diff --git a/core/trunk/core/admin_tools.php b/core/trunk/core/admin_tools.php
index 7ddd8a6900aa18ccf9be93d5c6117af9ca5a1b9e..8c93961179aba2b369f5dc266ecde070fa060f47 100644
--- a/core/trunk/core/admin_tools.php
+++ b/core/trunk/core/admin_tools.php
@@ -91,7 +91,7 @@ function At_showAjaxList($db, $whatRequest)
$flagAuthView = true;
}
if (stripos($what, $whatRequest) === 0) {
- echo "<li>".$what."</li>\n";
+ echo "<li>" . functions::xssafe($what) . "</li>\n";
if ($flagAuthView) {
echo "<li>...</li>\n";
break;
diff --git a/core/trunk/core/class/Action.php b/core/trunk/core/class/Action.php
index 6848674db59677f8bb23525d3bc2a0b2d31943f0..6a816c48f04ac8ae585abb694ddb8039a6e341bb 100644
--- a/core/trunk/core/class/Action.php
+++ b/core/trunk/core/class/Action.php
@@ -33,7 +33,7 @@
try {
require_once('core/class/BaseObject.php');
} catch (Exception $e) {
- echo $e->getMessage() . ' // ';
+ functions::xecho($e->getMessage()) . ' // ';
}
/**
diff --git a/core/trunk/core/class/ActionControler.php b/core/trunk/core/class/ActionControler.php
index c9dd603bacd4ec59007d356e236845255b3d7060..736be7771928152a9ef92aea27e03345afdb5110 100644
--- a/core/trunk/core/class/ActionControler.php
+++ b/core/trunk/core/class/ActionControler.php
@@ -39,7 +39,7 @@ try {
require_once('core/class/ObjectControlerAbstract.php');
require_once('core/class/class_history.php');
} catch (Exception $e) {
- echo $e->getMessage() . ' // ';
+ functions::xecho($e->getMessage()) . ' // ';
}
/**
@@ -107,10 +107,10 @@ class ActionControler
$query = "select * from ".self::$actions_table." where id = ".$action_id;
try{
- if($_ENV['DEBUG']){echo $query.' // ';}
+ if($_ENV['DEBUG']){functions::xecho($query) . ' // ';}
self::$db->query($query);
} catch (Exception $e){
- echo _NO_ACTION_WITH_ID.' '.$action_id.' // ';
+ echo _NO_ACTION_WITH_ID . ' ' . functions::xssafe($action_id) . ' // ';
}
if(self::$db->nb_result() > 0)
@@ -142,7 +142,7 @@ class ActionControler
$query = "select * from ".self::$actions_table;
try{
- if($_ENV['DEBUG']){echo $query.' // ';}
+ if($_ENV['DEBUG']){functions::xecho($query) . ' // ';}
self::$db->query($query);
} catch (Exception $e){
echo _NO_ACTION;
@@ -185,7 +185,7 @@ class ActionControler
$query = "select category_id from actions_categories where action_id = " . $actionId;
try {
- if($_ENV['DEBUG']){echo $query.' // ';}
+ if($_ENV['DEBUG']){functions::xecho($query) . ' // ';}
self::$db->query($query);
} catch (Exception $e) {
echo _NO_CATEGORY;
@@ -264,11 +264,11 @@ class ActionControler
.$prep_query['VALUES']
.")";
try{
- if($_ENV['DEBUG']){ echo $query.' // '; }
+ if($_ENV['DEBUG']){ functions::xecho($query) . ' // '; }
self::$db->query($query);
$ok = true;
} catch (Exception $e){
- echo _CANNOT_INSERT_ACTION." ".$action->toString().' // ';
+ echo _CANNOT_INSERT_ACTION." ".functions::xssafe($action->toString()).' // ';
$ok = false;
}
self::disconnect();
@@ -292,11 +292,11 @@ class ActionControler
." where id=".$action->id;
try{
- if($_ENV['DEBUG']){echo $query.' // ';}
+ if($_ENV['DEBUG']){functions::xecho($query) . ' // ';}
self::$db->query($query);
$ok = true;
} catch (Exception $e){
- echo _CANNOT_UPDATE_ACTION." ".$action->toString().' // ';
+ echo _CANNOT_UPDATE_ACTION." ".functions::xssafe($action->toString()).' // ';
$ok = false;
}
self::disconnect();
@@ -320,11 +320,11 @@ class ActionControler
$query="delete from ".self::$actions_table." where id=".$action_id;
try{
- if($_ENV['DEBUG']){echo $query.' // ';}
+ if($_ENV['DEBUG']){functions::xecho($query) . ' // ';}
self::$db->query($query);
$ok = true;
} catch (Exception $e){
- echo _CANNOT_DELETE_ACTION_ID." ".$action_id.' // ';
+ echo _CANNOT_DELETE_ACTION_ID." ".functions::xssafe($action_id).' // ';
$ok = false;
}
if($ok)
@@ -349,11 +349,11 @@ class ActionControler
self::connect();
$query="delete from ".self::$actions_groupbaskets_table." where id_action=".$action_id;
try{
- if($_ENV['DEBUG']){echo $query.' // ';}
+ if($_ENV['DEBUG']){functions::xecho($query) . ' // ';}
self::$db->query($query);
$ok = true;
} catch (Exception $e){
- echo _CANNOT_DELETE_ACTION_ID." ".$action_id.' // ';
+ echo _CANNOT_DELETE_ACTION_ID." ".functions::xssafe($action_id).' // ';
$ok = false;
}
@@ -376,10 +376,10 @@ class ActionControler
$query = "select id from ".self::$actions_table." where id = ".$action_id;
try{
- if($_ENV['DEBUG']){echo $query.' // ';}
+ if($_ENV['DEBUG']){functions::xecho($query) . ' // ';}
self::$db->query($query);
} catch (Exception $e){
- echo _UNKNOWN.' '._ACTION." ".$action_id.' // ';
+ echo _UNKNOWN.' '._ACTION." ".functions::xssafe($action_id).' // ';
}
if(self::$db->nb_result() > 0)
diff --git a/core/trunk/core/class/BaseObject.php b/core/trunk/core/class/BaseObject.php
index 53eb38a11508fd08cead4322e0cca23b3547b206..6e8da728dc8e6453f0df3b4db2e81ad037b01f51 100644
--- a/core/trunk/core/class/BaseObject.php
+++ b/core/trunk/core/class/BaseObject.php
@@ -28,6 +28,8 @@
* @author Boulio Nicolas
*
*/
+require_once("core/class/class_functions.php");
+
class BaseObject {
protected $data = array();
@@ -66,7 +68,7 @@ class BaseObject {
try {
if (isset($this->data[$name])) return $this->data[$name];
} catch (Exception $e) {
- echo 'Exception catched: '.$e->getMessage().', null returned<br/>';
+ echo 'Exception catched: '.functions::xssafe($e->getMessage()).', null returned<br/>';
return null;
}
}
diff --git a/core/trunk/core/class/LinkController.php b/core/trunk/core/class/LinkController.php
index 4f67c8779590f29a98ac206caef3d8315182a2f1..ac0210a4fbbd55ce7770bd8e55de2899c7ecadff 100755
--- a/core/trunk/core/class/LinkController.php
+++ b/core/trunk/core/class/LinkController.php
@@ -34,7 +34,7 @@ try {
require_once('core/class/class_db.php');
require_once('core/class/class_history.php');
} catch (Exception $e) {
- echo $e->getMessage() . ' // ';
+ functions::xecho($e->getMessage()) . ' // ';
}
class LinkController
@@ -161,7 +161,6 @@ class LinkController
if ($linksArray[$i] != '' ) {
if (!preg_match("/".' ' . $linksArray[$i] . ' '."/", $this->previousId)) {
$this->previousId .= $parentId . ' ';
- //echo $this->previousId . '<br />';
$return[$linksArray[$i]] = $this->getMap($linksArray[$i], $collection, $sens);
}
} else {
diff --git a/core/trunk/core/class/ObjectControlerAbstract.php b/core/trunk/core/class/ObjectControlerAbstract.php
index e3d88aa2e3d9f0e8216404cb261c486c980660c6..1baa15942d6d9b39eda84a20110ffcaf651648c1 100644
--- a/core/trunk/core/class/ObjectControlerAbstract.php
+++ b/core/trunk/core/class/ObjectControlerAbstract.php
@@ -54,12 +54,12 @@ abstract class ObjectControler
self::$db->connect();
try{
if (_DEBUG) {
- echo "insert: $query // ";
+ echo "insert: " . functions::xssafe($query) . " // ";
}
self::$db->query($query);
$result = true;
} catch (Exception $e) {
- echo 'Impossible to insert object ' . $object->toString() . ' // ';
+ echo 'Impossible to insert object ' . functions::xssafe($object->toString()) . ' // ';
$result = false;
}
self::$db->disconnect();
@@ -161,12 +161,12 @@ abstract class ObjectControler
self::$db->connect();
try{
if (_DEBUG) {
- echo "update: $query // ";
+ echo "update: " . functions::xssafe($query) . " // ";
}
self::$db->query($query);
$result = true;
} catch (Exception $e) {
- echo 'Impossible to update object ' . $object->toString() . ' // ';
+ echo 'Impossible to update object ' . functions::xssafe($object->toString()) . ' // ';
$result = false;
}
self::$db->disconnect();
@@ -255,7 +255,8 @@ abstract class ObjectControler
$queryResult = self::$db->fetch_object();
foreach ((array)$queryResult as $key => $value) {
if (_ADVANCED_DEBUG) {
- echo "Getting property: $key with value: $value // ";
+ echo "Getting property: " . functions::xssafe($key)
+ . " with value: " . functions::xssafe($value) . " // ";
}
if ($value == 't') { /* BUG FROM PGSQL DRIVER! */
$value = true; /* */
@@ -266,7 +267,7 @@ abstract class ObjectControler
}
}
} catch (Exception $e) {
- echo "Impossible to get object $id // ";
+ echo "Impossible to get object " . functions::xssafe($id) . " // ";
}
self::$db->disconnect();
@@ -317,7 +318,7 @@ abstract class ObjectControler
for ($cpt=0;$cpt<count($rows);$cpt++) {
foreach ($rows[$cpt] as $key => $value) {
if (_ADVANCED_DEBUG) {
- echo "Getting property: $key with value: $value // ";
+ echo "Getting property: $key with value: " . functions::xssafe($value) . " // ";
}
if ($value == 't') { /* BUG FROM PGSQL DRIVER! */
$value = true; /* */
@@ -364,12 +365,12 @@ abstract class ObjectControler
try{
if (_DEBUG) {
- echo "delete: $query // ";
+ echo "delete: " . functions::xssafe($query) . " // ";
}
self::$db->query($query);
$result = true;
} catch (Exception $e) {
- echo 'Impossible to delete object with id=' . $object->$table_id
+ echo 'Impossible to delete object with id=' . functions::xssafe($object->$table_id)
. ' // ';
$result = false;
}
@@ -405,12 +406,12 @@ abstract class ObjectControler
}
try{
if(_DEBUG){
- echo "enable: $query // ";
+ echo "enable: " . functions::xssafe($query) . " // ";
}
self::$db->query($query);
$result = true;
} catch (Exception $e) {
- echo 'Impossible to enable object with id=' . $object->$table_id
+ echo 'Impossible to enable object with id=' . functions::xssafe($object->$table_id)
. ' // ';
$result = false;
}
@@ -446,12 +447,12 @@ abstract class ObjectControler
}
try{
if(_DEBUG){
- echo "enable: $query // ";
+ echo "enable: " . functions::xssafe($query) . " // ";
}
self::$db->query($query);
$result = true;
} catch (Exception $e) {
- echo 'Impossible to enable object with id=' . $object->$table_id
+ echo 'Impossible to enable object with id=' . functions::xssafe($object->$table_id)
. ' // ';
$result = false;
}
@@ -488,12 +489,12 @@ abstract class ObjectControler
}
try {
if (_DEBUG) {
- echo "disable: $query // ";
+ echo "disable: " . functions::xssafe($query) . " // ";
}
self::$db->query($query);
$result = true;
} catch (Exception $e) {
- echo 'Impossible to disable object with id=' . $object->$table_id
+ echo 'Impossible to disable object with id=' . functions::xssafe($object->$table_id)
. ' // ';
$result = false;
}
diff --git a/core/trunk/core/class/ObjectControlerIF.php b/core/trunk/core/class/ObjectControlerIF.php
index dc20fec267c0ea55dc3c79b53b1112207dd44a18..87eb91b578c7012d7c786d7098f9475ad32bfd1f 100644
--- a/core/trunk/core/class/ObjectControlerIF.php
+++ b/core/trunk/core/class/ObjectControlerIF.php
@@ -4,7 +4,7 @@ try {
//require_once("modules/moreq/moreq_tables_definition.php");
require_once("core/class/class_db.php");
} catch (Exception $e){
- echo $e->getMessage().' // ';
+ echo functions::xssafe($e->getMessage()) . ' // ';
}
/**
diff --git a/core/trunk/core/class/Security.php b/core/trunk/core/class/Security.php
index 020381d122796421d4a45d127971e1b38706d013..9c36680b5af952bf3c9a91e9794c3f7bb887b6c0 100644
--- a/core/trunk/core/class/Security.php
+++ b/core/trunk/core/class/Security.php
@@ -33,7 +33,7 @@
try {
require_once("core/class/BaseObject.php");
} catch (Exception $e){
- echo $e->getMessage().' // ';
+ echo functions::xssafe($e->getMessage()).' // ';
}
/**
diff --git a/core/trunk/core/class/SecurityControler.php b/core/trunk/core/class/SecurityControler.php
index 123eadeb400d879a7554c8f487b56b4c8556b74d..254fc759673356a03a0775e692cb1cbdabaef4ad 100644
--- a/core/trunk/core/class/SecurityControler.php
+++ b/core/trunk/core/class/SecurityControler.php
@@ -41,7 +41,7 @@ try {
define('_CLASSIFICATION_SCHEME_VIEW', 'mr_classification_scheme_view');
}
} catch (Exception $e) {
- echo $e->getMessage() . ' // ';
+ functions::xecho($e->getMessage()) . ' // ';
}
/**
@@ -78,7 +78,7 @@ class SecurityControler
try {
$db->query($query);
} catch (Exception $e){
- echo _NO_ACCESS_WITH_ID . ' ' . $securityId . ' // ';
+ echo _NO_ACCESS_WITH_ID . ' ' . functions::xssafe($securityId) . ' // ';
}
if ($db->nb_result() > 0) {
@@ -113,7 +113,7 @@ class SecurityControler
try {
$db->query($query);
} catch (Exception $e) {
- echo _NO_GROUP_WITH_ID . ' ' . $groupId . ' // ';
+ echo _NO_GROUP_WITH_ID . ' ' . functions::xssafe($groupId) . ' // ';
}
$security = array();
@@ -172,7 +172,7 @@ class SecurityControler
$db->query($query);
$ok = true;
} catch (Exception $e) {
- echo _CANNOT_INSERT_ACCESS . " " . $security->toString() . ' // ';
+ echo _CANNOT_INSERT_ACCESS . " " . functions::xssafe($security->toString()) . ' // ';
$ok = false;
}
return $ok;
@@ -199,7 +199,7 @@ class SecurityControler
$db->query($query);
$ok = true;
} catch (Exception $e) {
- echo _CANNOT_UPDATE_ACCESS . " " . $security->toString() . ' // ';
+ echo _CANNOT_UPDATE_ACCESS . " " . functions::xssafe($security->toString()) . ' // ';
$ok = false;
}
return $ok;
@@ -224,7 +224,7 @@ class SecurityControler
$db->query($query);
$ok = true;
} catch (Exception $e) {
- echo _CANNOT_DELETE_SECURITY_ID . " " . $securityId . ' // ';
+ echo _CANNOT_DELETE_SECURITY_ID . " " . functions::xssafe($securityId) . ' // ';
$ok = false;
}
return $ok;
@@ -249,7 +249,7 @@ class SecurityControler
$db->query($query);
$ok = true;
} catch (Exception $e) {
- echo _CANNOT_DELETE . ' ' . _GROUP_ID . " " . $groupId . ' // ';
+ echo _CANNOT_DELETE . ' ' . _GROUP_ID . " " . functions::xssafe($groupId) . ' // ';
$ok = false;
}
return $ok;
@@ -661,7 +661,6 @@ class SecurityControler
. $_SESSION['collections'][$ind]['view'] . " where ("
. $where . ') and res_id = ' . $objectId;
}
- //echo $query;
$db = new dbquery();
$db->connect();
if (! empty($query)) {
diff --git a/core/trunk/core/class/Service.php b/core/trunk/core/class/Service.php
index b30acd9e7a1bf1f2f0b6eeb88a7262bcc111deae..a94ec7c768e54353a4f3406a56185850d5cc7445 100644
--- a/core/trunk/core/class/Service.php
+++ b/core/trunk/core/class/Service.php
@@ -33,7 +33,7 @@
try {
require_once("core/class/BaseObject.php");
} catch (Exception $e){
- echo $e->getMessage().' // ';
+ echo functions::xssafe($e->getMessage()).' // ';
}
/**
diff --git a/core/trunk/core/class/ServiceControler.php b/core/trunk/core/class/ServiceControler.php
index 8415c865da5eb91e31c63f8e37585b4490935b6e..c360336d78b3b7591c2c8df2debd67a9d0687e4a 100644
--- a/core/trunk/core/class/ServiceControler.php
+++ b/core/trunk/core/class/ServiceControler.php
@@ -44,7 +44,7 @@ try {
require_once("core".DIRECTORY_SEPARATOR."class".DIRECTORY_SEPARATOR."users_controler.php");
require_once 'core/core_tables.php';
} catch (Exception $e){
- echo $e->getMessage().' // ';
+ echo functions::xssafe($e->getMessage()).' // ';
}
/**
diff --git a/core/trunk/core/class/Status.php b/core/trunk/core/class/Status.php
index d11b394fd298ad94e73704a2daceef753b8efe3a..512b898f489b43b414dbf59b0799d0f694937a54 100644
--- a/core/trunk/core/class/Status.php
+++ b/core/trunk/core/class/Status.php
@@ -33,7 +33,7 @@
try {
require_once('core/class/BaseObject.php');
} catch (Exception $e){
- echo $e->getMessage().' // ';
+ echo functions::xssafe($e->getMessage()).' // ';
}
/**
diff --git a/core/trunk/core/class/StatusControler.php b/core/trunk/core/class/StatusControler.php
index d76a877e48e1a8d7501ba97f83595d97226d99bf..e47600cd1c5a2bec253dd68c9114a3c48e91fed9 100644
--- a/core/trunk/core/class/StatusControler.php
+++ b/core/trunk/core/class/StatusControler.php
@@ -38,7 +38,7 @@ try {
// require_once 'core/class/ObjectControlerIF.php';
require_once 'core/class/class_history.php';
} catch (Exception $e){
- echo $e->getMessage().' // ';
+ echo functions::xssafe($e->getMessage()).' // ';
}
/**
@@ -382,7 +382,7 @@ class Maarch_Core_Class_StatusControler
try{
self::$db->query($query);
} catch (Exception $e){
- echo _UNKNOWN . ' ' . _STATUS . ' ' . $status_id . ' // ';
+ echo _UNKNOWN . ' ' . _STATUS . ' ' . functions::xssafe($status_id) . ' // ';
}
if (self::$db->nb_result() > 0) {
@@ -403,7 +403,7 @@ class Maarch_Core_Class_StatusControler
$query = "select * from " . STATUS_TABLE . " order by label_status";
try {
if ($_ENV['DEBUG'])
- echo $query . ' // ';
+ functions::xecho($query) . ' // ';
$db->query($query);
} catch (Exception $e) {
echo _NO_STATUS . ' // ';
diff --git a/core/trunk/core/class/class_core_tools.php b/core/trunk/core/class/class_core_tools.php
index 8de53656d6235cb6cb3636b335253652490c5d9c..4925462c9f13a0c526b2d8b3c612b5b30d0925d5 100644
--- a/core/trunk/core/class/class_core_tools.php
+++ b/core/trunk/core/class/class_core_tools.php
@@ -227,7 +227,6 @@ class core_tools extends functions
$path_module_tools = 'modules' . DIRECTORY_SEPARATOR
. $modules[$i]['moduleid'] . DIRECTORY_SEPARATOR . 'class'
. DIRECTORY_SEPARATOR . 'class_modules_tools.php';
- //echo "<br/>".$modules[$i]['moduleid']."<br/>";
if (file_exists($path_module_tools)) {
require_once $path_module_tools;
$modules_tools = new $modules[$i]['moduleid'];
@@ -1511,7 +1510,7 @@ class core_tools extends functions
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<link rel="icon" type="image/png" href="<?php echo $_SESSION['config']['businessappurl'];?>static.php?filename=favicon.png"/>
<link href="index.php?display&page=generate_search_xml" title="Maarch <?php
- echo $_SESSION['config']['applicationname'] . ' '
+ echo functions::xssafe($_SESSION['config']['applicationname']) . ' '
. _GLOBAL_SEARCH
;?>" type="application/opensearchdescription+xml" rel="search">
<?php
@@ -1760,8 +1759,8 @@ class core_tools extends functions
*/
public function load_footer()
{
- echo _MEP_VERSION . ', <b>database release : ' . $_SESSION['maarch_entreprise']['xml_versionbase'] . '</b> ';
- echo ' ' . _POWERED_BY . ' ' . $this->show_page_stat();
+ echo _MEP_VERSION . ', <b>database release : ' . functions::xssafe($_SESSION['maarch_entreprise']['xml_versionbase']) . '</b> ';
+ echo ' ' . _POWERED_BY . ' ' . functions::xssafe($this->show_page_stat());
}
/**
@@ -2191,9 +2190,7 @@ class core_tools extends functions
} else {
$path = $arr[count($arr)-2];
}
- //echo "the path:".$path;exit;
- //echo $_SESSION['config']['corepath'].'custom'.DIRECTORY_SEPARATOR.'custom.xml';
$xml = simplexml_load_file($_SESSION['config']['corepath'].'custom'.DIRECTORY_SEPARATOR.'custom.xml');
//var_dump($xml);
foreach($xml->custom as $custom)
diff --git a/core/trunk/core/class/class_db.php b/core/trunk/core/class/class_db.php
index 321116549050dacbc2c5fa6aad215a3c53368853..9d1be5a58027d9289046d00df19a56b17fe3a472 100644
--- a/core/trunk/core/class/class_db.php
+++ b/core/trunk/core/class/class_db.php
@@ -377,7 +377,6 @@ class dbquery extends functions
}
else {
if(count($params) > 0) {
- //echo "<br/>Params to bind:"; var_dump($params);
foreach($params as $paramname => &$paramvar) {
$binded = oci_bind_by_name($this->query, $paramname, $paramvar, 100, SQLT_CHR);
}
@@ -389,7 +388,7 @@ class dbquery extends functions
$this->error();
}
if(count($params) > 0) {
- //echo "<br/>Params after execution: "; var_dump($params);
+ //
}
}
break;
@@ -688,7 +687,8 @@ class dbquery extends functions
* SQL Error management
*
*/
- private function error() {
+ private function error()
+ {
require_once('core' . DIRECTORY_SEPARATOR . 'class'
. DIRECTORY_SEPARATOR . 'class_history.php');
@@ -696,8 +696,6 @@ class dbquery extends functions
// Connexion error
if ($this->_sqlError == 1) {
- //$trace->add("", 0, "CONNECT", "DBERROR", _CONNECTION_DB_FAILED." : ".$this->_user."@".$this->_server.":".$this->_port, $_SESSION['config']['databasetype'], "database", true, _KO, _LEVEL_FATAL);
- // Shows the connexion data (server, port, user, pass)
echo '- <b>' . _DB_CONNEXION_ERROR . '</b>';
if ($_SESSION['config']['debug'] == 'true') {
echo ' -<br /><br />' . _DATABASE_SERVER . ' : '
@@ -742,31 +740,6 @@ class dbquery extends functions
throw new Exception (_QUERY_DB_FAILED.": '".$sqlError."' "._QUERY.": [".$this->protect_string_db($this->_debugQuery)."]");
- /*
- $sqlErrorToView = '<b>' . _QUERY_ERROR . '</b><br />';
- $sqlError = '';
- if ($this->_databasetype == 'MYSQL') {
- $sqlError .= _ERROR_NUM . @mysqli_errno($this->_sqlLink) . ' '
- . _HAS_JUST_OCCURED . ' :<br />';
- //$sqlError .= _MESSAGE . ' : ' . @mysqli_error($this->_sqlLink) . '<br />';
- } else if ($this->_databasetype == 'POSTGRESQL') {
- @pg_send_query($this->_sqlLink, $this->_debugQuery);
- $res = @pg_get_result($this->_sqlLink);
- $sqlError .= @pg_result_error($res);
- } else if ($this->_databasetype == 'SQLSERVER') {
- $sqlError .= @mssql_get_last_message();
- } else if ($this->_databasetype == 'ORACLE') {
- $res = @oci_error($this->statement);
- $sqlError .= $res['message'];
- }
- $_SESSION['error'] = $sqlErrorToView;
- if ($_SESSION['config']['debug'] == 'true') {
- echo $sqlError;
- echo '<br/>' . _QUERY . ' : <textarea cols="70" rows="10">'
- . $this->_debugQuery . '</textarea>';
- exit();
- }*/
- //exit();
}
// Closing connexion error
@@ -791,7 +764,6 @@ class dbquery extends functions
// Query Preparation error (ORACLE & DB2)
if ($this->_sqlError == 7) {
$_SESSION['error'] .= '<b>' . _SQL_QUERY_NOT_SECURE . '</b> <br />';
- //echo $_SESSION['error'];
$trace->add("", 0, "QUERY", "DBERROR", _SQL_QUERY_NOT_SECURE, $_SESSION['config']['databasetype'], "database", true, _KO, _LEVEL_ERROR);
//exit();
}
diff --git a/core/trunk/core/class/class_functions.php b/core/trunk/core/class/class_functions.php
index 12c61dcaeb7d1ca42a7aa5544a971ea0293c1e8f..bb4033b49fd0bf00841f8fcb25c6c3b21617ebd2 100644
--- a/core/trunk/core/class/class_functions.php
+++ b/core/trunk/core/class/class_functions.php
@@ -551,7 +551,6 @@ class functions
if(bar != null)
{
var link1 = document.createElement("a");
- //link1.href='<?php echo preg_replace("/(&(?!amp;))/", "&",$_SESSION['location_bar']['level1']['path']);?>';
link1.href='<?php functions::xecho($_SESSION['location_bar']['level1']['path']);?>';
var label1 = document.createTextNode("<?php functions::xecho($_SESSION['location_bar']['level1']['label']);?>");
link1.appendChild(label1);
@@ -559,7 +558,6 @@ class functions
var text1 = document.createTextNode(" > ");
bar.appendChild(text1);
var link2 = document.createElement("a");
- //link2.href='<?php echo preg_replace("/(&(?!amp;))/", "&",$_SESSION['location_bar']['level2']['path']);?>';
link2.href='<?php functions::xecho($_SESSION['location_bar']['level2']['path']);?>';
var label2 = document.createTextNode("<?php functions::xecho($_SESSION['location_bar']['level2']['label']);?>");
link2.appendChild(label2);
@@ -576,7 +574,6 @@ class functions
if(bar != null)
{
var link1 = document.createElement("a");
- //link1.href='<?php echo preg_replace("/(&(?!amp;))/", "&",$_SESSION['location_bar']['level1']['path']);?>';
link1.href='<?php functions::xecho($_SESSION['location_bar']['level1']['path']);?>';
var label1 = document.createTextNode("<?php functions::xecho($_SESSION['location_bar']['level1']['label']);?>");
link1.appendChild(label1);
@@ -584,7 +581,6 @@ class functions
var text1 = document.createTextNode(" > ");
bar.appendChild(text1);
var link2 = document.createElement("a");
- // link2.href='<?php echo preg_replace("/(&(?!amp;))/", "&",$_SESSION['location_bar']['level2']['path']);?>';
link2.href='<?php functions::xecho($_SESSION['location_bar']['level2']['path']);?>';
var label2 = document.createTextNode("<?php functions::xecho($_SESSION['location_bar']['level2']['label']);?>");
link2.appendChild(label2);
@@ -592,7 +588,6 @@ class functions
var text2 = document.createTextNode(" > ");
bar.appendChild(text2);
var link3 = document.createElement("a");
- //link3.href='<?php echo preg_replace("/(&(?!amp;))/", "&",$_SESSION['location_bar']['level3']['path']);?>';
link3.href='<?php functions::xecho($_SESSION['location_bar']['level3']['path']);?>';
var label3 = document.createTextNode("<?php functions::xecho($_SESSION['location_bar']['level3']['label']);?>");
link3.appendChild(label3);
diff --git a/core/trunk/core/class/class_request.php b/core/trunk/core/class/class_request.php
index aa7423e149a5367b372e55930b79d5b5ad2132d9..b38505dd5eca3d2edc12e47b23bbdb843ec21612 100644
--- a/core/trunk/core/class/class_request.php
+++ b/core/trunk/core/class/class_request.php
@@ -270,10 +270,8 @@ class request extends dbquery
//Time to create the SQL Query
$query = "";
$query = "UPDATE ".$table." SET ".$update_string.$where_string;
- //echo $query;
$this->connect();
return $this->query($query, true);
}
}
-?>
diff --git a/core/trunk/core/class/class_resource.php b/core/trunk/core/class/class_resource.php
index e303ad82d11fa7b3849998d94b00e43b9b765150..9050a5ab11ba531061b875b4b8b3264bf4d90c5c 100644
--- a/core/trunk/core/class/class_resource.php
+++ b/core/trunk/core/class/class_resource.php
@@ -153,7 +153,7 @@
if(!$this->check_basic_fields($data))
{
$_SESSION['error'] = $this->error;
- echo $this->error;exit;
+ functions::xecho($this->error);exit;
return false;
}
else
diff --git a/core/trunk/core/class/class_security.php b/core/trunk/core/class/class_security.php
index 547c3782ed488e4b85236b8248b5e83ad14ddcd4..346761254be511fac3c2e415bb473771e7555f29 100644
--- a/core/trunk/core/class/class_security.php
+++ b/core/trunk/core/class/class_security.php
@@ -267,9 +267,6 @@ class security extends dbquery
$_SESSION['user']['department'] = $array['department'];
$_SESSION['user']['thumbprint'] = $array['thumbprint'];
$_SESSION['user']['primarygroup'] = $array['primarygroup'];
- /*echo '<pre>';
- print_r($_SESSION['user']);
- echo '<pre>';exit;*/
$hist->add(
$_SESSION['tablename']['users'],
$s_login,
diff --git a/core/trunk/core/class/docserver_locations.php b/core/trunk/core/class/docserver_locations.php
index 670c59d13753ffce4ea5f14a6380505ddbfe0416..c7347fa3efec1a42650805b1c5e2695abfc290c6 100644
--- a/core/trunk/core/class/docserver_locations.php
+++ b/core/trunk/core/class/docserver_locations.php
@@ -35,7 +35,7 @@
try {
require_once("core/class/BaseObject.php");
} catch (Exception $e) {
- echo $e->getMessage().' // ';
+ echo functions::xssafe($e->getMessage()).' // ';
}
class docserver_locations extends BaseObject
diff --git a/core/trunk/core/class/docserver_locations_controler.php b/core/trunk/core/class/docserver_locations_controler.php
index be73fb625087edbf39767ffe348d58e49c3b09da..32b97c1cacc4fa154ea733c298aef0ef764abb6b 100644
--- a/core/trunk/core/class/docserver_locations_controler.php
+++ b/core/trunk/core/class/docserver_locations_controler.php
@@ -43,7 +43,7 @@ try {
require_once ('core/class/ObjectControlerIF.php');
//require_once('apps/maarch_entreprise/tools/Net_Ping-2.4.5/Ping.php');
} catch (Exception $e){
- echo $e->getMessage() . ' // ';
+ functions::xecho($e->getMessage()) . ' // ';
}
/**
@@ -394,7 +394,7 @@ class docserver_locations_controler extends ObjectControler
) . "'";
try {
if ($_ENV['DEBUG']) {
- echo $query . ' // ';
+ functions::xecho($query) . ' // ';
}
$db->query($query);
} catch (Exception $e) {
@@ -563,12 +563,12 @@ class docserver_locations_controler extends ObjectControler
. "'";
try {
if ($_ENV['DEBUG']) {
- echo $query . ' // ';
+ functions::xecho($query) . ' // ';
}
$db->query($query);
} catch (Exception $e) {
echo _UNKNOWN . _DOCSERVER_LOCATION . ' '
- . $docserverLocationId . ' // ';
+ . functions::xssafe($docserverLocationId) . ' // ';
}
if ($db->nb_result() > 0) {
$db->disconnect();
@@ -700,12 +700,12 @@ class docserver_locations_controler extends ObjectControler
. "'";
try{
if ($_ENV['DEBUG']) {
- echo $query . ' // ';
+ functions::xecho($query) . ' // ';
}
$db->query($query);
} catch (Exception $e) {
echo _NO_DOCSERVER_LOCATION_WITH_ID . ' '
- . $docserverLocationId . ' // ';
+ . functions::xssafe($docserverLocationId) . ' // ';
}
while ($res = $db->fetch_object()) {
array_push($docservers, $res->docserver_id);
@@ -728,7 +728,7 @@ class docserver_locations_controler extends ObjectControler
$query .= " where enabled = 'Y'";
try {
if ($_ENV['DEBUG'])
- echo $query . ' // ';
+ functions::xecho($query) . ' // ';
$db->query($query);
} catch (Exception $e) {
echo _NO_DOCSERVER_LOCATION . ' // ';
diff --git a/core/trunk/core/class/docserver_types.php b/core/trunk/core/class/docserver_types.php
index ee32b7af470079bc37a7c33260b110b15301cf4d..64a901be20de6a618522f4bf5ceb2268f99cb6d1 100644
--- a/core/trunk/core/class/docserver_types.php
+++ b/core/trunk/core/class/docserver_types.php
@@ -34,7 +34,7 @@
try {
require_once("core/class/BaseObject.php");
} catch (Exception $e) {
- echo $e->getMessage().' // ';
+ echo functions::xssafe($e->getMessage()).' // ';
}
class docserver_types extends BaseObject
diff --git a/core/trunk/core/class/docserver_types_controler.php b/core/trunk/core/class/docserver_types_controler.php
index 94057056b46946bec96ab9eb98e06d9279ae71f7..20c436bd718383cc21937674cb6f578bdc80ec76 100644
--- a/core/trunk/core/class/docserver_types_controler.php
+++ b/core/trunk/core/class/docserver_types_controler.php
@@ -41,7 +41,7 @@ try {
require_once ("core/class/ObjectControlerAbstract.php");
require_once ("core/class/ObjectControlerIF.php");
} catch (Exception $e) {
- echo $e->getMessage().' // ';
+ echo functions::xssafe($e->getMessage()).' // ';
}
/**
@@ -274,7 +274,7 @@ class docserver_types_controler extends ObjectControler implements ObjectControl
$db->connect();
$query="delete from "._DOCSERVER_TYPES_TABLE_NAME." where docserver_type_id ='".$func->protect_string_db($docserver_type->docserver_type_id)."'";
try {
- if ($_ENV['DEBUG']) {echo $query.' // ';}
+ if ($_ENV['DEBUG']) {functions::xecho($query) . ' // ';}
$db->query($query);
$ok = true;
} catch (Exception $e) {
@@ -414,11 +414,11 @@ class docserver_types_controler extends ObjectControler implements ObjectControl
$query = "select docserver_type_id from " . _DOCSERVER_TYPES_TABLE_NAME . " where docserver_type_id = '" . $docserver_type_id . "'";
try {
if ($_ENV['DEBUG']) {
- echo $query . ' // ';
+ functions::xecho($query) . ' // ';
}
$db->query($query);
} catch (Exception $e) {
- echo _UNKNOWN . _LC_CYCLE . " " . $docserver_type_id . ' // ';
+ echo _UNKNOWN . _LC_CYCLE . " " . functions::xssafe($docserver_type_id) . ' // ';
}
if ($db->nb_result() > 0) {
$db->disconnect();
@@ -483,10 +483,10 @@ class docserver_types_controler extends ObjectControler implements ObjectControl
$db->connect();
$query = "select docserver_id from "._DOCSERVERS_TABLE_NAME." where docserver_type_id = '".$docserver_type_id."'";
try{
- if ($_ENV['DEBUG']) {echo $query.' // ';}
+ if ($_ENV['DEBUG']) {functions::xecho($query) . ' // ';}
$db->query($query);
} catch (Exception $e) {
- echo _NO_TYPE_WITH_ID.' '.$docserver_type_id.' // ';
+ echo _NO_TYPE_WITH_ID.' '.functions::xssafe($docserver_type_id).' // ';
}
while($res = $db->fetch_object())
{
@@ -508,7 +508,7 @@ class docserver_types_controler extends ObjectControler implements ObjectControl
$query .= " where enabled = 'Y'";
try {
if ($_ENV['DEBUG'])
- echo $query . ' // ';
+ functions::xecho($query) . ' // ';
$db->query($query);
} catch (Exception $e) {
echo _NO_DOCSERVER_TYPE . ' // ';
diff --git a/core/trunk/core/class/docservers.php b/core/trunk/core/class/docservers.php
index a8f3245f23fe9da54e4dc5d5ff14a1462f1816b1..64860d8183ec4f9a61d407763185b848775dc349 100644
--- a/core/trunk/core/class/docservers.php
+++ b/core/trunk/core/class/docservers.php
@@ -34,7 +34,7 @@
try {
require_once("core/class/BaseObject.php");
} catch (Exception $e) {
- echo $e->getMessage().' // ';
+ echo functions::xssafe($e->getMessage()).' // ';
}
class docservers extends BaseObject
diff --git a/core/trunk/core/class/docservers_controler.php b/core/trunk/core/class/docservers_controler.php
index 2c672e649a06d94c94d39262f7ae43e4dced2968..8c508d99831eae26e29470767f533bd80de25374 100644
--- a/core/trunk/core/class/docservers_controler.php
+++ b/core/trunk/core/class/docservers_controler.php
@@ -44,7 +44,7 @@ try {
require_once 'core/class/class_resource.php';
require_once 'core/class/class_history.php';
} catch (Exception $e) {
- echo $e->getMessage() . ' // ';
+ functions::xecho($e->getMessage()) . ' // ';
}
/**
@@ -708,7 +708,7 @@ class docservers_controler
try{
$db->query($query);
} catch (Exception $e) {
- echo _UNKNOWN . _DOCSERVER . ' ' . $docserver_id . ' // ';
+ echo _UNKNOWN . _DOCSERVER . ' ' . functions::xssafe($docserver_id) . ' // ';
}
if ($db->nb_result() > 0) {
$db->disconnect();
@@ -1623,10 +1623,6 @@ class docservers_controler
$adrToExtract['path_to_file']
);
}
- /*echo $file . '<br>';
- echo $docserverTypeObject->fingerprint_mode . '<br>';
- echo 'from ds:' . $fingerprintFromDocserver . '<br>';
- echo 'from db:' . $fingerprintFromDb . '<br>';exit;*/
//manage view of the file
$use_tiny_mce = false;
if (strtolower($format) == 'maarch'
diff --git a/core/trunk/core/class/resources.php b/core/trunk/core/class/resources.php
index f48292ad1dd4f83b12f734e2d6088e276153a7b2..21809c8bd81e777fefa0fb3b5dae44be35c91748 100755
--- a/core/trunk/core/class/resources.php
+++ b/core/trunk/core/class/resources.php
@@ -33,7 +33,7 @@
try {
require_once('core/class/BaseObject.php');
} catch (Exception $e) {
- echo $e->getMessage().' // ';
+ echo functions::xssafe($e->getMessage()).' // ';
}
/**
diff --git a/core/trunk/core/class/resources_controler.php b/core/trunk/core/class/resources_controler.php
index a71b5a16789464b909d1cc864c9b8dfeb0ab0e5d..373e63b4fd2306d1de839eb02b85f57ea5c11526 100755
--- a/core/trunk/core/class/resources_controler.php
+++ b/core/trunk/core/class/resources_controler.php
@@ -44,7 +44,7 @@ try {
require_once 'core/class/docservers_controler.php';
require_once 'core/class/class_resource.php';
} catch (Exception $e) {
- echo $e->getMessage().' // ';
+ echo functions::xssafe($e->getMessage()).' // ';
}
/**
diff --git a/core/trunk/core/class/session_security.php b/core/trunk/core/class/session_security.php
index 1bfcf3c2488d5c06636adc9d3123b8fd526d488a..c138dc43af2b03cbc27cf48904afe0794a36ff96 100644
--- a/core/trunk/core/class/session_security.php
+++ b/core/trunk/core/class/session_security.php
@@ -33,7 +33,7 @@
try {
require_once("core/class/BaseObject.php");
} catch (Exception $e){
- echo $e->getMessage().' // ';
+ echo functions::xssafe($e->getMessage()).' // ';
}
/**
diff --git a/core/trunk/core/class/session_security_controler.php b/core/trunk/core/class/session_security_controler.php
index d79a99f0466cd3e77d8b4652ea5c91187fd26ee0..34f1fceefe1d216a75e6df598d26cca1fbc64d07 100644
--- a/core/trunk/core/class/session_security_controler.php
+++ b/core/trunk/core/class/session_security_controler.php
@@ -36,7 +36,7 @@ try {
require_once("core/class/ObjectControlerAbstract.php");
require_once("core/class/ObjectControlerIF.php");
} catch (Exception $e){
- echo $e->getMessage().' // ';
+ echo functions::xssafe($e->getMessage()).' // ';
}
/**
@@ -144,10 +144,10 @@ class session_security_controler extends ObjectControler implements ObjectContro
$query = "select user_id from ".SESSION_SECURITY_TABLE." where user_id = '".functions::protect_string_db($user_id)."'";
try{
- if($_ENV['DEBUG']){echo $query.' // ';}
+ if($_ENV['DEBUG']){functions::xecho($query) . ' // ';}
$this->$db->query($query);
} catch (Exception $e){
- echo _UNKNOWN.' '._USER." ".$user_id.' // ';
+ echo _UNKNOWN.' '._USER." ".functions::xssafe($user_id).' // ';
}
if($this->$db->nb_result() > 0)
diff --git a/core/trunk/core/class/usergroups.php b/core/trunk/core/class/usergroups.php
index c2ed55f138e4c2c7a977f2bf00143081e1268bc5..d2ee1a385c10536edc94b96671ba13d0158ff06c 100644
--- a/core/trunk/core/class/usergroups.php
+++ b/core/trunk/core/class/usergroups.php
@@ -33,7 +33,7 @@
try {
require_once("core/class/BaseObject.php");
} catch (Exception $e){
- echo $e->getMessage().' // ';
+ echo functions::xssafe($e->getMessage()).' // ';
}
diff --git a/core/trunk/core/class/usergroups_controler.php b/core/trunk/core/class/usergroups_controler.php
index 6de2c5083486af164d9657a106ce828d01072c5c..1fb9405dd1434a74e7da4676dfe5de11f7c6fdad 100644
--- a/core/trunk/core/class/usergroups_controler.php
+++ b/core/trunk/core/class/usergroups_controler.php
@@ -40,7 +40,7 @@ try {
require_once 'core/class/SecurityControler.php';
} catch (Exception $e) {
- echo $e->getMessage() . ' // ';
+ functions::xecho($e->getMessage()) . ' // ';
}
/**
@@ -130,7 +130,7 @@ class usergroups_controler extends ObjectControler implements ObjectControlerIF
try{
$db->query($query);
} catch (Exception $e){
- echo _NO_GROUP_WITH_ID . ' ' . $groupId . ' // ';
+ echo _NO_GROUP_WITH_ID . ' ' . functions::xssafe($groupId) . ' // ';
}
while ($res = $db->fetch_object()) {
@@ -160,7 +160,7 @@ class usergroups_controler extends ObjectControler implements ObjectControlerIF
try {
$db->query($query);
} catch (Exception $e){
- echo _NO_USER_WITH_ID.' '.$userId.' // ';
+ echo _NO_USER_WITH_ID.' '.functions::xssafe($userId).' // ';
}
$res = $db->fetch_object();
@@ -193,7 +193,7 @@ class usergroups_controler extends ObjectControler implements ObjectControlerIF
try{
$db->query($query);
} catch (Exception $e){
- echo _NO_GROUP_WITH_ID.' '.$groupId.' // ';
+ echo _NO_GROUP_WITH_ID.' '.functions::xssafe($groupId).' // ';
}
while ($res = $db->fetch_object()) {
@@ -222,7 +222,7 @@ class usergroups_controler extends ObjectControler implements ObjectControlerIF
try {
$db->query($query);
} catch (Exception $e){
- echo _NO_GROUP_WITH_ID . ' ' . $groupId . ' // ';
+ echo _NO_GROUP_WITH_ID . ' ' . functions::xssafe($groupId) . ' // ';
}
$services = array();
@@ -645,7 +645,7 @@ class usergroups_controler extends ObjectControler implements ObjectControlerIF
$db->query($query);
$ok = true;
} catch (Exception $e){
- echo _CANNOT_DELETE_GROUP_ID . ' ' . $groupId . ' // ';
+ echo _CANNOT_DELETE_GROUP_ID . ' ' . functions::xssafe($groupId) . ' // ';
$ok = false;
}
@@ -766,7 +766,7 @@ class usergroups_controler extends ObjectControler implements ObjectControlerIF
try {
$db->query($query);
} catch (Exception $e) {
- echo _UNKNOWN . _GROUP . ' ' . $groupId . ' // ';
+ echo _UNKNOWN . _GROUP . ' ' . functions::xssafe($groupId) . ' // ';
}
if ($db->nb_result() > 0) {
@@ -797,7 +797,7 @@ class usergroups_controler extends ObjectControler implements ObjectControlerIF
$db->query($query);
$ok = true;
} catch (Exception $e) {
- echo _CANNOT_DELETE_GROUP_ID . ' ' . $groupId . ' // ';
+ echo _CANNOT_DELETE_GROUP_ID . ' ' . functions::xssafe($groupId) . ' // ';
$ok = false;
}
$db->disconnect();
@@ -828,7 +828,8 @@ class usergroups_controler extends ObjectControler implements ObjectControlerIF
$db->query($query);
$ok = true;
} catch (Exception $e) {
- echo _CANNOT_INSERT . ' ' . $groupId . ' ' . $serviceId . ' // ';
+ echo _CANNOT_INSERT . ' ' . functions::xssafe($groupId)
+ . ' ' . functions::xssafe($serviceId) . ' // ';
$ok = false;
}
$db->disconnect();
@@ -858,7 +859,8 @@ class usergroups_controler extends ObjectControler implements ObjectControlerIF
try {
$db->query($query);
} catch (Exception $e) {
- echo _CANNOT_FIND . ' ' . $groupId . ' ' . $userId . ' // ';
+ echo _CANNOT_FIND . ' ' . functions::xssafe($groupId)
+ . ' ' . functions::xssafe($userId) . ' // ';
}
$db->disconnect();
diff --git a/core/trunk/core/class/users.php b/core/trunk/core/class/users.php
index 403a5f07caaafb5bb7af2d20dc4dbf2d5e67a925..8d54bcbb4795244d0830a7293712f4269695648d 100644
--- a/core/trunk/core/class/users.php
+++ b/core/trunk/core/class/users.php
@@ -33,7 +33,7 @@
try {
require_once("core/class/BaseObject.php");
} catch (Exception $e){
- echo $e->getMessage().' // ';
+ echo functions::xssafe($e->getMessage()).' // ';
}
/**
diff --git a/core/trunk/core/class/users_controler.php b/core/trunk/core/class/users_controler.php
index cee7fbadff0cd8dfa9d89635d6e110f0c3bb7e70..0fddbf19abf29c5e01e70d53f8b3edc1b1c9468c 100644
--- a/core/trunk/core/class/users_controler.php
+++ b/core/trunk/core/class/users_controler.php
@@ -38,7 +38,7 @@ try {
require_once 'core/class/class_history.php';
require_once 'modules/entities/class/class_users_entities.php';
} catch (Exception $e){
- echo $e->getMessage() . ' // ';
+ functions::xecho($e->getMessage()) . ' // ';
}
/**
@@ -167,7 +167,7 @@ class users_controler extends ObjectControler implements ObjectControlerIF
try{
self::$db->query($query);
} catch (Exception $e){
- echo _NO_USER_WITH_ID.' '.$userId.' // ';
+ echo _NO_USER_WITH_ID.' '.functions::xssafe($userId).' // ';
}
while ($res = self::$db->fetch_object()) {
@@ -663,7 +663,7 @@ class users_controler extends ObjectControler implements ObjectControlerIF
try{
self::$db->query($query);
} catch (Exception $e){
- echo _UNKNOWN . ' ' . _USER . ' ' . $userId . ' // ';
+ echo _UNKNOWN . ' ' . _USER . ' ' . functions::xssafe($userId) . ' // ';
}
if (self::$db->nb_result() > 0) {
@@ -856,7 +856,7 @@ class users_controler extends ObjectControler implements ObjectControlerIF
try{
self::$db->query($query);
} catch (Exception $e){
- echo _UNKNOWN . ' ' . _USER . ' ' . $userId . ' // ';
+ echo _UNKNOWN . ' ' . _USER . ' ' . functions::xssafe($userId) . ' // ';
}
if (self::$db->nb_result() > 0) {
@@ -956,7 +956,7 @@ class users_controler extends ObjectControler implements ObjectControlerIF
try{
self::$db->query($query);
} catch (Exception $e){
- echo _NO_USER_WITH_ID.' '.$userId.' // ';
+ echo _NO_USER_WITH_ID.' '.functions::xssafe($userId).' // ';
}
while ($res = self::$db->fetch_object()) {
diff --git a/core/trunk/core/class/web_service/class_rest_server.php b/core/trunk/core/class/web_service/class_rest_server.php
index 77c13fc318722dddeabd76b92e2132fb92b9ca20..a4f2ab5b4f23e06d56718607ab70eae34d5d7579 100644
--- a/core/trunk/core/class/web_service/class_rest_server.php
+++ b/core/trunk/core/class/web_service/class_rest_server.php
@@ -82,9 +82,6 @@ class MyRestServer extends webService
$this->makeAtomEntryRootFolder();
} else {
$restRequest = explode('/', $_SERVER['QUERY_STRING']);
- /*echo '<pre>';
- print_r($restRequest);
- echo '</pre>';*/
if ($restRequest[3] <> '') {
$this->requestedCollection = $restRequest[3];
}
@@ -111,8 +108,6 @@ class MyRestServer extends webService
*/
public function call()
{
- //echo $this->dispatchMap[$this->requestedResource]['pathToController']
- // . '<br>';
if (
file_exists(
$this->dispatchMap[$this->requestedResource]['pathToController']
@@ -140,16 +135,6 @@ class MyRestServer extends webService
function makeRESTServer()
{
//only for tests
- /* echo '<pre>';
- var_dump($_SERVER);
- var_dump($this->dispatchMap);
- echo '</pre>';*/
- //echo 'method ? ' . $this->crudMethod . '<br>';
- //echo 'requested resource : ' . $this->requestedResource
- // . '<br>';
- //echo 'requested resource id : ' . $this->requestedResourceId
- // . '<br>';
- //echo 'result of the function call : ' . $this->call();
header("Content-type: text/xml");
$this->call();
}
@@ -254,30 +239,6 @@ xmlns:maarch="http://www.maarch.org">
function makeAtomEntryRootFolder()
{
header("Content-type: text/xml");
- /*echo '<?xml version="1.0" encoding="utf-8" standalone="yes"?>
-<atom:entry xmlns:atom="http://www.w3.org/2005/Atom"
-xmlns:cmisra="http://docs.oasis-open.org/ns/cmis/restatom/200908/"
-xmlns:cmis="http://docs.oasis-open.org/ns/cmis/core/200908/"
-xmlns:maarch="http://www.maarch.org">
- <atom:author>
- <atom:name>maarch</atom:name>
- </atom:author>
- <atom:id>ROOT</atom:id>
- <atom:title>' . $_SESSION['config']['applicationname'] . '</atom:title>
- <cmisra:object/>
- <atom:link rel="service" href="http://cmis.alfresco.com/cmisatom/371554cd-ac06-40ba-98b8-e6b60275cca7?repositoryId=371554cd-ac06-40ba-98b8-e6b60275cca7" type="application/atomsvc+xml"/>
- <atom:link rel="self" href="http://cmis.alfresco.com/cmisatom/371554cd-ac06-40ba-98b8-e6b60275cca7/entry?id=workspace%3A%2F%2FSpacesStore%2F87b2f129-3ad0-4a46-a6ea-05ecbfb54aa1" type="application/atom+xml;type=entry" cmisra:id="workspace://SpacesStore/87b2f129-3ad0-4a46-a6ea-05ecbfb54aa1"/>
- <atom:link rel="enclosure" href="http://cmis.alfresco.com/cmisatom/371554cd-ac06-40ba-98b8-e6b60275cca7/entry?id=workspace%3A%2F%2FSpacesStore%2F87b2f129-3ad0-4a46-a6ea-05ecbfb54aa1" type="application/atom+xml;type=entry"/>
- <atom:link rel="edit" href="http://cmis.alfresco.com/cmisatom/371554cd-ac06-40ba-98b8-e6b60275cca7/entry?id=workspace%3A%2F%2FSpacesStore%2F87b2f129-3ad0-4a46-a6ea-05ecbfb54aa1" type="application/atom+xml;type=entry"/>
- <atom:link rel="describedby" href="http://cmis.alfresco.com/cmisatom/371554cd-ac06-40ba-98b8-e6b60275cca7/type?id=cmis%3Afolder" type="application/atom+xml;type=entry"/>
- <atom:link rel="http://docs.oasis-open.org/ns/cmis/link/200908/allowableactions" href="http://cmis.alfresco.com/cmisatom/371554cd-ac06-40ba-98b8-e6b60275cca7/allowableactions?id=workspace%3A%2F%2FSpacesStore%2F87b2f129-3ad0-4a46-a6ea-05ecbfb54aa1" type="application/cmisallowableactions+xml"/>
- <atom:link rel="down" href="http://cmis.alfresco.com/cmisatom/371554cd-ac06-40ba-98b8-e6b60275cca7/children?id=workspace%3A%2F%2FSpacesStore%2F87b2f129-3ad0-4a46-a6ea-05ecbfb54aa1" type="application/atom+xml;type=feed"/>
- <atom:link rel="down" href="http://cmis.alfresco.com/cmisatom/371554cd-ac06-40ba-98b8-e6b60275cca7/descendants?id=workspace%3A%2F%2FSpacesStore%2F87b2f129-3ad0-4a46-a6ea-05ecbfb54aa1" type="application/cmistree+xml"/>
- <atom:link rel="http://docs.oasis-open.org/ns/cmis/link/200908/foldertree" href="http://cmis.alfresco.com/cmisatom/371554cd-ac06-40ba-98b8-e6b60275cca7/foldertree?id=workspace%3A%2F%2FSpacesStore%2F87b2f129-3ad0-4a46-a6ea-05ecbfb54aa1" type="application/cmistree+xml"/>
- <atom:link rel="http://docs.oasis-open.org/ns/cmis/link/200908/acl" href="http://cmis.alfresco.com/cmisatom/371554cd-ac06-40ba-98b8-e6b60275cca7/acl?id=workspace%3A%2F%2FSpacesStore%2F87b2f129-3ad0-4a46-a6ea-05ecbfb54aa1" type="application/cmisacl+xml"/>
- <atom:link rel="http://docs.oasis-open.org/ns/cmis/link/200908/policies" href="http://cmis.alfresco.com/cmisatom/371554cd-ac06-40ba-98b8-e6b60275cca7/policies?id=workspace%3A%2F%2FSpacesStore%2F87b2f129-3ad0-4a46-a6ea-05ecbfb54aa1" type="application/atom+xml;type=feed"/>
- <atom:link rel="http://docs.oasis-open.org/ns/cmis/link/200908/relationships" href="http://cmis.alfresco.com/cmisatom/371554cd-ac06-40ba-98b8-e6b60275cca7/relationships?id=workspace%3A%2F%2FSpacesStore%2F87b2f129-3ad0-4a46-a6ea-05ecbfb54aa1" type="application/atom+xml;type=feed"/>
-</atom:entry>';*/
echo '<?xml version="1.0" encoding="UTF-8"?>
<atom:entry xmlns:atom="http://www.w3.org/2005/Atom"
xmlns:cmis="http://docs.oasis-open.org/ns/cmis/core/200908/"
diff --git a/core/trunk/core/class/web_service/class_web_service.php b/core/trunk/core/class/web_service/class_web_service.php
index edd6b8e864c1528647b6c2c37a156e5089d5b73a..00f0aa0fd19429e0d14c30ccfd8924756f12e462 100644
--- a/core/trunk/core/class/web_service/class_web_service.php
+++ b/core/trunk/core/class/web_service/class_web_service.php
@@ -165,7 +165,6 @@ class webService {
$_SESSION['user']['UserId'] = $func->decrypt($_SERVER["PHP_AUTH_USER"]);
$password = $func->decrypt($_SERVER["PHP_AUTH_PW"]);
} else {
- //echo "ici";exit;
$_SESSION['user']['UserId'] = $_SERVER["PHP_AUTH_USER"];
$password = $_SERVER["PHP_AUTH_PW"];
}
@@ -281,9 +280,6 @@ class webService {
$rootPathArray = explode("#",$stringMethod);
$rootPath = $rootPathArray[0];
$objectPath = $rootPathArray[1];
- //echo "<br>generic path : " . $stringMethod . "<br>";
- //echo "root path : " . $rootPath . "<br>";
- //echo "object path : " . $objectPath . "<br>";
$objectPathArray = array();
$objectPathArray = explode("::",$objectPath);
if ($rootPath == "core") {
diff --git a/core/trunk/core/docservers_tools.php b/core/trunk/core/docservers_tools.php
index 04152d8ca7fbaec7a00565eaa2d835ca4f706689..b745b8621b1ce7e27940b20a61bcd3c5e672d033 100644
--- a/core/trunk/core/docservers_tools.php
+++ b/core/trunk/core/docservers_tools.php
@@ -35,7 +35,7 @@ try {
require_once 'core/class/docservers_controler.php';
require_once 'core/core_tables.php';
} catch (Exception $e) {
- echo $e->getMessage() . ' // ';
+ functions::xecho($e->getMessage()) . ' // ';
}
/**
@@ -215,7 +215,6 @@ function Ds_extractArchive($fileInfos, $fingerprintMode)
}
$tmpCmd = '';
exec($command, $tmpCmd, $execError);
- //echo $command . '<br>';
if ($execError > 0) {
if (DIRECTORY_SEPARATOR == '/') {
//else try to extract only the first container
@@ -326,7 +325,6 @@ function Ds_extractArchive($fileInfos, $fingerprintMode)
}
$tmpCmd = '';
exec($commandBis, $tmpCmd, $execError);
- //echo $commandBis;exit;
if ($execError > 0) {
$result = array(
'status' => 'ko',
diff --git a/core/trunk/core/init.php b/core/trunk/core/init.php
index b90935a511e13a62ac10fabbc055edce1fc46cc2..7acd73b821438d404f01c1ef91217c84998fb981 100644
--- a/core/trunk/core/init.php
+++ b/core/trunk/core/init.php
@@ -53,7 +53,6 @@ if (isset($_SESSION['custom_override_id'])
) {
$path = $_SESSION['config']['corepath'] . 'custom' . DIRECTORY_SEPARATOR
. $_SESSION['custom_override_id'] . DIRECTORY_SEPARATOR;
- //echo $path;
set_include_path(
$path . PATH_SEPARATOR . $_SESSION['config']['corepath']
. PATH_SEPARATOR . get_include_path()
diff --git a/core/trunk/core/manage_action.php b/core/trunk/core/manage_action.php
index 0ec1f4d60b59d6df6ad88f72089c99f282953128..2a8f55e97160251f34037f6580324f901566c524 100644
--- a/core/trunk/core/manage_action.php
+++ b/core/trunk/core/manage_action.php
@@ -73,7 +73,7 @@ if($_POST['req'] == 'valid_form' && !empty($_POST['action_id']) && isset($_POST[
if($db->nb_result() < 1)
{
$_SESSION['action_error'] = _ACTION_NOT_IN_DB;
- echo "{status : 5, error_txt : '".addslashes($_SESSION['action_error'])."'}";
+ echo "{status : 5, error_txt : '".addslashes(functions::xssafe($_SESSION['action_error']))."'}";
exit();
}
@@ -88,7 +88,7 @@ if($_POST['req'] == 'valid_form' && !empty($_POST['action_id']) && isset($_POST[
if($action_page == '')
{
$_SESSION['action_error'] = _ACTION_NOT_IN_DB;
- echo "{status : 5, error_txt : '".addslashes($_SESSION['action_error'])."'}";
+ echo "{status : 5, error_txt : '".addslashes(functions::xssafe($_SESSION['action_error']))."'}";
exit();
}
$custom_path = '';
@@ -112,7 +112,7 @@ if($_POST['req'] == 'valid_form' && !empty($_POST['action_id']) && isset($_POST[
{
// Invalid path to script
$_SESSION['action_error'] = $label_action.' '._ACTION_PAGE_MISSING;
- echo "{status : 8, error_txt: '".addslashes($_SESSION['action_error'])."'}";
+ echo "{status : 8, error_txt: '".addslashes(functions::xssafe($_SESSION['action_error']))."'}";
exit();
}
}
@@ -121,18 +121,18 @@ if($_POST['req'] == 'valid_form' && !empty($_POST['action_id']) && isset($_POST[
$frm_error = check_form(trim($_POST['form_to_check']),get_values_in_array($_POST['form_values']));
if($frm_error == false)
{
- echo "{status : 1, error_txt : '".addslashes($_SESSION['action_error'])."'}";
+ echo "{status : 1, error_txt : '".addslashes(functions::xssafe($_SESSION['action_error']))."'}";
exit();
}
else
{
if($create_id == 'N')
{
- echo "{status : 0, error_txt : '".addslashes($_SESSION['action_error'])."', page_result : '', manage_form_now : false}";
+ echo "{status : 0, error_txt : '".addslashes(functions::xssafe($_SESSION['action_error']))."', page_result : '', manage_form_now : false}";
}
else
{
- echo "{status : 0, error_txt : '".addslashes($_SESSION['action_error'])."', page_result : '', manage_form_now : true}";
+ echo "{status : 0, error_txt : '".addslashes(functions::xssafe($_SESSION['action_error']))."', page_result : '', manage_form_now : true}";
}
exit();
}
@@ -162,15 +162,15 @@ elseif(trim($_POST['req']) == 'change_status' && !empty($_POST['values']) && !em
$req = $db->query($query_str, true);
if (!$req) {
$_SESSION['action_error'] = _SQL_ERROR.' : '.$query_str;
- echo "{status : 1, error_txt : '".addslashes(_ERROR_WITH_STATUS)." ".$query_str."'}";
+ echo "{status : 1, error_txt : '".addslashes(_ERROR_WITH_STATUS." ".functions::xssafe($query_str))."'}";
exit();
}
}
}
- echo "{status : 0, error_txt : '".addslashes(_STATUS_UPDATED.' : '.$_POST['new_status'])."'}";
+ echo "{status : 0, error_txt : '".addslashes(_STATUS_UPDATED.' : '.functions::xssafe($_POST['new_status']))."'}";
exit();
} else {
- echo "{status : 0, error_txt : '".addslashes(_STATUS_NOT_EXISTS.' : '.$_POST['new_status'])."'}";
+ echo "{status : 0, error_txt : '".addslashes(_STATUS_NOT_EXISTS.' : '.functions::xssafe($_POST['new_status']))."'}";
exit();
}
}
@@ -181,7 +181,7 @@ else if(empty($_POST['values']) || !isset($_POST['action_id']) || empty($_POST['
{
$tmp = 'values : '.$_POST['values'].', action_id : '.$_POST['action_id'].', mode : '. $_POST['mode'].', table : '.$_POST['table'].', coll_id : '.$_POST['coll_id'].', module : '.$_POST['module'].', req : '.$_POST['req'];
$_SESSION['action_error'] = $tmp._AJAX_PARAM_ERROR;
- echo "{status : 1, error_txt : '".$id_action.addslashes($_SESSION['action_error'])."'}";
+ echo "{status : 1, error_txt : '".functions::xssafe($id_action).addslashes(functions::xssafe($_SESSION['action_error']))."'}";
exit();
}
@@ -197,7 +197,7 @@ else
if($db->nb_result() < 1)
{
$_SESSION['action_error'] = _ACTION_NOT_IN_DB;
- echo "{status : 5, error_txt : '".addslashes($_SESSION['action_error'])."'}";
+ echo "{status : 5, error_txt : '".addslashes(functions::xssafe($_SESSION['action_error']))."'}";
exit();
}
@@ -214,7 +214,7 @@ else
if($_POST['req'] == 'second_request')
{
$_SESSION['action_error'] = _ACTION_NOT_IN_DB;
- echo "{status : 5, error_txt : '".addslashes($_SESSION['action_error'])."'}";
+ echo "{status : 5, error_txt : '".addslashes(functions::xssafe($_SESSION['action_error']))."'}";
exit();
}
@@ -222,7 +222,7 @@ else
if($status == '' || $status == 'NONE')
{
$_SESSION['action_error'] = $label_action.' : '._ERROR_PARAM_ACTION;
- echo "{status : 6, error_txt : '".addslashes($_SESSION['action_error'])."'}";
+ echo "{status : 6, error_txt : '".functions::xssafe(addslashes($_SESSION['action_error']))."'}";
exit();
}
$db->query("select id from status where id ='" . $status . "'");
@@ -247,7 +247,7 @@ else
$req = $db->query($query_str, true);
if (!$req) {
$_SESSION['action_error'] = _SQL_ERROR . ' : ' . $query_str;
- echo "{status : 7, error_txt : '" . addslashes($label_action . ' : ' . $_SESSION['action_error']) . "'}";
+ echo "{status : 7, error_txt : '" . addslashes(functions::xssafe($label_action) . ' : ' . functions::xssafe($_SESSION['action_error'])) . "'}";
exit();
}
}
@@ -255,7 +255,7 @@ else
}
$res_action = array('result' => $result, 'history_msg' => '');
$_SESSION['action_error'] = _ACTION_DONE.' : '.$label_action;
- echo "{status : 0, error_txt : '".addslashes($_SESSION['action_error']).", status : ".$status.", ".$_POST['values']."', page_result : ''}";
+ echo "{status : 0, error_txt : '".addslashes($_SESSION['action_error']).", status : ".functions::xssafe($status).", ".functions::xssafe($_POST['values'])."', page_result : ''}";
}
@@ -283,19 +283,19 @@ else
{
// Invalid path to script
$_SESSION['action_error'] = $label_action.' '._ACTION_PAGE_MISSING;
- echo "{status : 8, error_txt: '".addslashes($_SESSION['action_error'])."'}";
+ echo "{status : 8, error_txt: '".addslashes(functions::xssafe($_SESSION['action_error']))."'}";
exit();
}
}
if($_POST['req'] == 'first_request' && in_array('form', $etapes))
{
$frm_test = get_form_txt($arr_id, $_SESSION['config']['businessappurl'].'index.php?display=true&page=manage_action&module=core', $id_action, $_POST['table'],$_POST['module'], $_POST['coll_id'], $_POST['mode'] );
- echo "{status : 3, form_content : '".$frm_test."', height : '".$frm_height."', width : '".$frm_width."', 'mode_frm' : '".$mode_form."', 'action_status' : '".$status."'}";
+ echo "{status : 3, form_content : '".$frm_test."', height : '".$frm_height."', width : '".$frm_width."', 'mode_frm' : '".$mode_form."', 'action_status' : '".functions::xssafe($status)."'}";
exit();
}
elseif( $_POST['req'] == 'first_request' && $confirm == true)
{
- echo "{status : 2, confirm_content : '".addslashes(_ACTION_CONFIRM." ".$label_action)."', validate : '"._VALIDATE."', cancel : '"._CANCEL."', label_action : '".addslashes($label_action)."', 'action_status' : '".$status."'}";
+ echo "{status : 2, confirm_content : '".addslashes(_ACTION_CONFIRM." ".functions::xssafe($label_action))."', validate : '"._VALIDATE."', cancel : '"._CANCEL."', label_action : '".addslashes(functions::xssafe($label_action))."', 'action_status' : '".functions::xssafe($status)."'}";
exit();
}
else
@@ -323,13 +323,13 @@ else
}
catch(Exception $e)
{
- echo "{status : 9, error_txt : '".addslashes($_SESSION['action_error'])."'}";
+ echo "{status : 9, error_txt : '".addslashes(functions::xssafe($_SESSION['action_error']))."'}";
exit();
}
}
else
{
- echo "{status : 9, error_txt : '".addslashes($_SESSION['action_error'])."'}";
+ echo "{status : 9, error_txt : '".addslashes(functions::xssafe($_SESSION['action_error']))."'}";
exit();
}
}
@@ -337,7 +337,7 @@ else
//print_r($res_action);
if($res_action == false)
{
- echo "{status : 9, error_txt : '".addslashes($_SESSION['action_error'])."'}";
+ echo "{status : 9, error_txt : '".addslashes(functions::xssafe($_SESSION['action_error']))."'}";
exit();
}
$comp = ", page_result : ''";
@@ -361,7 +361,7 @@ else
}
$_SESSION['action_error'] = _ACTION_DONE.' : '.$label_action;
- echo "{status : 0, error_txt : '".addslashes($_SESSION['action_error'])."'".$comp.", result_id : '".$res_action['result']."'}";
+ echo "{status : 0, error_txt : '".addslashes(functions::xssafe($_SESSION['action_error']))."'".$comp.", result_id : '".$res_action['result']."'}";
}
}
// Save action in history if needed