[Fusionforge-commits] FusionForge branch master updated. v6.0.5-1254-g079de95

Franck Villaume nerville at libremir.placard.fr.eu.org
Sun Dec 18 19:55:47 CET 2016


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "FusionForge".

The branch, master has been updated
       via  079de957ed370bba7783414aff6e795d005ed453 (commit)
      from  cd113f8fb90dbafdc6dd371de440ea24234eaaf9 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://scm.fusionforge.org/anonscm/gitweb/?p=fusionforge/fusionforge.git;a=commitdiff;h=079de957ed370bba7783414aff6e795d005ed453

commit 079de957ed370bba7783414aff6e795d005ed453
Author: Franck Villaume <franck.villaume at trivialdev.com>
Date:   Sun Dec 18 19:55:31 2016 +0100

    fix description in version, sanitize input

diff --git a/src/common/docman/DocumentVersionFactory.class.php b/src/common/docman/DocumentVersionFactory.class.php
index 5178802..df6591f 100644
--- a/src/common/docman/DocumentVersionFactory.class.php
+++ b/src/common/docman/DocumentVersionFactory.class.php
@@ -87,9 +87,8 @@ class DocumentVersionFactory extends FFError {
 					$isHtml = 1;
 				}
 				$new_description = util_gen_cross_ref($arr['description'], $this->Document->Group->getID());
-				$new_description = nl2br($new_description);
-				$arr['description'] = $new_description;
-				$arr['versionactions'][] = util_make_link('#', $HTML->getEditFilePic(_('Edit this version'), 'editversion'), array('id' => 'version_action_edit', 'onclick' => 'javascript:controllerListFile.toggleEditVersionView({title: \''.addslashes($arr['title']).'\', description: '.json_encode($arr['description']).', version: '.ltrim($arr['version'], '_').', current_version: '.$arr['current_version'].', isURL: '.$isURL.', isText: '.$isText.', isHtml: '.$isHtml.', filename: \''.addslashes($arr['filename']).'\', vcomment: \''.addslashes($arr['vcomment']).'\', docid: '.$arr['docid'].', groupId: '.$this->Document->Group->getID().'})'), true);
+				$arr['new_description'] = nl2br($new_description);
+				$arr['versionactions'][] = util_make_link('#', $HTML->getEditFilePic(_('Edit this version'), 'editversion'), array('id' => 'version_action_edit', 'onclick' => 'javascript:controllerListFile.toggleEditVersionView({title: \''.addslashes($arr['title']).'\', description: '.json_encode($arr['description']).', new_description: '.json_encode($arr['new_description']).', version: '.ltrim($arr['version'], '_').', current_version: '.$arr['current_version'].', isURL: '.$isURL.', isText: '.$isText.', isHtml: '.$isHtml.', filename: \''.addslashes($arr['filename']).'\', vcomment: \''.addslashes($arr['vcomment']).'\', docid: '.$arr['docid'].', groupId: '.$this->Document->Group->getID().'})'), true);
 				if ($numrows > 1) {
 					$arr['versionactions'][] = util_make_link('#', $HTML->getRemovePic(_('Permanently delete this version'), 'delversion'), array('id' => 'version_action_delete', 'onclick' => 'javascript:controllerListFile.deleteVersion({version: '.ltrim($arr['version'], '_').', docid: '.$arr['docid'].', groupId: '.$this->Document->Group->getID().'})'), true);
 				}
diff --git a/src/common/docman/actions/editfile.php b/src/common/docman/actions/editfile.php
index ae545e4..061fe6d 100644
--- a/src/common/docman/actions/editfile.php
+++ b/src/common/docman/actions/editfile.php
@@ -71,6 +71,8 @@ switch ($fromview) {
 	}
 }
 
+$sanitizer = new TextSanitizer();
+
 switch ($subaction) {
 	case 'version':
 		$title = getStringFromRequest('title');
@@ -86,8 +88,8 @@ switch ($subaction) {
 		$current_version = getIntFromRequest('current_version', 0);
 		$version = getIntFromRequest('edit_version', 0);
 		$new_version = getIntFromRequest('new_version', 0);
-		$sanitizer = new TextSanitizer();
 		$details = $sanitizer->SanitizeHtml($details);
+		$vcomment = $sanitizer->SanitizeHtml($vcomment);
 		$data = '';
 
 		if ($version) {
@@ -184,7 +186,9 @@ switch ($subaction) {
 		break;
 	case 'review':
 		$reviewtitle = getStringFromRequest('review-title');
+		$reviewtitle = $sanitizer->SanitizeHtml($reviewtitle);
 		$reviewdescription = getStringFromRequest('review-description');
+		$reviewdescription = $sanitizer->SanitizeHtml($reviewdescription);
 		$reviewversionserialid = getIntFromRequest('review-serialid', null);
 		$reviewenddateraw = getStringFromRequest('review-enddate');
 		$date_format = _('%Y-%m-%d');
@@ -196,11 +200,13 @@ switch ($subaction) {
 		$reviewid = getIntFromRequest('review_id');
 		$reviewcompletedchecked = getIntFromRequest('review-completedchecked');
 		$reviewconclusioncomment = getStringFromRequest('review-completedcomment', '');
+		$reviewconclusioncomment = $sanitizer->SanitizeHtml($reviewconclusioncomment);
 		$reviewvalidatedocument = getIntFromRequest('review-validatedocument');
 		$reviewfinalstatus = getIntFromRequest('review-finalstatus');
 		$reviewcurrentversion = getIntFromRequest('review-currentversion');
 		$reviewnewcomment = getIntFromRequest('review_newcomment');
 		$reviewcomment = getStringFromRequest('review-comment');
+		$reviewcomment = $sanitizer->SanitizeHtml($reviewcomment);
 		$reviewdone = getIntFromRequest('review-done');
 		if ($reviewversionserialid) {
 			if ($new_review) {
diff --git a/src/www/docman/scripts/DocManController.js b/src/www/docman/scripts/DocManController.js
index d57e240..08cb5d6 100644
--- a/src/www/docman/scripts/DocManController.js
+++ b/src/www/docman/scripts/DocManController.js
@@ -449,7 +449,7 @@ DocManListFileController.prototype =
 							versionactiontdcontent += val.versionactions[i];
 						}
 						// please sync with the editfile.php widths if you change it here.
-						var htmlString = '<tr id="docversion'+val.version.substr(1)+'" ><td style="width: 60px">'+val.version.substr(1)+currenttdcontent+'</td><td style="width: 150px">'+filenametdcontent[0].outerHTML+'</td><td style="width: 150px">'+val.title+'</td><td style="width: 150px">'+val.description+'</td><td style="width: 110px">'+val.vcomment+'</td><td style="width: 100px">'+val.created_by_username+'</td><td style="width: 100px">'+val.lastdate+'</td><td style="width: 50px">'+val.filesize_readable+'</td><td style="width: 50px">'+versionactiontdcontent+'</td></tr>'
+						var htmlString = '<tr id="docversion'+val.version.substr(1)+'" ><td style="width: 60px">'+val.version.substr(1)+currenttdcontent+'</td><td style="width: 150px">'+filenametdcontent[0].outerHTML+'</td><td style="width: 150px">'+val.title+'</td><td style="width: 150px">'+val.new_description+'</td><td style="width: 110px">'+val.vcomment+'</td><td style="width: 100px">'+val.created_by_username+'</td><td style="width: 100px">'+val.lastdate+'</td><td style="width: 50px">'+val.filesize_readable+'</td><td style="width: 50px">'+versionactiontdcontent+'</td></tr>'
 						jQuery('#sortable_doc_version_table > tbody:last-child').append(htmlString);
 						});
 				}

-----------------------------------------------------------------------

Summary of changes:
 src/common/docman/DocumentVersionFactory.class.php | 5 ++---
 src/common/docman/actions/editfile.php             | 8 +++++++-
 src/www/docman/scripts/DocManController.js         | 2 +-
 3 files changed, 10 insertions(+), 5 deletions(-)


hooks/post-receive
-- 
FusionForge



More information about the Fusionforge-commits mailing list