fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

HOR-3627

Browse Source
This commit is contained in:
Roly Rudy Gutierrez Pinto
2017-08-08 09:53:00 -04:00
parent 33bb062fe7
commit 45c1ceffcc
19 changed files with 128 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
gulliver/bin/tasks/templates/pluginClass.tpl
View File

@@ -83,7 +83,6 @@
$_DBArray['users'] = $aUsers; $_DBArray['users'] = $aUsers;
$_SESSION['_DBArray'] = $_DBArray; $_SESSION['_DBArray'] = $_DBArray;
;
$oCriteria = new Criteria('dbarray'); $oCriteria = new Criteria('dbarray');
$oCriteria->setDBArrayTable('users'); $oCriteria->setDBArrayTable('users');
$oCriteria->addDescendingOrderByColumn('USR_USERNAME'); $oCriteria->addDescendingOrderByColumn('USR_USERNAME');

1
gulliver/bin/tasks/templates/pluginMainFile.tpl
View File

@@ -1,5 +1,4 @@
<?php <?php
;
class {className}Plugin extends PMPlugin class {className}Plugin extends PMPlugin
{ {

2
gulliver/bin/tasks/templates/pluginOnTransitList.php.tpl
View File

@@ -8,8 +8,6 @@
//if (($RBAC_Response = $RBAC->userCanAccess("PM_CASES"))!=1) return $RBAC_Response; //if (($RBAC_Response = $RBAC->userCanAccess("PM_CASES"))!=1) return $RBAC_Response;
/* Includes */ /* Includes */
;
;
/* GET , POST & $_SESSION Vars */ /* GET , POST & $_SESSION Vars */
$conf = new Configurations(); $conf = new Configurations();

1
gulliver/bin/tasks/templates/pluginStep.tpl
View File

@@ -1,5 +1,4 @@
<?php <?php
;
print "this is a default step for {className}"; print "this is a default step for {className}";
krumo::session (); krumo::session ();

2
gulliver/bin/tasks/templates/pluginStepApplicationAjax.php.tpl
View File

@@ -1,7 +1,5 @@
<?php <?php
;
try { try {
//SYS_SYS //Workspace name //SYS_SYS //Workspace name
//PROCESS //Process UID //PROCESS //Process UID

1
gulliver/bin/tasks/templates/pluginWelcome.php.tpl
View File

@@ -23,7 +23,6 @@ $_DBArray['user'] = $rows;
$_SESSION['_DBArray'] = $_DBArray; $_SESSION['_DBArray'] = $_DBArray;
//krumo ( $_DBArray ); //krumo ( $_DBArray );
;
$c = new Criteria ('dbarray'); $c = new Criteria ('dbarray');
$c->setDBArrayTable('user'); $c->setDBArrayTable('user');
//$c->add ( 'user.age', 122 , Criteria::GREATER_EQUAL ); //$c->add ( 'user.age', 122 , Criteria::GREATER_EQUAL );

2
gulliver/bin/tasks/templates/skinPluginMainClass.tpl
View File

@@ -4,8 +4,6 @@
* *
*/ */
;
class {className}Plugin extends PMPlugin { class {className}Plugin extends PMPlugin {
function {className}Plugin($sNamespace, $sFilename = null) { function {className}Plugin($sNamespace, $sFilename = null) {

2
gulliver/bin/tasks/templates/sysGeneric.php.tpl
View File

@@ -198,7 +198,7 @@ $docuroot = explode ( PATH_SEP , $_SERVER['DOCUMENT_ROOT'] );
//***************** Plugins ************************** //***************** Plugins **************************
;
// //here we are loading all plugins registered // //here we are loading all plugins registered
// //the singleton has a list of enabled plugins // //the singleton has a list of enabled plugins

2
gulliver/bin/tasks/templates/usersList.php.tpl
View File

@@ -21,7 +21,7 @@ $G_ID_SUB_MENU_SELECTED = 'USERS';
$_DBArray['user'] = $rows; $_DBArray['user'] = $rows;
$_SESSION['_DBArray'] = $_DBArray; $_SESSION['_DBArray'] = $_DBArray;
;
$c = new Criteria ('dbarray'); $c = new Criteria ('dbarray');
$c->setDBArrayTable('user'); $c->setDBArrayTable('user');

1
gulliver/bin/tasks/templates/welcome.php.tpl
View File

@@ -23,7 +23,6 @@ $_DBArray['user'] = $rows;
$_SESSION['_DBArray'] = $_DBArray; $_SESSION['_DBArray'] = $_DBArray;
//krumo ( $_DBArray ); //krumo ( $_DBArray );
;
$c = new Criteria ('dbarray'); $c = new Criteria ('dbarray');
$c->setDBArrayTable('user'); $c->setDBArrayTable('user');
//$c->add ( 'user.age', 122 , Criteria::GREATER_EQUAL ); //$c->add ( 'user.age', 122 , Criteria::GREATER_EQUAL );

1
gulliver/js/grid/core/grid.js
View File

@@ -563,6 +563,7 @@ var G_Grid = function(oForm, sGridName){
case 'textarea': //TEXTAREA case 'textarea': //TEXTAREA
aObjects = oNewRow.getElementsByTagName('td')[i].getElementsByTagName('textarea'); aObjects = oNewRow.getElementsByTagName('td')[i].getElementsByTagName('textarea');
if (aObjects){ if (aObjects){
aObjects[0].value = '';
aObjects[0].className = "module_app_input___gray"; aObjects[0].className = "module_app_input___gray";
newID = aObjects[0].id.replace(/\[1\]/g, '\[' + currentRow + '\]'); newID = aObjects[0].id.replace(/\[1\]/g, '\[' + currentRow + '\]');

2
gulliver/methods/errors/block.php
View File

@@ -3,7 +3,7 @@ if (function_exists("http_response_code")) {
http_response_code(200); http_response_code(200);
} }
$http = (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") ? "https" : "http"; $http = G::is_https() ? "https" : "http";
$host = $_SERVER["SERVER_NAME"] . (($_SERVER["SERVER_PORT"] != "80") ? ":" . $_SERVER["SERVER_PORT"] : ""); $host = $_SERVER["SERVER_NAME"] . (($_SERVER["SERVER_PORT"] != "80") ? ":" . $_SERVER["SERVER_PORT"] : "");
$urlLogin = $http . "://" . $host . "/sys/en/neoclassic/login/login"; $urlLogin = $http . "://" . $host . "/sys/en/neoclassic/login/login";

2
gulliver/methods/errors/error403.php
View File

@@ -1,6 +1,6 @@
<?php <?php
$http = (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on")? "https" : "http"; $http = G::is_https() ? "https" : "http";
$host = $_SERVER["SERVER_NAME"] . (($_SERVER["SERVER_PORT"] != "80")? ":" . $_SERVER["SERVER_PORT"] : ""); $host = $_SERVER["SERVER_NAME"] . (($_SERVER["SERVER_PORT"] != "80")? ":" . $_SERVER["SERVER_PORT"] : "");
$urlLogin = $http . "://" . $host . "/sys/en/neoclassic/login/login"; $urlLogin = $http . "://" . $host . "/sys/en/neoclassic/login/login";

14
gulliver/system/class.database_mysql.php
View File

@@ -207,12 +207,16 @@ class database extends database_base
} }
} }
if (isset( $aParameters['AutoIncrement'] ) && $aParameters['AutoIncrement']) { if (isset( $aParameters['AutoIncrement'] ) && $aParameters['AutoIncrement']) {
$sSQL .= ' AUTO_INCREMENT PRIMARY KEY'; $sSQL .= ' AUTO_INCREMENT';
} }
/*if ($aParameters['Key'] == 'PRI') { if (isset( $aParameters['PrimaryKey'] ) && $aParameters['PrimaryKey']) {
$sKeys .= 'ALTER TABLE ' . $this->sQuoteCharacter . $sTable . $this->sQuoteCharacter . $sSQL .= ' PRIMARY KEY';
' ADD PRIMARY KEY (' . $this->sQuoteCharacter . $sColumn . $this->sQuoteCharacter . ')' . $this->sEndLine; }
}*/ if (isset( $aParameters['Unique'] ) && $aParameters['Unique']) {
$sSQL .= ' UNIQUE';
}
//we need to check the property AI
if (isset( $aParameters['AI'] )) { if (isset( $aParameters['AI'] )) {
if ($aParameters['AI'] == 1) { if ($aParameters['AI'] == 1) {
$sSQL .= ' AUTO_INCREMENT'; $sSQL .= ' AUTO_INCREMENT';

63
gulliver/system/class.dbMaintenance.php
View File

@@ -49,6 +49,7 @@ class DataBaseMaintenance
protected $tmpDir; protected $tmpDir;
protected $outfile; protected $outfile;
protected $infile; protected $infile;
protected $isWindows;
/** /**
* __construct * __construct
@@ -64,7 +65,7 @@ class DataBaseMaintenance
$this->tmpDir = './'; $this->tmpDir = './';
$this->link = null; $this->link = null;
$this->dbName = null; $this->dbName = null;
$this->isWindows = strtoupper(substr(PHP_OS, 0, 3)) === 'WIN';
if (isset( $host ) && isset( $user ) && isset( $passwd )) { if (isset( $host ) && isset( $user ) && isset( $passwd )) {
$this->host = $host; $this->host = $host;
$this->user = $user; $this->user = $user;
@@ -399,13 +400,22 @@ class DataBaseMaintenance
*/ */
function backupDataBase ($outfile) function backupDataBase ($outfile)
{ {
$password = escapeshellarg($this->passwd);
//On Windows, escapeshellarg() instead replaces percent signs, exclamation
//marks (delayed variable substitution) and double quotes with spaces and
//adds double quotes around the string.
//See: http://php.net/manual/en/function.escapeshellarg.php
if ($this->isWindows) {
$password = $this->escapeshellargCustom($this->passwd);
}
$aHost = explode(':', $this->host); $aHost = explode(':', $this->host);
$dbHost = $aHost[0]; $dbHost = $aHost[0];
if (isset($aHost[1])) { if (isset($aHost[1])) {
$dbPort = $aHost[1]; $dbPort = $aHost[1];
$command = 'mysqldump' $command = 'mysqldump'
. ' --user=' . $this->user . ' --user=' . $this->user
. ' --password=' . escapeshellarg($this->passwd) . ' --password=' . $password
. ' --host=' . $dbHost . ' --host=' . $dbHost
. ' --port=' . $dbPort . ' --port=' . $dbPort
. ' --opt' . ' --opt'
@@ -418,13 +428,60 @@ class DataBaseMaintenance
. ' --user=' . $this->user . ' --user=' . $this->user
. ' --opt' . ' --opt'
. ' --skip-comments' . ' --skip-comments'
. ' --password=' . escapeshellarg($this->passwd) . ' --password=' . $password
. ' ' . $this->dbName . ' ' . $this->dbName
. ' > ' . $outfile; . ' > ' . $outfile;
} }
shell_exec($command); shell_exec($command);
} }
/**
* string escapeshellargCustom ( string $arg , character $quotes)
*
* escapeshellarg() adds single quotes around a string and quotes/escapes any
* existing single quotes allowing you to pass a string directly to a shell
* function and having it be treated as a single safe argument. This function
* should be used to escape individual arguments to shell functions coming
* from user input. The shell functions include exec(), system() and the
* backtick operator.
*
* On Windows, escapeshellarg() instead replaces percent signs, exclamation
* marks (delayed variable substitution) and double quotes with spaces and
* adds double quotes around the string.
*/
private function escapeshellargCustom($string, $quotes = "")
{
if ($quotes === "") {
$quotes = $this->isWindows ? "\"" : "'";
}
$n = strlen($string);
$special = ["!", "%", "\""];
$substring = "";
$result1 = [];
$result2 = [];
for ($i = 0; $i < $n; $i++) {
if (in_array($string[$i], $special, true)) {
$result2[] = $string[$i];
$result1[] = $substring;
$substring = "";
} else {
$substring = $substring . $string[$i];
}
}
$result1[] = $substring;
//Rebuild the password string
$n = count($result1);
for ($i = 0; $i < $n; $i++) {
$result1[$i] = trim(escapeshellarg($result1[$i]), $quotes);
if (isset($result2[$i])) {
$result1[$i] = $result1[$i] . $result2[$i];
}
}
//add simple quotes, see escapeshellarg function
$newString = $quotes . implode("", $result1) . $quotes;
return $newString;
}
/** /**
* restoreFromSql * restoreFromSql
* *

51
gulliver/system/class.g.php
View File

@@ -187,7 +187,7 @@ class G
* @param string $symbol * @param string $symbol
* @return string * @return string
*/ */
public function generate_password($length = 15, $availableSets = "luns", $symbol = "_-+=!@#$%*&,.") public function generate_password($length = 15, $availableSets = "luns", $symbol = "_-$!")
{ {
$chars = ""; $chars = "";
if (strpos($availableSets, "l") !== false) { if (strpos($availableSets, "l") !== false) {
@@ -1825,6 +1825,14 @@ class G
$arrayGrid = array_unique($arrayGrid); $arrayGrid = array_unique($arrayGrid);
//Given the set: 'valueOne', 'valueOneTwo', where the second string
//contains the first string, this causes the larger string to take
//the second, resulting in a delimitation error, to avoid this problem
//we first search the string larger size.
usort($arrayGrid, function($a, $b) {
return strlen($b) - strlen($a);
});
foreach ($arrayGrid as $index => $value) { foreach ($arrayGrid as $index => $value) {
if($value !== "") { if($value !== "") {
$grdName = $value; $grdName = $value;
@@ -2912,6 +2920,16 @@ class G
return (bool) preg_match( '/^[0-9A-Za-z]{14,}/', $uid ); return (bool) preg_match( '/^[0-9A-Za-z]{14,}/', $uid );
} }
/**
* Verify if the input string is a valid UID of size 32
* @param string $uid
* @return boolean
*/
public static function verifyUniqueID32($uid)
{
return (bool) preg_match('/^[0-9A-Za-z]{32,32}$/', $uid);
}
/** /**
* is_utf8 * is_utf8
* *
@@ -2921,11 +2939,10 @@ class G
*/ */
public function is_utf8 ($string) public function is_utf8 ($string)
{ {
if (is_array( $string )) { if (preg_match('//u', $string)) {
$enc = implode( '', $string ); return true;
return @! ((ord( $enc[0] ) != 239) && (ord( $enc[1] ) != 187) && (ord( $enc[2] ) != 191));
} else { } else {
return (utf8_encode( utf8_decode( $string ) ) == $string); return false;
} }
} }
@@ -5408,6 +5425,12 @@ class G
} }
/** /**
* This function save history about some actions in the file audit.log
* The data is used in the Audit Log functionality
*
* @param string $actionToLog
* @param string $valueToLog
* @return void
*/ */
public static function auditLog($actionToLog, $valueToLog = "") public static function auditLog($actionToLog, $valueToLog = "")
{ {
@@ -5416,13 +5439,25 @@ class G
$sflag = $conf->getConfiguration('AUDIT_LOG', 'log'); $sflag = $conf->getConfiguration('AUDIT_LOG', 'log');
$sflagAudit = $sflag == 'true' ? true : false; $sflagAudit = $sflag == 'true' ? true : false;
$ipClient = G::getIpAddress(); $ipClient = G::getIpAddress();
$userUid = 'Unknow User';
$fullName = '-';
/*----------------------------------********---------------------------------*/ /*----------------------------------********---------------------------------*/
$licensedFeatures = PMLicensedFeatures::getSingleton(); $licensedFeatures = PMLicensedFeatures::getSingleton();
if ($sflagAudit && $licensedFeatures->verifyfeature('vtSeHNhT0JnSmo1bTluUVlTYUxUbUFSVStEeXVqc1pEUG5EeXc0MGd2Q3ErYz0=')) { if ($sflagAudit && $licensedFeatures->verifyfeature('vtSeHNhT0JnSmo1bTluUVlTYUxUbUFSVStEeXVqc1pEUG5EeXc0MGd2Q3ErYz0=')) {
$username = isset($_SESSION['USER_LOGGED']) && $_SESSION['USER_LOGGED'] != '' ? $_SESSION['USER_LOGGED'] : 'Unknow User'; if (isset($_SESSION['USER_LOGGED']) && $_SESSION['USER_LOGGED'] != '') {
$fullname = isset($_SESSION['USR_FULLNAME']) && $_SESSION['USR_FULLNAME'] != '' ? $_SESSION['USR_FULLNAME'] : '-'; $userUid = $_SESSION['USER_LOGGED'];
G::log("|". $workspace ."|". $ipClient ."|". $username . "|" . $fullname ."|" . $actionToLog . "|" . $valueToLog, PATH_DATA, "audit.log"); } else {
//Get the usrUid related to the accessToken
$userUid = \ProcessMaker\Services\OAuth2\Server::getUserId();
if (!empty($userUid)) {
$oUserLogged = new \Users();
$user = $oUserLogged->loadDetails($userUid);
$fullName = $user['USR_FULLNAME'];
}
}
$fullName = isset($_SESSION['USR_FULLNAME']) && $_SESSION['USR_FULLNAME'] != '' ? $_SESSION['USR_FULLNAME'] : $fullName;
G::log("|". $workspace ."|". $ipClient ."|". $userUid . "|" . $fullName ."|" . $actionToLog . "|" . $valueToLog, PATH_DATA, "audit.log");
} }
/*----------------------------------********---------------------------------*/ /*----------------------------------********---------------------------------*/
} }

2
gulliver/system/class.menu.php
View File

@@ -283,7 +283,7 @@ class Menu
*/ */
public function DisableOptionId($id) public function DisableOptionId($id)
{ {
if (array_search($id, $this->Id)) { if (array_search($id, $this->Id) !== FALSE) {
$this->Enabled[array_search($id, $this->Id)] = 0; $this->Enabled[array_search($id, $this->Id)] = 0;
} }
} }

2
gulliver/system/class.monologProvider.php
View File

@@ -106,11 +106,13 @@ class MonologProvider
break; break;
case 400://ERROR case 400://ERROR
$this->registerLogger->addError($message, $context); $this->registerLogger->addError($message, $context);
break;
case 500://CRITICAL case 500://CRITICAL
$this->registerLogger->addCritical($message, $context); $this->registerLogger->addCritical($message, $context);
break; break;
case 550://ALERT case 550://ALERT
$this->registerLogger->addAlert($message, $context); $this->registerLogger->addAlert($message, $context);
break;
case 600://EMERGENCY case 600://EMERGENCY
$this->registerLogger->addEmergency($message, $context); $this->registerLogger->addEmergency($message, $context);
break; break;

16
gulliver/system/class.rbac.php
View File

@@ -70,6 +70,7 @@ class RBAC
public $singleSignOn = false; public $singleSignOn = false;
private static $instance = null; private static $instance = null;
public $authorizedActions = array();
public function __construct () public function __construct ()
{ {
@@ -110,11 +111,11 @@ class RBAC
'downloadFileHash' => array('PM_FACTORY') 'downloadFileHash' => array('PM_FACTORY')
), ),
'processProxy.php' => array( 'processProxy.php' => array(
'categoriesList' => array('PM_SETUP_PROCESS_CATEGORIES'), 'categoriesList' => array(),
'getCategoriesList' => array('PM_FACTORY'), 'getCategoriesList' => array(),
'saveProcess' => array('PM_FACTORY'), 'saveProcess' => array('PM_FACTORY'),
'changeStatus' => array('PM_FACTORY'), 'changeStatus' => array(),
'changeDebugMode' => array('PM_FACTORY'), 'changeDebugMode' => array(),
'getUsers' => array(), 'getUsers' => array(),
'getGroups' => array(), 'getGroups' => array(),
'assignActorsTask' => array(), 'assignActorsTask' => array(),
@@ -125,7 +126,7 @@ class RBAC
'saveProperties' => array(), 'saveProperties' => array(),
'getCaledarList' => array(), 'getCaledarList' => array(),
'getPMVariables' => array(), 'getPMVariables' => array(),
'generateBpmn' => array('PM_FACTORY') 'generateBpmn' => array()
), ),
'home.php' => array( 'home.php' => array(
'login' => array('PM_LOGIN'), 'login' => array('PM_LOGIN'),
@@ -144,9 +145,6 @@ class RBAC
'getProcessArray' => array('PM_ALLCASES'), 'getProcessArray' => array('PM_ALLCASES'),
'getProcesses' => array('PM_ALLCASES'), 'getProcesses' => array('PM_ALLCASES'),
'getUsers' => array('PM_ALLCASES') 'getUsers' => array('PM_ALLCASES')
),
'newSite.php' => array(
'newSite.php' => array('PM_SETUP_ADVANCE')
) )
); );
@@ -359,6 +357,8 @@ class RBAC
"PER_NAME" => "Edit User profile Default Cases Menu Options" "PER_NAME" => "Edit User profile Default Cases Menu Options"
), array("PER_UID" => "00000000000000000000000000000064", "PER_CODE" => "PM_REASSIGNCASE_SUPERVISOR", ), array("PER_UID" => "00000000000000000000000000000064", "PER_CODE" => "PM_REASSIGNCASE_SUPERVISOR",
"PER_NAME" => "Reassign case supervisor" "PER_NAME" => "Reassign case supervisor"
), array("PER_UID" => "00000000000000000000000000000065", "PER_CODE" => "PM_SETUP_CUSTOM_CASES_LIST",
"PER_NAME" => "Setup Custom Cases List"
) )
); );
return $permissionsAdmin; return $permissionsAdmin;