diff --git a/gulliver/system/class.g.php b/gulliver/system/class.g.php index 201409e23..846fbd558 100755 --- a/gulliver/system/class.g.php +++ b/gulliver/system/class.g.php @@ -2634,6 +2634,20 @@ class G $oldumask = umask( 0 ); if (! is_dir( $path )) { G::verifyPath( $path, true ); + } + + if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') { + $file = str_replace("\\\\","\\",$file,$count); + if(!$count) { + $winPath = explode("\\",$file); + $file = ""; + foreach($winPath as $k => $v){ + if($v != "") { + $file.= $v."\\"; + } + } + $file = substr($file,0,-1); + } } G::LoadSystem('inputfilter'); diff --git a/workflow/engine/classes/class.pmFunctions.php b/workflow/engine/classes/class.pmFunctions.php index 634e9a222..d062d39ea 100755 --- a/workflow/engine/classes/class.pmFunctions.php +++ b/workflow/engine/classes/class.pmFunctions.php @@ -2868,4 +2868,30 @@ function PMFRemoveMask ($field, $separator = '.', $currency = '') $field = floatval(trim($field)); return $field; +} + +/** + *@method + * + * Sends an array of case variables to a specified case. + * + * @name PMFSaveCurrentData + * @label PMF Save Current Data + * + * @return int | $result | Result of send variables | Returns 1 if the variables were sent successfully to the case; otherwise, returns 0 if an error occurred. + * + */ + +function PMFSaveCurrentData () +{ + global $oPMScript; + $result = 0; + + if (isset($_SESSION['APPLICATION']) && isset($oPMScript->aFields)) { + G::LoadClass( 'wsBase' ); + $ws = new wsBase(); + $result = $ws->sendVariables( $_SESSION['APPLICATION'], $oPMScript->aFields ); + } + + return $result; } \ No newline at end of file diff --git a/workflow/engine/classes/class.wsBase.php b/workflow/engine/classes/class.wsBase.php index adc70de71..58dbe0536 100755 --- a/workflow/engine/classes/class.wsBase.php +++ b/workflow/engine/classes/class.wsBase.php @@ -1012,9 +1012,11 @@ class wsBase * * @param string $caseId * @param string $iDelIndex + * @param bool $flagUseDelIndex + * * @return $result will return an object */ - public function getCaseInfo ($caseId, $iDelIndex) + public function getCaseInfo($caseId, $iDelIndex, $flagUseDelIndex = false) { try { $oCase = new Cases(); @@ -1060,7 +1062,12 @@ class wsBase $oCriteria->addSelectColumn(AppDelegationPeer::DEL_INIT_DATE); $oCriteria->addSelectColumn(AppDelegationPeer::DEL_TASK_DUE_DATE); $oCriteria->add( AppDelegationPeer::APP_UID, $caseId ); - $oCriteria->add( AppDelegationPeer::DEL_FINISH_DATE, null, Criteria::ISNULL ); + + if ($flagUseDelIndex) { + $oCriteria->add(AppDelegationPeer::DEL_INDEX, $iDelIndex, Criteria::EQUAL); + } else { + $oCriteria->add(AppDelegationPeer::DEL_FINISH_DATE, null, Criteria::ISNULL); + } $oCriteria->addAscendingOrderByColumn( AppDelegationPeer::DEL_INDEX ); $oDataset = AppDelegationPeer::doSelectRS( $oCriteria ); @@ -3308,3 +3315,4 @@ class wsBase } } } + diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php b/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php index c1ead22e3..6f00f414f 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php @@ -431,40 +431,51 @@ class Cases throw (new \Exception($arrayData)); } } else { + \G::LoadClass("wsBase"); + + //Verify data + $this->throwExceptionIfNotExistsCase($applicationUid, $this->getFieldNameByFormatFieldName("APP_UID")); + $criteria = new \Criteria("workflow"); - $criteria->addSelectColumn(\AppCacheViewPeer::DEL_INDEX); - $criteria->add(\AppCacheViewPeer::USR_UID, $userUid); - $criteria->add(\AppCacheViewPeer::APP_UID, $applicationUid); - $criteria->add( - //ToDo - getToDo() - $criteria->getNewCriterion(\AppCacheViewPeer::APP_STATUS, "TO_DO", \CRITERIA::EQUAL)->addAnd( - $criteria->getNewCriterion(\AppCacheViewPeer::DEL_FINISH_DATE, null, \Criteria::ISNULL))->addAnd( - $criteria->getNewCriterion(\AppCacheViewPeer::APP_THREAD_STATUS, "OPEN"))->addAnd( - $criteria->getNewCriterion(\AppCacheViewPeer::DEL_THREAD_STATUS, "OPEN")) - )->addOr( - //Draft - getDraft() - $criteria->getNewCriterion(\AppCacheViewPeer::APP_STATUS, "DRAFT", \CRITERIA::EQUAL)->addAnd( - $criteria->getNewCriterion(\AppCacheViewPeer::APP_THREAD_STATUS, "OPEN"))->addAnd( - $criteria->getNewCriterion(\AppCacheViewPeer::DEL_THREAD_STATUS, "OPEN")) - ); - $criteria->addDescendingOrderByColumn(\AppCacheViewPeer::APP_NUMBER); - $rsCriteria = \AppCacheViewPeer::doSelectRS($criteria); - $rsCriteria->setFetchmode(\ResultSet::FETCHMODE_ASSOC); - $row["DEL_INDEX"] = ''; - while ($rsCriteria->next()) { - $row = $rsCriteria->getRow(); + + $criteria->addSelectColumn(\AppDelegationPeer::APP_UID); + $criteria->add(\AppDelegationPeer::APP_UID, $applicationUid); + $criteria->add(\AppDelegationPeer::USR_UID, $userUid); + + $rsCriteria = \AppDelegationPeer::doSelectRS($criteria); + + if (!$rsCriteria->next()) { + throw new \Exception(\G::LoadTranslation("ID_NO_PERMISSION_NO_PARTICIPATED")); } - \G::LoadClass('wsBase'); + + //Get data + $arrayStatusInfo = $this->getStatusInfo($applicationUid); + + $applicationStatus = ""; + $delIndex = 0; + $flagUseDelIndex = false; + + if (count($arrayStatusInfo) > 0) { + $applicationStatus = $arrayStatusInfo["APP_STATUS"]; + $delIndex = $arrayStatusInfo["DEL_INDEX"]; + + if (in_array($applicationStatus, array("DRAFT", "PAUSED", "CANCELLED"))) { + $flagUseDelIndex = true; + } + } + $ws = new \wsBase(); - $fields = $ws->getCaseInfo($applicationUid, $row["DEL_INDEX"]); + + $fields = $ws->getCaseInfo($applicationUid, $delIndex, $flagUseDelIndex); $array = json_decode(json_encode($fields), true); + if ($array ["status_code"] != 0) { throw (new \Exception($array ["message"])); } else { $array['app_uid'] = $array['caseId']; $array['app_number'] = $array['caseNumber']; $array['app_name'] = $array['caseName']; - $array['app_status'] = $array['caseStatus']; + $array["app_status"] = ($applicationStatus != "")? $applicationStatus : $array["caseStatus"]; $array['app_init_usr_uid'] = $array['caseCreatorUser']; $array['app_init_usr_username'] = trim($array['caseCreatorUserName']); $array['pro_uid'] = $array['processId']; @@ -472,6 +483,9 @@ class Cases $array['app_create_date'] = $array['createDate']; $array['app_update_date'] = $array['updateDate']; $array['current_task'] = $array['currentUsers']; + + $aCurrent_task = array(); + for ($i = 0; $i<=count($array['current_task'])-1; $i++) { $current_task = $array['current_task'][$i]; $current_task['usr_uid'] = $current_task['userId']; @@ -2217,4 +2231,108 @@ class Cases throw $e; } } + + /** + * Get status info Case + * + * @param string $applicationUid Unique id of Case + * + * return array Return an array with status info Case, array empty otherwise + */ + public function getStatusInfo($applicationUid) + { + try { + //Verify data + $this->throwExceptionIfNotExistsCase($applicationUid, $this->getFieldNameByFormatFieldName("APP_UID")); + + //Get data + //Status is PAUSED + $delimiter = \DBAdapter::getStringDelimiter(); + + $criteria = new \Criteria("workflow"); + + $criteria->addSelectColumn($delimiter . "PAUSED" . $delimiter . " AS APP_STATUS"); + $criteria->addSelectColumn(\AppDelayPeer::APP_DEL_INDEX . " AS DEL_INDEX"); + + $criteria->add(\AppDelayPeer::APP_UID, $applicationUid, \Criteria::EQUAL); + $criteria->add(\AppDelayPeer::APP_TYPE, "PAUSE", \Criteria::EQUAL); + $criteria->add( + $criteria->getNewCriterion(\AppDelayPeer::APP_DISABLE_ACTION_USER, null, \Criteria::ISNULL)->addOr( + $criteria->getNewCriterion(\AppDelayPeer::APP_DISABLE_ACTION_USER, 0, \Criteria::EQUAL)) + ); + + $rsCriteria = \AppDelayPeer::doSelectRS($criteria); + $rsCriteria->setFetchmode(\ResultSet::FETCHMODE_ASSOC); + + if ($rsCriteria->next()) { + $row = $rsCriteria->getRow(); + + //Return + return array("APP_STATUS" => $row["APP_STATUS"], "DEL_INDEX" => $row["DEL_INDEX"]); + } + + //Status is TO_DO, DRAFT + $criteria = new \Criteria("workflow"); + + $criteria->addSelectColumn(\ApplicationPeer::APP_STATUS); + $criteria->addSelectColumn(\AppDelegationPeer::DEL_INDEX); + + $arrayCondition = array(); + $arrayCondition[] = array(\ApplicationPeer::APP_UID, \AppDelegationPeer::APP_UID, \Criteria::EQUAL); + $arrayCondition[] = array(\ApplicationPeer::APP_UID, \AppThreadPeer::APP_UID, \Criteria::EQUAL); + $arrayCondition[] = array(\ApplicationPeer::APP_UID, $delimiter . $applicationUid . $delimiter, \Criteria::EQUAL); + $criteria->addJoinMC($arrayCondition, \Criteria::LEFT_JOIN); + + $criteria->add( + $criteria->getNewCriterion(\ApplicationPeer::APP_STATUS, "TO_DO", \Criteria::EQUAL)->addAnd( + $criteria->getNewCriterion(\AppDelegationPeer::DEL_FINISH_DATE, null, \Criteria::ISNULL))->addAnd( + $criteria->getNewCriterion(\AppDelegationPeer::DEL_THREAD_STATUS, "OPEN"))->addAnd( + $criteria->getNewCriterion(\AppThreadPeer::APP_THREAD_STATUS, "OPEN")) + )->addOr( + $criteria->getNewCriterion(\ApplicationPeer::APP_STATUS, "DRAFT", \Criteria::EQUAL)->addAnd( + $criteria->getNewCriterion(\AppDelegationPeer::DEL_THREAD_STATUS, "OPEN"))->addAnd( + $criteria->getNewCriterion(\AppThreadPeer::APP_THREAD_STATUS, "OPEN")) + ); + + $rsCriteria = \ApplicationPeer::doSelectRS($criteria); + $rsCriteria->setFetchmode(\ResultSet::FETCHMODE_ASSOC); + + if ($rsCriteria->next()) { + $row = $rsCriteria->getRow(); + + //Return + return array("APP_STATUS" => $row["APP_STATUS"], "DEL_INDEX" => $row["DEL_INDEX"]); + } + + //Status is CANCELLED, COMPLETED + $criteria = new \Criteria("workflow"); + + $criteria->addSelectColumn(\ApplicationPeer::APP_STATUS); + $criteria->addSelectColumn(\AppDelegationPeer::DEL_INDEX); + + $arrayCondition = array(); + $arrayCondition[] = array(\ApplicationPeer::APP_UID, \AppDelegationPeer::APP_UID, \Criteria::EQUAL); + $arrayCondition[] = array(\ApplicationPeer::APP_UID, $delimiter . $applicationUid . $delimiter, \Criteria::EQUAL); + $criteria->addJoinMC($arrayCondition, \Criteria::LEFT_JOIN); + + $criteria->add(\ApplicationPeer::APP_STATUS, array("CANCELLED", "COMPLETED"), \Criteria::IN); + $criteria->add(\AppDelegationPeer::DEL_LAST_INDEX, 1, \Criteria::EQUAL); + + $rsCriteria = \ApplicationPeer::doSelectRS($criteria); + $rsCriteria->setFetchmode(\ResultSet::FETCHMODE_ASSOC); + + if ($rsCriteria->next()) { + $row = $rsCriteria->getRow(); + + //Return + return array("APP_STATUS" => $row["APP_STATUS"], "DEL_INDEX" => $row["DEL_INDEX"]); + } + + //Return + return array(); + } catch (\Exception $e) { + throw $e; + } + } } + diff --git a/workflow/engine/src/ProcessMaker/Services/Api/Cases.php b/workflow/engine/src/ProcessMaker/Services/Api/Cases.php index f90643fee..00c92a0f6 100644 --- a/workflow/engine/src/ProcessMaker/Services/Api/Cases.php +++ b/workflow/engine/src/ProcessMaker/Services/Api/Cases.php @@ -599,12 +599,12 @@ class Cases extends Api public function doGetCaseInfo($app_uid) { try { - $userUid = $this->getUserId(); - $cases = new \ProcessMaker\BusinessModel\Cases(); - $oData = $cases->getCaseInfo($app_uid, $userUid); - return $oData; + $case = new \ProcessMaker\BusinessModel\Cases(); + $case->setFormatFieldNameInUppercase(false); + + return $case->getCaseInfo($app_uid, $this->getUserId()); } catch (\Exception $e) { - throw (new RestException(Api::STAT_APP_EXCEPTION, $e->getMessage())); + throw new RestException(Api::STAT_APP_EXCEPTION, $e->getMessage()); } } diff --git a/workflow/engine/src/ProcessMaker/Services/OAuth2/Server.php b/workflow/engine/src/ProcessMaker/Services/OAuth2/Server.php index 9a85d0a5a..9c74bd208 100644 --- a/workflow/engine/src/ProcessMaker/Services/OAuth2/Server.php +++ b/workflow/engine/src/ProcessMaker/Services/OAuth2/Server.php @@ -204,7 +204,7 @@ class Server implements iAuthenticate $clientId = $_GET['client_id']; $requestedScope = isset($_GET['scope']) ? $_GET['scope'] : '*'; $requestedScope = empty($requestedScope) ? array() : explode(' ', $requestedScope); - $client = $this->storage->getClientDetails($clientId);; + $client = $this->storage->getClientDetails($clientId); if (empty($client)) { // throw error, client does not exist. @@ -309,7 +309,17 @@ class Server implements iAuthenticate if ($returnResponse) { return $response; } else { - $response->send(); + if ($response->getStatusCode() == 400) { + $msg = $response->getParameter("error_description", ""); + $msg = ($msg != "")? $msg : $response->getParameter("error", ""); + + $rest = new \Maveriks\Extension\Restler(); + $rest->setMessage(new \Luracast\Restler\RestException(\ProcessMaker\Services\Api::STAT_APP_EXCEPTION, $msg)); + + exit(0); + } else { + $response->send(); + } } } diff --git a/workflow/public_html/bootstrap.php b/workflow/public_html/bootstrap.php index cb9447084..1079ce04a 100755 --- a/workflow/public_html/bootstrap.php +++ b/workflow/public_html/bootstrap.php @@ -318,7 +318,8 @@ if ( defined('SYS_TEMP') && SYS_TEMP != '') { //this is the default, the workspace db.php file is in /shared/workflow/sites/SYS_SYS if ( file_exists( PATH_DB . SYS_TEMP . '/db.php' ) ) { - require_once( PATH_DB . SYS_TEMP . '/db.php' ); + $pathFile = $filter->validateInput(PATH_DB . SYS_TEMP . '/db.php','path'); + require_once( $pathFile ); define ( 'SYS_SYS' , SYS_TEMP ); // defining constant for workspace shared directory @@ -348,7 +349,8 @@ else{ if (substr(SYS_SKIN, 0, 2) === 'ux' && SYS_TARGET != 'sysLoginVerify') { // new ux sysLogin - extjs based form - require_once PATH_CONTROLLERS . 'main.php'; + $pathFile = $filter->validateInput(PATH_CONTROLLERS . 'main.php','path'); + require_once $pathFile; $controllerClass = 'Main'; $controllerAction = SYS_TARGET == 'sysLoginVerify' ? SYS_TARGET : 'sysLogin'; //if the method exists @@ -552,7 +554,8 @@ //erik: verify if it is a Controller Class or httpProxyController Class if (is_file(PATH_CONTROLLERS . SYS_COLLECTION . '.php')) { - require_once PATH_CONTROLLERS . SYS_COLLECTION . '.php'; + $pathFile = $filter->validateInput(PATH_CONTROLLERS . SYS_COLLECTION . '.php','path'); + require_once $pathFile; $controllerClass = SYS_COLLECTION; //if the method name is empty set default to index method $controllerAction = SYS_TARGET != '' ? SYS_TARGET : 'index'; diff --git a/workflow/public_html/images/PowerdbyProcessMaker.png b/workflow/public_html/images/PowerdbyProcessMaker.png index 02372534c..5622d22a9 100755 Binary files a/workflow/public_html/images/PowerdbyProcessMaker.png and b/workflow/public_html/images/PowerdbyProcessMaker.png differ diff --git a/workflow/public_html/images/get_started.png b/workflow/public_html/images/get_started.png index 0640226d7..64b93fecf 100755 Binary files a/workflow/public_html/images/get_started.png and b/workflow/public_html/images/get_started.png differ diff --git a/workflow/public_html/images/pm.gif b/workflow/public_html/images/pm.gif index d2735ed21..9528d38a0 100755 Binary files a/workflow/public_html/images/pm.gif and b/workflow/public_html/images/pm.gif differ diff --git a/workflow/public_html/images/processmaker.logo.jpg b/workflow/public_html/images/processmaker.logo.jpg index e3a200330..9d028cf3e 100755 Binary files a/workflow/public_html/images/processmaker.logo.jpg and b/workflow/public_html/images/processmaker.logo.jpg differ diff --git a/workflow/public_html/images/processmaker.logo.png b/workflow/public_html/images/processmaker.logo.png index 808819cdc..33d531a98 100644 Binary files a/workflow/public_html/images/processmaker.logo.png and b/workflow/public_html/images/processmaker.logo.png differ diff --git a/workflow/public_html/sysGeneric.php b/workflow/public_html/sysGeneric.php index e93105a23..9f693cd98 100755 --- a/workflow/public_html/sysGeneric.php +++ b/workflow/public_html/sysGeneric.php @@ -340,6 +340,9 @@ Bootstrap::LoadThirdParty("smarty/libs", "Smarty.class"); //Loading the autoloader libraries feature Bootstrap::registerSystemClasses(); +//Load filter class +G::LoadSystem('inputfilter'); +$filter = new InputFilter(); $skinPathErrors = G::skinGetPathToSrcByVirtualUri("errors", $config); $skinPathUpdate = G::skinGetPathToSrcByVirtualUri("update", $config); @@ -373,10 +376,6 @@ $virtualURITable['/skins/(*)'] = PATH_HTML . 'skins/'; //ugly $virtualURITable['/images/(*)'] = PATH_HTML . 'images/'; //ugly $virtualURITable['/[a-zA-Z][a-zA-Z0-9]{0,}/'] = 'errorFile'; -//Load filter class -G::LoadSystem('inputfilter'); -$filter = new InputFilter(); - // Verify if we need to redirect or stream the file, if G:VirtualURI returns true means we are going to redirect the page if (Bootstrap::virtualURI( $_SERVER['REQUEST_URI'], $virtualURITable, $realPath )) { // review if the file requested belongs to public_html plugin @@ -489,8 +488,9 @@ if (defined( 'PATH_DATA' ) && file_exists( PATH_DATA )) { Bootstrap::LoadClass( 'serverConfiguration' ); $oServerConf = & serverConf::getSingleton(); } - -require_once PATH_THIRDPARTY . '/pear/PEAR.php'; +$pathFile = PATH_THIRDPARTY . '/pear/PEAR.php'; +$pathFile = $filter->validateInput($pathFile,'path'); +require_once $pathFile; //Bootstrap::LoadSystem( 'pmException' ); @@ -504,7 +504,9 @@ if (! defined( 'PATH_DATA' ) || ! file_exists( PATH_DATA )) { define( 'PATH_DATA', PATH_C ); //NewRelic Snippet - By JHL transactionLog(PATH_CONTROLLERS.'installer.php'); - require_once (PATH_CONTROLLERS . 'installer.php'); + $pathFile = PATH_CONTROLLERS . 'installer.php'; + $pathFile = $filter->validateInput($pathFile,'path'); + require_once ($pathFile); $controller = 'Installer'; // if the method name is empty set default to index method @@ -548,8 +550,10 @@ if ($oServerConf->isWSDisabled( SYS_TEMP )) { // if SYS_TEMP exists, the URL has a workspace, now we need to verify if exists their db.php file if (defined( 'SYS_TEMP' ) && SYS_TEMP != '') { //this is the default, the workspace db.php file is in /shared/workflow/sites/SYS_SYS - if (file_exists( PATH_DB . SYS_TEMP . '/db.php' )) { - require_once (PATH_DB . SYS_TEMP . '/db.php'); + $pathFile = PATH_DB . SYS_TEMP . '/db.php'; + $pathFile = $filter->validateInput($pathFile,'path'); + if (file_exists( $pathFile )) { + require_once ($pathFile); define( 'SYS_SYS', SYS_TEMP ); // defining constant for workspace shared directory @@ -575,11 +579,14 @@ if (defined( 'SYS_TEMP' ) && SYS_TEMP != '') { die(); } else { if (SYS_TARGET == "dbInfo") { //Show dbInfo when no SYS_SYS - require_once (PATH_METHODS . "login/dbInfo.php"); + $pathFile = PATH_METHODS . "login/dbInfo.php"; + $pathFile = $filter->validateInput($pathFile,'path'); + require_once ($pathFile); } else { if (substr( SYS_SKIN, 0, 2 ) === 'ux' && SYS_TARGET != 'sysLoginVerify') { // new ux sysLogin - extjs based form - require_once PATH_CONTROLLERS . 'main.php'; + $pathFile = $filter->validateInput(PATH_CONTROLLERS . 'main.php','path'); + require_once $pathFile; $controllerClass = 'Main'; $controllerAction = SYS_TARGET == 'sysLoginVerify' ? SYS_TARGET : 'sysLogin'; //if the method exists @@ -590,7 +597,8 @@ if (defined( 'SYS_TEMP' ) && SYS_TEMP != '') { $controller->call( $controllerAction ); } } else { // classic sysLogin interface - require_once (PATH_METHODS . "login/sysLogin.php"); + $pathFile = $filter->validateInput(PATH_METHODS . "login/sysLogin.php",'path'); + require_once ($pathFile); die(); } } @@ -684,13 +692,15 @@ ob_start(); // Rebuild the base Workflow translations if not exists if (! is_file( PATH_LANGUAGECONT . 'translation.en' )) { - require_once ("classes/model/Translation.php"); + $pathFile = $filter->validateInput("classes/model/Translation.php",'path'); + require_once ($pathFile); $fields = Translation::generateFileTranslation( 'en' ); } // TODO: Verify if the language set into url is defined in translations env. if (SYS_LANG != 'en' && ! is_file( PATH_LANGUAGECONT . 'translation.' . SYS_LANG )) { - require_once ("classes/model/Translation.php"); + $pathFile = $filter->validateInput("classes/model/Translation.php",'path'); + require_once ($pathFile); $fields = Translation::generateFileTranslation( SYS_LANG ); } @@ -760,7 +770,8 @@ if (substr( SYS_COLLECTION, 0, 8 ) === 'gulliver') { //erik: verify if it is a Controller Class or httpProxyController Class if (is_file( PATH_CONTROLLERS . SYS_COLLECTION . '.php' )) { Bootstrap::LoadSystem( 'controller' ); - require_once PATH_CONTROLLERS . SYS_COLLECTION . '.php'; + $pathFile = $filter->validateInput(PATH_CONTROLLERS . SYS_COLLECTION . '.php','path'); + require_once $pathFile; $controllerClass = SYS_COLLECTION; //if the method name is empty set default to index method $controllerAction = SYS_TARGET != '' ? SYS_TARGET : 'index'; @@ -913,7 +924,8 @@ if (! defined( 'EXECUTE_BY_CRON' )) { Bootstrap::LoadClass( 'sessions' ); $oSessions = new Sessions(); if ($aSession = $oSessions->verifySession( $_GET['sid'] )) { - require_once 'classes/model/Users.php'; + $pathFile = $filter->validateInput('classes/model/Users.php','path'); + require_once $pathFile; $oUser = new Users(); $aUser = $oUser->load( $aSession['USR_UID'] ); $_SESSION['USER_LOGGED'] = $aUser['USR_UID'];