From 32c09408d4eac3a241105af316f9682698cb49f9 Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Tue, 12 Feb 2019 18:42:52 +0100
Subject: [PATCH 1/3] check if param 'limit' in doSearchByAttr() is set, before
 using it

---
 restapi/index.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/restapi/index.php b/restapi/index.php
index 85f24cb67..a5ef9c897 100644
--- a/restapi/index.php
+++ b/restapi/index.php
@@ -1277,7 +1277,7 @@ function doSearchByAttr($request, $response) { /* {{{ */
     $params = $request->getQueryParams();
     $attrname = $params['name'];
     $query = $params['value'];
-    if(!$limit = $params['limit'])
+    if(empty($params['limit']) || !$limit = $params['limit'])
         $limit = 50;
     $attrdef = $dms->getAttributeDefinitionByName($attrname);
     $entries = array();

From 6e2fa5022aad7c9520a2b7c05fd79a8d43e6919d Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Tue, 12 Feb 2019 21:37:21 +0100
Subject: [PATCH 2/3] add addDocumentLink()

---
 restapi/index.php | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/restapi/index.php b/restapi/index.php
index a5ef9c897..078a23f2e 100644
--- a/restapi/index.php
+++ b/restapi/index.php
@@ -749,6 +749,36 @@ function uploadDocumentFile($request, $response, $args) { /* {{{ */
     }
 } /* }}} */
 
+function addDocumentLink($request, $response, $args) { /* {{{ */
+    global $dms, $userobj;
+
+    if(!$userobj) {
+        return $response->withJson(array('success'=>false, 'message'=>'Not logged in', 'data'=>''), 403);
+    }
+
+    if(!ctype_digit($args['id']) || $args['id'] == 0) {
+        return $response->withJson(array('success'=>false, 'message'=>'No source document given', 'data'=>''), 400);
+        return;
+    }
+    $sourcedoc = $dms->getDocument($args['id']);
+    $targetdoc = $dms->getDocument($args['documentid']);
+    if($sourcedoc && $targetdoc) {
+        if($sourcedoc->getAccessMode($userobj, 'addDocumentLink') >= M_READ) {
+					$params = $request->getParsedBody();
+					  $public = !isset($params['public']) ? true : false;
+						if ($sourcedoc->addDocumentLink($targetdoc->getId(), $userobj->getID(), $public)){
+                return $response->withJson(array('success'=>true, 'message'=>'', 'data'=>$rec), 201);
+						} else {
+								return $response->withJson(array('success'=>false, 'message'=>'Could not create document link', 'data'=>''), 500);
+						}
+        } else {
+            return $response->withJson(array('success'=>false, 'message'=>'No access on source document', 'data'=>''), 403);
+        }
+    } else {
+        return $response->withJson(array('success'=>false, 'message'=>'Could not find source or target document', 'data'=>''), 500);
+    }
+} /* }}} */
+
 function getDocument($request, $response, $args) { /* {{{ */
     global $dms, $userobj;
     $document = $dms->getDocument($args['id']);
@@ -1975,6 +2005,7 @@ $app->get('/document/{id}/version/{version}', 'getDocumentVersion');
 $app->get('/document/{id}/files', 'getDocumentFiles');
 $app->get('/document/{id}/file/{fileid}', 'getDocumentFile');
 $app->get('/document/{id}/links', 'getDocumentLinks');
+$app->post('/document/{id}/link/{documentid}', 'addDocumentLink');
 $app->get('/document/{id}/attributes', 'getDocumentAttributes');
 $app->get('/document/{id}/preview/{version}/{width}', 'getDocumentPreview');
 $app->delete('/document/{id}/categories', 'removeDocumentCategories');

From 9729d211eb42e33fd89eae9666ea9a0a483f641e Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Wed, 13 Feb 2019 06:38:56 +0100
Subject: [PATCH 3/3] add missing `` in sql statement

---
 SeedDMS_Core/Core/inc.ClassDocument.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/SeedDMS_Core/Core/inc.ClassDocument.php b/SeedDMS_Core/Core/inc.ClassDocument.php
index ea33030ce..6680f6d9d 100644
--- a/SeedDMS_Core/Core/inc.ClassDocument.php
+++ b/SeedDMS_Core/Core/inc.ClassDocument.php
@@ -3961,7 +3961,7 @@ class SeedDMS_Core_DocumentContent extends SeedDMS_Core_Object { /* {{{ */
 
 		if (!$this->_workflowState) {
 			$queryStr=
-				"SELECT b.* FROM `tblWorkflowDocumentContent` a LEFT JOIN `tblWorkflowStates` b ON a.`state` = b.id WHERE `workflow`=". intval($this->_workflow->getID())
+				"SELECT b.* FROM `tblWorkflowDocumentContent` a LEFT JOIN `tblWorkflowStates` b ON a.`state` = b.`id` WHERE `workflow`=". intval($this->_workflow->getID())
 				." AND a.`version`='".$this->_version
 				."' AND a.`document` = '". $this->_document->getID() ."' ";
 			$recs = $db->getResultArray($queryStr);
@@ -4016,7 +4016,7 @@ class SeedDMS_Core_DocumentContent extends SeedDMS_Core_Object { /* {{{ */
 
 		if (!isset($this->_workflow)) {
 			$queryStr=
-				"SELECT b.* FROM `tblWorkflowDocumentContent` a LEFT JOIN `tblWorkflows` b ON a.`workflow` = b.id WHERE a.`version`='".$this->_version
+				"SELECT b.* FROM `tblWorkflowDocumentContent` a LEFT JOIN `tblWorkflows` b ON a.`workflow` = b.`id` WHERE a.`version`='".$this->_version
 				."' AND a.`document` = '". $this->_document->getID() ."' "
 				." ORDER BY `date` DESC LIMIT 1";
 			$recs = $db->getResultArray($queryStr);