fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merged in release/3.2 (pull request #5423)

Browse Source 
Release/3.2

Approved-by: Paula Quispe
This commit is contained in:
Paula Quispe
2017-02-14 20:20:24 +00:00
parent 61f096fce8 9d10a02fab
commit 4768cfb44e
36 changed files with 599 additions and 314 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -20,7 +20,6 @@ workflow/public_html/index.html
.DS_Store
.idea
composer.phar
composer.lock
vendor/
workflow/engine/config/schema-transformed.xml
workflow/engine/config/_databases_.php

95
Jenkinsfile vendored Normal file
View File

@@ -0,0 +1,95 @@
#!groovy
node {
/**
* Branch should be in gitflow format. If not, then we'll abort.
*/
if(!env.BRANCH_NAME.matches(/(feature|hotfix|bugfix|release)\/.+/) && !env.BRANCH_NAME.matches(/^PR-.*$/)) {
hipchatSend message: "${env.BRANCH_NAME} Build: Does not match gitflow naming. Aborted", room: 'engineering'
error "Job does not follow gitflow naming format."
}
// Parse out our short name and potential jira ticket. Null if not associated. If null, then for now we won't notify
// on jira ticket
def jiraTicket = env.BRANCH_NAME.find(/HOR-\d+/)
def shortname = env.BRANCH_NAME.replace('/', '-').replace('.', '-').toLowerCase()
def dbSuffix = shortname.replace('-', '')
echo "Building for ${env.BRANCH_NAME}"
// Checkout source
checkout scm
try {
stage('Start Notification') {
if(jiraTicket) {
jiraComment issueKey: jiraTicket, body: "Build ${env.BUILD_NUMBER} Starting.\nTicket will be updated once build is completed.\n\n${env.BUILD_URL}"
}
hipchatSend message: "${env.BRANCH_NAME} Build: ${env.BUILD_NUMBER} Starting.\n${env.BUILD_URL}", room: 'engineering'
}
stage('Dependencies') {
echo "Running Composer"
sh 'composer install'
echo "Running rake"
sh 'rake'
}
stage('Generate QA MySQL Databases') {
withCredentials([string(credentialsId: 'qa-rds-hostname', variable: 'rdsHostname'), usernamePassword(credentialsId: 'qa-rds-credentials', passwordVariable: 'rdsPassword', usernameVariable: 'rdsUsername')]) {
echo 'Dropping existing database and recreating.'
sh "mysql -h ${rdsHostname} -u ${rdsUsername} -p${rdsPassword} -e 'drop database if exists qa205${dbSuffix}; create database qa205${dbSuffix}'"
sh "mysql -h ${rdsHostname} -u ${rdsUsername} -p${rdsPassword} -e 'drop database if exists qa300${dbSuffix}; create database qa300${dbSuffix}'"
}
}
stage('Publish to QA-205') {
sshagent(['processmaker-deploy']) {
echo 'Dropping existing files and recreating'
sh "ssh processmaker@build-qa205.processmaker.net 'rm -Rf /home/processmaker/${shortname}'"
sh "scp -r ./ processmaker@build-qa205.processmaker.net:~/${shortname}"
echo 'Creating necessary directories'
sh "ssh processmaker@build-qa205.processmaker.net 'mkdir -p /home/processmaker/${shortname}/workflow/engine/js/labels'"
sh "ssh processmaker@build-qa205.processmaker.net 'mkdir -p /home/processmaker/${shortname}/workflow/public_html/translations'"
}
}
stage('Publish to QA-300') {
sshagent(['processmaker-deploy']) {
echo 'Dropping existing files and recreating'
sh "ssh processmaker@build-qa300.processmaker.net 'rm -Rf /home/processmaker/${shortname}'"
sh "scp -r ./ processmaker@build-qa300.processmaker.net:~/${shortname}"
echo 'Creating necessary directories'
sh "ssh processmaker@build-qa300.processmaker.net 'mkdir -p /home/processmaker/${shortname}/workflow/engine/js/labels'"
sh "ssh processmaker@build-qa300.processmaker.net 'mkdir -p /home/processmaker/${shortname}/workflow/public_html/translations'"
}
}
stage('Success Notification') {
withCredentials([string(credentialsId: 'qa-rds-hostname', variable: 'rdsHostname'), usernamePassword(credentialsId: 'qa-rds-credentials', passwordVariable: 'rdsPassword', usernameVariable: 'rdsUsername')]) {
if(jiraTicket) {
jiraComment issueKey: jiraTicket, body: "" +
"Build ${env.BUILD_NUMBER} Completed.\n" +
"5.6 Build: https://${shortname}.qa205.processmaker.net\n" +
"Database Host: ${rdsHostname}\n" +
"Username: ${rdsUsername}\n" +
"Password: ${rdsPassword}\n" +
"Database: qa205${dbSuffix}\n\n" +
"7.0 Build: https://${shortname}.qa300.processmaker.net\n" +
"Database Host: ${rdsHostname}\n" +
"Username: ${rdsUsername}\n" +
"Password: ${rdsPassword}\n" +
"Database: qa300${dbSuffix}\n\n" +
"${env.BUILD_URL}"
}
hipchatSend room: 'engineering', message: "" +
"${env.BRANCH_NAME} Build: ${env.BUILD_NUMBER} Completed.\n" +
"${env.BUILD_URL}"
}
}
} catch(error) {
if(jiraTicket) {
jiraComment issueKey: jiraTicket, body: "Build ${env.BUILD_NUMBER} Failed: ${error}\n\n${env.BUILD_URL}"
}
hipchatSend message: "${env.BRANCH_NAME} Build: ${env.BUILD_NUMBER} Failed: ${error}\n${env.BUILD_URL}", room: 'engineering'
}
}

194
composer.lock generated
View File

@@ -4,8 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
"This file is @generated automatically"
],
"hash": "e94e04e50eb74bdfd3dfedcb1af4e6d0",
"content-hash": "f0b89bffcea74fc73605464d3f0ca520",
"content-hash": "da8938c847b4f778aa2acc95daaeb38c",
"packages": [
{
"name": "bshaffer/oauth2-server-php",
@@ -48,7 +47,7 @@
"oauth",
"oauth2"
],
"time": "2013-08-12 16:35:58"
"time": "2013-08-12T16:35:58+00:00"
},
{
"name": "colosa/MichelangeloFE",
@@ -56,7 +55,7 @@
"source": {
"type": "git",
"url": "git@bitbucket.org:colosa/michelangelofe.git",
"reference": "7e889f23a7e8397c052a4d9ae6331334b57c9d48"
"reference": "733277aef23c643b094c123043c3dbee975997a4"
},
"require": {
"colosa/pmui": "release/3.2-dev"
@@ -67,7 +66,7 @@
"keywords": [
"js app ProcessMaker"
],
"time": "2016-03-09 20:18:44"
"time": "2017-01-30 20:34:14"
},
{
"name": "colosa/pmDynaform",
@@ -75,7 +74,7 @@
"source": {
"type": "git",
"url": "git@bitbucket.org:colosa/pmdynaform.git",
"reference": "c2008027bd721ac42e4a7d98cc773f82ac25921e"
"reference": "efb60f8f989ee83f91459f82810f90d8ef7a6d64"
},
"type": "library",
"description": "JS Library to render ProcessMaker Dynaforms",
@@ -83,7 +82,7 @@
"keywords": [
"js lib ProcessMaker Dynaforms"
],
"time": "2016-03-15 17:46:33"
"time": "2017-02-09 17:03:07"
},
{
"name": "colosa/pmUI",
@@ -91,7 +90,7 @@
"source": {
"type": "git",
"url": "git@bitbucket.org:colosa/pmui.git",
"reference": "851ee86a1006df111ee8b281bf2b033cdbcc6f0b"
"reference": "462ab5f45a4cce1ca9920fcb854255f10abea1e1"
},
"type": "library",
"description": "JS UI Library",
@@ -99,20 +98,20 @@
"keywords": [
"js lib ProcessMaker UI"
],
"time": "2016-02-26 21:41:50"
"time": "2017-01-30 20:34:06"
},
{
"name": "dapphp/securimage",
"version": "3.6.4",
"version": "3.6.5",
"source": {
"type": "git",
"url": "https://github.com/dapphp/securimage.git",
"reference": "2ed50264ae5541fec8d8c79e4c9b6235a7cfd506"
"reference": "3f5a84fd80b1a35d58332896c944142713a7e802"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/dapphp/securimage/zipball/2ed50264ae5541fec8d8c79e4c9b6235a7cfd506",
"reference": "2ed50264ae5541fec8d8c79e4c9b6235a7cfd506",
"url": "https://api.github.com/repos/dapphp/securimage/zipball/3f5a84fd80b1a35d58332896c944142713a7e802",
"reference": "3f5a84fd80b1a35d58332896c944142713a7e802",
"shasum": ""
},
"require": {
@@ -130,7 +129,7 @@
"securimage.php"
]
},
"notification-url": "http://packagist.org/downloads/",
"notification-url": "https://packagist.org/downloads/",
"license": [
"BSD"
],
@@ -146,7 +145,7 @@
"captcha",
"security"
],
"time": "2016-03-04 21:08:00"
"time": "2016-12-04T17:45:57+00:00"
},
{
"name": "google/apiclient",
@@ -189,7 +188,7 @@
"keywords": [
"google"
],
"time": "2015-10-16 22:11:08"
"time": "2015-10-16T22:11:08+00:00"
},
{
"name": "luracast/restler",
@@ -197,12 +196,12 @@
"source": {
"type": "git",
"url": "https://github.com/Luracast/Restler.git",
"reference": "1dcf910c1e1fd1ea565a537b053a66971d818e42"
"reference": "581d8d6dc5d37f439765f89725a92f85e98f1826"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/Luracast/Restler/zipball/1dcf910c1e1fd1ea565a537b053a66971d818e42",
"reference": "1dcf910c1e1fd1ea565a537b053a66971d818e42",
"url": "https://api.github.com/repos/Luracast/Restler/zipball/581d8d6dc5d37f439765f89725a92f85e98f1826",
"reference": "581d8d6dc5d37f439765f89725a92f85e98f1826",
"shasum": ""
},
"require": {
@@ -268,7 +267,7 @@
"rest",
"server"
],
"time": "2015-08-04 07:52:49"
"time": "2015-08-04T07:52:49+00:00"
},
{
"name": "monolog/monolog",
@@ -346,7 +345,7 @@
"logging",
"psr-3"
],
"time": "2016-04-12 18:29:35"
"time": "2016-04-12T18:29:35+00:00"
},
{
"name": "psr/log",
@@ -384,7 +383,7 @@
"psr",
"psr-3"
],
"time": "2012-12-21 11:40:51"
"time": "2012-12-21T11:40:51+00:00"
}
],
"packages-dev": [
@@ -453,7 +452,7 @@
"Behat",
"Symfony2"
],
"time": "2013-06-06 10:46:48"
"time": "2013-06-06T10:46:48+00:00"
},
{
"name": "behat/gherkin",
@@ -514,7 +513,7 @@
"Symfony2",
"parser"
],
"time": "2013-03-02 10:38:40"
"time": "2013-03-02T10:38:40+00:00"
},
{
"name": "guzzle/guzzle",
@@ -571,7 +570,7 @@
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "release/3.2-dev"
"dev-master": "3.1-dev"
}
},
"autoload": {
@@ -607,26 +606,29 @@
"web service"
],
"abandoned": "guzzlehttp/guzzle",
"time": "2013-01-28 00:07:40"
"time": "2013-01-28T00:07:40+00:00"
},
{
"name": "symfony/config",
"version": "v2.8.9",
"version": "v2.8.17",
"source": {
"type": "git",
"url": "https://github.com/symfony/config.git",
"reference": "4275ef5b59f18959df0eee3991e9ca0cc208ffd4"
"reference": "747fa191136cf798409183c501435aa4c16184df"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/config/zipball/4275ef5b59f18959df0eee3991e9ca0cc208ffd4",
"reference": "4275ef5b59f18959df0eee3991e9ca0cc208ffd4",
"url": "https://api.github.com/repos/symfony/config/zipball/747fa191136cf798409183c501435aa4c16184df",
"reference": "747fa191136cf798409183c501435aa4c16184df",
"shasum": ""
},
"require": {
"php": ">=5.3.9",
"symfony/filesystem": "~2.3|~3.0.0"
},
"require-dev": {
"symfony/yaml": "~2.7|~3.0.0"
},
"suggest": {
"symfony/yaml": "To use the yaml reference dumper"
},
@@ -660,24 +662,25 @@
],
"description": "Symfony Config Component",
"homepage": "https://symfony.com",
"time": "2016-07-26 08:02:44"
"time": "2017-02-05T10:11:19+00:00"
},
{
"name": "symfony/console",
"version": "v2.8.9",
"version": "v2.8.17",
"source": {
"type": "git",
"url": "https://github.com/symfony/console.git",
"reference": "36e62335caca8a6e909c5c5bac4a8128149911c9"
"reference": "f3c234cd8db9f7e520a91d695db7d8bb5daeb7a4"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/console/zipball/36e62335caca8a6e909c5c5bac4a8128149911c9",
"reference": "36e62335caca8a6e909c5c5bac4a8128149911c9",
"url": "https://api.github.com/repos/symfony/console/zipball/f3c234cd8db9f7e520a91d695db7d8bb5daeb7a4",
"reference": "f3c234cd8db9f7e520a91d695db7d8bb5daeb7a4",
"shasum": ""
},
"require": {
"php": ">=5.3.9",
"symfony/debug": "~2.7,>=2.7.2|~3.0.0",
"symfony/polyfill-mbstring": "~1.0"
},
"require-dev": {
@@ -720,20 +723,77 @@
],
"description": "Symfony Console Component",
"homepage": "https://symfony.com",
"time": "2016-07-30 07:20:35"
"time": "2017-02-06T12:04:06+00:00"
},
{
"name": "symfony/dependency-injection",
"version": "v2.8.9",
"name": "symfony/debug",
"version": "v3.0.9",
"source": {
"type": "git",
"url": "https://github.com/symfony/dependency-injection.git",
"reference": "f2b5a00d176f6a201dc430375c0ef37706ea3d12"
"url": "https://github.com/symfony/debug.git",
"reference": "697c527acd9ea1b2d3efac34d9806bf255278b0a"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/dependency-injection/zipball/f2b5a00d176f6a201dc430375c0ef37706ea3d12",
"reference": "f2b5a00d176f6a201dc430375c0ef37706ea3d12",
"url": "https://api.github.com/repos/symfony/debug/zipball/697c527acd9ea1b2d3efac34d9806bf255278b0a",
"reference": "697c527acd9ea1b2d3efac34d9806bf255278b0a",
"shasum": ""
},
"require": {
"php": ">=5.5.9",
"psr/log": "~1.0"
},
"conflict": {
"symfony/http-kernel": ">=2.3,<2.3.24|~2.4.0|>=2.5,<2.5.9|>=2.6,<2.6.2"
},
"require-dev": {
"symfony/class-loader": "~2.8|~3.0",
"symfony/http-kernel": "~2.8|~3.0"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "3.0-dev"
}
},
"autoload": {
"psr-4": {
"Symfony\\Component\\Debug\\": ""
},
"exclude-from-classmap": [
"/Tests/"
]
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Fabien Potencier",
"email": "fabien@symfony.com"
},
{
"name": "Symfony Community",
"homepage": "https://symfony.com/contributors"
}
],
"description": "Symfony Debug Component",
"homepage": "https://symfony.com",
"time": "2016-07-30T07:22:48+00:00"
},
{
"name": "symfony/dependency-injection",
"version": "v2.8.17",
"source": {
"type": "git",
"url": "https://github.com/symfony/dependency-injection.git",
"reference": "1dfbf6a9e30113a9c4e482ab056e969c70c37a19"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/dependency-injection/zipball/1dfbf6a9e30113a9c4e482ab056e969c70c37a19",
"reference": "1dfbf6a9e30113a9c4e482ab056e969c70c37a19",
"shasum": ""
},
"require": {
@@ -783,20 +843,20 @@
],
"description": "Symfony DependencyInjection Component",
"homepage": "https://symfony.com",
"time": "2016-07-30 07:20:35"
"time": "2017-01-27T23:54:58+00:00"
},
{
"name": "symfony/event-dispatcher",
"version": "v2.8.9",
"version": "v2.8.17",
"source": {
"type": "git",
"url": "https://github.com/symfony/event-dispatcher.git",
"reference": "889983a79a043dfda68f38c38b6dba092dd49cd8"
"reference": "74877977f90fb9c3e46378d5764217c55f32df34"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/event-dispatcher/zipball/889983a79a043dfda68f38c38b6dba092dd49cd8",
"reference": "889983a79a043dfda68f38c38b6dba092dd49cd8",
"url": "https://api.github.com/repos/symfony/event-dispatcher/zipball/74877977f90fb9c3e46378d5764217c55f32df34",
"reference": "74877977f90fb9c3e46378d5764217c55f32df34",
"shasum": ""
},
"require": {
@@ -843,7 +903,7 @@
],
"description": "Symfony EventDispatcher Component",
"homepage": "https://symfony.com",
"time": "2016-07-28 16:56:28"
"time": "2017-01-02T20:30:24+00:00"
},
{
"name": "symfony/filesystem",
@@ -892,7 +952,7 @@
],
"description": "Symfony Filesystem Component",
"homepage": "https://symfony.com",
"time": "2016-07-20 05:43:46"
"time": "2016-07-20T05:43:46+00:00"
},
{
"name": "symfony/finder",
@@ -942,20 +1002,20 @@
],
"description": "Symfony Finder Component",
"homepage": "https://symfony.com",
"time": "2016-05-13 14:58:35"
"time": "2016-05-13T14:58:35+00:00"
},
{
"name": "symfony/polyfill-mbstring",
"version": "v1.2.0",
"version": "v1.3.0",
"source": {
"type": "git",
"url": "https://github.com/symfony/polyfill-mbstring.git",
"reference": "dff51f72b0706335131b00a7f49606168c582594"
"reference": "e79d363049d1c2128f133a2667e4f4190904f7f4"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/dff51f72b0706335131b00a7f49606168c582594",
"reference": "dff51f72b0706335131b00a7f49606168c582594",
"url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/e79d363049d1c2128f133a2667e4f4190904f7f4",
"reference": "e79d363049d1c2128f133a2667e4f4190904f7f4",
"shasum": ""
},
"require": {
@@ -967,7 +1027,7 @@
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "1.2-dev"
"dev-master": "1.3-dev"
}
},
"autoload": {
@@ -978,7 +1038,7 @@
"bootstrap.php"
]
},
"notification-url": "http://packagist.org/downloads/",
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
@@ -1001,20 +1061,20 @@
"portable",
"shim"
],
"time": "2016-05-18 14:26:46"
"time": "2016-11-14T01:06:16+00:00"
},
{
"name": "symfony/translation",
"version": "v2.8.9",
"version": "v2.8.17",
"source": {
"type": "git",
"url": "https://github.com/symfony/translation.git",
"reference": "32b0c824da6df065f43b0c458dc505940e98a7f1"
"reference": "c281ac2b484210bb95106bdb8ae8356e63277725"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/translation/zipball/32b0c824da6df065f43b0c458dc505940e98a7f1",
"reference": "32b0c824da6df065f43b0c458dc505940e98a7f1",
"url": "https://api.github.com/repos/symfony/translation/zipball/c281ac2b484210bb95106bdb8ae8356e63277725",
"reference": "c281ac2b484210bb95106bdb8ae8356e63277725",
"shasum": ""
},
"require": {
@@ -1065,20 +1125,20 @@
],
"description": "Symfony Translation Component",
"homepage": "https://symfony.com",
"time": "2016-07-30 07:20:35"
"time": "2017-01-21T16:59:38+00:00"
},
{
"name": "symfony/yaml",
"version": "v2.8.9",
"version": "v2.8.17",
"source": {
"type": "git",
"url": "https://github.com/symfony/yaml.git",
"reference": "0ceab136f43ed9d3e97b3eea32a7855dc50c121d"
"reference": "322a8c2dfbca15ad6b1b27e182899f98ec0e0153"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/yaml/zipball/0ceab136f43ed9d3e97b3eea32a7855dc50c121d",
"reference": "0ceab136f43ed9d3e97b3eea32a7855dc50c121d",
"url": "https://api.github.com/repos/symfony/yaml/zipball/322a8c2dfbca15ad6b1b27e182899f98ec0e0153",
"reference": "322a8c2dfbca15ad6b1b27e182899f98ec0e0153",
"shasum": ""
},
"require": {
@@ -1114,7 +1174,7 @@
],
"description": "Symfony Yaml Component",
"homepage": "https://symfony.com",
"time": "2016-07-17 09:06:15"
"time": "2017-01-21T16:40:50+00:00"
}
],
"aliases": [],

1
framework/src/Maveriks/WebApplication.php
View File

@@ -533,6 +533,7 @@ class WebApplication
define("PATH_DYNAFORM", PATH_DATA_SITE . "xmlForms/");
define("PATH_IMAGES_ENVIRONMENT_FILES", PATH_DATA_SITE . "usersFiles" . PATH_SEP);
define("PATH_IMAGES_ENVIRONMENT_USERS", PATH_DATA_SITE . "usersPhotographies" . PATH_SEP);
define('DISABLE_PHP_UPLOAD_EXECUTION', $arraySystemConfiguration['disable_php_upload_execution']);
/**
* Global definitions, before it was the defines.php file

35
gulliver/system/class.bootstrap.php
View File

@@ -2964,5 +2964,40 @@ class Bootstrap
);
return $aContext;
}
/**
* get DISABLE_PHP_UPLOAD_EXECUTION value defined in env.ini
* @return int
*/
public static function getDisablePhpUploadExecution()
{
$disablePhpUploadExecution = 0;
if (defined("DISABLE_PHP_UPLOAD_EXECUTION")) {
$disablePhpUploadExecution = (int) DISABLE_PHP_UPLOAD_EXECUTION;
}
return $disablePhpUploadExecution;
}
/**
* Record the action of executing a php file or attempting to upload a php
* file in server.
* @param type $channel
* @param type $level
* @param type $message
* @param type $fileName
*/
public static function registerMonologPhpUploadExecution($channel, $level, $message, $fileName)
{
$context = \Bootstrap::getDefaultContextLog();
$context['action'] = $channel;
$context['filename'] = $fileName;
if (defined("SYS_CURRENT_URI") && defined("SYS_CURRENT_PARMS")) {
$context['url'] = SYS_CURRENT_URI . '?' . SYS_CURRENT_PARMS;
}
$context['usrUid'] = isset($_SESSION['USER_LOGGED']) ? $_SESSION['USER_LOGGED'] : '';
$sysSys = defined("SYS_SYS") ? SYS_SYS : "Undefined";
\Bootstrap::registerMonolog($channel, $level, $message, $context, $sysSys, 'processmaker.log');
}
}

56
gulliver/system/class.g.php
View File

@@ -45,19 +45,16 @@ class G
/**
* is_https
* @return void
*/
* @return bool
*/
public static function is_https()
{
if (isset($_SERVER['HTTPS'])) {
if ($_SERVER['HTTPS']=='on') {
return true;
} else {
return false;
}
} else {
return false;
$is_http = false;
if ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on') ||
(isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')) {
$is_http = true;
}
return $is_http;
}
/**
@@ -1232,8 +1229,10 @@ class G
case 'txt':
G::sendHeaders( $filename, 'text/html', $download, $downloadFileName );
break;
case 'doc':
case 'pdf':
G::sendHeaders( $filename, 'application/pdf', $download, $downloadFileName );
break;
case 'doc':
case 'pm':
case 'po':
G::sendHeaders( $filename, 'application/octet-stream', $download, $downloadFileName );
@@ -1242,7 +1241,14 @@ class G
if ($download) {
G::sendHeaders( $filename, 'text/plain', $download, $downloadFileName );
} else {
require_once ($filename);
if (\Bootstrap::getDisablePhpUploadExecution() === 0) {
\Bootstrap::registerMonologPhpUploadExecution('phpExecution', 200, 'Php Execution', $filename);
require_once ($filename);
} else {
$message = G::LoadTranslation('THE_PHP_FILES_EXECUTION_WAS_DISABLED');
\Bootstrap::registerMonologPhpUploadExecution('phpExecution', 550, $message, $filename);
echo $message;
}
return;
}
break;
@@ -1283,12 +1289,14 @@ class G
{
if ($download) {
if ($downloadFileName == '') {
$aAux = explode( '/', $filename );
$downloadFileName = $aAux[count( $aAux ) - 1];
$aAux = explode('/', $filename);
$downloadFileName = $aAux[count($aAux) - 1];
}
header( 'Content-Disposition: attachment; filename="' . $downloadFileName . '"' );
header('Content-Disposition: attachment; filename="' . $downloadFileName . '"');
} else {
header('Content-Disposition: inline; filename="' . $downloadFileName . '"');
}
header( 'Content-Type: ' . $contentType );
header('Content-Type: ' . $contentType);
//if userAgent (BROWSER) is MSIE we need special headers to avoid MSIE behaivor.
$userAgent = strtolower( $_SERVER['HTTP_USER_AGENT'] );
@@ -5538,16 +5546,24 @@ class G
$res->status = false;
$allowedTypes = array_map('G::getRealExtension', explode(',', $InpDocAllowedFiles));
// Get the file extension
$aux = pathinfo($fileName);
$fileExtension = isset($aux['extension']) ? strtolower($aux['extension']) : '';
if (\Bootstrap::getDisablePhpUploadExecution() === 1 && $fileExtension === 'php') {
$message = \G::LoadTranslation('THE_UPLOAD_OF_PHP_FILES_WAS_DISABLED');
\Bootstrap::registerMonologPhpUploadExecution('phpUpload', 550, $message, $fileName);
$res->status = false;
$res->message = $message;
return $res;
}
// If required extension is *.* don't validate
if (in_array('*', $allowedTypes)) {
$res->status = true;
return $res;
}
// Get the file extension
$aux = pathinfo($fileName);
$fileExtension = isset($aux['extension']) ? strtolower($aux['extension']) : '';
// If no valid extension finish (unnecesary check file content)
$validExtension = in_array($fileExtension, $allowedTypes);
if (!$validExtension) {

2
pmos.conf.example
View File

@@ -6,7 +6,7 @@
<Directory /example/path/to/processmaker/workflow/public_html>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
AllowOverride All
Order allow,deny
Allow from all
Require all granted

9
workflow/engine/classes/class.case.php
View File

@@ -4433,6 +4433,11 @@ class Cases
/*----------------------------------********---------------------------------*/
$this->getExecuteTriggerProcess($sApplicationUID, 'REASSIGNED');
//Delete record of the table LIST_UNASSIGNED
$unassigned = new ListUnassigned();
$unassigned->remove($sApplicationUID, $iDelegation);
return true;
}
@@ -5225,7 +5230,7 @@ class Cases
$dataLastEmail['configuration'] = $aConfiguration;
$dataLastEmail['subject'] = $sSubject;
$dataLastEmail['pathEmail'] = $pathEmail;
$dataLastEmail['swtplDeafault'] = $swtplDefault;
$dataLastEmail['swtplDefault'] = $swtplDefault;
$dataLastEmail['body'] = $sBody;
$dataLastEmail['from'] = $from;
break;
@@ -5293,7 +5298,7 @@ class Cases
$dataLastEmail['configuration'] = $aConfiguration;
$dataLastEmail['subject'] = $sSubject;
$dataLastEmail['pathEmail'] = $pathEmail;
$dataLastEmail['swtplDeafault'] = $swtplDefault;
$dataLastEmail['swtplDefault'] = $swtplDefault;
$dataLastEmail['body'] = $sBody;
$dataLastEmail['from'] = $from;
break;

13
workflow/engine/classes/class.derivation.php
View File

@@ -1211,6 +1211,19 @@ class Derivation
$this->case->closeAppThread( $currentDelegation['APP_UID'], $iAppThreadIndex );
break;
default:
if ($nextDel['ROU_PREVIOUS_TYPE'] == 'SEC-JOIN') {
$criteria = new Criteria('workflow');
$criteria->clearSelectColumns();
$criteria->addSelectColumn(AppThreadPeer::APP_THREAD_PARENT);
$criteria->add(AppThreadPeer::APP_UID, $appFields['APP_UID']);
$criteria->add(AppThreadPeer::APP_THREAD_STATUS, 'OPEN');
$criteria->add(AppThreadPeer::APP_THREAD_INDEX, $iAppThreadIndex);
$rsCriteria = AppThreadPeer::doSelectRS($criteria);
$rsCriteria->setFetchmode(ResultSet::FETCHMODE_ASSOC);
if ($rsCriteria->next()) {
$this->case->closeAppThread($currentDelegation['APP_UID'], $iAppThreadIndex);
}
}
if ($currentDelegation['TAS_ASSIGN_TYPE'] == 'STATIC_MI' || $currentDelegation['TAS_ASSIGN_TYPE'] == 'CANCEL_MI') {
$this->case->closeAppThread( $currentDelegation['APP_UID'], $iAppThreadIndex );
}

14
workflow/engine/classes/class.pmDynaform.php
View File

@@ -27,6 +27,7 @@ class pmDynaform
private $context = array();
private $dataSources = null;
private $databaseProviders = null;
private $propertiesToExclude = array();
public function __construct($fields = array())
{
@@ -37,6 +38,7 @@ class pmDynaform
$this->serverConf = &serverConf::getSingleton();
$this->isRTL = ($this->serverConf->isRtl(SYS_LANG)) ? 'true' : 'false';
$this->fields = $fields;
$this->propertiesToExclude = array('dataVariable');
$this->getDynaform();
$this->getDynaforms();
$this->synchronizeSubDynaform();
@@ -196,11 +198,13 @@ class pmDynaform
if (is_string($value) && in_array(substr($value, 0, 2), $prefixs)) {
$triggerValue = substr($value, 2);
if (isset($this->fields["APP_DATA"][$triggerValue])) {
if ($key !== "dataVariable") {
if (!in_array($key, $this->propertiesToExclude)) {
$json->{$key} = $this->fields["APP_DATA"][$triggerValue];
}
} else {
$json->{$key} = "";
if (!in_array($key, $this->propertiesToExclude)) {
$json->{$key} = "";
}
}
}
//set properties from 'formInstance' variable
@@ -1909,6 +1913,12 @@ class pmDynaform
if ($validatorClass !== null) {
$validatorClass->validatePost($post);
}
//Clears the data in the appData for grids
if (array_key_exists($json->id, $this->fields) && $json->type === 'grid' &&
!array_key_exists($json->id, $post)
) {
$post[$json->variable] = array(array());
}
}
};
$json = G::json_decode($this->record["DYN_CONTENT"]);

18
workflow/engine/classes/class.pmFunctions.php
View File

@@ -527,13 +527,27 @@ function WSLogin ($user, $pass, $endpoint = "")
function WSOpen ($force = false)
{
if (isset( $_SESSION["WS_SESSION_ID"] ) || $force) {
$optionsHeaders = array(
"cache_wsdl" => WSDL_CACHE_NONE,
"soap_version" => SOAP_1_1,
"trace" => 1,
"stream_context" => stream_context_create(
array(
'ssl' => array(
'verify_peer' => 0,
'verify_peer_name' => 0
)
)
)
);
if (! isset( $_SESSION["WS_END_POINT"] )) {
$defaultEndpoint = "http://" . $_SERVER["SERVER_NAME"] . ":" . $_SERVER["SERVER_PORT"] . "/sys" . SYS_SYS . "/en/classic/services/wsdl2";
$defaultEndpoint = $_SERVER["REQUEST_SCHEME"] . "://" . $_SERVER["SERVER_NAME"] . ":" . $_SERVER["SERVER_PORT"] . "/sys" . SYS_SYS . "/en/classic/services/wsdl2";
}
$endpoint = isset( $_SESSION["WS_END_POINT"] ) ? $_SESSION["WS_END_POINT"] : $defaultEndpoint;
$client = new SoapClient( $endpoint );
$client = new SoapClient( $endpoint, $optionsHeaders);
return $client;
} else {

3
workflow/engine/classes/class.system.php
View File

@@ -78,7 +78,8 @@ class System
'leave_case_warning' => 0,
'server_hostname_requests_frontend' => '',
'load_headers_ie' => 0,
'redirect_to_mobile' => 0
'redirect_to_mobile' => 0,
'disable_php_upload_execution' => 0
);
/**

11
workflow/engine/classes/model/AppDelegation.php
View File

@@ -442,6 +442,7 @@ class AppDelegation extends BaseAppDelegation
//Get Task properties
$task = TaskPeer::retrieveByPK( $this->getTasUid() );
$aData = array();
$aData['TAS_UID'] = $this->getTasUid();
//Added to allow User defined Timing Control at Run time from Derivation screen
if (isset( $sNextTasParam['NEXT_TASK']['TAS_TRANSFER_HIDDEN_FLY'] ) && $sNextTasParam['NEXT_TASK']['TAS_TRANSFER_HIDDEN_FLY'] == 'true') {
@@ -471,7 +472,7 @@ class AppDelegation extends BaseAppDelegation
//Calendar - Use the dates class to calculate dates
$calendar = new calendar();
$arrayCalendarData = array();
$arrayCalendarData = $calendar->getCalendarData($aCalendarUID);
if ($calendar->pmCalendarUid == "") {
$calendar->getCalendar(null, $this->getProUid(), $this->getTasUid());
@@ -480,11 +481,11 @@ class AppDelegation extends BaseAppDelegation
}
//Due date
/*$iDueDate = $calendar->calculateDate( $this->getDelDelegateDate(), $aData['TAS_DURATION'], $aData['TAS_TIMEUNIT'] //hours or days, ( we only accept this two types or maybe weeks
);*/
$dueDate = $calendar->dashCalculateDate($this->getDelDelegateDate(), $aData["TAS_DURATION"], $aData["TAS_TIMEUNIT"], $arrayCalendarData);
$initDate = $this->getDelDelegateDate();
$timeZone = \ProcessMaker\Util\DateTime::convertUtcToTimeZone($initDate);
$dueDate = $calendar->dashCalculateDate($timeZone, $aData["TAS_DURATION"], $aData["TAS_TIMEUNIT"], $arrayCalendarData);
//Return
$dueDate = \ProcessMaker\Util\DateTime::convertDataToUtc($dueDate);
return $dueDate;
}

12
workflow/engine/content/translations/english/processmaker.en.po
View File

@@ -27419,6 +27419,18 @@ msgstr "External Registration"
msgid "Filter By"
msgstr "Filter By"
# TRANSLATION
# LABEL/THE_UPLOAD_OF_PHP_FILES_WAS_DISABLED
#: LABEL/THE_UPLOAD_OF_PHP_FILES_WAS_DISABLED
msgid "The upload of PHP files was disabled please contact the system administrator."
msgstr "The upload of PHP files was disabled please contact the system administrator."
# TRANSLATION
# LABEL/THE_PHP_FILES_EXECUTION_WAS_DISABLED
#: LABEL/THE_PHP_FILES_EXECUTION_WAS_DISABLED
msgid "The PHP files execution was disabled please contact the system administrator."
msgstr "The PHP files execution was disabled please contact the system administrator."
# TRANSLATION
# LABEL/ID_MAFE_cae0206c31eaa305dd0e847330c5e837
#: LABEL/ID_MAFE_cae0206c31eaa305dd0e847330c5e837

12
workflow/engine/methods/appFolder/appFolderAjax.php
View File

@@ -1534,6 +1534,18 @@ function uploadExternalDocument()
//Read. Instance Document classes
if (!empty($quequeUpload)) {
foreach ($quequeUpload as $key => $fileObj) {
$extension = pathinfo($fileObj['fileName'], PATHINFO_EXTENSION);
if (\Bootstrap::getDisablePhpUploadExecution() === 1 && $extension === 'php') {
$message = \G::LoadTranslation('THE_UPLOAD_OF_PHP_FILES_WAS_DISABLED');
\Bootstrap::registerMonologPhpUploadExecution('phpUpload', 550, $message, $fileObj['fileName']);
$response['error'] = $message;
$response['message'] = $message;
$response['success'] = false;
print_r(G::json_encode($response));
exit();
}
}
$docUid=$_POST['docUid'];
$appDocUid=isset($_POST['APP_DOC_UID'])?$_POST['APP_DOC_UID']:"";
$docVersion=isset($_POST['docVersion'])?$_POST['docVersion']:"";

24
workflow/engine/methods/cases/casesList_Ajax.php
View File

@@ -64,6 +64,30 @@ if ($actionAjax == "userValues") {
$users = filterUserListArray($users, $query);
//now get users, just for the Search action
switch ($action) {
case 'to_reassign':
$cUsers = $oAppCache->getToReassignListCriteria(null);
$cUsers->addSelectColumn(AppCacheViewPeer::USR_UID);
if (g::MySQLSintaxis()) {
$cUsers->addGroupByColumn(AppCacheViewPeer::USR_UID);
}
if (!is_null($query)) {
$filters = $cUsers->getNewCriterion(UsersPeer::USR_FIRSTNAME, '%' . $query . '%', Criteria::LIKE)->addOr(
$cUsers->getNewCriterion(UsersPeer::USR_LASTNAME, '%' . $query . '%', Criteria::LIKE)->addOr(
$cUsers->getNewCriterion(UsersPeer::USR_USERNAME, '%' . $query . '%', Criteria::LIKE)));
$cUsers->addAnd($filters);
}
$cUsers->setLimit(20);
$cUsers->addAscendingOrderByColumn(AppCacheViewPeer::APP_CURRENT_USER);
$oDataset = AppCacheViewPeer::doSelectRS($cUsers, Propel::getDbConnection('workflow_ro'));
$oDataset->setFetchmode(ResultSet::FETCHMODE_ASSOC);
$oDataset->next();
while ($aRow = $oDataset->getRow()) {
$users[] = array("USR_UID" => $aRow['USR_UID'], "USR_FULLNAME" => $aRow['APP_CURRENT_USER']);
$oDataset->next();
}
break;
case 'search_simple':
case 'search':
G::LoadClass("configuration");

61
workflow/engine/methods/cases/casesMenuLoader.php
View File

@@ -9,9 +9,6 @@ switch ($action) {
case 'getAllCounters':
getAllCounters();
break;
case 'getProcess':
getProcess();
break;
/*----------------------------------********---------------------------------*/
case 'getAllCountersEnterprise':
getAllCountersEnterprise();
@@ -218,64 +215,6 @@ function getLoadTreeMenuData ()
print $xml;*/
}
// get the process summary of specific case list type,
function getProcess ()
{
global $G_TMP_MENU;
global $userId;
if (! isset( $_GET['item'] )) {
die();
}
$oMenu = new Menu();
$oMenu->load( 'cases' );
$type = $_GET['item'];
$oCases = new AppCacheView();
$aTypesID = array ();
$aTypesID['CASES_INBOX'] = 'to_do';
$aTypesID['CASES_DRAFT'] = 'draft';
$aTypesID['CASES_CANCELLED'] = 'cancelled';
$aTypesID['CASES_SENT'] = 'sent';
$aTypesID['CASES_PAUSED'] = 'paused';
$aTypesID['CASES_COMPLETED'] = 'completed';
$aTypesID['CASES_SELFSERVICE'] = 'selfservice';
//$aTypesID['CASES_TO_REVISE'] = 'to_revise';
//$aTypesID['CASES_TO_REASSIGN'] = 'to_reassign';
$aTypesID = Array ('CASES_INBOX' => 'to_do','CASES_DRAFT' => 'draft','CASES_CANCELLED' => 'cancelled','CASES_SENT' => 'sent','CASES_PAUSED' => 'paused','CASES_COMPLETED' => 'completed','CASES_SELFSERVICE' => 'selfservice','CASES_TO_REVISE' => 'to_revise','CASES_TO_REASSIGN' => 'to_reassign');
$aCount = $oCases->getAllCounters( Array ($aTypesID[$type]
), $userId, true );
$response = Array ();
//disabling the summary...
/*
$i=0;
foreach($aCount[$aTypesID[$type]]['sumary'] as $PRO_UID=>$process){
//{"text":"state","id":"src\/state","cls":"folder", loaded:true},
$response[$i] = new stdClass();
$response[$i]->text = $process['name'] . ' ('.$process['count'].')';
$response[$i]->id = $process['name'];
$response[$i]->cls = 'folder';
$response[$i]->loaded = true;
$i++;
}
*/
//ordering
/*for($i=0; $i<=count($response)-1; $i++){
for($j=$i+1; $j<=count($response); $j++){
echo $response[$j]->text .'<'. $response[$i]->text;
if($response[$j]->text[0] < $response[$i]->text[0]){
$x = $response[$i];
$response[$i] = $response[$j];
$response[$j] = $x;
}
}
}*/
echo G::json_encode( $response );
}
/*----------------------------------********---------------------------------*/
function getAllCountersEnterprise()
{

19
workflow/engine/methods/cases/cases_Ajax.php
View File

@@ -1019,20 +1019,23 @@ switch (($_POST['action']) ? $_POST['action'] : $_REQUEST['action']) {
if (is_array( $aApplication )) {
$response['exists'] = true;
$objCase = new \ProcessMaker\BusinessModel\Cases();
$aUserCanAccess = $objCase->userAuthorization(
$_SESSION['USER_LOGGED'],
$aApplication['PRO_UID'],
$aApplication['APP_UID'],
array('PM_ALLCASES'),
array('SUMMARY_FORM'=>'VIEW')
);
//Check if the user is a supervisor to this Process
if(isset($_POST['actionFromList']) && $_POST['actionFromList']==='to_revise'){
$oAppCache = new AppCacheView();
$aProcesses = $oAppCache->getProUidSupervisor($_SESSION['USER_LOGGED']);
if(!in_array($aApplication['PRO_UID'], $aProcesses)){
if (isset($_POST['actionFromList']) && $_POST['actionFromList']==='to_revise') {
if (!$aUserCanAccess['supervisor']) {
$response['exists'] = false;
$response['message'] = G::LoadTranslation('ID_NO_PERMISSION_NO_PARTICIPATED');
}
} else {//Check if the user participated in this case
$oParticipated = new ListParticipatedLast();
$aParticipated = $oParticipated->loadList($_SESSION['USER_LOGGED'], array(), null, $aApplication['APP_UID']);
if(!sizeof($aParticipated)){
//Check in the selfservice list
if (!$aUserCanAccess['participated'] && !$aUserCanAccess['rolesPermissions']['PM_ALLCASES'] && !$aUserCanAccess['objectPermissions']['SUMMARY_FORM']) {
$response['exists'] = false;
$response['message'] = G::LoadTranslation('ID_NO_PERMISSION_NO_PARTICIPATED');
}

74
workflow/engine/methods/cases/cases_Resume.php
View File

@@ -49,20 +49,34 @@ $G_ID_SUB_MENU_SELECTED = '_';
/* Prepare page before to show */
$oCase = new Cases();
//$Fields = $oCase->loadCase( $_SESSION['APPLICATION'], $_SESSION['INDEX'] );
//Check the authorization
$objCase = new \ProcessMaker\BusinessModel\Cases();
$aUserCanAccess = $objCase->userAuthorization(
$_SESSION['USER_LOGGED'],
$_SESSION['PROCESS'],
$_GET['APP_UID'],
array('PM_ALLCASES'),
array('SUMMARY_FORM' => 'VIEW')
);
if (isset($_SESSION['ACTION']) && ($_SESSION['ACTION'] == 'jump')) {
$Fields = $oCase->loadCase( $_SESSION['APPLICATION'], $_SESSION['INDEX'], $_SESSION['ACTION']);
$process = new Process();
$processData = $process->load($Fields['PRO_UID']);
if (isset($processData['PRO_DYNAFORMS']['PROCESS']) && $processData['PRO_DYNAFORMS']['PROCESS'] != '' &&
$aUserCanAccess['objectPermissions']['SUMMARY_FORM']
) {
$_REQUEST['APP_UID'] = $Fields['APP_UID'];
$_REQUEST['DEL_INDEX'] = $Fields['DEL_INDEX'];
$_REQUEST['DYN_UID'] = $processData['PRO_DYNAFORMS']['PROCESS'];
require_once(PATH_METHODS . 'cases' . PATH_SEP . 'summary.php');
exit();
}
} else {
$Fields = $oCase->loadCase( $_SESSION['APPLICATION'], $_SESSION['INDEX']);
}
//Check the participated
$participated = $oCase->userParticipatedInCase( $_GET['APP_UID'], $_SESSION['USER_LOGGED'] );
//Check if is Supervisor
$processUser = new ProcessUser();
$userAccess = $processUser->validateUserAccess($Fields['PRO_UID'], $_SESSION['USER_LOGGED']);
if ($RBAC->userCanAccess( 'PM_ALLCASES' ) < 0 && !$participated && !$userAccess) {
if (!$aUserCanAccess['participated'] && !$aUserCanAccess['supervisor'] && !$aUserCanAccess['rolesPermissions']['PM_ALLCASES'] && !$aUserCanAccess['objectPermissions']['SUMMARY_FORM']) {
$aMessage['MESSAGE'] = G::LoadTranslation( 'ID_NO_PERMISSION_NO_PARTICIPATED' );
$G_PUBLISH = new Publisher();
$G_PUBLISH->AddContent( 'xmlform', 'xmlform', 'login/showMessage', '', $aMessage );
@@ -133,36 +147,30 @@ if ($nTasksInParallel > 1) {
$Fields['TAS_TITLE'] = $aTask['TAS_TITLE'];
$objUser = new Users();
$oHeadPublisher = & headPublisher::getSingleton();
$oHeadPublisher->addScriptFile( '/jscore/cases/core/cases_Step.js' );
$G_PUBLISH = new Publisher();
$G_PUBLISH->AddContent( 'xmlform', 'xmlform', 'cases/cases_Resume.xml', '', $Fields, '' );
if($Fields['APP_STATUS'] != 'COMPLETED'){
$G_PUBLISH->AddContent( 'xmlform', 'xmlform', 'cases/cases_Resume_Current_Task_Title.xml', '', $Fields, '' );
$objDel = new AppDelegation();
$parallel = $objDel->LoadParallel ($Fields['APP_UID'],$_GET['DEL_INDEX']);
$FieldsPar = $Fields;
if(empty($parallel)){
$G_PUBLISH->AddContent( 'xmlform', 'xmlform', 'cases/cases_Resume_Current_Task.xml', '', $Fields, '' );
}else{
foreach($parallel as $row){
$FieldsPar['TAS_UID'] = $row['TAS_UID'];
$aTask = $objTask->load( $row['TAS_UID'] );
$FieldsPar['TAS_TITLE'] = $aTask['TAS_TITLE'];
$FieldsPar['USR_UID'] = $row['USR_UID'];
if(isset($row['USR_UID']) && !empty($row['USR_UID'])) {
$aUser = $objUser->loadDetails ($row['USR_UID']);
$FieldsPar['CURRENT_USER'] = $aUser['USR_FULLNAME'];
}
$FieldsPar['DEL_DELEGATE_DATE'] = $row['DEL_DELEGATE_DATE'];
$FieldsPar['DEL_INIT_DATE'] = $row['DEL_INIT_DATE'];
$FieldsPar['DEL_TASK_DUE_DATE'] = $row['DEL_TASK_DUE_DATE'];
$FieldsPar['DEL_FINISH_DATE'] = $row['DEL_FINISH_DATE'];
$G_PUBLISH->AddContent( 'xmlform', 'xmlform', 'cases/cases_Resume_Current_Task.xml', '', $FieldsPar, '' );
if ($Fields['APP_STATUS'] != 'COMPLETED') {
$G_PUBLISH->AddContent( 'xmlform', 'xmlform', 'cases/cases_Resume_Current_Task_Title.xml', '', $Fields, '' );
$objDel = new AppDelegation();
$parallel = $objDel->LoadParallel($Fields['APP_UID']);
$FieldsPar = $Fields;
foreach ($parallel as $row) {
$FieldsPar['TAS_UID'] = $row['TAS_UID'];
$aTask = $objTask->load( $row['TAS_UID'] );
$FieldsPar['TAS_TITLE'] = $aTask['TAS_TITLE'];
$FieldsPar['USR_UID'] = $row['USR_UID'];
if (isset($row['USR_UID']) && !empty($row['USR_UID'])) {
$aUser = $objUser->loadDetails ($row['USR_UID']);
$FieldsPar['CURRENT_USER'] = $aUser['USR_FULLNAME'];
}
$FieldsPar['DEL_DELEGATE_DATE'] = $row['DEL_DELEGATE_DATE'];
$FieldsPar['DEL_INIT_DATE'] = $row['DEL_INIT_DATE'];
$FieldsPar['DEL_TASK_DUE_DATE'] = $row['DEL_TASK_DUE_DATE'];
$FieldsPar['DEL_FINISH_DATE'] = $row['DEL_FINISH_DATE'];
$G_PUBLISH->AddContent( 'xmlform', 'xmlform', 'cases/cases_Resume_Current_Task.xml', '', $FieldsPar);
}
}
}
G::RenderPage('publish', 'blank');

2
workflow/engine/methods/cases/cases_Step.php
View File

@@ -1009,7 +1009,7 @@ try {
$aFields['TASK'][$sKey]['NEXT_TASK']['TAS_TRANSFER_HIDDEN_FLY'] = "<input type=hidden name='" . $hiddenName . "[NEXT_TASK][TAS_TRANSFER_HIDDEN_FLY]' id='" . $hiddenName . "[NEXT_TASK][TAS_TRANSFER_HIDDEN_FLY]' value=" . $aValues['NEXT_TASK']['TAS_TRANSFER_FLY'] . ">";
if ($aValues['NEXT_TASK']['TAS_TRANSFER_FLY'] == 'true') {
$aFields['TASK'][$sKey]['NEXT_TASK']['TAS_DURATION'] = '<input type="text" size="5" name="' . $hiddenName . '[NEXT_TASK][TAS_DURATION]" id="' . $hiddenName . '[NEXT_TASK][TAS_DURATION]" value="' . $aValues['NEXT_TASK']['TAS_DURATION'] . '">';
$hoursSelected = $daysSelected = '';
$hoursSelected = $daysSelected = $minSelected = '';
if ($aFields['TASK'][$sKey]['NEXT_TASK']['TAS_TIMEUNIT'] == 'HOURS') {
$hoursSelected = "selected = 'selected'";
} else {

7
workflow/engine/methods/cases/proxyNewCasesList.php
View File

@@ -10,9 +10,6 @@ if (!isset($_SESSION['USER_LOGGED'])) {
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$_GET = $filter->xssFilterHard($_GET);
$_REQUEST = $filter->xssFilterHard($_REQUEST);
$_SESSION['USER_LOGGED'] = $filter->xssFilterHard($_SESSION['USER_LOGGED']);
try {
$userUid = $_SESSION['USER_LOGGED'];
@@ -162,7 +159,7 @@ try {
$record["APP_UPDATE_DATE"] = $record["DEL_DELEGATE_DATE"];
}
if (isset($record['DEL_CURRENT_TAS_TITLE'])) {
if (isset($record['DEL_CURRENT_TAS_TITLE']) && $record['DEL_CURRENT_TAS_TITLE'] != '') {
$record['APP_TAS_TITLE'] = $record['DEL_CURRENT_TAS_TITLE'];
}
@@ -195,8 +192,6 @@ try {
$response['filters'] = $filtersData;
$response['totalCount'] = $list->countTotal($userUid, $filtersData);
$response = $filter->xssFilterHard($response);
$response['data'] = \ProcessMaker\Util\DateTime::convertUtcToTimeZone($result);
echo G::json_encode($response);

1
workflow/engine/methods/cases/summary.php
View File

@@ -69,7 +69,6 @@ try {
$result = DynaformPeer::doSelectRS($criteria);
$result->setFetchmode(ResultSet::FETCHMODE_ASSOC);
if ($result->next()) {
G::LoadClass('pmDynaform');
G::LoadClass('pmDynaform');
$FieldsPmDynaform = $applicationFields;
$FieldsPmDynaform["CURRENT_DYNAFORM"] = $_REQUEST['DYN_UID'];

14
workflow/engine/methods/setup/pluginsChange.php
View File

@@ -92,16 +92,12 @@ if ($handle = opendir( PATH_PLUGINS )) {
/**
* Calls PMExtensionClass Builder to include Plugins changes.
*/
$config = Bootstrap::getSystemConfiguration();
if (!empty($config['experimental_features'])) {
$phpBuilder = new ProcessMakerPhpBuilderHelper();
$phpBuilder->enabledExtensions = $oPluginRegistry->getEnabledPlugins();
if (!empty($phpBuilder->enabledExtensions)) {
$phpBuilder->extension = true;
}
$phpBuilder->buildAll();
$phpBuilder = new ProcessMakerPhpBuilderHelper();
$phpBuilder->enabledExtensions = $oPluginRegistry->getEnabledPlugins();
if (!empty($phpBuilder->enabledExtensions)) {
$phpBuilder->extension = true;
}
$phpBuilder->buildAll();
}
//$oPluginRegistry->showArrays();

45
workflow/engine/src/ProcessMaker/BusinessModel/Cases.php
View File

@@ -3252,4 +3252,49 @@ class Cases
$result = $case->updateCase($applicationUid, $arrayApplicationData);
}
}
/**
* Get Permissions, Participate, Access
*
* @param string $usrUid
* @param string $proUid
* @param string $appUid
* @param array $rolesPermissions
* @param array $objectPermissions
* @return array Returns array with all access
*/
public function userAuthorization($usrUid, $proUid, $appUid, $rolesPermissions = array(), $objectPermissions = array()) {
$arrayAccess = array();
//User has participated
$oParticipated = new \ListParticipatedLast();
$aParticipated = $oParticipated->loadList($usrUid, array(), null, $appUid);
$arrayAccess['participated'] = (count($aParticipated) == 0) ? false : true;
//User is supervisor
$supervisor = new \ProcessMaker\BusinessModel\ProcessSupervisor();
$isSupervisor = $supervisor->isUserProcessSupervisor($proUid, $usrUid);
$arrayAccess['supervisor'] = ($isSupervisor) ? true : false;
//Roles Permissions
if (count($rolesPermissions) > 0) {
global $RBAC;
foreach ($rolesPermissions as $value) {
$arrayAccess['rolesPermissions'][$value] = ($RBAC->userCanAccess($value) < 0) ? false : true;
}
}
//Object Permissions
if (count($objectPermissions) > 0) {
$oCase = new \Cases();
foreach ($objectPermissions as $key => $value) {
$resPermission = $oCase->getAllObjectsFrom($proUid, $appUid, '', $usrUid, $value);
if (isset($resPermission[$key])) {
$arrayAccess['objectPermissions'][$key] = $resPermission[$key];
}
}
}
return $arrayAccess;
}
}

10
workflow/engine/src/ProcessMaker/BusinessModel/Cases/InputDocument.php
View File

@@ -971,6 +971,16 @@ class InputDocument
$aFields = array("APP_UID" => $appUid, "DEL_INDEX" => $delIndex, "USR_UID" => $userUid, "DOC_UID" => -1, "APP_DOC_TYPE" => "ATTACHED", "APP_DOC_CREATE_DATE" => date("Y-m-d H:i:s"), "APP_DOC_COMMENT" => "", "APP_DOC_TITLE" => "", "APP_DOC_FILENAME" => $arrayFileName[$i], "APP_DOC_FIELDNAME" => $fieldName);
}
$sExtension = pathinfo($aFields["APP_DOC_FILENAME"]);
if (\Bootstrap::getDisablePhpUploadExecution() === 1 && $sExtension["extension"] === 'php') {
$message = \G::LoadTranslation('THE_UPLOAD_OF_PHP_FILES_WAS_DISABLED');
\Bootstrap::registerMonologPhpUploadExecution('phpUpload', 550, $message, $sFileName);
\G::SendMessageText($message, "ERROR");
$backUrlObj = explode("sys" . SYS_SYS, $_SERVER['HTTP_REFERER']);
\G::header("location: " . "/sys" . SYS_SYS . $backUrlObj[1]);
die();
}
$oAppDocument = new \AppDocument();
$oAppDocument->create($aFields);

5
workflow/engine/src/ProcessMaker/BusinessModel/FilesManager.php
View File

@@ -187,6 +187,11 @@ class FilesManager
if ($extention == '.exe') {
throw new \Exception(\G::LoadTranslation('ID_FILE_UPLOAD_INCORRECT_EXTENSION'));
}
if (\Bootstrap::getDisablePhpUploadExecution() === 1 && $extention === '.php') {
$message = \G::LoadTranslation('THE_UPLOAD_OF_PHP_FILES_WAS_DISABLED');
\Bootstrap::registerMonologPhpUploadExecution('phpUpload', 550, $message, $aData['prf_filename']);
throw new \Exception($message);
}
break;
default:
$sDirectory = PATH_DATA_MAILTEMPLATES . $sProcessUID . PATH_SEP . $sSubDirectory . $aData['prf_filename'];

10
workflow/engine/src/ProcessMaker/BusinessModel/Light.php
View File

@@ -902,6 +902,16 @@ class Light
$response = array();
if (is_array($request_data)) {
foreach ($request_data as $k => $file) {
$ext = pathinfo($file['name'], PATHINFO_EXTENSION);
if (\Bootstrap::getDisablePhpUploadExecution() === 1 && $ext === 'php') {
$message = \G::LoadTranslation('THE_UPLOAD_OF_PHP_FILES_WAS_DISABLED');
\Bootstrap::registerMonologPhpUploadExecution('phpUpload', 550, $message, $file['name']);
$response[$k]['error'] = array(
"code" => "400",
"message" => $message
);
continue;
}
$oCase = new \Cases();
$delIndex = $oCase->getCurrentDelegation($app_uid, $userUid);
$docUid = !empty($file['docUid']) ? $file['docUid'] : -1;

5
workflow/engine/src/ProcessMaker/BusinessModel/Light/NotificationDevice.php
View File

@@ -199,11 +199,6 @@ class NotificationDevice
$devices = $oNoti->loadUsersArrayId($userIds);
} else {
$devices = $oNoti->loadByUsersId($userIds);
$lists = new \ProcessMaker\BusinessModel\Lists();
$counter = $lists->getCounters($userIds);
$light = new \ProcessMaker\Services\Api\Light();
$result = $light->parserCountersCases($counter);
$data['counters'] = $result;
}
$devicesAndroidIds = array();

26
workflow/engine/src/ProcessMaker/BusinessModel/ProcessSupervisor.php
View File

@@ -129,14 +129,14 @@ class ProcessSupervisor
$sql = "
SELECT DISTINCT " . \GroupUserPeer::GRP_UID . "
FROM " . \GroupUserPeer::TABLE_NAME . ", " . \UsersPeer::TABLE_NAME . ",
" . \UsersRolesPeer::TABLE_NAME . ", " . \RolesPermissionsPeer::TABLE_NAME . ", " . \PermissionsPeer::TABLE_NAME . "
" . DB_RBAC_NAME . '.' . \UsersRolesPeer::TABLE_NAME . ", " . DB_RBAC_NAME . '.' . \RolesPermissionsPeer::TABLE_NAME . ", " . DB_RBAC_NAME . '.' . \PermissionsPeer::TABLE_NAME . "
WHERE " . \GroupUserPeer::GRP_UID . " = " . \GroupwfPeer::GRP_UID . " AND
" . \GroupUserPeer::USR_UID . " = " . \UsersPeer::USR_UID . " AND " . \UsersPeer::USR_STATUS . " = " . $delimiter . "ACTIVE" . $delimiter . " AND
" . \UsersPeer::USR_UID . " = " . \UsersRolesPeer::USR_UID . " AND
" . \UsersRolesPeer::ROL_UID . " = " . \RolesPermissionsPeer::ROL_UID . " AND
" . \RolesPermissionsPeer::PER_UID . " = " . \PermissionsPeer::PER_UID . " AND
" . \PermissionsPeer::PER_CODE . " = " . $delimiter . "PM_SUPERVISOR" . $delimiter . " AND
" . \PermissionsPeer::PER_SYSTEM . " = " . $delimiter . $arrayRbacSystemData["SYS_CODE"] . $delimiter . "
" . \UsersPeer::USR_UID . " = " . DB_RBAC_NAME . '.' . \UsersRolesPeer::USR_UID . " AND
" . DB_RBAC_NAME . '.' . \UsersRolesPeer::ROL_UID . " = " . DB_RBAC_NAME . '.' . \RolesPermissionsPeer::ROL_UID . " AND
" . DB_RBAC_NAME . '.' . \RolesPermissionsPeer::PER_UID . " = " . DB_RBAC_NAME . '.' . \PermissionsPeer::PER_UID . " AND
" . DB_RBAC_NAME . '.' . \PermissionsPeer::PER_CODE . " = " . $delimiter . "PM_SUPERVISOR" . $delimiter . " AND
" . DB_RBAC_NAME . '.' . \PermissionsPeer::PER_SYSTEM . " = " . $delimiter . $arrayRbacSystemData["SYS_CODE"] . $delimiter . "
";
$criteriaGroup->add(
@@ -209,13 +209,13 @@ class ProcessSupervisor
break;
case "AVAILABLE":
$sql = "
SELECT DISTINCT " . \UsersRolesPeer::USR_UID . "
FROM " . \UsersRolesPeer::TABLE_NAME . ", " . \RolesPermissionsPeer::TABLE_NAME . ", " . \PermissionsPeer::TABLE_NAME . "
WHERE " . \UsersRolesPeer::USR_UID . " = " . \UsersPeer::USR_UID . " AND
" . \UsersRolesPeer::ROL_UID . " = " . \RolesPermissionsPeer::ROL_UID . " AND
" . \RolesPermissionsPeer::PER_UID . " = " . \PermissionsPeer::PER_UID . " AND
" . \PermissionsPeer::PER_CODE . " = " . $delimiter . "PM_SUPERVISOR" . $delimiter . " AND
" . \PermissionsPeer::PER_SYSTEM . " = " . $delimiter . $arrayRbacSystemData["SYS_CODE"] . $delimiter . "
SELECT DISTINCT " . DB_RBAC_NAME . '.' . \UsersRolesPeer::USR_UID . "
FROM " . DB_RBAC_NAME . '.' . \UsersRolesPeer::TABLE_NAME . ", " . DB_RBAC_NAME . '.' . \RolesPermissionsPeer::TABLE_NAME . ", " . DB_RBAC_NAME . '.' . \PermissionsPeer::TABLE_NAME . "
WHERE " . DB_RBAC_NAME . '.' . \UsersRolesPeer::USR_UID . " = " . \UsersPeer::USR_UID . " AND
" . DB_RBAC_NAME . '.' . \UsersRolesPeer::ROL_UID . " = " . DB_RBAC_NAME . '.' . \RolesPermissionsPeer::ROL_UID . " AND
" . DB_RBAC_NAME . '.' . \RolesPermissionsPeer::PER_UID . " = " . DB_RBAC_NAME . '.' . \PermissionsPeer::PER_UID . " AND
" . DB_RBAC_NAME . '.' . \PermissionsPeer::PER_CODE . " = " . $delimiter . "PM_SUPERVISOR" . $delimiter . " AND
" . DB_RBAC_NAME . '.' . \PermissionsPeer::PER_SYSTEM . " = " . $delimiter . $arrayRbacSystemData["SYS_CODE"] . $delimiter . "
";
$criteriaUser->add(

3
workflow/engine/src/ProcessMaker/Core/RoutingScreen.php
View File

@@ -65,6 +65,9 @@ class RoutingScreen extends \Derivation
} else {
$aDataMerged[$key]['NEXT_ROUTING'][] = $post[$i];
}
if (isset($post[$i]['NEXT_TASK'])) {
$aDataMerged[$key]['NEXT_TASK'] = $post[$i]['NEXT_TASK'];
}
}
}
}

27
workflow/engine/src/ProcessMaker/Services/Api/Light.php
View File

@@ -30,6 +30,31 @@ class Light extends Api
'delRiskDate'
];
public function __isAllowed()
{
try {
$methodName = $this->restler->apiMethodInfo->methodName;
$arrayArgs = $this->restler->apiMethodInfo->arguments;
switch ($methodName) {
case 'doIfAlreadyRoute':
$applicationUid = $this->parameters[$arrayArgs['app_uid']];
$delIndex = $this->parameters[$arrayArgs['cas_index']];
$userUid = $this->getUserId();
//Check if the user has the case
$appDelegation = new \AppDelegation();
$aCurUser = $appDelegation->getCurrentUsers($applicationUid, $delIndex);
if (!empty($aCurUser) && in_array($userUid, $aCurUser)) {
return true;
}
return false;
break;
}
return false;
} catch (\Exception $e) {
throw new RestException(Api::STAT_APP_EXCEPTION, $e->getMessage());
}
}
/**
* Constructor of the class
*
@@ -793,6 +818,8 @@ class Light extends Api
/**
* Get Already Route
*
* @access protected
* @class AccessControl {@className \ProcessMaker\Services\Api\Light}
* @param string $app_uid {@min 1}{@max 32}
* @param int $cas_index
*

3
workflow/engine/templates/cases/casesList.js
View File

@@ -2050,7 +2050,8 @@ Ext.onReady ( function() {
btnReassign,
"->",
_("ID_USER"),
comboAllUsers,
suggestUser,
resetSuggestButton,
"-",
_("ID_CATEGORY"),
comboCategory,

52
workflow/engine/templates/cases/main.js
View File

@@ -16,7 +16,6 @@ var propStore;
var triggerStore;
var debugVariablesFilter;
var ReloadTreeMenuItemDetail;
var NOTIFIER_FLAG = false;
var result;
var _action = '';
@@ -258,39 +257,6 @@ Ext.onReady(function(){
}
});
var treeMenuItemDetail = new Ext.tree.TreePanel({
id: 'tree_menuItem_detail',
region: 'south',
animate:true,
autoScroll:true,
loader: new Ext.tree.TreeLoader({
dataUrl:'casesMenuLoader?action=getProcess'
}),
enableDD:true,
containerScroll: true,
border: false,
width: 250,
height: 120,
dropConfig: {appendOnly:true},
collapsible: true,
split: true,
margins: '0 2 2 2',
cmargins: '2 2 2 2',
rootVisible: false,
root: new Ext.tree.AsyncTreeNode()/*,
tbar: [{
text: 'reload',
handler: ReloadTreeMenuItemDetail
}]*/
});
ReloadTreeMenuItemDetail = function(params){
treeMenuItemDetail.loader.dataUrl = 'casesMenuLoader?action=getProcess&item='+params.item;
treeMenuItemDetail.root.reload();
}
// set the root node
var root = new Ext.tree.AsyncTreeNode({
text: 'Ext JS',
@@ -300,8 +266,6 @@ Ext.onReady(function(){
expanded:true
});
treeMenuItemDetail.setRootNode(root);
mainMenu = new Ext.Panel({
id:'menuTreePanel',
title: '',
@@ -317,8 +281,7 @@ Ext.onReady(function(){
margins: '0 0 0 2',
items: [
treeMenuItems,
treeMenuItemDetail
treeMenuItems
]
});
mainMenu.setTitle("<div style=\"height: 18px;\"><a href=\"javascript:;\"><img id=\"refreshNotifiers\" src=\"/images/refresh.gif\" onclick=\"updateCasesTree(); updateCasesView();\" /></a></div>");
@@ -530,15 +493,6 @@ Ext.onReady(function(){
menuPanelC.hide();
menuPanelC.ownerCt.doLayout();
/**show*/
//w.show();
//w.ownerCt.doLayout();
//w.expand();
var menuPanelDetail = Ext.getCmp('tree_menuItem_detail');
menuPanelDetail.hide();
menuPanelDetail.ownerCt.doLayout();
//FORMATS.casesListRefreshTime is in seconds
setTimeout("timer()", parseInt(FORMATS.casesListRefreshTime) * 1000);
});
@@ -571,9 +525,7 @@ function updateCasesTree() {
document.getElementById('refreshNotifiers').src = '/images/ext/default/grid/loading.gif';
itemsTypes = Array('CASES_INBOX', 'CASES_DRAFT', 'CASES_CANCELLED', 'CASES_SENT', 'CASES_PAUSED', 'CASES_COMPLETED', 'CASES_SELFSERVICE');
if (currentSelectedTreeMenuItem) {
ReloadTreeMenuItemDetail({item: currentSelectedTreeMenuItem});
}
Ext.Ajax.request({
url: urlProxy + Math.random(),
success: function (response) {

2
workflow/engine/templates/cases/reassignList.js
View File

@@ -32,7 +32,7 @@
var storeUsersToReassign = new Ext.data.Store({
remoteSort: false,
autoLoad:true,
autoLoad:false,
proxy : proxyUsersToReassignList,
reader: readerUsersToReassignList,
writer: writerUsersToReassignList, // <-- plug a DataWriter into the store just as you would a Reader

2
workflow/public_html/.htaccess
View File

@@ -3,7 +3,7 @@
Deny from all
</FilesMatch>
<FilesMatch "^(app|sysGeneric)\.php$">
<FilesMatch "^(app|sysGeneric|gmail)\.php">
Order Allow,Deny
Allow from All
</FilesMatch>

45
workflow/public_html/sysGeneric.php
View File

@@ -117,6 +117,10 @@ if (file_exists($requestFile)) {
header( "location: /errors/error404.php?url=" . urlencode( $_SERVER['REQUEST_URI'] ) );
die;
}
if ($request === "app.php" || $request === "sysGeneric.php") {
//HTTP/1.0 403 Forbidden
http_response_code(403);
}
$pos = strripos($request, ".") + 1;
$size = strlen($request);
if($pos < $size) {
@@ -307,20 +311,11 @@ if (!(array_key_exists('REMOTE_USER', $_SERVER) && (string)($_SERVER['REMOTE_USE
ini_set('session.cookie_httponly', 1);
ini_set('session.cookie_secure', 1);
}
//$e_all = defined( 'E_DEPRECATED' ) ? E_ALL & ~ E_DEPRECATED : E_ALL;
//$e_all = defined( 'E_STRICT' ) ? $e_all & ~ E_STRICT : $e_all;
//$e_all = $config['debug'] ? $e_all : $e_all & ~ E_NOTICE;
//$e_all = E_ALL & ~ E_DEPRECATED & ~ E_STRICT & ~ E_NOTICE & ~E_WARNING;
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$config['display_errors'] = $filter->validateInput($config['display_errors']);
$config['error_reporting'] = $filter->validateInput($config['error_reporting']);
$config['memory_limit'] = $filter->validateInput($config['memory_limit']);
$config['wsdl_cache'] = $filter->validateInput($config['wsdl_cache'],'int');
$config['time_zone'] = $filter->validateInput($config['time_zone']);
// Do not change any of these settings directly, use env.ini instead
ini_set( 'display_errors', $config['display_errors']);
ini_set( 'error_reporting', $config['error_reporting']);
@@ -342,6 +337,7 @@ define ('WS_IN_LOGIN', isset($config['WS_IN_LOGIN']) ? $config['WS_IN_LOGIN'] :
define('LOAD_HEADERS_IE', $config['load_headers_ie']);
define('LEAVE_CASE_WARNING', $config['leave_case_warning']);
define('REDIRECT_TO_MOBILE', $config['redirect_to_mobile']);
define('DISABLE_PHP_UPLOAD_EXECUTION', $config['disable_php_upload_execution']);
// IIS Compatibility, SERVER_ADDR doesn't exist on that env, so we need to define it.
$_SERVER['SERVER_ADDR'] = isset( $_SERVER['SERVER_ADDR'] ) ? $_SERVER['SERVER_ADDR'] : $_SERVER['SERVER_NAME'];
@@ -515,7 +511,6 @@ if (defined( 'PATH_DATA' ) && file_exists( PATH_DATA )) {
$oServerConf = & serverConf::getSingleton();
}
$pathFile = PATH_THIRDPARTY . '/pear/PEAR.php';
$pathFile = $filter->validateInput($pathFile,'path');
require_once $pathFile;
//Bootstrap::LoadSystem( 'pmException' );
@@ -531,7 +526,6 @@ if (! defined( 'PATH_DATA' ) || ! file_exists( PATH_DATA )) {
//NewRelic Snippet - By JHL
transactionLog(PATH_CONTROLLERS.'installer.php');
$pathFile = PATH_CONTROLLERS . 'installer.php';
$pathFile = $filter->validateInput($pathFile,'path');
require_once ($pathFile);
$controller = 'Installer';
@@ -578,7 +572,6 @@ if ($oServerConf->isWSDisabled( SYS_TEMP )) {
if (defined( 'SYS_TEMP' ) && SYS_TEMP != '') {
//this is the default, the workspace db.php file is in /shared/workflow/sites/SYS_SYS
$pathFile = PATH_DB . SYS_TEMP . '/db.php';
$pathFile = $filter->validateInput($pathFile,'path');
if (file_exists( $pathFile )) {
require_once ($pathFile);
define( 'SYS_SYS', SYS_TEMP );
@@ -600,7 +593,6 @@ if (defined( 'SYS_TEMP' ) && SYS_TEMP != '') {
} else { //when we are in global pages, outside any valid workspace
if (SYS_TARGET === 'newSite') {
$phpFile = G::ExpandPath( 'methods' ) . SYS_COLLECTION . "/" . SYS_TARGET . '.php';
$phpFile = $filter->validateInput($phpFile,'path');
//NewRelic Snippet - By JHL
transactionLog($phpFile);
require_once ($phpFile);
@@ -608,12 +600,11 @@ if (defined( 'SYS_TEMP' ) && SYS_TEMP != '') {
} else {
if (SYS_TARGET == "dbInfo") { //Show dbInfo when no SYS_SYS
$pathFile = PATH_METHODS . "login/dbInfo.php";
$pathFile = $filter->validateInput($pathFile,'path');
require_once ($pathFile);
} else {
if (substr( SYS_SKIN, 0, 2 ) === 'ux' && SYS_TARGET != 'sysLoginVerify') { // new ux sysLogin - extjs based form
$pathFile = $filter->validateInput(PATH_CONTROLLERS . 'main.php','path');
$pathFile = PATH_CONTROLLERS . 'main.php';
require_once $pathFile;
$controllerClass = 'Main';
$controllerAction = SYS_TARGET == 'sysLoginVerify' ? SYS_TARGET : 'sysLogin';
@@ -625,7 +616,7 @@ if (defined( 'SYS_TEMP' ) && SYS_TEMP != '') {
$controller->call( $controllerAction );
}
} else { // classic sysLogin interface
$pathFile = $filter->validateInput(PATH_METHODS . "login/sysLogin.php",'path');
$pathFile = PATH_METHODS . "login/sysLogin.php";
require_once ($pathFile);
die();
}
@@ -710,9 +701,7 @@ if (defined( 'DEBUG_SQL_LOG' ) && DEBUG_SQL_LOG) {
//Set Time Zone
/*----------------------------------********---------------------------------*/
if (PMLicensedFeatures::getSingleton()->verifyfeature('oq3S29xemxEZXJpZEIzN01qenJUaStSekY4cTdJVm5vbWtVM0d4S2lJSS9qUT0=')) {
$_SESSION['__SYSTEM_UTC_TIME_ZONE__'] = (int)($config['system_utc_time_zone']) == 1;
}
$_SESSION['__SYSTEM_UTC_TIME_ZONE__'] = (int)($config['system_utc_time_zone']) == 1;
/*----------------------------------********---------------------------------*/
ini_set('date.timezone', (isset($_SESSION['__SYSTEM_UTC_TIME_ZONE__']) && $_SESSION['__SYSTEM_UTC_TIME_ZONE__'])? 'UTC' : $config['time_zone']); //Set Time Zone
@@ -737,7 +726,7 @@ ob_start();
// Rebuild the base Workflow translations if not exists
if (! is_file( PATH_LANGUAGECONT . 'translation.en' )) {
$pathFile = $filter->validateInput(PATH_CLASSES . "model" . PATH_SEP . "Translation.php", "path");
$pathFile = PATH_CLASSES . "model" . PATH_SEP . "Translation.php";
require_once ($pathFile);
@@ -747,7 +736,7 @@ if (! is_file( PATH_LANGUAGECONT . 'translation.en' )) {
// TODO: Verify if the language set into url is defined in translations env.
if (SYS_LANG != 'en' && ! is_file( PATH_LANGUAGECONT . 'translation.' . SYS_LANG )) {
$pathFile = $filter->validateInput(PATH_CLASSES . "model" . PATH_SEP . "Translation.php", "path");
$pathFile = PATH_CLASSES . "model" . PATH_SEP . "Translation.php";
require_once ($pathFile);
@@ -813,6 +802,17 @@ if (substr( SYS_COLLECTION, 0, 8 ) === 'gulliver') {
die();
}
Bootstrap::initVendors();
Bootstrap::LoadSystem( 'monologProvider' );
if (\Bootstrap::getDisablePhpUploadExecution() === 1) {
$message = \G::LoadTranslation('THE_PHP_FILES_EXECUTION_WAS_DISABLED');
\Bootstrap::registerMonologPhpUploadExecution('phpExecution', 550, $message, $phpFile);
echo $message;
die();
} else {
\Bootstrap::registerMonologPhpUploadExecution('phpExecution', 200, 'Php Execution', $phpFile);
}
$avoidChangedWorkspaceValidation = true;
$bWE = true;
//$phpFile = PATH_DATA_SITE . 'public' . PATH_SEP . SYS_COLLECTION . PATH_SEP . $auxPart[ count($auxPart)-1];
@@ -821,7 +821,7 @@ if (substr( SYS_COLLECTION, 0, 8 ) === 'gulliver') {
//erik: verify if it is a Controller Class or httpProxyController Class
if (is_file( PATH_CONTROLLERS . SYS_COLLECTION . '.php' )) {
Bootstrap::LoadSystem( 'controller' );
$pathFile = $filter->validateInput(PATH_CONTROLLERS . SYS_COLLECTION . '.php','path');
$pathFile = PATH_CONTROLLERS . SYS_COLLECTION . '.php';
require_once $pathFile;
$controllerClass = SYS_COLLECTION;
//if the method name is empty set default to index method
@@ -854,7 +854,6 @@ if (substr( SYS_COLLECTION, 0, 8 ) === 'gulliver') {
$pluginControllerPath = PATH_PLUGINS . $pluginName . PATH_SEP . 'controllers' . PATH_SEP;
$pathFile = $pluginControllerPath. $controllerClass . '.php';
$pathFile = $filter->validateInput($pathFile,'path');
if (is_file($pathFile)) {
require_once $pathFile;
} elseif (is_file($pluginControllerPath. ucfirst($controllerClass) . '.php')) {