fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merged in release/3.3 (pull request #6574)

Browse Source 
Update with release/3.3

Approved-by: Paula Quispe <paula.quispe@processmaker.com>
Approved-by: Julio Cesar Laura Avendaño <contact@julio-laura.com>
This commit is contained in:
Paula Quispe
2018-07-27 19:53:50 +00:00
committed by Julio Cesar Laura Avendaño
parent 835637973d 47e49c8829
commit 078e6703aa
4 changed files with 58 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
gulliver/system/class.inputfilter.php
View File

@@ -349,15 +349,15 @@ class InputFilter
return $source;
}
/**
* @author Chris Tobin
* @author Daniel Morris
* @access protected
* @param String $source
* @param Resource $connection - An open MySQL connection
* @return String $source
* @todo We need to review this method, because the sended string is unescaped
*/
/**
* @author Chris Tobin
* @author Daniel Morris
* @access protected
* @param String $source
* @param Resource $connection - An open MySQL connection
* @return String $source
* @todo We need to review this method, because the sended string is unescaped
*/
public function escapeString($string, &$connection)
{
return mysqli_real_escape_string($connection, $string);

27
gulliver/system/class.rbac.php
View File

@@ -1316,6 +1316,33 @@ class RBAC
return $this->rolesObj->loadById($rolUid);
}
/**
* Get Role code
*
* @access public
*
* @param string $role
*
* @return string
*/
public function getRoleCodeValid($role)
{
$roleCode = '';
if (!empty($role)) {
if ($this->verifyByCode($role)) {
//If is a valid ROL_CODE
$roleCode = $role;
} else {
//We will to check by ROL_UID
$roleInfo = $this->loadById($role);
$roleCode = !empty($roleInfo['ROL_CODE']) ? $roleInfo['ROL_CODE'] : '';
}
}
return $roleCode;
}
/**
* this function gets the user's roles
*

1
workflow/engine/classes/Applications.php
View File

@@ -51,6 +51,7 @@ class Applications
$limit = (int)$inputFilter->validateInput($limit, 'int');
$search = $inputFilter->escapeUsingConnection($search, $con);
$process = (int)$inputFilter->validateInput($process, 'int');
//$status doesn't require sanitization
$dir = in_array($dir, ['ASC', 'DESC']) ? $dir :'DESC';
$sort = $inputFilter->escapeUsingConnection($sort, $con);

64
workflow/engine/classes/WsBase.php
View File

@@ -1105,7 +1105,7 @@ class WsBase
* @param string dueDate : Optional parameter. The expiration date must be a string in the format "yyyy-mm-dd".
* @param string status : Optional parameter. The user's status, such as "ACTIVE", "INACTIVE" or "VACATION".
*
* @return $result will return an object
* @return object|array
*/
public function createUser(
$userName,
@@ -1142,7 +1142,6 @@ class WsBase
}
$mktimeDueDate = 0;
if (!empty($dueDate) && $dueDate != 'null' && $dueDate) {
if (!preg_match("/^(\d{4})-(\d{2})-(\d{2})$/", $dueDate, $arrayMatch)) {
$result = new WsCreateUserResponse(-1, G::loadTranslation("ID_INVALID_DATA") . " $dueDate", null);
@@ -1172,22 +1171,13 @@ class WsBase
$status = "ACTIVE";
}
$arrayRole = $RBAC->loadById($role);
$strRole = null;
$strRole = $RBAC->getRoleCodeValid($role);
if (empty($strRole)) {
$data = [];
$data["ROLE"] = $role;
$result = new WsCreateUserResponse(6, G::loadTranslation("ID_INVALID_ROLE", SYS_LANG, $data), null);
if (is_array($arrayRole)) {
$strRole = $arrayRole["ROL_CODE"];
} else {
$strRole = $role;
if ($RBAC->verifyByCode($role) == 0) {
$data = [];
$data["ROLE"] = $role;
$result = new WsCreateUserResponse(6, G::loadTranslation("ID_INVALID_ROLE", SYS_LANG, $data), null);
return $result;
}
return $result;
}
if (strlen($password) > 20) {
@@ -1253,12 +1243,12 @@ class WsBase
$res = new WsResponse(0, G::loadTranslation("ID_USER_CREATED_SUCCESSFULLY", SYS_LANG, $data));
$result = array(
$result = [
"status_code" => $res->status_code,
"message" => $res->message,
"userUID" => $userUid,
"timestamp" => $res->timestamp
);
];
return $result;
} catch (Exception $e) {
@@ -1278,12 +1268,11 @@ class WsBase
* @param string email : Optional parameter. The user's email address.
* @param string dueDate : Optional parameter. The expiration date must be a string in the format "yyyy-mm-dd".
* @param string status : Optional parameter. The user's status, such as "ACTIVE", "INACTIVE" or "VACATION".
* @param string role : Optional parameter. The user's role, such
* as "PROCESSMAKER_ADMIN" or "PROCESSMAKER_OPERATOR".
* @param string role : Optional parameter. The user's role, such as "PROCESSMAKER_ADMIN" or "PROCESSMAKER_OPERATOR".
* @param string password : Optional parameter. The user's password such as "Be@gle2" (It will be automatically
* encrypted with an MD5 hash).
* encrypted with an MD5 hash).
*
* @return $result will return an object
* @return object|array
*/
public function updateUser(
$userUid,
@@ -1347,25 +1336,13 @@ class WsBase
}
}
$strRole = null;
$strRole = $RBAC->getRoleCodeValid($role);
if (empty($strRole)) {
$data = [];
$data["ROLE"] = $role;
$result = new WsCreateUserResponse(6, G::loadTranslation("ID_INVALID_ROLE", SYS_LANG, $data), null);
if (!empty($role)) {
$arrayRole = $RBAC->loadById($role);
if (is_array($arrayRole)) {
$strRole = $arrayRole["ROL_CODE"];
} else {
$strRole = $role;
if ($RBAC->verifyByCode($role) == 0) {
$data = [];
$data["ROLE"] = $role;
$result = new WsResponse(6, G::LoadTranslation("ID_INVALID_ROLE", SYS_LANG, $data));
return $result;
}
}
return $result;
}
if (!empty($password) && strlen($password) > 20) {
@@ -1438,11 +1415,12 @@ class WsBase
//Response
$res = new WsResponse(0, G::LoadTranslation("ID_UPDATED_SUCCESSFULLY"));
$result = array(
$result = [
"status_code" => $res->status_code,
"message" => $res->message,
"timestamp" => $res->timestamp
);
];
return $result;
} catch (Exception $e) {