diff --git a/modules/fileplan/fileplan.php b/modules/fileplan/fileplan.php
index 50676ed9e7a7ae2e18e2910af9c1fc227cb18c13..2ef6a111bbc4ca83e1a2e185233365586b9d01d3 100755
--- a/modules/fileplan/fileplan.php
+++ b/modules/fileplan/fileplan.php
@@ -131,11 +131,11 @@ if (count($fileplans_array) > 0) {
for ($ii = 0; $ii < count($level_1); ++$ii) {
?>
{
- 'id' : '<?php functions::xecho($fileplans_array[$i]['ID'].'@@'.$level_1[$ii]['id']); ?>',
- 'title' : '<?php echo addslashes($level_1[$ii]['tooltip_value']); ?>',
+ 'id' : '<?php functions::xecho($fileplans_array[$i]['ID'].'@@'.$level_1[$ii]['id']);?>',
+ 'title' : '<?php functions::xecho($level_1[$ii]['tooltip_value']);?>',
'canhavechildren' : true,
'onclick' : 'view_document_list',
- 'txt' : '<?php echo ' '.addslashes($level_1[$ii]['label_value']); ?>',
+ 'txt' : '<?php echo " "; functions::xecho($level_1[$ii]['label_value']);?>',
'style': 'tree_branch'
},
diff --git a/modules/fileplan/fileplan_admin_managment.php b/modules/fileplan/fileplan_admin_managment.php
index e8899c71fcbf0ef84d068f5d5ad0d0e67273e671..8b3f455ee6042248081c4b48ab4ec983ef537f96 100755
--- a/modules/fileplan/fileplan_admin_managment.php
+++ b/modules/fileplan/fileplan_admin_managment.php
@@ -201,7 +201,7 @@ if (!empty($fileplan_id) && $fileplan->isPersonnalFileplan($fileplan_id) === fal
$tab[$i][$j]['order'] = 'position_label';
}
if ($tab[$i][$j][$value] == 'parent_id') {
- $tab[$i][$j]['value'] = $fileplan->getPosition($fileplan_id, $tab[$i][$j]['value'], 'position_label');
+ $tab[$i][$j]['value']= functions::xssafe($fileplan->getPosition($fileplan_id, $tab[$i][$j]['value'], 'position_label'));
$tab[$i][$j]['label'] = _POSITION_PARENT;
$tab[$i][$j]['size'] = '25';
$tab[$i][$j]['label_align'] = 'left';
@@ -211,7 +211,7 @@ if (!empty($fileplan_id) && $fileplan->isPersonnalFileplan($fileplan_id) === fal
$tab[$i][$j]['order'] = 'parent_position_id';
}
if ($tab[$i][$j][$value] == 'position_path') {
- $tab[$i][$j]['value'] = $fileplan->getPositionPath($fileplan_id, $tab[$i][$j]['value']);
+ $tab[$i][$j]['value']= functions::xssafe($fileplan->getPositionPath($fileplan_id, $tab[$i][$j]['value']));
$tab[$i][$j]['label'] = _POSITION_PATH;
$tab[$i][$j]['size'] = '50';
$tab[$i][$j]['label_align'] = 'left';
diff --git a/modules/fileplan/fileplan_admin_positions.php b/modules/fileplan/fileplan_admin_positions.php
index 781d6223e813e2cb36ad50a068cfc0a1b4f011d2..42077cc33987b5f87da5d422dbc3d3b45199a4a2 100755
--- a/modules/fileplan/fileplan_admin_positions.php
+++ b/modules/fileplan/fileplan_admin_positions.php
@@ -63,28 +63,28 @@ if (!empty($fileplan_id) && $fileplan->isPersonnalFileplan($fileplan_id) === fal
$page_label = _MANAGE_FILEPLAN_SHORT;
$page_id = 'fileplan_admin_positions';
$core_tools->manage_location_bar($page_path, $page_label, $page_id, $init, $level);
- /***********************************************************/ ?>
- <h1><i class="fa fa-copy fa-2x" alt="" /></i>
- <?php echo _MANAGE_FILEPLAN; ?></h1>
-
- <div id="inner_content">
- <div class="block">
- <h2>
-
- <span class="selected_link"><?php echo _VIEW_FILEPLAN; ?></span>
- /
+ /***********************************************************/ ?>
+ <h1><i class="fa fa-copy fa-2x" alt="" /></i>
+ <?php echo _MANAGE_FILEPLAN; ?></h1>
+
+ <div id="inner_content">
+ <div class="block">
+ <h2>
+
+ <span class="selected_link"><?php echo _VIEW_FILEPLAN; ?></span>
+ /
<a href="<?php echo $_SESSION['config']['businessappurl']; ?>index.php?page=fileplan_admin_managment&module=fileplan&fileplan_id=<?php
- functions::xecho($fileplan_id); ?>&load" class="back">
- <?php echo _MANAGE_FILEPLAN; ?></a>
- </h2>
-
- <table width="100%" border="0" cellspacing="0">
- <tr>
- <td valign="top" nowrap>
+ functions::xecho($fileplan_id); ?>&load" class="back">
+ <?php echo _MANAGE_FILEPLAN; ?></a>
+ </h2>
+
+ <table width="100%" border="0" cellspacing="0">
+ <tr>
+ <td valign="top" nowrap>
<script type="text/javascript" src="<?php
- echo $_SESSION['config']['businessappurl']; ?>tools/tafelTree/js/scriptaculous.js"></script>
+ echo $_SESSION['config']['businessappurl']; ?>tools/tafelTree/js/scriptaculous.js"></script>
<script type="text/javascript" src="<?php
- echo $_SESSION['config']['businessappurl']; ?>tools/tafelTree/Tree.js"></script>
+ echo $_SESSION['config']['businessappurl']; ?>tools/tafelTree/Tree.js"></script>
<?php
if (!empty($fileplan_id)) {
//Get Positions for the actual fileplan
@@ -110,63 +110,63 @@ if (!empty($fileplan_id) && $fileplan->isPersonnalFileplan($fileplan_id) === fal
)
);
}
- } ?>
- <script type="text/javascript">
- var tree = null;
-
- function funcOpen (branch, response) {
- // On peux traiter le retour et retourner true si
- // on veux insérer les enfants, false si on veux pas
- return true;
- }
-
- function view_document_list(branch) {
- var id = branch.getId();
+ } ?>
+ <script type="text/javascript">
+ var tree = null;
+
+ function funcOpen (branch, response) {
+ // On peux traiter le retour et retourner true si
+ // on veux insérer les enfants, false si on veux pas
+ return true;
+ }
+
+ function view_document_list(branch) {
+ var id = branch.getId();
loadList('<?php echo $_SESSION['config']['businessappurl']; ?>index.php?display=true&module=fileplan&page=positions_documents_list&fileplan_id=<?php
- functions::xecho($fileplan_id); ?>&id='+id, 'list_doc', true);
- }
-
- function TafelTreeInit () {
- var struct = [
- {
- 'id':'0',
- 'txt':' <?php echo empty($fileplan_label) ? _FILEPLAN : $fileplan_label; ?>',
- 'items':[
+ functions::xecho($fileplan_id); ?>&id='+id, 'list_doc', true);
+ }
+
+ function TafelTreeInit () {
+ var struct = [
+ {
+ 'id':'0',
+ 'txt':' <?php echo empty($fileplan_label)? _FILEPLAN : functions::xecho($fileplan_label);?>',
+ 'items':[
<?php
for ($i = 0; $i < count($level_1); ++$i) {
- ?>
- {
- 'id' : '<?php functions::xecho($level_1[$i]['id']); ?>',
- 'title' : '<?php echo addslashes($level_1[$i]['tooltip_value']); ?>',
- 'canhavechildren' : true,
- 'txt' : '<?php echo ' '.addslashes($level_1[$i]['label_value']); ?>',
- 'style': 'tree_branch'
-
- },
+ ?>
+ {
+ 'id' : '<?php functions::xecho($level_1[$i]['id']);?>',
+ 'title' : '<?php functions::xecho($level_1[$i]['tooltip_value']);?>',
+ 'canhavechildren' : true,
+ 'txt' : '<?php echo " "; functions::xecho($level_1[$i]['label_value']);?>',
+ 'style': 'tree_branch'
+
+ },
<?php
- } ?>
- ]
- }
- ];
- tree = new TafelTree('tree_fileplan', struct, {
- 'generate' : true,
- 'imgBase' : '<?php echo $_SESSION['config']['businessappurl']; ?>tools/tafelTree/imgs/',
- 'defaultImg' : 'position.gif',
- // 'defaultImgOpen' : 'position_on.gif',
- 'defaultImgClose' : 'position.gif',
- "defaultImgOpenSelected" : "position_on.gif",
- "defaultImgCloseSelected" : "position_on.gif",
+ } ?>
+ ]
+ }
+ ];
+ tree = new TafelTree('tree_fileplan', struct, {
+ 'generate' : true,
+ 'imgBase' : '<?php echo $_SESSION['config']['businessappurl']; ?>tools/tafelTree/imgs/',
+ 'defaultImg' : 'position.gif',
+ // 'defaultImgOpen' : 'position_on.gif',
+ 'defaultImgClose' : 'position.gif',
+ "defaultImgOpenSelected" : "position_on.gif",
+ "defaultImgCloseSelected" : "position_on.gif",
'onOpenPopulate' : [funcOpen, '<?php echo $_SESSION['config']['businessappurl']; ?>index.php?display=true&module=fileplan&page=positions_tree_childs&origin=admin&fileplan_id=<?php
- functions::xecho($fileplan_id); ?>']
- });
- }
- </script>
- <div id="tree_fileplan"></div>
- </td>
- </tr>
- </table>
- </div>
- </div>
+ functions::xecho($fileplan_id); ?>']
+ });
+ }
+ </script>
+ <div id="tree_fileplan"></div>
+ </td>
+ </tr>
+ </table>
+ </div>
+ </div>
<?php
} else {
echo '<script type="text/javascript">window.top.location.href=\''
diff --git a/modules/fileplan/fileplan_ajax_script.php b/modules/fileplan/fileplan_ajax_script.php
index 5960d8a999903de0a036a194d4d208fb4944e5ef..78fa2838fed3590336a34fe59459a6439132d856 100755
--- a/modules/fileplan/fileplan_ajax_script.php
+++ b/modules/fileplan/fileplan_ajax_script.php
@@ -616,7 +616,7 @@ switch ($mode) {
$content .= '<input type="text" name="position_label" id="position_label" '
.'value="" class="fileplan_position" /><br/><br/>';
//Nest position under parent
- $content .= _NEST_POSITION_UNDER.': <br/>';
+ $content .= _NEST_POSITION_UNDER.' : <br/>';
$content .='<select name="parent_id" id="parent_id" class="fileplan_position">';
$content .='<option value="">'._CHOOSE_PARENT_POSITION.'</option>';
//Get positions tree
@@ -625,13 +625,13 @@ switch ($mode) {
(count($positions_array) == 0)? $rootSelected = ' selected="selected"' : $rootSelected = '';
$fileplan_array = $fileplan->getFileplan($fileplan_id);
$content .='<option value="'.$fileplan_array['ID'].'"'.$rootSelected.'>'
- .$fileplan_array['LABEL'].'</option>';
+ . functions::xssafe($fileplan_array['LABEL']).'</option>';
//Show positions
for($i=0; $i < count($positions_array); $i++) {
//Is enable ?
if ($fileplan->isEnable($fileplan_id, $positions_array[$i]['ID'])) {
$content .='<option value="'.$positions_array[$i]['ID'].'" >'
- .$positions_array[$i]['LABEL'].'</option>';
+ . str_replace("---", " ", functions::xssafe(str_replace(" ", "---", $positions_array[$i]['LABEL']))).'</option>';
}
}
$content .='</select>';
@@ -720,7 +720,7 @@ switch ($mode) {
."&module=fileplan".$parameters."');";
}
$js .= "window.top.$('main_info').innerHTML = '"._POSITION_ADDED.': '
- .$_REQUEST['position_label']."';";
+ .addslashes($_REQUEST['position_label'])."';";
}
}
} else {
@@ -761,9 +761,9 @@ switch ($mode) {
//Position label
$content .= '<label>'._POSITION_NAME.': </label><br/>';
$content .= '<input type="text" name="position_label" id="position_label" '
- .'value="'.$positionArray[0]['LABEL'].'" class="fileplan_position" /><br/><br/>';
+ .'value="'.functions::xssafe($positionArray[0]['LABEL']).'" class="fileplan_position" /><br/><br/>';
//Nest position under parent
- $content .= _NEST_POSITION_UNDER.': <br/>';
+ $content .= _NEST_POSITION_UNDER.' : <br/>';
$content .='<select name="parent_id" id="parent_id" class="fileplan_position">';
$content .='<option value="">'._CHOOSE_PARENT_POSITION.'</option>';
//Init with fileplan
@@ -771,7 +771,7 @@ switch ($mode) {
//Selected?
(empty($positionArray[0]['PARENT_ID']))? $rootSelected = ' selected="selected"' : $rootSelected = '';
$content .='<option value="'.$fileplan_array['ID'].'" '.$rootSelected.'>'
- .$fileplan_array['LABEL'].'</option>';
+ .functions::xssafe($fileplan_array['LABEL']).'</option>';
//Get positions tree
$positions_array = $fileplan->getPositionsTree($fileplan_id, $positions_array);
for($i=0; $i < count($positions_array); $i++) {
@@ -781,7 +781,7 @@ switch ($mode) {
($positionArray[0]['PARENT_ID'] == $positions_array[$i]['ID'])?
$selected = ' selected="selected"' : $selected = '';
$content .='<option value="'.$positions_array[$i]['ID'].'" '.$selected.'>'
- .$positions_array[$i]['LABEL'].'</option>';
+ .str_replace("---", " ", functions::xssafe(str_replace(" ", "---", $positions_array[$i]['LABEL']))).'</option>';
}
}
$content .='</select>';
@@ -1272,7 +1272,7 @@ switch ($mode) {
//Selected?
($fileplan_id == $fileplan_array[$i]['ID'] || count($fileplan_array) == 1)? $selected = ' selected="selected"' : $selected = '';
$content .='<option value="'.$fileplan_array[$i]['ID'].'"'.$selected.' >'
- .$fileplan_array[$i]['LABEL'].'</option>';
+ .functions::xssafe($fileplan_array[$i]['LABEL']).'</option>';
}
}
diff --git a/modules/fileplan/positions_checked_list_autocompletion.php b/modules/fileplan/positions_checked_list_autocompletion.php
index 0902e9dd635dde289ef1ffdf2bd42cee3878fcb4..698ae1cae464ba36ce64fe9daac64f86f95120a6 100755
--- a/modules/fileplan/positions_checked_list_autocompletion.php
+++ b/modules/fileplan/positions_checked_list_autocompletion.php
@@ -120,18 +120,18 @@ if (!empty($_REQUEST['fileplan_id'])) {
if(!$row2){
$html .= "<li style='margin-left:10px;'><input type='checkbox' name='position[]' id='position_".$noeud['fileplan_id']."' value='".$noeud['fileplan_id']."' onClick=\"saveCheckedState('". $_SESSION['config']['businessappurl']
."index.php?display=true&module=fileplan&page=fileplan_ajax_script"
- . "&fileplan_id=".$_REQUEST['fileplan_id']."&mode=checkPosition', this);\"/>" . $noeud['nom_fileplan'];
+ . "&fileplan_id=".$_REQUEST['fileplan_id']."&mode=checkPosition', this);\"/>" . functions::xssafe($noeud['nom_fileplan']);
}else{
$_SESSION['origin_positions'][]=$noeud['fileplan_id'];
$html .= "<li style='margin-left:10px;'><input type='checkbox' name='position[]' id='position_".$noeud['fileplan_id']."' value='".$noeud['fileplan_id']."' checked='checked' onClick=\"saveCheckedState('". $_SESSION['config']['businessappurl']
."index.php?display=true&module=fileplan&page=fileplan_ajax_script"
- . "&fileplan_id=".$_REQUEST['fileplan_id']."&mode=checkPosition', this);\"/>" . $noeud['nom_fileplan'];
+ . "&fileplan_id=".$_REQUEST['fileplan_id']."&mode=checkPosition', this);\"/>" . functions::xssafe($noeud['nom_fileplan']);
}
}else{
$html .= "<li style='margin-left:10px;'><input type='checkbox' name='position[]' id='position_".$noeud['fileplan_id']."' value='".$noeud['fileplan_id']."' onClick=\"saveCheckedState('". $_SESSION['config']['businessappurl']
."index.php?display=true&module=fileplan&page=fileplan_ajax_script"
- . "&fileplan_id=".$_REQUEST['fileplan_id']."&mode=checkPosition', this);\"/>" . $noeud['nom_fileplan'];
+ . "&fileplan_id=".$_REQUEST['fileplan_id']."&mode=checkPosition', this);\"/>" . functions::xssafe($noeud['nom_fileplan']);
}
@@ -190,17 +190,17 @@ function afficher_arbo($parent, $niveau, $array, $multi_doc)
if(!$row2){
$html .= "<li style='margin-left:20px;'><input type='checkbox' name='position[]' id='position_".$noeud['fileplan_id']."' value='".$noeud['fileplan_id']."' onClick=\"saveCheckedState('". $_SESSION['config']['businessappurl']
."index.php?display=true&module=fileplan&page=fileplan_ajax_script"
- . "&fileplan_id=".$_REQUEST['fileplan_id']."&mode=checkPosition', this);\"/>" . $noeud['nom_fileplan'];
+ . "&fileplan_id=".$_REQUEST['fileplan_id']."&mode=checkPosition', this);\"/>" . functions::xssafe($noeud['nom_fileplan']);
}else{
$_SESSION['origin_positions'][]=$noeud['fileplan_id'];
$html .= "<li style='margin-left:20px;'><input type='checkbox' name='position[]' id='position_".$noeud['fileplan_id']."' value='".$noeud['fileplan_id']."' checked='checked' onClick=\"saveCheckedState('". $_SESSION['config']['businessappurl']
."index.php?display=true&module=fileplan&page=fileplan_ajax_script"
- . "&fileplan_id=".$_REQUEST['fileplan_id']."&mode=checkPosition', this);\"/>" . $noeud['nom_fileplan'];
+ . "&fileplan_id=".$_REQUEST['fileplan_id']."&mode=checkPosition', this);\"/>" . functions::xssafe($noeud['nom_fileplan']);
}
}else{
$html .= "<li style='margin-left:20px;'><input type='checkbox' name='position[]' id='position_".$noeud['fileplan_id']."' value='".$noeud['fileplan_id']."' onClick=\"saveCheckedState('". $_SESSION['config']['businessappurl']
."index.php?display=true&module=fileplan&page=fileplan_ajax_script"
- . "&fileplan_id=".$_REQUEST['fileplan_id']."&mode=checkPosition', this);\"/>" . $noeud['nom_fileplan'];
+ . "&fileplan_id=".$_REQUEST['fileplan_id']."&mode=checkPosition', this);\"/>" . functions::xssafe($noeud['nom_fileplan']);
}
$niveau_precedent = $niveau;
diff --git a/modules/fileplan/positions_documents_list.php b/modules/fileplan/positions_documents_list.php
index ed7a8b28d985415e66a176031f5c8528dba0e525..99844cf1c4fa52e0de951f9a69d93c0c657d0bb3 100755
--- a/modules/fileplan/positions_documents_list.php
+++ b/modules/fileplan/positions_documents_list.php
@@ -123,7 +123,7 @@ if (isset($_REQUEST['id']) && !empty($_REQUEST['id'])) {
$start
);
- $description = $fileplan->getPositionPath($fileplan_id, $position_id, true);
+ $description = functions::xssafe($fileplan->getPositionPath($fileplan_id, $position_id, true));
//Result Array
if (!empty($tab)) {