Merged master into dashboards2
This commit is contained in:
Dante Loayza
@@ -451,9 +451,8 @@ class DataBaseMaintenance
|
||||
}
|
||||
|
||||
$sQuery = "LOCK TABLES " . implode( " READ, ", $aTables ) . " READ; ";
|
||||
$sQuery = $filter->preventSqlInjection($sQuery);
|
||||
|
||||
if (@mysql_query( $sQuery )) {
|
||||
if (@mysql_query( $filter->preventSqlInjection($sQuery) )) {
|
||||
echo " [OK]\n";
|
||||
return true;
|
||||
} else {
|
||||
@@ -664,7 +663,7 @@ class DataBaseMaintenance
|
||||
$filter = new InputFilter();
|
||||
$tablename = $filter->validateInput($tablename, 'nosql');
|
||||
$tableSchema = "";
|
||||
$sql = "show create table `%s`; ";
|
||||
$sql = 'show create table `%s`; ';
|
||||
$sql = $filter->preventSqlInjection($sql, array($tablename));
|
||||
$result = @mysql_query( $sql );
|
||||
if ($result) {
|
||||
@@ -713,4 +712,3 @@ $o2->connect();
|
||||
$o2->restoreFromSql('/home/erik/backs/schema_os.sql');
|
||||
$o2->restoreAllData('sql');
|
||||
*/
|
||||
|
||||
|
||||
@@ -310,8 +310,12 @@ class G
|
||||
while (! @is_dir( dirname( end( $folder_path ) ) ) && dirname( end( $folder_path ) ) != '/' && dirname( end( $folder_path ) ) != '.' && dirname( end( $folder_path ) ) != '') {
|
||||
array_push( $folder_path, dirname( end( $folder_path ) ) ); //var_dump($folder_path); die;
|
||||
}
|
||||
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
|
||||
while ($parent_folder_path = array_pop( $folder_path )) {
|
||||
$parent_folder_path = $filter->validateInput($parent_folder_path,"path");
|
||||
if (! @is_dir( $parent_folder_path )) {
|
||||
if (! @mkdir( $parent_folder_path, $rights)) {
|
||||
error_log( "Can't create folder \"$parent_folder_path\"");
|
||||
@@ -2718,6 +2722,12 @@ class G
|
||||
$image = $inputFn( $path );
|
||||
imagecopyresampled( $image_p, $image, 0, 0, 0, 0, $resWidth, $resHeight, $width, $height );
|
||||
$outputFn( $image_p, $saveTo );
|
||||
|
||||
if(!is_null($saveTo)) {
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$saveTo = $filter->validateInput($saveTo, "path");
|
||||
}
|
||||
|
||||
@chmod( $saveTo, 0666 );
|
||||
}
|
||||
@@ -3137,7 +3147,7 @@ class G
|
||||
/*G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$c = $filter->xssFilterHard($c);*/
|
||||
print ("<script language=\"javascript\">{$c}</script>") ;
|
||||
print ('<script language="javascript">'.$c.'</script>') ;
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -96,7 +96,7 @@ class HTMLPurifier_DefinitionCache_Serializer extends HTMLPurifier_DefinitionCac
|
||||
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$file = $filter->validateInput($file,"path");
|
||||
$file = $filter->validateInput($file,'path');
|
||||
|
||||
return unlink($file);
|
||||
}
|
||||
@@ -209,7 +209,7 @@ class HTMLPurifier_DefinitionCache_Serializer extends HTMLPurifier_DefinitionCac
|
||||
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$file = $filter->validateInput($file,"path");
|
||||
$file = $filter->validateInput($file,'path');
|
||||
|
||||
if(is_file($file)) {
|
||||
$result = file_put_contents($file, $data);
|
||||
|
||||
@@ -102,8 +102,7 @@ class PgSQLTableInfo extends TableInfo {
|
||||
WHERE att.attrelid = %d AND att.attnum > 0
|
||||
AND att.attisdropped IS FALSE
|
||||
ORDER BY att.attnum";
|
||||
$query = $filter->preventSqlInjection($query);
|
||||
$result = pg_query ($this->conn->getResource(), sprintf ($query, $this->oid));
|
||||
$result = pg_query ($this->conn->getResource(), sprintf ($filter->preventSqlInjection($query), $this->oid));
|
||||
|
||||
if (!$result) {
|
||||
throw new SQLException("Could not list fields for table: " . $this->name, pg_last_error($this->conn->getResource()));
|
||||
@@ -238,8 +237,7 @@ class PgSQLTableInfo extends TableInfo {
|
||||
d.typtype = 'd'
|
||||
AND d.typname = '%s'
|
||||
ORDER BY d.typname";
|
||||
$query = $filter->preventSqlInjection($query);
|
||||
$result = pg_query ($this->conn->getResource(), sprintf ($query, $strDomain));
|
||||
$result = pg_query ($this->conn->getResource(), sprintf ($filter->preventSqlInjection($query), $strDomain));
|
||||
|
||||
if (!$result) {
|
||||
throw new SQLException("Query for domain [" . $strDomain . "] failed.", pg_last_error($this->conn->getResource()));
|
||||
@@ -297,8 +295,7 @@ class PgSQLTableInfo extends TableInfo {
|
||||
AND a2.attnum = ct.conkey[1]
|
||||
AND a1.attnum = ct.confkey[1]
|
||||
ORDER BY conname";
|
||||
$query = $filter->preventSqlInjection($query);
|
||||
$result = pg_query ($this->conn->getResource(), sprintf ($query, $this->oid));
|
||||
$result = pg_query ($this->conn->getResource(), sprintf ($filter->preventSqlInjection($query), $this->oid));
|
||||
if (!$result) {
|
||||
throw new SQLException("Could not list foreign keys for table: " . $this->name, pg_last_error($this->conn->getResource()));
|
||||
}
|
||||
@@ -384,8 +381,7 @@ class PgSQLTableInfo extends TableInfo {
|
||||
JOIN pg_class cls ON cls.oid=indexrelid
|
||||
WHERE indrelid = %d AND NOT indisprimary
|
||||
ORDER BY cls.relname";
|
||||
$query = $filter->preventSqlInjection($query);
|
||||
$result = pg_query ($this->conn->getResource(), sprintf ($query, $this->oid));
|
||||
$result = pg_query ($this->conn->getResource(), sprintf ($filter->preventSqlInjection($query), $this->oid));
|
||||
|
||||
|
||||
if (!$result) {
|
||||
@@ -417,8 +413,7 @@ class PgSQLTableInfo extends TableInfo {
|
||||
FROM pg_catalog.pg_class c JOIN pg_catalog.pg_attribute a ON a.attrelid = c.oid
|
||||
WHERE c.oid = '%s' AND a.attnum = %d AND NOT a.attisdropped
|
||||
ORDER BY a.attnum";
|
||||
$query = $filter->preventSqlInjection($query);
|
||||
$result2 = pg_query ($this->conn->getResource(), sprintf ($query, $this->oid, $intColNum));
|
||||
$result2 = pg_query ($this->conn->getResource(), sprintf ($filter->preventSqlInjection($query), $this->oid, $intColNum));
|
||||
if (!$result2)
|
||||
{
|
||||
throw new SQLException("Could not list indexes keys for table: " . $this->name, pg_last_error($this->conn->getResource()));
|
||||
@@ -461,8 +456,7 @@ class PgSQLTableInfo extends TableInfo {
|
||||
JOIN pg_class cls ON cls.oid=indexrelid
|
||||
WHERE indrelid = %s AND indisprimary
|
||||
ORDER BY cls.relname";
|
||||
$query = $filter->preventSqlInjection($query);
|
||||
$result = pg_query($this->conn->getResource(), sprintf ($query, $this->oid));
|
||||
$result = pg_query($this->conn->getResource(), sprintf ($filter->preventSqlInjection($query), $this->oid));
|
||||
if (!$result) {
|
||||
throw new SQLException("Could not list primary keys for table: " . $this->name, pg_last_error($this->conn->getResource()));
|
||||
}
|
||||
@@ -491,8 +485,7 @@ class PgSQLTableInfo extends TableInfo {
|
||||
FROM pg_catalog.pg_class c JOIN pg_catalog.pg_attribute a ON a.attrelid = c.oid
|
||||
WHERE c.oid = '%s' AND a.attnum = %d AND NOT a.attisdropped
|
||||
ORDER BY a.attnum";
|
||||
$query = $filter->preventSqlInjection($query);
|
||||
$result2 = pg_query ($this->conn->getResource(), sprintf ($query, $this->oid, $intColNum));
|
||||
$result2 = pg_query ($this->conn->getResource(), sprintf ($filter->preventSqlInjection($query), $this->oid, $intColNum));
|
||||
if (!$result2)
|
||||
{
|
||||
throw new SQLException("Could not list indexes keys for table: " . $this->name, pg_last_error($this->conn->getResource()));
|
||||
|
||||
@@ -124,8 +124,7 @@ class SQLiteTableInfo extends TableInfo {
|
||||
|
||||
// get columns for that index
|
||||
$query = "PRAGMA index_info('$name')";
|
||||
$query = $filter->preventSqlInjection($query);
|
||||
$res2 = sqlite_query($this->conn->getResource(), $query);
|
||||
$res2 = sqlite_query($this->conn->getResource(), $filter->preventSqlInjection($query));
|
||||
while($row2 = sqlite_fetch_array($res2, SQLITE_ASSOC)) {
|
||||
$colname = $row2['name'];
|
||||
$this->indexes[$name]->addColumn($this->columns[ $colname ]);
|
||||
|
||||
@@ -465,7 +465,7 @@ Wrote: /usr/src/redhat/RPMS/i386/PEAR::Net_Socket-1.0-1.i386.rpm
|
||||
}
|
||||
}
|
||||
$plist = implode(" ", $params);
|
||||
$cmd = "$php -C -d include_path=$cwd$ps$ip -f $run_tests -- $plist";
|
||||
$cmd = $php.' -C -d include_path='.$cwd.$ps.$ip.' -f '.$run_tests.' -- '.$plist;
|
||||
|
||||
if (!class_exists('G')) {
|
||||
$realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
|
||||
|
||||
@@ -261,7 +261,7 @@ class ListCanceled extends BaseListCanceled {
|
||||
return (int)$total;
|
||||
}
|
||||
|
||||
public function loadList ($usr_uid, $filters = array())
|
||||
public function loadList($usr_uid, $filters = array(), $callbackRecord = null)
|
||||
{
|
||||
$resp = array();
|
||||
$criteria = new Criteria();
|
||||
@@ -308,7 +308,8 @@ class ListCanceled extends BaseListCanceled {
|
||||
$dataset->setFetchmode(ResultSet::FETCHMODE_ASSOC);
|
||||
$data = array();
|
||||
while ($dataset->next()) {
|
||||
$aRow = $dataset->getRow();
|
||||
$aRow = (is_null($callbackRecord))? $dataset->getRow() : $callbackRecord($dataset->getRow());
|
||||
|
||||
$data[] = $aRow;
|
||||
}
|
||||
|
||||
|
||||
@@ -271,7 +271,7 @@ class ListCompleted extends BaseListCompleted
|
||||
return (int)$total;
|
||||
}
|
||||
|
||||
public function loadList ($usr_uid, $filters = array())
|
||||
public function loadList($usr_uid, $filters = array(), $callbackRecord = null)
|
||||
{
|
||||
$resp = array();
|
||||
$criteria = new Criteria();
|
||||
@@ -315,7 +315,8 @@ class ListCompleted extends BaseListCompleted
|
||||
$dataset->setFetchmode(ResultSet::FETCHMODE_ASSOC);
|
||||
$data = array();
|
||||
while ($dataset->next()) {
|
||||
$aRow = $dataset->getRow();
|
||||
$aRow = (is_null($callbackRecord))? $dataset->getRow() : $callbackRecord($dataset->getRow());
|
||||
|
||||
$data[] = $aRow;
|
||||
}
|
||||
|
||||
|
||||
@@ -13,7 +13,7 @@ require_once 'classes/model/om/BaseListInbox.php';
|
||||
*
|
||||
* @package classes.model
|
||||
*/
|
||||
|
||||
|
||||
class ListInbox extends BaseListInbox
|
||||
{
|
||||
/**
|
||||
@@ -131,7 +131,7 @@ class ListInbox extends BaseListInbox
|
||||
|
||||
// update participated history
|
||||
$listParticipatedHistory = new ListParticipatedHistory();
|
||||
$listParticipatedHistory->update($data);
|
||||
$listParticipatedHistory->update($data);
|
||||
return $result;
|
||||
} else {
|
||||
$con->rollback();
|
||||
@@ -395,7 +395,7 @@ class ListInbox extends BaseListInbox
|
||||
return (int)$total;
|
||||
}
|
||||
|
||||
public function loadList ($usr_uid, $filters = array())
|
||||
public function loadList($usr_uid, $filters = array(), $callbackRecord = null)
|
||||
{
|
||||
$criteria = new Criteria();
|
||||
|
||||
@@ -429,7 +429,7 @@ class ListInbox extends BaseListInbox
|
||||
|
||||
if ($filters['action'] == 'draft') {
|
||||
$criteria->add( ListInboxPeer::APP_STATUS, 'DRAFT', Criteria::EQUAL );
|
||||
} else {
|
||||
} else {
|
||||
$criteria->add( ListInboxPeer::APP_STATUS, 'TO_DO', Criteria::EQUAL );
|
||||
}
|
||||
|
||||
@@ -449,7 +449,8 @@ class ListInbox extends BaseListInbox
|
||||
$data = array();
|
||||
$aPriorities = array ('1' => 'VL','2' => 'L','3' => 'N','4' => 'H','5' => 'VH');
|
||||
while ($dataset->next()) {
|
||||
$aRow = $dataset->getRow();
|
||||
$aRow = (is_null($callbackRecord))? $dataset->getRow() : $callbackRecord($dataset->getRow());
|
||||
|
||||
$aRow['DEL_PRIORITY'] = G::LoadTranslation( "ID_PRIORITY_{$aPriorities[$aRow['DEL_PRIORITY']]}" );
|
||||
$data[] = $aRow;
|
||||
}
|
||||
|
||||
@@ -210,7 +210,7 @@ class ListMyInbox extends BaseListMyInbox
|
||||
return (int)$total;
|
||||
}
|
||||
|
||||
public function loadList ($usr_uid, $filters = array())
|
||||
public function loadList($usr_uid, $filters = array(), $callbackRecord = null)
|
||||
{
|
||||
$criteria = new Criteria();
|
||||
|
||||
@@ -264,7 +264,8 @@ class ListMyInbox extends BaseListMyInbox
|
||||
$data = array();
|
||||
$aPriorities = array ('1' => 'VL','2' => 'L','3' => 'N','4' => 'H','5' => 'VH');
|
||||
while ($dataset->next()) {
|
||||
$aRow = $dataset->getRow();
|
||||
$aRow = (is_null($callbackRecord))? $dataset->getRow() : $callbackRecord($dataset->getRow());
|
||||
|
||||
$aRow['DEL_PRIORITY'] = G::LoadTranslation( "ID_PRIORITY_{$aPriorities[$aRow['DEL_PRIORITY']]}" );
|
||||
$data[] = $aRow;
|
||||
}
|
||||
|
||||
@@ -169,7 +169,7 @@ class ListParticipatedHistory extends BaseListParticipatedHistory
|
||||
return (int)$total;
|
||||
}
|
||||
|
||||
public function loadList ($usr_uid, $filters = array())
|
||||
public function loadList($usr_uid, $filters = array(), $callbackRecord = null)
|
||||
{
|
||||
$criteria = new Criteria();
|
||||
|
||||
@@ -219,7 +219,8 @@ class ListParticipatedHistory extends BaseListParticipatedHistory
|
||||
$data = array();
|
||||
$aPriorities = array ('1' => 'VL','2' => 'L','3' => 'N','4' => 'H','5' => 'VH');
|
||||
while ($dataset->next()) {
|
||||
$aRow = $dataset->getRow();
|
||||
$aRow = (is_null($callbackRecord))? $dataset->getRow() : $callbackRecord($dataset->getRow());
|
||||
|
||||
$aRow['DEL_PRIORITY'] = G::LoadTranslation( "ID_PRIORITY_{$aPriorities[$aRow['DEL_PRIORITY']]}" );
|
||||
$data[] = $aRow;
|
||||
}
|
||||
|
||||
@@ -25,7 +25,7 @@ class ListParticipatedLast extends BaseListParticipatedLast
|
||||
*
|
||||
*/
|
||||
public function create($data)
|
||||
{
|
||||
{
|
||||
$criteria = new Criteria();
|
||||
$criteria->addSelectColumn(ApplicationPeer::APP_STATUS);
|
||||
$criteria->add( ApplicationPeer::APP_UID, $data['APP_UID'], Criteria::EQUAL );
|
||||
@@ -108,7 +108,7 @@ class ListParticipatedLast extends BaseListParticipatedLast
|
||||
*
|
||||
*/
|
||||
public function refresh ($data, $isSelfService = false)
|
||||
{
|
||||
{
|
||||
$data['APP_STATUS'] = (empty($data['APP_STATUS'])) ? 'TO_DO' : $data['APP_STATUS'];
|
||||
if (!$isSelfService) {
|
||||
$criteria = new Criteria();
|
||||
@@ -133,7 +133,7 @@ class ListParticipatedLast extends BaseListParticipatedLast
|
||||
|
||||
}
|
||||
$this->update($data);
|
||||
|
||||
|
||||
}
|
||||
/**
|
||||
* Remove List Participated History
|
||||
@@ -239,7 +239,7 @@ class ListParticipatedLast extends BaseListParticipatedLast
|
||||
return (int)$total;
|
||||
}
|
||||
|
||||
public function loadList ($usr_uid, $filters = array())
|
||||
public function loadList($usr_uid, $filters = array(), $callbackRecord = null)
|
||||
{
|
||||
$criteria = new Criteria();
|
||||
|
||||
@@ -252,7 +252,7 @@ class ListParticipatedLast extends BaseListParticipatedLast
|
||||
$criteria->addSelectColumn(ListParticipatedLastPeer::APP_TITLE);
|
||||
$criteria->addSelectColumn(ListParticipatedLastPeer::APP_PRO_TITLE);
|
||||
$criteria->addSelectColumn(ListParticipatedLastPeer::APP_TAS_TITLE);
|
||||
$criteria->addSelectColumn(ListParticipatedLastPeer::APP_STATUS);
|
||||
$criteria->addSelectColumn(ListParticipatedLastPeer::APP_STATUS);
|
||||
$criteria->addSelectColumn(ListParticipatedLastPeer::DEL_PREVIOUS_USR_UID);
|
||||
$criteria->addSelectColumn(ListParticipatedLastPeer::DEL_PREVIOUS_USR_USERNAME);
|
||||
$criteria->addSelectColumn(ListParticipatedLastPeer::DEL_PREVIOUS_USR_FIRSTNAME);
|
||||
@@ -290,7 +290,8 @@ class ListParticipatedLast extends BaseListParticipatedLast
|
||||
$data = array();
|
||||
$aPriorities = array ('1' => 'VL','2' => 'L','3' => 'N','4' => 'H','5' => 'VH');
|
||||
while ($dataset->next()) {
|
||||
$aRow = $dataset->getRow();
|
||||
$aRow = (is_null($callbackRecord))? $dataset->getRow() : $callbackRecord($dataset->getRow());
|
||||
|
||||
$aRow['DEL_PRIORITY'] = G::LoadTranslation( "ID_PRIORITY_{$aPriorities[$aRow['DEL_PRIORITY']]}" );
|
||||
$data[] = $aRow;
|
||||
}
|
||||
|
||||
@@ -281,7 +281,7 @@ class ListPaused extends BaseListPaused {
|
||||
return (int)$total;
|
||||
}
|
||||
|
||||
public function loadList ($usr_uid, $filters = array())
|
||||
public function loadList($usr_uid, $filters = array(), $callbackRecord = null)
|
||||
{
|
||||
$resp = array();
|
||||
$criteria = new Criteria();
|
||||
@@ -332,7 +332,8 @@ class ListPaused extends BaseListPaused {
|
||||
$dataset->setFetchmode(ResultSet::FETCHMODE_ASSOC);
|
||||
$data = array();
|
||||
while ($dataset->next()) {
|
||||
$aRow = $dataset->getRow();
|
||||
$aRow = (is_null($callbackRecord))? $dataset->getRow() : $callbackRecord($dataset->getRow());
|
||||
|
||||
$data[] = $aRow;
|
||||
}
|
||||
|
||||
|
||||
@@ -243,7 +243,7 @@ class ListUnassigned extends BaseListUnassigned
|
||||
return (int)$total;
|
||||
}
|
||||
|
||||
public function loadList ($usr_uid, $filters = array())
|
||||
public function loadList($usr_uid, $filters = array(), $callbackRecord = null)
|
||||
{
|
||||
$resp = array();
|
||||
$criteria = new Criteria();
|
||||
@@ -298,7 +298,8 @@ class ListUnassigned extends BaseListUnassigned
|
||||
$data = array();
|
||||
$aPriorities = array ('1' => 'VL','2' => 'L','3' => 'N','4' => 'H','5' => 'VH');
|
||||
while ($dataset->next()) {
|
||||
$aRow = $dataset->getRow();
|
||||
$aRow = (is_null($callbackRecord))? $dataset->getRow() : $callbackRecord($dataset->getRow());
|
||||
|
||||
$aRow['DEL_PRIORITY'] = G::LoadTranslation( "ID_PRIORITY_{$aPriorities[$aRow['DEL_PRIORITY']]}" );
|
||||
$data[] = $aRow;
|
||||
}
|
||||
@@ -313,7 +314,7 @@ class ListUnassigned extends BaseListUnassigned
|
||||
/**
|
||||
* Generate Data
|
||||
*
|
||||
* @return object criteria
|
||||
* @return object criteria
|
||||
*/
|
||||
public function generateData($appUid,$delPreviusUsrUid){
|
||||
try {
|
||||
@@ -348,7 +349,7 @@ class ListUnassigned extends BaseListUnassigned
|
||||
$taskGroupVariable = trim($row["TAS_GROUP_VARIABLE"], " @#");
|
||||
$delPreviusUsrUid = '';
|
||||
$unaUid = $this->newRow($row,$delPreviusUsrUid);
|
||||
//Selfservice by group
|
||||
//Selfservice by group
|
||||
if ($taskGroupVariable != "" && isset($applicationData[$taskGroupVariable]) && trim($applicationData[$taskGroupVariable]) != "") {
|
||||
$gprUid = trim($applicationData[$taskGroupVariable]);
|
||||
//Define Users by Group
|
||||
@@ -362,13 +363,13 @@ class ListUnassigned extends BaseListUnassigned
|
||||
} else {
|
||||
//Define all users assigned to Task
|
||||
$task = new TaskUser();
|
||||
$arrayUsers = $task->getAllUsersTask($row["TAS_UID"]);
|
||||
$arrayUsers = $task->getAllUsersTask($row["TAS_UID"]);
|
||||
foreach($arrayUsers as $urow){
|
||||
$newRow["USR_UID"] = $urow["USR_UID"];
|
||||
$listUnassignedGpr = new ListUnassignedGroup();
|
||||
$listUnassignedGpr->newRow($unaUid,$urow["USR_UID"],"USER","");
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
} catch (Exception $e) {
|
||||
throw $e;
|
||||
|
||||
@@ -321,8 +321,13 @@ class Installer extends Controller
|
||||
G::verifyPath( $aux['dirname'], true );
|
||||
if (is_dir( $aux['dirname'] )) {
|
||||
if (! file_exists( $_REQUEST['pathLogFile'] )) {
|
||||
@file_put_contents( $_REQUEST['pathLogFile'], '' );
|
||||
@chmod($_REQUEST['pathShared'], 0770);
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$pathLogFile = $filter->validateInput($_REQUEST['pathLogFile'], "path");
|
||||
$pathShared = $filter->validateInput($_REQUEST['pathShared'], "path");
|
||||
|
||||
@file_put_contents( $pathLogFile, '' );
|
||||
@chmod($pathShared, 0770);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -843,10 +848,10 @@ class Installer extends Controller
|
||||
$query = sprintf( "USE %s;", $wf_workpace );
|
||||
$this->mysqlQuery( $query );
|
||||
|
||||
$query = sprintf( "UPDATE USERS SET USR_USERNAME = '%s', USR_LASTNAME = '%s', USR_PASSWORD = '%s' WHERE USR_UID = '00000000000000000000000000000001' ", $adminUsername, $adminUsername, md5( $adminPassword ) );
|
||||
$query = sprintf( "UPDATE USERS SET USR_USERNAME = '%s', USR_LASTNAME = '%s', USR_PASSWORD = '%s' WHERE USR_UID = '00000000000000000000000000000001' ", $adminUsername, $adminUsername, G::encryptOld( $adminPassword ) );
|
||||
$this->mysqlQuery( $query );
|
||||
|
||||
$query = sprintf( "UPDATE RBAC_USERS SET USR_USERNAME = '%s', USR_LASTNAME = '%s', USR_PASSWORD = '%s' WHERE USR_UID = '00000000000000000000000000000001' ", $adminUsername, $adminUsername, md5( $adminPassword ) );
|
||||
$query = sprintf( "UPDATE RBAC_USERS SET USR_USERNAME = '%s', USR_LASTNAME = '%s', USR_PASSWORD = '%s' WHERE USR_UID = '00000000000000000000000000000001' ", $adminUsername, $adminUsername, G::encryptOld( $adminPassword ) );
|
||||
$this->mysqlQuery( $query );
|
||||
|
||||
// Write the paths_installed.php file (contains all the information configured so far)
|
||||
@@ -1091,6 +1096,8 @@ class Installer extends Controller
|
||||
}
|
||||
|
||||
$this->installLog( G::LoadTranslation('ID_CREATING', SYS_LANG, Array($db_file) ));
|
||||
|
||||
$db_file = $filter->validateInput($db_file, "path");
|
||||
file_put_contents( $db_file, $dbText );
|
||||
|
||||
// Generate the databases.php file
|
||||
@@ -1111,6 +1118,8 @@ class Installer extends Controller
|
||||
$databasesText = str_replace( '{dbData}', $dbData, @file_get_contents( PATH_HOME . 'engine/templates/installer/databases.tpl' ) );
|
||||
|
||||
$this->installLog( G::LoadTranslation('ID_CREATING', SYS_LANG, Array($databases_file) ));
|
||||
|
||||
$databases_file = $filter->validateInput($databases_file, "path");
|
||||
file_put_contents( $databases_file, $databasesText );
|
||||
|
||||
//execute scripts to create and populates databases
|
||||
@@ -1237,35 +1246,35 @@ class Installer extends Controller
|
||||
$info = new stdclass();
|
||||
|
||||
if ($_REQUEST['db_engine'] == 'mysql') {
|
||||
$_REQUEST['db_hostname'] = $filter->validateInput($_REQUEST['db_hostname']);
|
||||
$_REQUEST['db_username'] = $filter->validateInput($_REQUEST['db_username']);
|
||||
$_REQUEST['db_password'] = $filter->validateInput($_REQUEST['db_password']);
|
||||
$link = @mysql_connect( $_REQUEST['db_hostname'], $_REQUEST['db_username'], $_REQUEST['db_password'] );
|
||||
$_REQUEST['wfDatabase'] = $filter->validateInput($_REQUEST['wfDatabase'], 'nosql');
|
||||
$db_hostname = $filter->validateInput($_REQUEST['db_hostname']);
|
||||
$db_username = $filter->validateInput($_REQUEST['db_username']);
|
||||
$db_password = $filter->validateInput($_REQUEST['db_password']);
|
||||
$link = @mysql_connect( $db_hostname, $db_username, $db_password );
|
||||
$wfDatabase = $filter->validateInput($_REQUEST['wfDatabase'], 'nosql');
|
||||
$query = "show databases like '%s' ";
|
||||
$query = $filter->preventSqlInjection( $query, array($_REQUEST['wfDatabase']) );
|
||||
$query = $filter->preventSqlInjection( $query, array($wfDatabase) );
|
||||
$dataset = @mysql_query( $query, $link );
|
||||
$info->wfDatabaseExists = (@mysql_num_rows( $dataset ) > 0);
|
||||
} else if ($_REQUEST['db_engine'] == 'mssql') {
|
||||
$link = @mssql_connect( $_REQUEST['db_hostname'], $_REQUEST['db_username'], $_REQUEST['db_password'] );
|
||||
$_REQUEST['wfDatabase'] = $filter->validateInput($_REQUEST['wfDatabase'], 'nosql');
|
||||
$link = @mssql_connect( $db_hostname, $db_username, $db_password );
|
||||
$wfDatabase = $filter->validateInput($_REQUEST['wfDatabase'], 'nosql');
|
||||
$query = "select * from sys.databases where name = '%s' ";
|
||||
$query = $filter->preventSqlInjection( $query, array($_REQUEST['wfDatabase']) );
|
||||
$query = $filter->preventSqlInjection( $query, array($wfDatabase) );
|
||||
$dataset = @mssql_query( $query , $link );
|
||||
$info->wfDatabaseExists = (@mssql_num_rows( $dataset ) > 0);
|
||||
} else if ($_REQUEST['db_engine'] == 'sqlsrv') {
|
||||
$arguments = array("UID" => $_REQUEST['db_username'], "PWD" => $_REQUEST['db_password']);
|
||||
$link = @sqlsrv_connect( $_REQUEST['db_hostname'], $arguments);
|
||||
$_REQUEST['wfDatabase'] = $filter->validateInput($_REQUEST['wfDatabase'], 'nosql');
|
||||
$arguments = array("UID" => $db_username, "PWD" => $db_password);
|
||||
$link = @sqlsrv_connect( $db_hostname, $arguments);
|
||||
$wfDatabase = $filter->validateInput($_REQUEST['wfDatabase'], 'nosql');
|
||||
$query = "select * from sys.databases where name = '%s' ";
|
||||
$query = $filter->preventSqlInjection( $query, array($_REQUEST['wfDatabase']) );
|
||||
$query = $filter->preventSqlInjection( $query, array($wfDatabase) );
|
||||
$dataset = @sqlsrv_query( $link, $query );
|
||||
$info->wfDatabaseExists = (@sqlsrv_num_rows( $dataset ) > 0);
|
||||
} else {
|
||||
$link = @mssql_connect( $_REQUEST['db_hostname'], $_REQUEST['db_username'], $_REQUEST['db_password'] );
|
||||
$_REQUEST['wfDatabase'] = $filter->validateInput($_REQUEST['wfDatabase'], 'nosql');
|
||||
$link = @mssql_connect( $db_hostname, $db_username, $db_password );
|
||||
$wfDatabase = $filter->validateInput($_REQUEST['wfDatabase'], 'nosql');
|
||||
$query = "select * from sys.databases where name = '%s' ";
|
||||
$query = $filter->preventSqlInjection( $query, array($_REQUEST['wfDatabase']) );
|
||||
$query = $filter->preventSqlInjection( $query, array($wfDatabase) );
|
||||
$dataset = @mssql_query( $query , $link );
|
||||
$info->wfDatabaseExists = (@mssql_num_rows( $dataset ) > 0);
|
||||
}
|
||||
@@ -1670,6 +1679,7 @@ class Installer extends Controller
|
||||
$db_password = trim( $_REQUEST['db_password'] );
|
||||
$db_password = $filter->validateInput($db_password);
|
||||
$wf = trim( $_REQUEST['wfDatabase'] );
|
||||
$wf = $filter->validateInput($wf);
|
||||
|
||||
$db_host = ($db_port != '' && $db_port != 3306) ? $db_hostname . ':' . $db_port : $db_hostname;
|
||||
|
||||
@@ -1701,4 +1711,3 @@ class Installer extends Controller
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -671,11 +671,11 @@ class pmTablesProxy extends HttpProxyController
|
||||
$filter = new InputFilter();
|
||||
$countRow = 250;
|
||||
$tmpfilename = $_FILES['form']['tmp_name']['CSV_FILE'];
|
||||
$tmpfilename = $filter->xssFilterHard($tmpfilename, 'path');
|
||||
//$tmpfilename = $filter->xssFilterHard($tmpfilename, 'path');
|
||||
if (preg_match( '/[\x00-\x08\x0b-\x0c\x0e\x1f]/', file_get_contents( $tmpfilename ) ) === 0) {
|
||||
$filename = $_FILES['form']['name']['CSV_FILE'];
|
||||
$filename = $filter->xssFilterHard($filename, 'path');
|
||||
if ($oFile = fopen( $tmpfilename, 'r' )) {
|
||||
//$filename = $filter->xssFilterHard($filename, 'path');
|
||||
if ($oFile = fopen( $filter->xssFilterHard($tmpfilename, 'path'), 'r' )) {
|
||||
require_once 'classes/model/AdditionalTables.php';
|
||||
$oAdditionalTables = new AdditionalTables();
|
||||
$aAdditionalTables = $oAdditionalTables->load( $_POST['form']['ADD_TAB_UID'], true );
|
||||
@@ -771,11 +771,11 @@ class pmTablesProxy extends HttpProxyController
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$tmpfilename = $_FILES['form']['tmp_name']['CSV_FILE'];
|
||||
$tmpfilename = $filter->xssFilterHard($tmpfilename, 'path');
|
||||
//$tmpfilename = $filter->xssFilterHard($tmpfilename, 'path');
|
||||
if (preg_match( '/[\x00-\x08\x0b-\x0c\x0e\x1f]/', file_get_contents( $tmpfilename ) ) === 0) {
|
||||
$filename = $_FILES['form']['name']['CSV_FILE'];
|
||||
$filename = $filter->xssFilterHard($filename, 'path');
|
||||
if ($oFile = fopen( $tmpfilename, 'r' )) {
|
||||
if ($oFile = fopen( $filter->xssFilterHard($tmpfilename, 'path'), 'r' )) {
|
||||
require_once 'classes/model/AdditionalTables.php';
|
||||
$oAdditionalTables = new AdditionalTables();
|
||||
$aAdditionalTables = $oAdditionalTables->load( $_POST['form']['ADD_TAB_UID'], true );
|
||||
|
||||
@@ -254,13 +254,13 @@ switch (($_POST['action']) ? $_POST['action'] : $_REQUEST['action']) {
|
||||
switch ($_POST['TAS_ASSIGN_TYPE']) {
|
||||
// switch verify $_POST['TAS_ASSIGN_TYPE']
|
||||
case 'BALANCED':
|
||||
$_POST['USR_UID'] = $filter->xssFilterHard($_POST['USR_UID']);
|
||||
$USR_UID = $filter->xssFilterHard($_POST['USR_UID']);
|
||||
G::LoadClass( 'user' );
|
||||
$oUser = new User( new DBConnection() );
|
||||
$oUser->load( $_POST['USR_UID'] );
|
||||
$oUser->load( $USR_UID );
|
||||
$oUser->Fields['USR_FIRSTNAME'] = $filter->xssFilterHard($oUser->Fields['USR_FIRSTNAME']);
|
||||
$oUser->Fields['USR_LASTNAME'] = $filter->xssFilterHard($oUser->Fields['USR_LASTNAME']);
|
||||
echo $oUser->Fields['USR_FIRSTNAME'] . ' ' . $oUser->Fields['USR_LASTNAME'] . '<input type="hidden" name="form[TASKS][1][USR_UID]" id="form[TASKS][1][USR_UID]" value="' . $_POST['USR_UID'] . '">';
|
||||
echo $oUser->Fields['USR_FIRSTNAME'] . ' ' . $oUser->Fields['USR_LASTNAME'] . '<input type="hidden" name="form[TASKS][1][USR_UID]" id="form[TASKS][1][USR_UID]" value="'.$USR_UID.'">';
|
||||
break;
|
||||
case 'MANUAL':
|
||||
$sAux = '<select name="form[TASKS][1][USR_UID]" id="form[TASKS][1][USR_UID]">';
|
||||
@@ -311,15 +311,15 @@ switch (($_POST['action']) ? $_POST['action'] : $_REQUEST['action']) {
|
||||
echo $sAux;
|
||||
break;
|
||||
case 'EVALUATE':
|
||||
$_POST['TAS_ASSIGN_VARIABLE'] = $filter->xssFilterHard($_POST['TAS_ASSIGN_VARIABLE']);
|
||||
$_SESSION['APPLICATION'] = $filter->xssFilterHard($_SESSION['APPLICATION']);
|
||||
$TAS_ASSIGN_VARIABLE = $filter->xssFilterHard($_POST['TAS_ASSIGN_VARIABLE']);
|
||||
$APPLICATION = $filter->xssFilterHard($_SESSION['APPLICATION']);
|
||||
G::LoadClass( 'application' );
|
||||
$oApplication = new Application( new DBConnection() );
|
||||
$oApplication->load( $_SESSION['APPLICATION'] );
|
||||
$oApplication->load( $APPLICATION );
|
||||
$sUser = '';
|
||||
if ($_POST['TAS_ASSIGN_VARIABLE'] != '') {
|
||||
if (isset( $oApplication->Fields['APP_DATA'][str_replace( '@@', '', $_POST['TAS_ASSIGN_VARIABLE'] )] )) {
|
||||
$sUser = $oApplication->Fields['APP_DATA'][str_replace( '@@', '', $_POST['TAS_ASSIGN_VARIABLE'] )];
|
||||
if ($TAS_ASSIGN_VARIABLE != '') {
|
||||
if (isset( $oApplication->Fields['APP_DATA'][str_replace( '@@', '', $TAS_ASSIGN_VARIABLE )] )) {
|
||||
$sUser = $oApplication->Fields['APP_DATA'][str_replace( '@@', '', $TAS_ASSIGN_VARIABLE )];
|
||||
}
|
||||
}
|
||||
if ($sUser != '') {
|
||||
@@ -329,7 +329,7 @@ switch (($_POST['action']) ? $_POST['action'] : $_REQUEST['action']) {
|
||||
echo $oUser->Fields['USR_FIRSTNAME'] . ' ' . $oUser->Fields['USR_LASTNAME'] . '<input type="hidden" name="form[TASKS][1][USR_UID]" id="form[TASKS][1][USR_UID]" value="' . $sUser . '">';
|
||||
} else {
|
||||
$ID_EMPTY = $filter->xssFilterHard(G::LoadTranslation( 'ID_EMPTY' ));
|
||||
echo '<strong>Error: </strong>' . $_POST['TAS_ASSIGN_VARIABLE'] . ' ' . $ID_EMPTY;
|
||||
echo '<strong>Error: </strong>' . $TAS_ASSIGN_VARIABLE . ' ' . $ID_EMPTY;
|
||||
echo '<input type="hidden" name="_ERROR_" id="_ERROR_" value="">';
|
||||
}
|
||||
break;
|
||||
@@ -461,14 +461,15 @@ switch (($_POST['action']) ? $_POST['action'] : $_REQUEST['action']) {
|
||||
$cases->reassignCase( $_SESSION['APPLICATION'], $_SESSION['INDEX'], $_SESSION['USER_LOGGED'], $_POST['USR_UID'], $_POST['THETYPE'] );
|
||||
break;
|
||||
case 'toRevisePanel':
|
||||
$_POST['APP_UID'] = $filter->xssFilterHard($_POST['APP_UID']);
|
||||
$_POST['DEL_INDEX'] = $filter->xssFilterHard($_POST['DEL_INDEX']);
|
||||
$APP_UID = $filter->xssFilterHard($_POST['APP_UID']);
|
||||
$DEL_INDEX = $filter->xssFilterHard($_POST['DEL_INDEX']);
|
||||
|
||||
$_GET['APP_UID'] = $_POST['APP_UID'];
|
||||
$_GET['DEL_INDEX'] = $_POST['DEL_INDEX'];
|
||||
$_GET['APP_UID'] = $APP_UID
|
||||
$_GET['DEL_INDEX'] = $DEL_INDEX;
|
||||
$G_PUBLISH = new Publisher();
|
||||
|
||||
echo '<iframe scrolling="no" style="border:none;height=300px;width:240px;"' . ' src="casesToRevisePanelExtJs?APP_UID='.$_GET['APP_UID'].'&DEL_INDEX='.$_GET['DEL_INDEX'].'"></iframe>';
|
||||
|
||||
echo "<iframe scrolling='no' style='border:none;height=300px;width:240px;'" . " src='casesToRevisePanelExtJs?APP_UID=$APP_UID&DEL_INDEX=$DEL_INDEX'></iframe>";
|
||||
// $G_PUBLISH->AddContent( 'smarty', 'cases/cases_toRevise' );
|
||||
// $G_PUBLISH->AddContent('smarty', 'cases/cases_toReviseIn', '', '', array());
|
||||
G::RenderPage( 'publish', 'raw' );
|
||||
@@ -1025,4 +1026,3 @@ function getCasesTypeIds ()
|
||||
$aTypes = Array ('to_do','draft','cancelled','sent','paused','completed','selfservice','to_revise','to_reassign');
|
||||
return $aTypesID;
|
||||
}
|
||||
|
||||
|
||||
@@ -104,34 +104,45 @@ try {
|
||||
$filters['dir'] = 'DESC';
|
||||
}
|
||||
|
||||
$result = $list->loadList($userUid, $filters);
|
||||
if (!empty($result)) {
|
||||
foreach ($result as &$value) {
|
||||
if (isset($value['DEL_PREVIOUS_USR_UID'])) {
|
||||
$value['PREVIOUS_USR_UID'] = $value['DEL_PREVIOUS_USR_UID'];
|
||||
$value['PREVIOUS_USR_USERNAME'] = $value['DEL_PREVIOUS_USR_USERNAME'];
|
||||
$value['PREVIOUS_USR_FIRSTNAME'] = $value['DEL_PREVIOUS_USR_FIRSTNAME'];
|
||||
$value['PREVIOUS_USR_LASTNAME'] = $value['DEL_PREVIOUS_USR_LASTNAME'];
|
||||
}
|
||||
if (isset($value['DEL_DUE_DATE'])) {
|
||||
$value['DEL_TASK_DUE_DATE'] = $value['DEL_DUE_DATE'];
|
||||
}
|
||||
if (isset($value['APP_PAUSED_DATE'])) {
|
||||
$value['APP_UPDATE_DATE'] = $value['APP_PAUSED_DATE'];
|
||||
}
|
||||
if (isset($value['DEL_CURRENT_USR_USERNAME'])) {
|
||||
$value['USR_USERNAME'] = $value['DEL_CURRENT_USR_USERNAME'];
|
||||
$value['USR_FIRSTNAME'] = $value['DEL_CURRENT_USR_FIRSTNAME'];
|
||||
$value['USR_LASTNAME'] = $value['DEL_CURRENT_USR_LASTNAME'];
|
||||
$value['APP_UPDATE_DATE'] = $value['DEL_DELEGATE_DATE'];
|
||||
}
|
||||
if (isset($value['APP_STATUS'])) {
|
||||
$value['APP_STATUS_LABEL'] = G::LoadTranslation( "ID_{$value['APP_STATUS']}" );
|
||||
}
|
||||
$result = $list->loadList(
|
||||
$userUid,
|
||||
$filters,
|
||||
function (array $record)
|
||||
{
|
||||
try {
|
||||
if (isset($record["DEL_PREVIOUS_USR_UID"])) {
|
||||
$record["PREVIOUS_USR_UID"] = $record["DEL_PREVIOUS_USR_UID"];
|
||||
$record["PREVIOUS_USR_USERNAME"] = $record["DEL_PREVIOUS_USR_USERNAME"];
|
||||
$record["PREVIOUS_USR_FIRSTNAME"] = $record["DEL_PREVIOUS_USR_FIRSTNAME"];
|
||||
$record["PREVIOUS_USR_LASTNAME"] = $record["DEL_PREVIOUS_USR_LASTNAME"];
|
||||
}
|
||||
|
||||
//$value = array_change_key_case($value, CASE_LOWER);
|
||||
if (isset($record["DEL_DUE_DATE"])) {
|
||||
$record["DEL_TASK_DUE_DATE"] = $record["DEL_DUE_DATE"];
|
||||
}
|
||||
|
||||
if (isset($record["APP_PAUSED_DATE"])) {
|
||||
$record["APP_UPDATE_DATE"] = $record["APP_PAUSED_DATE"];
|
||||
}
|
||||
|
||||
if (isset($record["DEL_CURRENT_USR_USERNAME"])) {
|
||||
$record["USR_USERNAME"] = $record["DEL_CURRENT_USR_USERNAME"];
|
||||
$record["USR_FIRSTNAME"] = $record["DEL_CURRENT_USR_FIRSTNAME"];
|
||||
$record["USR_LASTNAME"] = $record["DEL_CURRENT_USR_LASTNAME"];
|
||||
$record["APP_UPDATE_DATE"] = $record["DEL_DELEGATE_DATE"];
|
||||
}
|
||||
|
||||
if (isset($record["APP_STATUS"])) {
|
||||
$record["APP_STATUS_LABEL"] = G::LoadTranslation("ID_" . $record["APP_STATUS"]);
|
||||
}
|
||||
|
||||
//Return
|
||||
return $record;
|
||||
} catch (Exception $e) {
|
||||
throw $e;
|
||||
}
|
||||
}
|
||||
}
|
||||
);
|
||||
|
||||
$filtersData = array();
|
||||
$filtersData['start'] = $filters['start'];
|
||||
@@ -143,12 +154,16 @@ try {
|
||||
$filtersData['search'] = $filters['search'];
|
||||
$filtersData['date_from'] = $filters['dateFrom'];
|
||||
$filtersData['date_to'] = $filters['dateTo'];
|
||||
$filtersData["action"] = $filters["action"];
|
||||
|
||||
$response = array();
|
||||
$response['filters'] = $filtersData;
|
||||
$response['data'] = $result;
|
||||
$filtersData['action'] = $filters['action'];
|
||||
$response['totalCount'] = $list->countTotal($userUid, $filtersData);
|
||||
|
||||
|
||||
$response = $filter->xssFilterHard($response);
|
||||
|
||||
$response["data"] = $result;
|
||||
|
||||
echo G::json_encode($response);
|
||||
} catch (Exception $e) {
|
||||
$msg = array("error" => $e->getMessage());
|
||||
|
||||
@@ -200,7 +200,7 @@ switch ($_POST['action']) {
|
||||
}
|
||||
$aData['USR_STATUS'] = $statusWF;
|
||||
$aData['USR_UID'] = $sUserUID;
|
||||
$aData['USR_PASSWORD'] = md5($sUserUID); //fake :p
|
||||
$aData['USR_PASSWORD'] = G::encryptOld($sUserUID); //fake :p
|
||||
$aData['USR_COUNTRY'] = $form['USR_COUNTRY'];
|
||||
$aData['USR_CITY'] = $form['USR_CITY'];
|
||||
$aData['USR_LOCATION'] = $form['USR_LOCATION'];
|
||||
|
||||
@@ -334,9 +334,9 @@ class Consolidated
|
||||
$sort = $filter->validateInput($sort);
|
||||
if (in_array($sort, $arrayReportTableVar)) {
|
||||
$sort = strtoupper($sort);
|
||||
eval("\$field = " . $tableName . "Peer::" . $sort . ";");
|
||||
eval('$field = ' . $tableName . 'Peer::' . $sort . ';');
|
||||
} else {
|
||||
eval("\$field = AppCacheViewPeer::" . $sort . ";");
|
||||
eval('$field = AppCacheViewPeer::' . $sort . ';');
|
||||
}
|
||||
|
||||
if ($dir == "ASC") {
|
||||
|
||||
@@ -77,13 +77,13 @@
|
||||
$config['wsdl_cache'] = $filter->validateInput($config['wsdl_cache'],'int');
|
||||
$config['time_zone'] = $filter->validateInput($config['time_zone']);
|
||||
// Do not change any of these settings directly, use env.ini instead
|
||||
ini_set( 'display_errors', $config['display_errors']);
|
||||
ini_set( 'error_reporting', $config['error_reporting']);
|
||||
ini_set( 'display_errors', $filter->validateInput($config['display_errors']) );
|
||||
ini_set( 'error_reporting', $filter->validateInput($config['error_reporting']) );
|
||||
ini_set('short_open_tag', 'On');
|
||||
ini_set('default_charset', "UTF-8");
|
||||
ini_set('memory_limit', $config['memory_limit']);
|
||||
ini_set('memory_limit', $filter->validateInput($config['memory_limit']) );
|
||||
ini_set('soap.wsdl_cache_enabled', $config['wsdl_cache']);
|
||||
ini_set('date.timezone', $config['time_zone']);
|
||||
ini_set('date.timezone', $filter->validateInput($config['time_zone']) );
|
||||
|
||||
define ('DEBUG_SQL_LOG', $config['debug_sql']);
|
||||
define ('DEBUG_TIME_LOG', $config['debug_time']);
|
||||
@@ -713,7 +713,7 @@
|
||||
} elseif ($isRestRequest) {
|
||||
G::dispatchRestService(SYS_TARGET, $restConfig, $restApiClassPath);
|
||||
} else {
|
||||
require_once $phpFile;
|
||||
require_once $filter->validateInput($phpFile,'path');
|
||||
}
|
||||
|
||||
if (defined('SKIP_HEADERS')){
|
||||
|
||||
Reference in New Issue
Block a user