diff --git a/.gitignore b/.gitignore index bb2664051..0c77f18af 100644 --- a/.gitignore +++ b/.gitignore @@ -20,7 +20,6 @@ workflow/public_html/index.html .DS_Store .idea composer.phar -composer.lock vendor/ workflow/engine/config/schema-transformed.xml workflow/engine/config/_databases_.php diff --git a/Jenkinsfile b/Jenkinsfile new file mode 100644 index 000000000..7d9279ade --- /dev/null +++ b/Jenkinsfile @@ -0,0 +1,95 @@ +#!groovy +node { + /** + * Branch should be in gitflow format. If not, then we'll abort. + */ + if(!env.BRANCH_NAME.matches(/(feature|hotfix|bugfix|release)\/.+/) && !env.BRANCH_NAME.matches(/^PR-.*$/)) { + hipchatSend message: "${env.BRANCH_NAME} Build: Does not match gitflow naming. Aborted", room: 'engineering' + error "Job does not follow gitflow naming format." + } + // Parse out our short name and potential jira ticket. Null if not associated. If null, then for now we won't notify + // on jira ticket + def jiraTicket = env.BRANCH_NAME.find(/HOR-\d+/) + + def shortname = env.BRANCH_NAME.replace('/', '-').replace('.', '-').toLowerCase() + def dbSuffix = shortname.replace('-', '') + + echo "Building for ${env.BRANCH_NAME}" + + // Checkout source + checkout scm + + try { + stage('Start Notification') { + if(jiraTicket) { + jiraComment issueKey: jiraTicket, body: "Build ${env.BUILD_NUMBER} Starting.\nTicket will be updated once build is completed.\n\n${env.BUILD_URL}" + } + hipchatSend message: "${env.BRANCH_NAME} Build: ${env.BUILD_NUMBER} Starting.\n${env.BUILD_URL}", room: 'engineering' + } + + stage('Dependencies') { + echo "Running Composer" + sh 'composer install' + echo "Running rake" + sh 'rake' + } + + stage('Generate QA MySQL Databases') { + withCredentials([string(credentialsId: 'qa-rds-hostname', variable: 'rdsHostname'), usernamePassword(credentialsId: 'qa-rds-credentials', passwordVariable: 'rdsPassword', usernameVariable: 'rdsUsername')]) { + echo 'Dropping existing database and recreating.' + sh "mysql -h ${rdsHostname} -u ${rdsUsername} -p${rdsPassword} -e 'drop database if exists qa205${dbSuffix}; create database qa205${dbSuffix}'" + sh "mysql -h ${rdsHostname} -u ${rdsUsername} -p${rdsPassword} -e 'drop database if exists qa300${dbSuffix}; create database qa300${dbSuffix}'" + } + } + + stage('Publish to QA-205') { + sshagent(['processmaker-deploy']) { + echo 'Dropping existing files and recreating' + sh "ssh processmaker@build-qa205.processmaker.net 'rm -Rf /home/processmaker/${shortname}'" + sh "scp -r ./ processmaker@build-qa205.processmaker.net:~/${shortname}" + echo 'Creating necessary directories' + sh "ssh processmaker@build-qa205.processmaker.net 'mkdir -p /home/processmaker/${shortname}/workflow/engine/js/labels'" + sh "ssh processmaker@build-qa205.processmaker.net 'mkdir -p /home/processmaker/${shortname}/workflow/public_html/translations'" + } + } + + stage('Publish to QA-300') { + sshagent(['processmaker-deploy']) { + echo 'Dropping existing files and recreating' + sh "ssh processmaker@build-qa300.processmaker.net 'rm -Rf /home/processmaker/${shortname}'" + sh "scp -r ./ processmaker@build-qa300.processmaker.net:~/${shortname}" + echo 'Creating necessary directories' + sh "ssh processmaker@build-qa300.processmaker.net 'mkdir -p /home/processmaker/${shortname}/workflow/engine/js/labels'" + sh "ssh processmaker@build-qa300.processmaker.net 'mkdir -p /home/processmaker/${shortname}/workflow/public_html/translations'" + } + } + + stage('Success Notification') { + withCredentials([string(credentialsId: 'qa-rds-hostname', variable: 'rdsHostname'), usernamePassword(credentialsId: 'qa-rds-credentials', passwordVariable: 'rdsPassword', usernameVariable: 'rdsUsername')]) { + if(jiraTicket) { + jiraComment issueKey: jiraTicket, body: "" + + "Build ${env.BUILD_NUMBER} Completed.\n" + + "5.6 Build: https://${shortname}.qa205.processmaker.net\n" + + "Database Host: ${rdsHostname}\n" + + "Username: ${rdsUsername}\n" + + "Password: ${rdsPassword}\n" + + "Database: qa205${dbSuffix}\n\n" + + "7.0 Build: https://${shortname}.qa300.processmaker.net\n" + + "Database Host: ${rdsHostname}\n" + + "Username: ${rdsUsername}\n" + + "Password: ${rdsPassword}\n" + + "Database: qa300${dbSuffix}\n\n" + + "${env.BUILD_URL}" + } + hipchatSend room: 'engineering', message: "" + + "${env.BRANCH_NAME} Build: ${env.BUILD_NUMBER} Completed.\n" + + "${env.BUILD_URL}" + } + } + } catch(error) { + if(jiraTicket) { + jiraComment issueKey: jiraTicket, body: "Build ${env.BUILD_NUMBER} Failed: ${error}\n\n${env.BUILD_URL}" + } + hipchatSend message: "${env.BRANCH_NAME} Build: ${env.BUILD_NUMBER} Failed: ${error}\n${env.BUILD_URL}", room: 'engineering' + } +} \ No newline at end of file diff --git a/composer.lock b/composer.lock index 66c0b5002..492e7640e 100644 --- a/composer.lock +++ b/composer.lock @@ -4,8 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", "This file is @generated automatically" ], - "hash": "e94e04e50eb74bdfd3dfedcb1af4e6d0", - "content-hash": "f0b89bffcea74fc73605464d3f0ca520", + "content-hash": "da8938c847b4f778aa2acc95daaeb38c", "packages": [ { "name": "bshaffer/oauth2-server-php", @@ -48,7 +47,7 @@ "oauth", "oauth2" ], - "time": "2013-08-12 16:35:58" + "time": "2013-08-12T16:35:58+00:00" }, { "name": "colosa/MichelangeloFE", @@ -56,7 +55,7 @@ "source": { "type": "git", "url": "git@bitbucket.org:colosa/michelangelofe.git", - "reference": "7e889f23a7e8397c052a4d9ae6331334b57c9d48" + "reference": "733277aef23c643b094c123043c3dbee975997a4" }, "require": { "colosa/pmui": "release/3.2-dev" @@ -67,7 +66,7 @@ "keywords": [ "js app ProcessMaker" ], - "time": "2016-03-09 20:18:44" + "time": "2017-01-30 20:34:14" }, { "name": "colosa/pmDynaform", @@ -75,7 +74,7 @@ "source": { "type": "git", "url": "git@bitbucket.org:colosa/pmdynaform.git", - "reference": "c2008027bd721ac42e4a7d98cc773f82ac25921e" + "reference": "efb60f8f989ee83f91459f82810f90d8ef7a6d64" }, "type": "library", "description": "JS Library to render ProcessMaker Dynaforms", @@ -83,7 +82,7 @@ "keywords": [ "js lib ProcessMaker Dynaforms" ], - "time": "2016-03-15 17:46:33" + "time": "2017-02-09 17:03:07" }, { "name": "colosa/pmUI", @@ -91,7 +90,7 @@ "source": { "type": "git", "url": "git@bitbucket.org:colosa/pmui.git", - "reference": "851ee86a1006df111ee8b281bf2b033cdbcc6f0b" + "reference": "462ab5f45a4cce1ca9920fcb854255f10abea1e1" }, "type": "library", "description": "JS UI Library", @@ -99,20 +98,20 @@ "keywords": [ "js lib ProcessMaker UI" ], - "time": "2016-02-26 21:41:50" + "time": "2017-01-30 20:34:06" }, { "name": "dapphp/securimage", - "version": "3.6.4", + "version": "3.6.5", "source": { "type": "git", "url": "https://github.com/dapphp/securimage.git", - "reference": "2ed50264ae5541fec8d8c79e4c9b6235a7cfd506" + "reference": "3f5a84fd80b1a35d58332896c944142713a7e802" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/dapphp/securimage/zipball/2ed50264ae5541fec8d8c79e4c9b6235a7cfd506", - "reference": "2ed50264ae5541fec8d8c79e4c9b6235a7cfd506", + "url": "https://api.github.com/repos/dapphp/securimage/zipball/3f5a84fd80b1a35d58332896c944142713a7e802", + "reference": "3f5a84fd80b1a35d58332896c944142713a7e802", "shasum": "" }, "require": { @@ -130,7 +129,7 @@ "securimage.php" ] }, - "notification-url": "http://packagist.org/downloads/", + "notification-url": "https://packagist.org/downloads/", "license": [ "BSD" ], @@ -146,7 +145,7 @@ "captcha", "security" ], - "time": "2016-03-04 21:08:00" + "time": "2016-12-04T17:45:57+00:00" }, { "name": "google/apiclient", @@ -189,7 +188,7 @@ "keywords": [ "google" ], - "time": "2015-10-16 22:11:08" + "time": "2015-10-16T22:11:08+00:00" }, { "name": "luracast/restler", @@ -197,12 +196,12 @@ "source": { "type": "git", "url": "https://github.com/Luracast/Restler.git", - "reference": "1dcf910c1e1fd1ea565a537b053a66971d818e42" + "reference": "581d8d6dc5d37f439765f89725a92f85e98f1826" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/Luracast/Restler/zipball/1dcf910c1e1fd1ea565a537b053a66971d818e42", - "reference": "1dcf910c1e1fd1ea565a537b053a66971d818e42", + "url": "https://api.github.com/repos/Luracast/Restler/zipball/581d8d6dc5d37f439765f89725a92f85e98f1826", + "reference": "581d8d6dc5d37f439765f89725a92f85e98f1826", "shasum": "" }, "require": { @@ -268,7 +267,7 @@ "rest", "server" ], - "time": "2015-08-04 07:52:49" + "time": "2015-08-04T07:52:49+00:00" }, { "name": "monolog/monolog", @@ -346,7 +345,7 @@ "logging", "psr-3" ], - "time": "2016-04-12 18:29:35" + "time": "2016-04-12T18:29:35+00:00" }, { "name": "psr/log", @@ -384,7 +383,7 @@ "psr", "psr-3" ], - "time": "2012-12-21 11:40:51" + "time": "2012-12-21T11:40:51+00:00" } ], "packages-dev": [ @@ -453,7 +452,7 @@ "Behat", "Symfony2" ], - "time": "2013-06-06 10:46:48" + "time": "2013-06-06T10:46:48+00:00" }, { "name": "behat/gherkin", @@ -514,7 +513,7 @@ "Symfony2", "parser" ], - "time": "2013-03-02 10:38:40" + "time": "2013-03-02T10:38:40+00:00" }, { "name": "guzzle/guzzle", @@ -571,7 +570,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-master": "release/3.2-dev" + "dev-master": "3.1-dev" } }, "autoload": { @@ -607,26 +606,29 @@ "web service" ], "abandoned": "guzzlehttp/guzzle", - "time": "2013-01-28 00:07:40" + "time": "2013-01-28T00:07:40+00:00" }, { "name": "symfony/config", - "version": "v2.8.9", + "version": "v2.8.17", "source": { "type": "git", "url": "https://github.com/symfony/config.git", - "reference": "4275ef5b59f18959df0eee3991e9ca0cc208ffd4" + "reference": "747fa191136cf798409183c501435aa4c16184df" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/config/zipball/4275ef5b59f18959df0eee3991e9ca0cc208ffd4", - "reference": "4275ef5b59f18959df0eee3991e9ca0cc208ffd4", + "url": "https://api.github.com/repos/symfony/config/zipball/747fa191136cf798409183c501435aa4c16184df", + "reference": "747fa191136cf798409183c501435aa4c16184df", "shasum": "" }, "require": { "php": ">=5.3.9", "symfony/filesystem": "~2.3|~3.0.0" }, + "require-dev": { + "symfony/yaml": "~2.7|~3.0.0" + }, "suggest": { "symfony/yaml": "To use the yaml reference dumper" }, @@ -660,24 +662,25 @@ ], "description": "Symfony Config Component", "homepage": "https://symfony.com", - "time": "2016-07-26 08:02:44" + "time": "2017-02-05T10:11:19+00:00" }, { "name": "symfony/console", - "version": "v2.8.9", + "version": "v2.8.17", "source": { "type": "git", "url": "https://github.com/symfony/console.git", - "reference": "36e62335caca8a6e909c5c5bac4a8128149911c9" + "reference": "f3c234cd8db9f7e520a91d695db7d8bb5daeb7a4" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/console/zipball/36e62335caca8a6e909c5c5bac4a8128149911c9", - "reference": "36e62335caca8a6e909c5c5bac4a8128149911c9", + "url": "https://api.github.com/repos/symfony/console/zipball/f3c234cd8db9f7e520a91d695db7d8bb5daeb7a4", + "reference": "f3c234cd8db9f7e520a91d695db7d8bb5daeb7a4", "shasum": "" }, "require": { "php": ">=5.3.9", + "symfony/debug": "~2.7,>=2.7.2|~3.0.0", "symfony/polyfill-mbstring": "~1.0" }, "require-dev": { @@ -720,20 +723,77 @@ ], "description": "Symfony Console Component", "homepage": "https://symfony.com", - "time": "2016-07-30 07:20:35" + "time": "2017-02-06T12:04:06+00:00" }, { - "name": "symfony/dependency-injection", - "version": "v2.8.9", + "name": "symfony/debug", + "version": "v3.0.9", "source": { "type": "git", - "url": "https://github.com/symfony/dependency-injection.git", - "reference": "f2b5a00d176f6a201dc430375c0ef37706ea3d12" + "url": "https://github.com/symfony/debug.git", + "reference": "697c527acd9ea1b2d3efac34d9806bf255278b0a" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/dependency-injection/zipball/f2b5a00d176f6a201dc430375c0ef37706ea3d12", - "reference": "f2b5a00d176f6a201dc430375c0ef37706ea3d12", + "url": "https://api.github.com/repos/symfony/debug/zipball/697c527acd9ea1b2d3efac34d9806bf255278b0a", + "reference": "697c527acd9ea1b2d3efac34d9806bf255278b0a", + "shasum": "" + }, + "require": { + "php": ">=5.5.9", + "psr/log": "~1.0" + }, + "conflict": { + "symfony/http-kernel": ">=2.3,<2.3.24|~2.4.0|>=2.5,<2.5.9|>=2.6,<2.6.2" + }, + "require-dev": { + "symfony/class-loader": "~2.8|~3.0", + "symfony/http-kernel": "~2.8|~3.0" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "3.0-dev" + } + }, + "autoload": { + "psr-4": { + "Symfony\\Component\\Debug\\": "" + }, + "exclude-from-classmap": [ + "/Tests/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Fabien Potencier", + "email": "fabien@symfony.com" + }, + { + "name": "Symfony Community", + "homepage": "https://symfony.com/contributors" + } + ], + "description": "Symfony Debug Component", + "homepage": "https://symfony.com", + "time": "2016-07-30T07:22:48+00:00" + }, + { + "name": "symfony/dependency-injection", + "version": "v2.8.17", + "source": { + "type": "git", + "url": "https://github.com/symfony/dependency-injection.git", + "reference": "1dfbf6a9e30113a9c4e482ab056e969c70c37a19" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/symfony/dependency-injection/zipball/1dfbf6a9e30113a9c4e482ab056e969c70c37a19", + "reference": "1dfbf6a9e30113a9c4e482ab056e969c70c37a19", "shasum": "" }, "require": { @@ -783,20 +843,20 @@ ], "description": "Symfony DependencyInjection Component", "homepage": "https://symfony.com", - "time": "2016-07-30 07:20:35" + "time": "2017-01-27T23:54:58+00:00" }, { "name": "symfony/event-dispatcher", - "version": "v2.8.9", + "version": "v2.8.17", "source": { "type": "git", "url": "https://github.com/symfony/event-dispatcher.git", - "reference": "889983a79a043dfda68f38c38b6dba092dd49cd8" + "reference": "74877977f90fb9c3e46378d5764217c55f32df34" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/event-dispatcher/zipball/889983a79a043dfda68f38c38b6dba092dd49cd8", - "reference": "889983a79a043dfda68f38c38b6dba092dd49cd8", + "url": "https://api.github.com/repos/symfony/event-dispatcher/zipball/74877977f90fb9c3e46378d5764217c55f32df34", + "reference": "74877977f90fb9c3e46378d5764217c55f32df34", "shasum": "" }, "require": { @@ -843,7 +903,7 @@ ], "description": "Symfony EventDispatcher Component", "homepage": "https://symfony.com", - "time": "2016-07-28 16:56:28" + "time": "2017-01-02T20:30:24+00:00" }, { "name": "symfony/filesystem", @@ -892,7 +952,7 @@ ], "description": "Symfony Filesystem Component", "homepage": "https://symfony.com", - "time": "2016-07-20 05:43:46" + "time": "2016-07-20T05:43:46+00:00" }, { "name": "symfony/finder", @@ -942,20 +1002,20 @@ ], "description": "Symfony Finder Component", "homepage": "https://symfony.com", - "time": "2016-05-13 14:58:35" + "time": "2016-05-13T14:58:35+00:00" }, { "name": "symfony/polyfill-mbstring", - "version": "v1.2.0", + "version": "v1.3.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-mbstring.git", - "reference": "dff51f72b0706335131b00a7f49606168c582594" + "reference": "e79d363049d1c2128f133a2667e4f4190904f7f4" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/dff51f72b0706335131b00a7f49606168c582594", - "reference": "dff51f72b0706335131b00a7f49606168c582594", + "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/e79d363049d1c2128f133a2667e4f4190904f7f4", + "reference": "e79d363049d1c2128f133a2667e4f4190904f7f4", "shasum": "" }, "require": { @@ -967,7 +1027,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-master": "1.2-dev" + "dev-master": "1.3-dev" } }, "autoload": { @@ -978,7 +1038,7 @@ "bootstrap.php" ] }, - "notification-url": "http://packagist.org/downloads/", + "notification-url": "https://packagist.org/downloads/", "license": [ "MIT" ], @@ -1001,20 +1061,20 @@ "portable", "shim" ], - "time": "2016-05-18 14:26:46" + "time": "2016-11-14T01:06:16+00:00" }, { "name": "symfony/translation", - "version": "v2.8.9", + "version": "v2.8.17", "source": { "type": "git", "url": "https://github.com/symfony/translation.git", - "reference": "32b0c824da6df065f43b0c458dc505940e98a7f1" + "reference": "c281ac2b484210bb95106bdb8ae8356e63277725" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/translation/zipball/32b0c824da6df065f43b0c458dc505940e98a7f1", - "reference": "32b0c824da6df065f43b0c458dc505940e98a7f1", + "url": "https://api.github.com/repos/symfony/translation/zipball/c281ac2b484210bb95106bdb8ae8356e63277725", + "reference": "c281ac2b484210bb95106bdb8ae8356e63277725", "shasum": "" }, "require": { @@ -1065,20 +1125,20 @@ ], "description": "Symfony Translation Component", "homepage": "https://symfony.com", - "time": "2016-07-30 07:20:35" + "time": "2017-01-21T16:59:38+00:00" }, { "name": "symfony/yaml", - "version": "v2.8.9", + "version": "v2.8.17", "source": { "type": "git", "url": "https://github.com/symfony/yaml.git", - "reference": "0ceab136f43ed9d3e97b3eea32a7855dc50c121d" + "reference": "322a8c2dfbca15ad6b1b27e182899f98ec0e0153" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/yaml/zipball/0ceab136f43ed9d3e97b3eea32a7855dc50c121d", - "reference": "0ceab136f43ed9d3e97b3eea32a7855dc50c121d", + "url": "https://api.github.com/repos/symfony/yaml/zipball/322a8c2dfbca15ad6b1b27e182899f98ec0e0153", + "reference": "322a8c2dfbca15ad6b1b27e182899f98ec0e0153", "shasum": "" }, "require": { @@ -1114,7 +1174,7 @@ ], "description": "Symfony Yaml Component", "homepage": "https://symfony.com", - "time": "2016-07-17 09:06:15" + "time": "2017-01-21T16:40:50+00:00" } ], "aliases": [], diff --git a/framework/src/Maveriks/WebApplication.php b/framework/src/Maveriks/WebApplication.php index e4f26c85f..21c9473e1 100644 --- a/framework/src/Maveriks/WebApplication.php +++ b/framework/src/Maveriks/WebApplication.php @@ -533,6 +533,7 @@ class WebApplication define("PATH_DYNAFORM", PATH_DATA_SITE . "xmlForms/"); define("PATH_IMAGES_ENVIRONMENT_FILES", PATH_DATA_SITE . "usersFiles" . PATH_SEP); define("PATH_IMAGES_ENVIRONMENT_USERS", PATH_DATA_SITE . "usersPhotographies" . PATH_SEP); + define('DISABLE_PHP_UPLOAD_EXECUTION', $arraySystemConfiguration['disable_php_upload_execution']); /** * Global definitions, before it was the defines.php file diff --git a/gulliver/system/class.bootstrap.php b/gulliver/system/class.bootstrap.php index ce6c4b9d1..bbf34e800 100644 --- a/gulliver/system/class.bootstrap.php +++ b/gulliver/system/class.bootstrap.php @@ -2964,5 +2964,40 @@ class Bootstrap ); return $aContext; } + + /** + * get DISABLE_PHP_UPLOAD_EXECUTION value defined in env.ini + * @return int + */ + public static function getDisablePhpUploadExecution() + { + $disablePhpUploadExecution = 0; + if (defined("DISABLE_PHP_UPLOAD_EXECUTION")) { + $disablePhpUploadExecution = (int) DISABLE_PHP_UPLOAD_EXECUTION; + } + return $disablePhpUploadExecution; + } + + /** + * Record the action of executing a php file or attempting to upload a php + * file in server. + * @param type $channel + * @param type $level + * @param type $message + * @param type $fileName + */ + public static function registerMonologPhpUploadExecution($channel, $level, $message, $fileName) + { + $context = \Bootstrap::getDefaultContextLog(); + $context['action'] = $channel; + $context['filename'] = $fileName; + if (defined("SYS_CURRENT_URI") && defined("SYS_CURRENT_PARMS")) { + $context['url'] = SYS_CURRENT_URI . '?' . SYS_CURRENT_PARMS; + } + $context['usrUid'] = isset($_SESSION['USER_LOGGED']) ? $_SESSION['USER_LOGGED'] : ''; + $sysSys = defined("SYS_SYS") ? SYS_SYS : "Undefined"; + \Bootstrap::registerMonolog($channel, $level, $message, $context, $sysSys, 'processmaker.log'); + } + } diff --git a/gulliver/system/class.g.php b/gulliver/system/class.g.php index d205e663e..ac2aa3f27 100644 --- a/gulliver/system/class.g.php +++ b/gulliver/system/class.g.php @@ -45,19 +45,16 @@ class G /** * is_https - * @return void - */ + * @return bool + */ public static function is_https() { - if (isset($_SERVER['HTTPS'])) { - if ($_SERVER['HTTPS']=='on') { - return true; - } else { - return false; - } - } else { - return false; + $is_http = false; + if ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on') || + (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')) { + $is_http = true; } + return $is_http; } /** @@ -1232,8 +1229,10 @@ class G case 'txt': G::sendHeaders( $filename, 'text/html', $download, $downloadFileName ); break; - case 'doc': case 'pdf': + G::sendHeaders( $filename, 'application/pdf', $download, $downloadFileName ); + break; + case 'doc': case 'pm': case 'po': G::sendHeaders( $filename, 'application/octet-stream', $download, $downloadFileName ); @@ -1242,7 +1241,14 @@ class G if ($download) { G::sendHeaders( $filename, 'text/plain', $download, $downloadFileName ); } else { - require_once ($filename); + if (\Bootstrap::getDisablePhpUploadExecution() === 0) { + \Bootstrap::registerMonologPhpUploadExecution('phpExecution', 200, 'Php Execution', $filename); + require_once ($filename); + } else { + $message = G::LoadTranslation('THE_PHP_FILES_EXECUTION_WAS_DISABLED'); + \Bootstrap::registerMonologPhpUploadExecution('phpExecution', 550, $message, $filename); + echo $message; + } return; } break; @@ -1283,12 +1289,14 @@ class G { if ($download) { if ($downloadFileName == '') { - $aAux = explode( '/', $filename ); - $downloadFileName = $aAux[count( $aAux ) - 1]; + $aAux = explode('/', $filename); + $downloadFileName = $aAux[count($aAux) - 1]; } - header( 'Content-Disposition: attachment; filename="' . $downloadFileName . '"' ); + header('Content-Disposition: attachment; filename="' . $downloadFileName . '"'); + } else { + header('Content-Disposition: inline; filename="' . $downloadFileName . '"'); } - header( 'Content-Type: ' . $contentType ); + header('Content-Type: ' . $contentType); //if userAgent (BROWSER) is MSIE we need special headers to avoid MSIE behaivor. $userAgent = strtolower( $_SERVER['HTTP_USER_AGENT'] ); @@ -5538,16 +5546,24 @@ class G $res->status = false; $allowedTypes = array_map('G::getRealExtension', explode(',', $InpDocAllowedFiles)); + // Get the file extension + $aux = pathinfo($fileName); + $fileExtension = isset($aux['extension']) ? strtolower($aux['extension']) : ''; + + if (\Bootstrap::getDisablePhpUploadExecution() === 1 && $fileExtension === 'php') { + $message = \G::LoadTranslation('THE_UPLOAD_OF_PHP_FILES_WAS_DISABLED'); + \Bootstrap::registerMonologPhpUploadExecution('phpUpload', 550, $message, $fileName); + $res->status = false; + $res->message = $message; + return $res; + } + // If required extension is *.* don't validate if (in_array('*', $allowedTypes)) { $res->status = true; return $res; } - // Get the file extension - $aux = pathinfo($fileName); - $fileExtension = isset($aux['extension']) ? strtolower($aux['extension']) : ''; - // If no valid extension finish (unnecesary check file content) $validExtension = in_array($fileExtension, $allowedTypes); if (!$validExtension) { diff --git a/pmos.conf.example b/pmos.conf.example index 5c0fac310..a592ed0bc 100644 --- a/pmos.conf.example +++ b/pmos.conf.example @@ -6,7 +6,7 @@ Options Indexes FollowSymLinks MultiViews - AllowOverride None + AllowOverride All Order allow,deny Allow from all Require all granted diff --git a/workflow/engine/classes/class.case.php b/workflow/engine/classes/class.case.php index 12d71ffdc..12ddfc7f8 100644 --- a/workflow/engine/classes/class.case.php +++ b/workflow/engine/classes/class.case.php @@ -4433,6 +4433,11 @@ class Cases /*----------------------------------********---------------------------------*/ $this->getExecuteTriggerProcess($sApplicationUID, 'REASSIGNED'); + + //Delete record of the table LIST_UNASSIGNED + $unassigned = new ListUnassigned(); + $unassigned->remove($sApplicationUID, $iDelegation); + return true; } @@ -5225,7 +5230,7 @@ class Cases $dataLastEmail['configuration'] = $aConfiguration; $dataLastEmail['subject'] = $sSubject; $dataLastEmail['pathEmail'] = $pathEmail; - $dataLastEmail['swtplDeafault'] = $swtplDefault; + $dataLastEmail['swtplDefault'] = $swtplDefault; $dataLastEmail['body'] = $sBody; $dataLastEmail['from'] = $from; break; @@ -5293,7 +5298,7 @@ class Cases $dataLastEmail['configuration'] = $aConfiguration; $dataLastEmail['subject'] = $sSubject; $dataLastEmail['pathEmail'] = $pathEmail; - $dataLastEmail['swtplDeafault'] = $swtplDefault; + $dataLastEmail['swtplDefault'] = $swtplDefault; $dataLastEmail['body'] = $sBody; $dataLastEmail['from'] = $from; break; diff --git a/workflow/engine/classes/class.derivation.php b/workflow/engine/classes/class.derivation.php index 49791a13e..9b6975e59 100644 --- a/workflow/engine/classes/class.derivation.php +++ b/workflow/engine/classes/class.derivation.php @@ -1211,6 +1211,19 @@ class Derivation $this->case->closeAppThread( $currentDelegation['APP_UID'], $iAppThreadIndex ); break; default: + if ($nextDel['ROU_PREVIOUS_TYPE'] == 'SEC-JOIN') { + $criteria = new Criteria('workflow'); + $criteria->clearSelectColumns(); + $criteria->addSelectColumn(AppThreadPeer::APP_THREAD_PARENT); + $criteria->add(AppThreadPeer::APP_UID, $appFields['APP_UID']); + $criteria->add(AppThreadPeer::APP_THREAD_STATUS, 'OPEN'); + $criteria->add(AppThreadPeer::APP_THREAD_INDEX, $iAppThreadIndex); + $rsCriteria = AppThreadPeer::doSelectRS($criteria); + $rsCriteria->setFetchmode(ResultSet::FETCHMODE_ASSOC); + if ($rsCriteria->next()) { + $this->case->closeAppThread($currentDelegation['APP_UID'], $iAppThreadIndex); + } + } if ($currentDelegation['TAS_ASSIGN_TYPE'] == 'STATIC_MI' || $currentDelegation['TAS_ASSIGN_TYPE'] == 'CANCEL_MI') { $this->case->closeAppThread( $currentDelegation['APP_UID'], $iAppThreadIndex ); } diff --git a/workflow/engine/classes/class.pmDynaform.php b/workflow/engine/classes/class.pmDynaform.php index 125166c24..09413f3bb 100644 --- a/workflow/engine/classes/class.pmDynaform.php +++ b/workflow/engine/classes/class.pmDynaform.php @@ -27,6 +27,7 @@ class pmDynaform private $context = array(); private $dataSources = null; private $databaseProviders = null; + private $propertiesToExclude = array(); public function __construct($fields = array()) { @@ -37,6 +38,7 @@ class pmDynaform $this->serverConf = &serverConf::getSingleton(); $this->isRTL = ($this->serverConf->isRtl(SYS_LANG)) ? 'true' : 'false'; $this->fields = $fields; + $this->propertiesToExclude = array('dataVariable'); $this->getDynaform(); $this->getDynaforms(); $this->synchronizeSubDynaform(); @@ -196,11 +198,13 @@ class pmDynaform if (is_string($value) && in_array(substr($value, 0, 2), $prefixs)) { $triggerValue = substr($value, 2); if (isset($this->fields["APP_DATA"][$triggerValue])) { - if ($key !== "dataVariable") { + if (!in_array($key, $this->propertiesToExclude)) { $json->{$key} = $this->fields["APP_DATA"][$triggerValue]; } } else { - $json->{$key} = ""; + if (!in_array($key, $this->propertiesToExclude)) { + $json->{$key} = ""; + } } } //set properties from 'formInstance' variable @@ -1909,6 +1913,12 @@ class pmDynaform if ($validatorClass !== null) { $validatorClass->validatePost($post); } + //Clears the data in the appData for grids + if (array_key_exists($json->id, $this->fields) && $json->type === 'grid' && + !array_key_exists($json->id, $post) + ) { + $post[$json->variable] = array(array()); + } } }; $json = G::json_decode($this->record["DYN_CONTENT"]); diff --git a/workflow/engine/classes/class.pmFunctions.php b/workflow/engine/classes/class.pmFunctions.php index e76f3ce0c..f3cfb01a4 100644 --- a/workflow/engine/classes/class.pmFunctions.php +++ b/workflow/engine/classes/class.pmFunctions.php @@ -527,13 +527,27 @@ function WSLogin ($user, $pass, $endpoint = "") function WSOpen ($force = false) { if (isset( $_SESSION["WS_SESSION_ID"] ) || $force) { + $optionsHeaders = array( + "cache_wsdl" => WSDL_CACHE_NONE, + "soap_version" => SOAP_1_1, + "trace" => 1, + "stream_context" => stream_context_create( + array( + 'ssl' => array( + 'verify_peer' => 0, + 'verify_peer_name' => 0 + ) + ) + ) + ); + if (! isset( $_SESSION["WS_END_POINT"] )) { - $defaultEndpoint = "http://" . $_SERVER["SERVER_NAME"] . ":" . $_SERVER["SERVER_PORT"] . "/sys" . SYS_SYS . "/en/classic/services/wsdl2"; + $defaultEndpoint = $_SERVER["REQUEST_SCHEME"] . "://" . $_SERVER["SERVER_NAME"] . ":" . $_SERVER["SERVER_PORT"] . "/sys" . SYS_SYS . "/en/classic/services/wsdl2"; } $endpoint = isset( $_SESSION["WS_END_POINT"] ) ? $_SESSION["WS_END_POINT"] : $defaultEndpoint; - $client = new SoapClient( $endpoint ); + $client = new SoapClient( $endpoint, $optionsHeaders); return $client; } else { diff --git a/workflow/engine/classes/class.system.php b/workflow/engine/classes/class.system.php index beaa5196c..973c5642e 100644 --- a/workflow/engine/classes/class.system.php +++ b/workflow/engine/classes/class.system.php @@ -78,7 +78,8 @@ class System 'leave_case_warning' => 0, 'server_hostname_requests_frontend' => '', 'load_headers_ie' => 0, - 'redirect_to_mobile' => 0 + 'redirect_to_mobile' => 0, + 'disable_php_upload_execution' => 0 ); /** diff --git a/workflow/engine/classes/model/AppDelegation.php b/workflow/engine/classes/model/AppDelegation.php index 7feeaa1df..abb930c01 100644 --- a/workflow/engine/classes/model/AppDelegation.php +++ b/workflow/engine/classes/model/AppDelegation.php @@ -442,6 +442,7 @@ class AppDelegation extends BaseAppDelegation //Get Task properties $task = TaskPeer::retrieveByPK( $this->getTasUid() ); + $aData = array(); $aData['TAS_UID'] = $this->getTasUid(); //Added to allow User defined Timing Control at Run time from Derivation screen if (isset( $sNextTasParam['NEXT_TASK']['TAS_TRANSFER_HIDDEN_FLY'] ) && $sNextTasParam['NEXT_TASK']['TAS_TRANSFER_HIDDEN_FLY'] == 'true') { @@ -471,7 +472,7 @@ class AppDelegation extends BaseAppDelegation //Calendar - Use the dates class to calculate dates $calendar = new calendar(); - $arrayCalendarData = array(); + $arrayCalendarData = $calendar->getCalendarData($aCalendarUID); if ($calendar->pmCalendarUid == "") { $calendar->getCalendar(null, $this->getProUid(), $this->getTasUid()); @@ -480,11 +481,11 @@ class AppDelegation extends BaseAppDelegation } //Due date - /*$iDueDate = $calendar->calculateDate( $this->getDelDelegateDate(), $aData['TAS_DURATION'], $aData['TAS_TIMEUNIT'] //hours or days, ( we only accept this two types or maybe weeks - );*/ - $dueDate = $calendar->dashCalculateDate($this->getDelDelegateDate(), $aData["TAS_DURATION"], $aData["TAS_TIMEUNIT"], $arrayCalendarData); + $initDate = $this->getDelDelegateDate(); + $timeZone = \ProcessMaker\Util\DateTime::convertUtcToTimeZone($initDate); + $dueDate = $calendar->dashCalculateDate($timeZone, $aData["TAS_DURATION"], $aData["TAS_TIMEUNIT"], $arrayCalendarData); - //Return + $dueDate = \ProcessMaker\Util\DateTime::convertDataToUtc($dueDate); return $dueDate; } diff --git a/workflow/engine/content/translations/english/processmaker.en.po b/workflow/engine/content/translations/english/processmaker.en.po index 1872d7e25..3348bc83e 100644 --- a/workflow/engine/content/translations/english/processmaker.en.po +++ b/workflow/engine/content/translations/english/processmaker.en.po @@ -27419,6 +27419,18 @@ msgstr "External Registration" msgid "Filter By" msgstr "Filter By" +# TRANSLATION +# LABEL/THE_UPLOAD_OF_PHP_FILES_WAS_DISABLED +#: LABEL/THE_UPLOAD_OF_PHP_FILES_WAS_DISABLED +msgid "The upload of PHP files was disabled please contact the system administrator." +msgstr "The upload of PHP files was disabled please contact the system administrator." + +# TRANSLATION +# LABEL/THE_PHP_FILES_EXECUTION_WAS_DISABLED +#: LABEL/THE_PHP_FILES_EXECUTION_WAS_DISABLED +msgid "The PHP files execution was disabled please contact the system administrator." +msgstr "The PHP files execution was disabled please contact the system administrator." + # TRANSLATION # LABEL/ID_MAFE_cae0206c31eaa305dd0e847330c5e837 #: LABEL/ID_MAFE_cae0206c31eaa305dd0e847330c5e837 diff --git a/workflow/engine/methods/appFolder/appFolderAjax.php b/workflow/engine/methods/appFolder/appFolderAjax.php index 72926ee81..f1c7f68d7 100644 --- a/workflow/engine/methods/appFolder/appFolderAjax.php +++ b/workflow/engine/methods/appFolder/appFolderAjax.php @@ -1534,6 +1534,18 @@ function uploadExternalDocument() //Read. Instance Document classes if (!empty($quequeUpload)) { + foreach ($quequeUpload as $key => $fileObj) { + $extension = pathinfo($fileObj['fileName'], PATHINFO_EXTENSION); + if (\Bootstrap::getDisablePhpUploadExecution() === 1 && $extension === 'php') { + $message = \G::LoadTranslation('THE_UPLOAD_OF_PHP_FILES_WAS_DISABLED'); + \Bootstrap::registerMonologPhpUploadExecution('phpUpload', 550, $message, $fileObj['fileName']); + $response['error'] = $message; + $response['message'] = $message; + $response['success'] = false; + print_r(G::json_encode($response)); + exit(); + } + } $docUid=$_POST['docUid']; $appDocUid=isset($_POST['APP_DOC_UID'])?$_POST['APP_DOC_UID']:""; $docVersion=isset($_POST['docVersion'])?$_POST['docVersion']:""; diff --git a/workflow/engine/methods/cases/casesList_Ajax.php b/workflow/engine/methods/cases/casesList_Ajax.php index 2612aea43..20f208433 100644 --- a/workflow/engine/methods/cases/casesList_Ajax.php +++ b/workflow/engine/methods/cases/casesList_Ajax.php @@ -64,6 +64,30 @@ if ($actionAjax == "userValues") { $users = filterUserListArray($users, $query); //now get users, just for the Search action switch ($action) { + case 'to_reassign': + $cUsers = $oAppCache->getToReassignListCriteria(null); + $cUsers->addSelectColumn(AppCacheViewPeer::USR_UID); + + if (g::MySQLSintaxis()) { + $cUsers->addGroupByColumn(AppCacheViewPeer::USR_UID); + } + + if (!is_null($query)) { + $filters = $cUsers->getNewCriterion(UsersPeer::USR_FIRSTNAME, '%' . $query . '%', Criteria::LIKE)->addOr( + $cUsers->getNewCriterion(UsersPeer::USR_LASTNAME, '%' . $query . '%', Criteria::LIKE)->addOr( + $cUsers->getNewCriterion(UsersPeer::USR_USERNAME, '%' . $query . '%', Criteria::LIKE))); + $cUsers->addAnd($filters); + } + $cUsers->setLimit(20); + $cUsers->addAscendingOrderByColumn(AppCacheViewPeer::APP_CURRENT_USER); + $oDataset = AppCacheViewPeer::doSelectRS($cUsers, Propel::getDbConnection('workflow_ro')); + $oDataset->setFetchmode(ResultSet::FETCHMODE_ASSOC); + $oDataset->next(); + while ($aRow = $oDataset->getRow()) { + $users[] = array("USR_UID" => $aRow['USR_UID'], "USR_FULLNAME" => $aRow['APP_CURRENT_USER']); + $oDataset->next(); + } + break; case 'search_simple': case 'search': G::LoadClass("configuration"); diff --git a/workflow/engine/methods/cases/casesMenuLoader.php b/workflow/engine/methods/cases/casesMenuLoader.php index ddb50e00c..d45138fe7 100644 --- a/workflow/engine/methods/cases/casesMenuLoader.php +++ b/workflow/engine/methods/cases/casesMenuLoader.php @@ -9,9 +9,6 @@ switch ($action) { case 'getAllCounters': getAllCounters(); break; - case 'getProcess': - getProcess(); - break; /*----------------------------------********---------------------------------*/ case 'getAllCountersEnterprise': getAllCountersEnterprise(); @@ -218,64 +215,6 @@ function getLoadTreeMenuData () print $xml;*/ } -// get the process summary of specific case list type, -function getProcess () -{ - global $G_TMP_MENU; - global $userId; - if (! isset( $_GET['item'] )) { - die(); - } - - $oMenu = new Menu(); - $oMenu->load( 'cases' ); - $type = $_GET['item']; - $oCases = new AppCacheView(); - - $aTypesID = array (); - $aTypesID['CASES_INBOX'] = 'to_do'; - $aTypesID['CASES_DRAFT'] = 'draft'; - $aTypesID['CASES_CANCELLED'] = 'cancelled'; - $aTypesID['CASES_SENT'] = 'sent'; - $aTypesID['CASES_PAUSED'] = 'paused'; - $aTypesID['CASES_COMPLETED'] = 'completed'; - $aTypesID['CASES_SELFSERVICE'] = 'selfservice'; - //$aTypesID['CASES_TO_REVISE'] = 'to_revise'; - //$aTypesID['CASES_TO_REASSIGN'] = 'to_reassign'; - $aTypesID = Array ('CASES_INBOX' => 'to_do','CASES_DRAFT' => 'draft','CASES_CANCELLED' => 'cancelled','CASES_SENT' => 'sent','CASES_PAUSED' => 'paused','CASES_COMPLETED' => 'completed','CASES_SELFSERVICE' => 'selfservice','CASES_TO_REVISE' => 'to_revise','CASES_TO_REASSIGN' => 'to_reassign'); - - $aCount = $oCases->getAllCounters( Array ($aTypesID[$type] - ), $userId, true ); - - $response = Array (); - //disabling the summary... - /* - $i=0; - foreach($aCount[$aTypesID[$type]]['sumary'] as $PRO_UID=>$process){ - //{"text":"state","id":"src\/state","cls":"folder", loaded:true}, - $response[$i] = new stdClass(); - $response[$i]->text = $process['name'] . ' ('.$process['count'].')'; - $response[$i]->id = $process['name']; - $response[$i]->cls = 'folder'; - $response[$i]->loaded = true; - $i++; - } - */ - //ordering - /*for($i=0; $i<=count($response)-1; $i++){ - for($j=$i+1; $j<=count($response); $j++){ - - echo $response[$j]->text .'<'. $response[$i]->text; - if($response[$j]->text[0] < $response[$i]->text[0]){ - $x = $response[$i]; - $response[$i] = $response[$j]; - $response[$j] = $x; - } - } - }*/ - echo G::json_encode( $response ); -} - /*----------------------------------********---------------------------------*/ function getAllCountersEnterprise() { diff --git a/workflow/engine/methods/cases/cases_Ajax.php b/workflow/engine/methods/cases/cases_Ajax.php index 2fc375013..760cd964e 100644 --- a/workflow/engine/methods/cases/cases_Ajax.php +++ b/workflow/engine/methods/cases/cases_Ajax.php @@ -1019,20 +1019,23 @@ switch (($_POST['action']) ? $_POST['action'] : $_REQUEST['action']) { if (is_array( $aApplication )) { $response['exists'] = true; + $objCase = new \ProcessMaker\BusinessModel\Cases(); + $aUserCanAccess = $objCase->userAuthorization( + $_SESSION['USER_LOGGED'], + $aApplication['PRO_UID'], + $aApplication['APP_UID'], + array('PM_ALLCASES'), + array('SUMMARY_FORM'=>'VIEW') + ); //Check if the user is a supervisor to this Process - if(isset($_POST['actionFromList']) && $_POST['actionFromList']==='to_revise'){ - $oAppCache = new AppCacheView(); - $aProcesses = $oAppCache->getProUidSupervisor($_SESSION['USER_LOGGED']); - if(!in_array($aApplication['PRO_UID'], $aProcesses)){ + if (isset($_POST['actionFromList']) && $_POST['actionFromList']==='to_revise') { + if (!$aUserCanAccess['supervisor']) { $response['exists'] = false; $response['message'] = G::LoadTranslation('ID_NO_PERMISSION_NO_PARTICIPATED'); } } else {//Check if the user participated in this case - $oParticipated = new ListParticipatedLast(); - $aParticipated = $oParticipated->loadList($_SESSION['USER_LOGGED'], array(), null, $aApplication['APP_UID']); - if(!sizeof($aParticipated)){ - //Check in the selfservice list + if (!$aUserCanAccess['participated'] && !$aUserCanAccess['rolesPermissions']['PM_ALLCASES'] && !$aUserCanAccess['objectPermissions']['SUMMARY_FORM']) { $response['exists'] = false; $response['message'] = G::LoadTranslation('ID_NO_PERMISSION_NO_PARTICIPATED'); } diff --git a/workflow/engine/methods/cases/cases_Resume.php b/workflow/engine/methods/cases/cases_Resume.php index 883dc3a0b..931909d44 100644 --- a/workflow/engine/methods/cases/cases_Resume.php +++ b/workflow/engine/methods/cases/cases_Resume.php @@ -49,20 +49,34 @@ $G_ID_SUB_MENU_SELECTED = '_'; /* Prepare page before to show */ $oCase = new Cases(); -//$Fields = $oCase->loadCase( $_SESSION['APPLICATION'], $_SESSION['INDEX'] ); +//Check the authorization +$objCase = new \ProcessMaker\BusinessModel\Cases(); +$aUserCanAccess = $objCase->userAuthorization( + $_SESSION['USER_LOGGED'], + $_SESSION['PROCESS'], + $_GET['APP_UID'], + array('PM_ALLCASES'), + array('SUMMARY_FORM' => 'VIEW') +); + if (isset($_SESSION['ACTION']) && ($_SESSION['ACTION'] == 'jump')) { $Fields = $oCase->loadCase( $_SESSION['APPLICATION'], $_SESSION['INDEX'], $_SESSION['ACTION']); + $process = new Process(); + $processData = $process->load($Fields['PRO_UID']); + if (isset($processData['PRO_DYNAFORMS']['PROCESS']) && $processData['PRO_DYNAFORMS']['PROCESS'] != '' && + $aUserCanAccess['objectPermissions']['SUMMARY_FORM'] + ) { + $_REQUEST['APP_UID'] = $Fields['APP_UID']; + $_REQUEST['DEL_INDEX'] = $Fields['DEL_INDEX']; + $_REQUEST['DYN_UID'] = $processData['PRO_DYNAFORMS']['PROCESS']; + require_once(PATH_METHODS . 'cases' . PATH_SEP . 'summary.php'); + exit(); + } } else { $Fields = $oCase->loadCase( $_SESSION['APPLICATION'], $_SESSION['INDEX']); } -//Check the participated -$participated = $oCase->userParticipatedInCase( $_GET['APP_UID'], $_SESSION['USER_LOGGED'] ); -//Check if is Supervisor -$processUser = new ProcessUser(); -$userAccess = $processUser->validateUserAccess($Fields['PRO_UID'], $_SESSION['USER_LOGGED']); - -if ($RBAC->userCanAccess( 'PM_ALLCASES' ) < 0 && !$participated && !$userAccess) { +if (!$aUserCanAccess['participated'] && !$aUserCanAccess['supervisor'] && !$aUserCanAccess['rolesPermissions']['PM_ALLCASES'] && !$aUserCanAccess['objectPermissions']['SUMMARY_FORM']) { $aMessage['MESSAGE'] = G::LoadTranslation( 'ID_NO_PERMISSION_NO_PARTICIPATED' ); $G_PUBLISH = new Publisher(); $G_PUBLISH->AddContent( 'xmlform', 'xmlform', 'login/showMessage', '', $aMessage ); @@ -133,36 +147,30 @@ if ($nTasksInParallel > 1) { $Fields['TAS_TITLE'] = $aTask['TAS_TITLE']; $objUser = new Users(); - $oHeadPublisher = & headPublisher::getSingleton(); $oHeadPublisher->addScriptFile( '/jscore/cases/core/cases_Step.js' ); $G_PUBLISH = new Publisher(); $G_PUBLISH->AddContent( 'xmlform', 'xmlform', 'cases/cases_Resume.xml', '', $Fields, '' ); -if($Fields['APP_STATUS'] != 'COMPLETED'){ - $G_PUBLISH->AddContent( 'xmlform', 'xmlform', 'cases/cases_Resume_Current_Task_Title.xml', '', $Fields, '' ); - $objDel = new AppDelegation(); - $parallel = $objDel->LoadParallel ($Fields['APP_UID'],$_GET['DEL_INDEX']); - $FieldsPar = $Fields; - if(empty($parallel)){ - $G_PUBLISH->AddContent( 'xmlform', 'xmlform', 'cases/cases_Resume_Current_Task.xml', '', $Fields, '' ); - }else{ - foreach($parallel as $row){ - $FieldsPar['TAS_UID'] = $row['TAS_UID']; - $aTask = $objTask->load( $row['TAS_UID'] ); - $FieldsPar['TAS_TITLE'] = $aTask['TAS_TITLE']; - $FieldsPar['USR_UID'] = $row['USR_UID']; - if(isset($row['USR_UID']) && !empty($row['USR_UID'])) { - $aUser = $objUser->loadDetails ($row['USR_UID']); - $FieldsPar['CURRENT_USER'] = $aUser['USR_FULLNAME']; - } - $FieldsPar['DEL_DELEGATE_DATE'] = $row['DEL_DELEGATE_DATE']; - $FieldsPar['DEL_INIT_DATE'] = $row['DEL_INIT_DATE']; - $FieldsPar['DEL_TASK_DUE_DATE'] = $row['DEL_TASK_DUE_DATE']; - $FieldsPar['DEL_FINISH_DATE'] = $row['DEL_FINISH_DATE']; - $G_PUBLISH->AddContent( 'xmlform', 'xmlform', 'cases/cases_Resume_Current_Task.xml', '', $FieldsPar, '' ); +if ($Fields['APP_STATUS'] != 'COMPLETED') { + $G_PUBLISH->AddContent( 'xmlform', 'xmlform', 'cases/cases_Resume_Current_Task_Title.xml', '', $Fields, '' ); + $objDel = new AppDelegation(); + $parallel = $objDel->LoadParallel($Fields['APP_UID']); + $FieldsPar = $Fields; + foreach ($parallel as $row) { + $FieldsPar['TAS_UID'] = $row['TAS_UID']; + $aTask = $objTask->load( $row['TAS_UID'] ); + $FieldsPar['TAS_TITLE'] = $aTask['TAS_TITLE']; + $FieldsPar['USR_UID'] = $row['USR_UID']; + if (isset($row['USR_UID']) && !empty($row['USR_UID'])) { + $aUser = $objUser->loadDetails ($row['USR_UID']); + $FieldsPar['CURRENT_USER'] = $aUser['USR_FULLNAME']; + } + $FieldsPar['DEL_DELEGATE_DATE'] = $row['DEL_DELEGATE_DATE']; + $FieldsPar['DEL_INIT_DATE'] = $row['DEL_INIT_DATE']; + $FieldsPar['DEL_TASK_DUE_DATE'] = $row['DEL_TASK_DUE_DATE']; + $FieldsPar['DEL_FINISH_DATE'] = $row['DEL_FINISH_DATE']; + $G_PUBLISH->AddContent( 'xmlform', 'xmlform', 'cases/cases_Resume_Current_Task.xml', '', $FieldsPar); } - } - } G::RenderPage('publish', 'blank'); diff --git a/workflow/engine/methods/cases/cases_Step.php b/workflow/engine/methods/cases/cases_Step.php index 8b1b1ff3f..24f085044 100644 --- a/workflow/engine/methods/cases/cases_Step.php +++ b/workflow/engine/methods/cases/cases_Step.php @@ -1009,7 +1009,7 @@ try { $aFields['TASK'][$sKey]['NEXT_TASK']['TAS_TRANSFER_HIDDEN_FLY'] = ""; if ($aValues['NEXT_TASK']['TAS_TRANSFER_FLY'] == 'true') { $aFields['TASK'][$sKey]['NEXT_TASK']['TAS_DURATION'] = ''; - $hoursSelected = $daysSelected = ''; + $hoursSelected = $daysSelected = $minSelected = ''; if ($aFields['TASK'][$sKey]['NEXT_TASK']['TAS_TIMEUNIT'] == 'HOURS') { $hoursSelected = "selected = 'selected'"; } else { diff --git a/workflow/engine/methods/cases/proxyNewCasesList.php b/workflow/engine/methods/cases/proxyNewCasesList.php index f7d38e4bd..4699e3d72 100644 --- a/workflow/engine/methods/cases/proxyNewCasesList.php +++ b/workflow/engine/methods/cases/proxyNewCasesList.php @@ -10,9 +10,6 @@ if (!isset($_SESSION['USER_LOGGED'])) { G::LoadSystem('inputfilter'); $filter = new InputFilter(); -$_GET = $filter->xssFilterHard($_GET); -$_REQUEST = $filter->xssFilterHard($_REQUEST); -$_SESSION['USER_LOGGED'] = $filter->xssFilterHard($_SESSION['USER_LOGGED']); try { $userUid = $_SESSION['USER_LOGGED']; @@ -162,7 +159,7 @@ try { $record["APP_UPDATE_DATE"] = $record["DEL_DELEGATE_DATE"]; } - if (isset($record['DEL_CURRENT_TAS_TITLE'])) { + if (isset($record['DEL_CURRENT_TAS_TITLE']) && $record['DEL_CURRENT_TAS_TITLE'] != '') { $record['APP_TAS_TITLE'] = $record['DEL_CURRENT_TAS_TITLE']; } @@ -195,8 +192,6 @@ try { $response['filters'] = $filtersData; $response['totalCount'] = $list->countTotal($userUid, $filtersData); - $response = $filter->xssFilterHard($response); - $response['data'] = \ProcessMaker\Util\DateTime::convertUtcToTimeZone($result); echo G::json_encode($response); diff --git a/workflow/engine/methods/cases/summary.php b/workflow/engine/methods/cases/summary.php index 1fe5fb028..02a6e383d 100644 --- a/workflow/engine/methods/cases/summary.php +++ b/workflow/engine/methods/cases/summary.php @@ -69,7 +69,6 @@ try { $result = DynaformPeer::doSelectRS($criteria); $result->setFetchmode(ResultSet::FETCHMODE_ASSOC); if ($result->next()) { - G::LoadClass('pmDynaform'); G::LoadClass('pmDynaform'); $FieldsPmDynaform = $applicationFields; $FieldsPmDynaform["CURRENT_DYNAFORM"] = $_REQUEST['DYN_UID']; diff --git a/workflow/engine/methods/setup/pluginsChange.php b/workflow/engine/methods/setup/pluginsChange.php index 9d5453157..687fa4ef8 100644 --- a/workflow/engine/methods/setup/pluginsChange.php +++ b/workflow/engine/methods/setup/pluginsChange.php @@ -92,16 +92,12 @@ if ($handle = opendir( PATH_PLUGINS )) { /** * Calls PMExtensionClass Builder to include Plugins changes. */ - $config = Bootstrap::getSystemConfiguration(); - - if (!empty($config['experimental_features'])) { - $phpBuilder = new ProcessMakerPhpBuilderHelper(); - $phpBuilder->enabledExtensions = $oPluginRegistry->getEnabledPlugins(); - if (!empty($phpBuilder->enabledExtensions)) { - $phpBuilder->extension = true; - } - $phpBuilder->buildAll(); + $phpBuilder = new ProcessMakerPhpBuilderHelper(); + $phpBuilder->enabledExtensions = $oPluginRegistry->getEnabledPlugins(); + if (!empty($phpBuilder->enabledExtensions)) { + $phpBuilder->extension = true; } + $phpBuilder->buildAll(); } //$oPluginRegistry->showArrays(); diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php b/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php index 55081fc76..93c38834f 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php @@ -3252,4 +3252,49 @@ class Cases $result = $case->updateCase($applicationUid, $arrayApplicationData); } } + + /** + * Get Permissions, Participate, Access + * + * @param string $usrUid + * @param string $proUid + * @param string $appUid + * @param array $rolesPermissions + * @param array $objectPermissions + * @return array Returns array with all access + */ + public function userAuthorization($usrUid, $proUid, $appUid, $rolesPermissions = array(), $objectPermissions = array()) { + $arrayAccess = array(); + + //User has participated + $oParticipated = new \ListParticipatedLast(); + $aParticipated = $oParticipated->loadList($usrUid, array(), null, $appUid); + $arrayAccess['participated'] = (count($aParticipated) == 0) ? false : true; + + //User is supervisor + $supervisor = new \ProcessMaker\BusinessModel\ProcessSupervisor(); + $isSupervisor = $supervisor->isUserProcessSupervisor($proUid, $usrUid); + $arrayAccess['supervisor'] = ($isSupervisor) ? true : false; + + //Roles Permissions + if (count($rolesPermissions) > 0) { + global $RBAC; + foreach ($rolesPermissions as $value) { + $arrayAccess['rolesPermissions'][$value] = ($RBAC->userCanAccess($value) < 0) ? false : true; + } + } + + //Object Permissions + if (count($objectPermissions) > 0) { + $oCase = new \Cases(); + foreach ($objectPermissions as $key => $value) { + $resPermission = $oCase->getAllObjectsFrom($proUid, $appUid, '', $usrUid, $value); + if (isset($resPermission[$key])) { + $arrayAccess['objectPermissions'][$key] = $resPermission[$key]; + } + } + } + + return $arrayAccess; + } } diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Cases/InputDocument.php b/workflow/engine/src/ProcessMaker/BusinessModel/Cases/InputDocument.php index 53ca8677f..0426def6b 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Cases/InputDocument.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Cases/InputDocument.php @@ -971,6 +971,16 @@ class InputDocument $aFields = array("APP_UID" => $appUid, "DEL_INDEX" => $delIndex, "USR_UID" => $userUid, "DOC_UID" => -1, "APP_DOC_TYPE" => "ATTACHED", "APP_DOC_CREATE_DATE" => date("Y-m-d H:i:s"), "APP_DOC_COMMENT" => "", "APP_DOC_TITLE" => "", "APP_DOC_FILENAME" => $arrayFileName[$i], "APP_DOC_FIELDNAME" => $fieldName); } + $sExtension = pathinfo($aFields["APP_DOC_FILENAME"]); + if (\Bootstrap::getDisablePhpUploadExecution() === 1 && $sExtension["extension"] === 'php') { + $message = \G::LoadTranslation('THE_UPLOAD_OF_PHP_FILES_WAS_DISABLED'); + \Bootstrap::registerMonologPhpUploadExecution('phpUpload', 550, $message, $sFileName); + \G::SendMessageText($message, "ERROR"); + $backUrlObj = explode("sys" . SYS_SYS, $_SERVER['HTTP_REFERER']); + \G::header("location: " . "/sys" . SYS_SYS . $backUrlObj[1]); + die(); + } + $oAppDocument = new \AppDocument(); $oAppDocument->create($aFields); diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/FilesManager.php b/workflow/engine/src/ProcessMaker/BusinessModel/FilesManager.php index aa8cd56a1..a949ce0a5 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/FilesManager.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/FilesManager.php @@ -187,6 +187,11 @@ class FilesManager if ($extention == '.exe') { throw new \Exception(\G::LoadTranslation('ID_FILE_UPLOAD_INCORRECT_EXTENSION')); } + if (\Bootstrap::getDisablePhpUploadExecution() === 1 && $extention === '.php') { + $message = \G::LoadTranslation('THE_UPLOAD_OF_PHP_FILES_WAS_DISABLED'); + \Bootstrap::registerMonologPhpUploadExecution('phpUpload', 550, $message, $aData['prf_filename']); + throw new \Exception($message); + } break; default: $sDirectory = PATH_DATA_MAILTEMPLATES . $sProcessUID . PATH_SEP . $sSubDirectory . $aData['prf_filename']; diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Light.php b/workflow/engine/src/ProcessMaker/BusinessModel/Light.php index e739eb485..d33c85488 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Light.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Light.php @@ -902,6 +902,16 @@ class Light $response = array(); if (is_array($request_data)) { foreach ($request_data as $k => $file) { + $ext = pathinfo($file['name'], PATHINFO_EXTENSION); + if (\Bootstrap::getDisablePhpUploadExecution() === 1 && $ext === 'php') { + $message = \G::LoadTranslation('THE_UPLOAD_OF_PHP_FILES_WAS_DISABLED'); + \Bootstrap::registerMonologPhpUploadExecution('phpUpload', 550, $message, $file['name']); + $response[$k]['error'] = array( + "code" => "400", + "message" => $message + ); + continue; + } $oCase = new \Cases(); $delIndex = $oCase->getCurrentDelegation($app_uid, $userUid); $docUid = !empty($file['docUid']) ? $file['docUid'] : -1; diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Light/NotificationDevice.php b/workflow/engine/src/ProcessMaker/BusinessModel/Light/NotificationDevice.php index 13e45a3ff..34422b962 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Light/NotificationDevice.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Light/NotificationDevice.php @@ -199,11 +199,6 @@ class NotificationDevice $devices = $oNoti->loadUsersArrayId($userIds); } else { $devices = $oNoti->loadByUsersId($userIds); - $lists = new \ProcessMaker\BusinessModel\Lists(); - $counter = $lists->getCounters($userIds); - $light = new \ProcessMaker\Services\Api\Light(); - $result = $light->parserCountersCases($counter); - $data['counters'] = $result; } $devicesAndroidIds = array(); diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/ProcessSupervisor.php b/workflow/engine/src/ProcessMaker/BusinessModel/ProcessSupervisor.php index 21807d68b..2ed4d6d34 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/ProcessSupervisor.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/ProcessSupervisor.php @@ -129,14 +129,14 @@ class ProcessSupervisor $sql = " SELECT DISTINCT " . \GroupUserPeer::GRP_UID . " FROM " . \GroupUserPeer::TABLE_NAME . ", " . \UsersPeer::TABLE_NAME . ", - " . \UsersRolesPeer::TABLE_NAME . ", " . \RolesPermissionsPeer::TABLE_NAME . ", " . \PermissionsPeer::TABLE_NAME . " + " . DB_RBAC_NAME . '.' . \UsersRolesPeer::TABLE_NAME . ", " . DB_RBAC_NAME . '.' . \RolesPermissionsPeer::TABLE_NAME . ", " . DB_RBAC_NAME . '.' . \PermissionsPeer::TABLE_NAME . " WHERE " . \GroupUserPeer::GRP_UID . " = " . \GroupwfPeer::GRP_UID . " AND " . \GroupUserPeer::USR_UID . " = " . \UsersPeer::USR_UID . " AND " . \UsersPeer::USR_STATUS . " = " . $delimiter . "ACTIVE" . $delimiter . " AND - " . \UsersPeer::USR_UID . " = " . \UsersRolesPeer::USR_UID . " AND - " . \UsersRolesPeer::ROL_UID . " = " . \RolesPermissionsPeer::ROL_UID . " AND - " . \RolesPermissionsPeer::PER_UID . " = " . \PermissionsPeer::PER_UID . " AND - " . \PermissionsPeer::PER_CODE . " = " . $delimiter . "PM_SUPERVISOR" . $delimiter . " AND - " . \PermissionsPeer::PER_SYSTEM . " = " . $delimiter . $arrayRbacSystemData["SYS_CODE"] . $delimiter . " + " . \UsersPeer::USR_UID . " = " . DB_RBAC_NAME . '.' . \UsersRolesPeer::USR_UID . " AND + " . DB_RBAC_NAME . '.' . \UsersRolesPeer::ROL_UID . " = " . DB_RBAC_NAME . '.' . \RolesPermissionsPeer::ROL_UID . " AND + " . DB_RBAC_NAME . '.' . \RolesPermissionsPeer::PER_UID . " = " . DB_RBAC_NAME . '.' . \PermissionsPeer::PER_UID . " AND + " . DB_RBAC_NAME . '.' . \PermissionsPeer::PER_CODE . " = " . $delimiter . "PM_SUPERVISOR" . $delimiter . " AND + " . DB_RBAC_NAME . '.' . \PermissionsPeer::PER_SYSTEM . " = " . $delimiter . $arrayRbacSystemData["SYS_CODE"] . $delimiter . " "; $criteriaGroup->add( @@ -209,13 +209,13 @@ class ProcessSupervisor break; case "AVAILABLE": $sql = " - SELECT DISTINCT " . \UsersRolesPeer::USR_UID . " - FROM " . \UsersRolesPeer::TABLE_NAME . ", " . \RolesPermissionsPeer::TABLE_NAME . ", " . \PermissionsPeer::TABLE_NAME . " - WHERE " . \UsersRolesPeer::USR_UID . " = " . \UsersPeer::USR_UID . " AND - " . \UsersRolesPeer::ROL_UID . " = " . \RolesPermissionsPeer::ROL_UID . " AND - " . \RolesPermissionsPeer::PER_UID . " = " . \PermissionsPeer::PER_UID . " AND - " . \PermissionsPeer::PER_CODE . " = " . $delimiter . "PM_SUPERVISOR" . $delimiter . " AND - " . \PermissionsPeer::PER_SYSTEM . " = " . $delimiter . $arrayRbacSystemData["SYS_CODE"] . $delimiter . " + SELECT DISTINCT " . DB_RBAC_NAME . '.' . \UsersRolesPeer::USR_UID . " + FROM " . DB_RBAC_NAME . '.' . \UsersRolesPeer::TABLE_NAME . ", " . DB_RBAC_NAME . '.' . \RolesPermissionsPeer::TABLE_NAME . ", " . DB_RBAC_NAME . '.' . \PermissionsPeer::TABLE_NAME . " + WHERE " . DB_RBAC_NAME . '.' . \UsersRolesPeer::USR_UID . " = " . \UsersPeer::USR_UID . " AND + " . DB_RBAC_NAME . '.' . \UsersRolesPeer::ROL_UID . " = " . DB_RBAC_NAME . '.' . \RolesPermissionsPeer::ROL_UID . " AND + " . DB_RBAC_NAME . '.' . \RolesPermissionsPeer::PER_UID . " = " . DB_RBAC_NAME . '.' . \PermissionsPeer::PER_UID . " AND + " . DB_RBAC_NAME . '.' . \PermissionsPeer::PER_CODE . " = " . $delimiter . "PM_SUPERVISOR" . $delimiter . " AND + " . DB_RBAC_NAME . '.' . \PermissionsPeer::PER_SYSTEM . " = " . $delimiter . $arrayRbacSystemData["SYS_CODE"] . $delimiter . " "; $criteriaUser->add( diff --git a/workflow/engine/src/ProcessMaker/Core/RoutingScreen.php b/workflow/engine/src/ProcessMaker/Core/RoutingScreen.php index d6dd9c209..dafe61a98 100644 --- a/workflow/engine/src/ProcessMaker/Core/RoutingScreen.php +++ b/workflow/engine/src/ProcessMaker/Core/RoutingScreen.php @@ -65,6 +65,9 @@ class RoutingScreen extends \Derivation } else { $aDataMerged[$key]['NEXT_ROUTING'][] = $post[$i]; } + if (isset($post[$i]['NEXT_TASK'])) { + $aDataMerged[$key]['NEXT_TASK'] = $post[$i]['NEXT_TASK']; + } } } } diff --git a/workflow/engine/src/ProcessMaker/Services/Api/Light.php b/workflow/engine/src/ProcessMaker/Services/Api/Light.php index 80f288b49..32757d56a 100644 --- a/workflow/engine/src/ProcessMaker/Services/Api/Light.php +++ b/workflow/engine/src/ProcessMaker/Services/Api/Light.php @@ -30,6 +30,31 @@ class Light extends Api 'delRiskDate' ]; + public function __isAllowed() + { + try { + $methodName = $this->restler->apiMethodInfo->methodName; + $arrayArgs = $this->restler->apiMethodInfo->arguments; + switch ($methodName) { + case 'doIfAlreadyRoute': + $applicationUid = $this->parameters[$arrayArgs['app_uid']]; + $delIndex = $this->parameters[$arrayArgs['cas_index']]; + $userUid = $this->getUserId(); + //Check if the user has the case + $appDelegation = new \AppDelegation(); + $aCurUser = $appDelegation->getCurrentUsers($applicationUid, $delIndex); + if (!empty($aCurUser) && in_array($userUid, $aCurUser)) { + return true; + } + return false; + break; + } + return false; + } catch (\Exception $e) { + throw new RestException(Api::STAT_APP_EXCEPTION, $e->getMessage()); + } + } + /** * Constructor of the class * @@ -793,6 +818,8 @@ class Light extends Api /** * Get Already Route * + * @access protected + * @class AccessControl {@className \ProcessMaker\Services\Api\Light} * @param string $app_uid {@min 1}{@max 32} * @param int $cas_index * diff --git a/workflow/engine/templates/cases/casesList.js b/workflow/engine/templates/cases/casesList.js index 9331c55ef..f1469952b 100644 --- a/workflow/engine/templates/cases/casesList.js +++ b/workflow/engine/templates/cases/casesList.js @@ -2050,7 +2050,8 @@ Ext.onReady ( function() { btnReassign, "->", _("ID_USER"), - comboAllUsers, + suggestUser, + resetSuggestButton, "-", _("ID_CATEGORY"), comboCategory, diff --git a/workflow/engine/templates/cases/main.js b/workflow/engine/templates/cases/main.js index a8b4b9b4c..cee5b829a 100644 --- a/workflow/engine/templates/cases/main.js +++ b/workflow/engine/templates/cases/main.js @@ -16,7 +16,6 @@ var propStore; var triggerStore; var debugVariablesFilter; -var ReloadTreeMenuItemDetail; var NOTIFIER_FLAG = false; var result; var _action = ''; @@ -258,39 +257,6 @@ Ext.onReady(function(){ } }); - - - var treeMenuItemDetail = new Ext.tree.TreePanel({ - id: 'tree_menuItem_detail', - region: 'south', - animate:true, - autoScroll:true, - loader: new Ext.tree.TreeLoader({ - dataUrl:'casesMenuLoader?action=getProcess' - }), - enableDD:true, - containerScroll: true, - border: false, - width: 250, - height: 120, - dropConfig: {appendOnly:true}, - collapsible: true, - split: true, - margins: '0 2 2 2', - cmargins: '2 2 2 2', - rootVisible: false, - root: new Ext.tree.AsyncTreeNode()/*, - tbar: [{ - text: 'reload', - handler: ReloadTreeMenuItemDetail - }]*/ - }); - - ReloadTreeMenuItemDetail = function(params){ - treeMenuItemDetail.loader.dataUrl = 'casesMenuLoader?action=getProcess&item='+params.item; - treeMenuItemDetail.root.reload(); - } - // set the root node var root = new Ext.tree.AsyncTreeNode({ text: 'Ext JS', @@ -300,8 +266,6 @@ Ext.onReady(function(){ expanded:true }); - treeMenuItemDetail.setRootNode(root); - mainMenu = new Ext.Panel({ id:'menuTreePanel', title: '', @@ -317,8 +281,7 @@ Ext.onReady(function(){ margins: '0 0 0 2', items: [ - treeMenuItems, - treeMenuItemDetail + treeMenuItems ] }); mainMenu.setTitle("
"); @@ -530,15 +493,6 @@ Ext.onReady(function(){ menuPanelC.hide(); menuPanelC.ownerCt.doLayout(); - /**show*/ - //w.show(); - //w.ownerCt.doLayout(); - //w.expand(); - - var menuPanelDetail = Ext.getCmp('tree_menuItem_detail'); - menuPanelDetail.hide(); - menuPanelDetail.ownerCt.doLayout(); - //FORMATS.casesListRefreshTime is in seconds setTimeout("timer()", parseInt(FORMATS.casesListRefreshTime) * 1000); }); @@ -571,9 +525,7 @@ function updateCasesTree() { document.getElementById('refreshNotifiers').src = '/images/ext/default/grid/loading.gif'; itemsTypes = Array('CASES_INBOX', 'CASES_DRAFT', 'CASES_CANCELLED', 'CASES_SENT', 'CASES_PAUSED', 'CASES_COMPLETED', 'CASES_SELFSERVICE'); - if (currentSelectedTreeMenuItem) { - ReloadTreeMenuItemDetail({item: currentSelectedTreeMenuItem}); - } + Ext.Ajax.request({ url: urlProxy + Math.random(), success: function (response) { diff --git a/workflow/engine/templates/cases/reassignList.js b/workflow/engine/templates/cases/reassignList.js index f666d6f7b..08e8d1228 100644 --- a/workflow/engine/templates/cases/reassignList.js +++ b/workflow/engine/templates/cases/reassignList.js @@ -32,7 +32,7 @@ var storeUsersToReassign = new Ext.data.Store({ remoteSort: false, - autoLoad:true, + autoLoad:false, proxy : proxyUsersToReassignList, reader: readerUsersToReassignList, writer: writerUsersToReassignList, // <-- plug a DataWriter into the store just as you would a Reader diff --git a/workflow/public_html/.htaccess b/workflow/public_html/.htaccess index 458bcdada..5d0e4c170 100644 --- a/workflow/public_html/.htaccess +++ b/workflow/public_html/.htaccess @@ -3,7 +3,7 @@ Deny from all - + Order Allow,Deny Allow from All \ No newline at end of file diff --git a/workflow/public_html/sysGeneric.php b/workflow/public_html/sysGeneric.php index b7b4fb4d3..78b1a4ae8 100644 --- a/workflow/public_html/sysGeneric.php +++ b/workflow/public_html/sysGeneric.php @@ -117,6 +117,10 @@ if (file_exists($requestFile)) { header( "location: /errors/error404.php?url=" . urlencode( $_SERVER['REQUEST_URI'] ) ); die; } + if ($request === "app.php" || $request === "sysGeneric.php") { + //HTTP/1.0 403 Forbidden + http_response_code(403); + } $pos = strripos($request, ".") + 1; $size = strlen($request); if($pos < $size) { @@ -307,20 +311,11 @@ if (!(array_key_exists('REMOTE_USER', $_SERVER) && (string)($_SERVER['REMOTE_USE ini_set('session.cookie_httponly', 1); ini_set('session.cookie_secure', 1); } - //$e_all = defined( 'E_DEPRECATED' ) ? E_ALL & ~ E_DEPRECATED : E_ALL; //$e_all = defined( 'E_STRICT' ) ? $e_all & ~ E_STRICT : $e_all; //$e_all = $config['debug'] ? $e_all : $e_all & ~ E_NOTICE; //$e_all = E_ALL & ~ E_DEPRECATED & ~ E_STRICT & ~ E_NOTICE & ~E_WARNING; -G::LoadSystem('inputfilter'); -$filter = new InputFilter(); -$config['display_errors'] = $filter->validateInput($config['display_errors']); -$config['error_reporting'] = $filter->validateInput($config['error_reporting']); -$config['memory_limit'] = $filter->validateInput($config['memory_limit']); -$config['wsdl_cache'] = $filter->validateInput($config['wsdl_cache'],'int'); -$config['time_zone'] = $filter->validateInput($config['time_zone']); - // Do not change any of these settings directly, use env.ini instead ini_set( 'display_errors', $config['display_errors']); ini_set( 'error_reporting', $config['error_reporting']); @@ -342,6 +337,7 @@ define ('WS_IN_LOGIN', isset($config['WS_IN_LOGIN']) ? $config['WS_IN_LOGIN'] : define('LOAD_HEADERS_IE', $config['load_headers_ie']); define('LEAVE_CASE_WARNING', $config['leave_case_warning']); define('REDIRECT_TO_MOBILE', $config['redirect_to_mobile']); +define('DISABLE_PHP_UPLOAD_EXECUTION', $config['disable_php_upload_execution']); // IIS Compatibility, SERVER_ADDR doesn't exist on that env, so we need to define it. $_SERVER['SERVER_ADDR'] = isset( $_SERVER['SERVER_ADDR'] ) ? $_SERVER['SERVER_ADDR'] : $_SERVER['SERVER_NAME']; @@ -515,7 +511,6 @@ if (defined( 'PATH_DATA' ) && file_exists( PATH_DATA )) { $oServerConf = & serverConf::getSingleton(); } $pathFile = PATH_THIRDPARTY . '/pear/PEAR.php'; -$pathFile = $filter->validateInput($pathFile,'path'); require_once $pathFile; //Bootstrap::LoadSystem( 'pmException' ); @@ -531,7 +526,6 @@ if (! defined( 'PATH_DATA' ) || ! file_exists( PATH_DATA )) { //NewRelic Snippet - By JHL transactionLog(PATH_CONTROLLERS.'installer.php'); $pathFile = PATH_CONTROLLERS . 'installer.php'; - $pathFile = $filter->validateInput($pathFile,'path'); require_once ($pathFile); $controller = 'Installer'; @@ -578,7 +572,6 @@ if ($oServerConf->isWSDisabled( SYS_TEMP )) { if (defined( 'SYS_TEMP' ) && SYS_TEMP != '') { //this is the default, the workspace db.php file is in /shared/workflow/sites/SYS_SYS $pathFile = PATH_DB . SYS_TEMP . '/db.php'; - $pathFile = $filter->validateInput($pathFile,'path'); if (file_exists( $pathFile )) { require_once ($pathFile); define( 'SYS_SYS', SYS_TEMP ); @@ -600,7 +593,6 @@ if (defined( 'SYS_TEMP' ) && SYS_TEMP != '') { } else { //when we are in global pages, outside any valid workspace if (SYS_TARGET === 'newSite') { $phpFile = G::ExpandPath( 'methods' ) . SYS_COLLECTION . "/" . SYS_TARGET . '.php'; - $phpFile = $filter->validateInput($phpFile,'path'); //NewRelic Snippet - By JHL transactionLog($phpFile); require_once ($phpFile); @@ -608,12 +600,11 @@ if (defined( 'SYS_TEMP' ) && SYS_TEMP != '') { } else { if (SYS_TARGET == "dbInfo") { //Show dbInfo when no SYS_SYS $pathFile = PATH_METHODS . "login/dbInfo.php"; - $pathFile = $filter->validateInput($pathFile,'path'); require_once ($pathFile); } else { if (substr( SYS_SKIN, 0, 2 ) === 'ux' && SYS_TARGET != 'sysLoginVerify') { // new ux sysLogin - extjs based form - $pathFile = $filter->validateInput(PATH_CONTROLLERS . 'main.php','path'); + $pathFile = PATH_CONTROLLERS . 'main.php'; require_once $pathFile; $controllerClass = 'Main'; $controllerAction = SYS_TARGET == 'sysLoginVerify' ? SYS_TARGET : 'sysLogin'; @@ -625,7 +616,7 @@ if (defined( 'SYS_TEMP' ) && SYS_TEMP != '') { $controller->call( $controllerAction ); } } else { // classic sysLogin interface - $pathFile = $filter->validateInput(PATH_METHODS . "login/sysLogin.php",'path'); + $pathFile = PATH_METHODS . "login/sysLogin.php"; require_once ($pathFile); die(); } @@ -710,9 +701,7 @@ if (defined( 'DEBUG_SQL_LOG' ) && DEBUG_SQL_LOG) { //Set Time Zone /*----------------------------------********---------------------------------*/ -if (PMLicensedFeatures::getSingleton()->verifyfeature('oq3S29xemxEZXJpZEIzN01qenJUaStSekY4cTdJVm5vbWtVM0d4S2lJSS9qUT0=')) { - $_SESSION['__SYSTEM_UTC_TIME_ZONE__'] = (int)($config['system_utc_time_zone']) == 1; -} +$_SESSION['__SYSTEM_UTC_TIME_ZONE__'] = (int)($config['system_utc_time_zone']) == 1; /*----------------------------------********---------------------------------*/ ini_set('date.timezone', (isset($_SESSION['__SYSTEM_UTC_TIME_ZONE__']) && $_SESSION['__SYSTEM_UTC_TIME_ZONE__'])? 'UTC' : $config['time_zone']); //Set Time Zone @@ -737,7 +726,7 @@ ob_start(); // Rebuild the base Workflow translations if not exists if (! is_file( PATH_LANGUAGECONT . 'translation.en' )) { - $pathFile = $filter->validateInput(PATH_CLASSES . "model" . PATH_SEP . "Translation.php", "path"); + $pathFile = PATH_CLASSES . "model" . PATH_SEP . "Translation.php"; require_once ($pathFile); @@ -747,7 +736,7 @@ if (! is_file( PATH_LANGUAGECONT . 'translation.en' )) { // TODO: Verify if the language set into url is defined in translations env. if (SYS_LANG != 'en' && ! is_file( PATH_LANGUAGECONT . 'translation.' . SYS_LANG )) { - $pathFile = $filter->validateInput(PATH_CLASSES . "model" . PATH_SEP . "Translation.php", "path"); + $pathFile = PATH_CLASSES . "model" . PATH_SEP . "Translation.php"; require_once ($pathFile); @@ -813,6 +802,17 @@ if (substr( SYS_COLLECTION, 0, 8 ) === 'gulliver') { die(); } + Bootstrap::initVendors(); + Bootstrap::LoadSystem( 'monologProvider' ); + if (\Bootstrap::getDisablePhpUploadExecution() === 1) { + $message = \G::LoadTranslation('THE_PHP_FILES_EXECUTION_WAS_DISABLED'); + \Bootstrap::registerMonologPhpUploadExecution('phpExecution', 550, $message, $phpFile); + echo $message; + die(); + } else { + \Bootstrap::registerMonologPhpUploadExecution('phpExecution', 200, 'Php Execution', $phpFile); + } + $avoidChangedWorkspaceValidation = true; $bWE = true; //$phpFile = PATH_DATA_SITE . 'public' . PATH_SEP . SYS_COLLECTION . PATH_SEP . $auxPart[ count($auxPart)-1]; @@ -821,7 +821,7 @@ if (substr( SYS_COLLECTION, 0, 8 ) === 'gulliver') { //erik: verify if it is a Controller Class or httpProxyController Class if (is_file( PATH_CONTROLLERS . SYS_COLLECTION . '.php' )) { Bootstrap::LoadSystem( 'controller' ); - $pathFile = $filter->validateInput(PATH_CONTROLLERS . SYS_COLLECTION . '.php','path'); + $pathFile = PATH_CONTROLLERS . SYS_COLLECTION . '.php'; require_once $pathFile; $controllerClass = SYS_COLLECTION; //if the method name is empty set default to index method @@ -854,7 +854,6 @@ if (substr( SYS_COLLECTION, 0, 8 ) === 'gulliver') { $pluginControllerPath = PATH_PLUGINS . $pluginName . PATH_SEP . 'controllers' . PATH_SEP; $pathFile = $pluginControllerPath. $controllerClass . '.php'; - $pathFile = $filter->validateInput($pathFile,'path'); if (is_file($pathFile)) { require_once $pathFile; } elseif (is_file($pluginControllerPath. ucfirst($controllerClass) . '.php')) {