*8148* OMP leakage into PKP lib

pkp · Apr 19, 2013 · 1a7d782 · 1a7d782
1 parent a360005
commit 1a7d782
Show file tree

Hide file tree

Showing 10 changed files with 16 additions and 18 deletions.
diff --git a/classes/context/PKPSocialMedia.inc.php b/classes/context/PKPSocialMedia.inc.php
@@ -98,7 +98,6 @@ function setPlatform($platform, $locale) {
 	/**
 	 * Replace various variables in the code template with data
 	 * relevant to the assigned monograph.
-	 * @param PublishedMonograph $publishedMonograph
 	 */
 	function replaceCodeVars() {
 		// Subclasses should override as needed.

diff --git a/.../security/authorization/internal/PKPSubmissionFileRequestedRevisionRequiredPolicy.inc.php b/.../security/authorization/internal/PKPSubmissionFileRequestedRevisionRequiredPolicy.inc.php
@@ -39,11 +39,11 @@ function effect() {
 
 		// Get the monograph file.
 		$monographFile = $this->getSubmissionFile($request);
-		if (!is_a($monographFile, 'MonographFile')) return AUTHORIZATION_DENY;
+		if (!is_a($monographFile, 'SubmissionFile')) return AUTHORIZATION_DENY;
 
 		// Make sure the file belongs to the monograph in request.
 		$monograph =& $this->getAuthorizedContextObject(ASSOC_TYPE_MONOGRAPH);
-		if (!is_a($monograph, 'Monograph')) return AUTHORIZATION_DENY;
+		if (!is_a($monograph, 'Submission')) return AUTHORIZATION_DENY;
 		if ($monograph->getId() != $monographFile->getSubmissionId()) return AUTHORIZATION_DENY;
 
 		// Make sure the file is part of a review round

diff --git a/classes/security/authorization/internal/SubmissionFileSubmissionStageRequiredPolicy.inc.php b/classes/security/authorization/internal/SubmissionFileSubmissionStageRequiredPolicy.inc.php
@@ -35,7 +35,7 @@ function effect() {
 
 		// Get the submission file.
 		$submissionFile = $this->getSubmissionFile($request);
-		if (!is_a($submissionFile, 'MonographFile')) return AUTHORIZATION_DENY;
+		if (!is_a($submissionFile, 'SubmissionFile')) return AUTHORIZATION_DENY;
 
 		// Make sure that it's in the submission stage
 		if ($submissionFile->getFileStage() != SUBMISSION_FILE_SUBMISSION) return AUTHORIZATION_DENY;

diff --git a/classes/security/authorization/internal/SubmissionFileUploaderAccessPolicy.inc.php b/classes/security/authorization/internal/SubmissionFileUploaderAccessPolicy.inc.php
@@ -5,10 +5,10 @@
  * Copyright (c) 2000-2013 John Willinsky
  * Distributed under the GNU GPL v2. For full terms see the file docs/COPYING.
  *
- * @class MonographFileUploaderAccessPolicy
+ * @class SubmissionFileUploaderAccessPolicy
  * @ingroup security_authorization_internal
  *
- * @brief Monograph file policy to check if the current user is the uploader.
+ * @brief Submission file policy to check if the current user is the uploader.
  *
  */
 

diff --git a/classes/submission/PKPSubmissionFileDAO.inc.php b/classes/submission/PKPSubmissionFileDAO.inc.php
@@ -165,7 +165,7 @@ function &getAllRevisionsByAssocId($assocType, $assocId, $fileStage = null, $ran
 	 * @param $uploaderUserId integer
 	 * @param $uploaderUserGroupId integer
 	 * @param $fileStage integer (optional) One of the MONOGRAPH_FILE constants
-	 * @return array A list of MonographFiles.
+	 * @return array A list of SubmissionFiles.
 	 */
 	function &getRevisionsByReviewRound($submissionId, $stageId, $round, $fileStage = null,
 			$uploaderUserId = null, $uploaderUserGroupId = null) {
@@ -183,7 +183,7 @@ function &getRevisionsByReviewRound($submissionId, $stageId, $round, $fileStage
 	 * @param $stageId int
 	 * @param $round int
 	 * @param $fileStage int (optional) A SUBMISSION_FILE_* constant
-	 * @return array A list of MonographFiles.
+	 * @return array A list of SubmissionFiles.
 	 */
 	function &getLatestNewRevisionsByReviewRound($submissionId, $stageId, $round, $fileStage = null) {
 		if (!($stageId && $round)) {
@@ -276,7 +276,7 @@ function &updateObject(&$updatedFile, $previousFileId = null, $previousRevision
 
 		// Retrieve the previous file.
 		$previousFile =& $this->getRevision($previousFileId, $previousRevision);
-		assert(is_a($previousFile, 'MonographFile'));
+		assert(is_a($previousFile, 'SubmissionFile'));
 
 		// Canonicalized the implementation of the previous file.
 		$previousImplementation = strtolower_codesafe(get_class($previousFile));

diff --git a/controllers/api/file/FileApiHandler.inc.php b/controllers/api/file/FileApiHandler.inc.php
@@ -37,7 +37,7 @@ function FileApiHandler() {
 	/**
 	 * record a file view.
 	 * Must be overridden in subclases.
-	 * @param $submissionFile MonographFile the file to record.
+	 * @param $submissionFile SubmissionFile the file to record.
 	 */
 	function recordView($submissionFile) {
 		SubmissionFileManager::recordView($submissionFile);

diff --git a/controllers/api/file/linkAction/DownloadFileLinkAction.inc.php b/controllers/api/file/linkAction/DownloadFileLinkAction.inc.php
@@ -44,7 +44,7 @@ function DownloadFileLinkAction($request, $submissionFile, $stageId = null) {
 
 	/**
 	 * Get the label for the file download action.
-	 * @param $submissionFile MonographFile
+	 * @param $submissionFile SubmissionFile
 	 * @return string
 	 */
 	function getLabel(&$submissionFile) {

diff --git a/controllers/wizard/fileUpload/PKPFileUploadWizardHandler.inc.php b/controllers/wizard/fileUpload/PKPFileUploadWizardHandler.inc.php
@@ -430,7 +430,7 @@ function &_getMetadataForm($request) {
 	/**
 	 * Check if the uploaded file has a similar name to an existing
 	 * file which would then be a candidate for a revised file.
-	 * @param $uploadedFile MonographFile
+	 * @param $uploadedFile SubmissionFile
 	 * @param $submissionFiles array a list of submission files to
 	 *  check the uploaded file against.
 	 * @return integer the if of the possibly revised file or null
@@ -512,17 +512,16 @@ function _onlyNumbersDiffer($a, $b) {
 	/**
 	 * Create an array that describes an uploaded file which can
 	 * be used in a JSON response.
-	 * @param MonographFile $uploadedFile
+	 * @param SubmissionFile $uploadedFile
 	 * @return array
 	 */
-	function &_getUploadedFileInfo(&$uploadedFile) {
-		$uploadedFileInfo = array(
+	function _getUploadedFileInfo($uploadedFile) {
+		return array(
 			'uploadedFile' => array(
 				'fileId' => $uploadedFile->getFileId(),
 				'revision' => $uploadedFile->getRevision()
 			)
 		);
-		return $uploadedFileInfo;
 	}
 }
 

diff --git a/js/controllers/form/DropdownHandler.js b/js/controllers/form/DropdownHandler.js
@@ -33,7 +33,7 @@
 		// Save the default key, to select upon the first list load.
 		this.defaultKey_ = options.defaultKey;
 
-		// Expose the selectMonograph event to the containing element.
+		// Expose e.g. the selectMonograph event to the containing element.
 		this.publishEvent(this.eventName_);
 
 		// Save the url for fetching the options in the dropdown element.

diff --git a/templates/controllers/tab/settings/paymentMethod/form/paymentMethodForm.tpl b/templates/controllers/tab/settings/paymentMethod/form/paymentMethodForm.tpl
@@ -17,7 +17,7 @@
 				paymentMethodFormUrlTemplate: '{url|escape:"javascript" router=$smarty.const.ROUTE_COMPONENT op="getPaymentFormContents" paymentPluginName=PAYMENT_PLUGIN_NAME escape=false}'
 			{rdelim}
 		);
-		// Attach the container handler. (Triggers selectMonograph event.)
+		// Attach the container handler. (Triggers e.g. selectMonograph event.)
 		$('#paymentMethodSelector').pkpHandler(
 			'$.pkp.controllers.form.DropdownHandler',
 			{ldelim}