Merge branch 'develop' of https://bitbucket.org/colosa/processmaker into feature/PMCORE-2175-A

workflow/engine/classes/Cases.php

@@ -569,7 +569,7 @@ class Cases
                 }
             }
             return $fields;
-        } catch (exception $e) {
+        } catch (Exception $e) {
             throw ($e);
         }
     }

workflow/engine/classes/model/Application.php

@@ -199,7 +199,7 @@ class Application extends BaseApplication
 
                 return $aFields;
             } else {
-                throw (new Exception("The Application row '$AppUid' doesn't exist!"));
+                throw (new Exception(htmlentities("The Application row '$AppUid' doesn't exist!", ENT_QUOTES, "UTF-8")));
             }
         } catch (Exception $oError) {
             throw ($oError);

workflow/engine/classes/model/ListCanceled.php

@@ -254,7 +254,7 @@ class ListCanceled extends BaseListCanceled implements ListInterface
             $criteria->addSelectColumn(ProcessPeer::PRO_CATEGORY);
             $aConditions   = array();
             $aConditions[] = array(ListCanceledPeer::PRO_UID, ProcessPeer::PRO_UID);
-            $aConditions[] = array(ProcessPeer::PRO_CATEGORY, "'" . $category . "'");
+            $aConditions[] = array(ProcessPeer::PRO_CATEGORY, "'" . G::realEscapeString($category) . "'");
             $criteria->addJoinMC($aConditions, Criteria::INNER_JOIN);
         }
 

workflow/engine/classes/model/ListCompleted.php

@@ -233,7 +233,7 @@ class ListCompleted extends BaseListCompleted implements ListInterface
             $criteria->addSelectColumn(ProcessPeer::PRO_CATEGORY);
             $aConditions   = array();
             $aConditions[] = array(ListCompletedPeer::PRO_UID, ProcessPeer::PRO_UID);
-            $aConditions[] = array(ProcessPeer::PRO_CATEGORY, "'" . $category . "'");
+            $aConditions[] = array(ProcessPeer::PRO_CATEGORY, "'" . G::realEscapeString($category) . "'");
             $criteria->addJoinMC($aConditions, Criteria::INNER_JOIN);
         }
 

workflow/engine/classes/model/ListInbox.php

@@ -513,7 +513,7 @@ class ListInbox extends BaseListInbox implements ListInterface
             $criteria->addSelectColumn(ProcessPeer::PRO_CATEGORY);
             $aConditions   = array();
             $aConditions[] = array(ListInboxPeer::PRO_UID, ProcessPeer::PRO_UID);
-            $aConditions[] = array(ProcessPeer::PRO_CATEGORY, "'" . $category . "'");
+            $aConditions[] = array(ProcessPeer::PRO_CATEGORY, "'" . G::realEscapeString($category) . "'");
             $criteria->addJoinMC($aConditions, Criteria::INNER_JOIN);
         }
         //Those filters: $newestthan, $oldestthan is used from mobile GET /light/todo

workflow/engine/classes/model/ListMyInbox.php

@@ -210,7 +210,7 @@ class ListMyInbox extends BaseListMyInbox implements ListInterface
             $criteria->addSelectColumn(ProcessPeer::PRO_CATEGORY);
             $aConditions   = array();
             $aConditions[] = array(ListMyInboxPeer::PRO_UID, ProcessPeer::PRO_UID);
-            $aConditions[] = array(ProcessPeer::PRO_CATEGORY, "'" . $category . "'");
+            $aConditions[] = array(ProcessPeer::PRO_CATEGORY, "'" . G::realEscapeString($category) . "'");
             $criteria->addJoinMC($aConditions, Criteria::INNER_JOIN);
         }
 

workflow/engine/classes/model/ListParticipatedHistory.php

@@ -165,7 +165,7 @@ class ListParticipatedHistory extends BaseListParticipatedHistory implements Lis
             $criteria->addSelectColumn(ProcessPeer::PRO_CATEGORY);
             $aConditions   = array();
             $aConditions[] = array(ListParticipatedHistoryPeer::PRO_UID, ProcessPeer::PRO_UID);
-            $aConditions[] = array(ProcessPeer::PRO_CATEGORY, "'" . $category . "'");
+            $aConditions[] = array(ProcessPeer::PRO_CATEGORY, "'" . G::realEscapeString($category) . "'");
             $criteria->addJoinMC($aConditions, Criteria::INNER_JOIN);
         }
 

workflow/engine/classes/model/ListParticipatedLast.php

@@ -351,7 +351,7 @@ class ListParticipatedLast extends BaseListParticipatedLast implements ListInter
             $criteria->addSelectColumn(ProcessPeer::PRO_CATEGORY);
             $aConditions = array();
             $aConditions[] = array(ListParticipatedLastPeer::PRO_UID, ProcessPeer::PRO_UID);
-            $aConditions[] = array(ProcessPeer::PRO_CATEGORY, "'".$category."'");
+            $aConditions[] = array(ProcessPeer::PRO_CATEGORY, "'" . G::realEscapeString($category) . "'");
             $criteria->addJoinMC($aConditions, Criteria::INNER_JOIN);
         }
 

workflow/engine/classes/model/ListPaused.php

@@ -270,7 +270,7 @@ class ListPaused extends BaseListPaused implements ListInterface
             $criteria->addSelectColumn(ProcessPeer::PRO_CATEGORY);
             $aConditions   = array();
             $aConditions[] = array(ListPausedPeer::PRO_UID, ProcessPeer::PRO_UID);
-            $aConditions[] = array(ProcessPeer::PRO_CATEGORY, "'" . $category . "'");
+            $aConditions[] = array(ProcessPeer::PRO_CATEGORY, "'" . G::realEscapeString($category) . "'");
             $criteria->addJoinMC($aConditions, Criteria::INNER_JOIN);
         }
     }

workflow/engine/classes/model/ListUnassigned.php

@@ -209,7 +209,7 @@ class ListUnassigned extends BaseListUnassigned implements ListInterface
             $criteria->addSelectColumn(ProcessPeer::PRO_CATEGORY);
             $aConditions   = array();
             $aConditions[] = array(ListUnassignedPeer::PRO_UID, ProcessPeer::PRO_UID);
-            $aConditions[] = array(ProcessPeer::PRO_CATEGORY, "'" . $category . "'");
+            $aConditions[] = array(ProcessPeer::PRO_CATEGORY, "'" . G::realEscapeString($category) . "'");
             $criteria->addJoinMC($aConditions, Criteria::INNER_JOIN);
         }
 

workflow/engine/methods/mails/emailsAjax.php

@@ -133,6 +133,8 @@ switch ($req) {
             $row = $result->getRow();
             $row['APP_MSG_STATUS'] = ucfirst($row['APP_MSG_STATUS']);
             $row['APP_MSG_DATE'] = DateTime::convertUtcToTimeZone($row['APP_MSG_DATE']);
+            $row['APP_MSG_TO'] = htmlentities($row['APP_MSG_TO'], ENT_HTML5, "UTF-8");
+            $row['APP_MSG_ERROR'] = htmlentities($row['APP_MSG_ERROR'], ENT_HTML5, "UTF-8");
 
             switch ($filterBy) {
                 case 'CASES':

workflow/engine/methods/users/users_Ajax.php

@@ -117,8 +117,8 @@ try {
             echo $response;
             break;
         case 'deleteUser':
-            Process::convertPrivateProcessesToPublic(json_decode($_POST['private_processes']));
             $usrUid = $_POST['USR_UID'];
+            Process::convertPrivateProcessesToPublicAndUpdateUser(json_decode($_POST['private_processes']), $usrUid);
             //Check if the user was defined in a process permissions
             $oObjectPermission = new ObjectPermission();
             $aProcess = $oObjectPermission->objectPermissionPerUser($usrUid, 1);

workflow/engine/src/ProcessMaker/Model/Process.php

@@ -82,12 +82,15 @@ class Process extends Model
      * @param array $privateProcesses
      * @return void
      */
-    public static function convertPrivateProcessesToPublic($privateProcesses)
+    public static function convertPrivateProcessesToPublicAndUpdateUser($privateProcesses, $userUid)
     {
         $admin = RBAC::ADMIN_USER_UID;
 
         $processes = array_column($privateProcesses, 'PRO_ID');
         Process::whereIn('PRO_ID', $processes)
-                ->update(['PRO_TYPE_PROCESS' => 'PUBLIC', 'PRO_CREATE_USER' => $admin]);
+                ->update(['PRO_TYPE_PROCESS' => 'PUBLIC']);
+
+        Process::where('PRO_CREATE_USER', $userUid)
+                ->update(['PRO_CREATE_USER' => $admin]);
     }
 }