HOR-3627
This commit is contained in:
Roly Rudy Gutierrez Pinto
@@ -83,7 +83,6 @@
|
||||
$_DBArray['users'] = $aUsers;
|
||||
$_SESSION['_DBArray'] = $_DBArray;
|
||||
|
||||
;
|
||||
$oCriteria = new Criteria('dbarray');
|
||||
$oCriteria->setDBArrayTable('users');
|
||||
$oCriteria->addDescendingOrderByColumn('USR_USERNAME');
|
||||
|
||||
@@ -1,5 +1,4 @@
|
||||
<?php
|
||||
;
|
||||
|
||||
class {className}Plugin extends PMPlugin
|
||||
{
|
||||
|
||||
@@ -8,8 +8,6 @@
|
||||
//if (($RBAC_Response = $RBAC->userCanAccess("PM_CASES"))!=1) return $RBAC_Response;
|
||||
|
||||
/* Includes */
|
||||
;
|
||||
;
|
||||
|
||||
/* GET , POST & $_SESSION Vars */
|
||||
$conf = new Configurations();
|
||||
|
||||
@@ -1,5 +1,4 @@
|
||||
<?php
|
||||
;
|
||||
|
||||
print "this is a default step for {className}";
|
||||
krumo::session ();
|
||||
|
||||
@@ -1,7 +1,5 @@
|
||||
<?php
|
||||
|
||||
;
|
||||
|
||||
try {
|
||||
//SYS_SYS //Workspace name
|
||||
//PROCESS //Process UID
|
||||
|
||||
@@ -23,7 +23,6 @@ $_DBArray['user'] = $rows;
|
||||
$_SESSION['_DBArray'] = $_DBArray;
|
||||
//krumo ( $_DBArray );
|
||||
|
||||
;
|
||||
$c = new Criteria ('dbarray');
|
||||
$c->setDBArrayTable('user');
|
||||
//$c->add ( 'user.age', 122 , Criteria::GREATER_EQUAL );
|
||||
|
||||
@@ -4,8 +4,6 @@
|
||||
*
|
||||
*/
|
||||
|
||||
;
|
||||
|
||||
class {className}Plugin extends PMPlugin {
|
||||
|
||||
function {className}Plugin($sNamespace, $sFilename = null) {
|
||||
|
||||
@@ -198,7 +198,7 @@ $docuroot = explode ( PATH_SEP , $_SERVER['DOCUMENT_ROOT'] );
|
||||
|
||||
|
||||
//***************** Plugins **************************
|
||||
;
|
||||
|
||||
// //here we are loading all plugins registered
|
||||
// //the singleton has a list of enabled plugins
|
||||
|
||||
|
||||
@@ -21,7 +21,7 @@ $G_ID_SUB_MENU_SELECTED = 'USERS';
|
||||
|
||||
$_DBArray['user'] = $rows;
|
||||
$_SESSION['_DBArray'] = $_DBArray;
|
||||
;
|
||||
|
||||
$c = new Criteria ('dbarray');
|
||||
$c->setDBArrayTable('user');
|
||||
|
||||
|
||||
@@ -23,7 +23,6 @@ $_DBArray['user'] = $rows;
|
||||
$_SESSION['_DBArray'] = $_DBArray;
|
||||
//krumo ( $_DBArray );
|
||||
|
||||
;
|
||||
$c = new Criteria ('dbarray');
|
||||
$c->setDBArrayTable('user');
|
||||
//$c->add ( 'user.age', 122 , Criteria::GREATER_EQUAL );
|
||||
|
||||
@@ -563,6 +563,7 @@ var G_Grid = function(oForm, sGridName){
|
||||
case 'textarea': //TEXTAREA
|
||||
aObjects = oNewRow.getElementsByTagName('td')[i].getElementsByTagName('textarea');
|
||||
if (aObjects){
|
||||
aObjects[0].value = '';
|
||||
aObjects[0].className = "module_app_input___gray";
|
||||
|
||||
newID = aObjects[0].id.replace(/\[1\]/g, '\[' + currentRow + '\]');
|
||||
|
||||
@@ -3,7 +3,7 @@ if (function_exists("http_response_code")) {
|
||||
http_response_code(200);
|
||||
}
|
||||
|
||||
$http = (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") ? "https" : "http";
|
||||
$http = G::is_https() ? "https" : "http";
|
||||
$host = $_SERVER["SERVER_NAME"] . (($_SERVER["SERVER_PORT"] != "80") ? ":" . $_SERVER["SERVER_PORT"] : "");
|
||||
|
||||
$urlLogin = $http . "://" . $host . "/sys/en/neoclassic/login/login";
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
<?php
|
||||
|
||||
$http = (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on")? "https" : "http";
|
||||
$http = G::is_https() ? "https" : "http";
|
||||
$host = $_SERVER["SERVER_NAME"] . (($_SERVER["SERVER_PORT"] != "80")? ":" . $_SERVER["SERVER_PORT"] : "");
|
||||
|
||||
$urlLogin = $http . "://" . $host . "/sys/en/neoclassic/login/login";
|
||||
|
||||
@@ -207,12 +207,16 @@ class database extends database_base
|
||||
}
|
||||
}
|
||||
if (isset( $aParameters['AutoIncrement'] ) && $aParameters['AutoIncrement']) {
|
||||
$sSQL .= ' AUTO_INCREMENT PRIMARY KEY';
|
||||
$sSQL .= ' AUTO_INCREMENT';
|
||||
}
|
||||
/*if ($aParameters['Key'] == 'PRI') {
|
||||
$sKeys .= 'ALTER TABLE ' . $this->sQuoteCharacter . $sTable . $this->sQuoteCharacter .
|
||||
' ADD PRIMARY KEY (' . $this->sQuoteCharacter . $sColumn . $this->sQuoteCharacter . ')' . $this->sEndLine;
|
||||
}*/
|
||||
if (isset( $aParameters['PrimaryKey'] ) && $aParameters['PrimaryKey']) {
|
||||
$sSQL .= ' PRIMARY KEY';
|
||||
}
|
||||
if (isset( $aParameters['Unique'] ) && $aParameters['Unique']) {
|
||||
$sSQL .= ' UNIQUE';
|
||||
}
|
||||
|
||||
//we need to check the property AI
|
||||
if (isset( $aParameters['AI'] )) {
|
||||
if ($aParameters['AI'] == 1) {
|
||||
$sSQL .= ' AUTO_INCREMENT';
|
||||
|
||||
@@ -49,6 +49,7 @@ class DataBaseMaintenance
|
||||
protected $tmpDir;
|
||||
protected $outfile;
|
||||
protected $infile;
|
||||
protected $isWindows;
|
||||
|
||||
/**
|
||||
* __construct
|
||||
@@ -64,7 +65,7 @@ class DataBaseMaintenance
|
||||
$this->tmpDir = './';
|
||||
$this->link = null;
|
||||
$this->dbName = null;
|
||||
|
||||
$this->isWindows = strtoupper(substr(PHP_OS, 0, 3)) === 'WIN';
|
||||
if (isset( $host ) && isset( $user ) && isset( $passwd )) {
|
||||
$this->host = $host;
|
||||
$this->user = $user;
|
||||
@@ -399,13 +400,22 @@ class DataBaseMaintenance
|
||||
*/
|
||||
function backupDataBase ($outfile)
|
||||
{
|
||||
$password = escapeshellarg($this->passwd);
|
||||
|
||||
//On Windows, escapeshellarg() instead replaces percent signs, exclamation
|
||||
//marks (delayed variable substitution) and double quotes with spaces and
|
||||
//adds double quotes around the string.
|
||||
//See: http://php.net/manual/en/function.escapeshellarg.php
|
||||
if ($this->isWindows) {
|
||||
$password = $this->escapeshellargCustom($this->passwd);
|
||||
}
|
||||
$aHost = explode(':', $this->host);
|
||||
$dbHost = $aHost[0];
|
||||
if (isset($aHost[1])) {
|
||||
$dbPort = $aHost[1];
|
||||
$command = 'mysqldump'
|
||||
. ' --user=' . $this->user
|
||||
. ' --password=' . escapeshellarg($this->passwd)
|
||||
. ' --password=' . $password
|
||||
. ' --host=' . $dbHost
|
||||
. ' --port=' . $dbPort
|
||||
. ' --opt'
|
||||
@@ -418,13 +428,60 @@ class DataBaseMaintenance
|
||||
. ' --user=' . $this->user
|
||||
. ' --opt'
|
||||
. ' --skip-comments'
|
||||
. ' --password=' . escapeshellarg($this->passwd)
|
||||
. ' --password=' . $password
|
||||
. ' ' . $this->dbName
|
||||
. ' > ' . $outfile;
|
||||
}
|
||||
shell_exec($command);
|
||||
}
|
||||
|
||||
/**
|
||||
* string escapeshellargCustom ( string $arg , character $quotes)
|
||||
*
|
||||
* escapeshellarg() adds single quotes around a string and quotes/escapes any
|
||||
* existing single quotes allowing you to pass a string directly to a shell
|
||||
* function and having it be treated as a single safe argument. This function
|
||||
* should be used to escape individual arguments to shell functions coming
|
||||
* from user input. The shell functions include exec(), system() and the
|
||||
* backtick operator.
|
||||
*
|
||||
* On Windows, escapeshellarg() instead replaces percent signs, exclamation
|
||||
* marks (delayed variable substitution) and double quotes with spaces and
|
||||
* adds double quotes around the string.
|
||||
*/
|
||||
private function escapeshellargCustom($string, $quotes = "")
|
||||
{
|
||||
if ($quotes === "") {
|
||||
$quotes = $this->isWindows ? "\"" : "'";
|
||||
}
|
||||
$n = strlen($string);
|
||||
$special = ["!", "%", "\""];
|
||||
$substring = "";
|
||||
$result1 = [];
|
||||
$result2 = [];
|
||||
for ($i = 0; $i < $n; $i++) {
|
||||
if (in_array($string[$i], $special, true)) {
|
||||
$result2[] = $string[$i];
|
||||
$result1[] = $substring;
|
||||
$substring = "";
|
||||
} else {
|
||||
$substring = $substring . $string[$i];
|
||||
}
|
||||
}
|
||||
$result1[] = $substring;
|
||||
//Rebuild the password string
|
||||
$n = count($result1);
|
||||
for ($i = 0; $i < $n; $i++) {
|
||||
$result1[$i] = trim(escapeshellarg($result1[$i]), $quotes);
|
||||
if (isset($result2[$i])) {
|
||||
$result1[$i] = $result1[$i] . $result2[$i];
|
||||
}
|
||||
}
|
||||
//add simple quotes, see escapeshellarg function
|
||||
$newString = $quotes . implode("", $result1) . $quotes;
|
||||
return $newString;
|
||||
}
|
||||
|
||||
/**
|
||||
* restoreFromSql
|
||||
*
|
||||
|
||||
@@ -187,7 +187,7 @@ class G
|
||||
* @param string $symbol
|
||||
* @return string
|
||||
*/
|
||||
public function generate_password($length = 15, $availableSets = "luns", $symbol = "_-+=!@#$%*&,.")
|
||||
public function generate_password($length = 15, $availableSets = "luns", $symbol = "_-$!")
|
||||
{
|
||||
$chars = "";
|
||||
if (strpos($availableSets, "l") !== false) {
|
||||
@@ -1825,6 +1825,14 @@ class G
|
||||
|
||||
$arrayGrid = array_unique($arrayGrid);
|
||||
|
||||
//Given the set: 'valueOne', 'valueOneTwo', where the second string
|
||||
//contains the first string, this causes the larger string to take
|
||||
//the second, resulting in a delimitation error, to avoid this problem
|
||||
//we first search the string larger size.
|
||||
usort($arrayGrid, function($a, $b) {
|
||||
return strlen($b) - strlen($a);
|
||||
});
|
||||
|
||||
foreach ($arrayGrid as $index => $value) {
|
||||
if($value !== "") {
|
||||
$grdName = $value;
|
||||
@@ -2912,6 +2920,16 @@ class G
|
||||
return (bool) preg_match( '/^[0-9A-Za-z]{14,}/', $uid );
|
||||
}
|
||||
|
||||
/**
|
||||
* Verify if the input string is a valid UID of size 32
|
||||
* @param string $uid
|
||||
* @return boolean
|
||||
*/
|
||||
public static function verifyUniqueID32($uid)
|
||||
{
|
||||
return (bool) preg_match('/^[0-9A-Za-z]{32,32}$/', $uid);
|
||||
}
|
||||
|
||||
/**
|
||||
* is_utf8
|
||||
*
|
||||
@@ -2921,11 +2939,10 @@ class G
|
||||
*/
|
||||
public function is_utf8 ($string)
|
||||
{
|
||||
if (is_array( $string )) {
|
||||
$enc = implode( '', $string );
|
||||
return @! ((ord( $enc[0] ) != 239) && (ord( $enc[1] ) != 187) && (ord( $enc[2] ) != 191));
|
||||
if (preg_match('//u', $string)) {
|
||||
return true;
|
||||
} else {
|
||||
return (utf8_encode( utf8_decode( $string ) ) == $string);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -5408,6 +5425,12 @@ class G
|
||||
}
|
||||
|
||||
/**
|
||||
* This function save history about some actions in the file audit.log
|
||||
* The data is used in the Audit Log functionality
|
||||
*
|
||||
* @param string $actionToLog
|
||||
* @param string $valueToLog
|
||||
* @return void
|
||||
*/
|
||||
public static function auditLog($actionToLog, $valueToLog = "")
|
||||
{
|
||||
@@ -5416,13 +5439,25 @@ class G
|
||||
$sflag = $conf->getConfiguration('AUDIT_LOG', 'log');
|
||||
$sflagAudit = $sflag == 'true' ? true : false;
|
||||
$ipClient = G::getIpAddress();
|
||||
$userUid = 'Unknow User';
|
||||
$fullName = '-';
|
||||
|
||||
/*----------------------------------********---------------------------------*/
|
||||
$licensedFeatures = PMLicensedFeatures::getSingleton();
|
||||
if ($sflagAudit && $licensedFeatures->verifyfeature('vtSeHNhT0JnSmo1bTluUVlTYUxUbUFSVStEeXVqc1pEUG5EeXc0MGd2Q3ErYz0=')) {
|
||||
$username = isset($_SESSION['USER_LOGGED']) && $_SESSION['USER_LOGGED'] != '' ? $_SESSION['USER_LOGGED'] : 'Unknow User';
|
||||
$fullname = isset($_SESSION['USR_FULLNAME']) && $_SESSION['USR_FULLNAME'] != '' ? $_SESSION['USR_FULLNAME'] : '-';
|
||||
G::log("|". $workspace ."|". $ipClient ."|". $username . "|" . $fullname ."|" . $actionToLog . "|" . $valueToLog, PATH_DATA, "audit.log");
|
||||
if (isset($_SESSION['USER_LOGGED']) && $_SESSION['USER_LOGGED'] != '') {
|
||||
$userUid = $_SESSION['USER_LOGGED'];
|
||||
} else {
|
||||
//Get the usrUid related to the accessToken
|
||||
$userUid = \ProcessMaker\Services\OAuth2\Server::getUserId();
|
||||
if (!empty($userUid)) {
|
||||
$oUserLogged = new \Users();
|
||||
$user = $oUserLogged->loadDetails($userUid);
|
||||
$fullName = $user['USR_FULLNAME'];
|
||||
}
|
||||
}
|
||||
$fullName = isset($_SESSION['USR_FULLNAME']) && $_SESSION['USR_FULLNAME'] != '' ? $_SESSION['USR_FULLNAME'] : $fullName;
|
||||
G::log("|". $workspace ."|". $ipClient ."|". $userUid . "|" . $fullName ."|" . $actionToLog . "|" . $valueToLog, PATH_DATA, "audit.log");
|
||||
}
|
||||
/*----------------------------------********---------------------------------*/
|
||||
}
|
||||
|
||||
@@ -283,7 +283,7 @@ class Menu
|
||||
*/
|
||||
public function DisableOptionId($id)
|
||||
{
|
||||
if (array_search($id, $this->Id)) {
|
||||
if (array_search($id, $this->Id) !== FALSE) {
|
||||
$this->Enabled[array_search($id, $this->Id)] = 0;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -106,11 +106,13 @@ class MonologProvider
|
||||
break;
|
||||
case 400://ERROR
|
||||
$this->registerLogger->addError($message, $context);
|
||||
break;
|
||||
case 500://CRITICAL
|
||||
$this->registerLogger->addCritical($message, $context);
|
||||
break;
|
||||
case 550://ALERT
|
||||
$this->registerLogger->addAlert($message, $context);
|
||||
break;
|
||||
case 600://EMERGENCY
|
||||
$this->registerLogger->addEmergency($message, $context);
|
||||
break;
|
||||
|
||||
@@ -70,6 +70,7 @@ class RBAC
|
||||
public $singleSignOn = false;
|
||||
|
||||
private static $instance = null;
|
||||
public $authorizedActions = array();
|
||||
|
||||
public function __construct ()
|
||||
{
|
||||
@@ -110,11 +111,11 @@ class RBAC
|
||||
'downloadFileHash' => array('PM_FACTORY')
|
||||
),
|
||||
'processProxy.php' => array(
|
||||
'categoriesList' => array('PM_SETUP_PROCESS_CATEGORIES'),
|
||||
'getCategoriesList' => array('PM_FACTORY'),
|
||||
'categoriesList' => array(),
|
||||
'getCategoriesList' => array(),
|
||||
'saveProcess' => array('PM_FACTORY'),
|
||||
'changeStatus' => array('PM_FACTORY'),
|
||||
'changeDebugMode' => array('PM_FACTORY'),
|
||||
'changeStatus' => array(),
|
||||
'changeDebugMode' => array(),
|
||||
'getUsers' => array(),
|
||||
'getGroups' => array(),
|
||||
'assignActorsTask' => array(),
|
||||
@@ -125,7 +126,7 @@ class RBAC
|
||||
'saveProperties' => array(),
|
||||
'getCaledarList' => array(),
|
||||
'getPMVariables' => array(),
|
||||
'generateBpmn' => array('PM_FACTORY')
|
||||
'generateBpmn' => array()
|
||||
),
|
||||
'home.php' => array(
|
||||
'login' => array('PM_LOGIN'),
|
||||
@@ -144,9 +145,6 @@ class RBAC
|
||||
'getProcessArray' => array('PM_ALLCASES'),
|
||||
'getProcesses' => array('PM_ALLCASES'),
|
||||
'getUsers' => array('PM_ALLCASES')
|
||||
),
|
||||
'newSite.php' => array(
|
||||
'newSite.php' => array('PM_SETUP_ADVANCE')
|
||||
)
|
||||
|
||||
);
|
||||
@@ -359,6 +357,8 @@ class RBAC
|
||||
"PER_NAME" => "Edit User profile Default Cases Menu Options"
|
||||
), array("PER_UID" => "00000000000000000000000000000064", "PER_CODE" => "PM_REASSIGNCASE_SUPERVISOR",
|
||||
"PER_NAME" => "Reassign case supervisor"
|
||||
), array("PER_UID" => "00000000000000000000000000000065", "PER_CODE" => "PM_SETUP_CUSTOM_CASES_LIST",
|
||||
"PER_NAME" => "Setup Custom Cases List"
|
||||
)
|
||||
);
|
||||
return $permissionsAdmin;
|
||||
|
||||
Reference in New Issue
Block a user