Merged in bugfix/HOR-3858 (pull request #6106)
HOR-3858 Approved-by: Julio Cesar Laura Avendaño <contact@julio-laura.com> Approved-by: Paula Quispe <paula.quispe@processmaker.com>
This commit is contained in:
Marco Antonio Nina Mena
@@ -178,7 +178,11 @@ class RBAC
|
|||||||
'DEL' => array('PM_SETUP'),
|
'DEL' => array('PM_SETUP'),
|
||||||
'LST' => array('PM_SETUP'),
|
'LST' => array('PM_SETUP'),
|
||||||
'TEST' => array('PM_SETUP')
|
'TEST' => array('PM_SETUP')
|
||||||
)
|
),
|
||||||
|
'processes_GetFile.php' => [
|
||||||
|
'mailTemplates' => ['PM_FACTORY'],
|
||||||
|
'public' => ['PM_FACTORY']
|
||||||
|
]
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -1,18 +1,32 @@
|
|||||||
<?php
|
<?php
|
||||||
switch ($_GET['MAIN_DIRECTORY']) {
|
global $RBAC;
|
||||||
|
$RBAC->allows(basename(__FILE__), $_GET['MAIN_DIRECTORY']);
|
||||||
|
|
||||||
|
$mainDirectory = !empty($_GET['MAIN_DIRECTORY']) ? $_GET['MAIN_DIRECTORY'] : '';
|
||||||
|
$proUid = !empty($_GET['PRO_UID']) ? $_GET['PRO_UID'] : '';
|
||||||
|
$currentDirectory = !empty($_GET['CURRENT_DIRECTORY']) ? realpath($_GET['CURRENT_DIRECTORY']) . PATH_SEP : '';
|
||||||
|
$file = !empty($_GET['FILE']) ? realpath($_GET['FILE']) : '';
|
||||||
|
$extension = (!empty($_GET['sFilextension']) && $_GET['sFilextension'] === 'javascript') ? '.js' : '';
|
||||||
|
|
||||||
|
//validated process exists, return throw if not exists.
|
||||||
|
$process = new Process();
|
||||||
|
$process->load($proUid);
|
||||||
|
|
||||||
|
switch ($mainDirectory) {
|
||||||
case 'mailTemplates':
|
case 'mailTemplates':
|
||||||
$sDirectory = PATH_DATA_MAILTEMPLATES . $_GET['PRO_UID'] . PATH_SEP . ($_GET['CURRENT_DIRECTORY'] != '' ? $_GET['CURRENT_DIRECTORY'] . PATH_SEP : '');
|
$directory = PATH_DATA_MAILTEMPLATES;
|
||||||
break;
|
break;
|
||||||
case 'public':
|
case 'public':
|
||||||
$sDirectory = PATH_DATA_PUBLIC . $_GET['PRO_UID'] . PATH_SEP . ($_GET['CURRENT_DIRECTORY'] != '' ? $_GET['CURRENT_DIRECTORY'] . PATH_SEP : '');
|
$directory = PATH_DATA_PUBLIC;
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
die();
|
die();
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
//fixed: added a file extension when is a javascript file by krlos
|
|
||||||
$_GET['FILE'] .= ($_GET['sFilextension'] != '' && $_GET['sFilextension'] == 'javascript') ? '.js' : '';
|
|
||||||
|
|
||||||
if (file_exists( $sDirectory . $_GET['FILE'] )) {
|
$directory .= $proUid . PATH_SEP . $currentDirectory;
|
||||||
G::streamFile( $sDirectory . $_GET['FILE'], true );
|
$file .= $extension;
|
||||||
|
|
||||||
|
if (file_exists($directory . $file)) {
|
||||||
|
G::streamFile($directory . $file, true);
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user