function setHumanName($sHumanName) { $this->sHumanName = sanitizeForSQL($sHumanName); }
private function updatePendingDocumentStatus($documentId, $message, $level) { $this->indexingHistory .= "\n" . $level . ': ' . $message; $message = sanitizeForSQL($this->indexingHistory); $sql = "UPDATE index_files SET status_msg='{$message}' WHERE document_id={$documentId}"; DBUtil::runQuery($sql); }
/** * This updates the system metadata on the document. * * @author KnowledgeTree Team * @access public * @param array $sysdata The system metadata to be applied * @return void|PEAR_Error Returns nothing on success | a PEAR_Error on failure */ function update_sysdata($sysdata) { global $default; if (empty($sysdata)) { return; } $owner_mapping = array('created_by' => 'creator_id', 'modified_by' => 'modified_user_id', 'owner' => 'owner_id'); $documents = array(); $document_content = array(); $indexContent = null; $uniqueOemNo = false; foreach ($sysdata as $rec) { if (is_object($rec)) { $name = $rec->name; $value = sanitizeForSQL($rec->value); } elseif (is_array($rec)) { $name = $rec['name']; $value = sanitizeForSQL($rec['value']); } else { // just ignore continue; } switch (strtolower($name)) { case 'unique_oem_document_no': $documents['oem_no'] = $value; $uniqueOemNo = true; break; case 'oem_document_no': $documents['oem_no'] = $value; break; case 'index_content': $indexContent = $value; break; case 'created_date': if (!empty($value)) { $documents['created'] = $value; } break; case 'modified_date': if (!empty($value)) { $documents['modified'] = $value; } break; case 'is_immutable': $documents['immutable'] = in_array(strtolower($value), array('1', 'true', 'on', 'yes')) ? '1' : '0'; break; case 'filename': $value = KTUtil::replaceInvalidCharacters($value); $document_content['filename'] = $value; break; case 'major_version': $document_content['major_version'] = $value; break; case 'minor_version': $document_content['minor_version'] = $value; break; case 'version': $version = number_format($value + 0, 5); list($major_version, $minor_version) = explode('.', $version); $document_content['major_version'] = $major_version; $document_content['minor_version'] = $minor_version; break; case 'mime_type': $sql = "select id from mime_types where mimetypes='{$value}'"; $value = DBUtil::getResultArray($sql); if (PEAR::isError($value)) { $default->log->error("Problem resolving mime type '{$value}' for document id {$this->documentid}. Reason: " . $value->getMessage()); return $value; } if (count($value) == 0) { $default->log->error("Problem resolving mime type '{$value}' for document id {$this->documentid}. None found."); break; } $value = $value[0]['id']; $document_content['mime_id'] = $value; break; case 'owner': case 'created_by': case 'modified_by': $sql = "select id from users where name='{$value}'"; $userId = DBUtil::getResultArray($sql); if (PEAR::isError($userId)) { $default->log->error("Problem resolving user '{$value}' for document id {$this->documentid}. Reason: " . $userId->getMessage()); return $userId; } if (empty($userId)) { $sql = "select id from users where username='******'"; $userId = DBUtil::getResultArray($sql); if (PEAR::isError($userId)) { $default->log->error("Problem resolving username '{$value}' for document id {$this->documentid}. Reason: " . $userId->getMessage()); return $userId; } } if (empty($userId)) { $default->log->error("Problem resolving user based on '{$value}' for document id {$this->documentid}. No user found"); // if not found, not much we can do break; } $userId = $userId[0]; $userId = $userId['id']; $name = $owner_mapping[$name]; $documents[$name] = $userId; break; default: $default->log->error("Problem updating field '{$name}' with value '{$value}' for document id {$this->documentid}. Field is unknown."); // TODO: we should do some logging //return new PEAR_Error('Unexpected field: ' . $name); } } if (count($documents) > 0) { $sql = "UPDATE documents SET "; $i = 0; foreach ($documents as $name => $value) { if ($i++ > 0) { $sql .= ","; } $value = sanitizeForSQL($value); $sql .= "{$name}='{$value}'"; } $sql .= " WHERE id={$this->documentid}"; $result = DBUtil::runQuery($sql); if (PEAR::isError($result)) { return $result; } if ($uniqueOemNo) { $oem_no = sanitizeForSQL($documents['oem_no']); $sql = "UPDATE documents SET oem_no=null WHERE oem_no = '{$oem_no}' AND id != {$this->documentid}"; $result = DBUtil::runQuery($sql); } } if (count($document_content) > 0) { $content_id = $this->document->getContentVersionId(); $sql = "UPDATE document_content_version SET "; $i = 0; foreach ($document_content as $name => $value) { if ($i++ > 0) { $sql .= ","; } $value = sanitizeForSQL($value); $sql .= "{$name}='{$value}'"; } $sql .= " WHERE id={$content_id}"; $result = DBUtil::runQuery($sql); if (PEAR::isError($result)) { return $result; } } if (!is_null($indexContent)) { $indexer = Indexer::get(); $result = $indexer->diagnose(); if (empty($result)) { $indexer->updateDocumentIndex($this->documentid, $indexContent); } else { $default->log->error("Problem updating index with value '{$value}' for document id {$this->documentid}. Problem with indexer."); } } }
function do_main() { // fix legacy, broken items. if (KTUtil::arrayGet($_REQUEST, 'fDocumentID', true) !== true) { $_REQUEST['fDocumentId'] = sanitizeForSQL(KTUtil::arrayGet($_REQUEST, 'fDocumentID')); unset($_REQUEST['fDocumentID']); } $document_data = array(); $document_id = sanitizeForSQL(KTUtil::arrayGet($_REQUEST, 'fDocumentId')); if ($document_id === null) { $this->oPage->addError(sprintf(_kt("No document was requested. Please <a href=\"%s\">browse</a> for one."), KTBrowseUtil::getBrowseBaseUrl())); return $this->do_error(); } // try get the document. $oDocument =& Document::get($document_id); if (PEAR::isError($oDocument)) { $this->oPage->addError(sprintf(_kt("The document you attempted to retrieve is invalid. Please <a href=\"%s\">browse</a> for one."), KTBrowseUtil::getBrowseBaseUrl())); $this->oPage->booleanLink = true; return $this->do_error(); } $document_id = $oDocument->getId(); $document_data['document_id'] = $oDocument->getId(); if (!KTBrowseUtil::inAdminMode($this->oUser, $oDocument->getFolderId())) { if ($oDocument->getStatusID() == ARCHIVED) { $this->oPage->addError(_kt('This document has been archived. Please contact the system administrator to have it restored if it is still needed.')); return $this->do_request($oDocument); } else { if ($oDocument->getStatusID() == DELETED) { $this->oPage->addError(_kt('This document has been deleted. Please contact the system administrator to have it restored if it is still needed.')); return $this->do_error(); } else { if (!Permission::userHasDocumentReadPermission($oDocument)) { $this->oPage->addError(_kt('You are not allowed to view this document')); return $this->permissionDenied(); } } } } if ($oDocument->getStatusID() == ARCHIVED) { $this->oPage->addError(_kt('This document has been archived.')); } else { if ($oDocument->getStatusID() == DELETED) { $this->oPage->addError(_kt('This document has been deleted.')); } } $this->oPage->setSecondaryTitle($oDocument->getName()); $aOptions = array('documentaction' => 'viewDocument', 'folderaction' => 'browse'); $this->oDocument =& $oDocument; //Figure out if we came here by navigating trough a shortcut. //If we came here from a shortcut, the breadcrumbspath should be relative //to the shortcut folder. $iSymLinkFolderId = KTUtil::arrayGet($_REQUEST, 'fShortcutFolder', null); if (is_numeric($iSymLinkFolderId)) { $oBreadcrumbsFolder = Folder::get($iSymLinkFolderId); $aOptions['final'] = false; $this->aBreadcrumbs = kt_array_merge($this->aBreadcrumbs, KTBrowseUtil::breadcrumbsForFolder($oBreadcrumbsFolder, $aOptions)); $this->aBreadcrumbs[] = array('name' => $this->oDocument->getName()); } else { $this->aBreadcrumbs = kt_array_merge($this->aBreadcrumbs, KTBrowseUtil::breadcrumbsForDocument($oDocument, $aOptions, $iSymLinkFolderId)); } $this->oPage->setBreadcrumbDetails(_kt('document details')); $this->addPortlets('Document Details'); $document_data['document'] = $oDocument; $document_data['document_type'] =& DocumentType::get($oDocument->getDocumentTypeID()); $is_valid_doctype = true; if (PEAR::isError($document_data['document_type'])) { $this->oPage->addError(_kt('The document you requested has an invalid <strong>document type</strong>. Unfortunately, this means that we cannot effectively display it.')); $is_valid_doctype = false; } // we want to grab all the md for this doc, since its faster that way. $mdlist =& DocumentFieldLink::getByDocument($oDocument); $field_values = array(); foreach ($mdlist as $oFieldLink) { $field_values[$oFieldLink->getDocumentFieldID()] = $oFieldLink->getValue(); } //var_dump($field_values); $document_data['field_values'] = $field_values; // Fieldset generation. // // we need to create a set of FieldsetDisplay objects // that adapt the Fieldsets associated with this lot // to the view (i.e. ZX3). Unfortunately, we don't have // any of the plumbing to do it, so we handle this here. $fieldsets = array(); // we always have a generic. array_push($fieldsets, new GenericFieldsetDisplay()); $fieldsetDisplayReg =& KTFieldsetDisplayRegistry::getSingleton(); $aDocFieldsets = KTMetadataUtil::fieldsetsForDocument($oDocument); foreach ($aDocFieldsets as $oFieldset) { $displayClass = $fieldsetDisplayReg->getHandler($oFieldset->getNamespace()); array_push($fieldsets, new $displayClass($oFieldset)); } $checkout_user = '******'; if ($oDocument->getIsCheckedOut() == 1) { $oCOU = User::get($oDocument->getCheckedOutUserId()); if (!(PEAR::isError($oCOU) || $oCOU == false)) { $checkout_user = $oCOU->getName(); } } // is the checkout action active? $bCanCheckin = false; foreach ($this->actions as $oDocAction) { $sActName = $oDocAction->sName; if ($sActName == 'ktcore.actions.document.cancelcheckout') { if ($oDocAction->getInfo()) { $bCanCheckin = true; } } } // viewlets. $aViewlets = array(); $aViewletActions = KTDocumentActionUtil::getDocumentActionsForDocument($this->oDocument, $this->oUser, 'documentviewlet'); foreach ($aViewletActions as $oAction) { $aInfo = $oAction->getInfo(); if ($aInfo !== null) { $aViewlets[] = $oAction->display_viewlet(); // use the action, since we display_viewlet() later. } } $viewlet_data = implode(' ', $aViewlets); $viewlet_data = trim($viewlet_data); $content_class = 'view'; if (!empty($viewlet_data)) { $content_class = 'view withviewlets'; } $this->oPage->setContentClass($content_class); $oTemplating =& KTTemplating::getSingleton(); $oTemplate = $oTemplating->loadTemplate('ktcore/document/view'); $aTemplateData = array('context' => $this, 'sCheckoutUser' => $checkout_user, 'isCheckoutUser' => $this->oUser->getId() == $oDocument->getCheckedOutUserId(), 'canCheckin' => $bCanCheckin, 'document_id' => $document_id, 'document' => $oDocument, 'documentName' => $oDocument->getName(), 'document_data' => $document_data, 'fieldsets' => $fieldsets, 'viewlet_data' => $viewlet_data); //return '<pre>' . print_r($aTemplateData, true) . '</pre>'; return $oTemplate->render($aTemplateData); }
public static function updateQuery($iSavedId, $txtQuery, $userID) { $txtQuery = sanitizeForSQL($txtQuery); $iSavedId = sanitizeForSQL($iSavedId); $sql = "UPDATE search_saved SET expression='{$txtQuery}' WHERE id={$iSavedId}"; if (!Permission::userIsSystemAdministrator($userID)) { $sql .= " AND user_id = {$userID}"; } $result = DBUtil::runQuery($sql); if (PEAR::isError($result)) { AjaxSearchHelper::createResponse(AjaxSearchHelper::STATUS_INTERNAL); } AjaxSearchHelper::createResponse(AjaxSearchHelper::STATUS_SUCCESS); }
function setName($sName) { $this->sName = sanitizeForSQL($sName); }
public function __construct() { parent::KTStandardDispatcher(); $this->curUserId = $_SESSION['userID']; $this->sysAdmin = Permission::userIsSystemAdministrator(); if (array_key_exists('fSavedSearchId', $_GET)) { $this->savedSearchId = sanitizeForSQL($_GET['fSavedSearchId']); } }
public static function getDocumentTypeFieldsets($documentTypeID) { $documentTypeID = sanitizeForSQL($documentTypeID); $sql = "SELECT\n\t\t\t\t\tfs.id, fs.name, fs.description\n\t\t\t\tFROM\n\t\t\t\t\tfieldsets fs LEFT JOIN document_type_fieldsets_link dtfl ON dtfl.fieldset_id=fs.id\n\t\t\t\tWHERE\n\t\t\t\t\tfs.disabled=0 AND (dtfl.document_type_id={$documentTypeID} OR fs.is_generic=1)"; $rs = DBUtil::getResultArray($sql); return $rs; }
function do_main() { $aErrorOptions = array("message" => _kt("Please provide a search term")); $searchable_text = sanitizeForSQL(KTUtil::arrayGet($_REQUEST, "fSearchableText")); $this->oValidator->notEmpty($searchable_text, $aErrorOptions); $collection = new AdvancedCollection(); $oColumnRegistry = KTColumnRegistry::getSingleton(); $aColumns = $oColumnRegistry->getColumnsForView('ktcore.views.search'); $collection->addColumns($aColumns); // set a view option $aTitleOptions = array('documenturl' => $GLOBALS['KTRootUrl'] . '/view.php', 'direct_folder' => true); $collection->setColumnOptions('ktcore.columns.title', $aTitleOptions); // set the selection options $collection->setColumnOptions('ktcore.columns.selection', array('rangename' => 'selection', 'show_folders' => true, 'show_documents' => true)); $aOptions = $collection->getEnvironOptions(); // extract data from the environment $aOptions['return_url'] = KTUtil::addQueryStringSelf("fSearchableText=" . urlencode($searchable_text)); $aOptions['empty_message'] = _kt("No documents or folders match this query."); $aOptions['is_browse'] = true; $collection->setOptions($aOptions); $collection->setQueryObject(new SimpleSearchQuery($searchable_text)); $oTemplating =& KTTemplating::getSingleton(); $oTemplate = $oTemplating->loadTemplate("kt3/browse"); $aTemplateData = array("context" => $this, "collection" => $collection, 'isEditable' => true, 'bulkactions' => KTBulkActionUtil::getAllBulkActions(), 'browseutil' => new KTBrowseUtil(), 'returnaction' => 'simpleSearch', 'returndata' => $searchable_text); return $oTemplate->render($aTemplateData); }
/** * This function will return a folder by it's name (not ID) * * @author KnowledgeTree Team * @access public * @param KTAPI $ktapi * @param string $foldername * @param int $folderid * @return KTAPI_Folder */ function _get_folder_by_name($ktapi, $foldername, $folderid) { $foldername = trim($foldername); if (empty($foldername)) { return new PEAR_Error('A valid folder name must be specified.'); } $split = explode('/', $foldername); foreach ($split as $foldername) { if (empty($foldername)) { continue; } $foldername = KTUtil::replaceInvalidCharacters($foldername); $foldername = sanitizeForSQL($foldername); $sql = "SELECT id FROM folders WHERE\n\t\t\t\t\t(name='{$foldername}' and parent_id={$folderid}) OR\n\t\t\t\t\t(name='{$foldername}' and parent_id is null and {$folderid}=1)"; $row = DBUtil::getOneResult($sql); if (is_null($row) || PEAR::isError($row)) { return new KTAPI_Error(KTAPI_ERROR_FOLDER_INVALID, $row); } $folderid = $row['id']; } return KTAPI_Folder::get($ktapi, $folderid); }
/** * Returns the version id for the associated version number * * @param int $document_id * @param string $version_number * @return int */ function get_url_version_number($document_id, $version_number) { $ktapi_session = $this->get_session(); if (is_null($ktapi_session) || PEAR::isError($ktapi_session)) { $error = new PEAR_Error(KTAPI_ERROR_SESSION_INVALID); return $error; } $document_id = sanitizeForSQL($document_id); $version_number = sanitizeForSQL($version_number); $pos = strpos($version_number, "."); $major = substr($version_number, 0, $pos); $minor = substr($version_number, $pos + 1); $sql = "SELECT id FROM document_content_version WHERE document_id = {$document_id} AND major_version = '{$major}' AND minor_version = '{$minor}'"; $row = DBUtil::getOneResult($sql); $row = (int) $row['id']; if (is_null($row) || PEAR::isError($row)) { $row = new KTAPI_Error(KTAPI_ERROR_INTERNAL_ERROR, $row); } return $row; }