diff --git a/gulliver/system/class.g.php b/gulliver/system/class.g.php index 0d3911c95..7fac7ff42 100755 --- a/gulliver/system/class.g.php +++ b/gulliver/system/class.g.php @@ -5230,6 +5230,23 @@ class G } return in_array(strtolower($functionName), $allFunctions['user']); } + + /** + * Constructor for inputFilter class. Only first parameter is required. + * @access constructor + * @data Mixed - input string/array-of-string to be 'cleaned' + * @param Array $tagsArray - list of user-defined tags + * @param Array $attrArray - list of user-defined attributes + * @param int $tagsMethod - 0= allow just user-defined, 1= allow all but user-defined + * @param int $attrMethod - 0= allow just user-defined, 1= allow all but user-defined + * @param int $xssAuto - 0= only auto clean essentials, 1= allow clean blacklisted tags/attr + */ + public function sanitizeInput($data, $tagsArray = array(), $attrArray = array(), $tagsMethod = 0, $attrMethod = 0, $xssAuto = 1) + { + G::LoadSystem('inputfilter'); + $filtro = new InputFilter($tagsArray , $attrArray, $tagsMethod, $attrMethod, $xssAuto); + return $filtro->process($data); + } } /** diff --git a/gulliver/system/class.inputfilter.php b/gulliver/system/class.inputfilter.php new file mode 100644 index 000000000..d3f6c9c4f --- /dev/null +++ b/gulliver/system/class.inputfilter.php @@ -0,0 +1,368 @@ +tagsArray = (array) $tagsArray; + $this->attrArray = (array) $attrArray; + $this->tagsMethod = $tagsMethod; + $this->attrMethod = $attrMethod; + $this->xssAuto = $xssAuto; + } + + /** + * Method to be called by another php script. Processes for XSS and specified bad code. + * @access public + * @param Mixed $source - input string/array-of-string to be 'cleaned' + * @return String $source - 'cleaned' version of input parameter + */ + public function process($source) + { + // clean all elements in this array + if (is_array($source)) { + foreach ($source as $key => $value) { + // filter element for XSS and other 'bad' code etc. + if (is_string($value)) { + $source[$key] = $this->remove($this->decode($value)); + } + } + return $source; + // clean this string + } elseif (is_string($source)) { + // filter source for XSS and other 'bad' code etc. + return $this->remove($this->decode($source)); + } else { + // return parameter as given + return $source; + } + } + + /** + * Internal method to iteratively remove all unwanted tags and attributes + * @access protected + * @param String $source - input string to be 'cleaned' + * @return String $source - 'cleaned' version of input parameter + */ + public function remove($source) + { + $loopCounter=0; + // provides nested-tag protection + while ($source != $this->filterTags($source)) { + $source = $this->filterTags($source); + $loopCounter++; + } + return $source; + } + + /** + * Internal method to strip a string of certain tags + * @access protected + * @param String $source - input string to be 'cleaned' + * @return String $source - 'cleaned' version of input parameter + */ + public function filterTags($source) + { + // filter pass setup + $preTag = null; + $postTag = $source; + // find initial tag's position + $tagOpen_start = strpos($source, '<'); + // interate through string until no tags left + while ($tagOpen_start !== false) { + // process tag interatively + $preTag .= substr($postTag, 0, $tagOpen_start); + $postTag = substr($postTag, $tagOpen_start); + $fromTagOpen = substr($postTag, 1); + // end of tag + $tagOpen_end = strpos($fromTagOpen, '>'); + if ($tagOpen_end === false) { + break; + } + // next start of tag (for nested tag assessment) + $tagOpen_nested = strpos($fromTagOpen, '<'); + if (($tagOpen_nested !== false) && ($tagOpen_nested < $tagOpen_end)) { + $preTag .= substr($postTag, 0, ($tagOpen_nested+1)); + $postTag = substr($postTag, ($tagOpen_nested+1)); + $tagOpen_start = strpos($postTag, '<'); + continue; + } + $tagOpen_nested = (strpos($fromTagOpen, '<') + $tagOpen_start + 1); + $currentTag = substr($fromTagOpen, 0, $tagOpen_end); + $tagLength = strlen($currentTag); + if (!$tagOpen_end) { + $preTag .= $postTag; + $tagOpen_start = strpos($postTag, '<'); + } + // iterate through tag finding attribute pairs - setup + $tagLeft = $currentTag; + $attrSet = array(); + $currentSpace = strpos($tagLeft, ' '); + // is end tag + if (substr($currentTag, 0, 1) == "/") { + $isCloseTag = true; + list($tagName) = explode(' ', $currentTag); + $tagName = substr($tagName, 1); + // is start tag + } else { + $isCloseTag = false; + list($tagName) = explode(' ', $currentTag); + } + // excludes all "non-regular" tagnames OR no tagname OR remove if xssauto is on and tag is blacklisted + if ((!preg_match("/^[a-z][a-z0-9]*$/i",$tagName)) || (!$tagName) || ((in_array(strtolower($tagName), $this->tagBlacklist)) && ($this->xssAuto))) { + $postTag = substr($postTag, ($tagLength + 2)); + $tagOpen_start = strpos($postTag, '<'); + // don't append this tag + continue; + } + // this while is needed to support attribute values with spaces in! + while ($currentSpace !== false) { + $fromSpace = substr($tagLeft, ($currentSpace+1)); + $nextSpace = strpos($fromSpace, ' '); + $openQuotes = strpos($fromSpace, '"'); + $closeQuotes = strpos(substr($fromSpace, ($openQuotes+1)), '"') + $openQuotes + 1; + // another equals exists + if (strpos($fromSpace, '=') !== false) { + // opening and closing quotes exists + if (($openQuotes !== false) && (strpos(substr($fromSpace, ($openQuotes+1)), '"') !== false)) { + $attr = substr($fromSpace, 0, ($closeQuotes+1)); + } else { + // one or neither exist + $attr = substr($fromSpace, 0, $nextSpace); + } + // no more equals exist + } else { + $attr = substr($fromSpace, 0, $nextSpace); + } + // last attr pair + if (!$attr) { + $attr = $fromSpace; + } + // add to attribute pairs array + $attrSet[] = $attr; + // next inc + $tagLeft = substr($fromSpace, strlen($attr)); + $currentSpace = strpos($tagLeft, ' '); + } + // appears in array specified by user + $tagFound = in_array(strtolower($tagName), $this->tagsArray); + // remove this tag on condition + if ((!$tagFound && $this->tagsMethod) || ($tagFound && !$this->tagsMethod)) { + // reconstruct tag with allowed attributes + if (!$isCloseTag) { + $attrSet = $this->filterAttr($attrSet); + $preTag .= '<' . $tagName; + for ($i = 0; $i < count($attrSet); $i++) { + $preTag .= ' ' . $attrSet[$i]; + } + // reformat single tags to XHTML + if (strpos($fromTagOpen, "'; + } else { + $preTag .= ' />'; + } + // just the tagname + } else { + $preTag .= ''; + } + } + // find next tag's start + $postTag = substr($postTag, ($tagLength + 2)); + $tagOpen_start = strpos($postTag, '<'); + } + // append any code after end of tags + $preTag .= $postTag; + return $preTag; + } + + /** + * Internal method to strip a tag of certain attributes + * @access protected + * @param Array $attrSet + * @return Array $newSet + */ + public function filterAttr($attrSet) + { + $newSet = array(); + // process attributes + for ($i = 0; $i xssAuto) && ((in_array(strtolower($attrSubSet[0]), $this->attrBlacklist)) || (substr($attrSubSet[0], 0, 2) == 'on')))) { + continue; + } + // xss attr value filtering + if ($attrSubSet[1]) { + // strips unicode, hex, etc + $attrSubSet[1] = str_replace('&#', '', $attrSubSet[1]); + // strip normal newline within attr value + $attrSubSet[1] = preg_replace('/\s+/', '', $attrSubSet[1]); + // strip double quotes + $attrSubSet[1] = str_replace('"', '', $attrSubSet[1]); + // [requested feature] convert single quotes from either side to doubles (Single quotes shouldn't be used to pad attr value) + if ((substr($attrSubSet[1], 0, 1) == "'") && (substr($attrSubSet[1], (strlen($attrSubSet[1]) - 1), 1) == "'")) { + $attrSubSet[1] = substr($attrSubSet[1], 1, (strlen($attrSubSet[1]) - 2)); + } + // strip slashes + $attrSubSet[1] = stripslashes($attrSubSet[1]); + } + // auto strip attr's with "javascript: + if (((strpos(strtolower($attrSubSet[1]), 'expression') !== false) &&(strtolower($attrSubSet[0]) == 'style')) || + (strpos(strtolower($attrSubSet[1]), 'javascript:') !== false) || + (strpos(strtolower($attrSubSet[1]), 'behaviour:') !== false) || + (strpos(strtolower($attrSubSet[1]), 'vbscript:') !== false) || + (strpos(strtolower($attrSubSet[1]), 'mocha:') !== false) || + (strpos(strtolower($attrSubSet[1]), 'livescript:') !== false) + ) { + continue; + } + + // if matches user defined array + $attrFound = in_array(strtolower($attrSubSet[0]), $this->attrArray); + // keep this attr on condition + if ((!$attrFound && $this->attrMethod) || ($attrFound && !$this->attrMethod)) { + // attr has value + if ($attrSubSet[1]) { + $newSet[] = $attrSubSet[0] . '="' . $attrSubSet[1] . '"'; + } elseif ($attrSubSet[1] == "0") { + // attr has decimal zero as value + $newSet[] = $attrSubSet[0] . '="0"'; + } else { + // reformat single attributes to XHTML + $newSet[] = $attrSubSet[0] . '="' . $attrSubSet[0] . '"'; + } + } + } + return $newSet; + } + + /** + * Try to convert to plaintext + * @access protected + * @param String $source + * @return String $source + */ + public function decode($source) + { + // url decode + $source = html_entity_decode($source, ENT_QUOTES, "ISO-8859-1"); + // convert decimal + $source = preg_replace('/&#(\d+);/me',"chr(\\1)", $source);// decimal notation + // convert hex + $source = preg_replace('/&#x([a-f0-9]+);/mei',"chr(0x\\1)", $source);// hex notation + return $source; + } + + /** + * Method to be called by another php script. Processes for SQL injection + * @access public + * @param Mixed $source - input string/array-of-string to be 'cleaned' + * @param Buffer $connection - An open MySQL connection + * @return String $source - 'cleaned' version of input parameter + */ + public function safeSQL($source, &$connection) + { + // clean all elements in this array + if (is_array($source)) { + foreach ($source as $key => $value) { + // filter element for SQL injection + if (is_string($value)) { + $source[$key] = $this->quoteSmart($this->decode($value), $connection); + } + } + return $source; + // clean this string + } elseif (is_string($source)) { + // filter source for SQL injection + if (is_string($source)) { + return $this->quoteSmart($this->decode($source), $connection); + } + // return parameter as given + } else { + return $source; + } + } + + /** + * @author Chris Tobin + * @author Daniel Morris + * @access protected + * @param String $source + * @param Resource $connection - An open MySQL connection + * @return String $source + */ + public function quoteSmart($source, &$connection) + { + // strip slashes + if (get_magic_quotes_gpc()) { + $source = stripslashes($source); + } + // quote both numeric and text + $source = $this->escapeString($source, $connection); + return $source; + } + + /** + * @author Chris Tobin + * @author Daniel Morris + * @access protected + * @param String $source + * @param Resource $connection - An open MySQL connection + * @return String $source + */ + public function escapeString($string, &$connection) + { + // depreciated function + if (version_compare(phpversion(),"4.3.0", "<")) { + mysql_escape_string($string); + } else { + // current function + mysql_real_escape_string($string); + } + return $string; + } +} + diff --git a/gulliver/system/class.xmlform.php b/gulliver/system/class.xmlform.php index 25686d335..10fa7c75b 100755 --- a/gulliver/system/class.xmlform.php +++ b/gulliver/system/class.xmlform.php @@ -4555,7 +4555,8 @@ class XmlForm_Field_Date extends XmlForm_Field_SimpleText $Time = "true"; } - $sizeend = strlen($valueDemo) + 3; + //$sizeend = strlen($valueDemo) + 3; + $sizeend = $this->size; if ($this->required) { $isRequired = '1'; diff --git a/workflow/engine/classes/class.AppSolr.php b/workflow/engine/classes/class.AppSolr.php index 42f9d75a9..b57cdf1b6 100755 --- a/workflow/engine/classes/class.AppSolr.php +++ b/workflow/engine/classes/class.AppSolr.php @@ -518,8 +518,6 @@ class AppSolr 'includeCols' => $columsToIncludeFinal, 'resultFormat' => 'json' ); - - $solrRequestData = Entity_SolrRequestData::createForRequestPagination ($data); // use search index to return list of cases $searchIndex = new BpmnEngine_Services_SearchIndex ($this->_solrIsEnabled, $this->_solrHost); @@ -622,7 +620,6 @@ class AppSolr } /*elseif ($action == 'search') { // get all the indexes - //$delIndexes = $this->getApplicationDelegationsIndex ($appUID); $indexes = $this->aaSearchRecords ($aaappsDBData, array ( 'APP_UID' => $appUID @@ -644,9 +641,8 @@ class AppSolr } //remove duplicated $delIndexes = array_unique($delIndexes); - - //var_dump($delIndexes); + //var_dump($delIndexes); foreach ($delIndexes as $delIndex) { $aRow = array (); @@ -678,25 +674,25 @@ class AppSolr $localDate = date ('Y-m-d H:i:s', strtotime ($solrdate)); $aRow ['APP_UPDATE_DATE'] = $localDate; */ - + // get delegation data from DB //filter data from db $indexes = $this->aaSearchRecords ($aaappsDBData, array ( 'APP_UID' => $appUID, 'DEL_INDEX' => $delIndex )); - + $row = ''; foreach ($indexes as $index) { $row = $aaappsDBData [$index]; - } - - if(!isset($row)) + } + + if (empty($row)) { $fh = fopen("SolrAppWithoutDelIndex.txt", 'a') or die("can't open file to store Solr search time."); fwrite($fh, sprintf("Solr AppUid: %s DelIndex: %s not found.\r\n", $appUID, $delIndex)); fclose($fh); continue; - } + } //$row = $this->getAppDelegationData ($appUID, $delIndex); $aRow ['APP_CREATE_DATE'] = $row ['APP_CREATE_DATE']; $aRow ['APP_UPDATE_DATE'] = $row ['APP_UPDATE_DATE']; @@ -1384,7 +1380,6 @@ class AppSolr 'workspace' => $this->_solrInstance, 'document' => $xmlDoc ); - $oSolrUpdateDocument = Entity_SolrUpdateDocument::createForRequest ($data); G::LoadClass ('searchIndex'); @@ -1392,7 +1387,6 @@ class AppSolr $oSearchIndex = new BpmnEngine_Services_SearchIndex ($this->_solrIsEnabled, $this->_solrHost); $oSearchIndex->updateIndexDocument ($oSolrUpdateDocument); - if($this->debug) { @@ -1401,11 +1395,11 @@ class AppSolr // commit changes no required because of the commitwithin option //$oSearchIndex->commitIndexChanges ($this->_solrInstance); //change status in db to indexed - if ($saveDBRecord) { - foreach ($aaAPPUIDs as $aAPPUID) { - $this->applicationChangedUpdateSolrQueue ($aAPPUID ['APP_UID'], 0); - } - } + if ($saveDBRecord) { + foreach ($aaAPPUIDs as $aAPPUID) { + $this->applicationChangedUpdateSolrQueue ($aAPPUID ['APP_UID'], 0); + } + } } catch(Exception $ex) { @@ -2094,17 +2088,59 @@ class AppSolr break; } if ($typeSufix != '*') { + $value = trim($value); + $pairs = array( + "\x03" => "", + "\x04" => "", + "\x05" => "", + "\x06" => "", + "\x07" => "", + "\x08" => "", + "\x0E" => "", + "\x16" => "", + "\x00-" => "", + "\x09" => "", + "\x11" => "", + "\x12" => "", + "\x14-" => "", + "\x1f" => "", + "\x7f" => "", + ); + $value = strtr($value, $pairs); $writer->startElement ("field"); $writer->writeAttribute ('name', trim ($k) . $typeSufix); + $writer->startCData (); $writer->text ($value); + $writer->endCData(); $writer->endElement (); } } else { - $writer->startElement ("field"); - $writer->writeAttribute ('name', trim ($k) . '_t'); - $writer->text ($value); - $writer->endElement (); + $value = trim($value); + $pairs = array( + "\x03" => "", + "\x04" => "", + "\x05" => "", + "\x06" => "", + "\x07" => "", + "\x08" => "", + "\x0E" => "", + "\x16" => "", + "\x00-" => "", + "\x09" => "", + "\x11" => "", + "\x12" => "", + "\x14-" => "", + "\x1f" => "", + "\x7f" => "", + ); + $value = strtr($value, $pairs); + $writer->startElement ("field"); + $writer->writeAttribute ('name', trim ($k) . '_t'); + $writer->startCData (); + $writer->text ($value); + $writer->endCData(); + $writer->endElement (); } } } // foreach unserialized data diff --git a/workflow/engine/classes/class.case.php b/workflow/engine/classes/class.case.php index da53de364..0aa369cd9 100755 --- a/workflow/engine/classes/class.case.php +++ b/workflow/engine/classes/class.case.php @@ -71,6 +71,8 @@ class Cases { private $appSolr = null; + public $dir = 'ASC'; + public $sort = 'APP_MSG_DATE'; public function __construct() { @@ -3904,12 +3906,12 @@ class Cases if (AppDelegationPeer::doCount($oCriteria) == 1) { $aFields['APP_STATUS'] = 'CANCELLED'; $oApplication->update($aFields); - - G::LoadClass('reportTables'); - require_once 'classes/model/AdditionalTables.php'; + + G::LoadClass('reportTables'); + require_once 'classes/model/AdditionalTables.php'; $oReportTables = new ReportTables(); - $addtionalTables = new additionalTables(); - $oReportTables->updateTables($aFields['PRO_UID'], $aFields['APP_UID'], $aFields['APP_NUMBER'], $aFields['APP_DATA']); + $addtionalTables = new additionalTables(); + $oReportTables->updateTables($aFields['PRO_UID'], $aFields['APP_UID'], $aFields['APP_NUMBER'], $aFields['APP_DATA']); $addtionalTables->updateReportTables($aFields['PRO_UID'], $aFields['APP_UID'], $aFields['APP_NUMBER'], $aFields['APP_DATA'], $aFields['APP_STATUS']); } $this->CloseCurrentDelegation($sApplicationUID, $iIndex); @@ -5908,12 +5910,7 @@ class Cases $oCriteria->add(AppMessagePeer::APP_MSG_SHOW_MESSAGE, 1); } $oCriteria->addAscendingOrderByColumn(AppMessagePeer::APP_MSG_DATE); - if (!is_null($start)) { - $oCriteria->setOffset($start); - } - if (!is_null($limit)) { - $oCriteria->setLimit($limit); - } + $oDataset = AppMessagePeer::doSelectRS($oCriteria); $oDataset->setFetchmode(ResultSet::FETCHMODE_ASSOC); $oDataset->next(); @@ -5947,6 +5944,7 @@ class Cases $oCriteria = new Criteria('dbarray'); $oCriteria->setDBArrayTable('messages'); + usort( $aMessages, array($this, "ordProcess") ); return $aMessages; } @@ -6760,4 +6758,28 @@ class Cases } } } -} + + public function ordProcess ($a, $b) + { + if ($this->sort == '') { + $this->sort = 'APP_MSG_DATE'; + } + if ($this->dir=='ASC') { + if ($a[$this->sort] > $b[$this->sort]) { + return 1; + } elseif ($a[$this->sort] < $b[$this->sort]) { + return - 1; + } else { + return 0; + } + } else { + if ($a[$this->sort] > $b[$this->sort]) { + return - 1; + } elseif ($a[$this->sort] < $b[$this->sort]) { + return 1; + } else { + return 0; + } + } + } +} \ No newline at end of file diff --git a/workflow/engine/classes/class.configuration.php b/workflow/engine/classes/class.configuration.php index 5bc5cc9be..6a5f63b03 100755 --- a/workflow/engine/classes/class.configuration.php +++ b/workflow/engine/classes/class.configuration.php @@ -315,26 +315,16 @@ class Configurations // extends Configuration } } - public function userNameFormat($username, $fullname) + public function userNameFormat($username, $fullname, $usrUid = '') { - - try { - if (!isset($this->UserConfig)) { - $this->UserConfig = $this->getConfiguration('ENVIRONMENT_SETTINGS', ''); - } - if (isset($this->UserConfig['format'])) { - $name = explode(' ',$fullname); - $aux = ''; - $aux = str_replace('@userName', trim($username), $this->UserConfig['format']); - $aux = str_replace('@firstName', isset($name[0])?$name[0]:'', $aux); - $aux = str_replace('@lastName', isset($name[1])?$name[1]:'', $aux); - return $aux; - } else { - return $username; - } - } catch (Exception $oError) { - return null; + $aux = ''; + if ($usrUid != '') { + $oUser = UsersPeer::retrieveByPK($usrUid); + $aux = str_replace('@userName', trim($username), $this->UserConfig['format']); + $aux = str_replace('@firstName', $oUser->getUsrFirstname(), $aux); + $aux = str_replace('@lastName', $oUser->getUsrLastname(), $aux); } + return $aux; } public function usersNameFormatBySetParameters($formatUserName, $userName, $firstName, $lastName) @@ -548,7 +538,8 @@ class Configurations // extends Configuration public function getSystemDate($dateTime) { $oConf = new Configurations(); - $dateFormat = 'M d, Y'; + $oConf->getFormats(); + $dateFormat = $oConf->UserConfig['dateFormat']; $oConf->loadConfig($obj, 'ENVIRONMENT_SETTINGS', ''); $creationDateMask = isset($oConf->aConfig['dateFormat']) ? $oConf->aConfig['dateFormat'] : ''; $creationDateMask = ($creationDateMask == '') ? $dateFormat : $creationDateMask; @@ -601,8 +592,8 @@ class Configurations // extends Configuration } } - setlocale(LC_TIME, $langLocate); - $dateTime = utf8_encode(strftime($newCreation, mktime($h, $i, $s, $m, $d, $y))); + setlocale(LC_TIME, $langLocate . ".utf8"); + $dateTime = strftime($newCreation, mktime($h, $i, $s, $m, $d, $y)); if (strpos($dateTime, ' ') !== false) { $dateTime = ucwords($dateTime); diff --git a/workflow/engine/classes/model/AdditionalTables.php b/workflow/engine/classes/model/AdditionalTables.php index 104275c1e..ce5cd41d8 100755 --- a/workflow/engine/classes/model/AdditionalTables.php +++ b/workflow/engine/classes/model/AdditionalTables.php @@ -108,8 +108,12 @@ class AdditionalTables extends BaseAdditionalTables $oDataset = FieldsPeer::doSelectRS($oCriteria); $oDataset->setFetchmode(ResultSet::FETCHMODE_ASSOC); - while ($oDataset->next()) { - $this->fields[] = $oDataset->getRow(); + while ($oDataset->next()) { + $auxField = $oDataset->getRow(); + if ($auxField['FLD_TYPE'] == 'TIMESTAMP') { + $auxField['FLD_TYPE'] = 'DATETIME'; + } + $this->fields[] = $auxField; } return $this->fields; diff --git a/workflow/engine/classes/model/CaseScheduler.php b/workflow/engine/classes/model/CaseScheduler.php index b96926825..fb86245ff 100755 --- a/workflow/engine/classes/model/CaseScheduler.php +++ b/workflow/engine/classes/model/CaseScheduler.php @@ -486,7 +486,12 @@ class CaseScheduler extends BaseCaseScheduler $this->updateDate( $sSchedulerUid, $nSchTimeNextRun, $nSchLastRunTime ); } } elseif ($sActualDataHour == $dActualSysHour && $sActualDataMinutes <= $dActualSysMinutes) { - $_PORT = (isset( $_SERVER['SERVER_PORT'] ) && $_SERVER['SERVER_PORT'] != '80') ? ':' . $_SERVER['SERVER_PORT'] : ''; + $_PORT = ''; + if ( isset($_SERVER['SERVER_PORT']) ) { + $_PORT = ($_SERVER['SERVER_PORT'] != '80') ? ':' . $_SERVER['SERVER_PORT'] : ''; + } elseif ( defined('SERVER_PORT') ) { + $_PORT = (SERVER_PORT != '80') ? ':' . SERVER_PORT : ''; + } //$defaultEndpoint = 'http://' . $_SERVER ['SERVER_NAME'] . ':' . $_PORT . '/sys' . SYS_SYS .'/'.SYS_LANG.'/classic/green/services/wsdl2'; $defaultEndpoint = 'http://' . SERVER_NAME . $_PORT . '/sys' . SYS_SYS . '/' . SYS_LANG . '/classic/services/wsdl2'; println( " - Connecting webservice: $defaultEndpoint" ); diff --git a/workflow/engine/classes/model/Process.php b/workflow/engine/classes/model/Process.php index 15160879d..a8bdfd8bf 100755 --- a/workflow/engine/classes/model/Process.php +++ b/workflow/engine/classes/model/Process.php @@ -754,8 +754,7 @@ class Process extends BaseProcess usort( $aProcesses, array($this, "ordProcessAsc") ); } else { usort( $aProcesses, array($this, "ordProcessDesc") ); - } - $aProcesses = array_splice($aProcesses, $start, $limit); + } return $aProcesses; } @@ -879,6 +878,9 @@ class Process extends BaseProcess public function ordProcessAsc ($a, $b) { + if (($this->sort) == '') { + $this->sort = 'PRO_TITLE'; + } if ($a[$this->sort] > $b[$this->sort]) { return 1; } elseif ($a[$this->sort] < $b[$this->sort]) { @@ -889,7 +891,10 @@ class Process extends BaseProcess } public function ordProcessDesc ($a, $b) - { + { + if (($this->sort) == '') { + $this->sort = 'PRO_TITLE'; + } if ($a[$this->sort] > $b[$this->sort]) { return - 1; } elseif ($a[$this->sort] < $b[$this->sort]) { diff --git a/workflow/engine/controllers/dashboard.php b/workflow/engine/controllers/dashboard.php index ad98e97c1..e98ad5a9b 100644 --- a/workflow/engine/controllers/dashboard.php +++ b/workflow/engine/controllers/dashboard.php @@ -155,7 +155,7 @@ class Dashboard extends Controller if ($data->DAS_INS_UID == '') { throw new Exception( 'Parameter "DAS_INS_UID" is empty.' ); } - $this->pmDashlet->setup( $data->DAS_INS_UID ); + $this->pmDashlet->setup( G::sanitizeInput($data->DAS_INS_UID) ); if (! isset( $_REQUEST['w'] )) { $width = 300; diff --git a/workflow/engine/methods/cases/caseMessageHistory_Ajax.php b/workflow/engine/methods/cases/caseMessageHistory_Ajax.php index ca860287a..4a71313f5 100755 --- a/workflow/engine/methods/cases/caseMessageHistory_Ajax.php +++ b/workflow/engine/methods/cases/caseMessageHistory_Ajax.php @@ -36,9 +36,14 @@ if ($actionAjax == 'messageHistoryGridList_JXP') { G::LoadClass( 'case' ); G::LoadClass( "BasePeer" ); + + $dir = isset( $_POST['dir'] ) ? $_POST['dir'] : 'ASC'; + $sort = isset( $_POST['sort'] ) ? $_POST['sort'] : ''; global $G_PUBLISH; $oCase = new Cases(); + $oCase->dir = $dir; + $oCase->sort = $sort; $appMessageArray = $oCase->getHistoryMessagesTrackerExt( $_SESSION['APPLICATION'], true, $_REQUEST['start'], $_REQUEST['limit']); $appMessageCountArray = $oCase->getHistoryMessagesTrackerExt( $_SESSION['APPLICATION'], true); @@ -98,6 +103,8 @@ if ($actionAjax == 'messageHistoryGridList_JXP') { } } + $aProcesses = array_splice($aProcesses, $_REQUEST['start'], $_REQUEST['limit']); + $newDir = '/tmp/test/directory'; $r = G::verifyPath( $newDir ); $r->data = $aProcesses; diff --git a/workflow/engine/methods/cases/casesMenuLoader.php b/workflow/engine/methods/cases/casesMenuLoader.php index 8bab327a1..a74874e97 100755 --- a/workflow/engine/methods/cases/casesMenuLoader.php +++ b/workflow/engine/methods/cases/casesMenuLoader.php @@ -1,5 +1,7 @@ redirectTo($_SESSION['USER_LOGGED'], $lang); } diff --git a/workflow/engine/methods/processes/processesList.php b/workflow/engine/methods/processes/processesList.php index caf7613b2..c80131f6b 100755 --- a/workflow/engine/methods/processes/processesList.php +++ b/workflow/engine/methods/processes/processesList.php @@ -51,7 +51,8 @@ if (isset( $_POST['category'] ) && $_POST['category'] !== '') { if ($proData === false) { $proData = $oProcess->getAllProcesses( $start, $limit, null, $_POST['processName']); $memcache->set( $memkey, $proData, PMmemcached::ONE_HOUR ); - $totalCount = $oProcess->getAllProcessesCount(); + $totalCount = count($proData); + $proData = array_splice($proData, $start, $limit); $memcacheUsed = 'no'; } else { $proData = $oProcess->orderMemcache($proData, $start, $limit); @@ -64,7 +65,8 @@ if (isset( $_POST['category'] ) && $_POST['category'] !== '') { $memcacheUsed = 'yes'; if (($proData = $memcache->get( $memkey )) === false || ($totalCount = $memcache->get( $memkeyTotal )) === false) { $proData = $oProcess->getAllProcesses( $start, $limit); - $totalCount = $oProcess->getAllProcessesCount(); + $totalCount = count($proData); + $proData = array_splice($proData, $start, $limit); $memcache->set( $memkey, $proData, PMmemcached::ONE_HOUR ); $memcache->set( $memkeyTotal, $totalCount, PMmemcached::ONE_HOUR ); $memcacheUsed = 'no'; diff --git a/workflow/engine/methods/setup/mainAjax.php b/workflow/engine/methods/setup/mainAjax.php index 54937ba0e..d3cb2c9fa 100755 --- a/workflow/engine/methods/setup/mainAjax.php +++ b/workflow/engine/methods/setup/mainAjax.php @@ -1,7 +1,7 @@ exists("ENVIRONMENT_SETTINGS")) { + $conf->getFormats(); + if (defined('SYS_SYS')) { $smarty->assign('udate', $conf->getSystemDate(date('Y-m-d H:i:s'))); } else { $smarty->assign('udate', G::getformatedDate(date('Y-m-d'), 'M d, yyyy', SYS_LANG)); } - $name = $conf->userNameFormat(isset($_SESSION['USR_USERNAME']) ? $_SESSION['USR_USERNAME']: '', isset($_SESSION['USR_FULLNAME']) ? htmlentities($_SESSION['USR_FULLNAME'] , ENT_QUOTES, 'UTF-8'): ''); + $name = $conf->userNameFormat(isset($_SESSION['USR_USERNAME']) ? $_SESSION['USR_USERNAME']: '', isset($_SESSION['USR_FULLNAME']) ? htmlentities($_SESSION['USR_FULLNAME'] , ENT_QUOTES, 'UTF-8'): '', isset($_SESSION['USER_LOGGED']) ? $_SESSION['USER_LOGGED'] : ''); $smarty->assign('user',$name); } @@ -735,12 +736,13 @@ class SkinEngine G::LoadClass( "configuration" ); $conf = new Configurations(); - if ( defined('SYS_SYS') && $conf->exists("ENVIRONMENT_SETTINGS")) { + $conf->getFormats(); + if ( defined('SYS_SYS')) { $smarty->assign('udate', $conf->getSystemDate(date('Y-m-d H:i:s'))); } else { $smarty->assign('udate', G::getformatedDate(date('Y-m-d H:i:s'), 'M d, yyyy', SYS_LANG)); } - $name = $conf->userNameFormat(isset($_SESSION['USR_USERNAME']) ? $_SESSION['USR_USERNAME']: '', isset($_SESSION['USR_FULLNAME']) ? htmlentities($_SESSION['USR_FULLNAME'] , ENT_QUOTES, 'UTF-8'): ''); + $name = $conf->userNameFormat(isset($_SESSION['USR_USERNAME']) ? $_SESSION['USR_USERNAME']: '', isset($_SESSION['USR_FULLNAME']) ? htmlentities($_SESSION['USR_FULLNAME'] , ENT_QUOTES, 'UTF-8'): '', isset($_SESSION['USER_LOGGED']) ? $_SESSION['USER_LOGGED'] : ''); $smarty->assign('user',$name); } if(class_exists('pmLicenseManager')){ diff --git a/workflow/engine/templates/cases/caseMessageHistory.js b/workflow/engine/templates/cases/caseMessageHistory.js index 70c3d929b..365273d2e 100644 --- a/workflow/engine/templates/cases/caseMessageHistory.js +++ b/workflow/engine/templates/cases/caseMessageHistory.js @@ -328,6 +328,7 @@ var ActionTabFrameGlobal = ''; function messageHistoryGridList(){ store = new Ext.data.GroupingStore({ + remoteSort: true, proxy : new Ext.data.HttpProxy ( { diff --git a/workflow/engine/templates/cases/casesDocuments.js b/workflow/engine/templates/cases/casesDocuments.js index b558c9b10..34a918663 100755 --- a/workflow/engine/templates/cases/casesDocuments.js +++ b/workflow/engine/templates/cases/casesDocuments.js @@ -466,12 +466,12 @@ function openActionDialog(caller, action, dataAux) icon: Ext.MessageBox.ERROR, buttons: Ext.MessageBox.OK, fn : function(btn) { - try + try { prnt = parent.parent; top.location = top.location; } - catch (err) + catch (err) { parent.location = parent.location; } @@ -865,8 +865,12 @@ var datastore = new Ext.data.Store({ datastore.on("beforeload", function(ds, options) { - options.params.dir = (itemSelected.length === 0) ? options.params.dir : ds.directory; - options.params.node = (itemSelected.length === 0) ? options.params.dir : ds.directory; + var dirAux = (itemSelected.length == 0 && options.params.dir)? options.params.dir : ds.directory; + var nodeAux = (itemSelected.length == 0 && options.params.dir)? options.params.dir : ds.directory; + + options.params.dir = dirAux; + options.params.node = nodeAux; + options.params.option = "gridDocuments"; options.params.sendWhat = datastore.sendWhat; if (options.params.dir == "ASC" || options.params.dir == "DESC") { diff --git a/workflow/engine/templates/grid.html b/workflow/engine/templates/grid.html index 1d47cc8ab..7551f6296 100755 --- a/workflow/engine/templates/grid.html +++ b/workflow/engine/templates/grid.html @@ -20,9 +20,15 @@ + {foreach from=$form->fields item=field} - + {if ($field->type != "hidden")} + + {else} + + {/if} {/foreach} + {literal} {section name=row loop=$form_rows} @@ -33,9 +39,15 @@ {/if} {/literal} + {foreach from=$form->fields item=field} - + {if ($field->type != "hidden")} + + {else} + + {/if} {/foreach} + {if $form->deleteRow == '1' } {/if} diff --git a/workflow/engine/xmlform/dynaforms/fields/date.html b/workflow/engine/xmlform/dynaforms/fields/date.html index 4aefb8242..cf4122849 100755 --- a/workflow/engine/xmlform/dynaforms/fields/date.html +++ b/workflow/engine/xmlform/dynaforms/fields/date.html @@ -122,11 +122,11 @@ - - + +
{if (isset($field->required)&&$field->required&&$field->mode==='edit')}* {/if}{$field->label}{$field->renderHint()}{if (isset($field->required) && $field->required && $field->mode == "edit")}* {/if}{$field->label}{$field->renderHint()}
{$smarty.section.row.index+1} {$field->field}{$field->field}{$field->field}{$form->DeleteLabel} 
{$form.PME_SUBTITLE}
{$form.PME_SIZE}
{$PME_MODE}