From 8f5b5e4f685e9d11f1d67ad214b5ece50add2172 Mon Sep 17 00:00:00 2001
From: stronk7 <stronk7>
Date: Tue, 29 Aug 2006 23:20:03 +0000
Subject: [PATCH] relative+cleaned paths

---
 .../delete_statement.class.php                |  8 ++++----
 .../edit_statement/edit_statement.class.php   | 20 +++++++++----------
 .../move_updown_statement.class.php           |  4 ++--
 .../view_statement_xml.class.php              |  4 ++--
 4 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/admin/xmldb/actions/delete_statement/delete_statement.class.php b/admin/xmldb/actions/delete_statement/delete_statement.class.php
index 51d54c1964..f5232d917e 100644
--- a/admin/xmldb/actions/delete_statement/delete_statement.class.php
+++ b/admin/xmldb/actions/delete_statement/delete_statement.class.php
@@ -63,8 +63,8 @@ class delete_statement extends XMLDBAction {
     /// Do the job, setting result as needed
 
     /// Get the dir containing the file
-        $dirpath = required_param('dir', PARAM_CLEAN);
-        $dirpath = stripslashes_safe($dirpath);
+        $dirpath = required_param('dir', PARAM_PATH);
+        $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
         $statementparam = required_param('statement', PARAM_CLEAN);
 
         $confirmed = optional_param('confirmed', false, PARAM_BOOL);
@@ -76,11 +76,11 @@ class delete_statement extends XMLDBAction {
             $o.= '    <p align="center">' . $this->str['confirmdeletestatement'] . '<br /><br />' . $statementparam . '</p>';
             $o.= '    <table align="center" cellpadding="20"><tr><td>';
             $o.= '      <div class="singlebutton">';
-            $o.= '        <form action="index.php?action=delete_statement&amp;confirmed=yes&amp;postaction=edit_xml_file&amp;statement=' . $statementparam . '&amp;dir=' . urlencode($dirpath) . '" method="post">';
+            $o.= '        <form action="index.php?action=delete_statement&amp;confirmed=yes&amp;postaction=edit_xml_file&amp;statement=' . $statementparam . '&amp;dir=' . urlencode(str_replace($CFG->dirroot, '', $dirpath)) . '" method="post">';
             $o.= '          <input type="submit" value="'. $this->str['yes'] .'" /></form></div>';
             $o.= '      </td><td>';
             $o.= '      <div class="singlebutton">';
-            $o.= '        <form action="index.php?action=edit_xml_file&amp;dir=' . urlencode($dirpath) . '" method="post">';
+            $o.= '        <form action="index.php?action=edit_xml_file&amp;dir=' . urlencode(str_replace($CFG->dirroot, '', $dirpath)) . '" method="post">';
             $o.= '          <input type="submit" value="'. $this->str['no'] .'" /></form></div>';
             $o.= '      </td></tr>';
             $o.= '    </table>';
diff --git a/admin/xmldb/actions/edit_statement/edit_statement.class.php b/admin/xmldb/actions/edit_statement/edit_statement.class.php
index 03a601a860..c47d59e4fc 100644
--- a/admin/xmldb/actions/edit_statement/edit_statement.class.php
+++ b/admin/xmldb/actions/edit_statement/edit_statement.class.php
@@ -68,8 +68,8 @@ class edit_statement extends XMLDBAction {
 
     /// Do the job, setting result as needed
     /// Get the dir containing the file
-        $dirpath = required_param('dir', PARAM_CLEAN);
-        $dirpath = stripslashes_safe($dirpath);
+        $dirpath = required_param('dir', PARAM_PATH);
+        $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
 
     /// Get the correct dirs
         if (!empty($XMLDB->dbdirs)) {
@@ -103,7 +103,7 @@ class edit_statement extends XMLDBAction {
 
     /// Add the main form
         $o = '<form id="form" action="index.php" method="post">';
-        $o.= '    <input type="hidden" name ="dir" value="' . $dirpath . '" />';
+        $o.= '    <input type="hidden" name ="dir" value="' . str_replace($CFG->dirroot, '', $dirpath) . '" />';
         $o.= '    <input type="hidden" name ="statement" value="' . $statementparam .'" />';
         $o.= '    <input type="hidden" name ="action" value="edit_statement_save" />';
         $o.= '    <input type="hidden" name ="postaction" value="edit_statement" />';
@@ -117,20 +117,20 @@ class edit_statement extends XMLDBAction {
         $b = ' <p align="center" class="buttons">';
     /// The view original XML button
         if ($origstructure->getStatement($statementparam)) {
-            $b .= '&nbsp;<a href="index.php?action=view_statement_xml&amp;dir=' . urlencode($dirpath) . '&amp;select=original&amp;statement=' . $statementparam . '" target="_blank">[' . $this->str['vieworiginal'] . ']</a>';
+            $b .= '&nbsp;<a href="index.php?action=view_statement_xml&amp;dir=' . urlencode(str_replace($CFG->dirroot, '', $dirpath)) . '&amp;select=original&amp;statement=' . $statementparam . '" target="_blank">[' . $this->str['vieworiginal'] . ']</a>';
         } else {
             $b .= '&nbsp;[' . $this->str['vieworiginal'] . ']';
         }
     /// The view edited XML button
         if ($statement->hasChanged()) {
-            $b .= '&nbsp;<a href="index.php?action=view_statement_xml&amp;dir=' . urlencode($dirpath) . '&amp;select=edited&amp;statement=' . $statementparam . '" target="_blank">[' . $this->str['viewedited'] . ']</a>';
+            $b .= '&nbsp;<a href="index.php?action=view_statement_xml&amp;dir=' . urlencode(str_replace($CFG->dirroot, '', $dirpath)) . '&amp;select=edited&amp;statement=' . $statementparam . '" target="_blank">[' . $this->str['viewedited'] . ']</a>';
         } else {
             $b .= '&nbsp;[' . $this->str['viewedited'] . ']';
         }
     /// The new sentence button
-        $b .= '&nbsp;<a href="index.php?action=new_sentence&amp;postaction=edit_sentence&amp;statement=' . $statementparam . '&amp;dir=' . urlencode($dirpath) . '">[' . $this->str['newsentence'] . ']</a>';
+        $b .= '&nbsp;<a href="index.php?action=new_sentence&amp;postaction=edit_sentence&amp;statement=' . $statementparam . '&amp;dir=' . urlencode(str_replace($CFG->dirroot, '', $dirpath)) . '">[' . $this->str['newsentence'] . ']</a>';
     /// The back to edit xml file button
-        $b .= '&nbsp;<a href="index.php?action=edit_xml_file&amp;dir=' . urlencode($dirpath) . '">[' . $this->str['back'] . ']</a>';
+        $b .= '&nbsp;<a href="index.php?action=edit_xml_file&amp;dir=' . urlencode(str_replace($CFG->dirroot, '', $dirpath)) . '">[' . $this->str['back'] . ']</a>';
         $b .= '</p>';
         $o .= $b;
 
@@ -153,13 +153,13 @@ class edit_statement extends XMLDBAction {
             /// Calculate buttons
                 $b = '</td><td class="button cell">';
             /// The edit button
-                $b .= '<a href="index.php?action=edit_sentence&amp;sentence=' .$key . '&amp;statement=' . urlencode($statement->getName()) . '&amp;dir=' . urlencode($dirpath) . '">[' . $this->str['edit'] . ']</a>';
+                $b .= '<a href="index.php?action=edit_sentence&amp;sentence=' .$key . '&amp;statement=' . urlencode($statement->getName()) . '&amp;dir=' . urlencode(str_replace($CFG->dirroot, '', $dirpath)) . '">[' . $this->str['edit'] . ']</a>';
                 $b .= '</td><td class="button cell">';
             /// The duplicate button
-                $b .= '<a href="index.php?action=new_sentence&amp;postaction=edit_sentence&amp;basesentence=' . $key . '&amp;statement=' . urlencode($statement->getName()) . '&amp;dir=' . urlencode($dirpath) . '">[' . $this->str['duplicate'] . ']</a>';
+                $b .= '<a href="index.php?action=new_sentence&amp;postaction=edit_sentence&amp;basesentence=' . $key . '&amp;statement=' . urlencode($statement->getName()) . '&amp;dir=' . urlencode(str_replace($CFG->dirroot, '', $dirpath)) . '">[' . $this->str['duplicate'] . ']</a>';
                 $b .= '</td><td class="button cell">';
             /// The delete button
-                $b .= '<a href="index.php?action=delete_sentence&amp;sentence=' . $key . '&amp;statement=' . urlencode($statement->getName()) . '&amp;dir=' . urlencode($dirpath) . '">[' . $this->str['delete'] . ']</a>';
+                $b .= '<a href="index.php?action=delete_sentence&amp;sentence=' . $key . '&amp;statement=' . urlencode($statement->getName()) . '&amp;dir=' . urlencode(str_replace($CFG->dirroot, '', $dirpath)) . '">[' . $this->str['delete'] . ']</a>';
                 $b .= '</td>';
             /// Print table row
             $o .= '<tr class="r' . $row . '"><td class="table cell">' . $p . $sentence . $b . '</tr>'; 
diff --git a/admin/xmldb/actions/move_updown_statement/move_updown_statement.class.php b/admin/xmldb/actions/move_updown_statement/move_updown_statement.class.php
index 9b9cdf9cb5..15116bfa18 100644
--- a/admin/xmldb/actions/move_updown_statement/move_updown_statement.class.php
+++ b/admin/xmldb/actions/move_updown_statement/move_updown_statement.class.php
@@ -61,8 +61,8 @@ class move_updown_statement extends XMLDBAction {
 
     /// Do the job, setting result as needed
     /// Get the dir containing the file
-        $dirpath = required_param('dir', PARAM_CLEAN);
-        $dirpath = stripslashes_safe($dirpath);
+        $dirpath = required_param('dir', PARAM_PATH);
+        $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
 
     /// Get the correct dirs
         if (!empty($XMLDB->dbdirs)) {
diff --git a/admin/xmldb/actions/view_statement_xml/view_statement_xml.class.php b/admin/xmldb/actions/view_statement_xml/view_statement_xml.class.php
index 6a50faeddf..6332b221c1 100644
--- a/admin/xmldb/actions/view_statement_xml/view_statement_xml.class.php
+++ b/admin/xmldb/actions/view_statement_xml/view_statement_xml.class.php
@@ -64,8 +64,8 @@ class view_statement_xml extends XMLDBAction {
         $statement =  required_param('statement', PARAM_CLEAN);
         $select = required_param('select', PARAM_ALPHA); //original/edited
     /// Get the dir containing the file
-        $dirpath = required_param('dir', PARAM_CLEAN);
-        $dirpath = stripslashes_safe($dirpath);
+        $dirpath = required_param('dir', PARAM_PATH);
+        $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
 
     /// Get the correct dir
         if ($select == 'original') {
-- 
2.39.5