Merge branch 'master' of github.com:colosa/processmaker
This commit is contained in:
Erik Amaru Ortiz
@@ -5230,6 +5230,23 @@ class G
|
||||
}
|
||||
return in_array(strtolower($functionName), $allFunctions['user']);
|
||||
}
|
||||
|
||||
/**
|
||||
* Constructor for inputFilter class. Only first parameter is required.
|
||||
* @access constructor
|
||||
* @data Mixed - input string/array-of-string to be 'cleaned'
|
||||
* @param Array $tagsArray - list of user-defined tags
|
||||
* @param Array $attrArray - list of user-defined attributes
|
||||
* @param int $tagsMethod - 0= allow just user-defined, 1= allow all but user-defined
|
||||
* @param int $attrMethod - 0= allow just user-defined, 1= allow all but user-defined
|
||||
* @param int $xssAuto - 0= only auto clean essentials, 1= allow clean blacklisted tags/attr
|
||||
*/
|
||||
public function sanitizeInput($data, $tagsArray = array(), $attrArray = array(), $tagsMethod = 0, $attrMethod = 0, $xssAuto = 1)
|
||||
{
|
||||
G::LoadSystem('inputfilter');
|
||||
$filtro = new InputFilter($tagsArray , $attrArray, $tagsMethod, $attrMethod, $xssAuto);
|
||||
return $filtro->process($data);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
368
gulliver/system/class.inputfilter.php
Normal file
368
gulliver/system/class.inputfilter.php
Normal file
@@ -0,0 +1,368 @@
|
||||
<?php
|
||||
|
||||
/** @class: InputFilter (PHP4 & PHP5, with comments)
|
||||
* @project: PHP Input Filter
|
||||
* @date: 10-05-2005
|
||||
* @version: 1.2.2_php4/php5
|
||||
* @author: Daniel Morris
|
||||
* @contributors: Gianpaolo Racca, Ghislain Picard, Marco Wandschneider, Chris Tobin and Andrew Eddie.
|
||||
* @copyright: Daniel Morris
|
||||
* @email: dan@rootcube.com
|
||||
* @license: GNU General Public License (GPL)
|
||||
*/
|
||||
class InputFilter
|
||||
{
|
||||
public $tagsArray;// default = empty array
|
||||
public $attrArray;// default = empty array
|
||||
|
||||
public $tagsMethod;// default = 0
|
||||
public $attrMethod;// default = 0
|
||||
|
||||
public $xssAuto; // default = 1
|
||||
public $tagBlacklist = array('applet', 'body', 'bgsound', 'base', 'basefont', 'embed', 'frame', 'frameset', 'head', 'html', 'id', 'iframe', 'ilayer', 'layer', 'link', 'meta', 'name', 'object', 'script', 'style', 'title', 'xml');
|
||||
public $attrBlacklist = array('action', 'background', 'codebase', 'dynsrc', 'lowsrc'); // also will strip ALL event handlers
|
||||
|
||||
/**
|
||||
* Constructor for inputFilter class. Only first parameter is required.
|
||||
* @access constructor
|
||||
* @param Array $tagsArray - list of user-defined tags
|
||||
* @param Array $attrArray - list of user-defined attributes
|
||||
* @param int $tagsMethod - 0= allow just user-defined, 1= allow all but user-defined
|
||||
* @param int $attrMethod - 0= allow just user-defined, 1= allow all but user-defined
|
||||
* @param int $xssAuto - 0= only auto clean essentials, 1= allow clean blacklisted tags/attr
|
||||
*/
|
||||
public function inputFilter($tagsArray = array(), $attrArray = array(), $tagsMethod = 0, $attrMethod = 0, $xssAuto = 1)
|
||||
{
|
||||
// make sure user defined arrays are in lowercase
|
||||
for ($i = 0; $i < count($tagsArray); $i++) {
|
||||
$tagsArray[$i] = strtolower($tagsArray[$i]);
|
||||
}
|
||||
for ($i = 0; $i < count($attrArray); $i++) {
|
||||
$attrArray[$i] = strtolower($attrArray[$i]);
|
||||
}
|
||||
// assign to member vars
|
||||
$this->tagsArray = (array) $tagsArray;
|
||||
$this->attrArray = (array) $attrArray;
|
||||
$this->tagsMethod = $tagsMethod;
|
||||
$this->attrMethod = $attrMethod;
|
||||
$this->xssAuto = $xssAuto;
|
||||
}
|
||||
|
||||
/**
|
||||
* Method to be called by another php script. Processes for XSS and specified bad code.
|
||||
* @access public
|
||||
* @param Mixed $source - input string/array-of-string to be 'cleaned'
|
||||
* @return String $source - 'cleaned' version of input parameter
|
||||
*/
|
||||
public function process($source)
|
||||
{
|
||||
// clean all elements in this array
|
||||
if (is_array($source)) {
|
||||
foreach ($source as $key => $value) {
|
||||
// filter element for XSS and other 'bad' code etc.
|
||||
if (is_string($value)) {
|
||||
$source[$key] = $this->remove($this->decode($value));
|
||||
}
|
||||
}
|
||||
return $source;
|
||||
// clean this string
|
||||
} elseif (is_string($source)) {
|
||||
// filter source for XSS and other 'bad' code etc.
|
||||
return $this->remove($this->decode($source));
|
||||
} else {
|
||||
// return parameter as given
|
||||
return $source;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Internal method to iteratively remove all unwanted tags and attributes
|
||||
* @access protected
|
||||
* @param String $source - input string to be 'cleaned'
|
||||
* @return String $source - 'cleaned' version of input parameter
|
||||
*/
|
||||
public function remove($source)
|
||||
{
|
||||
$loopCounter=0;
|
||||
// provides nested-tag protection
|
||||
while ($source != $this->filterTags($source)) {
|
||||
$source = $this->filterTags($source);
|
||||
$loopCounter++;
|
||||
}
|
||||
return $source;
|
||||
}
|
||||
|
||||
/**
|
||||
* Internal method to strip a string of certain tags
|
||||
* @access protected
|
||||
* @param String $source - input string to be 'cleaned'
|
||||
* @return String $source - 'cleaned' version of input parameter
|
||||
*/
|
||||
public function filterTags($source)
|
||||
{
|
||||
// filter pass setup
|
||||
$preTag = null;
|
||||
$postTag = $source;
|
||||
// find initial tag's position
|
||||
$tagOpen_start = strpos($source, '<');
|
||||
// interate through string until no tags left
|
||||
while ($tagOpen_start !== false) {
|
||||
// process tag interatively
|
||||
$preTag .= substr($postTag, 0, $tagOpen_start);
|
||||
$postTag = substr($postTag, $tagOpen_start);
|
||||
$fromTagOpen = substr($postTag, 1);
|
||||
// end of tag
|
||||
$tagOpen_end = strpos($fromTagOpen, '>');
|
||||
if ($tagOpen_end === false) {
|
||||
break;
|
||||
}
|
||||
// next start of tag (for nested tag assessment)
|
||||
$tagOpen_nested = strpos($fromTagOpen, '<');
|
||||
if (($tagOpen_nested !== false) && ($tagOpen_nested < $tagOpen_end)) {
|
||||
$preTag .= substr($postTag, 0, ($tagOpen_nested+1));
|
||||
$postTag = substr($postTag, ($tagOpen_nested+1));
|
||||
$tagOpen_start = strpos($postTag, '<');
|
||||
continue;
|
||||
}
|
||||
$tagOpen_nested = (strpos($fromTagOpen, '<') + $tagOpen_start + 1);
|
||||
$currentTag = substr($fromTagOpen, 0, $tagOpen_end);
|
||||
$tagLength = strlen($currentTag);
|
||||
if (!$tagOpen_end) {
|
||||
$preTag .= $postTag;
|
||||
$tagOpen_start = strpos($postTag, '<');
|
||||
}
|
||||
// iterate through tag finding attribute pairs - setup
|
||||
$tagLeft = $currentTag;
|
||||
$attrSet = array();
|
||||
$currentSpace = strpos($tagLeft, ' ');
|
||||
// is end tag
|
||||
if (substr($currentTag, 0, 1) == "/") {
|
||||
$isCloseTag = true;
|
||||
list($tagName) = explode(' ', $currentTag);
|
||||
$tagName = substr($tagName, 1);
|
||||
// is start tag
|
||||
} else {
|
||||
$isCloseTag = false;
|
||||
list($tagName) = explode(' ', $currentTag);
|
||||
}
|
||||
// excludes all "non-regular" tagnames OR no tagname OR remove if xssauto is on and tag is blacklisted
|
||||
if ((!preg_match("/^[a-z][a-z0-9]*$/i",$tagName)) || (!$tagName) || ((in_array(strtolower($tagName), $this->tagBlacklist)) && ($this->xssAuto))) {
|
||||
$postTag = substr($postTag, ($tagLength + 2));
|
||||
$tagOpen_start = strpos($postTag, '<');
|
||||
// don't append this tag
|
||||
continue;
|
||||
}
|
||||
// this while is needed to support attribute values with spaces in!
|
||||
while ($currentSpace !== false) {
|
||||
$fromSpace = substr($tagLeft, ($currentSpace+1));
|
||||
$nextSpace = strpos($fromSpace, ' ');
|
||||
$openQuotes = strpos($fromSpace, '"');
|
||||
$closeQuotes = strpos(substr($fromSpace, ($openQuotes+1)), '"') + $openQuotes + 1;
|
||||
// another equals exists
|
||||
if (strpos($fromSpace, '=') !== false) {
|
||||
// opening and closing quotes exists
|
||||
if (($openQuotes !== false) && (strpos(substr($fromSpace, ($openQuotes+1)), '"') !== false)) {
|
||||
$attr = substr($fromSpace, 0, ($closeQuotes+1));
|
||||
} else {
|
||||
// one or neither exist
|
||||
$attr = substr($fromSpace, 0, $nextSpace);
|
||||
}
|
||||
// no more equals exist
|
||||
} else {
|
||||
$attr = substr($fromSpace, 0, $nextSpace);
|
||||
}
|
||||
// last attr pair
|
||||
if (!$attr) {
|
||||
$attr = $fromSpace;
|
||||
}
|
||||
// add to attribute pairs array
|
||||
$attrSet[] = $attr;
|
||||
// next inc
|
||||
$tagLeft = substr($fromSpace, strlen($attr));
|
||||
$currentSpace = strpos($tagLeft, ' ');
|
||||
}
|
||||
// appears in array specified by user
|
||||
$tagFound = in_array(strtolower($tagName), $this->tagsArray);
|
||||
// remove this tag on condition
|
||||
if ((!$tagFound && $this->tagsMethod) || ($tagFound && !$this->tagsMethod)) {
|
||||
// reconstruct tag with allowed attributes
|
||||
if (!$isCloseTag) {
|
||||
$attrSet = $this->filterAttr($attrSet);
|
||||
$preTag .= '<' . $tagName;
|
||||
for ($i = 0; $i < count($attrSet); $i++) {
|
||||
$preTag .= ' ' . $attrSet[$i];
|
||||
}
|
||||
// reformat single tags to XHTML
|
||||
if (strpos($fromTagOpen, "</" . $tagName)) {
|
||||
$preTag .= '>';
|
||||
} else {
|
||||
$preTag .= ' />';
|
||||
}
|
||||
// just the tagname
|
||||
} else {
|
||||
$preTag .= '</' . $tagName . '>';
|
||||
}
|
||||
}
|
||||
// find next tag's start
|
||||
$postTag = substr($postTag, ($tagLength + 2));
|
||||
$tagOpen_start = strpos($postTag, '<');
|
||||
}
|
||||
// append any code after end of tags
|
||||
$preTag .= $postTag;
|
||||
return $preTag;
|
||||
}
|
||||
|
||||
/**
|
||||
* Internal method to strip a tag of certain attributes
|
||||
* @access protected
|
||||
* @param Array $attrSet
|
||||
* @return Array $newSet
|
||||
*/
|
||||
public function filterAttr($attrSet)
|
||||
{
|
||||
$newSet = array();
|
||||
// process attributes
|
||||
for ($i = 0; $i <count($attrSet); $i++) {
|
||||
// skip blank spaces in tag
|
||||
if (!$attrSet[$i]) {
|
||||
continue;
|
||||
}
|
||||
// split into attr name and value
|
||||
$attrSubSet = explode('=', trim($attrSet[$i]));
|
||||
list($attrSubSet[0]) = explode(' ', $attrSubSet[0]);
|
||||
// removes all "non-regular" attr names AND also attr blacklisted
|
||||
if ((!eregi("^[a-z]*$",$attrSubSet[0])) || (($this->xssAuto) && ((in_array(strtolower($attrSubSet[0]), $this->attrBlacklist)) || (substr($attrSubSet[0], 0, 2) == 'on')))) {
|
||||
continue;
|
||||
}
|
||||
// xss attr value filtering
|
||||
if ($attrSubSet[1]) {
|
||||
// strips unicode, hex, etc
|
||||
$attrSubSet[1] = str_replace('&#', '', $attrSubSet[1]);
|
||||
// strip normal newline within attr value
|
||||
$attrSubSet[1] = preg_replace('/\s+/', '', $attrSubSet[1]);
|
||||
// strip double quotes
|
||||
$attrSubSet[1] = str_replace('"', '', $attrSubSet[1]);
|
||||
// [requested feature] convert single quotes from either side to doubles (Single quotes shouldn't be used to pad attr value)
|
||||
if ((substr($attrSubSet[1], 0, 1) == "'") && (substr($attrSubSet[1], (strlen($attrSubSet[1]) - 1), 1) == "'")) {
|
||||
$attrSubSet[1] = substr($attrSubSet[1], 1, (strlen($attrSubSet[1]) - 2));
|
||||
}
|
||||
// strip slashes
|
||||
$attrSubSet[1] = stripslashes($attrSubSet[1]);
|
||||
}
|
||||
// auto strip attr's with "javascript:
|
||||
if (((strpos(strtolower($attrSubSet[1]), 'expression') !== false) &&(strtolower($attrSubSet[0]) == 'style')) ||
|
||||
(strpos(strtolower($attrSubSet[1]), 'javascript:') !== false) ||
|
||||
(strpos(strtolower($attrSubSet[1]), 'behaviour:') !== false) ||
|
||||
(strpos(strtolower($attrSubSet[1]), 'vbscript:') !== false) ||
|
||||
(strpos(strtolower($attrSubSet[1]), 'mocha:') !== false) ||
|
||||
(strpos(strtolower($attrSubSet[1]), 'livescript:') !== false)
|
||||
) {
|
||||
continue;
|
||||
}
|
||||
|
||||
// if matches user defined array
|
||||
$attrFound = in_array(strtolower($attrSubSet[0]), $this->attrArray);
|
||||
// keep this attr on condition
|
||||
if ((!$attrFound && $this->attrMethod) || ($attrFound && !$this->attrMethod)) {
|
||||
// attr has value
|
||||
if ($attrSubSet[1]) {
|
||||
$newSet[] = $attrSubSet[0] . '="' . $attrSubSet[1] . '"';
|
||||
} elseif ($attrSubSet[1] == "0") {
|
||||
// attr has decimal zero as value
|
||||
$newSet[] = $attrSubSet[0] . '="0"';
|
||||
} else {
|
||||
// reformat single attributes to XHTML
|
||||
$newSet[] = $attrSubSet[0] . '="' . $attrSubSet[0] . '"';
|
||||
}
|
||||
}
|
||||
}
|
||||
return $newSet;
|
||||
}
|
||||
|
||||
/**
|
||||
* Try to convert to plaintext
|
||||
* @access protected
|
||||
* @param String $source
|
||||
* @return String $source
|
||||
*/
|
||||
public function decode($source)
|
||||
{
|
||||
// url decode
|
||||
$source = html_entity_decode($source, ENT_QUOTES, "ISO-8859-1");
|
||||
// convert decimal
|
||||
$source = preg_replace('/&#(\d+);/me',"chr(\\1)", $source);// decimal notation
|
||||
// convert hex
|
||||
$source = preg_replace('/&#x([a-f0-9]+);/mei',"chr(0x\\1)", $source);// hex notation
|
||||
return $source;
|
||||
}
|
||||
|
||||
/**
|
||||
* Method to be called by another php script. Processes for SQL injection
|
||||
* @access public
|
||||
* @param Mixed $source - input string/array-of-string to be 'cleaned'
|
||||
* @param Buffer $connection - An open MySQL connection
|
||||
* @return String $source - 'cleaned' version of input parameter
|
||||
*/
|
||||
public function safeSQL($source, &$connection)
|
||||
{
|
||||
// clean all elements in this array
|
||||
if (is_array($source)) {
|
||||
foreach ($source as $key => $value) {
|
||||
// filter element for SQL injection
|
||||
if (is_string($value)) {
|
||||
$source[$key] = $this->quoteSmart($this->decode($value), $connection);
|
||||
}
|
||||
}
|
||||
return $source;
|
||||
// clean this string
|
||||
} elseif (is_string($source)) {
|
||||
// filter source for SQL injection
|
||||
if (is_string($source)) {
|
||||
return $this->quoteSmart($this->decode($source), $connection);
|
||||
}
|
||||
// return parameter as given
|
||||
} else {
|
||||
return $source;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @author Chris Tobin
|
||||
* @author Daniel Morris
|
||||
* @access protected
|
||||
* @param String $source
|
||||
* @param Resource $connection - An open MySQL connection
|
||||
* @return String $source
|
||||
*/
|
||||
public function quoteSmart($source, &$connection)
|
||||
{
|
||||
// strip slashes
|
||||
if (get_magic_quotes_gpc()) {
|
||||
$source = stripslashes($source);
|
||||
}
|
||||
// quote both numeric and text
|
||||
$source = $this->escapeString($source, $connection);
|
||||
return $source;
|
||||
}
|
||||
|
||||
/**
|
||||
* @author Chris Tobin
|
||||
* @author Daniel Morris
|
||||
* @access protected
|
||||
* @param String $source
|
||||
* @param Resource $connection - An open MySQL connection
|
||||
* @return String $source
|
||||
*/
|
||||
public function escapeString($string, &$connection)
|
||||
{
|
||||
// depreciated function
|
||||
if (version_compare(phpversion(),"4.3.0", "<")) {
|
||||
mysql_escape_string($string);
|
||||
} else {
|
||||
// current function
|
||||
mysql_real_escape_string($string);
|
||||
}
|
||||
return $string;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -4555,7 +4555,8 @@ class XmlForm_Field_Date extends XmlForm_Field_SimpleText
|
||||
$Time = "true";
|
||||
}
|
||||
|
||||
$sizeend = strlen($valueDemo) + 3;
|
||||
//$sizeend = strlen($valueDemo) + 3;
|
||||
$sizeend = $this->size;
|
||||
|
||||
if ($this->required) {
|
||||
$isRequired = '1';
|
||||
|
||||
@@ -518,8 +518,6 @@ class AppSolr
|
||||
'includeCols' => $columsToIncludeFinal,
|
||||
'resultFormat' => 'json'
|
||||
);
|
||||
|
||||
|
||||
$solrRequestData = Entity_SolrRequestData::createForRequestPagination ($data);
|
||||
// use search index to return list of cases
|
||||
$searchIndex = new BpmnEngine_Services_SearchIndex ($this->_solrIsEnabled, $this->_solrHost);
|
||||
@@ -622,7 +620,6 @@ class AppSolr
|
||||
}
|
||||
/*elseif ($action == 'search') {
|
||||
// get all the indexes
|
||||
|
||||
//$delIndexes = $this->getApplicationDelegationsIndex ($appUID);
|
||||
$indexes = $this->aaSearchRecords ($aaappsDBData, array (
|
||||
'APP_UID' => $appUID
|
||||
@@ -647,7 +644,6 @@ class AppSolr
|
||||
|
||||
//var_dump($delIndexes);
|
||||
|
||||
|
||||
foreach ($delIndexes as $delIndex) {
|
||||
$aRow = array ();
|
||||
|
||||
@@ -685,12 +681,12 @@ class AppSolr
|
||||
'APP_UID' => $appUID,
|
||||
'DEL_INDEX' => $delIndex
|
||||
));
|
||||
|
||||
$row = '';
|
||||
foreach ($indexes as $index) {
|
||||
$row = $aaappsDBData [$index];
|
||||
}
|
||||
|
||||
if(!isset($row))
|
||||
if (empty($row))
|
||||
{
|
||||
$fh = fopen("SolrAppWithoutDelIndex.txt", 'a') or die("can't open file to store Solr search time.");
|
||||
fwrite($fh, sprintf("Solr AppUid: %s DelIndex: %s not found.\r\n", $appUID, $delIndex));
|
||||
@@ -1384,7 +1380,6 @@ class AppSolr
|
||||
'workspace' => $this->_solrInstance,
|
||||
'document' => $xmlDoc
|
||||
);
|
||||
|
||||
$oSolrUpdateDocument = Entity_SolrUpdateDocument::createForRequest ($data);
|
||||
|
||||
G::LoadClass ('searchIndex');
|
||||
@@ -1393,7 +1388,6 @@ class AppSolr
|
||||
|
||||
$oSearchIndex->updateIndexDocument ($oSolrUpdateDocument);
|
||||
|
||||
|
||||
if($this->debug)
|
||||
{
|
||||
$this->afterUpdateSolrXMLDocTime = microtime (true);
|
||||
@@ -2094,16 +2088,58 @@ class AppSolr
|
||||
break;
|
||||
}
|
||||
if ($typeSufix != '*') {
|
||||
$value = trim($value);
|
||||
$pairs = array(
|
||||
"\x03" => "",
|
||||
"\x04" => "",
|
||||
"\x05" => "",
|
||||
"\x06" => "",
|
||||
"\x07" => "",
|
||||
"\x08" => "",
|
||||
"\x0E" => "",
|
||||
"\x16" => "",
|
||||
"\x00-" => "",
|
||||
"\x09" => "",
|
||||
"\x11" => "",
|
||||
"\x12" => "",
|
||||
"\x14-" => "",
|
||||
"\x1f" => "",
|
||||
"\x7f" => "",
|
||||
);
|
||||
$value = strtr($value, $pairs);
|
||||
$writer->startElement ("field");
|
||||
$writer->writeAttribute ('name', trim ($k) . $typeSufix);
|
||||
$writer->startCData ();
|
||||
$writer->text ($value);
|
||||
$writer->endCData();
|
||||
$writer->endElement ();
|
||||
}
|
||||
}
|
||||
else {
|
||||
$value = trim($value);
|
||||
$pairs = array(
|
||||
"\x03" => "",
|
||||
"\x04" => "",
|
||||
"\x05" => "",
|
||||
"\x06" => "",
|
||||
"\x07" => "",
|
||||
"\x08" => "",
|
||||
"\x0E" => "",
|
||||
"\x16" => "",
|
||||
"\x00-" => "",
|
||||
"\x09" => "",
|
||||
"\x11" => "",
|
||||
"\x12" => "",
|
||||
"\x14-" => "",
|
||||
"\x1f" => "",
|
||||
"\x7f" => "",
|
||||
);
|
||||
$value = strtr($value, $pairs);
|
||||
$writer->startElement ("field");
|
||||
$writer->writeAttribute ('name', trim ($k) . '_t');
|
||||
$writer->startCData ();
|
||||
$writer->text ($value);
|
||||
$writer->endCData();
|
||||
$writer->endElement ();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -71,6 +71,8 @@ class Cases
|
||||
{
|
||||
|
||||
private $appSolr = null;
|
||||
public $dir = 'ASC';
|
||||
public $sort = 'APP_MSG_DATE';
|
||||
|
||||
public function __construct()
|
||||
{
|
||||
@@ -5908,12 +5910,7 @@ class Cases
|
||||
$oCriteria->add(AppMessagePeer::APP_MSG_SHOW_MESSAGE, 1);
|
||||
}
|
||||
$oCriteria->addAscendingOrderByColumn(AppMessagePeer::APP_MSG_DATE);
|
||||
if (!is_null($start)) {
|
||||
$oCriteria->setOffset($start);
|
||||
}
|
||||
if (!is_null($limit)) {
|
||||
$oCriteria->setLimit($limit);
|
||||
}
|
||||
|
||||
$oDataset = AppMessagePeer::doSelectRS($oCriteria);
|
||||
$oDataset->setFetchmode(ResultSet::FETCHMODE_ASSOC);
|
||||
$oDataset->next();
|
||||
@@ -5947,6 +5944,7 @@ class Cases
|
||||
$oCriteria = new Criteria('dbarray');
|
||||
$oCriteria->setDBArrayTable('messages');
|
||||
|
||||
usort( $aMessages, array($this, "ordProcess") );
|
||||
return $aMessages;
|
||||
}
|
||||
|
||||
@@ -6760,4 +6758,28 @@ class Cases
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public function ordProcess ($a, $b)
|
||||
{
|
||||
if ($this->sort == '') {
|
||||
$this->sort = 'APP_MSG_DATE';
|
||||
}
|
||||
if ($this->dir=='ASC') {
|
||||
if ($a[$this->sort] > $b[$this->sort]) {
|
||||
return 1;
|
||||
} elseif ($a[$this->sort] < $b[$this->sort]) {
|
||||
return - 1;
|
||||
} else {
|
||||
return 0;
|
||||
}
|
||||
} else {
|
||||
if ($a[$this->sort] > $b[$this->sort]) {
|
||||
return - 1;
|
||||
} elseif ($a[$this->sort] < $b[$this->sort]) {
|
||||
return 1;
|
||||
} else {
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -315,26 +315,16 @@ class Configurations // extends Configuration
|
||||
}
|
||||
}
|
||||
|
||||
public function userNameFormat($username, $fullname)
|
||||
public function userNameFormat($username, $fullname, $usrUid = '')
|
||||
{
|
||||
|
||||
try {
|
||||
if (!isset($this->UserConfig)) {
|
||||
$this->UserConfig = $this->getConfiguration('ENVIRONMENT_SETTINGS', '');
|
||||
}
|
||||
if (isset($this->UserConfig['format'])) {
|
||||
$name = explode(' ',$fullname);
|
||||
$aux = '';
|
||||
if ($usrUid != '') {
|
||||
$oUser = UsersPeer::retrieveByPK($usrUid);
|
||||
$aux = str_replace('@userName', trim($username), $this->UserConfig['format']);
|
||||
$aux = str_replace('@firstName', isset($name[0])?$name[0]:'', $aux);
|
||||
$aux = str_replace('@lastName', isset($name[1])?$name[1]:'', $aux);
|
||||
$aux = str_replace('@firstName', $oUser->getUsrFirstname(), $aux);
|
||||
$aux = str_replace('@lastName', $oUser->getUsrLastname(), $aux);
|
||||
}
|
||||
return $aux;
|
||||
} else {
|
||||
return $username;
|
||||
}
|
||||
} catch (Exception $oError) {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
public function usersNameFormatBySetParameters($formatUserName, $userName, $firstName, $lastName)
|
||||
@@ -548,7 +538,8 @@ class Configurations // extends Configuration
|
||||
public function getSystemDate($dateTime)
|
||||
{
|
||||
$oConf = new Configurations();
|
||||
$dateFormat = 'M d, Y';
|
||||
$oConf->getFormats();
|
||||
$dateFormat = $oConf->UserConfig['dateFormat'];
|
||||
$oConf->loadConfig($obj, 'ENVIRONMENT_SETTINGS', '');
|
||||
$creationDateMask = isset($oConf->aConfig['dateFormat']) ? $oConf->aConfig['dateFormat'] : '';
|
||||
$creationDateMask = ($creationDateMask == '') ? $dateFormat : $creationDateMask;
|
||||
@@ -601,8 +592,8 @@ class Configurations // extends Configuration
|
||||
}
|
||||
}
|
||||
|
||||
setlocale(LC_TIME, $langLocate);
|
||||
$dateTime = utf8_encode(strftime($newCreation, mktime($h, $i, $s, $m, $d, $y)));
|
||||
setlocale(LC_TIME, $langLocate . ".utf8");
|
||||
$dateTime = strftime($newCreation, mktime($h, $i, $s, $m, $d, $y));
|
||||
|
||||
if (strpos($dateTime, ' ') !== false) {
|
||||
$dateTime = ucwords($dateTime);
|
||||
|
||||
@@ -109,7 +109,11 @@ class AdditionalTables extends BaseAdditionalTables
|
||||
$oDataset->setFetchmode(ResultSet::FETCHMODE_ASSOC);
|
||||
|
||||
while ($oDataset->next()) {
|
||||
$this->fields[] = $oDataset->getRow();
|
||||
$auxField = $oDataset->getRow();
|
||||
if ($auxField['FLD_TYPE'] == 'TIMESTAMP') {
|
||||
$auxField['FLD_TYPE'] = 'DATETIME';
|
||||
}
|
||||
$this->fields[] = $auxField;
|
||||
}
|
||||
|
||||
return $this->fields;
|
||||
|
||||
@@ -486,7 +486,12 @@ class CaseScheduler extends BaseCaseScheduler
|
||||
$this->updateDate( $sSchedulerUid, $nSchTimeNextRun, $nSchLastRunTime );
|
||||
}
|
||||
} elseif ($sActualDataHour == $dActualSysHour && $sActualDataMinutes <= $dActualSysMinutes) {
|
||||
$_PORT = (isset( $_SERVER['SERVER_PORT'] ) && $_SERVER['SERVER_PORT'] != '80') ? ':' . $_SERVER['SERVER_PORT'] : '';
|
||||
$_PORT = '';
|
||||
if ( isset($_SERVER['SERVER_PORT']) ) {
|
||||
$_PORT = ($_SERVER['SERVER_PORT'] != '80') ? ':' . $_SERVER['SERVER_PORT'] : '';
|
||||
} elseif ( defined('SERVER_PORT') ) {
|
||||
$_PORT = (SERVER_PORT != '80') ? ':' . SERVER_PORT : '';
|
||||
}
|
||||
//$defaultEndpoint = 'http://' . $_SERVER ['SERVER_NAME'] . ':' . $_PORT . '/sys' . SYS_SYS .'/'.SYS_LANG.'/classic/green/services/wsdl2';
|
||||
$defaultEndpoint = 'http://' . SERVER_NAME . $_PORT . '/sys' . SYS_SYS . '/' . SYS_LANG . '/classic/services/wsdl2';
|
||||
println( " - Connecting webservice: $defaultEndpoint" );
|
||||
|
||||
@@ -755,7 +755,6 @@ class Process extends BaseProcess
|
||||
} else {
|
||||
usort( $aProcesses, array($this, "ordProcessDesc") );
|
||||
}
|
||||
$aProcesses = array_splice($aProcesses, $start, $limit);
|
||||
|
||||
return $aProcesses;
|
||||
}
|
||||
@@ -879,6 +878,9 @@ class Process extends BaseProcess
|
||||
|
||||
public function ordProcessAsc ($a, $b)
|
||||
{
|
||||
if (($this->sort) == '') {
|
||||
$this->sort = 'PRO_TITLE';
|
||||
}
|
||||
if ($a[$this->sort] > $b[$this->sort]) {
|
||||
return 1;
|
||||
} elseif ($a[$this->sort] < $b[$this->sort]) {
|
||||
@@ -890,6 +892,9 @@ class Process extends BaseProcess
|
||||
|
||||
public function ordProcessDesc ($a, $b)
|
||||
{
|
||||
if (($this->sort) == '') {
|
||||
$this->sort = 'PRO_TITLE';
|
||||
}
|
||||
if ($a[$this->sort] > $b[$this->sort]) {
|
||||
return - 1;
|
||||
} elseif ($a[$this->sort] < $b[$this->sort]) {
|
||||
|
||||
@@ -155,7 +155,7 @@ class Dashboard extends Controller
|
||||
if ($data->DAS_INS_UID == '') {
|
||||
throw new Exception( 'Parameter "DAS_INS_UID" is empty.' );
|
||||
}
|
||||
$this->pmDashlet->setup( $data->DAS_INS_UID );
|
||||
$this->pmDashlet->setup( G::sanitizeInput($data->DAS_INS_UID) );
|
||||
|
||||
if (! isset( $_REQUEST['w'] )) {
|
||||
$width = 300;
|
||||
|
||||
@@ -37,8 +37,13 @@ if ($actionAjax == 'messageHistoryGridList_JXP') {
|
||||
G::LoadClass( 'case' );
|
||||
G::LoadClass( "BasePeer" );
|
||||
|
||||
$dir = isset( $_POST['dir'] ) ? $_POST['dir'] : 'ASC';
|
||||
$sort = isset( $_POST['sort'] ) ? $_POST['sort'] : '';
|
||||
|
||||
global $G_PUBLISH;
|
||||
$oCase = new Cases();
|
||||
$oCase->dir = $dir;
|
||||
$oCase->sort = $sort;
|
||||
|
||||
$appMessageArray = $oCase->getHistoryMessagesTrackerExt( $_SESSION['APPLICATION'], true, $_REQUEST['start'], $_REQUEST['limit']);
|
||||
$appMessageCountArray = $oCase->getHistoryMessagesTrackerExt( $_SESSION['APPLICATION'], true);
|
||||
@@ -98,6 +103,8 @@ if ($actionAjax == 'messageHistoryGridList_JXP') {
|
||||
}
|
||||
}
|
||||
|
||||
$aProcesses = array_splice($aProcesses, $_REQUEST['start'], $_REQUEST['limit']);
|
||||
|
||||
$newDir = '/tmp/test/directory';
|
||||
$r = G::verifyPath( $newDir );
|
||||
$r->data = $aProcesses;
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
<?php
|
||||
$action = isset( $_GET['action'] ) ? $_GET['action'] : 'default';
|
||||
|
||||
$action = isset( $_GET['action'] ) ? G::sanitizeInput($_GET['action']) : 'default';
|
||||
|
||||
G::LoadClass( 'case' );
|
||||
G::LoadClass( 'configuration' );
|
||||
$userId = isset( $_SESSION['USER_LOGGED'] ) ? $_SESSION['USER_LOGGED'] : '00000000000000000000000000000000';
|
||||
|
||||
@@ -240,14 +240,14 @@ try {
|
||||
if (strpos($_SERVER['HTTP_REFERER'], 'processes/processes_Map?PRO_UID=') !== false) {
|
||||
$sLocation = $_SERVER['HTTP_REFERER'];
|
||||
} else {
|
||||
$sLocation = $_REQUEST['form']['URL'];
|
||||
$sLocation = G::sanitizeInput($_REQUEST['form']['URL']);
|
||||
}
|
||||
} else {
|
||||
$sLocation = $_REQUEST['form']['URL'];
|
||||
$sLocation = G::sanitizeInput($_REQUEST['form']['URL']);
|
||||
}
|
||||
} else {
|
||||
if (isset($_REQUEST['u']) && $_REQUEST['u'] != '') {
|
||||
$sLocation = $_REQUEST['u'];
|
||||
$sLocation = G::sanitizeInput($_REQUEST['u']);
|
||||
} else {
|
||||
$sLocation = $oUserProperty->redirectTo($_SESSION['USER_LOGGED'], $lang);
|
||||
}
|
||||
|
||||
@@ -51,7 +51,8 @@ if (isset( $_POST['category'] ) && $_POST['category'] !== '<reset>') {
|
||||
if ($proData === false) {
|
||||
$proData = $oProcess->getAllProcesses( $start, $limit, null, $_POST['processName']);
|
||||
$memcache->set( $memkey, $proData, PMmemcached::ONE_HOUR );
|
||||
$totalCount = $oProcess->getAllProcessesCount();
|
||||
$totalCount = count($proData);
|
||||
$proData = array_splice($proData, $start, $limit);
|
||||
$memcacheUsed = 'no';
|
||||
} else {
|
||||
$proData = $oProcess->orderMemcache($proData, $start, $limit);
|
||||
@@ -64,7 +65,8 @@ if (isset( $_POST['category'] ) && $_POST['category'] !== '<reset>') {
|
||||
$memcacheUsed = 'yes';
|
||||
if (($proData = $memcache->get( $memkey )) === false || ($totalCount = $memcache->get( $memkeyTotal )) === false) {
|
||||
$proData = $oProcess->getAllProcesses( $start, $limit);
|
||||
$totalCount = $oProcess->getAllProcessesCount();
|
||||
$totalCount = count($proData);
|
||||
$proData = array_splice($proData, $start, $limit);
|
||||
$memcache->set( $memkey, $proData, PMmemcached::ONE_HOUR );
|
||||
$memcache->set( $memkeyTotal, $totalCount, PMmemcached::ONE_HOUR );
|
||||
$memcacheUsed = 'no';
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
<?php
|
||||
ob_start();
|
||||
|
||||
$request = isset( $_POST['request'] ) ? $_POST['request'] : (isset( $_GET['request'] ) ? $_GET['request'] : null);
|
||||
$request = isset( $_POST['request'] ) ? G::sanitizeInput($_POST['request']) : (isset( $_GET['request'] ) ? G::sanitizeInput($_GET['request']) : null);
|
||||
|
||||
switch ($request) {
|
||||
case 'loadMenu':
|
||||
|
||||
@@ -420,12 +420,13 @@ class SkinEngine
|
||||
|
||||
G::LoadClass( "configuration" );
|
||||
$conf = new Configurations();
|
||||
if (defined('SYS_SYS') && $conf->exists("ENVIRONMENT_SETTINGS")) {
|
||||
$conf->getFormats();
|
||||
if (defined('SYS_SYS')) {
|
||||
$smarty->assign('udate', $conf->getSystemDate(date('Y-m-d H:i:s')));
|
||||
} else {
|
||||
$smarty->assign('udate', G::getformatedDate(date('Y-m-d'), 'M d, yyyy', SYS_LANG));
|
||||
}
|
||||
$name = $conf->userNameFormat(isset($_SESSION['USR_USERNAME']) ? $_SESSION['USR_USERNAME']: '', isset($_SESSION['USR_FULLNAME']) ? htmlentities($_SESSION['USR_FULLNAME'] , ENT_QUOTES, 'UTF-8'): '');
|
||||
$name = $conf->userNameFormat(isset($_SESSION['USR_USERNAME']) ? $_SESSION['USR_USERNAME']: '', isset($_SESSION['USR_FULLNAME']) ? htmlentities($_SESSION['USR_FULLNAME'] , ENT_QUOTES, 'UTF-8'): '', isset($_SESSION['USER_LOGGED']) ? $_SESSION['USER_LOGGED'] : '');
|
||||
$smarty->assign('user',$name);
|
||||
}
|
||||
|
||||
@@ -735,12 +736,13 @@ class SkinEngine
|
||||
|
||||
G::LoadClass( "configuration" );
|
||||
$conf = new Configurations();
|
||||
if ( defined('SYS_SYS') && $conf->exists("ENVIRONMENT_SETTINGS")) {
|
||||
$conf->getFormats();
|
||||
if ( defined('SYS_SYS')) {
|
||||
$smarty->assign('udate', $conf->getSystemDate(date('Y-m-d H:i:s')));
|
||||
} else {
|
||||
$smarty->assign('udate', G::getformatedDate(date('Y-m-d H:i:s'), 'M d, yyyy', SYS_LANG));
|
||||
}
|
||||
$name = $conf->userNameFormat(isset($_SESSION['USR_USERNAME']) ? $_SESSION['USR_USERNAME']: '', isset($_SESSION['USR_FULLNAME']) ? htmlentities($_SESSION['USR_FULLNAME'] , ENT_QUOTES, 'UTF-8'): '');
|
||||
$name = $conf->userNameFormat(isset($_SESSION['USR_USERNAME']) ? $_SESSION['USR_USERNAME']: '', isset($_SESSION['USR_FULLNAME']) ? htmlentities($_SESSION['USR_FULLNAME'] , ENT_QUOTES, 'UTF-8'): '', isset($_SESSION['USER_LOGGED']) ? $_SESSION['USER_LOGGED'] : '');
|
||||
$smarty->assign('user',$name);
|
||||
}
|
||||
if(class_exists('pmLicenseManager')){
|
||||
|
||||
@@ -328,6 +328,7 @@ var ActionTabFrameGlobal = '';
|
||||
|
||||
function messageHistoryGridList(){
|
||||
store = new Ext.data.GroupingStore({
|
||||
remoteSort: true,
|
||||
proxy : new Ext.data.HttpProxy
|
||||
(
|
||||
{
|
||||
|
||||
@@ -865,8 +865,12 @@ var datastore = new Ext.data.Store({
|
||||
datastore.on("beforeload",
|
||||
function(ds, options) {
|
||||
|
||||
options.params.dir = (itemSelected.length === 0) ? options.params.dir : ds.directory;
|
||||
options.params.node = (itemSelected.length === 0) ? options.params.dir : ds.directory;
|
||||
var dirAux = (itemSelected.length == 0 && options.params.dir)? options.params.dir : ds.directory;
|
||||
var nodeAux = (itemSelected.length == 0 && options.params.dir)? options.params.dir : ds.directory;
|
||||
|
||||
options.params.dir = dirAux;
|
||||
options.params.node = nodeAux;
|
||||
|
||||
options.params.option = "gridDocuments";
|
||||
options.params.sendWhat = datastore.sendWhat;
|
||||
if (options.params.dir == "ASC" || options.params.dir == "DESC") {
|
||||
|
||||
@@ -20,9 +20,15 @@
|
||||
<table class="tableGrid" name="{$form->name}" id="{$form->name}" cellpadding="0" cellspacing="0" border="0">
|
||||
<tr>
|
||||
<td> </td>
|
||||
|
||||
{foreach from=$form->fields item=field}
|
||||
<td class='vFormTitle'>{if (isset($field->required)&&$field->required&&$field->mode==='edit')}<font color="red">* </font>{/if}{$field->label}{$field->renderHint()}</td>
|
||||
{if ($field->type != "hidden")}
|
||||
<td class="vFormTitle">{if (isset($field->required) && $field->required && $field->mode == "edit")}<font color="red">* </font>{/if}{$field->label}{$field->renderHint()}</td>
|
||||
{else}
|
||||
<td style="display: none;"></td>
|
||||
{/if}
|
||||
{/foreach}
|
||||
|
||||
</tr>
|
||||
{literal}
|
||||
{section name=row loop=$form_rows}
|
||||
@@ -33,9 +39,15 @@
|
||||
{/if}
|
||||
<td class='GridLabel'> {$smarty.section.row.index+1} </td>
|
||||
{/literal}
|
||||
|
||||
{foreach from=$form->fields item=field}
|
||||
<td style="white-space:nowrap;">{$field->field}</td>
|
||||
{if ($field->type != "hidden")}
|
||||
<td style="white-space: nowrap;">{$field->field}</td>
|
||||
{else}
|
||||
<td style="display: none;">{$field->field}</td>
|
||||
{/if}
|
||||
{/foreach}
|
||||
|
||||
{if $form->deleteRow == '1' }
|
||||
<td align="center"><A class="GridLink" href="javascript:;" onclick="form_{$form->owner->id}.getElementByName('{$form->name}').deleteGridRow('[{literal}{$smarty.section.row.index+1}{/literal}]'); return false;">{$form->DeleteLabel}</A> </td>
|
||||
{/if}
|
||||
|
||||
@@ -122,11 +122,11 @@
|
||||
<tr>
|
||||
<td class="FormTitle" colspan="2" align="">{$form.PME_SUBTITLE}</td>
|
||||
</tr>
|
||||
<!-- <tr>
|
||||
<tr>
|
||||
<td class="FormLabel" width="{$form_labelWidth}">{$PME_SIZE}</td>
|
||||
<!-- <td class='FormFieldContent' width="{$form_width}" >{$form.PME_SIZE} </td> //-->
|
||||
<!--<td class="FormFieldContent" width="{$form_fieldContentWidth}">{$form.PME_SIZE}</td>
|
||||
</tr>-->
|
||||
<td class="FormFieldContent" width="{$form_fieldContentWidth}">{$form.PME_SIZE}</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="FormLabel" width="{$form_labelWidth}">{$PME_MODE}</td>
|
||||
<!-- <td class='FormFieldContent' width="{$form_width}" >{$form.PME_MODE} </td> //-->
|
||||
|
||||
Reference in New Issue
Block a user