From 5d1b73e300e67fcc6812ce4bd4388e5aee2c59fd Mon Sep 17 00:00:00 2001 From: "marcelo.cuiza" Date: Fri, 27 Mar 2015 10:22:22 -0400 Subject: [PATCH 1/6] Cambios en class.inputfilter.php --- gulliver/system/class.inputfilter.php | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/gulliver/system/class.inputfilter.php b/gulliver/system/class.inputfilter.php index 87c790a7c..780c461fa 100644 --- a/gulliver/system/class.inputfilter.php +++ b/gulliver/system/class.inputfilter.php @@ -413,7 +413,7 @@ class InputFilter * @author Marcelo Cuiza * @access protected * @param Array or String $input - * @param String $type + * @param String $type (url) * @return Array or String $input */ function xssFilterHard($input, $type = "") @@ -514,7 +514,7 @@ class InputFilter * @param Array $values * @return String $query */ - function preventSqlInjection($query, $values = Array(), &$con = NULL) + function preventSqlInjection($query, $values = Array(), $con = NULL) { if(is_array($values) && sizeof($values)) { foreach($values as $k1 => $val1) { @@ -535,12 +535,12 @@ class InputFilter } /** - * Internal method: protect against SQL injenction + * Internal method: validate user input * @author Marcelo Cuiza * @access protected - * @param String $value - * @param String or Array $types - * @param String $valType + * @param String $value (required) + * @param Array or String $types ( string | int | float | boolean | path | nosql ) + * @param String $valType ( validate | sanitize ) * @return String $value */ function validateInput($value, $types = 'string', $valType = 'sanitize') @@ -585,7 +585,7 @@ class InputFilter $value = (boolean)filter_var($value, FILTER_VALIDATE_BOOLEAN,FILTER_NULL_ON_FAILURE); break; case 'path': - if(!file_exists($value)) { + if(!file_exists($value) || !is_dir($value)) { $value = ''; } break; @@ -623,7 +623,7 @@ class InputFilter } break; case 'path': - if(!file_exists($value)) { + if(!file_exists($value) || !is_dir($value)) { throw new Exception('not a valid path'); } break; From 8d6d4e596d3115595c155ec8f3444a4113e81b5a Mon Sep 17 00:00:00 2001 From: Brayan Pereyra Date: Fri, 27 Mar 2015 12:22:30 -0400 Subject: [PATCH 2/6] Correccion de contador en APP_CACHE_VIEW --- workflow/engine/classes/model/AppCacheView.php | 1 - 1 file changed, 1 deletion(-) diff --git a/workflow/engine/classes/model/AppCacheView.php b/workflow/engine/classes/model/AppCacheView.php index 4c7da1043..97d24c6fa 100755 --- a/workflow/engine/classes/model/AppCacheView.php +++ b/workflow/engine/classes/model/AppCacheView.php @@ -103,7 +103,6 @@ class AppCacheView extends BaseAppCacheView $criteria->addSelectColumn(AppCacheViewPeer::PRO_UID); $arrayTaskTypeToExclude = array("WEBENTRYEVENT", "END-MESSAGE-EVENT", "START-MESSAGE-EVENT", "INTERMEDIATE-THROW-MESSAGE-EVENT", "INTERMEDIATE-CATCH-MESSAGE-EVENT"); - $criteria->addJoin(AppCacheViewPeer::TAS_UID, TaskPeer::TAS_UID, Criteria::LEFT_JOIN); $criteria->add(TaskPeer::TAS_TYPE, $arrayTaskTypeToExclude, Criteria::NOT_IN); $criteria->add(AppCacheViewPeer::APP_STATUS, "TO_DO", CRITERIA::EQUAL); From 0898b8cc9b8d2bed34589b5bedf0ad2b23498051 Mon Sep 17 00:00:00 2001 From: Brayan Pereyra Date: Fri, 27 Mar 2015 14:24:56 -0400 Subject: [PATCH 3/6] Se adicion la correccion para PARALELOS y SUBPROCESS --- workflow/engine/classes/class.derivation.php | 54 ++++++++++++------- workflow/engine/classes/model/ListMyInbox.php | 5 +- 2 files changed, 38 insertions(+), 21 deletions(-) diff --git a/workflow/engine/classes/class.derivation.php b/workflow/engine/classes/class.derivation.php index 2a2dd14ba..7e81cab80 100755 --- a/workflow/engine/classes/class.derivation.php +++ b/workflow/engine/classes/class.derivation.php @@ -746,31 +746,45 @@ class Derivation } //switch } } + //SETS THE APP_PROC_CODE //if (isset($nextDel['TAS_DEF_PROC_CODE'])) //$appFields['APP_PROC_CODE'] = $nextDel['TAS_DEF_PROC_CODE']; /*----------------------------------********---------------------------------*/ - $taskCur = TaskPeer::retrieveByPK( $nextDel['TAS_UID']); - $aTask = $taskCur->toArray( BasePeer::TYPE_FIELDNAME ); - $arrayTaskTypeToExclude = array("WEBENTRYEVENT", "END-MESSAGE-EVENT", "START-MESSAGE-EVENT", "INTERMEDIATE-THROW-MESSAGE-EVENT", "INTERMEDIATE-CATCH-MESSAGE-EVENT"); - if (!in_array($aTask['TAS_TYPE'], $arrayTaskTypeToExclude)) { - if (!empty($iNewDelIndex) && empty($aSP)) { - $oAppDel = AppDelegationPeer::retrieveByPK( $appFields['APP_UID'], $iNewDelIndex ); - $aFields = $oAppDel->toArray( BasePeer::TYPE_FIELDNAME ); - $aFields['APP_STATUS'] = $currentDelegation['APP_STATUS']; - $aFields['REMOVED_LIST'] = $removeList; - $inbox = new ListInbox(); - $inbox->newRow($aFields, $appFields['CURRENT_USER_UID'], false, array(), ($nextDel['TAS_ASSIGN_TYPE'] == 'SELF_SERVICE' ? true : false)); - $removeList = false; - } - } else { - $oRow = ApplicationPeer::retrieveByPK($appFields['APP_UID']); - $aFields = $oRow->toArray( BasePeer::TYPE_FIELDNAME ); - $users = new Users(); - if ($aFields['APP_STATUS'] == 'DRAFT') { - $users->refreshTotal($appFields['CURRENT_USER_UID'], 'remove', 'draft'); + if ($nextDel['TAS_UID'] != '-1') { + $taskCur = TaskPeer::retrieveByPK($nextDel['TAS_UID']); + $aTask = $taskCur->toArray( BasePeer::TYPE_FIELDNAME ); + $arrayTaskTypeToExclude = array("WEBENTRYEVENT", "END-MESSAGE-EVENT", "START-MESSAGE-EVENT", "INTERMEDIATE-THROW-MESSAGE-EVENT", "INTERMEDIATE-CATCH-MESSAGE-EVENT"); + if (!in_array($aTask['TAS_TYPE'], $arrayTaskTypeToExclude)) { + if (!empty($iNewDelIndex) && empty($aSP)) { + $oAppDel = AppDelegationPeer::retrieveByPK( $appFields['APP_UID'], $iNewDelIndex ); + $aFields = $oAppDel->toArray( BasePeer::TYPE_FIELDNAME ); + $aFields['APP_STATUS'] = $currentDelegation['APP_STATUS']; + $aFields['REMOVED_LIST'] = $removeList; + $inbox = new ListInbox(); + $inbox->newRow($aFields, $appFields['CURRENT_USER_UID'], false, array(), ($nextDel['TAS_ASSIGN_TYPE'] == 'SELF_SERVICE' ? true : false)); + $removeList = false; + } else { + if (empty($aSP)) { + $oRow = ApplicationPeer::retrieveByPK($appFields['APP_UID']); + $aFields = $oRow->toArray( BasePeer::TYPE_FIELDNAME ); + $users = new Users(); + if ($aFields['APP_STATUS'] == 'DRAFT') { + $users->refreshTotal($appFields['CURRENT_USER_UID'], 'remove', 'draft'); + } else { + $users->refreshTotal($appFields['CURRENT_USER_UID'], 'remove', 'inbox'); + } + } + } } else { - $users->refreshTotal($appFields['CURRENT_USER_UID'], 'remove', 'inbox'); + $oRow = ApplicationPeer::retrieveByPK($appFields['APP_UID']); + $aFields = $oRow->toArray( BasePeer::TYPE_FIELDNAME ); + $users = new Users(); + if ($aFields['APP_STATUS'] == 'DRAFT') { + $users->refreshTotal($appFields['CURRENT_USER_UID'], 'remove', 'draft'); + } else { + $users->refreshTotal($appFields['CURRENT_USER_UID'], 'remove', 'inbox'); + } } } /*----------------------------------********---------------------------------*/ diff --git a/workflow/engine/classes/model/ListMyInbox.php b/workflow/engine/classes/model/ListMyInbox.php index 61d90ff37..b2cc4860b 100644 --- a/workflow/engine/classes/model/ListMyInbox.php +++ b/workflow/engine/classes/model/ListMyInbox.php @@ -123,7 +123,10 @@ class ListMyInbox extends BaseListMyInbox if ($data['DEL_INDEX'] == 1 && $data['APP_STATUS'] == 'TO_DO') { $data['APP_CREATE_DATE'] = $data['APP_UPDATE_DATE']; - $this->remove($data['APP_UID'], $data['USR_UID']); + $oCriteria = new Criteria('workflow'); + $oCriteria->add(ListMyInboxPeer::APP_UID, $data['APP_UID']); + $oCriteria->add(ListMyInboxPeer::USR_UID, $data['USR_UID']); + ListMyInboxPeer::doDelete($oCriteria); $this->create($data); } else { unset($data['USR_UID']); From a403a70262ab4d6bf80235459b4e4618aad3517b Mon Sep 17 00:00:00 2001 From: Julio Cesar Laura Date: Fri, 27 Mar 2015 16:05:24 -0400 Subject: [PATCH 4/6] Temporal fix for the class inputfilter --- gulliver/system/class.inputfilter.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gulliver/system/class.inputfilter.php b/gulliver/system/class.inputfilter.php index 780c461fa..0ff8fcb9e 100644 --- a/gulliver/system/class.inputfilter.php +++ b/gulliver/system/class.inputfilter.php @@ -585,7 +585,7 @@ class InputFilter $value = (boolean)filter_var($value, FILTER_VALIDATE_BOOLEAN,FILTER_NULL_ON_FAILURE); break; case 'path': - if(!file_exists($value) || !is_dir($value)) { + if(!file_exists($value)) { $value = ''; } break; @@ -623,7 +623,7 @@ class InputFilter } break; case 'path': - if(!file_exists($value) || !is_dir($value)) { + if(!file_exists($value)) { throw new Exception('not a valid path'); } break; From 50c5d8c43d686f9a90bfdd1e27b5e8787256632d Mon Sep 17 00:00:00 2001 From: Ronald Quenta Date: Fri, 27 Mar 2015 16:29:59 -0400 Subject: [PATCH 5/6] change conters in list --- .../src/ProcessMaker/Services/Api/Light.php | 26 ++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/workflow/engine/src/ProcessMaker/Services/Api/Light.php b/workflow/engine/src/ProcessMaker/Services/Api/Light.php index ea3b3382a..da841a043 100644 --- a/workflow/engine/src/ProcessMaker/Services/Api/Light.php +++ b/workflow/engine/src/ProcessMaker/Services/Api/Light.php @@ -26,14 +26,34 @@ class Light extends Api public function countersCases () { try { - $oMobile = new \ProcessMaker\BusinessModel\Light(); - $counterCase = $oMobile->getCounterCase($this->getUserId()); + $userId = $this->getUserId(); + $lists = new \ProcessMaker\BusinessModel\Lists(); + $response = $lists->getCounters($userId); + $result = $this->parserCountersCases($response); } catch (\Exception $e) { throw (new RestException(Api::STAT_APP_EXCEPTION, $e->getMessage())); } - return $counterCase; + return $result; } + public function parserCountersCases ($data) + { + $structure = array( + "CASES_INBOX" => "toDo", + "CASES_DRAFT" => "draft", + "CASES_CANCELLED" => "cancelled", + "CASES_SENT" => "participated", + "CASES_PAUSED" => "paused", + "CASES_COMPLETED" => "completed", + "CASES_SELFSERVICE" => "unassigned", + ); + $response = array(); + foreach ($data as $counterList) { + $name = $structure[$counterList['item']]; + $response[$name] = $counterList['count']; + } + return $response; + } /** * Get list process start * @return array From bf0ab884a9267f8df43e398fc3d01aa850238e3a Mon Sep 17 00:00:00 2001 From: Brayan Pereyra Date: Fri, 27 Mar 2015 17:26:38 -0400 Subject: [PATCH 6/6] Correccion de error en community --- workflow/engine/classes/model/AppCacheView.php | 3 --- 1 file changed, 3 deletions(-) diff --git a/workflow/engine/classes/model/AppCacheView.php b/workflow/engine/classes/model/AppCacheView.php index 97d24c6fa..71e0be44d 100755 --- a/workflow/engine/classes/model/AppCacheView.php +++ b/workflow/engine/classes/model/AppCacheView.php @@ -102,9 +102,6 @@ class AppCacheView extends BaseAppCacheView $criteria->addSelectColumn(AppCacheViewPeer::TAS_UID); $criteria->addSelectColumn(AppCacheViewPeer::PRO_UID); - $arrayTaskTypeToExclude = array("WEBENTRYEVENT", "END-MESSAGE-EVENT", "START-MESSAGE-EVENT", "INTERMEDIATE-THROW-MESSAGE-EVENT", "INTERMEDIATE-CATCH-MESSAGE-EVENT"); - $criteria->add(TaskPeer::TAS_TYPE, $arrayTaskTypeToExclude, Criteria::NOT_IN); - $criteria->add(AppCacheViewPeer::APP_STATUS, "TO_DO", CRITERIA::EQUAL); if (!empty($userUid)) {