMS-Forum. In
general, create the database, make sure that the database has been selected
(e.g. "USE mydms;"), then run the script. As of 1.6.0, you must make sure
that the database user has "create temporary table" privileges.
N.B. If the create_tables.sql script fails, it may be because the database
has been configured to use InnoDB tables by default instead of MyISAM tables.
If this is the case, it will be necessary to alter the sript such that each
create table command has the text " ENGINE = MyISAM" appended to the end,
immediately prior to the semi-colon. For example:
Before:
CREATE TABLE `tblDocumentLocks` (
`document` int(11) NOT NULL default '0',
`userID` int(11) NOT NULL default '0',
PRIMARY KEY (`document`)
) ;
After:
CREATE TABLE `tblDocumentLocks` (
`document` int(11) NOT NULL default '0',
`userID` int(11) NOT NULL default '0',
PRIMARY KEY (`document`)
) ENGINE = MyISAM ;
Now edit the configuration file. First, go to the "inc" directory and copy
(or move) "inc.Settings-sample.php" to "inc.Settings.php". Open the file and
set the variables to the correct values (you will find a short description
for each variable in the file itself).
TIP: You can find out your root-directory by placing the following
line into a php-file: <?php phpInfo(); ?>
Open it with your browser and look for "DOCUMENT_ROOT".
When running into problems with the db-settings, read the readme-file
in the adodb-directory or post questions to the MyDMS-Forum.
By default PHP allows only files to be uploaded that are up to 2Mb
in size. You can change this limit by editing php.ini: Search for
"upload_max_filesize" and set it to the appropriate value (you
should also change the value for "post_max_size" and make sure that
your web-server does not limit the size either).
3. Email Notification
A new, re-vamped Notification system allows users to receive an email when a
document or folder is changed. This is a new, event-based mechanism that
notifies the user as soon as the change has been made and replaces the
cron mechanism originally developed. Any user that has read access to a
document or folder can subscribe to be notified of changes. Users that
have been assigned as reviewers or approvers for a document are
automatically added to the notification system for that document.
A new page has been created for users to assist with the management of
their notification subscriptions. This can be found in the "My Account"
section under "Notification List".
4. Auto-conversion to HTML
Version 1.3.0 introduces a new feature: Documents can automatically be
converted to HTML when uploading.
You can enable this feature by setting $_enableConverting (in
inc.Settings.php) to true.
You will also need to edit $_convertFileTypes (again in
inc.Settings.php). This array defines which file-types are converted
and how.
Under windows Word-, Excel- and Powerpoint-Files are automatically
converted using js-Scipts and MS-Office. I tested it with Office 2000
and it worked just fine.
Under Linux mswordview is used to convert Word-Files by default.
Warning: Getting this feature working can be very tricky but if it
works it is a great enhancement I think.
Especially IIS could cause problems with its IIS-Guest-Account not
having enough rights to execute Word or Excel...
You will also have to edit your httpd.conf to be able to view the converted
files online. Load mod_rewrite and add to following lines to your conf:
RewriteEngine on
RewriteCond %{REQUEST_URI} (.*)viewonline/([0-9]+)/([0-9]+)/(.+)$
RewriteRule (.*)viewonline/([0-9]+)/([0-9]+)/(.+)$ $1op.ViewOnline.php?request=$2:$3 [PT]
IIS Users can download the IIS Rewrite Engine for example:
http://www.qwerksoft.com/products/iisrewrite/
Post any questions to the MyDMS forum, please.
5. Nearly finished
Now point your browser to http://your.server.com/mydms/index.php
and login with "admin" both as username and password.
After having logged in you should first choose "My Account" and
change the Administrator's password and email-address.

2
install/settings.xml.template_install
View File

@ -90,6 +90,7 @@
- passwordExpiration: number of days after password expires
- passwordHistory: number of remembered passwords
- passwordStrengthAlgorithm: algorithm used to calculate password strenght (simple or advanced)
- encryptionKey: arbitrary string used for creating identifiers
-->
<authentication
enableGuestLogin = "false"
@ -102,6 +103,7 @@
passwordHistory="0"
passwordStrengthAlgorithm="simple"
loginFailure="0"
encryptionKey=""
>
<connectors>
<!-- ***** CONNECTOR LDAP *****

6
languages/Catalan/lang.txt
View File

@ -142,7 +142,7 @@ $text["documents_user_requiring_attention"] = "Documents de la seva propietat qu
$text["document_title"] = "Document '[documentname]'";
$text["document_updated_email"] = "Document actualizat";
$text["does_not_expire"] = "No caduca";
$text["does_not_inherit_access_msg"] = "<a class=\"inheritAccess\" href=\"[inheriturl]\">heretar l'accés</a>";
$text["does_not_inherit_access_msg"] = "heretar l'accés";
$text["download"] = "Descarregar";
$text["draft_pending_approval"] = "Esborrany - pendent d'aprovació";
$text["draft_pending_review"] = "Esborrany - pendent de revisió";
@ -213,7 +213,9 @@ $text["human_readable"] = "Arxiu llegible per humans";
$text["include_documents"] = "Incloure documents";
$text["include_subdirectories"] = "Incloure subdirectoris";
$text["individuals"] = "Individuals";
$text["inherits_access_msg"] = "Accés heretat.<p><a class=\"inheritAccess\" href=\"[copyurl]\">Copiar llista d'accés heretat</a><br /><a class=\"inheritAccess\" href=\"[emptyurl]\">Començar amb una llista d'accés buida</a>";
$text["inherits_access_msg"] = "Accés heretat";
$text["inherits_access_copy_msg"] = "Copiar llista d'accés heretat";
$text["inherits_access_empty_msg"] = "Començar amb una llista d'accés buida";
$text["internal_error_exit"] = "Error intern. No és possible acabar la sol.licitud. Acabat.";
$text["internal_error"] = "Error intern";
$text["invalid_access_mode"] = "No és valid el mode d'accés";

7
languages/Chinese_ZH_CN/lang.inc
View File

@ -130,7 +130,7 @@ $text["documents_user_requiring_attention"] = "需您关注的文档";// "Docume
$text["document_title"] = "文档名称 '[documentname]'";// "Document '[documentname]'";
$text["document_updated_email"] = "文档已被更新";// "Document updated";
$text["does_not_expire"] = "永不过期";// "Does not expire";
$text["does_not_inherit_access_msg"] = "<a class=\"inheritAccess\" href=\"[inheriturl]\">继承访问权限</a>";// "<a class= "";//\"inheritAccess\" href= "";//\"[inheriturl]\">Inherit access</a>";
$text["does_not_inherit_access_msg"] = "继承访问权限";// "<a class= "";//\"inheritAccess\" href= "";//\"[inheriturl]\">Inherit access</a>";
$text["download"] = "下载";// "Download";
$text["draft_pending_approval"] = "待审核";// "Draft - pending approval";
$text["draft_pending_review"] = "待校对";// "Draft - pending review";
@ -196,7 +196,9 @@ $text["human_readable"] = "可读存档";// "Human readable archive";
$text["include_documents"] = "包含文档";// "Include documents";
$text["include_subdirectories"] = "包含子目录";// "Include subdirectories";
$text["individuals"] = "个人";// "Individuals";
$text["inherits_access_msg"] = "继承访问权限<p><a class=\"inheritAccess\" href=\"[copyurl]\">复制继承访问权限列表</a><br><a class=\"inheritAccess\" href=\"[emptyurl]\">从访问权限空列表开始</a>";//"Access is being inherited.<p><a class=\"inheritAccess\" href=\"[copyurl]\">Copy inherited access list</a><br><a class=\"inheritAccess\" href=\"[emptyurl]\">Start with empty access list</a>";
$text["inherits_access_msg"] = "继承访问权限";//"Access is being inherited.<p><a class=\"inheritAccess\" href=\"[copyurl]\">Copy inherited access list</a><br><a class=\"inheritAccess\" href=\"[emptyurl]\">Start with empty access list</a>";
$text["inherits_access_copy_msg"] = "复制继承访问权限列表";
$text["inherits_access_empty_msg"] = "从访问权限空列表开始";
$text["internal_error_exit"] = "内部错误.无法完成请求.离开系统";// "Internal error. Unable to complete request. Exiting.";
$text["internal_error"] = "内部错误";// "Internal error";
$text["invalid_access_mode"] = "无效访问模式";// "Invalid Access Mode";
@ -209,6 +211,7 @@ $text["invalid_file_id"] = "无效文件ID号";// "Invalid file ID";
$text["invalid_folder_id"] = "无效文件夹ID号";// "Invalid Folder ID";
$text["invalid_group_id"] = "无效组别ID号";// "Invalid Group ID";
$text["invalid_link_id"] = "无效链接标示";// "Invalid link identifier";
$text["invalid_request_token"] = "Invalid Request Token";
$text["invalid_review_status"] = "无效校对状态";// "Invalid Review Status";
$text["invalid_sequence"] = "无效序列值";// "Invalid sequence value";
$text["invalid_status"] = "无效文档状态";// "Invalid Document Status";

7
languages/Chinese_ZH_TW/lang.inc
View File

@ -135,7 +135,7 @@ $text["documents_to_approve"] = "Documents Awaiting User's Approval";
$text["documents_to_review"] = "Documents Awaiting User's Review";
$text["documents_user_requiring_attention"] = "Documents Owned by User That Require Attention";
$text["does_not_expire"] = "‰é䆙ƉüĆ£–";
$text["does_not_inherit_access_msg"] = "<a class=\"inheritAccess\" href=\"[inheriturl]\">„¹ì†ÿ¯‡ ­†ëÀ‡Üä…¡ÿ…Åû†¼è‰ÖÉ</a>";
$text["does_not_inherit_access_msg"] = "„¹ì†ÿ¯‡ ­†ëÀ‡Üä…¡ÿ…Åû†¼è‰ÖÉ";
$text["download"] = "†¬ö†íꄹë";
$text["draft_pending_approval"] = "Draft - pending approval";
$text["draft_pending_review"] = "Draft - pending review";
@ -219,7 +219,9 @@ $text["guest_login_disabled"] = "Guest login is disabled.";
$text["individual_approvers"] = "Individual Approvers";
$text["individual_reviewers"] = "Individual Reviewers";
$text["individuals"] = "Individuals";
$text["inherits_access_msg"] = "ˆ«Ç…¯½†¼è‰ÖɈ󽇠­†ëÀƒÇé<p><a class=\"inheritAccess\" href=\"[copyurl]\">ˆñçˆú»†¼è‰ÖÉ…êùˆí¿</a><br><a class=\"inheritAccess\" href=\"[emptyurl]\">„»À‡ö¿‡¨¦‡Ü䆼è‰ÖÉ…êùˆí¿</a>";
$text["inherits_access_msg"] = "ˆ«Ç…¯½†¼è‰ÖɈ󽇠­†ëÀƒÇé";
$text["inherits_access_copy_msg"] = "ˆñçˆú»†¼è‰ÖÉ…êùˆí¿";
$text["inherits_access_empty_msg"] = "„»À‡ö¿‡¨¦‡Ü䆼è‰ÖÉ…êùˆí¿";
$text["internal_error"] = "Internal error";
$text["internal_error_exit"] = "Internal error. Unable to complete request. Exiting.";
$text["invalid_access_mode"] = "Invalid Access Mode";
@ -231,6 +233,7 @@ $text["invalid_doc_id"] = "Invalid Document ID";
$text["invalid_folder_id"] = "Invalid Folder ID";
$text["invalid_group_id"] = "Invalid Group ID";
$text["invalid_link_id"] = "Invalid link identifier";
$text["invalid_request_token"] = "Invalid Request Token";
$text["invalid_review_status"] = "Invalid Review Status";
$text["invalid_sequence"] = "Invalid sequence value";
$text["invalid_status"] = "Invalid Document Status";

7
languages/Czech/lang.inc
View File

@ -143,7 +143,7 @@ $text["documents_user_requiring_attention"] = "Dokumenty, které uživatel vlast
$text["document_title"] = "Dokument '[documentname]'";
$text["document_updated_email"] = "Dokument aktualizován";
$text["does_not_expire"] = "Platnost nikdy nevyprší";
$text["does_not_inherit_access_msg"] = "<a class=\"inheritAccess\" href=\"[inheriturl]\">Zdědit přístup</a>";
$text["does_not_inherit_access_msg"] = "Zdědit přístup";
$text["download"] = "Stáhnout";
$text["draft_pending_approval"] = "Návrh - čeká na schválení";
$text["draft_pending_review"] = "Návrh - čeká na kontrolu";
@ -214,7 +214,9 @@ $text["human_readable"] = "Bežně čitelný archiv";
$text["include_documents"] = "Včetně dokumentů";
$text["include_subdirectories"] = "Včetně podadresářů";
$text["individuals"] = "Jednotlivci";
$text["inherits_access_msg"] = "Přístup se dědí.<p><a class=\"inheritAccess\" href=\"[copyurl]\">Zkopírovat zděděný seznam řízení přístupu</a><br><a class=\"inheritAccess\" href=\"[emptyurl]\">Založit nový seznam řízení přístupu</a>";
$text["inherits_access_msg"] = "Přístup se dědí.";
$text["inherits_access_copy_msg"] = "Zkopírovat zděděný seznam řízení přístupu";
$text["inherits_access_empty_msg"] = "Založit nový seznam řízení přístupu";
$text["internal_error_exit"] = "Vnitřní chyba. Nebylo možné dokončit požadavek. Ukončuje se.";
$text["internal_error"] = "Vnitřní chyba";
$text["invalid_access_mode"] = "Neplatný režim přístupu";
@ -227,6 +229,7 @@ $text["invalid_file_id"] = "Nevalidní ID souboru";
$text["invalid_folder_id"] = "Neplatné ID adresáře";
$text["invalid_group_id"] = "Neplatné ID skupiny";
$text["invalid_link_id"] = "Neplatné ID odkazu";
$text["invalid_request_token"] = "Invalid Request Token";
$text["invalid_review_status"] = "Neplatný stav kontroly";
$text["invalid_sequence"] = "Neplatná hodnota posloupnosti";
$text["invalid_status"] = "Neplatný stav dokumentu";

9
languages/English/lang.inc
View File

@ -152,7 +152,7 @@ $text["documents_user_requiring_attention"] = "Documents owned by you that requi
$text["document_title"] = "Document '[documentname]'";
$text["document_updated_email"] = "Document updated";
$text["does_not_expire"] = "Does not expire";
$text["does_not_inherit_access_msg"] = "<a class=\"inheritAccess\" href=\"[inheriturl]\">Inherit access</a>";
$text["does_not_inherit_access_msg"] = "Inherit access";
$text["download"] = "Download";
$text["draft_pending_approval"] = "Draft - pending approval";
$text["draft_pending_review"] = "Draft - pending review";
@ -227,7 +227,9 @@ $text["include_documents"] = "Include documents";
$text["include_subdirectories"] = "Include subdirectories";
$text["index_converters"] = "Index document conversion";
$text["individuals"] = "Individuals";
$text["inherits_access_msg"] = "Access is being inherited.<p><a class=\"inheritAccess\" href=\"[copyurl]\">Copy inherited access list</a><br><a class=\"inheritAccess\" href=\"[emptyurl]\">Start with empty access list</a>";
$text["inherits_access_msg"] = "Access is being inherited.";
$text["inherits_access_copy_msg"] = "Copy inherited access list";
$text["inherits_access_empty_msg"] = "Start with empty access list";
$text["internal_error_exit"] = "Internal error. Unable to complete request. Exiting.";
$text["internal_error"] = "Internal error";
$text["invalid_access_mode"] = "Invalid Access Mode";
@ -240,6 +242,7 @@ $text["invalid_file_id"] = "Invalid file ID";
$text["invalid_folder_id"] = "Invalid Folder ID";
$text["invalid_group_id"] = "Invalid Group ID";
$text["invalid_link_id"] = "Invalid link identifier";
$text["invalid_request_token"] = "Invalid Request Token";
$text["invalid_review_status"] = "Invalid Review Status";
$text["invalid_sequence"] = "Invalid sequence value";
$text["invalid_status"] = "Invalid Document Status";
@ -487,6 +490,8 @@ $text["settings_enableUserImage_desc"] = "Enable users images";
$text["settings_enableUserImage"] = "Enable User Image";
$text["settings_enableUsersView_desc"] = "Enable/disable group and user view for all users";
$text["settings_enableUsersView"] = "Enable Users View";
$text["settings_encryptionKey"] = "Encryption key";
$text["settings_encryptionKey_desc"] = "This string is used for creating a unique identifier being added as a hidden field to a formular in order to prevent CSRF attacks.";
$text["settings_error"] = "Error";
$text["settings_expandFolderTree_desc"] = "Expand Folder Tree";
$text["settings_expandFolderTree"] = "Expand Folder Tree";

7
languages/Francais/lang.inc
View File

@ -143,7 +143,7 @@ $text["documents_user_requiring_attention"] = "Documents détenu par l'utilisate
$text["document_title"] = "Document '[documentname]'";
$text["document_updated_email"] = "Document updated";
$text["does_not_expire"] = "N'expire pas";
$text["does_not_inherit_access_msg"] = "<a class=\"inheritAccess\" href=\"[inheriturl]\">Accès hérité</a>";
$text["does_not_inherit_access_msg"] = "Accès hérité";
$text["download"] = "Téléchargement";
$text["draft_pending_approval"] = "Ébauche - sous approbation";
$text["draft_pending_review"] = "Ébauche - sous révision";
@ -214,7 +214,9 @@ $text["human_readable"] = "Human readable archive";
$text["include_documents"] = "Include documents";
$text["include_subdirectories"] = "Include subdirectories";
$text["individuals"] = "Individuels";
$text["inherits_access_msg"] = "L'accès est hérité.<p><a class=\"inheritAccess\" href=\"[copyurl]\">Copier la liste des accès hérités</a><br><a class=\"inheritAccess\" href=\"[emptyurl]\">Commencer avec une liste d'accès vide</a>";
$text["inherits_access_msg"] = "L'accès est hérité.";
$text["inherits_access_copy_msg"] = "Copier la liste des accès hérités";
$text["inherits_access_empty_msg"] = "Commencer avec une liste d'accès vide";
$text["internal_error_exit"] = "Erreur interne. Impossible d'achever la demande. Sortie du programme.";
$text["internal_error"] = "Erreur interne";
$text["invalid_access_mode"] = "mode d'accès invalide";
@ -227,6 +229,7 @@ $text["invalid_file_id"] = "Invalid file ID";
$text["invalid_folder_id"] = "Identifiant de dossier invalide";
$text["invalid_group_id"] = "Identifiant de groupe invalide";
$text["invalid_link_id"] = "Identifiant de lien invalide";
$text["invalid_request_token"] = "Invalid Request Token";
$text["invalid_review_status"] = "Statut de révision invalide";
$text["invalid_sequence"] = "Valeur de séquence invalide";
$text["invalid_status"] = "Statut de document invalide";

9
languages/German/lang.inc
View File

@ -151,7 +151,7 @@ $text["documents_user_requiring_attention"] = "Diese Dokumente sollte ich mal na
$text["document_title"] = "Dokument '[documentname]'";
$text["document_updated_email"] = "Dokument aktualisiert";
$text["does_not_expire"] = "Keine Gültigkeit";
$text["does_not_inherit_access_msg"] = "<a class=\"inheritAccess\" href=\"[inheriturl]\">Berechtigungen wieder erben</a>";
$text["does_not_inherit_access_msg"] = "Berechtigungen wieder erben";
$text["download"] = "Download";
$text["draft_pending_approval"] = "Entwurf - bevorstehende Freigabe";
$text["draft_pending_review"] = "Entwurf - bevorstehende Prüfung";
@ -226,7 +226,9 @@ $text["include_documents"] = "Dokumente miteinbeziehen";
$text["include_subdirectories"] = "Unterverzeichnisse miteinbeziehen";
$text["index_converters"] = "Index Dokumentenumwandlung";
$text["individuals"] = "Einzelpersonen";
$text["inherits_access_msg"] = "Zur Zeit werden die Rechte geerbt<p><a class=\"inheritAccess\" href=\"[copyurl]\">Berechtigungen kopieren</a><br><a class=\"inheritAccess\" href=\"[emptyurl]\">Leere Zugriffsliste</a>";
$text["inherits_access_msg"] = "Zur Zeit werden die Rechte geerbt";
$text["inherits_access_copy_msg"] = "Berechtigungen kopieren";
$text["inherits_access_empty_msg"] = "Leere Zugriffsliste";
$text["internal_error_exit"] = "Interner Fehler: nicht imstande, Antrag durchzuführen. Herausnehmen. verlassen.";
$text["internal_error"] = "Interner Fehler";
$text["invalid_access_mode"] = "Unzulässige Zugangsart";
@ -239,6 +241,7 @@ $text["invalid_file_id"] = "Ungültige Datei-ID";
$text["invalid_folder_id"] = "Unzulässige Ordneridentifikation";
$text["invalid_group_id"] = "Unzulässige Gruppenidentifikation";
$text["invalid_link_id"] = "Unzulässige Linkbezeichnung";
$text["invalid_request_token"] = "Ungültige Anfragekennung";
$text["invalid_review_status"] = "Unzulässiger Überprüfungssstatus";
$text["invalid_sequence"] = "Unzulässige Reihenfolge der Werte";
$text["invalid_status"] = "Unzulässiger Dokumentenstatus";
@ -487,6 +490,8 @@ $text["settings_enableUserImage"] = "Benutzerbilder einschalten";
$text["settings_enableUsersView_desc"] = "Gruppen- und Benutzeransicht für alle Benutzer ein-/ausschalten";
$text["settings_enableUsersView"] = "Benutzeransicht aktivieren";
$text["settings_error"] = "Fehler";
$text["settings_encryptionKey"] = "Verschlüsselungs-Sequenz";
$text["settings_encryptionKey_desc"] = "Diese Zeichenkette wird verwendet um eine eindeutige Kennung zu erzeugen, die als verstecktes Feld in einem Formular untergebracht wird. Sie dient zur Verhinderung von CSRF-Attacken.";
$text["settings_expandFolderTree_desc"] = "Auswählen, wie der Dokumenten-Baum nach der Anmeldung angezeigt wird.";
$text["settings_expandFolderTree"] = "Dokumenten-Baum";
$text["settings_expandFolderTree_val0"] = "versteckt";

7
languages/Hungarian/lang.inc
View File

@ -135,7 +135,7 @@ $text["documents_to_approve"] = "Documents Awaiting User's Approval";
$text["documents_to_review"] = "Documents Awaiting User's Review";
$text["documents_user_requiring_attention"] = "Documents Owned by User That Require Attention";
$text["does_not_expire"] = "Soha nem jßr le";
$text["does_not_inherit_access_msg"] = "<a class=\"inheritAccess\" href=\"[inheriturl]\">Jogosultsßg ÷r÷k<C3B7>t‰se</a>";
$text["does_not_inherit_access_msg"] = "Jogosultsßg ÷r÷k<C3B7>t‰se";
$text["download"] = "Let÷lt‰s";
$text["draft_pending_approval"] = "Draft - pending approval";
$text["draft_pending_review"] = "Draft - pending review";
@ -219,7 +219,9 @@ $text["guest_login_disabled"] = "Guest login is disabled.";
$text["individual_approvers"] = "Individual Approvers";
$text["individual_reviewers"] = "Individual Reviewers";
$text["individuals"] = "Individuals";
$text["inherits_access_msg"] = "Jogosultsßg ÷r÷k<C3B7>t‰se folyamatban.<p><a class=\"inheritAccess\" href=\"[copyurl]\">Ùr÷k<C3B7>tett hozzßf‰r‰s lista mßsolßsa</a><br><a class=\"inheritAccess\" href=\"[emptyurl]\">Indulßs res hozzßf‰r‰s listßval</a>";
$text["inherits_access_msg"] = "Jogosultsßg ÷r÷k<C3B7>t‰se folyamatban.";
$text["inherits_access_copy_msg"] = "Ùr÷k<EFBFBD>tett hozzßf‰r‰s lista mßsolßsa";
$text["inherits_access_empty_msg"] = "Indulßs res hozzßf‰r‰s listßval";
$text["internal_error"] = "Internal error";
$text["internal_error_exit"] = "Internal error. Unable to complete request. Exiting.";
$text["invalid_access_mode"] = "Invalid Access Mode";
@ -231,6 +233,7 @@ $text["invalid_doc_id"] = "Invalid Document ID";
$text["invalid_folder_id"] = "Invalid Folder ID";
$text["invalid_group_id"] = "Invalid Group ID";
$text["invalid_link_id"] = "Invalid link identifier";
$text["invalid_request_token"] = "Invalid Request Token";
$text["invalid_review_status"] = "Invalid Review Status";
$text["invalid_sequence"] = "Invalid sequence value";
$text["invalid_status"] = "Invalid Document Status";

7
languages/Italian/lang.inc
View File

@ -143,7 +143,7 @@ $text["documents_user_requiring_attention"] = "Tuoi documenti in attesa di revis
$text["document_title"] = "Documento '[documentname]'";
$text["document_updated_email"] = "Documento aggiornato";
$text["does_not_expire"] = "Nessuna scadenza";
$text["does_not_inherit_access_msg"] = "<a class=\"inheritAccess\" href=\"[inheriturl]\">Imposta permessi ereditari</a>";
$text["does_not_inherit_access_msg"] = "Imposta permessi ereditari";
$text["download"] = "Scarica";
$text["draft_pending_approval"] = "Bozza in approvazione";
$text["draft_pending_review"] = "Bozza in revisione";
@ -214,7 +214,9 @@ $text["human_readable"] = "Archivio per uso esterno";
$text["include_documents"] = "Includi documenti";
$text["include_subdirectories"] = "Includi sottocartelle";
$text["individuals"] = "Singoli";
$text["inherits_access_msg"] = "E' impostato il permesso ereditario.<p><a class=\"inheritAccess\" href=\"[copyurl]\">Modifica la lista degli accessi ereditati</a><br><a class=\"inheritAccess\" href=\"[emptyurl]\">Riimposta una lista di permessi vuota</a>";
$text["inherits_access_msg"] = "E' impostato il permesso ereditario.";
$text["inherits_access_copy_msg"] = "Modifica la lista degli accessi ereditati";
$text["inherits_access_empty_msg"] = "Riimposta una lista di permessi vuota";
$text["internal_error_exit"] = "Errore interno. Impossibile completare la richiesta. Uscire.";
$text["internal_error"] = "Errore interno";
$text["invalid_access_mode"] = "Permessi non validi";
@ -227,6 +229,7 @@ $text["invalid_file_id"] = "ID del file non valido";
$text["invalid_folder_id"] = "ID cartella non valido";
$text["invalid_group_id"] = "ID gruppo non valido";
$text["invalid_link_id"] = "ID di collegamento non valido";
$text["invalid_request_token"] = "Invalid Request Token";
$text["invalid_review_status"] = "Stato revisione non valido";
$text["invalid_sequence"] = "Valore di sequenza non valido";
$text["invalid_status"] = "Stato del documento non valido";

7
languages/Netherlands/lang.inc
View File

@ -129,7 +129,7 @@ $text["documents_user_requiring_attention"] = "Eigen documenten die (nog) aandac
$text["document_title"] = "Document '[documentname]'";
$text["document_updated_email"] = "Document bijgewerkt";
$text["does_not_expire"] = "Verloopt niet";
$text["does_not_inherit_access_msg"] = "<a class=\"inheritAccess\" href=\"[inheriturl]\">Erft toegang</a>";
$text["does_not_inherit_access_msg"] = "Erft toegang";
$text["download"] = "Download";
$text["draft_pending_approval"] = "Draft - in afwachting van goedkeuring";
$text["draft_pending_review"] = "Draft - in afwachting van controle";
@ -193,7 +193,9 @@ $text["human_readable"] = "Leesbaar Archief";
$text["include_documents"] = "Inclusief documenten";
$text["include_subdirectories"] = "Inclusief subfolders/-mappen";
$text["individuals"] = "Individuen";
$text["inherits_access_msg"] = "Toegang is (over/ge)erfd..<p><a class=\"inheritAccess\" href=\"[copyurl]\">Kopie lijst overerfde toegang</a><br><a class=\"inheritAccess\" href=\"[emptyurl]\">Begin met lege toegangslijst</a>";
$text["inherits_access_msg"] = "Toegang is (over/ge)erfd..";
$text["inherits_access_copy_msg"] = "Kopie lijst overerfde toegang";
$text["inherits_access_empty_msg"] = "Begin met lege toegangslijst";
$text["internal_error_exit"] = "Interne fout. Niet mogelijk om verzoek uit de voeren. Systeem stopt.";
$text["internal_error"] = "Interne fout";
$text["invalid_access_mode"] = "Foutmelding: verkeerde toegangsmode";
@ -206,6 +208,7 @@ $text["invalid_file_id"] = "Foutieve Bestand ID";
$text["invalid_folder_id"] = "Foutieve Folder/Map ID";
$text["invalid_group_id"] = "Foutieve Groep ID";
$text["invalid_link_id"] = "Foutieve link identifier";
$text["invalid_request_token"] = "Invalid Request Token";
$text["invalid_review_status"] = "Foutieve Controle Status";
$text["invalid_sequence"] = "Foutieve volgorde waarde";
$text["invalid_status"] = "Foutieve Document Status";

7
languages/Portuguese_BR/lang.inc
View File

@ -135,7 +135,7 @@ $text["documents_to_approve"] = "Documents Awaiting User's Approval";
$text["documents_to_review"] = "Documents Awaiting User's Review";
$text["documents_user_requiring_attention"] = "Documents Owned by User That Require Attention";
$text["does_not_expire"] = "Nƒo Expira";
$text["does_not_inherit_access_msg"] = "<a class=\"inheritAccess\" href=\"[inheriturl]\">Inherit access</a>";
$text["does_not_inherit_access_msg"] = "Inherit access";
$text["download"] = "Download";
$text["draft_pending_approval"] = "Draft - pending approval";
$text["draft_pending_review"] = "Draft - pending review";
@ -219,7 +219,9 @@ $text["guest_login_disabled"] = "Guest login is disabled.";
$text["individual_approvers"] = "Individual Approvers";
$text["individual_reviewers"] = "Individual Reviewers";
$text["individuals"] = "Individuals";
$text["inherits_access_msg"] = "Acesso estß endo herdado.<p><a class=\"inheritAccess\" href=\"[copyurl]\">Copy inherited access-list</a><br><a class=\"inheritAccess\" href=\"[emptyurl]\">Inicie com a lista de acesso vazia</a>";
$text["inherits_access_msg"] = "Acesso estß endo herdado.";
$text["inherits_access_copy_msg"] = "Copy inherited access list";
$text["inherits_access_empty_msg"] = "Inicie com a lista de acesso vazia";
$text["internal_error"] = "Internal error";
$text["internal_error_exit"] = "Internal error. Unable to complete request. Exiting.";
$text["invalid_access_mode"] = "Invalid Access Mode";
@ -231,6 +233,7 @@ $text["invalid_doc_id"] = "Invalid Document ID";
$text["invalid_folder_id"] = "Invalid Folder ID";
$text["invalid_group_id"] = "Invalid Group ID";
$text["invalid_link_id"] = "Invalid link identifier";
$text["invalid_request_token"] = "Invalid Request Token";
$text["invalid_review_status"] = "Invalid Review Status";
$text["invalid_sequence"] = "Invalid sequence value";
$text["invalid_status"] = "Invalid Document Status";

7
languages/Russian/lang.inc
View File

@ -149,7 +149,7 @@ $text["documents_user_requiring_attention"] = "Ваши документы, тр
$text["document_title"] = "Документ '[documentname]'";
$text["document_updated_email"] = "Документ обновлен";
$text["does_not_expire"] = "Без срока";
$text["does_not_inherit_access_msg"] = "<a class=\"inheritAccess\" href=\"[inheriturl]\">Наследовать уровень доступа</a>";
$text["does_not_inherit_access_msg"] = "Наследовать уровень доступа";
$text["download"] = "Скачать";
$text["draft_pending_approval"] = "Черновик - ожидает утверждения";
$text["draft_pending_review"] = "Черновик - ожидает рецензии";
@ -223,7 +223,9 @@ $text["human_readable"] = "Человекопонятный архив";
$text["include_documents"] = "Включить документы";
$text["include_subdirectories"] = "Включить подкаталоги";
$text["individuals"] = "Личности";
$text["inherits_access_msg"] = "Доступ унаследован.<p><a class=\"inheritAccess\" href=\"[copyurl]\">Скопировать наследованный список</a><br><a class=\"inheritAccess\" href=\"[emptyurl]\">Начать с пустова списка доступа</a>";
$text["inherits_access_msg"] = "Доступ унаследован.";
$text["inherits_access_copy_msg"] = "Скопировать наследованный список";
$text["inherits_access_empty_msg"] = "Начать с пустова списка доступа";
$text["internal_error_exit"] = "Внутренняя ошибка. Невозможно выполнить запрос. Завершение.";
$text["internal_error"] = "Внутренняя ошибка";
$text["invalid_access_mode"] = "Неверный уровень доступа";
@ -236,6 +238,7 @@ $text["invalid_file_id"] = "Неверный идентификатор файл
$text["invalid_folder_id"] = "Неверный идентификатор папки";
$text["invalid_group_id"] = "Неверный идентификатор группы";
$text["invalid_link_id"] = "Неверный идентификатор ссылки";
$text["invalid_request_token"] = "Invalid Request Token";
$text["invalid_review_status"] = "Неверный статус рецензирования";
$text["invalid_sequence"] = "Неверное значение последовательности";
$text["invalid_status"] = "Неверный статус документа";

7
languages/Slovak/lang.inc
View File

@ -131,7 +131,7 @@ $text["documents_user_requiring_attention"] = "Dokumenty, ktoré používateľ v
$text["document_title"] = "Dokument '[documentname]'";
$text["document_updated_email"] = "Dokument aktualizovany";
$text["does_not_expire"] = "Platnosť nikdy nevyprší";
$text["does_not_inherit_access_msg"] = "<a class=\"inheritAccess\" href=\"[inheriturl]\">Zdediť prístup</a>";
$text["does_not_inherit_access_msg"] = "Zdediť prístup";
$text["download"] = "Stiahnuť";
$text["draft_pending_approval"] = "Návrh - čaká na schválenie";
$text["draft_pending_review"] = "Návrh - čaká na kontrolu";
@ -195,7 +195,9 @@ $text["human_readable"] = "Použivateľský archív";
$text["include_documents"] = "Vrátane súborov";
$text["include_subdirectories"] = "Vrátane podzložiek";
$text["individuals"] = "Jednotlivci";
$text["inherits_access_msg"] = "Prístup sa dedí.<p><a class=\"inheritAccess\" href=\"[copyurl]\">Skopírovať zdedený zoznam riadenia prístupu</a><br><a class=\"inheritAccess\" href=\"[emptyurl]\">Založiť nový zoznam riadenia prístupu</a>";
$text["inherits_access_msg"] = "Prístup sa dedí.";
$text["inherits_access_copy_msg"] = "Skopírovať zdedený zoznam riadenia prístupu";
$text["inherits_access_empty_msg"] = "Založiť nový zoznam riadenia prístupu";
$text["internal_error_exit"] = "Vnútorná chyba. Nebolo možné dokončiť požiadavku. Ukončuje sa.";
$text["internal_error"] = "Vnútorná chyba";
$text["invalid_access_mode"] = "Neplatný režim prístupu";
@ -208,6 +210,7 @@ $text["invalid_file_id"] = "Nesprávne ID súboru";
$text["invalid_folder_id"] = "Neplatný ID zložky";
$text["invalid_group_id"] = "Neplatný ID skupiny";
$text["invalid_link_id"] = "Neplatný ID odkazu";
$text["invalid_request_token"] = "Invalid Request Token";
$text["invalid_review_status"] = "Neplatný stav kontroly";
$text["invalid_sequence"] = "Neplatná hodnota postupnosti";
$text["invalid_status"] = "Neplatný stav dokumentu";

7
languages/Spanish/lang.inc
View File

@ -155,7 +155,7 @@ $text["documents_user_requiring_attention"] = "Documentos de su propiedad que re
$text["document_title"] = "Documento '[documentname]'";
$text["document_updated_email"] = "Documento actualizado";
$text["does_not_expire"] = "No caduca";
$text["does_not_inherit_access_msg"] = "<a class=\"inheritAccess\" href=\"[inheriturl]\">heredar el acceso</a>";
$text["does_not_inherit_access_msg"] = "heredar el acceso";
$text["download"] = "Descargar";
$text["draft_pending_approval"] = "Borador - pendiente de aprobación";
$text["draft_pending_review"] = "Borrador - pendiente de revisión";
@ -230,7 +230,9 @@ $text["include_documents"] = "Incluir documentos";
$text["include_subdirectories"] = "Incluir subdirectorios";
$text["index_converters"] = "translate: Index document conversion";
$text["individuals"] = "Individuales";
$text["inherits_access_msg"] = "Acceso heredado.<p><a class=\"inheritAccess\" href=\"[copyurl]\">Copiar lista de acceso heredado</a><br /><a class=\"inheritAccess\" href=\"[emptyurl]\">Empezar con una lista de acceso vacía</a>";
$text["inherits_access_msg"] = "Acceso heredado.";
$text["inherits_access_copy_msg"] = "Copiar lista de acceso heredado";
$text["inherits_access_empty_msg"] = "Empezar con una lista de acceso vacía";
$text["internal_error_exit"] = "Error interno. No es posible terminar la solicitud. Terminado.";
$text["internal_error"] = "Error interno";
$text["invalid_access_mode"] = "Modo de acceso no válido";
@ -243,6 +245,7 @@ $text["invalid_file_id"] = "ID de fichero no válida";
$text["invalid_folder_id"] = "ID de carpeta no válida";
$text["invalid_group_id"] = "ID de grupo no válida";
$text["invalid_link_id"] = "Identificador de enlace no válido";
$text["invalid_request_token"] = "Translate: Invalid Request Token";
$text["invalid_review_status"] = "Estado de revisión no válido";
$text["invalid_sequence"] = "Valor de secuencia no válido";
$text["invalid_status"] = "Estado de documento no válido";

7
languages/Swedish/lang.inc
View File

@ -149,7 +149,7 @@ $text["documents_user_requiring_attention"] = "Dokument som du äger och som beh
$text["document_title"] = "Dokument '[documentname]'";
$text["document_updated_email"] = "Dokument uppdaterat";
$text["does_not_expire"] = "Löper aldrig ut";
$text["does_not_inherit_access_msg"] = "<a class=\"inheritAccess\" href=\"[inheriturl]\">Ärva behörighet</a>";
$text["does_not_inherit_access_msg"] = "Ärva behörighet";
$text["download"] = "Ladda ner";
$text["draft_pending_approval"] = "Utkast - väntar på godkännande";
$text["draft_pending_review"] = "Utkast - väntar på granskning";
@ -223,7 +223,9 @@ $text["human_readable"] = "Arkiv som är läsbart av människor";
$text["include_documents"] = "Inkludera dokument";
$text["include_subdirectories"] = "Inkludera under-kataloger";
$text["individuals"] = "Personer";
$text["inherits_access_msg"] = "Behörighet har ärvts.<p><a class=\"inheritAccess\" href=\"[copyurl]\">Kopiera behörighetsarvslista</a><br><a class=\"inheritAccess\" href=\"[emptyurl]\">Börja med tom behörighetslista</a>";
$text["inherits_access_msg"] = "Behörighet har ärvts.";
$text["inherits_access_copy_msg"] = "Kopiera behörighetsarvslista";
$text["inherits_access_empty_msg"] = "Börja med tom behörighetslista";
$text["internal_error_exit"] = "Internt fel. Förfrågan kunde inte utföras. Avslutar.";
$text["internal_error"] = "Internt fel";
$text["invalid_access_mode"] = "Ogiltig behörighetsnivå";
@ -236,6 +238,7 @@ $text["invalid_file_id"] = "Ogiltigt fil-ID";
$text["invalid_folder_id"] = "Ogiltigt katalog-ID";
$text["invalid_group_id"] = "Ogiltigt grupp-ID";
$text["invalid_link_id"] = "Ogiltigt länk-ID";
$text["invalid_request_token"] = "Invalid Request Token";
$text["invalid_review_status"] = "Ogiltig granskningsstatus";
$text["invalid_sequence"] = "Ogiltigt sekvensvärde";
$text["invalid_status"] = "Ogiltig dokumentstatus";

30
op/op.Categories.php
View File

@ -28,12 +28,18 @@ if (!$user->isAdmin()) {
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
}
$action = $_GET["action"];
if (isset($_POST["action"])) $action=$_POST["action"];
else $action=NULL;
//Neue Kategorie anlegen -----------------------------------------------------------------------------
if ($action == "addcategory") {
$name = trim($_GET["name"]);
/* Check if the form data comes for a trusted request */
if(!checkFormKey('addcategory')) {
UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token"));
}
$name = trim($_POST["name"]);
if($name == '') {
UI::exitError(getMLText("admin_tools"),getMLText("category_noname"));
}
@ -50,10 +56,15 @@ if ($action == "addcategory") {
//Kategorie löschen ----------------------------------------------------------------------------------
else if ($action == "removecategory") {
if (!isset($_GET["categoryid"]) || !is_numeric($_GET["categoryid"]) || intval($_GET["categoryid"])<1) {
/* Check if the form data comes for a trusted request */
if(!checkFormKey('removecategory')) {
UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token"));
}
if (!isset($_POST["categoryid"]) || !is_numeric($_POST["categoryid"]) || intval($_POST["categoryid"])<1) {
UI::exitError(getMLText("admin_tools"),getMLText("unknown_document_category"));
}
$categoryid = $_GET["categoryid"];
$categoryid = $_POST["categoryid"];
$category = $dms->getDocumentCategory($categoryid);
if (!is_object($category)) {
UI::exitError(getMLText("admin_tools"),getMLText("unknown_document_category"));
@ -68,16 +79,21 @@ else if ($action == "removecategory") {
//Kategorie bearbeiten: Neuer Name --------------------------------------------------------------------
else if ($action == "editcategory") {
if (!isset($_GET["categoryid"]) || !is_numeric($_GET["categoryid"]) || intval($_GET["categoryid"])<1) {
/* Check if the form data comes for a trusted request */
if(!checkFormKey('editcategory')) {
UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token"));
}
if (!isset($_POST["categoryid"]) || !is_numeric($_POST["categoryid"]) || intval($_POST["categoryid"])<1) {
UI::exitError(getMLText("admin_tools"),getMLText("unknown_document_category"));
}
$categoryid = $_GET["categoryid"];
$categoryid = $_POST["categoryid"];
$category = $dms->getDocumentCategory($categoryid);
if (!is_object($category)) {
UI::exitError(getMLText("admin_tools"),getMLText("unknown_document_category"));
}
$name = $_GET["name"];
$name = $_POST["name"];
if (!$category->setName($name)) {
UI::exitError(getMLText("admin_tools"),getMLText("error_occured"));
}

70
op/op.DefaultKeywords.php
View File

@ -28,12 +28,18 @@ if (!$user->isAdmin()) {
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
}
$action = $_GET["action"];
if (isset($_POST["action"])) $action=$_POST["action"];
else $action=NULL;
//Neue Kategorie anlegen -----------------------------------------------------------------------------
if ($action == "addcategory") {
$name = $_GET["name"];
/* Check if the form data comes for a trusted request */
if(!checkFormKey('addcategory')) {
UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token"));
}
$name = $_POST["name"];
if (is_object($dms->getKeywordCategoryByName($name, $user->getID()))) {
UI::exitError(getMLText("admin_tools"),getMLText("keyword_exists"));
}
@ -47,10 +53,15 @@ if ($action == "addcategory") {
//Kategorie löschen ----------------------------------------------------------------------------------
else if ($action == "removecategory") {
if (!isset($_GET["categoryid"]) || !is_numeric($_GET["categoryid"]) || intval($_GET["categoryid"])<1) {
/* Check if the form data comes for a trusted request */
if(!checkFormKey('removecategory')) {
UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token"));
}
if (!isset($_POST["categoryid"]) || !is_numeric($_POST["categoryid"]) || intval($_POST["categoryid"])<1) {
UI::exitError(getMLText("admin_tools"),getMLText("unknown_keyword_category"));
}
$categoryid = $_GET["categoryid"];
$categoryid = $_POST["categoryid"];
$category = $dms->getKeywordCategory($categoryid);
if (!is_object($category)) {
UI::exitError(getMLText("admin_tools"),getMLText("unknown_keyword_category"));
@ -69,10 +80,15 @@ else if ($action == "removecategory") {
//Kategorie bearbeiten: Neuer Name --------------------------------------------------------------------
else if ($action == "editcategory") {
if (!isset($_GET["categoryid"]) || !is_numeric($_GET["categoryid"]) || intval($_GET["categoryid"])<1) {
/* Check if the form data comes for a trusted request */
if(!checkFormKey('editcategory')) {
UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token"));
}
if (!isset($_POST["categoryid"]) || !is_numeric($_POST["categoryid"]) || intval($_POST["categoryid"])<1) {
UI::exitError(getMLText("admin_tools"),getMLText("unknown_keyword_category"));
}
$categoryid = $_GET["categoryid"];
$categoryid = $_POST["categoryid"];
$category = $dms->getKeywordCategory($categoryid);
if (!is_object($category)) {
UI::exitError(getMLText("admin_tools"),getMLText("unknown_keyword_category"));
@ -83,7 +99,7 @@ else if ($action == "editcategory") {
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
}
$name = $_GET["name"];
$name = $_POST["name"];
if (!$category->setName($name)) {
UI::exitError(getMLText("admin_tools"),getMLText("error_occured"));
}
@ -92,27 +108,38 @@ else if ($action == "editcategory") {
//Kategorie bearbeiten: Neue Stichwortliste ----------------------------------------------------------
else if ($action == "newkeywords") {
$categoryid = (int) $_GET["categoryid"];
/* Check if the form data comes for a trusted request */
if(!checkFormKey('newkeywords')) {
UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token"));
}
$categoryid = (int) $_POST["categoryid"];
$category = $dms->getKeywordCategory($categoryid);
$owner = $category->getOwner();
if (!$owner->isAdmin()) {
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
}
$keywords = $_GET["keywords"];
$keywords = $_POST["keywords"];
if(trim($keywords)) {
if (!$category->addKeywordList($keywords)) {
UI::exitError(getMLText("admin_tools"),getMLText("error_occured"));
}
}
}
//Kategorie bearbeiten: Stichwortliste bearbeiten ----------------------------------------------------------
else if ($action == "editkeywords")
{
if (!isset($_GET["categoryid"]) || !is_numeric($_GET["categoryid"]) || intval($_GET["categoryid"])<1) {
/* Check if the form data comes for a trusted request */
if(!checkFormKey('editkeywords')) {
UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token"));
}
if (!isset($_POST["categoryid"]) || !is_numeric($_POST["categoryid"]) || intval($_POST["categoryid"])<1) {
UI::exitError(getMLText("admin_tools"),getMLText("unknown_keyword_category"));
}
$categoryid = $_GET["categoryid"];
$categoryid = $_POST["categoryid"];
$category = $dms->getKeywordCategory($categoryid);
if (!is_object($category)) {
UI::exitError(getMLText("admin_tools"),getMLText("unknown_keyword_category"));
@ -124,12 +151,12 @@ else if ($action == "editkeywords")
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
}
if (!isset($_GET["keywordsid"]) || !is_numeric($_GET["keywordsid"]) || intval($_GET["keywordsid"])<1) {
if (!isset($_POST["keywordsid"]) || !is_numeric($_POST["keywordsid"]) || intval($_POST["keywordsid"])<1) {
UI::exitError(getMLText("admin_tools"),getMLText("unknown_id"));
}
$keywordsid = $_GET["keywordsid"];
$keywordsid = $_POST["keywordsid"];
$keywords = $_GET["keywords"];
$keywords = $_POST["keywords"];
if (!$category->editKeywordList($keywordsid, $keywords)) {
UI::exitError(getMLText("admin_tools"),getMLText("error_occured"));
}
@ -138,10 +165,15 @@ else if ($action == "editkeywords")
//Kategorie bearbeiten: Neue Stichwortliste löschen ----------------------------------------------------------
else if ($action == "removekeywords") {
if (!isset($_GET["categoryid"]) || !is_numeric($_GET["categoryid"]) || intval($_GET["categoryid"])<1) {
/* Check if the form data comes for a trusted request */
if(!checkFormKey('removekeywords')) {
UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token"));
}
if (!isset($_POST["categoryid"]) || !is_numeric($_POST["categoryid"]) || intval($_POST["categoryid"])<1) {
UI::exitError(getMLText("admin_tools"),getMLText("unknown_keyword_category"));
}
$categoryid = $_GET["categoryid"];
$categoryid = $_POST["categoryid"];
$category = $dms->getKeywordCategory($categoryid);
if (!is_object($category)) {
UI::exitError(getMLText("admin_tools"),getMLText("unknown_keyword_category"));
@ -152,10 +184,10 @@ else if ($action == "removekeywords") {
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
}
if (!isset($_GET["keywordsid"]) || !is_numeric($_GET["keywordsid"]) || intval($_GET["keywordsid"])<1) {
if (!isset($_POST["keywordsid"]) || !is_numeric($_POST["keywordsid"]) || intval($_POST["keywordsid"])<1) {
UI::exitError(getMLText("admin_tools"),getMLText("unknown_id"));
}
$keywordsid = $_GET["keywordsid"];
$keywordsid = $_POST["keywordsid"];
if (!$category->removeKeywordList($keywordsid)) {
UI::exitError(getMLText("admin_tools"),getMLText("error_occured"));

6
op/op.DocumentAccess.php
View File

@ -43,6 +43,12 @@ if ($document->getAccessMode($user) < M_ALL) {
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
}
/* Check if the form data comes for a trusted request */
/* FIXME: Currently GET request are allowed. */
if(!checkFormKey('documentaccess', 'GET')) {
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_request_token"));
}
switch ($_GET["action"]) {
case "setowner":
case "delaccess":

5
op/op.EditEvent.php
View File

@ -32,6 +32,11 @@ if ($user->isGuest()) {
UI::exitError(getMLText("edit_event"),getMLText("access_denied"));
}
/* Check if the form data comes for a trusted request */
if(!checkFormKey('editevent')) {
UI::exitError(getMLText("edit_event"),getMLText("invalid_request_token"));
}
if (!isset($_POST["frommonth"]) || !isset($_POST["fromday"]) || !isset($_POST["fromyear"]) ) {
UI::exitError(getMLText("edit_event"),getMLText("error_occured"));
}

63
op/op.GroupMgr.php
View File

@ -30,15 +30,19 @@ if (!$user->isAdmin()) {
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
}
if (isset($_GET["action"])) $action = $_GET["action"];
else if (isset($_POST["action"])) $action = $_POST["action"];
if (isset($_POST["action"])) $action = $_POST["action"];
else $action = null;
//Neue Gruppe anlegen -----------------------------------------------------------------------------
if ($action == "addgroup") {
$name = $_GET["name"];
$comment = $_GET["comment"];
/* Check if the form data comes for a trusted request */
if(!checkFormKey('addgroup')) {
UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token"));
}
$name = $_POST["name"];
$comment = $_POST["comment"];
if (is_object($dms->getGroupByName($name))) {
UI::exitError(getMLText("admin_tools"),getMLText("group_exists"));
@ -57,6 +61,11 @@ if ($action == "addgroup") {
//Gruppe löschen ----------------------------------------------------------------------------------
else if ($action == "removegroup") {
/* Check if the form data comes for a trusted request */
if(!checkFormKey('removegroup')) {
UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token"));
}
if (!isset($_POST["groupid"]) || !is_numeric($_POST["groupid"]) || intval($_POST["groupid"])<1) {
UI::exitError(getMLText("admin_tools"),getMLText("invalid_group_id"));
}
@ -76,19 +85,24 @@ else if ($action == "removegroup") {
//Gruppe bearbeiten -------------------------------------------------------------------------------
else if ($action == "editgroup") {
if (!isset($_GET["groupid"]) || !is_numeric($_GET["groupid"]) || intval($_GET["groupid"])<1) {
/* Check if the form data comes for a trusted request */
if(!checkFormKey('editgroup')) {
UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token"));
}
if (!isset($_POST["groupid"]) || !is_numeric($_POST["groupid"]) || intval($_POST["groupid"])<1) {
UI::exitError(getMLText("admin_tools"),getMLText("invalid_group_id"));
}
$groupid=$_GET["groupid"];
$groupid=$_POST["groupid"];
$group = $dms->getGroup($groupid);
if (!is_object($group)) {
UI::exitError(getMLText("admin_tools"),getMLText("invalid_group_id"));
}
$name = $_GET["name"];
$comment = $_GET["comment"];
$name = $_POST["name"];
$comment = $_POST["comment"];
if ($group->getName() != $name)
$group->setName($name);
@ -101,6 +115,11 @@ else if ($action == "editgroup") {
//Benutzer zu Gruppe hinzufügen -------------------------------------------------------------------
else if ($action == "addmember") {
/* Check if the form data comes for a trusted request */
if(!checkFormKey('addmember')) {
UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token"));
}
if (!isset($_POST["groupid"]) || !is_numeric($_POST["groupid"]) || intval($_POST["groupid"])<1) {
UI::exitError(getMLText("admin_tools"),getMLText("invalid_group_id"));
}
@ -132,22 +151,27 @@ else if ($action == "addmember") {
//Benutzer aus Gruppe entfernen -------------------------------------------------------------------
else if ($action == "rmmember") {
if (!isset($_GET["groupid"]) || !is_numeric($_GET["groupid"]) || intval($_GET["groupid"])<1) {
/* Check if the form data comes for a trusted request */
if(!checkFormKey('rmmember')) {
UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token"));
}
if (!isset($_POST["groupid"]) || !is_numeric($_POST["groupid"]) || intval($_POST["groupid"])<1) {
UI::exitError(getMLText("admin_tools"),getMLText("invalid_group_id"));
}
$groupid=$_GET["groupid"];
$groupid=$_POST["groupid"];
$group = $dms->getGroup($groupid);
if (!is_object($group)) {
UI::exitError(getMLText("admin_tools"),getMLText("invalid_group_id"));
}
if (!isset($_GET["userid"]) || !is_numeric($_GET["userid"]) || intval($_GET["userid"])<1) {
if (!isset($_POST["userid"]) || !is_numeric($_POST["userid"]) || intval($_POST["userid"])<1) {
UI::exitError(getMLText("admin_tools"),getMLText("invalid_user_id"));
}
$oldMember = $dms->getUser($_GET["userid"]);
$oldMember = $dms->getUser($_POST["userid"]);
if (!is_object($oldMember)) {
UI::exitError(getMLText("admin_tools"),getMLText("invalid_user_id"));
}
@ -160,22 +184,27 @@ else if ($action == "rmmember") {
// toggle manager flag
else if ($action == "tmanager") {
if (!isset($_GET["groupid"]) || !is_numeric($_GET["groupid"]) || intval($_GET["groupid"])<1) {
/* Check if the form data comes for a trusted request */
if(!checkFormKey('tmanager')) {
UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token"));
}
if (!isset($_POST["groupid"]) || !is_numeric($_POST["groupid"]) || intval($_POST["groupid"])<1) {
UI::exitError(getMLText("admin_tools"),getMLText("invalid_group_id"));
}
$groupid=$_GET["groupid"];
$groupid=$_POST["groupid"];
$group = $dms->getGroup($groupid);
if (!is_object($group)) {
UI::exitError(getMLText("admin_tools"),getMLText("invalid_group_id"));
}
if (!isset($_GET["userid"]) || !is_numeric($_GET["userid"]) || intval($_GET["userid"])<1) {
if (!isset($_POST["userid"]) || !is_numeric($_POST["userid"]) || intval($_POST["userid"])<1) {
UI::exitError(getMLText("admin_tools"),getMLText("invalid_user_id"));
}
$usertoedit = $dms->getUser($_GET["userid"]);
$usertoedit = $dms->getUser($_POST["userid"]);
if (!is_object($usertoedit)) {
UI::exitError(getMLText("admin_tools"),getMLText("invalid_user_id"));
}

5
op/op.RemoveArchive.php
View File

@ -27,6 +27,11 @@ if (!$user->isAdmin()) {
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
}
/* Check if the form data comes for a trusted request */
if(!checkFormKey('removearchive')) {
UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token"));
}
if (!isset($_POST["arkname"]) || !file_exists($settings->_contentDir.$_POST["arkname"]) ) {
UI::exitError(getMLText("admin_tools"),getMLText("unknown_id"));
}

5
op/op.RemoveDocument.php
View File

@ -25,6 +25,11 @@ include("../inc/inc.Language.php");
include("../inc/inc.ClassUI.php");
include("../inc/inc.Authentication.php");
/* Check if the form data comes for a trusted request */
if(!checkFormKey('removedocument')) {
UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_request_token"))),getMLText("invalid_request_token"));
}
if (!isset($_POST["documentid"]) || !is_numeric($_POST["documentid"]) || intval($_POST["documentid"])<1) {
UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id"));
}

5
op/op.RemoveDocumentFile.php
View File

@ -24,6 +24,11 @@ include("../inc/inc.Language.php");
include("../inc/inc.ClassUI.php");
include("../inc/inc.Authentication.php");
/* Check if the form data comes for a trusted request */
if(!checkFormKey('removedocumentfile')) {
UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_request_token"))),getMLText("invalid_request_token"));
}
if (!isset($_POST["documentid"]) || !is_numeric($_POST["documentid"]) || intval($_POST["documentid"])<1) {
UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id"));
}

13
op/op.RemoveDocumentLink.php
View File

@ -23,22 +23,27 @@ include("../inc/inc.Language.php");
include("../inc/inc.ClassUI.php");
include("../inc/inc.Authentication.php");
if (!isset($_GET["documentid"]) || !is_numeric($_GET["documentid"]) || intval($_GET["documentid"])<1) {
/* Check if the form data comes for a trusted request */
if(!checkFormKey('removedocumentlink')) {
UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_request_token"))),getMLText("invalid_request_token"));
}
if (!isset($_POST["documentid"]) || !is_numeric($_POST["documentid"]) || intval($_POST["documentid"])<1) {
UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id"));
}
$documentid = $_GET["documentid"];
$documentid = $_POST["documentid"];
$document = $dms->getDocument($documentid);
if (!is_object($document)) {
UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id"));
}
if (!isset($_GET["linkid"]) || !is_numeric($_GET["linkid"]) || intval($_GET["linkid"])<1) {
if (!isset($_POST["linkid"]) || !is_numeric($_POST["linkid"]) || intval($_POST["linkid"])<1) {
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_link_id"));
}
$linkid = $_GET["linkid"];
$linkid = $_POST["linkid"];
$link = $document->getDocumentLink($linkid);
if (!is_object($link)) {

5
op/op.RemoveDump.php
View File

@ -27,6 +27,11 @@ if (!$user->isAdmin()) {
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
}
/* Check if the form data comes for a trusted request */
if(!checkFormKey('removedump')) {
UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token"));
}
if (!isset($_POST["dumpname"]) || !file_exists($settings->_contentDir.$_POST["dumpname"]) ) {
UI::exitError(getMLText("admin_tools"),getMLText("unknown_id"));
}

5
op/op.RemoveEvent.php
View File

@ -28,6 +28,11 @@ include("../inc/inc.ClassUI.php");
include("../inc/inc.Calendar.php");
include("../inc/inc.Authentication.php");
/* Check if the form data comes for a trusted request */
if(!checkFormKey('removeevent')) {
UI::exitError(getMLText("edit_event"),getMLText("invalid_request_token"));
}
if (!isset($_POST["eventid"]) || !is_numeric($_POST["eventid"]) || intval($_POST["eventid"])<1) {
UI::exitError(getMLText("edit_event"),getMLText("error_occured"));
}

11
op/op.RemoveFolder.php
View File

@ -25,10 +25,15 @@ include("../inc/inc.Language.php");
include("../inc/inc.ClassUI.php");
include("../inc/inc.Authentication.php");
if (!isset($_GET["folderid"]) || !is_numeric($_GET["folderid"]) || intval($_GET["folderid"])<1) {
/* Check if the form data comes for a trusted request */
if(!checkFormKey('removefolder')) {
UI::exitError(getMLText("folder_title", array("foldername" => getMLText("invalid_request_token"))),getMLText("invalid_request_token"));
}
if (!isset($_POST["folderid"]) || !is_numeric($_POST["folderid"]) || intval($_POST["folderid"])<1) {
UI::exitError(getMLText("folder_title", array("foldername" => getMLText("invalid_folder_id"))),getMLText("invalid_folder_id"));
}
$folderid = $_GET["folderid"];
$folderid = $_POST["folderid"];
$folder = $dms->getFolder($folderid);
if (!is_object($folder)) {
@ -71,6 +76,6 @@ if ($folder->remove()) {
add_log_line();
header("Location:../out/out.ViewFolder.php?folderid=".$parent->getID()."&showtree=".$_GET["showtree"]);
header("Location:../out/out.ViewFolder.php?folderid=".$parent->getID()."&showtree=".$_POST["showtree"]);
?>

5
op/op.RemoveFolderFiles.php
View File

@ -28,6 +28,11 @@ if (!$user->isAdmin()) {
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
}
/* Check if the form data comes for a trusted request */
if(!checkFormKey('removefolderfiles')) {
UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token"));
}
function removeFolderFiles($folder) {
global $dms;

5
op/op.RemoveLog.php
View File

@ -23,6 +23,11 @@ include("../inc/inc.Language.php");
include("../inc/inc.ClassUI.php");
include("../inc/inc.Authentication.php");
/* Check if the form data comes for a trusted request */
if(!checkFormKey('removelog')) {
UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token"));
}
if (!$user->isAdmin()) {
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
}

1
op/op.Settings.php
View File

@ -97,6 +97,7 @@ if ($action == "saveSettings")
$settings->_passwordExpiration = intval($_POST["passwordExpiration"]);
$settings->_passwordHistory = intval($_POST["passwordHistory"]);
$settings->_loginFailure = intval($_POST["loginFailure"]);
$settings->_encryptionKey = strval($_POST["encryptionKey"]);
// TODO Connectors

19
op/op.UsrMgr.php
View File

@ -33,12 +33,16 @@ if (!$user->isAdmin()) {
}
if (isset($_POST["action"])) $action=$_POST["action"];
else if (isset($_GET["action"])) $action=$_GET["action"];
else $action=NULL;
//Neuen Benutzer anlegen --------------------------------------------------------------------------
if ($action == "adduser") {
/* Check if the form data comes for a trusted request */
if(!checkFormKey('adduser')) {
UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token"));
}
$login = $_POST["login"];
$pwd = $_POST["pwd"];
$pwdexpiration = $_POST["pwdexpiration"];
@ -103,12 +107,14 @@ if ($action == "adduser") {
//Benutzer löschen --------------------------------------------------------------------------------
else if ($action == "removeuser") {
/* Check if the form data comes for a trusted request */
if(!checkFormKey('removeuser')) {
UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token"));
}
if (isset($_POST["userid"])) {
$userid = $_POST["userid"];
}
else if (isset($_GET["userid"])) {
$userid = $_GET["userid"];
}
if (!isset($userid) || !is_numeric($userid) || intval($userid)<1) {
UI::exitError(getMLText("admin_tools"),getMLText("invalid_user_id"));
@ -139,6 +145,11 @@ else if ($action == "removeuser") {
//Benutzer bearbeiten -----------------------------------------------------------------------------
else if ($action == "edituser") {
/* Check if the form data comes for a trusted request */
if(!checkFormKey('edituser')) {
UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token"));
}
if (!isset($_POST["userid"]) || !is_numeric($_POST["userid"]) || intval($_POST["userid"])<1) {
UI::exitError(getMLText("admin_tools"),getMLText("invalid_user_id"));
}

11
out/out.Categories.php
View File

@ -78,7 +78,8 @@ UI::contentContainerStart();
</td>
<td id="categories0" style="display : none;">
<form action="../op/op.Categories.php" >
<form action="../op/op.Categories.php" method="post">
<?php echo createHiddenFieldWithKey('addcategory'); ?>
<input type="Hidden" name="action" value="addcategory">
<?php printMLText("name");?> : <input name="name">
<input type="Submit" value="<?php printMLText("new_document_category"); ?>">
@ -97,7 +98,12 @@ UI::contentContainerStart();
<?php
if(!$category->isUsed()) {
?>
<a href="../op/op.Categories.php?categoryid=<?php print $category->getID();?>&action=removecategory"><img src="images/del.gif" border="0"><?php printMLText("rm_document_category");?></a>
<form style="display: inline-block;" method="post" action="../op/op.Categories.php" >
<?php echo createHiddenFieldWithKey('removecategory'); ?>
<input type="Hidden" name="categoryid" value="<?php echo $category->getID()?>">
<input type="Hidden" name="action" value="removecategory">
<input value="<?php echo getMLText("rm_document_category")?>" type="submit">
</form>
<?php
} else {
?>
@ -116,6 +122,7 @@ UI::contentContainerStart();
<td><?php echo getMLText("name")?>:</td>
<td>
<form action="../op/op.Categories.php" >
<?php echo createHiddenFieldWithKey('editcategory'); ?>
<input type="Hidden" name="action" value="editcategory">
<input type="Hidden" name="categoryid" value="<?php echo $category->getID()?>">
<input name="name" value="<?php echo htmlspecialchars($category->getName()) ?>">&nbsp;

32
out/out.DefaultKeywords.php
View File

@ -81,7 +81,8 @@ UI::contentContainerStart();
</td>
<td id="keywords0" style="display : none;">
<form action="../op/op.DefaultKeywords.php" >
<form action="../op/op.DefaultKeywords.php" method="post">
<?php echo createHiddenFieldWithKey('addcategory'); ?>
<input type="Hidden" name="action" value="addcategory">
<?php printMLText("name");?> : <input name="name">
<input type="Submit" value="<?php printMLText("new_default_keyword_category"); ?>">
@ -100,7 +101,12 @@ UI::contentContainerStart();
<table>
<tr>
<td colspan="2">
<a href="../op/op.DefaultKeywords.php?categoryid=<?php print $category->getID();?>&action=removecategory"><img src="images/del.gif" border="0"><?php printMLText("rm_default_keyword_category");?></a>
<form action="../op/op.DefaultKeywords.php" method="post">
<?php echo createHiddenFieldWithKey('removecategory'); ?>
<input type="Hidden" name="action" value="removecategory">
<input type="Hidden" name="categoryid" value="<?php echo $category->getID()?>">
<input value="<?php printMLText("rm_default_keyword_category");?>" type="submit" title="<?php echo getMLText("delete")?>">
</form>
</td>
</tr>
<tr>
@ -111,7 +117,8 @@ UI::contentContainerStart();
<tr>
<td><?php echo getMLText("name")?>:</td>
<td>
<form action="../op/op.DefaultKeywords.php" >
<form action="../op/op.DefaultKeywords.php" method="post">
<?php echo createHiddenFieldWithKey('editcategory'); ?>
<input type="Hidden" name="action" value="editcategory">
<input type="Hidden" name="categoryid" value="<?php echo $category->getID()?>">
<input name="name" value="<?php echo htmlspecialchars($category->getName()) ?>">&nbsp;
@ -135,20 +142,29 @@ UI::contentContainerStart();
else
foreach ($lists as $list) {
?>
<form action="../op/op.DefaultKeywords.php" >
<form style="display: inline-block;" method="post" action="../op/op.DefaultKeywords.php" >
<?php echo createHiddenFieldWithKey('editkeywords'); ?>
<input type="Hidden" name="categoryid" value="<?php echo $category->getID()?>">
<input type="Hidden" name="keywordsid" value="<?php echo $list["id"]?>">
<input type="Hidden" name="action" value="editkeywords">
<input name="keywords" value="<?php echo htmlspecialchars($list["keywords"]) ?>">
<input name="action" value="editkeywords" type="Image" src="images/save.gif" title="<?php echo getMLText("save")?>">
<input name="action" value="editkeywords" type="Image" src="images/save.gif" title="<?php echo getMLText("save")?>" style="border: 0px;">
<!-- <input name="action" value="removekeywords" type="Image" src="images/del.gif" title="<?php echo getMLText("delete")?>" border="0"> &nbsp; -->
<a href="../op/op.DefaultKeywords.php?categoryid=<?php echo $category->getID()?>&keywordsid=<?php echo $list["id"]?>&action=removekeywords"><img src="images/del.gif" title="<?php echo getMLText("delete")?>" border="0"></a>
</form><br>
</form>
<form style="display: inline-block;" method="post" action="../op/op.DefaultKeywords.php" >
<?php echo createHiddenFieldWithKey('removekeywords'); ?>
<input type="Hidden" name="categoryid" value="<?php echo $category->getID()?>">
<input type="Hidden" name="keywordsid" value="<?php echo $list["id"]?>">
<input type="Hidden" name="action" value="removekeywords">
<input name="action" value="removekeywords" type="Image" src="images/del.gif" title="<?php echo getMLText("delete")?>" style="border: 0px;">
</form>
<br>
<?php } ?>
</td>
</tr>
<tr>
<form action="../op/op.DefaultKeywords.php" >
<form action="../op/op.DefaultKeywords.php" method="post">
<?php echo createHiddenFieldWithKey('newkeywords'); ?>
<td><input type="Submit" value="<?php printMLText("new_default_keywords");?>"></td>
<td>
<input type="Hidden" name="action" value="newkeywords">

86
out/out.DocumentAccess.php
View File

@ -76,7 +76,7 @@ function checkForm()
</script>
<?php
$allUsers = $dms->getAllUsers();
$allUsers = $dms->getAllUsers($settings->_sortUsersInList);
UI::contentHeading(getMLText("edit_document_access"));
UI::contentContainerStart();
@ -86,6 +86,7 @@ if ($user->isAdmin()) {
UI::contentSubHeading(getMLText("set_owner"));
?>
<form action="../op/op.DocumentAccess.php">
<?php echo createHiddenFieldWithKey('documentaccess'); ?>
<input type="Hidden" name="action" value="setowner">
<input type="Hidden" name="documentid" value="<?php print $documentid;?>">
<?php printMLText("owner");?> : <select name="ownerid">
@ -97,7 +98,7 @@ if ($user->isAdmin()) {
print "<option value=\"".$currUser->getID()."\"";
if ($currUser->getID() == $owner->getID())
print " selected";
print ">" . htmlspecialchars($currUser->getFullname()) . "</option>\n";
print ">" . htmlspecialchars($currUser->getLogin() . " - " . $currUser->getFullname()) . "</option>\n";
}
?>
</select>
@ -109,14 +110,37 @@ if ($user->isAdmin()) {
UI::contentSubHeading(getMLText("access_inheritance"));
if ($document->inheritsAccess()) {
printMLText("inherits_access_msg", array(
"copyurl" => "../op/op.DocumentAccess.php?documentid=".$documentid."&action=notinherit&mode=copy",
"emptyurl" => "../op/op.DocumentAccess.php?documentid=".$documentid."&action=notinherit&mode=empty"));
printMLText("inherits_access_msg");
?>
<p>
<form action="../op/op.DocumentAccess.php" style="display: inline-block;">
<?php echo createHiddenFieldWithKey('documentaccess'); ?>
<input type="hidden" name="documentid" value="<?php print $documentid;?>">
<input type="hidden" name="action" value="notinherit">
<input type="hidden" name="mode" value="copy">
<input type="submit" value="<?php printMLText("inherits_access_copy_msg")?>">
</form>
<form action="../op/op.DocumentAccess.php" style="display: inline-block;">
<?php echo createHiddenFieldWithKey('documentaccess'); ?>
<input type="hidden" name="documentid" value="<?php print $documentid;?>">
<input type="hidden" name="action" value="notinherit">
<input type="hidden" name="mode" value="empty">
<input type="submit" value="<?php printMLText("inherits_access_empty_msg")?>">
</form>
</p>
<?php
UI::contentContainerEnd();
UI::htmlEndPage();
exit();
}
printMLText("does_not_inherit_access_msg", array("inheriturl" => "../op/op.DocumentAccess.php?documentid=".$documentid."&action=inherit"));
?>
<form action="../op/op.DocumentAccess.php">
<?php echo createHiddenFieldWithKey('documentaccess'); ?>
<input type="hidden" name="documentid" value="<?php print $documentid;?>">
<input type="hidden" name="action" value="inherit">
<input type="submit" value="<?php printMLText("does_not_inherit_access_msg")?>">
</form>
<?php
$accessList = $document->getAccessList();
@ -124,6 +148,7 @@ UI::contentSubHeading(getMLText("default_access"));
?>
<form action="../op/op.DocumentAccess.php">
<?php echo createHiddenFieldWithKey('documentaccess'); ?>
<input type="Hidden" name="documentid" value="<?php print $documentid;?>">
<input type="Hidden" name="action" value="setdefault">
<?php printAccessModeSelection($document->getDefaultAccess()); ?>
@ -143,43 +168,63 @@ if (count($accessList["users"]) != 0 || count($accessList["groups"]) != 0) {
foreach ($accessList["users"] as $userAccess) {
$userObj = $userAccess->getUser();
$memusers[] = $userObj->getID();
print "<form action=\"../op/op.DocumentAccess.php\">\n";
print "<input type=\"Hidden\" name=\"documentid\" value=\"".$documentid."\">\n";
print "<input type=\"Hidden\" name=\"action\" value=\"editaccess\">\n";
print "<input type=\"Hidden\" name=\"userid\" value=\"".$userObj->getID()."\">\n";
print "<tr>\n";
print "<td><img src=\"images/usericon.gif\" class=\"mimeicon\"></td>\n";
print "<td>". htmlspecialchars($userObj->getFullName()) . "</td>\n";
print "<td>\n";
print "<form action=\"../op/op.DocumentAccess.php\">\n";
printAccessModeSelection($userAccess->getMode());
print "</td>\n";
print "<td><span class=\"actions\">\n";
echo createHiddenFieldWithKey('documentaccess')."\n";
print "<input type=\"Hidden\" name=\"documentid\" value=\"".$documentid."\">\n";
print "<input type=\"Hidden\" name=\"action\" value=\"editaccess\">\n";
print "<input type=\"Hidden\" name=\"userid\" value=\"".$userObj->getID()."\">\n";
print "<input type=\"Image\" class=\"mimeicon\" src=\"images/save.gif\">".getMLText("save")." ";
print "<a href=\"../op/op.DocumentAccess.php?documentid=".$documentid."&action=delaccess&userid=".$userObj->getID()."\"><img src=\"images/del.gif\" class=\"mimeicon\"></a>".getMLText("delete");
print "</span></td></tr>\n";
print "</span></td>\n";
print "</form>\n";
print "<td><span class=\"actions\">\n";
print "<form action=\"../op/op.DocumentAccess.php\">\n";
echo createHiddenFieldWithKey('documentaccess')."\n";
print "<input type=\"Hidden\" name=\"documentid\" value=\"".$documentid."\">\n";
print "<input type=\"Hidden\" name=\"action\" value=\"delaccess\">\n";
print "<input type=\"Hidden\" name=\"userid\" value=\"".$userObj->getID()."\">\n";
print "<input type=\"Image\" class=\"mimeicon\" src=\"images/del.gif\">".getMLText("delete")." ";
print "</form>\n";
print "<span></td>\n";
print "</tr>\n";
}
/* memorїze groups with access rights */
/* memorize groups with access rights */
$memgroups = array();
foreach ($accessList["groups"] as $groupAccess) {
$groupObj = $groupAccess->getGroup();
$memgroups[] = $groupObj->getID();
$mode = $groupAccess->getMode();
print "<form action=\"../op/op.DocumentAccess.php\">";
print "<input type=\"Hidden\" name=\"documentid\" value=\"".$documentid."\">";
print "<input type=\"Hidden\" name=\"action\" value=\"editaccess\">";
print "<input type=\"Hidden\" name=\"groupid\" value=\"".$groupObj->getID()."\">";
print "<tr>";
print "<td><img src=\"images/groupicon.gif\" class=\"mimeicon\"></td>";
print "<td>". htmlspecialchars($groupObj->getName()) . "</td>";
print "<form action=\"../op/op.DocumentAccess.php\">";
print "<td>";
printAccessModeSelection($groupAccess->getMode());
print "</td>\n";
print "<td><span class=\"actions\">\n";
echo createHiddenFieldWithKey('documentaccess')."\n";
print "<input type=\"Hidden\" name=\"documentid\" value=\"".$documentid."\">";
print "<input type=\"Hidden\" name=\"action\" value=\"editaccess\">";
print "<input type=\"Hidden\" name=\"groupid\" value=\"".$groupObj->getID()."\">";
print "<input type=\"Image\" class=\"mimeicon\" src=\"images/save.gif\">".getMLText("save")." ";
print "<a href=\"../op/op.DocumentAccess.php?documentid=".$documentid."&action=delaccess&groupid=".$groupObj->getID()."\"><img src=\"images/del.gif\" class=\"mimeicon\"></a>".getMLText("delete");
print "</span></td></tr>";
print "</span></td>\n";
print "</form>";
print "<td><span class=\"actions\">\n";
print "<form action=\"../op/op.DocumentAccess.php\">\n";
echo createHiddenFieldWithKey('documentaccess')."\n";
print "<input type=\"Hidden\" name=\"documentid\" value=\"".$documentid."\">\n";
print "<input type=\"Hidden\" name=\"action\" value=\"delaccess\">\n";
print "<input type=\"Hidden\" name=\"groupid\" value=\"".$groupObj->getID()."\">\n";
print "<input type=\"Image\" class=\"mimeicon\" src=\"images/del.gif\">".getMLText("delete")." ";
print "</span></td>\n";
print "</tr>\n";
print "</form>";
}
@ -187,6 +232,7 @@ if (count($accessList["users"]) != 0 || count($accessList["groups"]) != 0) {
}
?>
<form action="../op/op.DocumentAccess.php" name="form1" onsubmit="return checkForm();">
<?php echo createHiddenFieldWithKey('documentaccess'); ?>
<input type="Hidden" name="documentid" value="<?php print $documentid?>">
<input type="Hidden" name="action" value="addaccess">
<table>
@ -200,7 +246,7 @@ foreach ($allUsers as $userObj) {
if ($userObj->isGuest() || in_array($userObj->getID(), $memusers)) {
continue;
}
print "<option value=\"".$userObj->getID()."\">" . htmlspecialchars($userObj->getFullName()) . "</option>\n";
print "<option value=\"".$userObj->getID()."\">" . htmlspecialchars($currUser->getLogin() . " - " . $userObj->getFullName()) . "</option>\n";
}
?>
</select>

4
out/out.DocumentNotify.php
View File

@ -116,10 +116,10 @@ print "</table>\n";
<option value="-1"><?php printMLText("select_one");?>
<?php
if ($user->isAdmin()) {
$allUsers = $dms->getAllUsers();
$allUsers = $dms->getAllUsers($settings->_sortUsersInList);
foreach ($allUsers as $userObj) {
if (!$userObj->isGuest() && ($document->getAccessMode($userObj) >= M_READ) && !in_array($userObj->getID(), $userNotifyIDs))
print "<option value=\"".$userObj->getID()."\">" . $userObj->getFullName() . "\n";
print "<option value=\"".$userObj->getID()."\">" . htmlspecialchars($userObj->getLogin() . " - " . $userObj->getFullName()) . "\n";
}
}
elseif (!$user->isGuest() && !in_array($user->getID(), $userNotifyIDs)) {

1
out/out.EditEvent.php
View File

@ -70,6 +70,7 @@ function checkForm()
</script>
<form action="../op/op.EditEvent.php" name="form1" onsubmit="return checkForm();" method="POST">
<?php echo createHiddenFieldWithKey('editevent'); ?>
<input type="Hidden" name="eventid" value="<?php echo (int) $_GET["id"]; ?>">

2
out/out.FolderNotify.php
View File

@ -115,7 +115,7 @@ print "</table>\n";
<option value="-1"><?php printMLText("select_one");?>
<?php
if ($user->isAdmin()) {
$allUsers = $dms->getAllUsers();
$allUsers = $dms->getAllUsers($settings->_sortUsersInList);
foreach ($allUsers as $userObj) {
if (!$userObj->isGuest() && ($folder->getAccessMode($userObj) >= M_READ) && !in_array($userObj->getID(), $userNotifyIDs))
print "<option value=\"".$userObj->getID()."\">" . htmlspecialchars($userObj->getFullName()) . "\n";

15
out/out.GroupMgr.php
View File

@ -29,7 +29,7 @@ if (!$user->isAdmin()) {
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
}
$allUsers = $dms->getAllUsers();
$allUsers = $dms->getAllUsers($settings->_sortUsersInList);
if (is_bool($allUsers)) {
UI::exitError(getMLText("admin_tools"),getMLText("internal_error"));
@ -126,7 +126,8 @@ UI::contentContainerStart();
<td id="keywords0" style="display : none;">
<form action="../op/op.GroupMgr.php" name="form0_1" onsubmit="return checkForm1('0');">
<form action="../op/op.GroupMgr.php" name="form0_1" method="post" onsubmit="return checkForm1('0');">
<?php echo createHiddenFieldWithKey('addgroup'); ?>
<input type="Hidden" name="action" value="addgroup">
<table>
<tr>
@ -161,7 +162,8 @@ UI::contentContainerStart();
<?php UI::contentSubHeading(getMLText("edit_group"));?>
<form action="../op/op.GroupMgr.php" name="form<?php print $group->getID();?>_1" onsubmit="return checkForm1('<?php print $group->getID();?>');">
<form action="../op/op.GroupMgr.php" name="form<?php print $group->getID();?>_1" method="post" onsubmit="return checkForm1('<?php print $group->getID();?>');">
<?php echo createHiddenFieldWithKey('editgroup'); ?>
<input type="Hidden" name="groupid" value="<?php print $group->getID();?>">
<input type="Hidden" name="action" value="editgroup">
<table>
@ -195,8 +197,8 @@ UI::contentContainerStart();
print "<td>" . htmlspecialchars($member->getFullName()) . "</td>";
print "<td>" . ($group->isMember($member,true)?getMLText("manager"):"&nbsp;") . "</td>";
print "<td align=\"right\"><ul class=\"actions\">";
print "<li><a href=\"../op/op.GroupMgr.php?groupid=". $group->getID() . "&userid=".$member->getID()."&action=rmmember\">".getMLText("delete")."</a>";
print "<li><a href=\"../op/op.GroupMgr.php?groupid=". $group->getID() . "&userid=".$member->getID()."&action=tmanager\">".getMLText("toggle_manager")."</a>";
print "<li><form action=\"../op/op.GroupMgr.php\" method=\"post\"><input type=\"hidden\" name=\"action\" value=\"rmmember\" /><input type=\"hidden\" name=\"groupid\" value=\"".$group->getID()."\" /><input type=\"hidden\" name=\"userid\" value=\"".$member->getID()."\" />".createHiddenFieldWithKey('rmmember')."<input type=\"submit\" value=\"".getMLText("delete")."\" /></form>";
print "<li><form action=\"../op/op.GroupMgr.php\" method=\"post\"><input type=\"hidden\" name=\"groupid\" value=\"".$group->getID()."\" /><input type=\"hidden\" name=\"action\" value=\"tmanager\" /><input type=\"hidden\" name=\"userid\" value=\"".$member->getID()."\" />".createHiddenFieldWithKey('tmanager')."<input type=\"submit\" value=\"".getMLText("toggle_manager")."\" /></form>";
print "</td></tr>";
}
}
@ -210,7 +212,8 @@ UI::contentContainerStart();
?>
<form action="../op/op.GroupMgr.php" method=POST name="form<?php print $group->getID();?>_2" onsubmit="return checkForm2('<?php print $group->getID();?>');">
<form action="../op/op.GroupMgr.php" method="POST" name="form<?php print $group->getID();?>_2" onsubmit="return checkForm2('<?php print $group->getID();?>');">
<?php echo createHiddenFieldWithKey('addmember'); ?>
<input type="Hidden" name="action" value="addmember">
<input type="Hidden" name="groupid" value="<?php print $group->getID();?>">
<table width="100%">

1
out/out.RemoveArchive.php
View File

@ -41,6 +41,7 @@ UI::contentContainerStart();
?>
<form action="../op/op.RemoveArchive.php" name="form1" method="POST">
<input type="Hidden" name="arkname" value="<?php echo sanitizeString($arkname); ?>">
<?php echo createHiddenFieldWithKey('removearchive'); ?>
<p><?php printMLText("confirm_rm_backup", array ("arkname" => sanitizeString($arkname)));?></p>
<input type="Submit" value="<?php printMLText("backup_remove");?>">
</form>

1
out/out.RemoveDocument.php
View File

@ -51,6 +51,7 @@ UI::contentContainerStart();
?>
<form action="../op/op.RemoveDocument.php" name="form1" method="POST">
<input type="Hidden" name="documentid" value="<?php print $documentid;?>">
<?php echo createHiddenFieldWithKey('removedocument'); ?>
<p>
<?php printMLText("confirm_rm_document", array ("documentname" => htmlspecialchars($document->getName())));?>
</p>

1
out/out.RemoveDocumentFile.php
View File

@ -61,6 +61,7 @@ UI::contentContainerStart();
?>
<form action="../op/op.RemoveDocumentFile.php" name="form1" method="POST">
<?php echo createHiddenFieldWithKey('removedocumentfile'); ?>
<input type="Hidden" name="documentid" value="<?php echo $documentid?>">
<input type="Hidden" name="fileid" value="<?php echo $fileid?>">
<p><?php printMLText("confirm_rm_file", array ("documentname" => $document->getName(), "name" => htmlspecialchars($file->getName())));?></p>

1
out/out.RemoveDump.php
View File

@ -41,6 +41,7 @@ UI::contentContainerStart();
?>
<form action="../op/op.RemoveDump.php" name="form1" method="POST">
<input type="Hidden" name="dumpname" value="<?php echo sanitizeString($dumpname); ?>">
<?php echo createHiddenFieldWithKey('removedump'); ?>
<p><?php printMLText("confirm_rm_dump", array ("dumpname" => sanitizeString($dumpname)));?></p>
<input type="Submit" value="<?php printMLText("dump_remove");?>">
</form>

1
out/out.RemoveEvent.php
View File

@ -45,6 +45,7 @@ UI::contentContainerStart();
?>
<form action="../op/op.RemoveEvent.php" name="form1" method="POST">
<?php echo createHiddenFieldWithKey('removeevent'); ?>
<input type="Hidden" name="eventid" value="<?php echo intval($_GET["id"]); ?>">
<p><?php printMLText("confirm_rm_event", array ("name" => htmlspecialchars($event["name"])));?></p>
<input type="Submit" value="<?php printMLText("delete");?>">

3
out/out.RemoveFolder.php
View File

@ -52,9 +52,10 @@ UI::contentHeading(getMLText("rm_folder"));
UI::contentContainerStart();
?>
<form action="../op/op.RemoveFolder.php" name="form1">
<form action="../op/op.RemoveFolder.php" method="post" name="form1">
<input type="Hidden" name="folderid" value="<?php print $folderid;?>">
<input type="Hidden" name="showtree" value="<?php echo showtree();?>">
<?php echo createHiddenFieldWithKey('removefolder'); ?>
<p>
<?php printMLText("confirm_rm_folder", array ("foldername" => htmlspecialchars($folder->getName())));?>
</p>

1
out/out.RemoveFolderFiles.php
View File

@ -46,6 +46,7 @@ UI::contentContainerStart();
?>
<form action="../op/op.RemoveFolderFiles.php" name="form1" method="POST">
<?php echo createHiddenFieldWithKey('removefolderfiles'); ?>
<input type="Hidden" name="folderid" value="<?php echo $folderid?>">
<p><?php printMLText("confirm_rm_folder_files", array ("foldername" => htmlspecialchars($folder->getName())));?></p>
<input type="Submit" value="<?php printMLText("accept");?>">

1
out/out.RemoveGroup.php
View File

@ -48,6 +48,7 @@ UI::contentContainerStart();
<form action="../op/op.GroupMgr.php" name="form1" method="POST">
<input type="Hidden" name="groupid" value="<?php print $groupid;?>">
<input type="Hidden" name="action" value="removegroup">
<?php echo createHiddenFieldWithKey('removegroup'); ?>
<p>
<?php printMLText("confirm_rm_group", array ("groupname" => htmlspecialchars($currGroup->getName())));?>
</p>

1
out/out.RemoveLog.php
View File

@ -40,6 +40,7 @@ UI::contentContainerStart();
?>
<form action="../op/op.RemoveLog.php" name="form1" method="POST">
<?php echo createHiddenFieldWithKey('removelog'); ?>
<input type="Hidden" name="logname" value="<?php echo $logname?>">
<p><?php printMLText("confirm_rm_log", array ("logname" => $logname));?></p>
<input type="Submit" value="<?php printMLText("rm_file");?>">

3
out/out.RemoveUser.php
View File

@ -53,6 +53,7 @@ UI::contentContainerStart();
<form action="../op/op.UsrMgr.php" name="form1" method="POST">
<input type="Hidden" name="userid" value="<?php print $userid;?>">
<input type="Hidden" name="action" value="removeuser">
<?php echo createHiddenFieldWithKey('removeuser'); ?>
<p>
<?php printMLText("confirm_rm_user", array ("username" => htmlspecialchars($currUser->getFullName())));?>
</p>
@ -61,7 +62,7 @@ UI::contentContainerStart();
<?php printMLText("assign_user_property_to"); ?> :
<select name="assignTo">
<?php
$users = $dms->getAllUsers();
$users = $dms->getAllUsers($settings->_sortUsersInList);
foreach ($users as $currUser) {
if ($currUser->isGuest() || ($currUser->getID() == $userid) )
continue;

8
out/out.SearchForm.php
View File

@ -139,12 +139,12 @@ foreach ($allCats as $catObj) {
<select name="ownerid">
<option value="-1"><?php printMLText("all_users");?>
<?php
$allUsers = $dms->getAllUsers();
$allUsers = $dms->getAllUsers($settings->_sortUsersInList);
foreach ($allUsers as $userObj)
{
if ($userObj->isGuest())
continue;
print "<option value=\"".$userObj->getID()."\">" . htmlspecialchars($userObj->getFullName()) . "\n";
print "<option value=\"".$userObj->getID()."\">" . htmlspecialchars($userObj->getLogin()." - ".$userObj->getFullName()) . "\n";
}
?>
</select>
@ -232,12 +232,12 @@ foreach ($allCats as $catObj) {
<select name="ownerid">
<option value="-1"><?php printMLText("all_users");?>
<?php
$allUsers = $dms->getAllUsers();
$allUsers = $dms->getAllUsers($settings->_sortUsersInList);
foreach ($allUsers as $userObj)
{
if ($userObj->isGuest())
continue;
print "<option value=\"".$userObj->getID()."\">" . htmlspecialchars($userObj->getFullName()) . "\n";
print "<option value=\"".$userObj->getID()."\">" . htmlspecialchars($userObj->getLogin()." - ".$userObj->getFullName()) . "\n";
}
?>
</select>

8
out/out.Settings.php
View File

@ -26,6 +26,10 @@ if (!$user->isAdmin()) {
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
}
/* Set an encryption key if is not set */
if(!trim($settings->_encryptionKey))
$settings->_encryptionKey = md5(uniqid());
UI::htmlStartPage(getMLText("admin_tools"));
UI::globalNavigation();
UI::pageNavigation(getMLText("admin_tools"), "admin_tools");
@ -306,6 +310,10 @@ if(!is_writeable($settings->_configFilePath)) {
<td><?php printMLText("settings_loginFailure");?>:</td>
<td><input name="loginFailure" value="<?php echo $settings->_loginFailure; ?>" size="2" /></td>
</tr>
<tr title="<?php printMLText("settings_encryptionKey_desc");?>">
<td><?php printMLText("settings_encryptionKey");?>:</td>
<td><input name="encryptionKey" value="<?php echo $settings->_encryptionKey; ?>" size="32" /></td>
</tr>
<!-- TODO Connectors -->

5
out/out.UserList.php
View File

@ -32,9 +32,8 @@ UI::pageNavigation(getMLText("admin_tools"), "admin_tools");
UI::contentHeading(getMLText("user_list"));
UI::contentContainerStart();
$users = getAllUsers();
for ($i = 0; $i < count($users); $i++) {
$currUser = $users[$i];
$users = $dms->getAllUsers($settings->_sortUsersInList);
foreach ($users as $currUser) {
if ($currUser->isGuest())
continue;

2
out/out.UsrMgr.php
View File

@ -118,6 +118,7 @@ UI::contentContainerStart();
<td id="keywords0" style="display : none;">
<form action="../op/op.UsrMgr.php" method="post" enctype="multipart/form-data" name="form0" onsubmit="return checkForm('0');">
<?php echo createHiddenFieldWithKey('adduser'); ?>
<input type="Hidden" name="action" value="adduser">
<table>
<tr>
@ -256,6 +257,7 @@ UI::contentContainerStart();
<?php UI::contentSubHeading(getMLText("edit_user"));?>
<form action="../op/op.UsrMgr.php" method="post" enctype="multipart/form-data" name="form<?php print $currUser->getID();?>" onsubmit="return checkForm('<?php print $currUser->getID();?>');">
<?php echo createHiddenFieldWithKey('edituser'); ?>
<input type="Hidden" name="userid" value="<?php print $currUser->getID();?>">
<input type="Hidden" name="action" value="edituser">
<table>

4
out/out.ViewDocument.php
View File

@ -418,7 +418,7 @@ if (count($files) > 0) {
print "<td><span class=\"actions\">";
if (($document->getAccessMode($user) == M_ALL)||($file->getUserID()==$user->getID()))
print "<a href=\"../out/out.RemoveDocumentFile.php?documentid=".$documentid."&fileid=".$file->getID()."\">".getMLText("delete")."</a>";
print "<form action=\"../out/out.RemoveDocumentFile.php\" method=\"get\"><input type=\"hidden\" name=\"documentid\" value=\"".$documentid."\" /><input type=\"hidden\" name=\"fileid\" value=\"".$file->getID()."\" /><input type=\"submit\" value=\"".getMLText("delete")."\" /></form>";
print "</span></td>";
print "</tr>";
@ -463,7 +463,7 @@ if (count($links) > 0) {
print "</td>";
print "<td><span class=\"actions\">";
if (($user->getID() == $responsibleUser->getID()) || ($document->getAccessMode($user) == M_ALL ))
print "<a href=\"../op/op.RemoveDocumentLink.php?documentid=".$documentid."&linkid=".$link->getID()."\">".getMLText("delete")."</a>";
print "<form action=\"../op/op.RemoveDocumentLink.php\" method=\"post\">".createHiddenFieldWithKey('removedocumentlink')."<input type=\"hidden\" name=\"documentid\" value=\"".$documentid."\" /><input type=\"hidden\" name=\"linkid\" value=\"".$link->getID()."\" /><input type=\"submit\" value=\"".getMLText("delete")."\" /></form>";
print "</span></td>";
print "</tr>";
}

122
update/update.php
View File

@ -1,122 +0,0 @@
<?php
// MyDMS. Document Management System
// Copyright (C) 2002-2005 Markus Westphal
// Copyright (C) 2006-2008 Malcolm Cowe
// Copyright (C) 2010 Matteo Lucarelli
//
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation; either version 2 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
include("../inc/inc.Settings.php");
include("../inc/inc.AccessUtils.php");
include("../inc/inc.ClassAccess.php");
include("../inc/inc.ClassDocument.php");
include("../inc/inc.ClassFolder.php");
include("../inc/inc.ClassGroup.php");
include("../inc/inc.ClassUser.php");
include("../inc/inc.DBAccess.php");
include("../inc/inc.FileUtils.php");
include("../inc/inc.Authentication.php");
print "<html></body>";
if (!$user->isAdmin()) {
print "<b>ERROR: You must be administrator to execute the update</b>";
die;
}
function update_content()
{
GLOBAL $db,$settings;
// create temp folder
if (!makedir($settings->_contentDir."/temp")) return false;
// for all contents
$queryStr = "SELECT * FROM tblDocumentContent";
$contents = $db->getResultArray($queryStr);
if (is_bool($contents)&&!$contents) return false;
for ($i=0;$i<count($contents);$i++){
// create temp/documentID folder
if (!makedir($settings->_contentDir."/temp/".$contents[$i]["document"]) return false;
// move every content in temp/documentID/version.fileType
$source = $settings->_contentDir."/".$settings->_contentOffsetDir."/".$i."/data".$contents[$i]["fileType"];
$target = $settings->_contentDir."/temp/".$contents[$i]["document"]."/".$contents[$i]["version"].$contents[$i]["fileType"];
if (!copyFile($source, $target) return false;
}
// change directory
if (!renameDir($settings->_contentDir."/".$settings->_contentOffsetDir,$settings->_contentDir."/old") return false;
if (!renameDir($settings->_contentDir."/temp",$settings->_contentDir."/".$settings->_contentOffsetDir) return false;
return true;
}
function update_db()
{
GLOBAL $db,$settings;
// for all contents
$queryStr = "SELECT * FROM tblDocumentContent";
$contents = $db->getResultArray($queryStr);
if (is_bool($contents)&&!$contents) return false;
for ($i=0;$i<count($contents);$i++){
$queryStr = "UPDATE tblDocumentContent set dir = ". $settings->_contentOffsetDir."/".$contents[$i]["document"]." WHERE id = ".$i;
if (!$db->getResult($queryStr)) return false;
}
// run the update-2.0.sql
$fd = fopen ("update.sql", "r");
if (is_bool($fd)&&!$fd) return false;
$queryStr = fread($fd, filesize("update.sql"));
if (is_bool($queryStr)&&!$queryStr) return false;
fclose ($fd);
if (!$db->getResult($queryStr)) return false;
return true;
}
print "<b>Updating ...please wait</b><br>";
if (!update_content()) {
print "<b>ERROR: An error occurred during the directory reordering</b>";
die;
}
if (!update_db()) {
print "<b>ERROR: An error occurred during the DB update</b>";
die;
}
print "<b>Update done</b><br>";
print "</body></html>";
?>

33
update/update.sql
View File

@ -1,33 +0,0 @@
-- mysql -uroot -ppassword mydms < update-2.0.sql
-- --------------------------------------------------------
--
-- New table for document-related files
--
CREATE TABLE `tblDocumentFiles` (
`id` int(11) NOT NULL auto_increment,
`document` int(11) NOT NULL default '0',
`userID` int(11) NOT NULL default '0',
`comment` text,
`name` varchar(150) default NULL,
`date` int(12) default NULL,
`dir` varchar(255) NOT NULL default '',
`orgFileName` varchar(150) NOT NULL default '',
`fileType` varchar(10) NOT NULL default '',
`mimeType` varchar(70) NOT NULL default '',
PRIMARY KEY (`id`)
) ;
-- --------------------------------------------------------
--
-- Not longer required by new filesystem structure
--
DROP TABLE `tblDirPath`;
DROP TABLE `tblPathList`;