HOR-2830
This commit is contained in:
Paula Quispe
@@ -79,7 +79,8 @@ class System
|
|||||||
'server_hostname_requests_frontend' => '',
|
'server_hostname_requests_frontend' => '',
|
||||||
'load_headers_ie' => 0,
|
'load_headers_ie' => 0,
|
||||||
'redirect_to_mobile' => 0,
|
'redirect_to_mobile' => 0,
|
||||||
'disable_php_upload_execution' => 0
|
'disable_php_upload_execution' => 0,
|
||||||
|
'disable_download_documents_session_validation' => 0
|
||||||
);
|
);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@@ -26,8 +26,6 @@
|
|||||||
*
|
*
|
||||||
* @author David Callizaya <davidsantos@colosa.com>
|
* @author David Callizaya <davidsantos@colosa.com>
|
||||||
*/
|
*/
|
||||||
|
|
||||||
require_once ("classes/model/AppDocumentPeer.php");
|
|
||||||
if (isset($_REQUEST['actionAjax']) && $_REQUEST['actionAjax'] == "verifySession" ) {
|
if (isset($_REQUEST['actionAjax']) && $_REQUEST['actionAjax'] == "verifySession" ) {
|
||||||
if (!isset($_SESSION['USER_LOGGED'])) {
|
if (!isset($_SESSION['USER_LOGGED'])) {
|
||||||
if ((isset( $_POST['request'] )) && ($_POST['request'] == true)) {
|
if ((isset( $_POST['request'] )) && ($_POST['request'] == true)) {
|
||||||
@@ -47,15 +45,18 @@ if (isset($_REQUEST['actionAjax']) && $_REQUEST['actionAjax'] == "verifySession"
|
|||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
//v = Version
|
require_once ("classes/model/AppDocumentPeer.php");
|
||||||
//a = Case UID
|
|
||||||
|
|
||||||
$oAppDocument = new AppDocument();
|
$oAppDocument = new AppDocument();
|
||||||
|
|
||||||
|
//Check if the user can be download the input Document
|
||||||
|
//Send the parameter v = Version
|
||||||
|
//Send the parameter a = Case UID
|
||||||
|
if (defined('DISABLE_DOWNLOAD_DOCUMENTS_SESSION_VALIDATION') && DISABLE_DOWNLOAD_DOCUMENTS_SESSION_VALIDATION == 0) {
|
||||||
if (!$oAppDocument->canDownloadInput($_SESSION['USER_LOGGED'], $_GET['a'], $_GET['v'])) {
|
if (!$oAppDocument->canDownloadInput($_SESSION['USER_LOGGED'], $_GET['a'], $_GET['v'])) {
|
||||||
G::header('Location: /errors/error403.php');
|
G::header('Location: /errors/error403.php');
|
||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (! isset( $_GET['v'] )) {
|
if (! isset( $_GET['v'] )) {
|
||||||
//Load last version of the document
|
//Load last version of the document
|
||||||
|
|||||||
@@ -1,23 +1,4 @@
|
|||||||
<?php
|
<?php
|
||||||
if (isset($_REQUEST['actionAjax']) && $_REQUEST['actionAjax'] == "verifySession" ) {
|
|
||||||
if (!isset($_SESSION['USER_LOGGED'])) {
|
|
||||||
if ((isset( $_POST['request'] )) && ($_POST['request'] == true)) {
|
|
||||||
$response = new stdclass();
|
|
||||||
$response->message = G::LoadTranslation('ID_LOGIN_AGAIN');
|
|
||||||
$response->lostSession = true;
|
|
||||||
print G::json_encode( $response );
|
|
||||||
die();
|
|
||||||
} else {
|
|
||||||
G::SendMessageText( G::LoadTranslation('ID_LOGIN_TO_SEE_OUTPUTDOCS'), "WARNING" );
|
|
||||||
G::header("location: " . "/");
|
|
||||||
die();
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
$response = new stdclass();
|
|
||||||
print G::json_encode( $response );
|
|
||||||
die();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
/**
|
/**
|
||||||
* cases_ShowOutputDocument.php
|
* cases_ShowOutputDocument.php
|
||||||
*
|
*
|
||||||
@@ -46,6 +27,26 @@ if (isset($_REQUEST['actionAjax']) && $_REQUEST['actionAjax'] == "verifySession"
|
|||||||
* @author David Callizaya <davidsantos@colosa.com>
|
* @author David Callizaya <davidsantos@colosa.com>
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
if (isset($_REQUEST['actionAjax']) && $_REQUEST['actionAjax'] == "verifySession" ) {
|
||||||
|
if (!isset($_SESSION['USER_LOGGED'])) {
|
||||||
|
if ((isset( $_POST['request'] )) && ($_POST['request'] == true)) {
|
||||||
|
$response = new stdclass();
|
||||||
|
$response->message = G::LoadTranslation('ID_LOGIN_AGAIN');
|
||||||
|
$response->lostSession = true;
|
||||||
|
print G::json_encode( $response );
|
||||||
|
die();
|
||||||
|
} else {
|
||||||
|
G::SendMessageText( G::LoadTranslation('ID_LOGIN_TO_SEE_OUTPUTDOCS'), "WARNING" );
|
||||||
|
G::header("location: " . "/");
|
||||||
|
die();
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
$response = new stdclass();
|
||||||
|
print G::json_encode( $response );
|
||||||
|
die();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
require_once ("classes/model/AppDocumentPeer.php");
|
require_once ("classes/model/AppDocumentPeer.php");
|
||||||
require_once ("classes/model/OutputDocumentPeer.php");
|
require_once ("classes/model/OutputDocumentPeer.php");
|
||||||
|
|
||||||
@@ -60,6 +61,7 @@ $oOutputDocument->Fields = $oOutputDocument->getByUid($sDocUid);
|
|||||||
$download = $oOutputDocument->Fields['OUT_DOC_OPEN_TYPE'];
|
$download = $oOutputDocument->Fields['OUT_DOC_OPEN_TYPE'];
|
||||||
|
|
||||||
//Check if the user can be download the Output Document
|
//Check if the user can be download the Output Document
|
||||||
|
if (defined('DISABLE_DOWNLOAD_DOCUMENTS_SESSION_VALIDATION') && DISABLE_DOWNLOAD_DOCUMENTS_SESSION_VALIDATION == 0) {
|
||||||
if (!$oAppDocument->canDownloadOutput(
|
if (!$oAppDocument->canDownloadOutput(
|
||||||
$oAppDocument->Fields['USR_UID'],
|
$oAppDocument->Fields['USR_UID'],
|
||||||
$_SESSION['USER_LOGGED'],
|
$_SESSION['USER_LOGGED'],
|
||||||
@@ -70,6 +72,8 @@ if (!$oAppDocument->canDownloadOutput(
|
|||||||
G::header('Location: /errors/error403.php');
|
G::header('Location: /errors/error403.php');
|
||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
$info = pathinfo( $oAppDocument->getAppDocFilename() );
|
$info = pathinfo( $oAppDocument->getAppDocFilename() );
|
||||||
if (! isset( $_GET['ext'] )) {
|
if (! isset( $_GET['ext'] )) {
|
||||||
|
|||||||
@@ -338,6 +338,7 @@ define('LOAD_HEADERS_IE', $config['load_headers_ie']);
|
|||||||
define('LEAVE_CASE_WARNING', $config['leave_case_warning']);
|
define('LEAVE_CASE_WARNING', $config['leave_case_warning']);
|
||||||
define('REDIRECT_TO_MOBILE', $config['redirect_to_mobile']);
|
define('REDIRECT_TO_MOBILE', $config['redirect_to_mobile']);
|
||||||
define('DISABLE_PHP_UPLOAD_EXECUTION', $config['disable_php_upload_execution']);
|
define('DISABLE_PHP_UPLOAD_EXECUTION', $config['disable_php_upload_execution']);
|
||||||
|
define('DISABLE_DOWNLOAD_DOCUMENTS_SESSION_VALIDATION', $config['disable_download_documents_session_validation']);
|
||||||
|
|
||||||
// IIS Compatibility, SERVER_ADDR doesn't exist on that env, so we need to define it.
|
// IIS Compatibility, SERVER_ADDR doesn't exist on that env, so we need to define it.
|
||||||
$_SERVER['SERVER_ADDR'] = isset( $_SERVER['SERVER_ADDR'] ) ? $_SERVER['SERVER_ADDR'] : $_SERVER['SERVER_NAME'];
|
$_SERVER['SERVER_ADDR'] = isset( $_SERVER['SERVER_ADDR'] ) ? $_SERVER['SERVER_ADDR'] : $_SERVER['SERVER_NAME'];
|
||||||
@@ -950,6 +951,7 @@ if (! defined( 'EXECUTE_BY_CRON' )) {
|
|||||||
$noLoginFiles[] = 'ajaxListener';
|
$noLoginFiles[] = 'ajaxListener';
|
||||||
$noLoginFiles[] = 'cases_Step';
|
$noLoginFiles[] = 'cases_Step';
|
||||||
$noLoginFiles[] = 'cases_ShowOutputDocument';
|
$noLoginFiles[] = 'cases_ShowOutputDocument';
|
||||||
|
$noLoginFiles[] = 'cases_ShowDocument';
|
||||||
$noLoginFiles[] = 'cases_CatchExecute';
|
$noLoginFiles[] = 'cases_CatchExecute';
|
||||||
$noLoginFiles[] = 'cases_SaveData';
|
$noLoginFiles[] = 'cases_SaveData';
|
||||||
$noLoginFiles[] = 'cases_Derivate';
|
$noLoginFiles[] = 'cases_Derivate';
|
||||||
|
|||||||
Reference in New Issue
Block a user