diff --git a/code/cms/DMSDocumentAddController.php b/code/cms/DMSDocumentAddController.php
index dcba191..185f607 100644
--- a/code/cms/DMSDocumentAddController.php
+++ b/code/cms/DMSDocumentAddController.php
@@ -190,14 +190,14 @@ class DMSDocumentAddController extends LeftAndMain
return Controller::join_links(
$modelAdmin->Link('DMSDocumentSet'),
'EditForm/field/DMSDocumentSet/item',
- $this->getRequest()->getVar('dsid'),
+ (int) $this->getRequest()->getVar('dsid'),
'edit'
);
}
return $modelAdmin->Link();
}
- return $this->getPageEditLink($this->currentPageID(), $this->getRequest()->getVar('dsid'));
+ return $this->getPageEditLink($this->currentPageID(), (int) $this->getRequest()->getVar('dsid'));
}
/**
@@ -212,7 +212,7 @@ class DMSDocumentAddController extends LeftAndMain
return Controller::join_links(
CMSPageEditController::singleton()->getEditForm($pageId)->FormAction(),
'field/Document Sets/item',
- $documentSetId
+ (int) $documentSetId
);
}
diff --git a/code/model/DMSDocument.php b/code/model/DMSDocument.php
index bafe0d2..3a0258f 100644
--- a/code/model/DMSDocument.php
+++ b/code/model/DMSDocument.php
@@ -1322,6 +1322,9 @@ class DMSDocument extends DataObject implements DMSDocumentInterface
. '
';
foreach ($this->actionTasks as $panelKey => $title) {
+ $panelKey = Convert::raw2xml($panelKey);
+ $title = Convert::raw2xml($title);
+
$html .= '- '
. _t('DMSDocument.ACTION_' . strtoupper($panelKey), $title)
. '
';
diff --git a/code/model/DMSDocument_Controller.php b/code/model/DMSDocument_Controller.php
index 6aa4912..3ddf7a6 100644
--- a/code/model/DMSDocument_Controller.php
+++ b/code/model/DMSDocument_Controller.php
@@ -82,6 +82,7 @@ class DMSDocument_Controller extends Controller
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$mime = finfo_file($finfo, $path);
} elseif (is_executable($fileBin)) {
+ $path = escapeshellarg($path);
// try to use the system tool
$mime = `$fileBin -i -b $path`;
$mime = explode(';', $mime);
@@ -89,7 +90,7 @@ class DMSDocument_Controller extends Controller
} else {
// make do with what we have
$ext = $doc->getExtension();
- if ($ext =='pdf') {
+ if ($ext == 'pdf') {
$mime = 'application/pdf';
} elseif ($ext == 'html' || $ext =='htm') {
$mime = 'text/html';
diff --git a/code/tools/ShortCodeRelationFinder.php b/code/tools/ShortCodeRelationFinder.php
index 9cddc50..45155d0 100644
--- a/code/tools/ShortCodeRelationFinder.php
+++ b/code/tools/ShortCodeRelationFinder.php
@@ -39,10 +39,12 @@ class ShortCodeRelationFinder
}
/**
+ * @param int $number
* @return DataList
*/
public function getList($number)
{
+ $number = (int) $number;
$list = DataList::create('SiteTree');
$where = array();
$fields = $this->getShortCodeFields('SiteTree');