Merge pull request #6 from glyptostrob0ides/EcoFlora

Eco flora

.gitignore

@@ -1,3 +1,2 @@
 /config/dbconnection.php
 /config/symbini.php
-

.vscode/launch.json

@@ -0,0 +1,48 @@
+{
+    // Use IntelliSense to learn about possible attributes.
+    // Hover to view descriptions of existing attributes.
+    // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
+    "version": "0.2.0",
+    "configurations": [
+        {
+            "name": "Listen for Xdebug",
+            "type": "php",
+            "request": "launch",
+            "port": 9003
+        },
+        {
+            "name": "Launch currently open script",
+            "type": "php",
+            "request": "launch",
+            "program": "${file}",
+            "cwd": "${fileDirname}",
+            "port": 0,
+            "runtimeArgs": [
+                "-dxdebug.start_with_request=yes"
+            ],
+            "env": {
+                "XDEBUG_MODE": "debug,develop",
+                "XDEBUG_CONFIG": "client_port=${port}"
+            }
+        },
+        {
+            "name": "Launch Built-in web server",
+            "type": "php",
+            "request": "launch",
+            "runtimeArgs": [
+                "-dxdebug.mode=debug",
+                "-dxdebug.start_with_request=yes",
+                "-S",
+                "localhost:0"
+            ],
+            "program": "",
+            "cwd": "${workspaceRoot}",
+            "port": 9003,
+            "serverReadyAction": {
+                "pattern": "Development Server \\(http://localhost:([0-9]+)\\) started",
+                "uriFormat": "http://localhost:%s",
+                "action": "openExternally"
+            }
+        }
+    ]
+}

admin/index.php

@@ -3,7 +3,7 @@
 header("Content-Type: text/html; charset=".$CHARSET);
 header("Location: ".$CLIENT_ROOT."/index.php");
 ?>
-<html>
+<html lang="en">
 	<head>
 		<title>Forbidden</title>
 		<?php
@@ -21,7 +21,7 @@
 				You don't have permission to access this page.
 			</div>
 			<div style="font-weight:bold;margin:10px;">
-				<a href="<?php echo $CLIENT_ROOT; ?>/index.php">Return to index page</a>
+				<a href="<?php echo htmlspecialchars($CLIENT_ROOT, HTML_SPECIAL_CHARS_FLAGS); ?>/index.php">Return to index page</a>
 			</div>
 		</div>
 		<?php

admin/portalindex.php

@@ -16,10 +16,10 @@
 $isEditor = 0;
 if($IS_ADMIN) $isEditor = 1;
 ?>
-<html>
+<html lang="en">
 	<head>
 		<title><?php echo $DEFAULT_TITLE; ?> Portal Index Control Panel</title>
-		<link href="<?php echo $CSS_BASE_PATH; ?>/jquery-ui.css" type="text/css" rel="stylesheet">
+		<link href="<?php echo htmlspecialchars($CSS_BASE_PATH, HTML_SPECIAL_CHARS_FLAGS); ?>/jquery-ui.css" type="text/css" rel="stylesheet">
 		<?php
 		include_once($SERVER_ROOT.'/includes/head.php');
 		?>
@@ -62,8 +62,8 @@ function validateHandshakeForm(f){
 					echo '<fieldset>';
 					echo '<legend>Action Panel</legend>';
 					if($formSubmit == 'importProfile'){
-						if($collid = $portalManager->importProfile($portalID, $remoteID)) echo '<div><a href="../collections/misc/collprofiles.php?collid='.$collid.'" target="_blank">New snapshot collection created</a></div>';
-						else echo '<div>failed to insert new collections: '.$portalManager->getErrorMessage().'</div>';
+						if($collid = $portalManager->importProfile($portalID, $remoteID)) echo '<div><a href="../collections/misc/collprofiles.php?collid=' . htmlspecialchars($collid, HTML_SPECIAL_CHARS_FLAGS) . '" target="_blank">New snapshot collection created</a></div>';
+						else echo '<div>failed to insert new collections: ' . $portalManager->getErrorMessage() . '</div>';
 					}
 					elseif($formSubmit == 'initiateHandshake'){
 						if($resArr = $portalManager->initiateHandshake($remotePath)){
@@ -89,7 +89,7 @@ function validateHandshakeForm(f){
 						<div class="handshake-div"><a href="#" onclick="$('.handshake-div').toggle(); return false;">Initiate Handshake with External Portal</a></div>
 						<div class="handshake-div" style="display:none">
 							<form action="portalindex.php" method="post" onsubmit="return validateHandshakeForm(this)">
-								<div class="field-row"><label>Path to Remote Portal:</label> <input name="remotePath" type="text" value="<?php echo $remotePath; ?>" style="width: 500px" /></div>
+								<div class="field-row"><label for="remotePath">Path to Remote Portal</label> <input name="remotePath" id="remotePath" type="text" value="<?php echo $remotePath; ?>" style="width: 500px" /></div>
 								<div class="field-row"><button name="formsubmit" type="submit" value="initiateHandshake">Initiate Handshake</button></div>
 							</form>
 						</div>
@@ -108,7 +108,7 @@ function validateHandshakeForm(f){
 								$href = '';
 								if($fieldName=='urlRoot') $href = $fieldValue;
 								elseif($fieldName=='guid') $href = $portalArr['urlRoot'].'/api/v2/installation/ping';
-								if($href) echo '<a href="'.$href.'" target="_blank">';
+								if($href) echo '<a href="' . htmlspecialchars($href, HTML_SPECIAL_CHARS_FLAGS) . '" target="_blank">';
 								echo $fieldValue;
 								if($href) echo '</a>';
 								echo '</div>';
@@ -130,7 +130,7 @@ function validateHandshakeForm(f){
 								}
 							}
 							$remoteUrl = $portalArr['urlRoot'].'/collections/misc/collprofiles.php?collid='.$remoteCollid;
-							echo '<div><label>Remote collection</label>: <a href="'.$remoteUrl.'" target="_blank">'.$remoteUrl.'</a></div>';
+							echo '<div><label>Remote collection</label>: <a href="' . htmlspecialchars($remoteUrl, HTML_SPECIAL_CHARS_FLAGS) . '" target="_blank">' . htmlspecialchars($remoteUrl, HTML_SPECIAL_CHARS_FLAGS) . '</a></div>';
 							if($internalArr){
 								echo '<fieldset>';
 								echo '<legend>Internally Mapped Snapshot Collection</legend>';
@@ -139,7 +139,7 @@ function validateHandshakeForm(f){
 									echo '<div><label>Specimen count</label>: '.number_format($intArr['recordCnt']).'</div>';
 									echo '<div><label>Refresh date</label>: '.$intArr['uploadDate'].'</div>';
 									$internalUrl = $CLIENT_ROOT.'/collections/misc/collprofiles.php?collid='.$collid;
-									echo '<div><label>Internal collection</label>: <a href="'.$internalUrl.'" target="_blank">'.$internalUrl.'</a></div>';
+									echo '<div><label>Internal collection</label>: <a href="' . htmlspecialchars($internalUrl, HTML_SPECIAL_CHARS_FLAGS) . '" target="_blank">' . htmlspecialchars($internalUrl, HTML_SPECIAL_CHARS_FLAGS) . '</a></div>';
 									if($importProfile = $portalManager->getDataImportProfile($collid)){
 										foreach($importProfile as $uspid => $profileArr){
 											echo '<hr/>';
@@ -148,8 +148,8 @@ function validateHandshakeForm(f){
 											echo '<div><label>Path</label>: '.$profileArr['path'].'</div>';
 											echo '<div><label>Query string</label>: '.$profileArr['queryStr'].'</div>';
 											echo '<div><label>Stored procedure (cleaning)</label>: '.$profileArr['cleanUpSp'].'</div>';
-											echo '<div>Display all <a href="../collections/admin/specuploadmanagement.php?collid='.$collid.'" target="_blank">Import Profiles</a></div>';
-											echo '<div>Initiate <a href="../collections/admin/specuploadmap.php?uploadtype=13&uspid='.$uspid.'&collid='.$collid.'" target="_blank">Data Import</a></div>';
+											echo '<div>Display all <a href="../collections/admin/specuploadmanagement.php?collid=' . htmlspecialchars($collid, HTML_SPECIAL_CHARS_FLAGS) . '" target="_blank">Import Profiles</a></div>';
+											echo '<div>Initiate <a href="../collections/admin/specuploadmap.php?uploadtype=13&uspid=' . htmlspecialchars($uspid, HTML_SPECIAL_CHARS_FLAGS) . '&collid=' . htmlspecialchars($collid, HTML_SPECIAL_CHARS_FLAGS) . '" target="_blank">Data Import</a></div>';
 											echo '</div>';
 										}
 									}
@@ -176,14 +176,14 @@ function validateHandshakeForm(f){
 								echo '<tr><th>ID</th><th>Institution Code</th><th>Collection Code</th><th>Collection Name</th><th>Dataset Type</th><th>Management</th><th>Mapped Internally</th></tr>';
 								foreach($collList as $collArr){
 									echo '<tr>';
-									echo '<td><a href="portalindex.php?portalid='.$portalID.'&remoteid='.$collArr['collID'].'">'.$collArr['collID'].'</a></td>';
+									echo '<td><a href="portalindex.php?portalid=' . htmlspecialchars($portalID, HTML_SPECIAL_CHARS_FLAGS) . '&remoteid=' . htmlspecialchars($collArr['collID'], HTML_SPECIAL_CHARS_FLAGS) . '">' . htmlspecialchars($collArr['collID'], HTML_SPECIAL_CHARS_FLAGS) . '</a></td>';
 									echo '<td>'.$collArr['institutionCode'].'</td>';
 									echo '<td>'.$collArr['collectionCode'].'</td>';
 									echo '<td>'.$collArr['collectionName'].'</td>';
 									echo '<td>'.$collArr['collType'].'</td>';
 									echo '<td>'.$collArr['managementType'].'</td>';
 									if(isset($collArr['internal']) && $collArr['internal'])
-										$internal = '<a href="'.$CLIENT_ROOT.'/collections/misc/collprofiles.php?collid='.key($collArr['internal']).'" target="_blank">Yes</a>';
+										$internal = '<a href="' . htmlspecialchars($CLIENT_ROOT, HTML_SPECIAL_CHARS_FLAGS) . '/collections/misc/collprofiles.php?collid=' . htmlspecialchars(key($collArr['internal']), HTML_SPECIAL_CHARS_FLAGS) . '" target="_blank">Yes</a>';
 									else $internal = 'No';
 									echo '<td>'.$internal.'</td>';
 									echo '</tr>';
@@ -215,4 +215,4 @@ function validateHandshakeForm(f){
 		include($SERVER_ROOT.'/includes/footer.php');
 		?>
 	</body>
-</html>
+</html>

admin/schemamanager.php

@@ -18,7 +18,7 @@
 //if(!$IS_ADMIN && $curentVersion) header('Location: ../profile/index.php?refurl=../admin/schemamanager.php');
 $IS_ADMIN = true;
 ?>
-<html>
+<html lang="en">
 	<head>
 		<title>Database Schema Manager</title>
 		<?php
@@ -97,12 +97,12 @@
 							</select>
 						</div>
 						<div class="form-section">
-							<label>Username:</label>
-							<input name="username" type="text" value="<?php echo $username; ?>" required autocomplete="off">
+							<label for="username">Username: </label>
+							<input id="username" name="username" type="text" value="<?php echo $username; ?>" required autocomplete="off">
 						</div>
 						<div class="form-section">
-							<label>Password: </label>
-							<input name="password" type="password" value="" required autocomplete="off">
+							<label for="password">Password: </label>
+							<input id="password" name="password" type="password" value="" required autocomplete="off">
 						</div>
 						<div class="form-section">
 							<label>Host:</label>

agents/agent.php

@@ -137,7 +137,7 @@ function deliverRdfXml() {
 function pageheader($agent) {
    global $SERVER_ROOT, $DEFAULT_TITLE, $spDisplay, $CLIENT_ROOT, $agent_indexCrumbs, $charset;
 echo '<!DOCTYPE HTML>
-<html>
+<html lang="en">
 <head>
 	<title>'.$DEFAULT_TITLE.' - '.$spDisplay. '</title>
 	<meta http-equiv="Content-Type" content="text/html; charset=<?php echo $CHARSET; ?>"/>

agents/index.php

@@ -48,7 +48,8 @@ function searchform($name="") {
    global $CLIENT_ROOT;
    $result  = "<div id='formDiv'>";
    $result .= "<form method='GET' id='queryForm' style='display:inline;' >\n";
-   $result .= "<input type='text' name='name' value='$name'>";
+   $result .= "<label for='name'>Name</label>";
+   $result .= "<input type='text' id='name' name='name' value='$name'>";
    $result .= "<input type='submit'>";
    $result .= "</form>\n";
    $result .= "<span id='plinkSpan'></span></div>\n";
@@ -64,7 +65,7 @@ function searchform($name="") {
          success: function( data ) {
             $("#responseDiv").html(data);
             $("#loadedWithPage").html("");
-            var permalink = "&nbsp;<a href=\''.$CLIENT_ROOT.'/agents/index.php?" + frm.serialize() +"\'>Permalink</a>";
+            var permalink = "&nbsp;<a href=\'' . htmlspecialchars($CLIENT_ROOT, HTML_SPECIAL_CHARS_FLAGS) . '/agents/index.php?" + frm.serialize() +"\'>Permalink</a>";
             $("#plinkSpan").html(permalink);
          },
          error: function( xhr, status, errorThrown ) {
@@ -90,7 +91,7 @@ function searchform($name="") {
 function pageheader($name) {
    global $SERVER_ROOT, $DEFAULT_TITLE, $spDisplay, $CLIENT_ROOT, $agents_indexMenu, $agents_indexCrumbs;
 echo '<!DOCTYPE HTML>
-<html>
+<html lang="en">
 <head>
 	<title>'.$DEFAULT_TITLE.' - '.$spDisplay. '</title>
 	<meta http-equiv="Content-Type" content="text/html; charset=<?php echo $CHARSET; ?>"/>

agents/rpc/index.php

@@ -22,7 +22,7 @@
 				You don't have permission to access this page.
 			</div>
 			<div style="font-weight:bold;margin:10px;">
-				<a href="<?php echo $CLIENT_ROOT; ?>/index.php">Return to index page</a>
+				<a href="<?php echo htmlspecialchars($CLIENT_ROOT, HTML_SPECIAL_CHARS_FLAGS); ?>/index.php">Return to index page</a>
 			</div>
 		</div>
 		<?php