fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/feature/HOR-3559' into bugfix/HOR-3467

Browse Source
This commit is contained in:
Ronald Quenta
2017-08-09 08:16:55 -04:00
parent 61f9f9f7c4 b839a247d9
commit 23844188b3
35 changed files with 949 additions and 1296 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
bootstrap/autoload.php
View File

@@ -8,6 +8,7 @@ require __DIR__ . '/../vendor/autoload.php';
set_include_path( set_include_path(
get_include_path() . PATH_SEPARATOR get_include_path() . PATH_SEPARATOR
. __DIR__ . '/../thirdparty/' . PATH_SEPARATOR . __DIR__ . '/../thirdparty/' . PATH_SEPARATOR
. __DIR__ . '/../thirdparty/propel-generator/classes/' . PATH_SEPARATOR
. __DIR__ . '/../thirdparty/pear/' . PATH_SEPARATOR . __DIR__ . '/../thirdparty/pear/' . PATH_SEPARATOR
. __DIR__ . '/../workflow/engine/' . PATH_SEPARATOR . __DIR__ . '/../workflow/engine/' . PATH_SEPARATOR
. __DIR__ . '/../rbac/engine/' . __DIR__ . '/../rbac/engine/'

1
gulliver/bin/tasks/templates/pluginClass.tpl
View File

@@ -83,7 +83,6 @@
$_DBArray['users'] = $aUsers; $_DBArray['users'] = $aUsers;
$_SESSION['_DBArray'] = $_DBArray; $_SESSION['_DBArray'] = $_DBArray;
;
$oCriteria = new Criteria('dbarray'); $oCriteria = new Criteria('dbarray');
$oCriteria->setDBArrayTable('users'); $oCriteria->setDBArrayTable('users');
$oCriteria->addDescendingOrderByColumn('USR_USERNAME'); $oCriteria->addDescendingOrderByColumn('USR_USERNAME');

1
gulliver/bin/tasks/templates/pluginMainFile.tpl
View File

@@ -1,5 +1,4 @@
<?php <?php
;
class {className}Plugin extends PMPlugin class {className}Plugin extends PMPlugin
{ {

2
gulliver/bin/tasks/templates/pluginOnTransitList.php.tpl
View File

@@ -8,8 +8,6 @@
//if (($RBAC_Response = $RBAC->userCanAccess("PM_CASES"))!=1) return $RBAC_Response; //if (($RBAC_Response = $RBAC->userCanAccess("PM_CASES"))!=1) return $RBAC_Response;
/* Includes */ /* Includes */
;
;
/* GET , POST & $_SESSION Vars */ /* GET , POST & $_SESSION Vars */
$conf = new Configurations(); $conf = new Configurations();

1
gulliver/bin/tasks/templates/pluginStep.tpl
View File

@@ -1,5 +1,4 @@
<?php <?php
;
print "this is a default step for {className}"; print "this is a default step for {className}";
krumo::session (); krumo::session ();

2
gulliver/bin/tasks/templates/pluginStepApplicationAjax.php.tpl
View File

@@ -1,7 +1,5 @@
<?php <?php
;
try { try {
//SYS_SYS //Workspace name //SYS_SYS //Workspace name
//PROCESS //Process UID //PROCESS //Process UID

1
gulliver/bin/tasks/templates/pluginWelcome.php.tpl
View File

@@ -23,7 +23,6 @@ $_DBArray['user'] = $rows;
$_SESSION['_DBArray'] = $_DBArray; $_SESSION['_DBArray'] = $_DBArray;
//krumo ( $_DBArray ); //krumo ( $_DBArray );
;
$c = new Criteria ('dbarray'); $c = new Criteria ('dbarray');
$c->setDBArrayTable('user'); $c->setDBArrayTable('user');
//$c->add ( 'user.age', 122 , Criteria::GREATER_EQUAL ); //$c->add ( 'user.age', 122 , Criteria::GREATER_EQUAL );

2
gulliver/bin/tasks/templates/skinPluginMainClass.tpl
View File

@@ -4,8 +4,6 @@
* *
*/ */
;
class {className}Plugin extends PMPlugin { class {className}Plugin extends PMPlugin {
function {className}Plugin($sNamespace, $sFilename = null) { function {className}Plugin($sNamespace, $sFilename = null) {

2
gulliver/bin/tasks/templates/sysGeneric.php.tpl
View File

@@ -198,7 +198,7 @@ $docuroot = explode ( PATH_SEP , $_SERVER['DOCUMENT_ROOT'] );
//***************** Plugins ************************** //***************** Plugins **************************
;
// //here we are loading all plugins registered // //here we are loading all plugins registered
// //the singleton has a list of enabled plugins // //the singleton has a list of enabled plugins

2
gulliver/bin/tasks/templates/usersList.php.tpl
View File

@@ -21,7 +21,7 @@ $G_ID_SUB_MENU_SELECTED = 'USERS';
$_DBArray['user'] = $rows; $_DBArray['user'] = $rows;
$_SESSION['_DBArray'] = $_DBArray; $_SESSION['_DBArray'] = $_DBArray;
;
$c = new Criteria ('dbarray'); $c = new Criteria ('dbarray');
$c->setDBArrayTable('user'); $c->setDBArrayTable('user');

1
gulliver/bin/tasks/templates/welcome.php.tpl
View File

@@ -23,7 +23,6 @@ $_DBArray['user'] = $rows;
$_SESSION['_DBArray'] = $_DBArray; $_SESSION['_DBArray'] = $_DBArray;
//krumo ( $_DBArray ); //krumo ( $_DBArray );
;
$c = new Criteria ('dbarray'); $c = new Criteria ('dbarray');
$c->setDBArrayTable('user'); $c->setDBArrayTable('user');
//$c->add ( 'user.age', 122 , Criteria::GREATER_EQUAL ); //$c->add ( 'user.age', 122 , Criteria::GREATER_EQUAL );

1
gulliver/js/grid/core/grid.js
View File

@@ -563,6 +563,7 @@ var G_Grid = function(oForm, sGridName){
case 'textarea': //TEXTAREA case 'textarea': //TEXTAREA
aObjects = oNewRow.getElementsByTagName('td')[i].getElementsByTagName('textarea'); aObjects = oNewRow.getElementsByTagName('td')[i].getElementsByTagName('textarea');
if (aObjects){ if (aObjects){
aObjects[0].value = '';
aObjects[0].className = "module_app_input___gray"; aObjects[0].className = "module_app_input___gray";
newID = aObjects[0].id.replace(/\[1\]/g, '\[' + currentRow + '\]'); newID = aObjects[0].id.replace(/\[1\]/g, '\[' + currentRow + '\]');

2
gulliver/methods/errors/block.php
View File

@@ -3,7 +3,7 @@ if (function_exists("http_response_code")) {
http_response_code(200); http_response_code(200);
} }
$http = (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") ? "https" : "http"; $http = G::is_https() ? "https" : "http";
$host = $_SERVER["SERVER_NAME"] . (($_SERVER["SERVER_PORT"] != "80") ? ":" . $_SERVER["SERVER_PORT"] : ""); $host = $_SERVER["SERVER_NAME"] . (($_SERVER["SERVER_PORT"] != "80") ? ":" . $_SERVER["SERVER_PORT"] : "");
$urlLogin = $http . "://" . $host . "/sys/en/neoclassic/login/login"; $urlLogin = $http . "://" . $host . "/sys/en/neoclassic/login/login";

2
gulliver/methods/errors/error403.php
View File

@@ -1,6 +1,6 @@
<?php <?php
$http = (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on")? "https" : "http"; $http = G::is_https() ? "https" : "http";
$host = $_SERVER["SERVER_NAME"] . (($_SERVER["SERVER_PORT"] != "80")? ":" . $_SERVER["SERVER_PORT"] : ""); $host = $_SERVER["SERVER_NAME"] . (($_SERVER["SERVER_PORT"] != "80")? ":" . $_SERVER["SERVER_PORT"] : "");
$urlLogin = $http . "://" . $host . "/sys/en/neoclassic/login/login"; $urlLogin = $http . "://" . $host . "/sys/en/neoclassic/login/login";

14
gulliver/system/class.database_mysql.php
View File

@@ -207,12 +207,16 @@ class database extends database_base
} }
} }
if (isset( $aParameters['AutoIncrement'] ) && $aParameters['AutoIncrement']) { if (isset( $aParameters['AutoIncrement'] ) && $aParameters['AutoIncrement']) {
$sSQL .= ' AUTO_INCREMENT PRIMARY KEY'; $sSQL .= ' AUTO_INCREMENT';
} }
/*if ($aParameters['Key'] == 'PRI') { if (isset( $aParameters['PrimaryKey'] ) && $aParameters['PrimaryKey']) {
$sKeys .= 'ALTER TABLE ' . $this->sQuoteCharacter . $sTable . $this->sQuoteCharacter . $sSQL .= ' PRIMARY KEY';
' ADD PRIMARY KEY (' . $this->sQuoteCharacter . $sColumn . $this->sQuoteCharacter . ')' . $this->sEndLine; }
}*/ if (isset( $aParameters['Unique'] ) && $aParameters['Unique']) {
$sSQL .= ' UNIQUE';
}
//we need to check the property AI
if (isset( $aParameters['AI'] )) { if (isset( $aParameters['AI'] )) {
if ($aParameters['AI'] == 1) { if ($aParameters['AI'] == 1) {
$sSQL .= ' AUTO_INCREMENT'; $sSQL .= ' AUTO_INCREMENT';

63
gulliver/system/class.dbMaintenance.php
View File

@@ -49,6 +49,7 @@ class DataBaseMaintenance
protected $tmpDir; protected $tmpDir;
protected $outfile; protected $outfile;
protected $infile; protected $infile;
protected $isWindows;
/** /**
* __construct * __construct
@@ -64,7 +65,7 @@ class DataBaseMaintenance
$this->tmpDir = './'; $this->tmpDir = './';
$this->link = null; $this->link = null;
$this->dbName = null; $this->dbName = null;
$this->isWindows = strtoupper(substr(PHP_OS, 0, 3)) === 'WIN';
if (isset( $host ) && isset( $user ) && isset( $passwd )) { if (isset( $host ) && isset( $user ) && isset( $passwd )) {
$this->host = $host; $this->host = $host;
$this->user = $user; $this->user = $user;
@@ -399,13 +400,22 @@ class DataBaseMaintenance
*/ */
function backupDataBase ($outfile) function backupDataBase ($outfile)
{ {
$password = escapeshellarg($this->passwd);
//On Windows, escapeshellarg() instead replaces percent signs, exclamation
//marks (delayed variable substitution) and double quotes with spaces and
//adds double quotes around the string.
//See: http://php.net/manual/en/function.escapeshellarg.php
if ($this->isWindows) {
$password = $this->escapeshellargCustom($this->passwd);
}
$aHost = explode(':', $this->host); $aHost = explode(':', $this->host);
$dbHost = $aHost[0]; $dbHost = $aHost[0];
if (isset($aHost[1])) { if (isset($aHost[1])) {
$dbPort = $aHost[1]; $dbPort = $aHost[1];
$command = 'mysqldump' $command = 'mysqldump'
. ' --user=' . $this->user . ' --user=' . $this->user
. ' --password=' . escapeshellarg($this->passwd) . ' --password=' . $password
. ' --host=' . $dbHost . ' --host=' . $dbHost
. ' --port=' . $dbPort . ' --port=' . $dbPort
. ' --opt' . ' --opt'
@@ -418,13 +428,60 @@ class DataBaseMaintenance
. ' --user=' . $this->user . ' --user=' . $this->user
. ' --opt' . ' --opt'
. ' --skip-comments' . ' --skip-comments'
. ' --password=' . escapeshellarg($this->passwd) . ' --password=' . $password
. ' ' . $this->dbName . ' ' . $this->dbName
. ' > ' . $outfile; . ' > ' . $outfile;
} }
shell_exec($command); shell_exec($command);
} }
/**
* string escapeshellargCustom ( string $arg , character $quotes)
*
* escapeshellarg() adds single quotes around a string and quotes/escapes any
* existing single quotes allowing you to pass a string directly to a shell
* function and having it be treated as a single safe argument. This function
* should be used to escape individual arguments to shell functions coming
* from user input. The shell functions include exec(), system() and the
* backtick operator.
*
* On Windows, escapeshellarg() instead replaces percent signs, exclamation
* marks (delayed variable substitution) and double quotes with spaces and
* adds double quotes around the string.
*/
private function escapeshellargCustom($string, $quotes = "")
{
if ($quotes === "") {
$quotes = $this->isWindows ? "\"" : "'";
}
$n = strlen($string);
$special = ["!", "%", "\""];
$substring = "";
$result1 = [];
$result2 = [];
for ($i = 0; $i < $n; $i++) {
if (in_array($string[$i], $special, true)) {
$result2[] = $string[$i];
$result1[] = $substring;
$substring = "";
} else {
$substring = $substring . $string[$i];
}
}
$result1[] = $substring;
//Rebuild the password string
$n = count($result1);
for ($i = 0; $i < $n; $i++) {
$result1[$i] = trim(escapeshellarg($result1[$i]), $quotes);
if (isset($result2[$i])) {
$result1[$i] = $result1[$i] . $result2[$i];
}
}
//add simple quotes, see escapeshellarg function
$newString = $quotes . implode("", $result1) . $quotes;
return $newString;
}
/** /**
* restoreFromSql * restoreFromSql
* *

53
gulliver/system/class.g.php
View File

@@ -187,7 +187,7 @@ class G
* @param string $symbol * @param string $symbol
* @return string * @return string
*/ */
public function generate_password($length = 15, $availableSets = "luns", $symbol = "_-+=!@#$%*&,.") public function generate_password($length = 15, $availableSets = "luns", $symbol = "_-$!")
{ {
$chars = ""; $chars = "";
if (strpos($availableSets, "l") !== false) { if (strpos($availableSets, "l") !== false) {
@@ -1825,6 +1825,14 @@ class G
$arrayGrid = array_unique($arrayGrid); $arrayGrid = array_unique($arrayGrid);
//Given the set: 'valueOne', 'valueOneTwo', where the second string
//contains the first string, this causes the larger string to take
//the second, resulting in a delimitation error, to avoid this problem
//we first search the string larger size.
usort($arrayGrid, function($a, $b) {
return strlen($b) - strlen($a);
});
foreach ($arrayGrid as $index => $value) { foreach ($arrayGrid as $index => $value) {
if($value !== "") { if($value !== "") {
$grdName = $value; $grdName = $value;
@@ -1981,7 +1989,7 @@ class G
* *
* @return void * @return void
*/ */
public function SendTemporalMessage ($msgID, $strType, $sType = 'LABEL', $time = null, $width = null, $customLabels = null) public static function SendTemporalMessage ($msgID, $strType, $sType = 'LABEL', $time = null, $width = null, $customLabels = null)
{ {
if (isset( $width )) { if (isset( $width )) {
$_SESSION['G_MESSAGE_WIDTH'] = $width; $_SESSION['G_MESSAGE_WIDTH'] = $width;
@@ -2912,6 +2920,16 @@ class G
return (bool) preg_match( '/^[0-9A-Za-z]{14,}/', $uid ); return (bool) preg_match( '/^[0-9A-Za-z]{14,}/', $uid );
} }
/**
* Verify if the input string is a valid UID of size 32
* @param string $uid
* @return boolean
*/
public static function verifyUniqueID32($uid)
{
return (bool) preg_match('/^[0-9A-Za-z]{32,32}$/', $uid);
}
/** /**
* is_utf8 * is_utf8
* *
@@ -2921,11 +2939,10 @@ class G
*/ */
public function is_utf8 ($string) public function is_utf8 ($string)
{ {
if (is_array( $string )) { if (preg_match('//u', $string)) {
$enc = implode( '', $string ); return true;
return @! ((ord( $enc[0] ) != 239) && (ord( $enc[1] ) != 187) && (ord( $enc[2] ) != 191));
} else { } else {
return (utf8_encode( utf8_decode( $string ) ) == $string); return false;
} }
} }
@@ -5408,6 +5425,12 @@ class G
} }
/** /**
* This function save history about some actions in the file audit.log
* The data is used in the Audit Log functionality
*
* @param string $actionToLog
* @param string $valueToLog
* @return void
*/ */
public static function auditLog($actionToLog, $valueToLog = "") public static function auditLog($actionToLog, $valueToLog = "")
{ {
@@ -5416,13 +5439,25 @@ class G
$sflag = $conf->getConfiguration('AUDIT_LOG', 'log'); $sflag = $conf->getConfiguration('AUDIT_LOG', 'log');
$sflagAudit = $sflag == 'true' ? true : false; $sflagAudit = $sflag == 'true' ? true : false;
$ipClient = G::getIpAddress(); $ipClient = G::getIpAddress();
$userUid = 'Unknow User';
$fullName = '-';
/*----------------------------------********---------------------------------*/ /*----------------------------------********---------------------------------*/
$licensedFeatures = PMLicensedFeatures::getSingleton(); $licensedFeatures = PMLicensedFeatures::getSingleton();
if ($sflagAudit && $licensedFeatures->verifyfeature('vtSeHNhT0JnSmo1bTluUVlTYUxUbUFSVStEeXVqc1pEUG5EeXc0MGd2Q3ErYz0=')) { if ($sflagAudit && $licensedFeatures->verifyfeature('vtSeHNhT0JnSmo1bTluUVlTYUxUbUFSVStEeXVqc1pEUG5EeXc0MGd2Q3ErYz0=')) {
$username = isset($_SESSION['USER_LOGGED']) && $_SESSION['USER_LOGGED'] != '' ? $_SESSION['USER_LOGGED'] : 'Unknow User'; if (isset($_SESSION['USER_LOGGED']) && $_SESSION['USER_LOGGED'] != '') {
$fullname = isset($_SESSION['USR_FULLNAME']) && $_SESSION['USR_FULLNAME'] != '' ? $_SESSION['USR_FULLNAME'] : '-'; $userUid = $_SESSION['USER_LOGGED'];
G::log("|". $workspace ."|". $ipClient ."|". $username . "|" . $fullname ."|" . $actionToLog . "|" . $valueToLog, PATH_DATA, "audit.log"); } else {
//Get the usrUid related to the accessToken
$userUid = \ProcessMaker\Services\OAuth2\Server::getUserId();
if (!empty($userUid)) {
$oUserLogged = new \Users();
$user = $oUserLogged->loadDetails($userUid);
$fullName = $user['USR_FULLNAME'];
}
}
$fullName = isset($_SESSION['USR_FULLNAME']) && $_SESSION['USR_FULLNAME'] != '' ? $_SESSION['USR_FULLNAME'] : $fullName;
G::log("|". $workspace ."|". $ipClient ."|". $userUid . "|" . $fullName ."|" . $actionToLog . "|" . $valueToLog, PATH_DATA, "audit.log");
} }
/*----------------------------------********---------------------------------*/ /*----------------------------------********---------------------------------*/
} }

2
gulliver/system/class.menu.php
View File

@@ -283,7 +283,7 @@ class Menu
*/ */
public function DisableOptionId($id) public function DisableOptionId($id)
{ {
if (array_search($id, $this->Id)) { if (array_search($id, $this->Id) !== FALSE) {
$this->Enabled[array_search($id, $this->Id)] = 0; $this->Enabled[array_search($id, $this->Id)] = 0;
} }
} }

2
gulliver/system/class.monologProvider.php
View File

@@ -106,11 +106,13 @@ class MonologProvider
break; break;
case 400://ERROR case 400://ERROR
$this->registerLogger->addError($message, $context); $this->registerLogger->addError($message, $context);
break;
case 500://CRITICAL case 500://CRITICAL
$this->registerLogger->addCritical($message, $context); $this->registerLogger->addCritical($message, $context);
break; break;
case 550://ALERT case 550://ALERT
$this->registerLogger->addAlert($message, $context); $this->registerLogger->addAlert($message, $context);
break;
case 600://EMERGENCY case 600://EMERGENCY
$this->registerLogger->addEmergency($message, $context); $this->registerLogger->addEmergency($message, $context);
break; break;

11
gulliver/system/class.rbac.php
View File

@@ -25,6 +25,9 @@
* Coral Gables, FL, 33134, USA, or email info@colosa.com. * Coral Gables, FL, 33134, USA, or email info@colosa.com.
* *
*/ */
use ProcessMaker\Exception\RBACException;
/** /**
* File: $Id$ * File: $Id$
* *
@@ -70,6 +73,7 @@ class RBAC
public $singleSignOn = false; public $singleSignOn = false;
private static $instance = null; private static $instance = null;
public $authorizedActions = array();
public function __construct () public function __construct ()
{ {
@@ -148,6 +152,10 @@ class RBAC
'newSite.php' => array( 'newSite.php' => array(
'newSite.php' => array('PM_SETUP_ADVANCE') 'newSite.php' => array('PM_SETUP_ADVANCE')
), ),
'emailsAjax.php' => array(
'MessageList' => array('PM_SETUP', 'PM_SETUP_LOGS'),
'updateStatusMessage' => array('PM_SETUP', 'PM_SETUP_LOGS'),
),
'processCategory_Ajax.php' => array( 'processCategory_Ajax.php' => array(
'processCategoryList' => array('PM_SETUP', 'PM_SETUP_PROCESS_CATEGORIES'), 'processCategoryList' => array('PM_SETUP', 'PM_SETUP_PROCESS_CATEGORIES'),
'updatePageSize' => array('PM_SETUP', 'PM_SETUP_PROCESS_CATEGORIES'), 'updatePageSize' => array('PM_SETUP', 'PM_SETUP_PROCESS_CATEGORIES'),
@@ -1554,8 +1562,7 @@ class RBAC
} }
if (!$access) { if (!$access) {
G::header('Location: /errors/error403.php'); throw new RBACException('ID_ACCESS_DENIED', 403);
die();
} }
} }
} }

2
workflow/engine/classes/Calendar.php
View File

@@ -828,7 +828,7 @@ class Calendar extends CalendarDefinition
$newDate = $onlyDate; $newDate = $onlyDate;
$hoursDuration -= (float)($secondRes/3600); $hoursDuration -= (float)($secondRes/3600);
} else { } else {
$newDate = date('Y-m-d H:i:s', strtotime('+' . (((float)$hoursDuration)*3600) . ' seconds', strtotime($newDate))); $newDate = date('Y-m-d H:i:s', strtotime('+' . round((((float)$hoursDuration)*3600), 5) . ' seconds', strtotime($newDate)));
$hoursDuration = 0; $hoursDuration = 0;
} }
} }

53
workflow/engine/classes/model/ListParticipatedLast.php
View File

@@ -49,19 +49,24 @@ class ListParticipatedLast extends BaseListParticipatedLast
$data['DEL_CURRENT_USR_FIRSTNAME'] = $aRow['USR_FIRSTNAME']; $data['DEL_CURRENT_USR_FIRSTNAME'] = $aRow['USR_FIRSTNAME'];
$data['DEL_CURRENT_USR_LASTNAME'] = $aRow['USR_LASTNAME']; $data['DEL_CURRENT_USR_LASTNAME'] = $aRow['USR_LASTNAME'];
$data['DEL_CURRENT_TAS_TITLE'] = $data['APP_TAS_TITLE']; $data['DEL_CURRENT_TAS_TITLE'] = $data['APP_TAS_TITLE'];
$currentInformation = array(
'DEL_CURRENT_USR_USERNAME' => $data['DEL_CURRENT_USR_USERNAME'],
'DEL_CURRENT_USR_FIRSTNAME' => $data['DEL_CURRENT_USR_FIRSTNAME'],
'DEL_CURRENT_USR_LASTNAME' => $data['DEL_CURRENT_USR_LASTNAME'],
'DEL_CURRENT_TAS_TITLE' => $data['APP_TAS_TITLE']
);
} }
} else { } else {
$getData['USR_UID'] = $data['USR_UID_CURRENT']; $getData['USR_UID'] = $data['USR_UID_CURRENT'];
$getData['APP_UID'] = $data['APP_UID']; $getData['APP_UID'] = $data['APP_UID'];
$row = $this->getRowFromList($getData); $row = $this->getRowFromList($getData);
if (is_array($row) && sizeof($row)) { if (is_array($row) && sizeof($row)) {
$set = array( $currentInformation = array(
'DEL_CURRENT_USR_USERNAME' => '', 'DEL_CURRENT_USR_USERNAME' => '',
'DEL_CURRENT_USR_FIRSTNAME' => '', 'DEL_CURRENT_USR_FIRSTNAME' => '',
'DEL_CURRENT_USR_LASTNAME' => '', 'DEL_CURRENT_USR_LASTNAME' => '',
'APP_TAS_TITLE' => $data['APP_TAS_TITLE'], 'DEL_CURRENT_TAS_TITLE' => $data['APP_TAS_TITLE']
'DEL_CURRENT_TAS_TITLE' => $data['APP_TAS_TITLE'], ); );
$this->updateCurrentUser($row, $set);
} }
} }
@@ -84,6 +89,9 @@ class ListParticipatedLast extends BaseListParticipatedLast
if (!empty($data['APP_STATUS'])) { if (!empty($data['APP_STATUS'])) {
$data['APP_STATUS_ID'] = Application::$app_status_values[$data['APP_STATUS']]; $data['APP_STATUS_ID'] = Application::$app_status_values[$data['APP_STATUS']];
} }
//We will update the current information
$this->updateCurrentInfoByAppUid($data['APP_UID'], $currentInformation);
$con = Propel::getConnection(ListParticipatedLastPeer::DATABASE_NAME); $con = Propel::getConnection(ListParticipatedLastPeer::DATABASE_NAME);
try { try {
$this->fromArray($data, BasePeer::TYPE_FIELDNAME); $this->fromArray($data, BasePeer::TYPE_FIELDNAME);
@@ -103,6 +111,27 @@ class ListParticipatedLast extends BaseListParticipatedLast
} }
} }
/**
* This function update the row related to the appUid with the current information
* @param string $appUid
* @param array $currentInformation
* @return void
*/
private function updateCurrentInfoByAppUid($appUid, $currentInformation)
{
//Update - WHERE
$criteriaWhere = new Criteria('workflow');
$criteriaWhere->add(ListParticipatedLastPeer::APP_UID, $appUid, Criteria::EQUAL);
//Update - SET
$criteriaSet = new Criteria('workflow');
$criteriaSet->add(ListParticipatedLastPeer::DEL_CURRENT_USR_USERNAME, $currentInformation['DEL_CURRENT_USR_USERNAME']);
$criteriaSet->add(ListParticipatedLastPeer::DEL_CURRENT_USR_FIRSTNAME, $currentInformation['DEL_CURRENT_USR_FIRSTNAME']);
$criteriaSet->add(ListParticipatedLastPeer::DEL_CURRENT_USR_LASTNAME, $currentInformation['DEL_CURRENT_USR_LASTNAME']);
$criteriaSet->add(ListParticipatedLastPeer::DEL_CURRENT_TAS_TITLE, $currentInformation['DEL_CURRENT_TAS_TITLE']);
BasePeer::doUpdate($criteriaWhere, $criteriaSet, Propel::getConnection('workflow'));
}
/** /**
* Update List Participated History Table. * Update List Participated History Table.
* *
@@ -448,22 +477,6 @@ class ListParticipatedLast extends BaseListParticipatedLast
return false; return false;
} }
public function updateCurrentUser($where, $set)
{
$con = Propel::getConnection('workflow');
//Update - WHERE
$criteriaWhere = new Criteria('workflow');
$criteriaWhere->add(ListParticipatedLastPeer::APP_UID, $where['APP_UID'], Criteria::EQUAL);
$criteriaWhere->add(ListParticipatedLastPeer::USR_UID, $where['USR_UID'], Criteria::EQUAL);
$criteriaWhere->add(ListParticipatedLastPeer::DEL_INDEX, $where['DEL_INDEX'], Criteria::EQUAL);
//Update - SET
$criteriaSet = new Criteria('workflow');
foreach ($set as $k => $v) {
eval('$criteriaSet->add( ListParticipatedLastPeer::'.$k.',$v, Criteria::EQUAL);');
}
BasePeer::doUpdate($criteriaWhere, $criteriaSet, $con);
}
/** /**
* Returns the number of cases of a user. * Returns the number of cases of a user.
* *

32
workflow/engine/controllers/pmTables.php
View File

@@ -152,6 +152,11 @@ class pmTables extends Controller
$sFileName = $httpData->f; $sFileName = $httpData->f;
$realPath = $PUBLIC_ROOT_PATH . $sFileName; $realPath = $PUBLIC_ROOT_PATH . $sFileName;
if ($this->isValidFileToBeStreamed($sFileName) === false) {
throw new Exception("You are trying to access an unauthorized resource.");
}
G::streamFile( $realPath, true ); G::streamFile( $realPath, true );
unlink( $realPath ); unlink( $realPath );
} }
@@ -206,5 +211,32 @@ class pmTables extends Controller
$tableSize = $tableSize - 8; // Prefix PMT_ $tableSize = $tableSize - 8; // Prefix PMT_
return $tableSize; return $tableSize;
} }
/**
* Validates if the file with the $fileName is a valid one,
* that is, it must be a file without relative references that
* can open a door to get some unauthorized system file and
* must have one of the valid file extensions.
*
* @param $fileName, emporal file name that will be streamed
* @return bool
*/
private function isValidFileToBeStreamed($fileName)
{
$result = true;
$validExtensionsForExporting = ['csv', 'pmt'];
$pathInfo = pathinfo($fileName);
if ($pathInfo['dirname'] !== '.') {
$result = false;
}
if (!in_array($pathInfo['extension'], $validExtensionsForExporting)) {
$result = false;
}
return $result;
}
} }

19
workflow/engine/methods/login/login.php
View File

@@ -33,10 +33,23 @@ if ($browserSupported==false){
/*----------------------------------********---------------------------------*/ /*----------------------------------********---------------------------------*/
$aFields = array(); $aFields = array();
if (!isset($_GET['u'])) { //Validated redirect url
$aFields['URL'] = ''; $aFields['URL'] = '';
} else { if (!empty($_GET['u'])) {
//clean url with protocols
$flagUrl = true;
//Most used protocols
$protocols = ['https://', 'http://', 'ftp://', 'sftp://','smb://', 'file:', 'mailto:'];
foreach ($protocols as $protocol) {
if (strpos($_GET['u'], $protocol) !== false) {
$_GET['u'] = '';
$flagUrl = false;
break;
}
}
if ($flagUrl) {
$aFields['URL'] = htmlspecialchars(addslashes(stripslashes(strip_tags(trim(urldecode($_GET['u'])))))); $aFields['URL'] = htmlspecialchars(addslashes(stripslashes(strip_tags(trim(urldecode($_GET['u']))))));
}
} }
if (!isset($_SESSION['G_MESSAGE'])) { if (!isset($_SESSION['G_MESSAGE'])) {

71
workflow/engine/methods/mails/emailsAjax.php
View File

@@ -1,23 +1,33 @@
<?php <?php
$req = (isset($_POST['request']))? $_POST['request']:((isset($_REQUEST['request']))? $_REQUEST['request'] : 'No hayyy tal');
require_once 'classes/model/Content.php'; use ProcessMaker\Exception\RBACException;
require_once 'classes/model/AppMessage.php';
require_once 'classes/model/AppDelegation.php';
require_once 'classes/model/Application.php';
switch($req){ $req = (isset($_REQUEST['request']) ? $_REQUEST['request'] : '');
/** @var RBAC $RBAC */
global $RBAC;
switch ($RBAC->userCanAccess('PM_LOGIN')) {
case -2:
throw new RBACException('ID_USER_HAVENT_RIGHTS_SYSTEM', -2);
break;
case -1:
throw new RBACException('ID_USER_HAVENT_RIGHTS_PAGE', -1);
break;
}
$RBAC->allows(basename(__FILE__), $req);
switch ($req) {
case 'MessageList': case 'MessageList':
$start = (isset($_REQUEST['start']))? $_REQUEST['start'] : '0'; $start = (isset($_REQUEST['start'])) ? $_REQUEST['start'] : '0';
$limit = (isset($_REQUEST['limit']))? $_REQUEST['limit'] : '25'; $limit = (isset($_REQUEST['limit'])) ? $_REQUEST['limit'] : '25';
$proUid = (isset($_REQUEST['process']))? $_REQUEST['process'] : ''; $proUid = (isset($_REQUEST['process'])) ? $_REQUEST['process'] : '';
$eventype = (isset($_REQUEST['type']))? $_REQUEST['type'] : ''; $eventype = (isset($_REQUEST['type'])) ? $_REQUEST['type'] : '';
$emailStatus = (isset($_REQUEST['status']))? $_REQUEST['status'] : ''; $emailStatus = (isset($_REQUEST['status'])) ? $_REQUEST['status'] : '';
$sort = isset($_REQUEST['sort']) ? $_REQUEST['sort'] : ''; $sort = isset($_REQUEST['sort']) ? $_REQUEST['sort'] : '';
$dir = isset($_REQUEST['dir']) ? $_REQUEST['dir'] : 'ASC'; $dir = isset($_REQUEST['dir']) ? $_REQUEST['dir'] : 'ASC';
$dateFrom = isset( $_POST["dateFrom"] ) ? substr( $_POST["dateFrom"], 0, 10 ) : ""; $dateFrom = isset($_POST["dateFrom"]) ? substr($_POST["dateFrom"], 0, 10) : "";
$dateTo = isset( $_POST["dateTo"] ) ? substr( $_POST["dateTo"], 0, 10 ) : ""; $dateTo = isset($_POST["dateTo"]) ? substr($_POST["dateTo"], 0, 10) : "";
$filterBy = (isset($_REQUEST['filterBy']))? $_REQUEST['filterBy'] : 'ALL'; $filterBy = (isset($_REQUEST['filterBy'])) ? $_REQUEST['filterBy'] : 'ALL';
$response = new stdclass(); $response = new stdclass();
$response->status = 'OK'; $response->status = 'OK';
@@ -28,10 +38,10 @@ switch($req){
$criteria->addJoin(AppMessagePeer::APP_UID, ApplicationPeer::APP_UID, Criteria::LEFT_JOIN); $criteria->addJoin(AppMessagePeer::APP_UID, ApplicationPeer::APP_UID, Criteria::LEFT_JOIN);
if ($emailStatus != '') { if ($emailStatus != '') {
$criteria->add( AppMessagePeer::APP_MSG_STATUS, $emailStatus); $criteria->add(AppMessagePeer::APP_MSG_STATUS, $emailStatus);
} }
if ($proUid != '') { if ($proUid != '') {
$criteria->add( ApplicationPeer::PRO_UID, $proUid); $criteria->add(ApplicationPeer::PRO_UID, $proUid);
} }
$arrayType = []; $arrayType = [];
@@ -39,7 +49,7 @@ switch($req){
$pluginRegistry = PMPluginRegistry::getSingleton(); $pluginRegistry = PMPluginRegistry::getSingleton();
$statusEr = $pluginRegistry->getStatusPlugin('externalRegistration'); $statusEr = $pluginRegistry->getStatusPlugin('externalRegistration');
$flagEr = (preg_match('/^enabled$/', $statusEr))? 1 : 0; $flagEr = (preg_match('/^enabled$/', $statusEr)) ? 1 : 0;
if ($flagEr == 0) { if ($flagEr == 0) {
$arrayType[] = 'EXTERNAL_REGISTRATION'; $arrayType[] = 'EXTERNAL_REGISTRATION';
@@ -73,14 +83,14 @@ switch($req){
$dateTo = $dateTo . " 23:59:59"; $dateTo = $dateTo . " 23:59:59";
} }
$criteria->add( $criteria->getNewCriterion( AppMessagePeer::APP_MSG_DATE, $dateFrom, Criteria::GREATER_EQUAL )->addAnd( $criteria->getNewCriterion( AppMessagePeer::APP_MSG_DATE, $dateTo, Criteria::LESS_EQUAL ) ) ); $criteria->add($criteria->getNewCriterion(AppMessagePeer::APP_MSG_DATE, $dateFrom, Criteria::GREATER_EQUAL)->addAnd($criteria->getNewCriterion(AppMessagePeer::APP_MSG_DATE, $dateTo, Criteria::LESS_EQUAL)));
} else { } else {
$dateFrom = $dateFrom . " 00:00:00"; $dateFrom = $dateFrom . " 00:00:00";
$criteria->add( AppMessagePeer::APP_MSG_DATE, $dateFrom, Criteria::GREATER_EQUAL ); $criteria->add(AppMessagePeer::APP_MSG_DATE, $dateFrom, Criteria::GREATER_EQUAL);
} }
} elseif ($dateTo != "") { } elseif ($dateTo != "") {
$dateTo = $dateTo . " 23:59:59"; $dateTo = $dateTo . " 23:59:59";
$criteria->add( AppMessagePeer::APP_MSG_DATE, $dateTo, Criteria::LESS_EQUAL ); $criteria->add(AppMessagePeer::APP_MSG_DATE, $dateTo, Criteria::LESS_EQUAL);
} }
//Number records total //Number records total
@@ -118,10 +128,10 @@ switch($req){
$criteria->addSelectColumn(ProcessPeer::PRO_TITLE); $criteria->addSelectColumn(ProcessPeer::PRO_TITLE);
if ($emailStatus != '') { if ($emailStatus != '') {
$criteria->add( AppMessagePeer::APP_MSG_STATUS, $emailStatus); $criteria->add(AppMessagePeer::APP_MSG_STATUS, $emailStatus);
} }
if ($proUid != '') { if ($proUid != '') {
$criteria->add( ApplicationPeer::PRO_UID, $proUid); $criteria->add(ApplicationPeer::PRO_UID, $proUid);
} }
switch ($filterBy) { switch ($filterBy) {
@@ -152,24 +162,27 @@ switch($req){
$dateTo = $dateTo . " 23:59:59"; $dateTo = $dateTo . " 23:59:59";
} }
$criteria->add( $criteria->getNewCriterion( AppMessagePeer::APP_MSG_DATE, $dateFrom, Criteria::GREATER_EQUAL )->addAnd( $criteria->getNewCriterion( AppMessagePeer::APP_MSG_DATE, $dateTo, Criteria::LESS_EQUAL ) ) ); $criteria->add($criteria->getNewCriterion(AppMessagePeer::APP_MSG_DATE, $dateFrom, Criteria::GREATER_EQUAL)->addAnd($criteria->getNewCriterion(AppMessagePeer::APP_MSG_DATE, $dateTo, Criteria::LESS_EQUAL)));
} else { } else {
$dateFrom = $dateFrom . " 00:00:00"; $dateFrom = $dateFrom . " 00:00:00";
$criteria->add( AppMessagePeer::APP_MSG_DATE, $dateFrom, Criteria::GREATER_EQUAL ); $criteria->add(AppMessagePeer::APP_MSG_DATE, $dateFrom, Criteria::GREATER_EQUAL);
} }
} elseif ($dateTo != "") { } elseif ($dateTo != "") {
$dateTo = $dateTo . " 23:59:59"; $dateTo = $dateTo . " 23:59:59";
$criteria->add( AppMessagePeer::APP_MSG_DATE, $dateTo, Criteria::LESS_EQUAL ); $criteria->add(AppMessagePeer::APP_MSG_DATE, $dateTo, Criteria::LESS_EQUAL);
} }
if ($sort != '') { if ($sort != '') {
if (!in_array($sort, AppMessagePeer::getFieldNames(BasePeer::TYPE_FIELDNAME))) {
throw new Exception(G::LoadTranslation('ID_INVALID_VALUE_FOR', array('$sort')));
}
if ($dir == 'ASC') { if ($dir == 'ASC') {
$criteria->addAscendingOrderByColumn($sort); $criteria->addAscendingOrderByColumn($sort);
} else { } else {
$criteria->addDescendingOrderByColumn($sort); $criteria->addDescendingOrderByColumn($sort);
} }
} else { } else {
$oCriteria->addDescendingOrderByColumn(AppMessagePeer::APP_MSG_SEND_DATE ); $oCriteria->addDescendingOrderByColumn(AppMessagePeer::APP_MSG_SEND_DATE);
} }
if ($limit != '') { if ($limit != '') {
$criteria->setLimit($limit); $criteria->setLimit($limit);
@@ -187,10 +200,10 @@ switch($req){
$index = 1; $index = 1;
$content = new Content(); $content = new Content();
$tasTitleDefault = G::LoadTranslation('ID_TASK_NOT_RELATED'); $tasTitleDefault = G::LoadTranslation('ID_TASK_NOT_RELATED');
while ( $result->next() ) { while ($result->next()) {
$row = $result->getRow(); $row = $result->getRow();
$row['APP_MSG_FROM'] =htmlentities($row['APP_MSG_FROM'], ENT_QUOTES, "UTF-8"); $row['APP_MSG_FROM'] = htmlentities($row['APP_MSG_FROM'], ENT_QUOTES, "UTF-8");
$row['APP_MSG_STATUS'] = ucfirst ( $row['APP_MSG_STATUS']); $row['APP_MSG_STATUS'] = ucfirst($row['APP_MSG_STATUS']);
switch ($filterBy) { switch ($filterBy) {
case 'CASES': case 'CASES':

413
workflow/engine/methods/services/soap.php
View File

@@ -1,413 +0,0 @@
<?php
ini_set( "soap.wsdl_cache_enabled", "0" ); // disabling WSDL cache
$wsdl = PATH_METHODS . "services" . PATH_SEP . "pmos.wsdl";
function login ($params)
{
$ws = new wsBase();
$res = $ws->login( $params->userid, $params->password );
return $res->getPayloadArray();
}
function ProcessList ($params)
{
$x = ifPermission( $params->sessionId, 'PM_FACTORY' );
//if you are not an admin user, then this function will return only
//your valid process
if ($x == 0) {
$oSessions = new Sessions();
$session = $oSessions->getSessionUser( $params->sessionId );
$userId = $session['USR_UID'];
$ws = new wsBase();
$res = $ws->processListVerified( $userId );
return $res;
}
$ws = new wsBase();
$res = $ws->processList();
return array ("processes" => $res
);
}
function RoleList ($params)
{
$x = ifPermission( $params->sessionId, 'PM_USERS' );
if ($x == 0) {
$result[] = array ('guid' => 24,'name' => G::LoadTranslation('ID_NOT_PRIVILEGES'));
return $result;
}
$ws = new wsBase();
$res = $ws->roleList();
return array ("roles" => $res
);
}
function GroupList ($params)
{
$x = ifPermission( $params->sessionId, 'PM_USERS' );
if ($x == 0) {
$result[] = array ('guid' => 24,'name' => G::LoadTranslation('ID_NOT_PRIVILEGES'));
return $result;
}
$ws = new wsBase();
$res = $ws->groupList();
return array ("groups" => $res
);
}
function CaseList ($params)
{
ifSessionExpiredBreakThis( $params->sessionId );
$x = ifPermission( $params->sessionId, 'PM_CASES' );
if ($x == 0) {
return new wsResponse( 9, G::LoadTranslation('ID_SESSION_EXPIRED') );
}
$oSessions = new Sessions();
$session = $oSessions->getSessionUser( $params->sessionId );
$userId = $session['USR_UID'];
$ws = new wsBase();
$res = $ws->caseList( $userId );
return array ("cases" => $res
);
}
function UserList ($params)
{
$x = ifPermission( $params->sessionId, 'PM_USERS' );
if ($x == 0) {
$result[] = array ('guid' => 24,'name' => G::LoadTranslation('ID_NOT_PRIVILEGES') );
return $result;
}
$ws = new wsBase();
$res = $ws->userList();
return array ("users" => $res
);
}
function SendMessage ($params)
{
ifSessionExpiredBreakThis( $params->sessionId );
$x = ifPermission( $params->sessionId, 'PM_CASES' );
if ($x == 0) {
$result = new wsResponse( 24, G::LoadTranslation('ID_NOT_PRIVILEGES') );
return $result;
}
$ws = new wsBase();
$res = $ws->sendMessage( $params->caseId, $params->from, $params->to, $params->cc, $params->bcc, $params->subject, $params->template );
return $res->getPayloadArray();
}
function getCaseInfo ($params)
{
ifSessionExpiredBreakThis( $params->sessionId );
$x = ifPermission( $params->sessionId, 'PM_CASES' );
if ($x == 0) {
$result = new wsResponse( 24, "You do not have privileges" );
return $result;
}
$ws = new wsBase();
$res = $ws->getCaseInfo( $params->caseId, $params->delIndex );
return $res;
}
function SendVariables ($params)
{
$filter = new InputFilter();
ifSessionExpiredBreakThis( $params->sessionId );
$x = ifPermission( $params->sessionId, 'PM_CASES' );
if ($x == 0) {
$result = new wsResponse( 24, G::LoadTranslation('ID_NOT_PRIVILEGES') );
return $result;
}
$ws = new wsBase();
$variables = $params->variables;
if (is_object( $variables )) {
$Fields[$variables->name] = $variables->value;
}
if (is_array( $variables )) {
foreach ($variables as $key => $val) {
$name = $val->name;
$value = $val->value;
$val->name = $filter->validateInput($val->name);
$val->value = $filter->validateInput($val->value);
eval( '$Fields[ ' . $val->name . ' ]= $val->value ;' );
}
}
$params->variables = $Fields;
$res = $ws->sendVariables( $params->caseId, $params->variables );
return $res->getPayloadArray();
}
function GetVariables ($params)
{
ifSessionExpiredBreakThis( $params->sessionId );
$x = ifPermission( $params->sessionId, 'PM_CASES' );
if ($x == 0) {
$result = new wsResponse( 24, G::LoadTranslation('ID_NOT_PRIVILEGES') );
return $result;
}
$ws = new wsBase();
$res = $ws->getVariables( $params->caseId, $params->variables );
return array ("variables" => $res
);
}
function DerivateCase ($params)
{
ifSessionExpiredBreakThis( $params->sessionId );
$x = ifPermission( $params->sessionId, 'PM_CASES' );
if ($x == 0) {
$result = new wsResponse( 24, G::LoadTranslation('ID_NOT_PRIVILEGES') );
return $result;
}
$oSession = new Sessions();
$user = $oSession->getSessionUser( $params->sessionId );
$ws = new wsBase();
$res = $ws->derivateCase( $user['USR_UID'], $params->caseId, $params->delIndex );
return $res;
//return $res->getPayloadArray ( );
}
function executeTrigger ($params)
{
ifSessionExpiredBreakThis( $params->sessionId );
$x = ifPermission( $params->sessionId, 'PM_CASES' );
if ($x == 0) {
$result = new wsResponse( 24, G::LoadTranslation('ID_NOT_PRIVILEGES') );
return $result;
}
$oSession = new Sessions();
$user = $oSession->getSessionUser( $params->sessionId );
$ws = new wsBase();
$delIndex = (isset( $params->delIndex )) ? $params->delIndex : 1;
$res = $ws->executeTrigger( $user['USR_UID'], $params->caseId, $params->triggerIndex, $delIndex );
return $res->getPayloadArray();
}
function NewCaseImpersonate ($params)
{
$filter = new InputFilter();
ifSessionExpiredBreakThis( $params->sessionId );
$x = ifPermission( $params->sessionId, 'PM_CASES' );
if ($x == 0) {
$result = new wsResponse( 24, G::LoadTranslation('ID_NOT_PRIVILEGES') );
return $result;
}
$ws = new wsBase();
$variables = $params->variables;
foreach ($variables as $key => $val) {
$name = $val->name;
$value = $val->value;
$val->name = $filter->validateInput($val->name);
$val->value = $filter->validateInput($val->value);
eval( '$Fields[ ' . $val->name . ' ]= $val->value ;' );
}
$params->variables = $Fields;
$res = $ws->newCaseImpersonate( $params->processId, $params->userId, $params->variables );
return $res->getPayloadArray();
}
function NewCase ($params)
{
$filter = new InputFilter();
ifSessionExpiredBreakThis( $params->sessionId );
$x = ifPermission( $params->sessionId, 'PM_CASES' );
if ($x == 0) {
$result = new wsResponse( 24, G::LoadTranslation('ID_NOT_PRIVILEGES') );
return $result;
}
$oSessions = new Sessions();
$session = $oSessions->getSessionUser( $params->sessionId );
$userId = $session['USR_UID'];
$variables = $params->variables;
if (! isset( $params->variables )) {
$variables = array ();
$Fields = array ();
} else {
if (is_object( $variables )) {
/*foreach ( $variables as $key=>$val ) {
$name = $val->name;
$value = $val->value;
$Fields[ $val->name ]= $val->value ;
}*/
$Fields[$variables->name] = $variables->value;
}
if (is_array( $variables )) {
foreach ($variables as $key => $val) {
$name = $val->name;
$value = $val->value;
if (! is_object( $val->value )) {
$val->name = $filter->validateInput($val->name);
$val->value = $filter->validateInput($val->value);
eval( '$Fields[ ' . $val->name . ' ]= $val->value ;' );
} else {
if (is_array( $val->value->item )) {
$i = 1;
foreach ($val->value->item as $key1 => $val1) {
if (isset( $val1->value )) {
if (is_array( $val1->value->item )) {
foreach ($val1->value->item as $key2 => $val2) {
$Fields[$val->name][$i][$val2->key] = $val2->value;
}
}
}
$i ++;
}
}
}
}
}
}
$params->variables = $Fields;
//$result = new wsResponse (900, print_r($params->variables,1));
//return $result;
$ws = new wsBase();
$res = $ws->newCase( $params->processId, $userId, $params->taskId, $params->variables );
return $res;
}
function AssignUserToGroup ($params)
{
ifSessionExpiredBreakThis( $params->sessionId );
$x = ifPermission( $params->sessionId, 'PM_USERS' );
if ($x == 0) {
$result = new wsResponse( 24, G::LoadTranslation('ID_NOT_PRIVILEGES') );
return $result;
}
$sessions = new Sessions();
$user = $sessions->getSessionUser( $params->sessionId );
if (! is_array( $user )) {
return new wsResponse( 3, G::LoadTranslation('ID_USER_NOT_REGISTERED_SYSTEM') );
}
$ws = new wsBase();
$res = $ws->assignUserToGroup( $params->userId, $params->groupId );
return $res->getPayloadArray();
}
function CreateUser ($params)
{
ifSessionExpiredBreakThis( $params->sessionId );
$x = ifPermission( $params->sessionId, 'PM_USERS' );
if ($x == 0) {
$result = new wsResponse( 24, G::LoadTranslation('ID_NOT_PRIVILEGES') );
return $result;
}
$ws = new wsBase();
$res = $ws->createUser( $params->userId, $params->firstname, $params->lastname, $params->email, $params->role, $params->password );
return $res->getPayloadArray();
}
function TaskList ($params)
{
$x = ifPermission( $params->sessionId, 'PM_CASES' );
if ($x == 0) {
$result[] = array ('guid' => 24,'name' => G::LoadTranslation('ID_NOT_PRIVILEGES') );
return $result;
}
$ws = new wsBase();
$oSessions = new Sessions();
$session = $oSessions->getSessionUser( $params->sessionId );
$userId = $session['USR_UID'];
$res = $ws->taskList( $userId );
return array ("tasks" => $res
);
}
function TaskCase ($params)
{
ifSessionExpiredBreakThis( $params->sessionId );
$x = ifPermission( $params->sessionId, 'PM_CASES' );
if ($x == 0) {
$result[] = array ('guid' => 24,'name' => G::LoadTranslation('ID_NOT_PRIVILEGES') );
return $result;
}
$ws = new wsBase();
$res = $ws->taskCase( $params->caseId );
return array ("taskCases" => $res
);
}
function ReassignCase ($params)
{
ifSessionExpiredBreakThis( $params->sessionId );
$ws = new wsBase();
$res = $ws->reassignCase( $params->sessionId, $params->caseId, $params->delIndex, $params->userIdSource, $params->userIdTarget );
return $res;
}
function ifSessionExpiredBreakThis ($sessionId)
{ #added By Erik AO <erik@colosa.com> in datetime 26.06.2008 10:00:00
$oSessions = new Sessions();
$session = $oSessions->verifySession( $sessionId );
if ($session == '') {
return new wsResponse( 9, G::LoadTranslation('ID_SESSION_EXPIRED') );
}
}
function ifPermission ($sessionId, $permission)
{
global $RBAC;
$RBAC->initRBAC();
$oSession = new Sessions();
$user = $oSession->getSessionUser( $sessionId );
$oRBAC = RBAC::getSingleton();
$oRBAC->loadUserRolePermission( $oRBAC->sSystem, $user['USR_UID'] );
$aPermissions = $oRBAC->aUserInfo[$oRBAC->sSystem]['PERMISSIONS'];
$sw = 0;
foreach ($aPermissions as $aPermission) {
if ($aPermission['PER_CODE'] == $permission) {
$sw = 1;
}
}
return $sw;
}
$server = new SoapServer( $wsdl );
$server->addFunction( "Login" );
$server->addFunction( "ProcessList" );
$server->addFunction( "CaseList" );
$server->addFunction( "RoleList" );
$server->addFunction( "GroupList" );
$server->addFunction( "UserList" );
$server->addFunction( "SendMessage" );
$server->addFunction( "SendVariables" );
$server->addFunction( "GetVariables" );
$server->addFunction( "DerivateCase" );
$server->addFunction( "executeTrigger" );
$server->addFunction( "NewCaseImpersonate" );
$server->addFunction( "NewCase" );
$server->addFunction( "AssignUserToGroup" );
$server->addFunction( "CreateUser" );
$server->addFunction( "getCaseInfo" );
$server->addFunction( "TaskList" );
$server->addFunction( "TaskCase" );
$server->addFunction( "ReassignCase" );
$server->handle();

86
workflow/engine/methods/services/soap2.php
View File

@@ -654,83 +654,57 @@ function NewCaseImpersonate ($params)
return $res; return $res;
} }
function NewCase ($params) /**
* Begins a new case under the name of the logged-in user.
* Where the parameter value is:
* - string sessionId: The ID of the session, which is obtained during login.
* - string processId: The ID of the process where the case should start, which
* can be obtained with processList().
* - string taskId: The ID of the task where the case should start. This will
* generally be the first task in a process, which can be obtained with taskList().
* - array variables: An array of variableStruct objects which contain information
* to start the case. This array has the following format.
*
* @param object $params
*
* @return object
*/
function NewCase($params)
{ {
$filter = new InputFilter(); $parseSoapVariableVame = new ParseSoapVariableName();
$vsResult = isValidSession( $params->sessionId ); $vsResult = isValidSession($params->sessionId);
if ($vsResult->status_code !== 0) { if ($vsResult->status_code !== 0) {
return $vsResult; return $vsResult;
} }
if (ifPermission( $params->sessionId, "PM_CASES" ) == 0) { if (ifPermission($params->sessionId, 'PM_CASES') == 0) {
$result = new wsResponse( 2, G::LoadTranslation('ID_NOT_PRIVILEGES') ); $result = new wsResponse(2, G::LoadTranslation('ID_NOT_PRIVILEGES'));
return $result; return $result;
} }
$oSession = new Sessions(); $oSession = new Sessions();
$session = $oSession->getSessionUser( $params->sessionId ); $session = $oSession->getSessionUser($params->sessionId);
$userId = $session["USR_UID"]; $userId = $session['USR_UID'];
$variables = $params->variables; $variables = $params->variables;
/* this code is for previous version of ws, and apparently this will work for grids inside the variables..
if (!isset($params->variables) ) {
$variables = array();
$field = array(); $field = array();
}
else {
if ( is_object ($variables) ) {
$field[ $variables->name ]= $variables->value ;
}
if ( is_array ( $variables) ) { if (is_object($variables) && $variables->name === '__POST_VARIABLES__') {
foreach ( $variables as $key=>$val ) {
$name = $val->name;
$value = $val->value;
if (!is_object($val->value))
{
eval('$field[ ' . $val->name . ' ]= $val->value ;');
}
else
{
if (is_array($val->value->item)) {
$i = 1;
foreach ($val->value->item as $key1 => $val1) {
if (isset($val1->value)) {
if (is_array($val1->value->item)) {
foreach ($val1->value->item as $key2 => $val2) {
$field[$val->name][$i][$val2->key] = $val2->value;
}
}
}
$i++;
}
}
}
}
}
}
*/
$variables = $params->variables;
$field = array ();
if ($variables->name === "__POST_VARIABLES__") {
$field = G::json_decode($variables->value, true); $field = G::json_decode($variables->value, true);
$variables = null; $variables = null;
} }
if (is_object( $variables )) { if (is_object($variables)) {
$field[$variables->name] = $variables->value; $field[$variables->name] = $variables->value;
} }
if (is_array( $variables )) { if (is_array($variables)) {
foreach ($variables as $key => $val) { foreach ($variables as $val) {
if (! is_object( $val->value )) { if (!is_object($val->value)) {
@eval( "\$field[" . $val->name . "]= \$val->value;" ); $parseSoapVariableVame->buildVariableName($field, $val->name, $val->value);
} }
} }
} }
@@ -739,10 +713,10 @@ function NewCase ($params)
$ws = new wsBase(); $ws = new wsBase();
$res = $ws->newCase($params->processId, $userId, $params->taskId, $params->variables, (isset($params->executeTriggers))? (int)($params->executeTriggers) : 0); $res = $ws->newCase($params->processId, $userId, $params->taskId, $params->variables, (isset($params->executeTriggers)) ? (int) ($params->executeTriggers) : 0);
// we need to register the case id for a stored session variable. like a normal Session. // we need to register the case id for a stored session variable. like a normal Session.
$oSession->registerGlobal( "APPLICATION", $res->caseId ); $oSession->registerGlobal('APPLICATION', $res->caseId);
return $res; return $res;
} }

13
workflow/engine/methods/services/wsdl.php
View File

@@ -1,13 +0,0 @@
<?php
$filewsdl = PATH_METHODS . 'services' . PATH_SEP . 'pmos.wsdl';
$content = file_get_contents( $filewsdl );
$lang = defined( 'SYS_LANG' ) ? SYS_LANG : 'en';
$endpoint = 'http://' . $_SERVER['SERVER_NAME'] . ':' . $_SERVER['SERVER_PORT'] . '/sys' . SYS_SYS . '/' . $lang . '/classic/services/soap';
//print $endpoint; die;
$content = str_replace( "___SOAP_ADDRESS___", $endpoint, $content );
header( "Content-Type: application/xml;" );
print $content;

158
workflow/engine/methods/setup/webServices.php
View File

@@ -1,158 +0,0 @@
<?php
/**
* control.php
*
* ProcessMaker Open Source Edition
* Copyright (C) 2004 - 2008 Colosa Inc.23
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
* Coral Gables, FL, 33134, USA, or email info@colosa.com.
*/
if ($RBAC->userCanAccess( 'PM_SETUP' ) != 1 && $RBAC->userCanAccess( 'PM_FACTORY' ) != 1) {
G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_PAGE', 'error', 'labels' );
//G::header('location: ../login/login');
die();
}
$G_MAIN_MENU = 'processmaker';
//$G_SUB_MENU = 'setup';
$G_ID_MENU_SELECTED = 'SETUP';
//$G_ID_SUB_MENU_SELECTED = 'WEBSERVICES';
if (! extension_loaded( 'soap' )) {
$G_PUBLISH = new Publisher();
$G_PUBLISH->AddContent( 'xmlform', 'xmlform', 'setup/wsMessage' );
G::RenderPage( "publish" );
} else {
$G_PUBLISH = new Publisher();
$G_PUBLISH->AddContent( 'view', 'setup/webServicesTree' );
$G_PUBLISH->AddContent( 'smarty', 'groups/groups_usersList', '', '', array () );
G::RenderPage( "publish-treeview", 'blank' );
}
$link_Edit = G::encryptlink( 'webServicesSetup' );
$link_List = G::encryptlink( 'webServicesList' );
?>
<script>
document.body.style.backgroundColor="#fff";
var oAux = document.getElementById("publisherContent[0]");
oAux.id = "publisherContent[666]";
var currentGroup=false;
function webServicesSetup(){
popupWindow('' , '<?php echo $link_Edit ?>' , 500 , 225 );
}
function showFormWS( uid, element ){
currentGroup = uid;
var oRPC = new leimnud.module.rpc.xmlhttp({
url : '../setup/webServicesAjax',
async : false,
method: 'POST',
args : 'action=showForm&wsID=' + uid
});
oRPC.make();
document.getElementById('spanUsersList').innerHTML = oRPC.xmlhttp.responseText;
if ((uid == 'NewCase') || (uid == 'NewCaseImpersonate')) {
var scs=oRPC.xmlhttp.responseText.extractScript();scs.evalScript();
}
}
function execWebService( uid) {
var oRPC = new leimnud.module.rpc.xmlhttp({
url : '../setup/webServicesAjax',
async : true,
method: 'POST',
args : 'action=execWebService&wsID=' + uid
});
oRPC.callback = function(rpc) {
var scs = rpc.xmlhttp.responseText.extractScript();
document.getElementById('spanUsersList').innerHTML = rpc.xmlhttp.responseText;
scs.evalScript();
}.extend(this);
oRPC.make();
}
submitThisForm = function(oForm) {
var oAux;
var bContinue = true;
if(bContinue) {
result = ajax_post(oForm.action, oForm, 'POST', function(response){
var scs = response.extractScript();
document.getElementById('spanUsersList').innerHTML = response;
scs.evalScript();
});
refreshTree();
}
};
function callbackWebService( ) {
/*
var oRPC = new leimnud.module.rpc.xmlhttp({
url : '../setup/webServicesAjax',
async : false,
method: 'POST',
args : 'action=execWebService&wsID=' + uid
});
oRPC.make();
document.getElementById('spanUsersList').innerHTML = oRPC.xmlhttp.responseText;
*/
document.getElementById('spanUsersList').innerHTML = 'hola';
}
function saveGroup( form ) {
ajax_post( form.action, form, 'POST' );
currentPopupWindow.remove();
refreshTree();
}
function refreshTree(){
tree.refresh( document.getElementById("publisherContent[666]") , '<?php echo $link_List ?>');
}
function showDetails(){
var oRPC = new leimnud.module.rpc.xmlhttp({
url : '../setup/webServicesAjax',
async : false,
method: 'POST',
args : 'action=showDetails'
});
oRPC.make();
document.getElementById('spanUsersList').innerHTML = oRPC.xmlhttp.responseText;
}
showDetails();
function showUploadFilesForm(){
oIFrame = window.document.createElement('iframe');
oIFrame.style.border = '0';
oIFrame.style.width = '700px';
oIFrame.style.height = '400px';
oIFrame.src = 'webServicesAjax?action=showUploadFilesForm&';
document.getElementById('spanUsersList').innerHTML = '';
document.getElementById('spanUsersList').appendChild(oIFrame);
}
</script>

36
workflow/engine/methods/setup/webServicesList.php
View File

@@ -1,36 +0,0 @@
<?php
/**
* webServicesList.php
*
* ProcessMaker Open Source Edition
* Copyright (C) 2004 - 2008 Colosa Inc.23
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
* Coral Gables, FL, 33134, USA, or email info@colosa.com.
*/
if ($RBAC->userCanAccess( 'PM_SETUP' ) != 1 && $RBAC->userCanAccess( 'PM_FACTORY' ) != 1) {
G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_PAGE', 'error', 'labels' );
//G::header('location: ../login/login');
die();
}
//G::genericForceLogin( 'WF_MYINFO' , 'login/noViewPage', $urlLogin = 'login/login' );
$G_PUBLISH = new Publisher();
$G_PUBLISH->AddContent( 'view', 'setup/webServicesTree' );
G::RenderPage( "publish-raw", "raw" );

761
workflow/engine/src/ProcessMaker/BusinessModel/User.php
View File

File diff suppressed because it is too large Load Diff

59
workflow/engine/src/ProcessMaker/Exception/RBACException.php Normal file
View File

@@ -0,0 +1,59 @@
<?php
namespace ProcessMaker\Exception;
use G;
/**
* Class PMException
* @package ProcessMaker\Exception
*/
class RBACException extends \Exception
{
const PM_LOGIN = '../login/login';
const PM_403 = '/errors/error403.php';
/**
* RBACException constructor.
* @param string $message
* @param null $code
*/
public function __construct($message, $code=NULL)
{
parent::__construct($message, $code);
}
/**
* Displays the entire exception as a string
* @return string
*/
public function __toString()
{
switch ($this->getCode()) {
case -1:
G::SendTemporalMessage($this->getMessage(), 'error', 'labels');
$message = self::PM_LOGIN;
break;
case -2:
G::SendTemporalMessage($this->getMessage(), 'error', 'labels');
$message = self::PM_LOGIN;
break;
case 403:
$message = self::PM_403;
break;
default:
$message = self::PM_LOGIN;
break;
}
return $message;
}
/**
* Returns the path to which to redirect
* @return $this
*/
public function getPath()
{
return $this;
}
}

80
workflow/engine/src/ProcessMaker/Util/ParseSoapVariableName.php Normal file
View File

@@ -0,0 +1,80 @@
<?php
namespace ProcessMaker\Util;
/**
* Constructs the name of the variable starting from a string representing the
* depth of the array.
*/
class ParseSoapVariableName
{
/**
* Constructs the name of the variable starting from a string representing
* the depth of the array.
*
* @param array $field
* @param string $name
* @param object $value
* @return void
*/
public function buildVariableName(&$field, $name, $value)
{
if (!$this->isValidVariableName($name)) {
$context = \Bootstrap::getDefaultContextLog();
$context['action'] = 'soap2';
$context['exception'] = 'Invalid param: '.G::json_encode($name);
\Bootstrap::registerMonolog('soap2', 400, 'NewCase', $context, $context['workspace'], 'processmaker.log');
return;
}
$brackets = $this->searchBrackets($name);
if (empty($brackets)) {
$field[$name] = $value;
} else {
$current = &$field;
foreach ($brackets as $extension) {
if (!isset($current[$extension])) {
$current[$extension] = [];
}
$current = &$current[$extension];
}
$current = $value;
}
}
/**
* Analysis of string representing the depth of the array, represented by a
* valid index name and brackets as separators.
*
* @param type $string
*
* @return array
*/
private function searchBrackets($string)
{
$stringClean = str_replace(' ', '', $string);
$explode = explode('][', $stringClean);
return $explode;
}
/**
* Verify if the index name of the array is valid.
*
* @param string $name
*
* @return bool
*/
public function isValidVariableName($name)
{
if (is_string($name) === true) {
if (preg_match("/^[0-9a-zA-Z\_\[\]]+$/", $name)) {
return true;
}
}
return false;
}
}

8
workflow/engine/templates/pmTables/export.js
View File

@@ -73,6 +73,10 @@ Export.configure = function()
var index = Export.targetGrid.getView().findRowIndex(t); var index = Export.targetGrid.getView().findRowIndex(t);
var record = Export.targetGrid.store.getAt(index); var record = Export.targetGrid.store.getAt(index);
if (record.data['_SCHEMA'] !== true) {
return false;
}
if(record.data['PRO_UID']) { if(record.data['PRO_UID']) {
PMExt.info(_('ID_INFO'), _('ID_REPORT_TABLES_DATA_EXPORT_NOT_ALLOWED')); PMExt.info(_('ID_INFO'), _('ID_REPORT_TABLES_DATA_EXPORT_NOT_ALLOWED'));
return false; return false;
@@ -210,6 +214,10 @@ Ext.ux.grid.CheckColumn.prototype ={
var index = this.grid.getView().findRowIndex(t); var index = this.grid.getView().findRowIndex(t);
var record = this.grid.store.getAt(index); var record = this.grid.store.getAt(index);
record.set(this.dataIndex, !record.data[this.dataIndex]); record.set(this.dataIndex, !record.data[this.dataIndex]);
//if schema check is selected/unselected,
//the data column is always initialized to unchecked
record.set('_DATA', false);
} }
}, },

2
workflow/public_html/app.php
View File

@@ -53,6 +53,8 @@ try {
break; break;
} }
} catch (ProcessMaker\Exception\RBACException $e) {
G::header('location: ' . $e->getPath());
} catch (Exception $e) { } catch (Exception $e) {
$view = new Maveriks\Pattern\Mvc\PhtmlView($rootDir . "framework/src/templates/Exception.phtml"); $view = new Maveriks\Pattern\Mvc\PhtmlView($rootDir . "framework/src/templates/Exception.phtml");
$view->set("message", $e->getMessage()); $view->set("message", $e->getMessage());