From fb4fd220a487159ff4859193dc76d18e7b0e4fdb Mon Sep 17 00:00:00 2001 From: dante Date: Mon, 7 Aug 2017 09:48:51 -0400 Subject: [PATCH 01/10] bugfix/HOR-3488 --- workflow/engine/templates/pmTables/export.js | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/workflow/engine/templates/pmTables/export.js b/workflow/engine/templates/pmTables/export.js index 8d8c064db..bbd9f5b5c 100644 --- a/workflow/engine/templates/pmTables/export.js +++ b/workflow/engine/templates/pmTables/export.js @@ -72,7 +72,11 @@ Export.configure = function() e.stopEvent(); var index = Export.targetGrid.getView().findRowIndex(t); var record = Export.targetGrid.store.getAt(index); - + + if (record.data['_SCHEMA'] !== true) { + return false; + } + if(record.data['PRO_UID']) { PMExt.info(_('ID_INFO'), _('ID_REPORT_TABLES_DATA_EXPORT_NOT_ALLOWED')); return false; @@ -210,6 +214,10 @@ Ext.ux.grid.CheckColumn.prototype ={ var index = this.grid.getView().findRowIndex(t); var record = this.grid.store.getAt(index); record.set(this.dataIndex, !record.data[this.dataIndex]); + + //if schema check is selected/unselected, + //the data column is always initialized to unchecked + record.set('_DATA', false); } }, From 8538fffd6679c800cf473ddd3ce35a8d41d6681e Mon Sep 17 00:00:00 2001 From: dante Date: Mon, 7 Aug 2017 13:11:45 -0400 Subject: [PATCH 02/10] HOR-3434 --- workflow/engine/controllers/pmTables.php | 35 ++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/workflow/engine/controllers/pmTables.php b/workflow/engine/controllers/pmTables.php index 4d1099d80..0d0d40d46 100644 --- a/workflow/engine/controllers/pmTables.php +++ b/workflow/engine/controllers/pmTables.php @@ -152,6 +152,11 @@ class pmTables extends Controller $sFileName = $httpData->f; $realPath = $PUBLIC_ROOT_PATH . $sFileName; + + if ($this->isValidFileToBeStreamed($realPath, $PUBLIC_ROOT_PATH) === false) { + throw new Exception("You are trying to access an unauthorized resource."); + } + G::streamFile( $realPath, true ); unlink( $realPath ); } @@ -206,5 +211,35 @@ class pmTables extends Controller $tableSize = $tableSize - 8; // Prefix PMT_ return $tableSize; } + + /** + * Validates if the file with the path $filePath is a valid one, + * that is, it must be a file within the temporal directory where the + * exported pmt files are created and must have one of the valid file + * extensions. + * + * @param $filePath, full path to the temporal file that will be streamed + * @param $tempDir, directory's path where the temporal files are created. + * @return bool + */ + private function isValidFileToBeStreamed($filePath, $tempDir) + { + $result = true; + $validExtensionsForExporting = ['csv', 'pmt']; + $fileRealPath = realpath($filePath); + $tempDirRealPath = realpath($tempDir); + + $pathInfo = pathinfo($fileRealPath); + + if ($pathInfo ['dirname'] !== $tempDirRealPath) { + $result = false; + } + + if (!in_array($pathInfo['extension'], $validExtensionsForExporting)) { + $result = false; + } + + return $result; + } } From 47fa74b8ec9c29d1286a7eddcfead30428d0a2c7 Mon Sep 17 00:00:00 2001 From: u1 Date: Tue, 8 Aug 2017 00:21:36 -0400 Subject: [PATCH 03/10] HOR-3400 Change of destination branch --- workflow/engine/methods/services/soap.php | 413 ------------------ workflow/engine/methods/services/soap2.php | 88 ++-- workflow/engine/methods/services/wsdl.php | 13 - workflow/engine/methods/setup/webServices.php | 158 ------- .../engine/methods/setup/webServicesList.php | 36 -- .../Util/ParseSoapVariableName.php | 79 ++++ 6 files changed, 110 insertions(+), 677 deletions(-) delete mode 100644 workflow/engine/methods/services/soap.php delete mode 100644 workflow/engine/methods/services/wsdl.php delete mode 100644 workflow/engine/methods/setup/webServices.php delete mode 100644 workflow/engine/methods/setup/webServicesList.php create mode 100644 workflow/engine/src/ProcessMaker/Util/ParseSoapVariableName.php diff --git a/workflow/engine/methods/services/soap.php b/workflow/engine/methods/services/soap.php deleted file mode 100644 index e21b64939..000000000 --- a/workflow/engine/methods/services/soap.php +++ /dev/null @@ -1,413 +0,0 @@ -login( $params->userid, $params->password ); - return $res->getPayloadArray(); -} - -function ProcessList ($params) -{ - $x = ifPermission( $params->sessionId, 'PM_FACTORY' ); - //if you are not an admin user, then this function will return only - //your valid process - if ($x == 0) { - $oSessions = new Sessions(); - $session = $oSessions->getSessionUser( $params->sessionId ); - $userId = $session['USR_UID']; - - $ws = new wsBase(); - $res = $ws->processListVerified( $userId ); - return $res; - } - - $ws = new wsBase(); - $res = $ws->processList(); - return array ("processes" => $res - ); -} - -function RoleList ($params) -{ - $x = ifPermission( $params->sessionId, 'PM_USERS' ); - if ($x == 0) { - $result[] = array ('guid' => 24,'name' => G::LoadTranslation('ID_NOT_PRIVILEGES')); - return $result; - } - - $ws = new wsBase(); - $res = $ws->roleList(); - return array ("roles" => $res - ); -} - -function GroupList ($params) -{ - $x = ifPermission( $params->sessionId, 'PM_USERS' ); - if ($x == 0) { - $result[] = array ('guid' => 24,'name' => G::LoadTranslation('ID_NOT_PRIVILEGES')); - return $result; - } - - $ws = new wsBase(); - $res = $ws->groupList(); - return array ("groups" => $res - ); -} - -function CaseList ($params) -{ - ifSessionExpiredBreakThis( $params->sessionId ); - $x = ifPermission( $params->sessionId, 'PM_CASES' ); - if ($x == 0) { - return new wsResponse( 9, G::LoadTranslation('ID_SESSION_EXPIRED') ); - } - - $oSessions = new Sessions(); - $session = $oSessions->getSessionUser( $params->sessionId ); - $userId = $session['USR_UID']; - - $ws = new wsBase(); - $res = $ws->caseList( $userId ); - return array ("cases" => $res - ); -} - -function UserList ($params) -{ - $x = ifPermission( $params->sessionId, 'PM_USERS' ); - if ($x == 0) { - $result[] = array ('guid' => 24,'name' => G::LoadTranslation('ID_NOT_PRIVILEGES') ); - return $result; - } - - $ws = new wsBase(); - $res = $ws->userList(); - return array ("users" => $res - ); -} - -function SendMessage ($params) -{ - ifSessionExpiredBreakThis( $params->sessionId ); - $x = ifPermission( $params->sessionId, 'PM_CASES' ); - if ($x == 0) { - $result = new wsResponse( 24, G::LoadTranslation('ID_NOT_PRIVILEGES') ); - return $result; - } - $ws = new wsBase(); - $res = $ws->sendMessage( $params->caseId, $params->from, $params->to, $params->cc, $params->bcc, $params->subject, $params->template ); - return $res->getPayloadArray(); -} - -function getCaseInfo ($params) -{ - ifSessionExpiredBreakThis( $params->sessionId ); - $x = ifPermission( $params->sessionId, 'PM_CASES' ); - if ($x == 0) { - $result = new wsResponse( 24, "You do not have privileges" ); - return $result; - } - $ws = new wsBase(); - $res = $ws->getCaseInfo( $params->caseId, $params->delIndex ); - return $res; -} - -function SendVariables ($params) -{ - - $filter = new InputFilter(); - ifSessionExpiredBreakThis( $params->sessionId ); - $x = ifPermission( $params->sessionId, 'PM_CASES' ); - if ($x == 0) { - $result = new wsResponse( 24, G::LoadTranslation('ID_NOT_PRIVILEGES') ); - return $result; - } - $ws = new wsBase(); - $variables = $params->variables; - if (is_object( $variables )) { - $Fields[$variables->name] = $variables->value; - } - - if (is_array( $variables )) { - foreach ($variables as $key => $val) { - $name = $val->name; - $value = $val->value; - $val->name = $filter->validateInput($val->name); - $val->value = $filter->validateInput($val->value); - eval( '$Fields[ ' . $val->name . ' ]= $val->value ;' ); - } - } - $params->variables = $Fields; - $res = $ws->sendVariables( $params->caseId, $params->variables ); - return $res->getPayloadArray(); -} - -function GetVariables ($params) -{ - ifSessionExpiredBreakThis( $params->sessionId ); - $x = ifPermission( $params->sessionId, 'PM_CASES' ); - if ($x == 0) { - $result = new wsResponse( 24, G::LoadTranslation('ID_NOT_PRIVILEGES') ); - return $result; - } - - $ws = new wsBase(); - - $res = $ws->getVariables( $params->caseId, $params->variables ); - return array ("variables" => $res - ); -} - -function DerivateCase ($params) -{ - ifSessionExpiredBreakThis( $params->sessionId ); - $x = ifPermission( $params->sessionId, 'PM_CASES' ); - if ($x == 0) { - $result = new wsResponse( 24, G::LoadTranslation('ID_NOT_PRIVILEGES') ); - return $result; - } - - $oSession = new Sessions(); - $user = $oSession->getSessionUser( $params->sessionId ); - - $ws = new wsBase(); - $res = $ws->derivateCase( $user['USR_UID'], $params->caseId, $params->delIndex ); - return $res; - - //return $res->getPayloadArray ( ); -} - -function executeTrigger ($params) -{ - ifSessionExpiredBreakThis( $params->sessionId ); - $x = ifPermission( $params->sessionId, 'PM_CASES' ); - if ($x == 0) { - $result = new wsResponse( 24, G::LoadTranslation('ID_NOT_PRIVILEGES') ); - return $result; - } - - $oSession = new Sessions(); - $user = $oSession->getSessionUser( $params->sessionId ); - - $ws = new wsBase(); - $delIndex = (isset( $params->delIndex )) ? $params->delIndex : 1; - $res = $ws->executeTrigger( $user['USR_UID'], $params->caseId, $params->triggerIndex, $delIndex ); - return $res->getPayloadArray(); -} - -function NewCaseImpersonate ($params) -{ - $filter = new InputFilter(); - ifSessionExpiredBreakThis( $params->sessionId ); - $x = ifPermission( $params->sessionId, 'PM_CASES' ); - if ($x == 0) { - $result = new wsResponse( 24, G::LoadTranslation('ID_NOT_PRIVILEGES') ); - return $result; - } - $ws = new wsBase(); - $variables = $params->variables; - foreach ($variables as $key => $val) { - $name = $val->name; - $value = $val->value; - $val->name = $filter->validateInput($val->name); - $val->value = $filter->validateInput($val->value); - eval( '$Fields[ ' . $val->name . ' ]= $val->value ;' ); - } - $params->variables = $Fields; - $res = $ws->newCaseImpersonate( $params->processId, $params->userId, $params->variables ); - return $res->getPayloadArray(); -} - -function NewCase ($params) -{ - $filter = new InputFilter(); - ifSessionExpiredBreakThis( $params->sessionId ); - $x = ifPermission( $params->sessionId, 'PM_CASES' ); - if ($x == 0) { - $result = new wsResponse( 24, G::LoadTranslation('ID_NOT_PRIVILEGES') ); - return $result; - } - - $oSessions = new Sessions(); - $session = $oSessions->getSessionUser( $params->sessionId ); - $userId = $session['USR_UID']; - $variables = $params->variables; - - if (! isset( $params->variables )) { - $variables = array (); - $Fields = array (); - } else { - if (is_object( $variables )) { - /*foreach ( $variables as $key=>$val ) { - $name = $val->name; - $value = $val->value; - $Fields[ $val->name ]= $val->value ; - }*/ - $Fields[$variables->name] = $variables->value; - } - - if (is_array( $variables )) { - foreach ($variables as $key => $val) { - $name = $val->name; - $value = $val->value; - if (! is_object( $val->value )) { - $val->name = $filter->validateInput($val->name); - $val->value = $filter->validateInput($val->value); - eval( '$Fields[ ' . $val->name . ' ]= $val->value ;' ); - } else { - if (is_array( $val->value->item )) { - $i = 1; - foreach ($val->value->item as $key1 => $val1) { - if (isset( $val1->value )) { - if (is_array( $val1->value->item )) { - foreach ($val1->value->item as $key2 => $val2) { - $Fields[$val->name][$i][$val2->key] = $val2->value; - } - } - } - $i ++; - } - } - } - } - } - } - - $params->variables = $Fields; - //$result = new wsResponse (900, print_r($params->variables,1)); - //return $result; - $ws = new wsBase(); - $res = $ws->newCase( $params->processId, $userId, $params->taskId, $params->variables ); - return $res; -} - -function AssignUserToGroup ($params) -{ - ifSessionExpiredBreakThis( $params->sessionId ); - $x = ifPermission( $params->sessionId, 'PM_USERS' ); - if ($x == 0) { - $result = new wsResponse( 24, G::LoadTranslation('ID_NOT_PRIVILEGES') ); - return $result; - } - $sessions = new Sessions(); - $user = $sessions->getSessionUser( $params->sessionId ); - if (! is_array( $user )) { - return new wsResponse( 3, G::LoadTranslation('ID_USER_NOT_REGISTERED_SYSTEM') ); - } - - $ws = new wsBase(); - $res = $ws->assignUserToGroup( $params->userId, $params->groupId ); - return $res->getPayloadArray(); -} - -function CreateUser ($params) -{ - ifSessionExpiredBreakThis( $params->sessionId ); - $x = ifPermission( $params->sessionId, 'PM_USERS' ); - if ($x == 0) { - $result = new wsResponse( 24, G::LoadTranslation('ID_NOT_PRIVILEGES') ); - return $result; - } - $ws = new wsBase(); - $res = $ws->createUser( $params->userId, $params->firstname, $params->lastname, $params->email, $params->role, $params->password ); - return $res->getPayloadArray(); -} - -function TaskList ($params) -{ - $x = ifPermission( $params->sessionId, 'PM_CASES' ); - if ($x == 0) { - $result[] = array ('guid' => 24,'name' => G::LoadTranslation('ID_NOT_PRIVILEGES') ); - return $result; - } - - $ws = new wsBase(); - $oSessions = new Sessions(); - $session = $oSessions->getSessionUser( $params->sessionId ); - $userId = $session['USR_UID']; - $res = $ws->taskList( $userId ); - return array ("tasks" => $res - ); -} - -function TaskCase ($params) -{ - ifSessionExpiredBreakThis( $params->sessionId ); - $x = ifPermission( $params->sessionId, 'PM_CASES' ); - if ($x == 0) { - $result[] = array ('guid' => 24,'name' => G::LoadTranslation('ID_NOT_PRIVILEGES') ); - return $result; - } - - $ws = new wsBase(); - $res = $ws->taskCase( $params->caseId ); - return array ("taskCases" => $res - ); -} - -function ReassignCase ($params) -{ - ifSessionExpiredBreakThis( $params->sessionId ); - - $ws = new wsBase(); - $res = $ws->reassignCase( $params->sessionId, $params->caseId, $params->delIndex, $params->userIdSource, $params->userIdTarget ); - return $res; -} - -function ifSessionExpiredBreakThis ($sessionId) -{ #added By Erik AO in datetime 26.06.2008 10:00:00 - - $oSessions = new Sessions(); - $session = $oSessions->verifySession( $sessionId ); - if ($session == '') { - return new wsResponse( 9, G::LoadTranslation('ID_SESSION_EXPIRED') ); - } -} - -function ifPermission ($sessionId, $permission) -{ - global $RBAC; - $RBAC->initRBAC(); - $oSession = new Sessions(); - $user = $oSession->getSessionUser( $sessionId ); - - $oRBAC = RBAC::getSingleton(); - $oRBAC->loadUserRolePermission( $oRBAC->sSystem, $user['USR_UID'] ); - $aPermissions = $oRBAC->aUserInfo[$oRBAC->sSystem]['PERMISSIONS']; - $sw = 0; - foreach ($aPermissions as $aPermission) { - if ($aPermission['PER_CODE'] == $permission) { - $sw = 1; - } - } - return $sw; -} -$server = new SoapServer( $wsdl ); -$server->addFunction( "Login" ); -$server->addFunction( "ProcessList" ); -$server->addFunction( "CaseList" ); -$server->addFunction( "RoleList" ); -$server->addFunction( "GroupList" ); -$server->addFunction( "UserList" ); -$server->addFunction( "SendMessage" ); -$server->addFunction( "SendVariables" ); -$server->addFunction( "GetVariables" ); -$server->addFunction( "DerivateCase" ); -$server->addFunction( "executeTrigger" ); -$server->addFunction( "NewCaseImpersonate" ); -$server->addFunction( "NewCase" ); -$server->addFunction( "AssignUserToGroup" ); -$server->addFunction( "CreateUser" ); -$server->addFunction( "getCaseInfo" ); -$server->addFunction( "TaskList" ); -$server->addFunction( "TaskCase" ); -$server->addFunction( "ReassignCase" ); - -$server->handle(); - diff --git a/workflow/engine/methods/services/soap2.php b/workflow/engine/methods/services/soap2.php index d0ca027ad..758c21e2a 100644 --- a/workflow/engine/methods/services/soap2.php +++ b/workflow/engine/methods/services/soap2.php @@ -654,83 +654,57 @@ function NewCaseImpersonate ($params) return $res; } -function NewCase ($params) +/** + * Begins a new case under the name of the logged-in user. + * Where the parameter value is: + * - string sessionId: The ID of the session, which is obtained during login. + * - string processId: The ID of the process where the case should start, which + * can be obtained with processList(). + * - string taskId: The ID of the task where the case should start. This will + * generally be the first task in a process, which can be obtained with taskList(). + * - array variables: An array of variableStruct objects which contain information + * to start the case. This array has the following format. + * + * @param object $params + * + * @return object + */ +function NewCase($params) { - $filter = new InputFilter(); + $parseSoapVariableVame = new ParseSoapVariableName(); - $vsResult = isValidSession( $params->sessionId ); + $vsResult = isValidSession($params->sessionId); if ($vsResult->status_code !== 0) { return $vsResult; } - if (ifPermission( $params->sessionId, "PM_CASES" ) == 0) { - $result = new wsResponse( 2, G::LoadTranslation('ID_NOT_PRIVILEGES') ); + if (ifPermission($params->sessionId, 'PM_CASES') == 0) { + $result = new wsResponse(2, G::LoadTranslation('ID_NOT_PRIVILEGES')); return $result; } $oSession = new Sessions(); - $session = $oSession->getSessionUser( $params->sessionId ); - $userId = $session["USR_UID"]; + $session = $oSession->getSessionUser($params->sessionId); + $userId = $session['USR_UID']; $variables = $params->variables; - /* this code is for previous version of ws, and apparently this will work for grids inside the variables.. - if (!isset($params->variables) ) { - $variables = array(); - $field = array(); - } - else { - if ( is_object ($variables) ) { - $field[ $variables->name ]= $variables->value ; - } + $field = array(); - if ( is_array ( $variables) ) { - foreach ( $variables as $key=>$val ) { - $name = $val->name; - $value = $val->value; - if (!is_object($val->value)) - { - eval('$field[ ' . $val->name . ' ]= $val->value ;'); - } - else - { - if (is_array($val->value->item)) { - $i = 1; - foreach ($val->value->item as $key1 => $val1) { - if (isset($val1->value)) { - if (is_array($val1->value->item)) { - foreach ($val1->value->item as $key2 => $val2) { - $field[$val->name][$i][$val2->key] = $val2->value; - } - } - } - $i++; - } - } - } - } - } - } - */ - - $variables = $params->variables; - - $field = array (); - - if ($variables->name === "__POST_VARIABLES__") { + if (is_object($variables) && $variables->name === '__POST_VARIABLES__') { $field = G::json_decode($variables->value, true); $variables = null; } - if (is_object( $variables )) { + if (is_object($variables)) { $field[$variables->name] = $variables->value; } - if (is_array( $variables )) { - foreach ($variables as $key => $val) { - if (! is_object( $val->value )) { - @eval( "\$field[" . $val->name . "]= \$val->value;" ); + if (is_array($variables)) { + foreach ($variables as $val) { + if (!is_object($val->value)) { + $parseSoapVariableVame->buildVariableName($field, $val->name, $val->value); } } } @@ -739,10 +713,10 @@ function NewCase ($params) $ws = new wsBase(); - $res = $ws->newCase($params->processId, $userId, $params->taskId, $params->variables, (isset($params->executeTriggers))? (int)($params->executeTriggers) : 0); + $res = $ws->newCase($params->processId, $userId, $params->taskId, $params->variables, (isset($params->executeTriggers)) ? (int) ($params->executeTriggers) : 0); // we need to register the case id for a stored session variable. like a normal Session. - $oSession->registerGlobal( "APPLICATION", $res->caseId ); + $oSession->registerGlobal('APPLICATION', $res->caseId); return $res; } diff --git a/workflow/engine/methods/services/wsdl.php b/workflow/engine/methods/services/wsdl.php deleted file mode 100644 index 96956029e..000000000 --- a/workflow/engine/methods/services/wsdl.php +++ /dev/null @@ -1,13 +0,0 @@ -. - * - * For more information, contact Colosa Inc, 2566 Le Jeune Rd., - * Coral Gables, FL, 33134, USA, or email info@colosa.com. - */ - -if ($RBAC->userCanAccess( 'PM_SETUP' ) != 1 && $RBAC->userCanAccess( 'PM_FACTORY' ) != 1) { - G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_PAGE', 'error', 'labels' ); - //G::header('location: ../login/login'); - die(); -} - -$G_MAIN_MENU = 'processmaker'; -//$G_SUB_MENU = 'setup'; -$G_ID_MENU_SELECTED = 'SETUP'; -//$G_ID_SUB_MENU_SELECTED = 'WEBSERVICES'; - - -if (! extension_loaded( 'soap' )) { - $G_PUBLISH = new Publisher(); - $G_PUBLISH->AddContent( 'xmlform', 'xmlform', 'setup/wsMessage' ); - G::RenderPage( "publish" ); -} else { - $G_PUBLISH = new Publisher(); - $G_PUBLISH->AddContent( 'view', 'setup/webServicesTree' ); - $G_PUBLISH->AddContent( 'smarty', 'groups/groups_usersList', '', '', array () ); - - G::RenderPage( "publish-treeview", 'blank' ); -} - -$link_Edit = G::encryptlink( 'webServicesSetup' ); -$link_List = G::encryptlink( 'webServicesList' ); - -?> - \ No newline at end of file diff --git a/workflow/engine/methods/setup/webServicesList.php b/workflow/engine/methods/setup/webServicesList.php deleted file mode 100644 index 652f8188a..000000000 --- a/workflow/engine/methods/setup/webServicesList.php +++ /dev/null @@ -1,36 +0,0 @@ -. - * - * For more information, contact Colosa Inc, 2566 Le Jeune Rd., - * Coral Gables, FL, 33134, USA, or email info@colosa.com. - */ -if ($RBAC->userCanAccess( 'PM_SETUP' ) != 1 && $RBAC->userCanAccess( 'PM_FACTORY' ) != 1) { - G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_PAGE', 'error', 'labels' ); - //G::header('location: ../login/login'); - die(); -} - -//G::genericForceLogin( 'WF_MYINFO' , 'login/noViewPage', $urlLogin = 'login/login' ); - - -$G_PUBLISH = new Publisher(); -$G_PUBLISH->AddContent( 'view', 'setup/webServicesTree' ); -G::RenderPage( "publish-raw", "raw" ); - diff --git a/workflow/engine/src/ProcessMaker/Util/ParseSoapVariableName.php b/workflow/engine/src/ProcessMaker/Util/ParseSoapVariableName.php new file mode 100644 index 000000000..74b834e1c --- /dev/null +++ b/workflow/engine/src/ProcessMaker/Util/ParseSoapVariableName.php @@ -0,0 +1,79 @@ +isValidVariableName($name)) { + $context = \Bootstrap::getDefaultContextLog(); + $context['action'] = 'soap2'; + $context['exception'] = 'Invalid param: '.G::json_encode($name); + \Bootstrap::registerMonolog('soap2', 400, 'NewCase', $context, $context['workspace'], 'processmaker.log'); + + return; + } + + $brackets = $this->searchBrackets($name); + if (empty($brackets)) { + $field[$name] = $value; + } else { + $current = &$field; + foreach ($brackets as $extension) { + if (!isset($current[$extension])) { + $current[$extension] = []; + } + $current = &$current[$extension]; + } + $current = $value; + } + } + + /** + * Analysis of string representing the depth of the array, represented by a + * valid index name and brackets as separators. + * + * @param type $string + * + * @return array + */ + private function searchBrackets($string) + { + $stringClean = str_replace(' ', '', $string); + $explode = explode('][', $stringClean); + + return $explode; + } + + /** + * Verify if the index name of the array is valid. + * + * @param string $name + * + * @return bool + */ + public function isValidVariableName($name) + { + if (is_string($name) === true) { + if (preg_match("/^[0-9a-zA-Z\_\[\]]+$/", $name)) { + return true; + } + } + + return false; + } +} + From e41d6d460f3c7a9912092ea196eb2a126d53bdf6 Mon Sep 17 00:00:00 2001 From: dante Date: Tue, 8 Aug 2017 08:35:40 -0400 Subject: [PATCH 04/10] Using just pathinfo to validate that a file name and not a relative path \was sent --- workflow/engine/controllers/pmTables.php | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/workflow/engine/controllers/pmTables.php b/workflow/engine/controllers/pmTables.php index 0d0d40d46..0bd128295 100644 --- a/workflow/engine/controllers/pmTables.php +++ b/workflow/engine/controllers/pmTables.php @@ -153,7 +153,7 @@ class pmTables extends Controller $realPath = $PUBLIC_ROOT_PATH . $sFileName; - if ($this->isValidFileToBeStreamed($realPath, $PUBLIC_ROOT_PATH) === false) { + if ($this->isValidFileToBeStreamed($sFileName) === false) { throw new Exception("You are trying to access an unauthorized resource."); } @@ -213,25 +213,22 @@ class pmTables extends Controller } /** - * Validates if the file with the path $filePath is a valid one, - * that is, it must be a file within the temporal directory where the - * exported pmt files are created and must have one of the valid file - * extensions. + * Validates if the file with the $fileName is a valid one, + * that is, it must be a file without relative references that + * can open a door to get some unauthorized system file and + * must have one of the valid file extensions. * - * @param $filePath, full path to the temporal file that will be streamed - * @param $tempDir, directory's path where the temporal files are created. + * @param $fileName, emporal file name that will be streamed * @return bool */ - private function isValidFileToBeStreamed($filePath, $tempDir) + private function isValidFileToBeStreamed($fileName) { $result = true; $validExtensionsForExporting = ['csv', 'pmt']; - $fileRealPath = realpath($filePath); - $tempDirRealPath = realpath($tempDir); - $pathInfo = pathinfo($fileRealPath); + $pathInfo = pathinfo($fileName); - if ($pathInfo ['dirname'] !== $tempDirRealPath) { + if ($pathInfo ['dirname'] !== '.') { $result = false; } From 45c1ceffcc566cd466ed28a558be6c54e73578af Mon Sep 17 00:00:00 2001 From: Roly Rudy Gutierrez Pinto Date: Tue, 8 Aug 2017 09:53:00 -0400 Subject: [PATCH 05/10] HOR-3627 --- gulliver/bin/tasks/templates/pluginClass.tpl | 1 - .../bin/tasks/templates/pluginMainFile.tpl | 1 - .../templates/pluginOnTransitList.php.tpl | 2 - gulliver/bin/tasks/templates/pluginStep.tpl | 1 - .../pluginStepApplicationAjax.php.tpl | 2 - .../bin/tasks/templates/pluginWelcome.php.tpl | 1 - .../tasks/templates/skinPluginMainClass.tpl | 2 - .../bin/tasks/templates/sysGeneric.php.tpl | 2 +- .../bin/tasks/templates/usersList.php.tpl | 2 +- gulliver/bin/tasks/templates/welcome.php.tpl | 1 - gulliver/js/grid/core/grid.js | 1 + gulliver/methods/errors/block.php | 2 +- gulliver/methods/errors/error403.php | 2 +- gulliver/system/class.database_mysql.php | 14 +++-- gulliver/system/class.dbMaintenance.php | 63 ++++++++++++++++++- gulliver/system/class.g.php | 51 ++++++++++++--- gulliver/system/class.menu.php | 2 +- gulliver/system/class.monologProvider.php | 2 + gulliver/system/class.rbac.php | 16 ++--- 19 files changed, 128 insertions(+), 40 deletions(-) diff --git a/gulliver/bin/tasks/templates/pluginClass.tpl b/gulliver/bin/tasks/templates/pluginClass.tpl index 1cc103337..64e9de169 100644 --- a/gulliver/bin/tasks/templates/pluginClass.tpl +++ b/gulliver/bin/tasks/templates/pluginClass.tpl @@ -83,7 +83,6 @@ $_DBArray['users'] = $aUsers; $_SESSION['_DBArray'] = $_DBArray; -; $oCriteria = new Criteria('dbarray'); $oCriteria->setDBArrayTable('users'); $oCriteria->addDescendingOrderByColumn('USR_USERNAME'); diff --git a/gulliver/bin/tasks/templates/pluginMainFile.tpl b/gulliver/bin/tasks/templates/pluginMainFile.tpl index 0128ee1dc..b1b438ca3 100644 --- a/gulliver/bin/tasks/templates/pluginMainFile.tpl +++ b/gulliver/bin/tasks/templates/pluginMainFile.tpl @@ -1,5 +1,4 @@ userCanAccess("PM_CASES"))!=1) return $RBAC_Response; /* Includes */ -; -; /* GET , POST & $_SESSION Vars */ $conf = new Configurations(); diff --git a/gulliver/bin/tasks/templates/pluginStep.tpl b/gulliver/bin/tasks/templates/pluginStep.tpl index 9626e1149..0dae49698 100644 --- a/gulliver/bin/tasks/templates/pluginStep.tpl +++ b/gulliver/bin/tasks/templates/pluginStep.tpl @@ -1,5 +1,4 @@ setDBArrayTable('user'); //$c->add ( 'user.age', 122 , Criteria::GREATER_EQUAL ); diff --git a/gulliver/bin/tasks/templates/skinPluginMainClass.tpl b/gulliver/bin/tasks/templates/skinPluginMainClass.tpl index 5f16a8bb0..a2ff85666 100644 --- a/gulliver/bin/tasks/templates/skinPluginMainClass.tpl +++ b/gulliver/bin/tasks/templates/skinPluginMainClass.tpl @@ -4,8 +4,6 @@ * */ -; - class {className}Plugin extends PMPlugin { function {className}Plugin($sNamespace, $sFilename = null) { diff --git a/gulliver/bin/tasks/templates/sysGeneric.php.tpl b/gulliver/bin/tasks/templates/sysGeneric.php.tpl index f004d854c..abe03b7fd 100644 --- a/gulliver/bin/tasks/templates/sysGeneric.php.tpl +++ b/gulliver/bin/tasks/templates/sysGeneric.php.tpl @@ -198,7 +198,7 @@ $docuroot = explode ( PATH_SEP , $_SERVER['DOCUMENT_ROOT'] ); //***************** Plugins ************************** -; + // //here we are loading all plugins registered // //the singleton has a list of enabled plugins diff --git a/gulliver/bin/tasks/templates/usersList.php.tpl b/gulliver/bin/tasks/templates/usersList.php.tpl index 38bd54af5..4983ba6c5 100644 --- a/gulliver/bin/tasks/templates/usersList.php.tpl +++ b/gulliver/bin/tasks/templates/usersList.php.tpl @@ -21,7 +21,7 @@ $G_ID_SUB_MENU_SELECTED = 'USERS'; $_DBArray['user'] = $rows; $_SESSION['_DBArray'] = $_DBArray; -; + $c = new Criteria ('dbarray'); $c->setDBArrayTable('user'); diff --git a/gulliver/bin/tasks/templates/welcome.php.tpl b/gulliver/bin/tasks/templates/welcome.php.tpl index bf7a94c94..b5e180c61 100644 --- a/gulliver/bin/tasks/templates/welcome.php.tpl +++ b/gulliver/bin/tasks/templates/welcome.php.tpl @@ -23,7 +23,6 @@ $_DBArray['user'] = $rows; $_SESSION['_DBArray'] = $_DBArray; //krumo ( $_DBArray ); -; $c = new Criteria ('dbarray'); $c->setDBArrayTable('user'); //$c->add ( 'user.age', 122 , Criteria::GREATER_EQUAL ); diff --git a/gulliver/js/grid/core/grid.js b/gulliver/js/grid/core/grid.js index b386a0120..f1e4eebd7 100644 --- a/gulliver/js/grid/core/grid.js +++ b/gulliver/js/grid/core/grid.js @@ -563,6 +563,7 @@ var G_Grid = function(oForm, sGridName){ case 'textarea': //TEXTAREA aObjects = oNewRow.getElementsByTagName('td')[i].getElementsByTagName('textarea'); if (aObjects){ + aObjects[0].value = ''; aObjects[0].className = "module_app_input___gray"; newID = aObjects[0].id.replace(/\[1\]/g, '\[' + currentRow + '\]'); diff --git a/gulliver/methods/errors/block.php b/gulliver/methods/errors/block.php index 19b4a3106..05dd1aebe 100644 --- a/gulliver/methods/errors/block.php +++ b/gulliver/methods/errors/block.php @@ -3,7 +3,7 @@ if (function_exists("http_response_code")) { http_response_code(200); } -$http = (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") ? "https" : "http"; +$http = G::is_https() ? "https" : "http"; $host = $_SERVER["SERVER_NAME"] . (($_SERVER["SERVER_PORT"] != "80") ? ":" . $_SERVER["SERVER_PORT"] : ""); $urlLogin = $http . "://" . $host . "/sys/en/neoclassic/login/login"; diff --git a/gulliver/methods/errors/error403.php b/gulliver/methods/errors/error403.php index c47080475..bc91e6f9d 100644 --- a/gulliver/methods/errors/error403.php +++ b/gulliver/methods/errors/error403.php @@ -1,6 +1,6 @@ sQuoteCharacter . $sTable . $this->sQuoteCharacter . - ' ADD PRIMARY KEY (' . $this->sQuoteCharacter . $sColumn . $this->sQuoteCharacter . ')' . $this->sEndLine; - }*/ + if (isset( $aParameters['PrimaryKey'] ) && $aParameters['PrimaryKey']) { + $sSQL .= ' PRIMARY KEY'; + } + if (isset( $aParameters['Unique'] ) && $aParameters['Unique']) { + $sSQL .= ' UNIQUE'; + } + + //we need to check the property AI if (isset( $aParameters['AI'] )) { if ($aParameters['AI'] == 1) { $sSQL .= ' AUTO_INCREMENT'; diff --git a/gulliver/system/class.dbMaintenance.php b/gulliver/system/class.dbMaintenance.php index 496fd6e1c..8251a57f8 100644 --- a/gulliver/system/class.dbMaintenance.php +++ b/gulliver/system/class.dbMaintenance.php @@ -49,6 +49,7 @@ class DataBaseMaintenance protected $tmpDir; protected $outfile; protected $infile; + protected $isWindows; /** * __construct @@ -64,7 +65,7 @@ class DataBaseMaintenance $this->tmpDir = './'; $this->link = null; $this->dbName = null; - + $this->isWindows = strtoupper(substr(PHP_OS, 0, 3)) === 'WIN'; if (isset( $host ) && isset( $user ) && isset( $passwd )) { $this->host = $host; $this->user = $user; @@ -399,13 +400,22 @@ class DataBaseMaintenance */ function backupDataBase ($outfile) { + $password = escapeshellarg($this->passwd); + + //On Windows, escapeshellarg() instead replaces percent signs, exclamation + //marks (delayed variable substitution) and double quotes with spaces and + //adds double quotes around the string. + //See: http://php.net/manual/en/function.escapeshellarg.php + if ($this->isWindows) { + $password = $this->escapeshellargCustom($this->passwd); + } $aHost = explode(':', $this->host); $dbHost = $aHost[0]; if (isset($aHost[1])) { $dbPort = $aHost[1]; $command = 'mysqldump' . ' --user=' . $this->user - . ' --password=' . escapeshellarg($this->passwd) + . ' --password=' . $password . ' --host=' . $dbHost . ' --port=' . $dbPort . ' --opt' @@ -418,13 +428,60 @@ class DataBaseMaintenance . ' --user=' . $this->user . ' --opt' . ' --skip-comments' - . ' --password=' . escapeshellarg($this->passwd) + . ' --password=' . $password . ' ' . $this->dbName . ' > ' . $outfile; } shell_exec($command); } + /** + * string escapeshellargCustom ( string $arg , character $quotes) + * + * escapeshellarg() adds single quotes around a string and quotes/escapes any + * existing single quotes allowing you to pass a string directly to a shell + * function and having it be treated as a single safe argument. This function + * should be used to escape individual arguments to shell functions coming + * from user input. The shell functions include exec(), system() and the + * backtick operator. + * + * On Windows, escapeshellarg() instead replaces percent signs, exclamation + * marks (delayed variable substitution) and double quotes with spaces and + * adds double quotes around the string. + */ + private function escapeshellargCustom($string, $quotes = "") + { + if ($quotes === "") { + $quotes = $this->isWindows ? "\"" : "'"; + } + $n = strlen($string); + $special = ["!", "%", "\""]; + $substring = ""; + $result1 = []; + $result2 = []; + for ($i = 0; $i < $n; $i++) { + if (in_array($string[$i], $special, true)) { + $result2[] = $string[$i]; + $result1[] = $substring; + $substring = ""; + } else { + $substring = $substring . $string[$i]; + } + } + $result1[] = $substring; + //Rebuild the password string + $n = count($result1); + for ($i = 0; $i < $n; $i++) { + $result1[$i] = trim(escapeshellarg($result1[$i]), $quotes); + if (isset($result2[$i])) { + $result1[$i] = $result1[$i] . $result2[$i]; + } + } + //add simple quotes, see escapeshellarg function + $newString = $quotes . implode("", $result1) . $quotes; + return $newString; + } + /** * restoreFromSql * diff --git a/gulliver/system/class.g.php b/gulliver/system/class.g.php index 4332c12fa..ebe424741 100644 --- a/gulliver/system/class.g.php +++ b/gulliver/system/class.g.php @@ -187,7 +187,7 @@ class G * @param string $symbol * @return string */ - public function generate_password($length = 15, $availableSets = "luns", $symbol = "_-+=!@#$%*&,.") + public function generate_password($length = 15, $availableSets = "luns", $symbol = "_-$!") { $chars = ""; if (strpos($availableSets, "l") !== false) { @@ -1825,6 +1825,14 @@ class G $arrayGrid = array_unique($arrayGrid); + //Given the set: 'valueOne', 'valueOneTwo', where the second string + //contains the first string, this causes the larger string to take + //the second, resulting in a delimitation error, to avoid this problem + //we first search the string larger size. + usort($arrayGrid, function($a, $b) { + return strlen($b) - strlen($a); + }); + foreach ($arrayGrid as $index => $value) { if($value !== "") { $grdName = $value; @@ -2912,6 +2920,16 @@ class G return (bool) preg_match( '/^[0-9A-Za-z]{14,}/', $uid ); } + /** + * Verify if the input string is a valid UID of size 32 + * @param string $uid + * @return boolean + */ + public static function verifyUniqueID32($uid) + { + return (bool) preg_match('/^[0-9A-Za-z]{32,32}$/', $uid); + } + /** * is_utf8 * @@ -2921,11 +2939,10 @@ class G */ public function is_utf8 ($string) { - if (is_array( $string )) { - $enc = implode( '', $string ); - return @! ((ord( $enc[0] ) != 239) && (ord( $enc[1] ) != 187) && (ord( $enc[2] ) != 191)); + if (preg_match('//u', $string)) { + return true; } else { - return (utf8_encode( utf8_decode( $string ) ) == $string); + return false; } } @@ -5408,6 +5425,12 @@ class G } /** + * This function save history about some actions in the file audit.log + * The data is used in the Audit Log functionality + * + * @param string $actionToLog + * @param string $valueToLog + * @return void */ public static function auditLog($actionToLog, $valueToLog = "") { @@ -5416,13 +5439,25 @@ class G $sflag = $conf->getConfiguration('AUDIT_LOG', 'log'); $sflagAudit = $sflag == 'true' ? true : false; $ipClient = G::getIpAddress(); + $userUid = 'Unknow User'; + $fullName = '-'; /*----------------------------------********---------------------------------*/ $licensedFeatures = PMLicensedFeatures::getSingleton(); if ($sflagAudit && $licensedFeatures->verifyfeature('vtSeHNhT0JnSmo1bTluUVlTYUxUbUFSVStEeXVqc1pEUG5EeXc0MGd2Q3ErYz0=')) { - $username = isset($_SESSION['USER_LOGGED']) && $_SESSION['USER_LOGGED'] != '' ? $_SESSION['USER_LOGGED'] : 'Unknow User'; - $fullname = isset($_SESSION['USR_FULLNAME']) && $_SESSION['USR_FULLNAME'] != '' ? $_SESSION['USR_FULLNAME'] : '-'; - G::log("|". $workspace ."|". $ipClient ."|". $username . "|" . $fullname ."|" . $actionToLog . "|" . $valueToLog, PATH_DATA, "audit.log"); + if (isset($_SESSION['USER_LOGGED']) && $_SESSION['USER_LOGGED'] != '') { + $userUid = $_SESSION['USER_LOGGED']; + } else { + //Get the usrUid related to the accessToken + $userUid = \ProcessMaker\Services\OAuth2\Server::getUserId(); + if (!empty($userUid)) { + $oUserLogged = new \Users(); + $user = $oUserLogged->loadDetails($userUid); + $fullName = $user['USR_FULLNAME']; + } + } + $fullName = isset($_SESSION['USR_FULLNAME']) && $_SESSION['USR_FULLNAME'] != '' ? $_SESSION['USR_FULLNAME'] : $fullName; + G::log("|". $workspace ."|". $ipClient ."|". $userUid . "|" . $fullName ."|" . $actionToLog . "|" . $valueToLog, PATH_DATA, "audit.log"); } /*----------------------------------********---------------------------------*/ } diff --git a/gulliver/system/class.menu.php b/gulliver/system/class.menu.php index 82ce5fa03..e539f2417 100644 --- a/gulliver/system/class.menu.php +++ b/gulliver/system/class.menu.php @@ -283,7 +283,7 @@ class Menu */ public function DisableOptionId($id) { - if (array_search($id, $this->Id)) { + if (array_search($id, $this->Id) !== FALSE) { $this->Enabled[array_search($id, $this->Id)] = 0; } } diff --git a/gulliver/system/class.monologProvider.php b/gulliver/system/class.monologProvider.php index f0b519211..9840834cb 100644 --- a/gulliver/system/class.monologProvider.php +++ b/gulliver/system/class.monologProvider.php @@ -106,11 +106,13 @@ class MonologProvider break; case 400://ERROR $this->registerLogger->addError($message, $context); + break; case 500://CRITICAL $this->registerLogger->addCritical($message, $context); break; case 550://ALERT $this->registerLogger->addAlert($message, $context); + break; case 600://EMERGENCY $this->registerLogger->addEmergency($message, $context); break; diff --git a/gulliver/system/class.rbac.php b/gulliver/system/class.rbac.php index c4749221e..93440d716 100644 --- a/gulliver/system/class.rbac.php +++ b/gulliver/system/class.rbac.php @@ -70,6 +70,7 @@ class RBAC public $singleSignOn = false; private static $instance = null; + public $authorizedActions = array(); public function __construct () { @@ -110,11 +111,11 @@ class RBAC 'downloadFileHash' => array('PM_FACTORY') ), 'processProxy.php' => array( - 'categoriesList' => array('PM_SETUP_PROCESS_CATEGORIES'), - 'getCategoriesList' => array('PM_FACTORY'), + 'categoriesList' => array(), + 'getCategoriesList' => array(), 'saveProcess' => array('PM_FACTORY'), - 'changeStatus' => array('PM_FACTORY'), - 'changeDebugMode' => array('PM_FACTORY'), + 'changeStatus' => array(), + 'changeDebugMode' => array(), 'getUsers' => array(), 'getGroups' => array(), 'assignActorsTask' => array(), @@ -125,7 +126,7 @@ class RBAC 'saveProperties' => array(), 'getCaledarList' => array(), 'getPMVariables' => array(), - 'generateBpmn' => array('PM_FACTORY') + 'generateBpmn' => array() ), 'home.php' => array( 'login' => array('PM_LOGIN'), @@ -144,9 +145,6 @@ class RBAC 'getProcessArray' => array('PM_ALLCASES'), 'getProcesses' => array('PM_ALLCASES'), 'getUsers' => array('PM_ALLCASES') - ), - 'newSite.php' => array( - 'newSite.php' => array('PM_SETUP_ADVANCE') ) ); @@ -359,6 +357,8 @@ class RBAC "PER_NAME" => "Edit User profile Default Cases Menu Options" ), array("PER_UID" => "00000000000000000000000000000064", "PER_CODE" => "PM_REASSIGNCASE_SUPERVISOR", "PER_NAME" => "Reassign case supervisor" + ), array("PER_UID" => "00000000000000000000000000000065", "PER_CODE" => "PM_SETUP_CUSTOM_CASES_LIST", + "PER_NAME" => "Setup Custom Cases List" ) ); return $permissionsAdmin; From c7e08398f91cd4c0e44ec2a5b27ecc652206906b Mon Sep 17 00:00:00 2001 From: dante Date: Tue, 8 Aug 2017 09:57:22 -0400 Subject: [PATCH 06/10] delete of extra space beteween variable and index bracket --- workflow/engine/controllers/pmTables.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/workflow/engine/controllers/pmTables.php b/workflow/engine/controllers/pmTables.php index 0bd128295..5ed01b43d 100644 --- a/workflow/engine/controllers/pmTables.php +++ b/workflow/engine/controllers/pmTables.php @@ -228,7 +228,7 @@ class pmTables extends Controller $pathInfo = pathinfo($fileName); - if ($pathInfo ['dirname'] !== '.') { + if ($pathInfo['dirname'] !== '.') { $result = false; } From 51c7dfc380b764df4f494571c0cca79e14c80117 Mon Sep 17 00:00:00 2001 From: Roly Rudy Gutierrez Pinto Date: Tue, 8 Aug 2017 10:02:24 -0400 Subject: [PATCH 07/10] HOR-3400 documentation --- workflow/engine/src/ProcessMaker/Util/ParseSoapVariableName.php | 1 + 1 file changed, 1 insertion(+) diff --git a/workflow/engine/src/ProcessMaker/Util/ParseSoapVariableName.php b/workflow/engine/src/ProcessMaker/Util/ParseSoapVariableName.php index 74b834e1c..3e74af0d3 100644 --- a/workflow/engine/src/ProcessMaker/Util/ParseSoapVariableName.php +++ b/workflow/engine/src/ProcessMaker/Util/ParseSoapVariableName.php @@ -15,6 +15,7 @@ class ParseSoapVariableName * @param array $field * @param string $name * @param object $value + * @return void */ public function buildVariableName(&$field, $name, $value) { From e807478a21b7735f0d0ca115d581f658775877a9 Mon Sep 17 00:00:00 2001 From: Roly Rudy Gutierrez Pinto Date: Tue, 8 Aug 2017 13:37:44 -0400 Subject: [PATCH 08/10] HOR-3627-A --- workflow/engine/classes/Calendar.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/workflow/engine/classes/Calendar.php b/workflow/engine/classes/Calendar.php index 2f788a442..fe49aca98 100644 --- a/workflow/engine/classes/Calendar.php +++ b/workflow/engine/classes/Calendar.php @@ -828,7 +828,7 @@ class Calendar extends CalendarDefinition $newDate = $onlyDate; $hoursDuration -= (float)($secondRes/3600); } else { - $newDate = date('Y-m-d H:i:s', strtotime('+' . (((float)$hoursDuration)*3600) . ' seconds', strtotime($newDate))); + $newDate = date('Y-m-d H:i:s', strtotime('+' . round((((float)$hoursDuration)*3600), 5) . ' seconds', strtotime($newDate))); $hoursDuration = 0; } } From 6c9a1d184258ff56e242f867dd5569e7b38574af Mon Sep 17 00:00:00 2001 From: Roly Rudy Gutierrez Pinto Date: Tue, 8 Aug 2017 13:45:12 -0400 Subject: [PATCH 09/10] HOR-3627 --- gulliver/system/class.dbMaintenance.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gulliver/system/class.dbMaintenance.php b/gulliver/system/class.dbMaintenance.php index 8251a57f8..c61de7110 100644 --- a/gulliver/system/class.dbMaintenance.php +++ b/gulliver/system/class.dbMaintenance.php @@ -415,7 +415,7 @@ class DataBaseMaintenance $dbPort = $aHost[1]; $command = 'mysqldump' . ' --user=' . $this->user - . ' --password=' . $password + . ' --password=' . $password . ' --host=' . $dbHost . ' --port=' . $dbPort . ' --opt' @@ -428,7 +428,7 @@ class DataBaseMaintenance . ' --user=' . $this->user . ' --opt' . ' --skip-comments' - . ' --password=' . $password + . ' --password=' . $password . ' ' . $this->dbName . ' > ' . $outfile; } From efe447643e4633e2cfb15d141536b80dcef25f3a Mon Sep 17 00:00:00 2001 From: Roly Rudy Gutierrez Pinto Date: Tue, 8 Aug 2017 13:54:51 -0400 Subject: [PATCH 10/10] HOR-3627 pull request observations --- gulliver/system/class.rbac.php | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/gulliver/system/class.rbac.php b/gulliver/system/class.rbac.php index 93440d716..f5da6a354 100644 --- a/gulliver/system/class.rbac.php +++ b/gulliver/system/class.rbac.php @@ -111,11 +111,11 @@ class RBAC 'downloadFileHash' => array('PM_FACTORY') ), 'processProxy.php' => array( - 'categoriesList' => array(), - 'getCategoriesList' => array(), + 'categoriesList' => array('PM_SETUP_PROCESS_CATEGORIES'), + 'getCategoriesList' => array('PM_FACTORY'), 'saveProcess' => array('PM_FACTORY'), - 'changeStatus' => array(), - 'changeDebugMode' => array(), + 'changeStatus' => array('PM_FACTORY'), + 'changeDebugMode' => array('PM_FACTORY'), 'getUsers' => array(), 'getGroups' => array(), 'assignActorsTask' => array(), @@ -126,7 +126,7 @@ class RBAC 'saveProperties' => array(), 'getCaledarList' => array(), 'getPMVariables' => array(), - 'generateBpmn' => array() + 'generateBpmn' => array('PM_FACTORY') ), 'home.php' => array( 'login' => array('PM_LOGIN'), @@ -145,6 +145,9 @@ class RBAC 'getProcessArray' => array('PM_ALLCASES'), 'getProcesses' => array('PM_ALLCASES'), 'getUsers' => array('PM_ALLCASES') + ), + 'newSite.php' => array( + 'newSite.php' => array('PM_SETUP_ADVANCE') ) ); @@ -357,8 +360,6 @@ class RBAC "PER_NAME" => "Edit User profile Default Cases Menu Options" ), array("PER_UID" => "00000000000000000000000000000064", "PER_CODE" => "PM_REASSIGNCASE_SUPERVISOR", "PER_NAME" => "Reassign case supervisor" - ), array("PER_UID" => "00000000000000000000000000000065", "PER_CODE" => "PM_SETUP_CUSTOM_CASES_LIST", - "PER_NAME" => "Setup Custom Cases List" ) ); return $permissionsAdmin;