From 46d09f5b84872622cde16c368ef48b69442e7512 Mon Sep 17 00:00:00 2001 From: Dante Date: Mon, 12 Jun 2017 16:11:19 -0400 Subject: [PATCH 01/52] HOR-3095 --- workflow/engine/classes/Calendar.php | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/workflow/engine/classes/Calendar.php b/workflow/engine/classes/Calendar.php index 2f788a442..43e35035b 100644 --- a/workflow/engine/classes/Calendar.php +++ b/workflow/engine/classes/Calendar.php @@ -799,10 +799,6 @@ class Calendar extends CalendarDefinition return $return; } - - - - /**************SLA classes***************/ public function dashCalculateDate ($iniDate, $duration, $formatDuration, $calendarData = array()) { @@ -828,7 +824,7 @@ class Calendar extends CalendarDefinition $newDate = $onlyDate; $hoursDuration -= (float)($secondRes/3600); } else { - $newDate = date('Y-m-d H:i:s', strtotime('+' . (((float)$hoursDuration)*3600) . ' seconds', strtotime($newDate))); + $newDate = date('Y-m-d H:i:s', strtotime('+' . round((((float)$hoursDuration)*3600), 5) . ' seconds', strtotime($newDate))); $hoursDuration = 0; } } @@ -841,8 +837,6 @@ class Calendar extends CalendarDefinition if ((is_null($finDate)) || ($finDate == '')) { $finDate = date('Y-m-d H:i:s'); } - - if ((strtotime($finDate)) <= (strtotime($iniDate))) { return 0.00; } From b846a246ef90cb0bd383ff974b4a3301e890ced8 Mon Sep 17 00:00:00 2001 From: "Marco A. Nina Mena" Date: Sun, 6 Aug 2017 20:19:26 -0400 Subject: [PATCH 02/52] HOR-3548 Users can log in with just a password hash without knowing the clear text password - Check if the password contains password hashes. --- workflow/engine/methods/login/authentication.php | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/workflow/engine/methods/login/authentication.php b/workflow/engine/methods/login/authentication.php index ed7e32196..7152e29db 100644 --- a/workflow/engine/methods/login/authentication.php +++ b/workflow/engine/methods/login/authentication.php @@ -41,6 +41,18 @@ try { die(); } + //Check if the password contains the password hashes + if (!empty($_POST['form']['USR_PASSWORD']) && strlen($_POST['form']['USR_PASSWORD']) > 32) { + $pass = trim($_POST['form']['USR_PASSWORD']); + foreach (Bootstrap::getPasswordHashConfig() as $key => $hash) { + $search = substr($pass, 0, strlen($hash) + 1); + if ($search == $hash . ':') { + $pass = substr($pass, strlen($hash) + 1); + } + } + $_POST['form']['USR_PASSWORD'] = $pass; + } + $frm = $_POST['form']; if (isset($frm['USR_USERNAME'])) { From 890dd720e6231155798e10deb08af7d29003754d Mon Sep 17 00:00:00 2001 From: "Marco A. Nina Mena" Date: Sun, 6 Aug 2017 20:33:53 -0400 Subject: [PATCH 03/52] Delete changes of file. --- workflow/engine/classes/Calendar.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/workflow/engine/classes/Calendar.php b/workflow/engine/classes/Calendar.php index 43e35035b..2f788a442 100644 --- a/workflow/engine/classes/Calendar.php +++ b/workflow/engine/classes/Calendar.php @@ -799,6 +799,10 @@ class Calendar extends CalendarDefinition return $return; } + + + + /**************SLA classes***************/ public function dashCalculateDate ($iniDate, $duration, $formatDuration, $calendarData = array()) { @@ -824,7 +828,7 @@ class Calendar extends CalendarDefinition $newDate = $onlyDate; $hoursDuration -= (float)($secondRes/3600); } else { - $newDate = date('Y-m-d H:i:s', strtotime('+' . round((((float)$hoursDuration)*3600), 5) . ' seconds', strtotime($newDate))); + $newDate = date('Y-m-d H:i:s', strtotime('+' . (((float)$hoursDuration)*3600) . ' seconds', strtotime($newDate))); $hoursDuration = 0; } } @@ -837,6 +841,8 @@ class Calendar extends CalendarDefinition if ((is_null($finDate)) || ($finDate == '')) { $finDate = date('Y-m-d H:i:s'); } + + if ((strtotime($finDate)) <= (strtotime($iniDate))) { return 0.00; } From 928759f66366dc82d55e892324e52f565b2676e0 Mon Sep 17 00:00:00 2001 From: "Marco A. Nina Mena" Date: Mon, 7 Aug 2017 08:37:04 -0400 Subject: [PATCH 04/52] HOR-3432 ProcessMaker User Privilege Escalation - Add validation user access with PM_USERS --- workflow/engine/methods/roles/roles_Ajax.php | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/workflow/engine/methods/roles/roles_Ajax.php b/workflow/engine/methods/roles/roles_Ajax.php index b13937140..19e6fa8f7 100644 --- a/workflow/engine/methods/roles/roles_Ajax.php +++ b/workflow/engine/methods/roles/roles_Ajax.php @@ -21,6 +21,20 @@ * For more information, contact Colosa Inc, 2566 Le Jeune Rd., * Coral Gables, FL, 33134, USA, or email info@colosa.com. */ +global $RBAC; +switch ($RBAC->userCanAccess( 'PM_USERS' )) { + case - 2: + G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_SYSTEM', 'error', 'labels' ); + G::header( 'location: ../login/login' ); + die(); + break; + case - 1: + case - 3: + G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_PAGE', 'error', 'labels' ); + G::header( 'location: ../login/login' ); + die(); + break; +} $REQUEST = (isset( $_GET['request'] )) ? $_GET['request'] : $_POST['request']; From a0c0bcf6e6bd96bee3fdfa7a715b29ba1b1a63d7 Mon Sep 17 00:00:00 2001 From: "Marco A. Nina Mena" Date: Mon, 7 Aug 2017 11:58:16 -0400 Subject: [PATCH 05/52] Change method of throw --- workflow/engine/methods/roles/roles_Ajax.php | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/workflow/engine/methods/roles/roles_Ajax.php b/workflow/engine/methods/roles/roles_Ajax.php index 19e6fa8f7..d3ad0ab43 100644 --- a/workflow/engine/methods/roles/roles_Ajax.php +++ b/workflow/engine/methods/roles/roles_Ajax.php @@ -21,18 +21,16 @@ * For more information, contact Colosa Inc, 2566 Le Jeune Rd., * Coral Gables, FL, 33134, USA, or email info@colosa.com. */ +use ProcessMaker\Exception\RBACException; + global $RBAC; -switch ($RBAC->userCanAccess( 'PM_USERS' )) { - case - 2: - G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_SYSTEM', 'error', 'labels' ); - G::header( 'location: ../login/login' ); - die(); +switch ($RBAC->userCanAccess('PM_USERS')) { + case -2: + throw new RBACException('ID_USER_HAVENT_RIGHTS_SYSTEM', -2); break; - case - 1: - case - 3: - G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_PAGE', 'error', 'labels' ); - G::header( 'location: ../login/login' ); - die(); + case -1: + case -3: + throw new RBACException('ID_USER_HAVENT_RIGHTS_PAGE', -1); break; } From 4bdad263cd922419b5a2e028a284f7d35f883734 Mon Sep 17 00:00:00 2001 From: hjonathan Date: Mon, 7 Aug 2017 13:11:09 -0400 Subject: [PATCH 06/52] HOR-3485 update update update update coding style Remove LoadClass & LoadSystem --- composer.json | 3 +- workflow/engine/controllers/pmTablesProxy.php | 90 ++++++++----------- 2 files changed, 37 insertions(+), 56 deletions(-) diff --git a/composer.json b/composer.json index 39e14d053..36a15fb5c 100644 --- a/composer.json +++ b/composer.json @@ -76,7 +76,8 @@ "gulliver/includes/smarty_plugins/function.pmos.php", "thirdparty/pear/PEAR.php", "thirdparty/HTMLPurifier/HTMLPurifier.auto.php", - "workflow/engine/classes/class.pmFunctions.php" + "workflow/engine/classes/class.pmFunctions.php", + "workflow/engine/classes/class.pmScript.php" ] } } diff --git a/workflow/engine/controllers/pmTablesProxy.php b/workflow/engine/controllers/pmTablesProxy.php index 88e1da2b3..52f76845b 100644 --- a/workflow/engine/controllers/pmTablesProxy.php +++ b/workflow/engine/controllers/pmTablesProxy.php @@ -451,30 +451,32 @@ class pmTablesProxy extends HttpProxyController $this->message = $this->success ? G::loadTranslation( 'ID_DELETED_SUCCESSFULLY' ) : G::loadTranslation( 'ID_DELETE_FAILED' ); } - public function importCSV ($httpData) + /** + * Import pmTable from CSV file + * @param $httpData + */ + public function importCSV($httpData) { $filter = new InputFilter(); $countRow = 250; $tmpfilename = $_FILES['form']['tmp_name']['CSV_FILE']; - //$tmpfilename = $filter->xssFilterHard($tmpfilename, 'path'); - if (preg_match( '/[\x00-\x08\x0b-\x0c\x0e\x1f]/', file_get_contents( $tmpfilename ) ) === 0) { + if (preg_match('/[\x00-\x08\x0b-\x0c\x0e\x1f]/', file_get_contents($tmpfilename)) === 0) { $filename = $_FILES['form']['name']['CSV_FILE']; - //$filename = $filter->xssFilterHard($filename, 'path'); - if ($oFile = fopen( $filter->xssFilterHard($tmpfilename, 'path'), 'r' )) { + if ($oFile = fopen($filter->xssFilterHard($tmpfilename, 'path'), 'r')) { require_once 'classes/model/AdditionalTables.php'; $oAdditionalTables = new AdditionalTables(); - $aAdditionalTables = $oAdditionalTables->load( $_POST['form']['ADD_TAB_UID'], true ); + $aAdditionalTables = $oAdditionalTables->load($_POST['form']['ADD_TAB_UID'], true); $sErrorMessages = ''; $i = 1; $conData = 0; $insert = 'REPLACE INTO ' . $aAdditionalTables['ADD_TAB_NAME'] . ' ('; $query = ''; $swHead = false; - while (($aAux = fgetcsv( $oFile, 4096, $_POST['form']['CSV_DELIMITER'] )) !== false) { - if (! is_null( $aAux[0] )) { - if (count( $aAdditionalTables['FIELDS'] ) > count( $aAux )) { + while (($aAux = fgetcsv($oFile, 4096, $_POST['form']['CSV_DELIMITER'], '"', '"')) !== false) { + if (!is_null($aAux[0])) { + if (count($aAdditionalTables['FIELDS']) > count($aAux)) { $this->success = false; - $this->message = G::LoadTranslation( 'INVALID_FILE' ); + $this->message = G::LoadTranslation('INVALID_FILE'); return 0; } if ($i == 1) { @@ -484,7 +486,7 @@ class pmTablesProxy extends HttpProxyController if ($aField['FLD_NAME'] === $aAux[$j]) { $swHead = true; } - $j ++; + $j++; } $insert = substr($insert, 0, -2); $insert .= ') VALUES '; @@ -495,13 +497,11 @@ class pmTablesProxy extends HttpProxyController $j = 0; foreach ($aAdditionalTables['FIELDS'] as $aField) { $conData++; - if (array_key_exists($j, $aAux)) { - $temp = '"' . addslashes(stripslashes(G::is_utf8($aAux[$j]) ? $aAux[$j] : utf8_encode($aAux[$j]))) . '"'; + $temp = '"' . addslashes(G::is_utf8($aAux[$j]) ? $aAux[$j] : utf8_encode($aAux[$j])) . '"'; } else { $temp = '""'; } - if ($temp == '') { switch ($aField['FLD_TYPE']) { case 'DATE': @@ -510,7 +510,7 @@ class pmTablesProxy extends HttpProxyController break; } } - $j ++; + $j++; $queryRow .= $temp . ','; } $query .= substr($queryRow, 0, -1) . '),'; @@ -522,15 +522,15 @@ class pmTablesProxy extends HttpProxyController $conData = 0; } } catch (Exception $oError) { - $sErrorMessages .= G::LoadTranslation( 'ID_ERROR_INSERT_LINE' ) . ': ' . G::LoadTranslation( 'ID_LINE' ) . ' ' . $i . '. '; + $sErrorMessages .= G::LoadTranslation('ID_ERROR_INSERT_LINE') . ': ' . G::LoadTranslation('ID_LINE') . ' ' . $i . '. '; } } else { $swHead = false; } - $i ++; + $i++; } } - fclose( $oFile ); + fclose($oFile); if ($conData > 0) { $query = substr($query, 0, -1); executeQuery($insert . $query . ';', $aAdditionalTables['DBS_UID']); @@ -541,12 +541,12 @@ class pmTablesProxy extends HttpProxyController $this->message = $sErrorMessages; } else { $this->success = true; - $this->message = G::loadTranslation( 'ID_FILE_IMPORTED_SUCCESSFULLY', array ($filename - ) ); + $this->message = G::loadTranslation('ID_FILE_IMPORTED_SUCCESSFULLY', array($filename + )); G::auditLog("ImportTable", $filename); } } else { - $sMessage = G::LoadTranslation( 'ID_UPLOAD_VALID_CSV_FILE' ); + $sMessage = G::LoadTranslation('ID_UPLOAD_VALID_CSV_FILE'); $this->success = false; $this->message = $sMessage; } @@ -637,11 +637,11 @@ class pmTablesProxy extends HttpProxyController } /** - * export a pm tables record to CSV - * - * @param string $httpData->id + * Export pmTable to CSV format + * @param $httpData + * @return StdClass */ - public function exportCSV ($httpData) + public function exportCSV($httpData) { $result = new StdClass(); try { @@ -653,50 +653,30 @@ class pmTablesProxy extends HttpProxyController require_once 'classes/model/AdditionalTables.php'; $oAdditionalTables = new AdditionalTables(); - $aAdditionalTables = $oAdditionalTables->load( $_POST['ADD_TAB_UID'], true ); + $aAdditionalTables = $oAdditionalTables->load($_POST['ADD_TAB_UID'], true); $sErrorMessages = ''; $sDelimiter = $_POST['CSV_DELIMITER']; - $resultData = $oAdditionalTables->getAllData( $_POST['ADD_TAB_UID'], null, null, false ); + $resultData = $oAdditionalTables->getAllData($_POST['ADD_TAB_UID'], null, null, false); $rows = $resultData['rows']; $count = $resultData['count']; $PUBLIC_ROOT_PATH = PATH_DATA . 'sites' . PATH_SEP . SYS_SYS . PATH_SEP . 'public' . PATH_SEP; - $filenameOnly = strtolower( $aAdditionalTables['ADD_TAB_NAME'] . "_" . date( "Y-m-d" ) . '_' . date( "Hi" ) . ".csv" ); + $filenameOnly = strtolower($aAdditionalTables['ADD_TAB_NAME'] . "_" . date("Y-m-d") . '_' . date("Hi") . ".csv"); $filename = $PUBLIC_ROOT_PATH . $filenameOnly; - $fp = fopen( $filename, "wb" ); - + $fp = fopen($filename, "wb"); $swColumns = true; foreach ($rows as $keyCol => $cols) { - $SDATA = ""; - $header = ""; - $cnt = $cntC = count( $cols ); - foreach ($cols as $key => $val) { - if($swColumns){ - $header .= $key; - if (-- $cntC > 0) { - $header .= $sDelimiter; - } else { - $header .= "\n"; - $bytesSaved += fwrite( $fp, $header ); - $swColumns = false; - } - } - $SDATA .= addslashes($val); - if (-- $cnt > 0) { - $SDATA .= $sDelimiter; - } + if ($swColumns) { + fputcsv($fp, array_keys($cols), $sDelimiter, '"', "\\"); + $swColumns = false; } - $SDATA .= "\n"; - $bytesSaved += fwrite( $fp, $SDATA ); + fputcsv($fp, $cols, $sDelimiter, '"'); } - fclose( $fp ); - - // $filenameLink = "pmTables/streamExported?f=$filenameOnly"; + fclose($fp); $filenameLink = "streamExported?f=$filenameOnly"; - $size = round( ($bytesSaved / 1024), 2 ) . " Kb"; - $filename = $filenameOnly; + $size = filesize($filename); $link = $filenameLink; $result->success = true; From 33091008ffdce799edd57b39b10a44e91dba72e9 Mon Sep 17 00:00:00 2001 From: hjonathan Date: Mon, 7 Aug 2017 13:50:14 -0400 Subject: [PATCH 07/52] HOR-3282 --- .../src/ProcessMaker/BusinessModel/Task.php | 2 +- .../Exception/ProjectNotFound.php | 2 +- .../engine/src/ProcessMaker/Project/Bpmn.php | 8 +++++-- .../Services/Api/Project/Activity.php | 22 ++++++++++++++----- 4 files changed, 25 insertions(+), 9 deletions(-) diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Task.php b/workflow/engine/src/ProcessMaker/BusinessModel/Task.php index 1dd0e9c11..f01e04351 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Task.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Task.php @@ -1894,7 +1894,7 @@ class Task } } - public function getValidateSelfService($data) + public function hasPendingCases($data) { $paused = false; $data = array_change_key_case($data, CASE_LOWER); diff --git a/workflow/engine/src/ProcessMaker/Exception/ProjectNotFound.php b/workflow/engine/src/ProcessMaker/Exception/ProjectNotFound.php index 5e017eb67..73b4957bd 100644 --- a/workflow/engine/src/ProcessMaker/Exception/ProjectNotFound.php +++ b/workflow/engine/src/ProcessMaker/Exception/ProjectNotFound.php @@ -5,7 +5,7 @@ use ProcessMaker\Project; class ProjectNotFound extends \RuntimeException { - const EXCEPTION_CODE = 20; + const EXCEPTION_CODE = 400; public function __construct(Project\Handler $obj, $uid, $message = "", \Exception $previous = null) { $message = empty($message) ? sprintf("Project \"%s\" with UID: %s, does not exist.", get_class($obj), $uid) : $message; diff --git a/workflow/engine/src/ProcessMaker/Project/Bpmn.php b/workflow/engine/src/ProcessMaker/Project/Bpmn.php index 3db94b13a..e64ba6fe5 100644 --- a/workflow/engine/src/ProcessMaker/Project/Bpmn.php +++ b/workflow/engine/src/ProcessMaker/Project/Bpmn.php @@ -428,9 +428,13 @@ class Bpmn extends Handler self::log("Remove Activity: $actUid"); $activity = ActivityPeer::retrieveByPK($actUid); - $activity->delete(); - //TODO if the activity was removed, the related flows to that activity must be removed + if (isset($activity)) { + $activity->delete(); + \BpmnFlow::removeAllRelated($actUid); + } else { + throw new \Exception(\G::LoadTranslation("ID_ACTIVITY_DOES_NOT_EXIST", array("act_uid", $actUid))); + } self::log("Remove Activity Success!"); } catch (\Exception $e) { self::log("Exception: ", $e->getMessage(), "Trace: ", $e->getTraceAsString()); diff --git a/workflow/engine/src/ProcessMaker/Services/Api/Project/Activity.php b/workflow/engine/src/ProcessMaker/Services/Api/Project/Activity.php index e55585094..70309793c 100644 --- a/workflow/engine/src/ProcessMaker/Services/Api/Project/Activity.php +++ b/workflow/engine/src/ProcessMaker/Services/Api/Project/Activity.php @@ -136,22 +136,34 @@ class Activity extends Api /** + * This method remove an activity and all related components * @param string $prj_uid {@min 32} {@max 32} * @param string $act_uid {@min 32} {@max 32} - * * @author Brayan Pereyra (Cochalo) * @copyright Colosa - Bolivia * @return array - * + * @access protected + * @class AccessControl {@permission PM_FACTORY} * @url DELETE /:prj_uid/activity/:act_uid */ public function doDeleteProjectActivity($prj_uid, $act_uid) { try { $task = new \ProcessMaker\BusinessModel\Task(); - $task->deleteTask($prj_uid, $act_uid); + $task->setFormatFieldNameInUppercase(false); + $task->setArrayParamException(array("taskUid" => "act_uid")); + + $response = $task->hasPendingCases(array("act_uid" => $act_uid, "case_type" => "assigned")); + if ($response->result != false) { + $project = new \ProcessMaker\Project\Adapter\BpmnWorkflow(); + $prj = $project->load($prj_uid); + $prj->removeActivity($act_uid); + } else { + throw new RestException(403, $response->message); + } } catch (\Exception $e) { - throw new RestException(Api::STAT_APP_EXCEPTION, $e->getMessage()); + $resCode = $e->getCode() == 0 ? Api::STAT_APP_EXCEPTION : $e->getCode(); + throw new RestException($resCode, $e->getMessage()); } } @@ -215,7 +227,7 @@ class Activity extends Api $task->setFormatFieldNameInUppercase(false); $task->setArrayParamException(array("taskUid" => "act_uid")); - $response = $task->getValidateSelfService($request_data); + $response = $task->hasPendingCases($request_data); return $response; } catch (\Exception $e) { From d861a222441ce47cd59eaf886b74a4f68d8496c1 Mon Sep 17 00:00:00 2001 From: hjonathan Date: Tue, 8 Aug 2017 08:35:43 -0400 Subject: [PATCH 08/52] HOR-3282 update --- workflow/engine/src/ProcessMaker/BusinessModel/Task.php | 5 +++++ workflow/engine/src/ProcessMaker/Project/Bpmn.php | 7 ++++--- .../src/ProcessMaker/Services/Api/Project/Activity.php | 4 +--- 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Task.php b/workflow/engine/src/ProcessMaker/BusinessModel/Task.php index f01e04351..10bb88b1b 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Task.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Task.php @@ -1894,6 +1894,11 @@ class Task } } + /** + * This method verify if an activity has cases + * @param $data + * @return \stdclass + */ public function hasPendingCases($data) { $paused = false; diff --git a/workflow/engine/src/ProcessMaker/Project/Bpmn.php b/workflow/engine/src/ProcessMaker/Project/Bpmn.php index e64ba6fe5..a6a3c9e71 100644 --- a/workflow/engine/src/ProcessMaker/Project/Bpmn.php +++ b/workflow/engine/src/ProcessMaker/Project/Bpmn.php @@ -31,7 +31,8 @@ use \BpmnLanePeer as LanePeer; use \BasePeer; use \Criteria as Criteria; use \ResultSet as ResultSet; - +use \BpmnFlow; +use \G; use ProcessMaker\Util\Common; use ProcessMaker\Exception; @@ -430,10 +431,10 @@ class Bpmn extends Handler $activity = ActivityPeer::retrieveByPK($actUid); if (isset($activity)) { $activity->delete(); - \BpmnFlow::removeAllRelated($actUid); + BpmnFlow::removeAllRelated($actUid); } else { - throw new \Exception(\G::LoadTranslation("ID_ACTIVITY_DOES_NOT_EXIST", array("act_uid", $actUid))); + throw new \Exception(G::LoadTranslation("ID_ACTIVITY_DOES_NOT_EXIST", array("act_uid", $actUid))); } self::log("Remove Activity Success!"); } catch (\Exception $e) { diff --git a/workflow/engine/src/ProcessMaker/Services/Api/Project/Activity.php b/workflow/engine/src/ProcessMaker/Services/Api/Project/Activity.php index 70309793c..43e7631a9 100644 --- a/workflow/engine/src/ProcessMaker/Services/Api/Project/Activity.php +++ b/workflow/engine/src/ProcessMaker/Services/Api/Project/Activity.php @@ -139,8 +139,6 @@ class Activity extends Api * This method remove an activity and all related components * @param string $prj_uid {@min 32} {@max 32} * @param string $act_uid {@min 32} {@max 32} - * @author Brayan Pereyra (Cochalo) - * @copyright Colosa - Bolivia * @return array * @access protected * @class AccessControl {@permission PM_FACTORY} @@ -154,7 +152,7 @@ class Activity extends Api $task->setArrayParamException(array("taskUid" => "act_uid")); $response = $task->hasPendingCases(array("act_uid" => $act_uid, "case_type" => "assigned")); - if ($response->result != false) { + if ($response->result !== false) { $project = new \ProcessMaker\Project\Adapter\BpmnWorkflow(); $prj = $project->load($prj_uid); $prj->removeActivity($act_uid); From 699183930990e0aaf4e046f26288bfb69331214e Mon Sep 17 00:00:00 2001 From: hjonathan Date: Tue, 8 Aug 2017 16:45:49 -0400 Subject: [PATCH 09/52] HOR-3633 --- gulliver/bin/tasks/pakeGulliver.php | 2 +- gulliver/system/class.dynaformhandler.php | 2 +- thirdparty/propel/Propel.php | 2 +- workflow/engine/bin/cron_single.php | 2 +- workflow/engine/classes/class.AppSolr.php | 2 +- .../engine/classes/class.dbConnections.php | 2 +- .../engine/classes/class.dynaFormField.php | 2 +- .../engine/classes/class.dynaformEditor.php | 6 +- workflow/engine/classes/class.pmFunctions.php | 284 +++++++++++++++++ workflow/engine/classes/class.pmScript.php | 286 +----------------- .../classes/class.serverConfiguration.php | 2 +- .../engine/classes/class.xmlfield_InputPM.php | 2 +- .../engine/classes/model/FieldCondition.php | 2 +- workflow/engine/classes/model/Language.php | 8 +- workflow/engine/classes/model/Step.php | 6 +- workflow/engine/controllers/admin.php | 2 +- workflow/engine/controllers/main.php | 2 +- workflow/engine/controllers/pmTablesProxy.php | 4 +- workflow/engine/methods/cases/cases_Step.php | 4 +- .../methods/cases/cases_StepToRevise.php | 2 +- workflow/engine/methods/cases/summary.php | 2 +- .../dbConnections/dbConnectionsAjax.php | 6 +- .../dbConnections/genericDbConnections.php | 2 +- .../dynaforms/conditionalShowHide_Ajax.php | 4 +- .../methods/dynaforms/fieldsHandlerAjax.php | 4 +- .../methods/processes/processes_Ajax.php | 2 +- .../BusinessModel/DataBaseConnection.php | 8 +- .../ProcessMaker/BusinessModel/DynaForm.php | 2 +- .../ProcessMaker/BusinessModel/Process.php | 6 +- .../src/ProcessMaker/BusinessModel/Table.php | 4 +- 30 files changed, 332 insertions(+), 332 deletions(-) diff --git a/gulliver/bin/tasks/pakeGulliver.php b/gulliver/bin/tasks/pakeGulliver.php index 745dbbe22..2e8d88562 100644 --- a/gulliver/bin/tasks/pakeGulliver.php +++ b/gulliver/bin/tasks/pakeGulliver.php @@ -1503,7 +1503,7 @@ function get_infoOnPM($workspace) { $dbNetView = new NET(DB_HOST); $dbNetView->loginDbServer(DB_USER, DB_PASS); - $dbConns = new dbConnections(''); + $dbConns = new DbConnections(''); $availdb = ''; foreach( $dbConns->getDbServicesAvailables() as $key => $val ) { if( $availdb != '' ) diff --git a/gulliver/system/class.dynaformhandler.php b/gulliver/system/class.dynaformhandler.php index 559e1b094..d8b6a2479 100644 --- a/gulliver/system/class.dynaformhandler.php +++ b/gulliver/system/class.dynaformhandler.php @@ -31,7 +31,7 @@ * @description This class is a Dynaform handler for modify directly into file * @package gulliver.system */ -class dynaFormHandler +class DynaformHandler { private $xmlfile; diff --git a/thirdparty/propel/Propel.php b/thirdparty/propel/Propel.php index 842f6f086..f8400cdb9 100644 --- a/thirdparty/propel/Propel.php +++ b/thirdparty/propel/Propel.php @@ -488,7 +488,7 @@ class Propel { * @date: 27-05-08 11:48 * * @Description: this was added for the additional database connections * ***********************************************************************/ - $oDbConnections = new dbConnections($_SESSION['PROCESS']); + $oDbConnections = new DbConnections($_SESSION['PROCESS']); $oDbConnections->loadAdditionalConnections(); $dsn = isset(self::$configuration['datasources'][$name]['connection']) ? self::$configuration['datasources'][$name]['connection'] : null; } else { diff --git a/workflow/engine/bin/cron_single.php b/workflow/engine/bin/cron_single.php index 407db80b6..1aa83d9cd 100644 --- a/workflow/engine/bin/cron_single.php +++ b/workflow/engine/bin/cron_single.php @@ -110,7 +110,7 @@ try { Bootstrap::registerClass('Entity_Base', PATH_HOME . 'engine/classes/entities/Base.php'); Bootstrap::registerClass('Entity_AppSolrQueue', PATH_HOME . 'engine/classes/entities/AppSolrQueue.php'); Bootstrap::registerClass('XMLDB', PATH_HOME . 'engine/classes/class.xmlDb.php'); - Bootstrap::registerClass('dynaFormHandler', PATH_GULLIVER . 'class.dynaformhandler.php'); + Bootstrap::registerClass('DynaformHandler', PATH_GULLIVER . 'class.dynaformhandler.php'); Bootstrap::registerClass('DynaFormField', PATH_HOME . 'engine/classes/class.dynaFormField.php'); Bootstrap::registerClass('SolrRequestData', PATH_HOME . 'engine/classes/entities/SolrRequestData.php'); Bootstrap::registerClass('SolrUpdateDocument', PATH_HOME . 'engine/classes/entities/SolrUpdateDocument.php'); diff --git a/workflow/engine/classes/class.AppSolr.php b/workflow/engine/classes/class.AppSolr.php index dd095bc49..66c8f9f4c 100644 --- a/workflow/engine/classes/class.AppSolr.php +++ b/workflow/engine/classes/class.AppSolr.php @@ -2365,7 +2365,7 @@ class AppSolr foreach ($dynaformFileNames as $dynaformFileName) { if (is_file(PATH_DYNAFORM . $dynaformFileName ['DYN_FILENAME'] . '.xml') && filesize(PATH_DYNAFORM . $dynaformFileName ['DYN_FILENAME'] . '.xml') >0 ) { - $dyn = new dynaFormHandler (PATH_DYNAFORM . $dynaformFileName ['DYN_FILENAME'] . '.xml'); + $dyn = new DynaformHandler (PATH_DYNAFORM . $dynaformFileName ['DYN_FILENAME'] . '.xml'); $dynaformFields [] = $dyn->getFields (); } if (is_file(PATH_DYNAFORM . $dynaformFileName ['DYN_FILENAME'] . '.xml') && diff --git a/workflow/engine/classes/class.dbConnections.php b/workflow/engine/classes/class.dbConnections.php index 17641b478..3eb1929c1 100644 --- a/workflow/engine/classes/class.dbConnections.php +++ b/workflow/engine/classes/class.dbConnections.php @@ -21,7 +21,7 @@ require_once 'model/Content.php'; * @package workflow.engine.classes * */ -class dbConnections +class DbConnections { private $PRO_UID; public $connections; diff --git a/workflow/engine/classes/class.dynaFormField.php b/workflow/engine/classes/class.dynaFormField.php index 1869e548a..8ceb4c01c 100644 --- a/workflow/engine/classes/class.dynaFormField.php +++ b/workflow/engine/classes/class.dynaFormField.php @@ -179,7 +179,7 @@ class DynaFormField extends DBTable public function saveField($Fields, $attributes = array(), $options = array()) { - $dynaform = new dynaFormHandler($this->getFileName()); + $dynaform = new DynaformHandler($this->getFileName()); if ($Fields['TYPE'] === 'javascript') { $Fields['XMLNODE_VALUE'] = $Fields['CODE']; unset($Fields['CODE']); diff --git a/workflow/engine/classes/class.dynaformEditor.php b/workflow/engine/classes/class.dynaformEditor.php index 27108fdce..7f402904b 100644 --- a/workflow/engine/classes/class.dynaformEditor.php +++ b/workflow/engine/classes/class.dynaformEditor.php @@ -664,7 +664,7 @@ class dynaformEditorAjax extends dynaformEditor implements iDynaformEditorAjax $pathFile = $filter->xssFilterHard(PATH_DYNAFORM . "{$file}.xml", 'path'); - $dynaform = new dynaFormHandler($pathFile); + $dynaform = new DynaformHandler($pathFile); $dynaform->replace($fieldName, $fieldName, Array('type' => 'javascript', 'meta' => $meta, '#cdata' => $sCode )); @@ -734,7 +734,7 @@ class dynaformEditorAjax extends dynaformEditor implements iDynaformEditorAjax self::_setTmpData($tmp); } $pathFile = $filter->xssFilterHard(PATH_DYNAFORM . "{$file}.xml", 'path'); - $dynaform = new dynaFormHandler($pathFile); + $dynaform = new DynaformHandler($pathFile); $dbc2 = new DBConnection($pathFile, '', '', '', 'myxml'); $ses2 = new DBSession($dbc2); //if (!isset($Fields['ENABLETEMPLATE'])) $Fields['ENABLETEMPLATE'] ="0"; @@ -804,7 +804,7 @@ class dynaformEditorAjax extends dynaformEditor implements iDynaformEditorAjax // $ses2 = new DBSession( $dbc2 ); // $ses2->execute( "UPDATE . SET ENABLETEMPLATE = '$value'" ); $pathFile = $filter->xssFilterHard(PATH_DYNAFORM . "{$file}.xml", 'path'); - $dynaform = new dynaFormHandler($pathFile); + $dynaform = new DynaformHandler($pathFile); $dynaform->modifyHeaderAttribute('enabletemplate', $value); return $value; diff --git a/workflow/engine/classes/class.pmFunctions.php b/workflow/engine/classes/class.pmFunctions.php index e06e49940..7fbdbb69f 100644 --- a/workflow/engine/classes/class.pmFunctions.php +++ b/workflow/engine/classes/class.pmFunctions.php @@ -3917,3 +3917,287 @@ function PMFSendMessageToGroup( //Return return 1; } + +//Start - Private functions + + +/** + * Convert to string + * + * @param variant $vValue + * @return string + */ +function pmToString($vValue) +{ + return (string)$vValue; +} + +/** + * Convert to integer + * + * @param variant $vValue + * @return integer + */ +function pmToInteger($vValue) +{ + return (int)$vValue; +} + +/** + * Convert to float + * + * @param variant $vValue + * @return float + */ +function pmToFloat($vValue) +{ + return (float)$vValue; +} + +/** + * Convert to Url + * + * @param variant $vValue + * @return url + */ +function pmToUrl($vValue) +{ + return urlencode($vValue); +} + +/** + * Convert to data base escaped string + * + * @param variant $vValue + * @return string + */ +function pmSqlEscape($vValue) +{ + return G::sqlEscape($vValue); +} + +//End - Private functions + + +/* * ************************************************************************* + * Error handler + * author: Julio Cesar Laura Avenda�o + * date: 2009-10-01 + * ************************************************************************* */ +/** + * @param $errno + * @param $errstr + * @param $errfile + * @param $errline + */ +function handleErrors($errno, $errstr, $errfile, $errline) +{ + if ($errno != 2048 && isset($_SESSION['_DATA_TRIGGER_']['_EXECUTION_TIME_'])) { + G::logTriggerExecution($_SESSION, $errstr, '', round(microtime(true) - + $_SESSION['_DATA_TRIGGER_']['_EXECUTION_TIME_'], 5)); + } + + if ($errno != '' && ($errno != 8) && ($errno != 2048)) { + if (isset($_SESSION['_CODE_'])) { + $sCode = $_SESSION['_CODE_']; + unset($_SESSION['_CODE_']); + global $oPMScript; + if (isset($oPMScript) && isset($_SESSION['APPLICATION'])) { + $oCase = new Cases(); + $oPMScript->aFields['__ERROR__'] = $errstr; + $oCase->updateCase($_SESSION['APPLICATION'], array('APP_DATA' => $oPMScript->aFields)); + } + registerError(1, $errstr, $errline - 1, $sCode); + } + } +} + +/* + * Handle Fatal Errors + * @param variant $buffer + * @return buffer + */ + +function handleFatalErrors($buffer) +{ + if (!empty($buffer)) { + G::logTriggerExecution($_SESSION, $buffer, 'FATAL_ERROR'); + } + + if (preg_match('/(error<\/b>:)(.+)(/', '', $regs[2]); + $aAux = explode(' in ', $err); + $sCode = isset($_SESSION['_CODE_']) ? $_SESSION['_CODE_'] : null; + unset($_SESSION['_CODE_']); + registerError(2, $aAux[0], 0, $sCode); + if (strpos($_SERVER['REQUEST_URI'], '/cases/cases_Step') !== false) { + if (strpos($_SERVER['REQUEST_URI'], '&ACTION=GENERATE') !== false) { + $aNextStep = $oCase->getNextStep($_SESSION['PROCESS'], $_SESSION['APPLICATION'], $_SESSION['INDEX'], $_SESSION['STEP_POSITION']); + if ($_SESSION['TRIGGER_DEBUG']['ISSET']) { + $_SESSION['TRIGGER_DEBUG']['TIME'] = G::toUpper(G::loadTranslation('ID_AFTER')); + $_SESSION['TRIGGER_DEBUG']['BREAKPAGE'] = $aNextStep['PAGE']; + $aNextStep['PAGE'] = $aNextStep['PAGE'] . '&breakpoint=triggerdebug'; + } + global $oPMScript; + if (isset($oPMScript) && isset($_SESSION['APPLICATION'])) { + $oPMScript->aFields['__ERROR__'] = $aAux[0]; + $oCase->updateCase($_SESSION['APPLICATION'], array('APP_DATA' => $oPMScript->aFields)); + } + G::header('Location: ' . $aNextStep['PAGE']); + die(); + } + $_SESSION['_NO_EXECUTE_TRIGGERS_'] = 1; + global $oPMScript; + if (isset($oPMScript) && isset($_SESSION['APPLICATION'])) { + $oPMScript->aFields['__ERROR__'] = $aAux[0]; + $oCase->updateCase($_SESSION['APPLICATION'], array('APP_DATA' => $oPMScript->aFields)); + } + G::header('Location: ' . $_SERVER['REQUEST_URI']); + die(); + } else { + $aNextStep = $oCase->getNextStep($_SESSION['PROCESS'], $_SESSION['APPLICATION'], $_SESSION['INDEX'], $_SESSION['STEP_POSITION']); + if (isset($_SESSION['TRIGGER_DEBUG']['ISSET']) && $_SESSION['TRIGGER_DEBUG']['ISSET']) { + $_SESSION['TRIGGER_DEBUG']['TIME'] = G::toUpper(G::loadTranslation('ID_AFTER')); + $_SESSION['TRIGGER_DEBUG']['BREAKPAGE'] = $aNextStep['PAGE']; + $aNextStep['PAGE'] = $aNextStep['PAGE'] . '&breakpoint=triggerdebug'; + } + if (strpos($aNextStep['PAGE'], 'TYPE=ASSIGN_TASK&UID=-1') !== false) { + G::SendMessageText('Fatal error in trigger', 'error'); + } + global $oPMScript; + if (isset($oPMScript) && isset($_SESSION['APPLICATION'])) { + $oPMScript->aFields['__ERROR__'] = $aAux[0]; + $oCase->updateCase($_SESSION['APPLICATION'], array('APP_DATA' => $oPMScript->aFields)); + } + G::header('Location: ' . $aNextStep['PAGE']); + die(); + } + } + return $buffer; +} + +/* + * Register Error + * @param string $iType + * @param string $sError + * @param string $iLine + * @param string $sCode + * @return void + */ + +function registerError($iType, $sError, $iLine, $sCode) +{ + $sType = ($iType == 1 ? 'ERROR' : 'FATAL'); + $_SESSION['TRIGGER_DEBUG']['ERRORS'][][$sType] = $sError . ($iLine > 0 ? ' (line ' . $iLine . ')' : '') . ':

' . $sCode; +} + +/** + * Obtain engine Data Base name + * + * @param type $connection + * @return type + */ +function getEngineDataBaseName($connection) +{ + $aDNS = $connection->getDSN(); + return $aDNS["phptype"]; +} + +/** + * Execute Queries for Oracle Database + * + * @param type $sql + * @param type $connection + */ +function executeQueryOci($sql, $connection, $aParameter = array(), $dbsEncode = "") +{ + $aDNS = $connection->getDSN(); + + $sUsername = $aDNS["username"]; + $sPassword = $aDNS["password"]; + $sHostspec = $aDNS["hostspec"]; + $sDatabse = $aDNS["database"]; + $sPort = $aDNS["port"]; + + if ($sPort != "1521") { + $flagTns = ($sDatabse == "" && ($sPort . "" == "" || $sPort . "" == "0")) ? 1 : 0; + + if ($flagTns == 0) { + // if not default port + $conn = oci_connect($sUsername, $sPassword, $sHostspec . ":" . $sPort . "/" . $sDatabse, $dbsEncode); + } else { + $conn = oci_connect($sUsername, $sPassword, $sHostspec, $dbsEncode); + } + } else { + $conn = oci_connect($sUsername, $sPassword, $sHostspec . "/" . $sDatabse, $dbsEncode); + } + + if (!$conn) { + $e = oci_error(); + trigger_error(htmlentities($e['message'], ENT_QUOTES), E_USER_ERROR); + return $e; + } + + switch (true) { + case preg_match("/^(SELECT|SHOW|DESCRIBE|DESC|WITH)\s/i", $sql): + $stid = oci_parse($conn, $sql); + + if (count($aParameter) > 0) { + foreach ($aParameter as $key => $val) { + oci_bind_by_name($stid, $key, $val); + } + } + oci_execute($stid, OCI_DEFAULT); + + $result = Array(); + $i = 1; + while ($row = oci_fetch_array($stid, OCI_ASSOC + OCI_RETURN_NULLS)) { + $result[$i++] = $row; + } + oci_free_statement($stid); + oci_close($conn); + return $result; + break; + case preg_match("/^(INSERT|UPDATE|DELETE)\s/i", $sql): + $stid = oci_parse($conn, $sql); + $isValid = true; + if (count($aParameter) > 0) { + foreach ($aParameter as $key => $val) { + oci_bind_by_name($stid, $key, $val); + } + } + $objExecute = oci_execute($stid, OCI_DEFAULT); + $result = oci_num_rows($stid); + if ($objExecute) { + oci_commit($conn); + } else { + oci_rollback($conn); + $isValid = false; + } + oci_free_statement($stid); + oci_close($conn); + if ($isValid) { + return $result; + } else { + return oci_error(); + } + break; + default: + // Stored procedures + $stid = oci_parse($conn, $sql); + $aParameterRet = array(); + if (count($aParameter) > 0) { + foreach ($aParameter as $key => $val) { + $aParameterRet[$key] = $val; + // The third parameter ($aParameterRet[$key]) returned a value by reference. + oci_bind_by_name($stid, $key, $aParameterRet[$key]); + } + } + $objExecute = oci_execute($stid, OCI_DEFAULT); + oci_free_statement($stid); + oci_close($conn); + return $aParameterRet; + break; + } +} diff --git a/workflow/engine/classes/class.pmScript.php b/workflow/engine/classes/class.pmScript.php index 2d9f2811e..742a84d31 100644 --- a/workflow/engine/classes/class.pmScript.php +++ b/workflow/engine/classes/class.pmScript.php @@ -639,288 +639,4 @@ class PMScript } } } -} - -//Start - Private functions - - -/** - * Convert to string - * - * @param variant $vValue - * @return string - */ -function pmToString ($vValue) -{ - return (string) $vValue; -} - -/** - * Convert to integer - * - * @param variant $vValue - * @return integer - */ -function pmToInteger ($vValue) -{ - return (int) $vValue; -} - -/** - * Convert to float - * - * @param variant $vValue - * @return float - */ -function pmToFloat ($vValue) -{ - return (float) $vValue; -} - -/** - * Convert to Url - * - * @param variant $vValue - * @return url - */ -function pmToUrl ($vValue) -{ - return urlencode( $vValue ); -} - -/** - * Convert to data base escaped string - * - * @param variant $vValue - * @return string - */ -function pmSqlEscape ($vValue) -{ - return G::sqlEscape( $vValue ); -} - -//End - Private functions - - -/* * ************************************************************************* - * Error handler - * author: Julio Cesar Laura Avenda�o - * date: 2009-10-01 - * ************************************************************************* */ -/** - * @param $errno - * @param $errstr - * @param $errfile - * @param $errline - */ -function handleErrors($errno, $errstr, $errfile, $errline) -{ - if ($errno != 2048 && isset($_SESSION['_DATA_TRIGGER_']['_EXECUTION_TIME_'])) { - G::logTriggerExecution($_SESSION, $errstr, '', round(microtime(true) - - $_SESSION['_DATA_TRIGGER_']['_EXECUTION_TIME_'], 5)); - } - - if ($errno != '' && ($errno != 8) && ($errno != 2048)) { - if (isset( $_SESSION['_CODE_'] )) { - $sCode = $_SESSION['_CODE_']; - unset( $_SESSION['_CODE_'] ); - global $oPMScript; - if (isset($oPMScript) && isset($_SESSION['APPLICATION'])) { - $oCase = new Cases(); - $oPMScript->aFields['__ERROR__'] = $errstr; - $oCase->updateCase($_SESSION['APPLICATION'], array('APP_DATA' => $oPMScript->aFields)); - } - registerError( 1, $errstr, $errline - 1, $sCode ); - } - } -} - -/* - * Handle Fatal Errors - * @param variant $buffer - * @return buffer - */ - -function handleFatalErrors ($buffer) -{ - if (!empty($buffer)) { - G::logTriggerExecution($_SESSION, $buffer, 'FATAL_ERROR'); - } - - if (preg_match( '/(error<\/b>:)(.+)(/', '', $regs[2] ); - $aAux = explode( ' in ', $err ); - $sCode = isset($_SESSION['_CODE_']) ? $_SESSION['_CODE_'] : null; - unset( $_SESSION['_CODE_'] ); - registerError( 2, $aAux[0], 0, $sCode ); - if (strpos( $_SERVER['REQUEST_URI'], '/cases/cases_Step' ) !== false) { - if (strpos( $_SERVER['REQUEST_URI'], '&ACTION=GENERATE' ) !== false) { - $aNextStep = $oCase->getNextStep( $_SESSION['PROCESS'], $_SESSION['APPLICATION'], $_SESSION['INDEX'], $_SESSION['STEP_POSITION'] ); - if ($_SESSION['TRIGGER_DEBUG']['ISSET']) { - $_SESSION['TRIGGER_DEBUG']['TIME'] = G::toUpper(G::loadTranslation('ID_AFTER')); - $_SESSION['TRIGGER_DEBUG']['BREAKPAGE'] = $aNextStep['PAGE']; - $aNextStep['PAGE'] = $aNextStep['PAGE'] . '&breakpoint=triggerdebug'; - } - global $oPMScript; - if (isset($oPMScript) && isset($_SESSION['APPLICATION'])) { - $oPMScript->aFields['__ERROR__'] = $aAux[0]; - $oCase->updateCase($_SESSION['APPLICATION'], array('APP_DATA' => $oPMScript->aFields)); - } - G::header( 'Location: ' . $aNextStep['PAGE'] ); - die(); - } - $_SESSION['_NO_EXECUTE_TRIGGERS_'] = 1; - global $oPMScript; - if (isset($oPMScript) && isset($_SESSION['APPLICATION'])) { - $oPMScript->aFields['__ERROR__'] = $aAux[0]; - $oCase->updateCase($_SESSION['APPLICATION'], array('APP_DATA' => $oPMScript->aFields)); - } - G::header( 'Location: ' . $_SERVER['REQUEST_URI'] ); - die(); - } else { - $aNextStep = $oCase->getNextStep( $_SESSION['PROCESS'], $_SESSION['APPLICATION'], $_SESSION['INDEX'], $_SESSION['STEP_POSITION'] ); - if (isset($_SESSION['TRIGGER_DEBUG']['ISSET']) && $_SESSION['TRIGGER_DEBUG']['ISSET']) { - $_SESSION['TRIGGER_DEBUG']['TIME'] = G::toUpper(G::loadTranslation('ID_AFTER')); - $_SESSION['TRIGGER_DEBUG']['BREAKPAGE'] = $aNextStep['PAGE']; - $aNextStep['PAGE'] = $aNextStep['PAGE'] . '&breakpoint=triggerdebug'; - } - if (strpos( $aNextStep['PAGE'], 'TYPE=ASSIGN_TASK&UID=-1' ) !== false) { - G::SendMessageText( 'Fatal error in trigger', 'error' ); - } - global $oPMScript; - if (isset($oPMScript) && isset($_SESSION['APPLICATION'])) { - $oPMScript->aFields['__ERROR__'] = $aAux[0]; - $oCase->updateCase($_SESSION['APPLICATION'], array('APP_DATA' => $oPMScript->aFields)); - } - G::header( 'Location: ' . $aNextStep['PAGE'] ); - die(); - } - } - return $buffer; -} - -/* - * Register Error - * @param string $iType - * @param string $sError - * @param string $iLine - * @param string $sCode - * @return void - */ - -function registerError ($iType, $sError, $iLine, $sCode) -{ - $sType = ($iType == 1 ? 'ERROR' : 'FATAL'); - $_SESSION['TRIGGER_DEBUG']['ERRORS'][][$sType] = $sError . ($iLine > 0 ? ' (line ' . $iLine . ')' : '') . ':

' . $sCode; -} - -/** - * Obtain engine Data Base name - * - * @param type $connection - * @return type - */ -function getEngineDataBaseName ($connection) -{ - $aDNS = $connection->getDSN(); - return $aDNS["phptype"]; -} - -/** - * Execute Queries for Oracle Database - * - * @param type $sql - * @param type $connection - */ -function executeQueryOci ($sql, $connection, $aParameter = array(), $dbsEncode = "") -{ - $aDNS = $connection->getDSN(); - - $sUsername = $aDNS["username"]; - $sPassword = $aDNS["password"]; - $sHostspec = $aDNS["hostspec"]; - $sDatabse = $aDNS["database"]; - $sPort = $aDNS["port"]; - - if ($sPort != "1521") { - $flagTns = ($sDatabse == "" && ($sPort . "" == "" || $sPort . "" == "0"))? 1 : 0; - - if ($flagTns == 0) { - // if not default port - $conn = oci_connect($sUsername, $sPassword, $sHostspec . ":" . $sPort . "/" . $sDatabse, $dbsEncode); - } else { - $conn = oci_connect($sUsername, $sPassword, $sHostspec, $dbsEncode); - } - } else { - $conn = oci_connect( $sUsername, $sPassword, $sHostspec . "/" . $sDatabse, $dbsEncode); - } - - if (! $conn) { - $e = oci_error(); - trigger_error( htmlentities( $e['message'], ENT_QUOTES ), E_USER_ERROR ); - return $e; - } - - switch (true) { - case preg_match( "/^(SELECT|SHOW|DESCRIBE|DESC|WITH)\s/i", $sql ): - $stid = oci_parse( $conn, $sql ); - - if (count( $aParameter ) > 0) { - foreach ($aParameter as $key => $val) { - oci_bind_by_name( $stid, $key, $val ); - } - } - oci_execute( $stid, OCI_DEFAULT ); - - $result = Array (); - $i = 1; - while ($row = oci_fetch_array( $stid, OCI_ASSOC + OCI_RETURN_NULLS )) { - $result[$i ++] = $row; - } - oci_free_statement( $stid ); - oci_close( $conn ); - return $result; - break; - case preg_match( "/^(INSERT|UPDATE|DELETE)\s/i", $sql ): - $stid = oci_parse( $conn, $sql ); - $isValid = true; - if (count( $aParameter ) > 0) { - foreach ($aParameter as $key => $val) { - oci_bind_by_name( $stid, $key, $val ); - } - } - $objExecute = oci_execute( $stid, OCI_DEFAULT ); - $result = oci_num_rows ($stid); - if ($objExecute) { - oci_commit( $conn ); - } else { - oci_rollback( $conn ); - $isValid = false; - } - oci_free_statement( $stid ); - oci_close( $conn ); - if ($isValid) { - return $result; - } else { - return oci_error(); - } - break; - default: - // Stored procedures - $stid = oci_parse( $conn, $sql ); - $aParameterRet = array (); - if (count( $aParameter ) > 0) { - foreach ($aParameter as $key => $val) { - $aParameterRet[$key] = $val; - // The third parameter ($aParameterRet[$key]) returned a value by reference. - oci_bind_by_name( $stid, $key, $aParameterRet[$key] ); - } - } - $objExecute = oci_execute( $stid, OCI_DEFAULT ); - oci_free_statement( $stid ); - oci_close( $conn ); - return $aParameterRet; - break; - } -} +} \ No newline at end of file diff --git a/workflow/engine/classes/class.serverConfiguration.php b/workflow/engine/classes/class.serverConfiguration.php index 758748ed8..947c83a96 100644 --- a/workflow/engine/classes/class.serverConfiguration.php +++ b/workflow/engine/classes/class.serverConfiguration.php @@ -349,7 +349,7 @@ class serverConf $dbNetView = new NET(DB_HOST); $dbNetView->loginDbServer(DB_USER, DB_PASS); - $dbConns = new dbConnections(''); + $dbConns = new DbConnections(''); $availdb = ''; foreach ($dbConns->getDbServicesAvailables() as $key => $val) { if ($availdb != '') { diff --git a/workflow/engine/classes/class.xmlfield_InputPM.php b/workflow/engine/classes/class.xmlfield_InputPM.php index 64ba47382..5bd2d3814 100644 --- a/workflow/engine/classes/class.xmlfield_InputPM.php +++ b/workflow/engine/classes/class.xmlfield_InputPM.php @@ -531,7 +531,7 @@ function getVarsGrid ($proUid, $dynUid) $dynaformFields = array (); if (is_file( PATH_DATA . '/sites/'. SYS_SYS .'/xmlForms/'. $proUid .'/'.$dynUid. '.xml' ) && filesize( PATH_DATA . '/sites/'. SYS_SYS .'/xmlForms/'. $proUid .'/'. $dynUid .'.xml' ) > 0) { - $dyn = new dynaFormHandler( PATH_DATA . '/sites/'. SYS_SYS .'/xmlForms/' .$proUid. '/' . $dynUid .'.xml' ); + $dyn = new DynaformHandler( PATH_DATA . '/sites/'. SYS_SYS .'/xmlForms/' .$proUid. '/' . $dynUid .'.xml' ); $dynaformFields[] = $dyn->getFields(); } diff --git a/workflow/engine/classes/model/FieldCondition.php b/workflow/engine/classes/model/FieldCondition.php index 4cbb86a98..f6738be38 100644 --- a/workflow/engine/classes/model/FieldCondition.php +++ b/workflow/engine/classes/model/FieldCondition.php @@ -137,7 +137,7 @@ class FieldCondition extends BaseFieldCondition $oDynaform = DynaformPeer::retrieveByPk( $DYN_UID ); $PRO_UID = $oDynaform->getProUid(); - $this->oDynaformHandler = new dynaFormHandler( PATH_DYNAFORM . "$PRO_UID/$DYN_UID" . '.xml' ); + $this->oDynaformHandler = new DynaformHandler( PATH_DYNAFORM . "$PRO_UID/$DYN_UID" . '.xml' ); $aDynaformFields = $this->oDynaformHandler->getFieldNames(); for ($i = 0; $i < count( $aDynaformFields ); $i ++) { $aDynaformFields[$i] = "'$aDynaformFields[$i]'"; diff --git a/workflow/engine/classes/model/Language.php b/workflow/engine/classes/model/Language.php index 481ca6b16..ceed78a4b 100644 --- a/workflow/engine/classes/model/Language.php +++ b/workflow/engine/classes/model/Language.php @@ -247,7 +247,7 @@ class Language extends BaseLanguage } - $dynaform = new dynaFormHandler( PATH_XMLFORM . $xmlForm ); + $dynaform = new DynaformHandler( PATH_XMLFORM . $xmlForm ); $fieldName = $match[2]; $codes = explode( '-', $reference ); @@ -460,7 +460,7 @@ class Language extends BaseLanguage $xmlFormFile = str_replace( chr( 92 ), '/', $xmlFormPath ); $xmlFormFile = str_replace( PATH_XMLFORM, '', $xmlFormPath ); - $dynaForm = new dynaFormHandler( $xmlFormPath ); + $dynaForm = new DynaformHandler( $xmlFormPath ); $dynaNodes = $dynaForm->getFields(); @@ -635,7 +635,7 @@ class Language extends BaseLanguage } - $dynaform = new dynaFormHandler( PATH_PLUGINS . $plugin . PATH_SEP . $xmlForm ); + $dynaform = new DynaformHandler( PATH_PLUGINS . $plugin . PATH_SEP . $xmlForm ); $fieldName = $match[2]; $codes = explode( '-', $reference ); @@ -753,7 +753,7 @@ class Language extends BaseLanguage foreach ($aXMLForms as $xmlFormPath) { $xmlFormFile = str_replace( chr( 92 ), '/', $xmlFormPath ); $xmlFormFile = str_replace( PATH_PLUGINS . $plugin . PATH_SEP , '', $xmlFormPath ); - $dynaForm = new dynaFormHandler( $xmlFormPath ); + $dynaForm = new DynaformHandler( $xmlFormPath ); $dynaNodes = $dynaForm->getFields(); //get all fields of each xmlform foreach ($dynaNodes as $oNode) { diff --git a/workflow/engine/classes/model/Step.php b/workflow/engine/classes/model/Step.php index 3edaba75f..b8932d45e 100644 --- a/workflow/engine/classes/model/Step.php +++ b/workflow/engine/classes/model/Step.php @@ -374,7 +374,7 @@ class Step extends BaseStep while ($oDataset->next()) { $aRow1 = $oDataset->getRow(); //print_r($aRow1); - $dynHandler = new dynaFormHandler(PATH_DYNAFORM . $sproUid . PATH_SEP . $aRow1["DYN_UID"] . ".xml"); + $dynHandler = new DynaformHandler(PATH_DYNAFORM . $sproUid . PATH_SEP . $aRow1["DYN_UID"] . ".xml"); $dynFields = $dynHandler->getFields(); $sxmlgrid = ''; $sType = ''; @@ -477,7 +477,7 @@ class Step extends BaseStep $oDataset->next(); while ($aRow = $oDataset->getRow()) { if ($aRow['DYN_TYPE'] == 'xmlform') { - $dynHandler = new dynaFormHandler( PATH_DYNAFORM . $aRow['DYN_FILENAME'] . ".xml" ); + $dynHandler = new DynaformHandler( PATH_DYNAFORM . $aRow['DYN_FILENAME'] . ".xml" ); $dynFields = $dynHandler->getFields(); $sxmlgrid = ''; $sType = ''; @@ -547,7 +547,7 @@ class Step extends BaseStep while ($oDataset->next()) { $aRow1 = $oDataset->getRow(); - $dynHandler = new dynaFormHandler( PATH_DYNAFORM . $sproUid . "/" . $sObjUID . ".xml" ); + $dynHandler = new DynaformHandler( PATH_DYNAFORM . $sproUid . "/" . $sObjUID . ".xml" ); $dynFields = $dynHandler->getFields(); $sxmlgrid = ''; $sType = ''; diff --git a/workflow/engine/controllers/admin.php b/workflow/engine/controllers/admin.php index f743e064a..bba49987b 100644 --- a/workflow/engine/controllers/admin.php +++ b/workflow/engine/controllers/admin.php @@ -233,7 +233,7 @@ class Admin extends Controller $dbNetView = new NET( DB_HOST ); $dbNetView->loginDbServer( DB_USER, DB_PASS ); - $dbConns = new dbConnections( '' ); + $dbConns = new DbConnections( '' ); $availdb = ''; foreach ($dbConns->getDbServicesAvailables() as $key => $val) { if ($availdb != '') { diff --git a/workflow/engine/controllers/main.php b/workflow/engine/controllers/main.php index 82baf7927..2aa238393 100644 --- a/workflow/engine/controllers/main.php +++ b/workflow/engine/controllers/main.php @@ -696,7 +696,7 @@ class Main extends Controller $dbNetView = new NET( DB_HOST ); $dbNetView->loginDbServer( DB_USER, DB_PASS ); - $dbConns = new dbConnections( '' ); + $dbConns = new DbConnections( '' ); $availdb = ''; foreach ($dbConns->getDbServicesAvailables() as $key => $val) { if ($availdb != '') { diff --git a/workflow/engine/controllers/pmTablesProxy.php b/workflow/engine/controllers/pmTablesProxy.php index 88e1da2b3..cf0002ec1 100644 --- a/workflow/engine/controllers/pmTablesProxy.php +++ b/workflow/engine/controllers/pmTablesProxy.php @@ -1269,7 +1269,7 @@ class pmTablesProxy extends HttpProxyController while ($aRow = $oDataset->getRow()) { if (file_exists( PATH_DYNAFORM . PATH_SEP . $aRow['DYN_FILENAME'] . '.xml' )) { - $dynaformHandler = new dynaformHandler( PATH_DYNAFORM . $aRow['DYN_FILENAME'] . '.xml' ); + $dynaformHandler = new DynaformHandler( PATH_DYNAFORM . $aRow['DYN_FILENAME'] . '.xml' ); $nodeFieldsList = $dynaformHandler->getFields(); foreach ($nodeFieldsList as $node) { @@ -1579,7 +1579,7 @@ class pmTablesProxy extends HttpProxyController } } } else { - $dynaformHandler = new dynaformHandler(PATH_DYNAFORM . $record['DYN_FILENAME'] . '.xml'); + $dynaformHandler = new DynaformHandler(PATH_DYNAFORM . $record['DYN_FILENAME'] . '.xml'); $nodeFieldsList = $dynaformHandler->getFields(); foreach ($nodeFieldsList as $node) { diff --git a/workflow/engine/methods/cases/cases_Step.php b/workflow/engine/methods/cases/cases_Step.php index 03e9226cb..e441a828e 100644 --- a/workflow/engine/methods/cases/cases_Step.php +++ b/workflow/engine/methods/cases/cases_Step.php @@ -325,7 +325,7 @@ try { * Added By erik 16-05-08 * Description: this was added for the additional database connections */ - $oDbConnections = new dbConnections( $_SESSION['PROCESS'] ); + $oDbConnections = new DbConnections( $_SESSION['PROCESS'] ); $oDbConnections->loadAdditionalConnections(); $_SESSION['CURRENT_DYN_UID'] = $_GET['UID']; @@ -1146,7 +1146,7 @@ try { * Description: this was added for the additional database connections */ - $oDbConnections = new dbConnections( $_SESSION['PROCESS'] ); + $oDbConnections = new DbConnections( $_SESSION['PROCESS'] ); $oDbConnections->loadAdditionalConnections(); $stepFilename = "$sNamespace/$sStepName"; G::evalJScript( " diff --git a/workflow/engine/methods/cases/cases_StepToRevise.php b/workflow/engine/methods/cases/cases_StepToRevise.php index 7e413838d..4c94f1672 100644 --- a/workflow/engine/methods/cases/cases_StepToRevise.php +++ b/workflow/engine/methods/cases/cases_StepToRevise.php @@ -139,7 +139,7 @@ if (! isset( $_GET['ex'] )) { $_GET['ex'] = $_GET['position']; } -$oDbConnections = new dbConnections( $_SESSION['PROCESS'] ); +$oDbConnections = new DbConnections( $_SESSION['PROCESS'] ); $oDbConnections->loadAdditionalConnections(); $G_PUBLISH = new Publisher(); diff --git a/workflow/engine/methods/cases/summary.php b/workflow/engine/methods/cases/summary.php index 7209117a5..9e2a1ba43 100644 --- a/workflow/engine/methods/cases/summary.php +++ b/workflow/engine/methods/cases/summary.php @@ -75,7 +75,7 @@ try { } if (file_exists( PATH_DYNAFORM . $applicationFields['PRO_UID'] . PATH_SEP . $_REQUEST['DYN_UID'] . '.xml' )) { $_SESSION['PROCESS'] = $applicationFields['PRO_UID']; - $dbConnections = new dbConnections( $_SESSION['PROCESS'] ); + $dbConnections = new DbConnections( $_SESSION['PROCESS'] ); $dbConnections->loadAdditionalConnections(); $_SESSION['CURRENT_DYN_UID'] = $_REQUEST['DYN_UID']; diff --git a/workflow/engine/methods/dbConnections/dbConnectionsAjax.php b/workflow/engine/methods/dbConnections/dbConnectionsAjax.php index 41e23c236..44b1dbc84 100644 --- a/workflow/engine/methods/dbConnections/dbConnectionsAjax.php +++ b/workflow/engine/methods/dbConnections/dbConnectionsAjax.php @@ -93,7 +93,7 @@ switch ($action) { G::RenderPage( 'publish', 'raw' ); break; case 'newDdConnection': - $dbs = new dbConnections( $_SESSION['PROCESS'] ); + $dbs = new DbConnections( $_SESSION['PROCESS'] ); $dbServices = $dbs->getDbServicesAvailables(); $dbService = $dbs->getEncondeList(); @@ -115,7 +115,7 @@ switch ($action) { G::RenderPage( 'publish', 'raw' ); break; case 'editDdConnection': - $dbs = new dbConnections( $_SESSION['PROCESS'] ); + $dbs = new DbConnections( $_SESSION['PROCESS'] ); $dbServices = $dbs->getDbServicesAvailables(); $rows[] = array ('uid' => 'char','name' => 'char' @@ -343,7 +343,7 @@ switch ($action) { $engine = $_POST['engine']; if ($engine != "0") { - $dbs = new dbConnections(); + $dbs = new DbConnections(); $var = Bootstrap::json_encode($dbs->getEncondeList($filter->xssFilterHard($engine))); G::outRes($var); diff --git a/workflow/engine/methods/dbConnections/genericDbConnections.php b/workflow/engine/methods/dbConnections/genericDbConnections.php index fff0c3a66..eb85b848d 100644 --- a/workflow/engine/methods/dbConnections/genericDbConnections.php +++ b/workflow/engine/methods/dbConnections/genericDbConnections.php @@ -9,7 +9,7 @@ if (isset( $_SESSION['PROCESS'] )) { $pro = include (PATH_CORE . "config/databases.php"); - $oDbConnections = new dbConnections( $_SESSION['PROCESS'] ); + $oDbConnections = new DbConnections( $_SESSION['PROCESS'] ); foreach ($oDbConnections->connections as $db) { $db['DBS_PASSWORD'] = $oDbConnections->getPassWithoutEncrypt( $db ); diff --git a/workflow/engine/methods/dynaforms/conditionalShowHide_Ajax.php b/workflow/engine/methods/dynaforms/conditionalShowHide_Ajax.php index f1578448e..1653d5c5b 100644 --- a/workflow/engine/methods/dynaforms/conditionalShowHide_Ajax.php +++ b/workflow/engine/methods/dynaforms/conditionalShowHide_Ajax.php @@ -54,7 +54,7 @@ try { $sFilter = isset( $_POST['filter'] ) ? $_POST['filter'] : ''; //$oJSON = new Services_JSON(); - $oDynaformHandler = new dynaFormHandler( PATH_DYNAFORM . $_DYN_FILENAME . '.xml' ); + $oDynaformHandler = new DynaformHandler( PATH_DYNAFORM . $_DYN_FILENAME . '.xml' ); $aFilter = explode( ',', $sFilter ); @@ -68,7 +68,7 @@ try { $_DYN_FILENAME = $_SESSION['Current_Dynafom']['Parameters']['FILE']; $sFilter = isset( $_POST['filter'] ) ? $_POST['filter'] : ''; - $oDynaformHandler = new dynaFormHandler( PATH_DYNAFORM . $_DYN_FILENAME . '.xml' ); + $oDynaformHandler = new DynaformHandler( PATH_DYNAFORM . $_DYN_FILENAME . '.xml' ); $aFilter = explode( ',', $sFilter ); $aAvailableFields = $oDynaformHandler->getFieldNames( $aFilter ); diff --git a/workflow/engine/methods/dynaforms/fieldsHandlerAjax.php b/workflow/engine/methods/dynaforms/fieldsHandlerAjax.php index afb15fdd5..1da0a13d5 100644 --- a/workflow/engine/methods/dynaforms/fieldsHandlerAjax.php +++ b/workflow/engine/methods/dynaforms/fieldsHandlerAjax.php @@ -38,7 +38,7 @@ switch ($request) { $tmpfilename = $filter->xssFilterHard($tmpfilename); - $o = new dynaFormHandler( PATH_DYNAFORM . "{$tmpfilename}.xml" ); + $o = new DynaformHandler( PATH_DYNAFORM . "{$tmpfilename}.xml" ); $list_elements = explode( ',', $items ); @@ -59,7 +59,7 @@ switch ($request) { $tmpfilename = $_SESSION['Current_Dynafom']['Parameters']['FILE']; $tmpfilename = $filter->xssFilterHard($tmpfilename); - $o = new dynaFormHandler( PATH_DYNAFORM . "{$tmpfilename}.xml" ); + $o = new DynaformHandler( PATH_DYNAFORM . "{$tmpfilename}.xml" ); $hidden_items = Array (); $has_hidden_items = false; diff --git a/workflow/engine/methods/processes/processes_Ajax.php b/workflow/engine/methods/processes/processes_Ajax.php index d0774867f..d7bb2c1ef 100644 --- a/workflow/engine/methods/processes/processes_Ajax.php +++ b/workflow/engine/methods/processes/processes_Ajax.php @@ -901,7 +901,7 @@ try { $proUid = isset($_REQUEST['PRO_UID']) ? $_REQUEST['PRO_UID'] : ''; $dynUid = isset($_REQUEST['DYN_UID']) ? $_REQUEST['DYN_UID'] : ''; if (is_file(PATH_DATA . '/sites/' . SYS_SYS . '/xmlForms/' . $proUid . '/' . $dynUid . '.xml') && filesize(PATH_DATA . '/sites/' . SYS_SYS . '/xmlForms/' . $proUid . '/' . $dynUid . '.xml') > 0) { - $dyn = new dynaFormHandler(PATH_DATA . '/sites/' . SYS_SYS . '/xmlForms/' . $proUid . '/' . $dynUid . '.xml'); + $dyn = new DynaformHandler(PATH_DATA . '/sites/' . SYS_SYS . '/xmlForms/' . $proUid . '/' . $dynUid . '.xml'); $dynaformFields[] = $dyn->getFields(); } foreach ($dynaformFields as $aDynFormFields) { diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/DataBaseConnection.php b/workflow/engine/src/ProcessMaker/BusinessModel/DataBaseConnection.php index f9baea3fc..6db0b6c37 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/DataBaseConnection.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/DataBaseConnection.php @@ -3,7 +3,7 @@ namespace ProcessMaker\BusinessModel; use \G; use \DbSource; -use \dbConnections; +use \DbConnections; class DataBaseConnection { @@ -61,7 +61,7 @@ class DataBaseConnection $dbs_uid = $this->validateDbsUid($dbs_uid, $pro_uid); } - $dbs = new dbConnections($pro_uid); + $dbs = new DbConnections($pro_uid); $oDBConnection = new DbSource(); $aFields = $oDBConnection->load($dbs_uid, $pro_uid); if ($aFields['DBS_PORT'] == '0') { @@ -162,7 +162,7 @@ class DataBaseConnection if (isset($dataDBConnection['DBS_ENCODE'])) { $encodesExists = array(); - $dbs = new dbConnections(); + $dbs = new DbConnections(); $dbEncodes = $dbs->getEncondeList($dataDBConnection['DBS_TYPE']); foreach ($dbEncodes as $value) { $encodesExists[] = $value['0']; @@ -423,7 +423,7 @@ class DataBaseConnection */ public function getDbEngines () { - $dbs = new dbConnections(); + $dbs = new DbConnections(); $dbServices = $dbs->getDbServicesAvailables(); return $dbServices; } diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/DynaForm.php b/workflow/engine/src/ProcessMaker/BusinessModel/DynaForm.php index 5aaeb6acb..3572075f3 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/DynaForm.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/DynaForm.php @@ -155,7 +155,7 @@ class DynaForm while ($oDataset->next()) { $dataForms = $oDataset->getRow(); - $dynHandler = new \dynaFormHandler(PATH_DYNAFORM . $proUid . PATH_SEP . $dataForms["DYN_UID"] . ".xml"); + $dynHandler = new \DynaformHandler(PATH_DYNAFORM . $proUid . PATH_SEP . $dataForms["DYN_UID"] . ".xml"); $dynFields = $dynHandler->getFields(); foreach ($dynFields as $field) { $sType = \Step::getAttribute( $field, 'type' ); diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Process.php b/workflow/engine/src/ProcessMaker/BusinessModel/Process.php index f903725ca..32d824580 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Process.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Process.php @@ -1686,7 +1686,7 @@ class Process while ($aRow = $oDataset->getRow()) { if (is_file(PATH_DYNAFORM . $aRow['DYN_FILENAME'] . ".xml")) { - $dyn = new \dynaFormHandler(PATH_DYNAFORM . $aRow['DYN_FILENAME'] . ".xml"); + $dyn = new \DynaformHandler(PATH_DYNAFORM . $aRow['DYN_FILENAME'] . ".xml"); if ($dyn->getHeaderAttribute("type") !== "xmlform" && $dyn->getHeaderAttribute("type") !== "") { // skip it, if that is not a xmlform @@ -1739,7 +1739,7 @@ class Process $oDataset->next(); while ($aRow = $oDataset->getRow()) { if (is_file(PATH_DYNAFORM . $aRow['DYN_FILENAME'] . ".xml")) { - $dyn = new \dynaFormHandler(PATH_DYNAFORM . $aRow['DYN_FILENAME'] . ".xml"); + $dyn = new \DynaformHandler(PATH_DYNAFORM . $aRow['DYN_FILENAME'] . ".xml"); if ($dyn->getHeaderAttribute("type") === "xmlform") { // skip it, if that is not a xmlform @@ -1785,7 +1785,7 @@ class Process $aMultipleSelectionFields = array("listbox", "checkgroup", "grid"); if (is_file( PATH_DATA . '/sites/'. SYS_SYS .'/xmlForms/'. $proUid .'/'.$dynUid. '.xml' ) && filesize( PATH_DATA . '/sites/'. SYS_SYS .'/xmlForms/'. $proUid .'/'. $dynUid .'.xml' ) > 0) { - $dyn = new \dynaFormHandler( PATH_DATA . '/sites/'. SYS_SYS .'/xmlForms/' .$proUid. '/' . $dynUid .'.xml' ); + $dyn = new \DynaformHandler( PATH_DATA . '/sites/'. SYS_SYS .'/xmlForms/' .$proUid. '/' . $dynUid .'.xml' ); $dynaformFields[] = $dyn->getFields(); $fields = $dyn->getFields(); diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Table.php b/workflow/engine/src/ProcessMaker/BusinessModel/Table.php index 82c054225..a2c40c84d 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Table.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Table.php @@ -798,7 +798,7 @@ class Table while ($oDataset->next()) { $aRow = $oDataset->getRow(); if (file_exists( PATH_DYNAFORM . PATH_SEP . $aRow['DYN_FILENAME'] . '.xml' )) { - $dynaformHandler = new \dynaformHandler( PATH_DYNAFORM . $aRow['DYN_FILENAME'] . '.xml' ); + $dynaformHandler = new \DynaformHandler( PATH_DYNAFORM . $aRow['DYN_FILENAME'] . '.xml' ); $nodeFieldsList = $dynaformHandler->getFields(); foreach ($nodeFieldsList as $node) { @@ -1052,7 +1052,7 @@ class Table while ($oDataset->next()) { $aRow = $oDataset->getRow(); - $dynaformHandler = new \dynaformHandler( PATH_DYNAFORM . $aRow['DYN_FILENAME'] . '.xml' ); + $dynaformHandler = new \DynaformHandler( PATH_DYNAFORM . $aRow['DYN_FILENAME'] . '.xml' ); $nodeFieldsList = $dynaformHandler->getFields(); foreach ($nodeFieldsList as $node) { $arrayNode = $dynaformHandler->getArray( $node ); From 5da1478fdb1e9053ba5c848c361b89195e60fa7c Mon Sep 17 00:00:00 2001 From: hjonathan Date: Tue, 8 Aug 2017 17:43:33 -0400 Subject: [PATCH 10/52] add use library remove use library --- workflow/engine/src/ProcessMaker/Project/Bpmn.php | 5 ++--- .../src/ProcessMaker/Services/Api/Project/Activity.php | 9 ++++++--- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/workflow/engine/src/ProcessMaker/Project/Bpmn.php b/workflow/engine/src/ProcessMaker/Project/Bpmn.php index a6a3c9e71..eea3d8232 100644 --- a/workflow/engine/src/ProcessMaker/Project/Bpmn.php +++ b/workflow/engine/src/ProcessMaker/Project/Bpmn.php @@ -34,7 +34,7 @@ use \ResultSet as ResultSet; use \BpmnFlow; use \G; use ProcessMaker\Util\Common; -use ProcessMaker\Exception; +use \Exception; /** * Class Bpmn @@ -432,9 +432,8 @@ class Bpmn extends Handler if (isset($activity)) { $activity->delete(); BpmnFlow::removeAllRelated($actUid); - } else { - throw new \Exception(G::LoadTranslation("ID_ACTIVITY_DOES_NOT_EXIST", array("act_uid", $actUid))); + throw new Exception(G::LoadTranslation("ID_ACTIVITY_DOES_NOT_EXIST", array("act_uid", $actUid))); } self::log("Remove Activity Success!"); } catch (\Exception $e) { diff --git a/workflow/engine/src/ProcessMaker/Services/Api/Project/Activity.php b/workflow/engine/src/ProcessMaker/Services/Api/Project/Activity.php index 43e7631a9..05c288ebd 100644 --- a/workflow/engine/src/ProcessMaker/Services/Api/Project/Activity.php +++ b/workflow/engine/src/ProcessMaker/Services/Api/Project/Activity.php @@ -3,6 +3,9 @@ namespace ProcessMaker\Services\Api\Project; use \ProcessMaker\Services\Api; use \Luracast\Restler\RestException; +use ProcessMaker\Project\Adapter\BpmnWorkflow; +use ProcessMaker\BusinessModel\Task; +use \Exception; /** * Project\Activity Api Controller @@ -147,19 +150,19 @@ class Activity extends Api public function doDeleteProjectActivity($prj_uid, $act_uid) { try { - $task = new \ProcessMaker\BusinessModel\Task(); + $task = new Task(); $task->setFormatFieldNameInUppercase(false); $task->setArrayParamException(array("taskUid" => "act_uid")); $response = $task->hasPendingCases(array("act_uid" => $act_uid, "case_type" => "assigned")); if ($response->result !== false) { - $project = new \ProcessMaker\Project\Adapter\BpmnWorkflow(); + $project = new BpmnWorkflow(); $prj = $project->load($prj_uid); $prj->removeActivity($act_uid); } else { throw new RestException(403, $response->message); } - } catch (\Exception $e) { + } catch (Exception $e) { $resCode = $e->getCode() == 0 ? Api::STAT_APP_EXCEPTION : $e->getCode(); throw new RestException($resCode, $e->getMessage()); } From ee3561fb16ce57d7d933f90f548f77f28e3df6df Mon Sep 17 00:00:00 2001 From: hjonathan Date: Wed, 9 Aug 2017 09:46:57 -0400 Subject: [PATCH 11/52] order the headers in file update --- .../engine/src/ProcessMaker/Project/Bpmn.php | 46 +++++++++---------- .../Services/Api/Project/Activity.php | 8 ++-- 2 files changed, 25 insertions(+), 29 deletions(-) diff --git a/workflow/engine/src/ProcessMaker/Project/Bpmn.php b/workflow/engine/src/ProcessMaker/Project/Bpmn.php index eea3d8232..3ebb318b1 100644 --- a/workflow/engine/src/ProcessMaker/Project/Bpmn.php +++ b/workflow/engine/src/ProcessMaker/Project/Bpmn.php @@ -1,40 +1,36 @@ delete(); - BpmnFlow::removeAllRelated($actUid); + Flow::removeAllRelated($actUid); } else { throw new Exception(G::LoadTranslation("ID_ACTIVITY_DOES_NOT_EXIST", array("act_uid", $actUid))); } diff --git a/workflow/engine/src/ProcessMaker/Services/Api/Project/Activity.php b/workflow/engine/src/ProcessMaker/Services/Api/Project/Activity.php index 05c288ebd..d95f3f47b 100644 --- a/workflow/engine/src/ProcessMaker/Services/Api/Project/Activity.php +++ b/workflow/engine/src/ProcessMaker/Services/Api/Project/Activity.php @@ -1,11 +1,11 @@ Date: Wed, 9 Aug 2017 10:39:26 -0400 Subject: [PATCH 12/52] Delete code for compatibility with old forms of authentication. --- gulliver/system/class.bootstrap.php | 4 ++-- workflow/engine/methods/login/authentication.php | 12 ------------ 2 files changed, 2 insertions(+), 14 deletions(-) diff --git a/gulliver/system/class.bootstrap.php b/gulliver/system/class.bootstrap.php index 267c84725..09ebbf59b 100644 --- a/gulliver/system/class.bootstrap.php +++ b/gulliver/system/class.bootstrap.php @@ -2521,10 +2521,10 @@ class Bootstrap $passwordHashConfig = Bootstrap::getPasswordHashConfig(); $hashTypeCurrent = $passwordHashConfig['current']; $hashTypePrevious = $passwordHashConfig['previous']; - if ((Bootstrap::hashPassword($pass, $hashTypeCurrent) == $userPass) || ($pass === $hashTypeCurrent . ':' . $userPass)) { + if (Bootstrap::hashPassword($pass, $hashTypeCurrent) == $userPass) { return true; } - if ((Bootstrap::hashPassword($pass, $hashTypePrevious) == $userPass) || ($pass === $hashTypePrevious . ':' . $userPass)) { + if (Bootstrap::hashPassword($pass, $hashTypePrevious) == $userPass) { return true; } return false; diff --git a/workflow/engine/methods/login/authentication.php b/workflow/engine/methods/login/authentication.php index 7152e29db..ed7e32196 100644 --- a/workflow/engine/methods/login/authentication.php +++ b/workflow/engine/methods/login/authentication.php @@ -41,18 +41,6 @@ try { die(); } - //Check if the password contains the password hashes - if (!empty($_POST['form']['USR_PASSWORD']) && strlen($_POST['form']['USR_PASSWORD']) > 32) { - $pass = trim($_POST['form']['USR_PASSWORD']); - foreach (Bootstrap::getPasswordHashConfig() as $key => $hash) { - $search = substr($pass, 0, strlen($hash) + 1); - if ($search == $hash . ':') { - $pass = substr($pass, strlen($hash) + 1); - } - } - $_POST['form']['USR_PASSWORD'] = $pass; - } - $frm = $_POST['form']; if (isset($frm['USR_USERNAME'])) { From 15031808c58d9e606784ba44beb0b692a0e0edae Mon Sep 17 00:00:00 2001 From: "Marco A. Nina Mena" Date: Mon, 7 Aug 2017 08:37:04 -0400 Subject: [PATCH 13/52] HOR-3432 ProcessMaker User Privilege Escalation - Add validation user access with PM_USERS --- workflow/engine/methods/roles/roles_Ajax.php | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/workflow/engine/methods/roles/roles_Ajax.php b/workflow/engine/methods/roles/roles_Ajax.php index b13937140..19e6fa8f7 100644 --- a/workflow/engine/methods/roles/roles_Ajax.php +++ b/workflow/engine/methods/roles/roles_Ajax.php @@ -21,6 +21,20 @@ * For more information, contact Colosa Inc, 2566 Le Jeune Rd., * Coral Gables, FL, 33134, USA, or email info@colosa.com. */ +global $RBAC; +switch ($RBAC->userCanAccess( 'PM_USERS' )) { + case - 2: + G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_SYSTEM', 'error', 'labels' ); + G::header( 'location: ../login/login' ); + die(); + break; + case - 1: + case - 3: + G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_PAGE', 'error', 'labels' ); + G::header( 'location: ../login/login' ); + die(); + break; +} $REQUEST = (isset( $_GET['request'] )) ? $_GET['request'] : $_POST['request']; From 573300f245617f3f110bdc035d51fc69baff3097 Mon Sep 17 00:00:00 2001 From: "Marco A. Nina Mena" Date: Mon, 7 Aug 2017 11:58:16 -0400 Subject: [PATCH 14/52] Change method of throw --- workflow/engine/methods/roles/roles_Ajax.php | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/workflow/engine/methods/roles/roles_Ajax.php b/workflow/engine/methods/roles/roles_Ajax.php index 19e6fa8f7..d3ad0ab43 100644 --- a/workflow/engine/methods/roles/roles_Ajax.php +++ b/workflow/engine/methods/roles/roles_Ajax.php @@ -21,18 +21,16 @@ * For more information, contact Colosa Inc, 2566 Le Jeune Rd., * Coral Gables, FL, 33134, USA, or email info@colosa.com. */ +use ProcessMaker\Exception\RBACException; + global $RBAC; -switch ($RBAC->userCanAccess( 'PM_USERS' )) { - case - 2: - G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_SYSTEM', 'error', 'labels' ); - G::header( 'location: ../login/login' ); - die(); +switch ($RBAC->userCanAccess('PM_USERS')) { + case -2: + throw new RBACException('ID_USER_HAVENT_RIGHTS_SYSTEM', -2); break; - case - 1: - case - 3: - G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_PAGE', 'error', 'labels' ); - G::header( 'location: ../login/login' ); - die(); + case -1: + case -3: + throw new RBACException('ID_USER_HAVENT_RIGHTS_PAGE', -1); break; } From deb4999537050972d8743974f3501470d31fcde4 Mon Sep 17 00:00:00 2001 From: Paula Quispe Date: Wed, 9 Aug 2017 12:03:25 -0400 Subject: [PATCH 15/52] HOR-2949 --- gulliver/system/class.rbac.php | 7 + .../methods/emailServer/emailServerAjax.php | 2 +- .../BusinessModel/EmailServer.php | 293 +++++++++++++----- 3 files changed, 222 insertions(+), 80 deletions(-) diff --git a/gulliver/system/class.rbac.php b/gulliver/system/class.rbac.php index af9c6b321..253ff34b8 100644 --- a/gulliver/system/class.rbac.php +++ b/gulliver/system/class.rbac.php @@ -165,6 +165,13 @@ class RBAC 'updateCategory' => array('PM_SETUP', 'PM_SETUP_PROCESS_CATEGORIES'), 'canDeleteCategory' => array('PM_SETUP', 'PM_SETUP_PROCESS_CATEGORIES'), 'deleteCategory' => array('PM_SETUP', 'PM_SETUP_PROCESS_CATEGORIES') + ), + 'emailServerAjax.php' => array( + 'INS' => array('PM_SETUP'), + 'UPD' => array('PM_SETUP'), + 'DEL' => array('PM_SETUP'), + 'LST' => array('PM_SETUP'), + 'TEST' => array('PM_SETUP') ) ); } diff --git a/workflow/engine/methods/emailServer/emailServerAjax.php b/workflow/engine/methods/emailServer/emailServerAjax.php index 78dc6c652..6f3c246e3 100644 --- a/workflow/engine/methods/emailServer/emailServerAjax.php +++ b/workflow/engine/methods/emailServer/emailServerAjax.php @@ -1,8 +1,8 @@ allows(basename(__FILE__), $option); switch ($option) { case "INS": $arrayData = array(); diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/EmailServer.php b/workflow/engine/src/ProcessMaker/BusinessModel/EmailServer.php index b3e6d261b..0946e163d 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/EmailServer.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/EmailServer.php @@ -1,5 +1,8 @@ array("type" => "int", "required" => false, "empty" => false, "defaultValues" => array(0, 1), "fieldNameAux" => "emailServerDefault") ); + private $contextLog = array(); + private $formatFieldNameInUppercase = true; private $arrayFieldNameForException = array( @@ -37,17 +42,51 @@ class EmailServer foreach ($this->arrayFieldDefinition as $key => $value) { $this->arrayFieldNameForException[$value["fieldNameAux"]] = $key; } - } catch (\Exception $e) { + + //Define the variables for the logging + global $RBAC; + $currentUser = $RBAC->aUserInfo['USER_INFO']; + $info = array( + 'ip' => G::getIpAddress(), + 'workspace' => (defined("SYS_SYS"))? SYS_SYS : "Workspace undefined", + 'usrUid' => $currentUser['USR_UID'] + ); + $this->setContextLog($info); + + + } catch (Exception $e) { throw $e; } } + /** + * Get the $contextLog value. + * + * @return string + */ + public function getContextLog() + { + return $this->contextLog; + } + + /** + * Set the value of $contextLog. + * + * @param array $k + * @return void + */ + public function setContextLog($k) + { + $this->contextLog = array_merge($this->contextLog, $k); + } + /** * Set the format of the fields name (uppercase, lowercase) * * @param bool $flag Value that set the format * - * return void + * @return void + * @throws Exception */ public function setFormatFieldNameInUppercase($flag) { @@ -55,7 +94,7 @@ class EmailServer $this->formatFieldNameInUppercase = $flag; $this->setArrayFieldNameForException($this->arrayFieldNameForException); - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -65,7 +104,8 @@ class EmailServer * * @param array $arrayData Data with the fields * - * return void + * @return void + * @throws Exception */ public function setArrayFieldNameForException(array $arrayData) { @@ -73,7 +113,7 @@ class EmailServer foreach ($arrayData as $key => $value) { $this->arrayFieldNameForException[$key] = $this->getFieldNameByFormatFieldName($value); } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -83,13 +123,14 @@ class EmailServer * * @param string $fieldName Field name * - * return string Return the field name according the format + * @return string, return the field name according the format + * @throws Exception */ public function getFieldNameByFormatFieldName($fieldName) { try { return ($this->formatFieldNameInUppercase)? strtoupper($fieldName) : strtolower($fieldName); - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -99,7 +140,8 @@ class EmailServer * * @param array $arrayData Data * - * return array Return array with result of send test mail + * @return array, return array with result of send test mail + * @throws Exception */ public function sendTestMail(array $arrayData) { @@ -117,20 +159,20 @@ class EmailServer "SMTPSecure" => (isset($arrayData["SMTPSecure"]))? $arrayData["SMTPSecure"] : "none" ); - $sFrom = \G::buildFrom($aConfiguration); + $sFrom = G::buildFrom($aConfiguration); - $sSubject = \G::LoadTranslation("ID_MESS_TEST_SUBJECT"); - $msg = \G::LoadTranslation("ID_MESS_TEST_BODY"); + $sSubject = G::LoadTranslation("ID_MESS_TEST_SUBJECT"); + $msg = G::LoadTranslation("ID_MESS_TEST_BODY"); switch ($arrayData["MESS_ENGINE"]) { case "MAIL": - $engine = \G::LoadTranslation("ID_MESS_ENGINE_TYPE_1"); + $engine = G::LoadTranslation("ID_MESS_ENGINE_TYPE_1"); break; case "PHPMAILER": - $engine = \G::LoadTranslation("ID_MESS_ENGINE_TYPE_2"); + $engine = G::LoadTranslation("ID_MESS_ENGINE_TYPE_2"); break; case "OPENMAIL": - $engine = \G::LoadTranslation("ID_MESS_ENGINE_TYPE_3"); + $engine = G::LoadTranslation("ID_MESS_ENGINE_TYPE_3"); break; } @@ -175,7 +217,7 @@ class EmailServer if ($oSpool->status == "sent") { $arrayTestMailResult["status"] = true; $arrayTestMailResult["success"] = true; - $arrayTestMailResult["msg"] = \G::LoadTranslation("ID_MAIL_TEST_SUCCESS"); + $arrayTestMailResult["msg"] = G::LoadTranslation("ID_MAIL_TEST_SUCCESS"); } else { $arrayTestMailResult["status"] = false; $arrayTestMailResult["success"] = false; @@ -183,7 +225,7 @@ class EmailServer } return $arrayTestMailResult; - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -194,7 +236,8 @@ class EmailServer * @param array $arrayData Data * @param int $step Step * - * return array Return array with result of test connection by step + * @return array, return array with result of test connection by step + * @throws Exception */ public function testConnectionByStep(array $arrayData, $step = 0) { @@ -208,7 +251,7 @@ class EmailServer $eregMail = "/^[0-9a-zA-Z]+(?:[._][0-9a-zA-Z]+)*@[0-9a-zA-Z]+(?:[._-][0-9a-zA-Z]+)*\.[0-9a-zA-Z]{2,3}$/"; $arrayDataMail["FROM_EMAIL"] = ($arrayData["MESS_FROM_MAIL"] != "" && preg_match($eregMail, $arrayData["MESS_FROM_MAIL"]))? $arrayData["MESS_FROM_MAIL"] : ""; - $arrayDataMail["FROM_NAME"] = ($arrayData["MESS_FROM_NAME"] != "")? $arrayData["MESS_FROM_NAME"] : \G::LoadTranslation("ID_MESS_TEST_BODY"); + $arrayDataMail["FROM_NAME"] = ($arrayData["MESS_FROM_NAME"] != "")? $arrayData["MESS_FROM_NAME"] : G::LoadTranslation("ID_MESS_TEST_BODY"); $arrayDataMail["MESS_ENGINE"] = "MAIL"; $arrayDataMail["MESS_SERVER"] = "localhost"; $arrayDataMail["MESS_PORT"] = 25; @@ -233,7 +276,7 @@ class EmailServer ); if ($arrayTestMailResult["status"] == false) { - $arrayResult["message"] = \G::LoadTranslation("ID_SENDMAIL_NOT_INSTALLED"); + $arrayResult["message"] = G::LoadTranslation("ID_SENDMAIL_NOT_INSTALLED"); } //Return @@ -252,7 +295,7 @@ class EmailServer $passwdHide = ""; } - $passwdDec = \G::decrypt($passwd,"EMAILENCRYPT"); + $passwdDec = G::decrypt($passwd,"EMAILENCRYPT"); $auxPass = explode("hash:", $passwdDec); if (count($auxPass) > 1) { @@ -378,7 +421,7 @@ class EmailServer $eregMail = "/^[0-9a-zA-Z]+(?:[._][0-9a-zA-Z]+)*@[0-9a-zA-Z]+(?:[._-][0-9a-zA-Z]+)*\.[0-9a-zA-Z]{2,3}$/"; $arrayDataPhpMailer["FROM_EMAIL"] = ($fromMail != "" && preg_match($eregMail, $fromMail))? $fromMail : ""; - $arrayDataPhpMailer["FROM_NAME"] = $arrayData["MESS_FROM_NAME"] != "" ? $arrayData["MESS_FROM_NAME"] : \G::LoadTranslation("ID_MESS_TEST_BODY"); + $arrayDataPhpMailer["FROM_NAME"] = $arrayData["MESS_FROM_NAME"] != "" ? $arrayData["MESS_FROM_NAME"] : G::LoadTranslation("ID_MESS_TEST_BODY"); $arrayDataPhpMailer["MESS_ENGINE"] = "PHPMAILER"; $arrayDataPhpMailer["MESS_SERVER"] = $server; $arrayDataPhpMailer["MESS_PORT"] = $port; @@ -421,7 +464,7 @@ class EmailServer //Return return $arrayResult; - } catch (\Exception $e) { + } catch (Exception $e) { $arrayResult = array(); $arrayResult["result"] = false; @@ -437,7 +480,8 @@ class EmailServer * * @param array $arrayData Data * - * return array Return array with result of test connection + * @return array, return array with result of test connection + * @throws Exception */ public function testConnection(array $arrayData) { @@ -467,11 +511,11 @@ class EmailServer $arrayDataAux["MAIL_TO"] = "admin@processmaker.com"; $arrayResult[$arrayMailTestName[1]] = $this->testConnectionByStep($arrayDataAux); - $arrayResult[$arrayMailTestName[1]]["title"] = \G::LoadTranslation("ID_EMAIL_SERVER_TEST_CONNECTION_VERIFYING_MAIL"); + $arrayResult[$arrayMailTestName[1]]["title"] = G::LoadTranslation("ID_EMAIL_SERVER_TEST_CONNECTION_VERIFYING_MAIL"); if ((int)($arrayData["MESS_TRY_SEND_INMEDIATLY"]) == 1 && $arrayData['MAIL_TO'] != '') { $arrayResult[$arrayMailTestName[2]] = $this->testConnectionByStep($arrayData); - $arrayResult[$arrayMailTestName[2]]["title"] = \G::LoadTranslation("ID_EMAIL_SERVER_TEST_CONNECTION_SENDING_EMAIL", array($arrayData["MAIL_TO"])); + $arrayResult[$arrayMailTestName[2]]["title"] = G::LoadTranslation("ID_EMAIL_SERVER_TEST_CONNECTION_SENDING_EMAIL", array($arrayData["MAIL_TO"])); } break; case "PHPMAILER": @@ -482,19 +526,19 @@ class EmailServer switch ($step) { case 1: - $arrayResult[$arrayPhpMailerTestName[$step]]["title"] = \G::LoadTranslation("ID_EMAIL_SERVER_TEST_CONNECTION_RESOLVING_NAME", array($arrayData["MESS_SERVER"])); + $arrayResult[$arrayPhpMailerTestName[$step]]["title"] = G::LoadTranslation("ID_EMAIL_SERVER_TEST_CONNECTION_RESOLVING_NAME", array($arrayData["MESS_SERVER"])); break; case 2: - $arrayResult[$arrayPhpMailerTestName[$step]]["title"] = \G::LoadTranslation("ID_EMAIL_SERVER_TEST_CONNECTION_CHECK_PORT", array($arrayData["MESS_PORT"])); + $arrayResult[$arrayPhpMailerTestName[$step]]["title"] = G::LoadTranslation("ID_EMAIL_SERVER_TEST_CONNECTION_CHECK_PORT", array($arrayData["MESS_PORT"])); break; case 3: - $arrayResult[$arrayPhpMailerTestName[$step]]["title"] = \G::LoadTranslation("ID_EMAIL_SERVER_TEST_CONNECTION_ESTABLISHING_CON_HOST", array($arrayData["MESS_SERVER"] . ":" . $arrayData["MESS_PORT"])); + $arrayResult[$arrayPhpMailerTestName[$step]]["title"] = G::LoadTranslation("ID_EMAIL_SERVER_TEST_CONNECTION_ESTABLISHING_CON_HOST", array($arrayData["MESS_SERVER"] . ":" . $arrayData["MESS_PORT"])); break; case 4: - $arrayResult[$arrayPhpMailerTestName[$step]]["title"] = \G::LoadTranslation("ID_EMAIL_SERVER_TEST_CONNECTION_LOGIN", array($arrayData["MESS_ACCOUNT"], $arrayData["MESS_SERVER"])); + $arrayResult[$arrayPhpMailerTestName[$step]]["title"] = G::LoadTranslation("ID_EMAIL_SERVER_TEST_CONNECTION_LOGIN", array($arrayData["MESS_ACCOUNT"], $arrayData["MESS_SERVER"])); break; case 5: - $arrayResult[$arrayPhpMailerTestName[$step]]["title"] = \G::LoadTranslation("ID_EMAIL_SERVER_TEST_CONNECTION_SENDING_EMAIL", array($arrayData["MAIL_TO"])); + $arrayResult[$arrayPhpMailerTestName[$step]]["title"] = G::LoadTranslation("ID_EMAIL_SERVER_TEST_CONNECTION_SENDING_EMAIL", array($arrayData["MAIL_TO"])); break; } } @@ -503,7 +547,7 @@ class EmailServer //Result return $arrayResult; - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -513,7 +557,8 @@ class EmailServer * * @param string $emailServerUid Unique id of Email Server * - * return bool Return true if is default Email Server, false otherwise + * @return bool, return true if is default Email Server, false otherwise + * @throws Exception */ public function checkIfIsDefault($emailServerUid) { @@ -530,7 +575,7 @@ class EmailServer } else { return false; } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -541,7 +586,8 @@ class EmailServer * @param string $emailServerUid Unique id of Email Server * @param array $arrayData Data * - * return void Throw exception if data has an invalid value + * @return void Throw exception if data has an invalid value + * @throws Exception */ public function throwExceptionIfDataIsInvalid($emailServerUid, array $arrayData) { @@ -609,10 +655,10 @@ class EmailServer } if ($msg != "") { - throw new \Exception($msg); + throw new Exception($msg); } } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -623,7 +669,8 @@ class EmailServer * @param string $emailServerUid Unique id of Email Server * @param string $fieldNameForException Field name for the exception * - * return void Throw exception if does not exist the Email Server in table EMAIL_SERVER + * @return void Throw exception if does not exist the Email Server in table EMAIL_SERVER + * @throws Exception */ public function throwExceptionIfNotExistsEmailServer($emailServerUid, $fieldNameForException) { @@ -631,9 +678,9 @@ class EmailServer $obj = \EmailServerPeer::retrieveByPK($emailServerUid); if (is_null($obj)) { - throw new \Exception(\G::LoadTranslation("ID_EMAIL_SERVER_DOES_NOT_EXIST", array($fieldNameForException, $emailServerUid))); + throw new Exception(G::LoadTranslation("ID_EMAIL_SERVER_DOES_NOT_EXIST", array($fieldNameForException, $emailServerUid))); } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -644,15 +691,16 @@ class EmailServer * @param string $emailServerUid Unique id of Email Server * @param string $fieldNameForException Field name for the exception * - * return void Throw exception if is default Email Server + * @return void Throw exception if is default Email Server + * @throws Exception */ public function throwExceptionIfIsDefault($emailServerUid, $fieldNameForException) { try { if ($this->checkIfIsDefault($emailServerUid)) { - throw new \Exception(\G::LoadTranslation("ID_EMAIL_SERVER_IS_DEFAULT", array($fieldNameForException, $emailServerUid))); + throw new Exception(G::LoadTranslation("ID_EMAIL_SERVER_IS_DEFAULT", array($fieldNameForException, $emailServerUid))); } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -662,7 +710,8 @@ class EmailServer * * @param string $emailServerUid Unique id of Email Server * - * return void + * @return void + * @throws Exception */ public function setEmailServerDefaultByUid($emailServerUid) { @@ -703,7 +752,8 @@ class EmailServer * * @param array $arrayData Data * - * return array Return data of the new Email Server created + * @return array, data of the new Email Server created + * @throws Exception */ public function create(array $arrayData) { @@ -729,7 +779,7 @@ class EmailServer $emailServer = new \EmailServer(); $passwd = $arrayData["MESS_PASSWORD"]; - $passwdDec = \G::decrypt($passwd, "EMAILENCRYPT"); + $passwdDec = G::decrypt($passwd, "EMAILENCRYPT"); $auxPass = explode("hash:", $passwdDec); if (count($auxPass) > 1) { @@ -745,7 +795,7 @@ class EmailServer if ($arrayData["MESS_PASSWORD"] != "") { $arrayData["MESS_PASSWORD"] = "hash:" . $arrayData["MESS_PASSWORD"]; - $arrayData["MESS_PASSWORD"] = \G::encrypt($arrayData["MESS_PASSWORD"], "EMAILENCRYPT"); + $arrayData["MESS_PASSWORD"] = G::encrypt($arrayData["MESS_PASSWORD"], "EMAILENCRYPT"); } $emailServer->fromArray($arrayData, \BasePeer::TYPE_FIELDNAME); @@ -765,7 +815,28 @@ class EmailServer $this->setEmailServerDefaultByUid($emailServerUid); } - //Return + //Logging the create action + $info = array( + 'action' => 'Create email server', + 'messUid'=> $emailServerUid, + 'engine'=> $arrayData["MESS_ENGINE"], + 'server' => $arrayData["MESS_SERVER"], + 'port' => $arrayData["MESS_PORT"], + 'requireAuthentication' => $arrayData["MESS_RAUTH"], + 'account' => $arrayData["MESS_ACCOUNT"], + 'senderEmail' => $arrayData["MESS_FROM_MAIL"], + 'senderName' => $arrayData["MESS_FROM_NAME"], + 'useSecureConnection' => $arrayData["SMTPSECURE"], + 'sendTestEmail' => $arrayData["MESS_TRY_SEND_INMEDIATLY"], + 'setAsDefaultConfiguration' => $arrayData["MESS_DEFAULT"] + ); + $this->setContextLog($info); + $this->syslog( + 'CreateEmailServer', + 200, + 'New email server was created', + $this->getContextLog() + ); return $this->getEmailServer($emailServerUid); } else { $msg = ""; @@ -774,14 +845,14 @@ class EmailServer $msg = $msg . (($msg != "")? "\n" : "") . $validationFailure->getMessage(); } - throw new \Exception(\G::LoadTranslation("ID_RECORD_CANNOT_BE_CREATED") . (($msg != "")? "\n" . $msg : "")); + throw new Exception(G::LoadTranslation("ID_RECORD_CANNOT_BE_CREATED") . (($msg != "")? "\n" . $msg : "")); } - } catch (\Exception $e) { + } catch (Exception $e) { $cnn->rollback(); throw $e; } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -791,7 +862,8 @@ class EmailServer * * @param array $arrayData Data * - * return array Return data of the new Email Server created + * @return array, return data of the new Email Server created + * @throws Exception */ public function create2(array $arrayData) { @@ -828,14 +900,14 @@ class EmailServer $msg = $msg . (($msg != "")? "\n" : "") . $validationFailure->getMessage(); } - throw new \Exception(\G::LoadTranslation("ID_RECORD_CANNOT_BE_CREATED") . (($msg != "")? "\n" . $msg : "")); + throw new Exception(G::LoadTranslation("ID_RECORD_CANNOT_BE_CREATED") . (($msg != "")? "\n" . $msg : "")); } - } catch (\Exception $e) { + } catch (Exception $e) { $cnn->rollback(); throw $e; } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -846,7 +918,8 @@ class EmailServer * @param string $emailServerUid Unique id of Group * @param array $arrayData Data * - * return array Return data of the Email Server updated + * @return array Return data of the Email Server updated + * @throws Exception */ public function update($emailServerUid, $arrayData) { @@ -874,7 +947,7 @@ class EmailServer if (isset($arrayData['MESS_PASSWORD'])) { $passwd = $arrayData['MESS_PASSWORD']; - $passwdDec = \G::decrypt($passwd, 'EMAILENCRYPT'); + $passwdDec = G::decrypt($passwd, 'EMAILENCRYPT'); $auxPass = explode('hash:', $passwdDec); if (count($auxPass) > 1) { @@ -890,7 +963,7 @@ class EmailServer if ($arrayData['MESS_PASSWORD'] != '') { $arrayData['MESS_PASSWORD'] = 'hash:' . $arrayData['MESS_PASSWORD']; - $arrayData['MESS_PASSWORD'] = \G::encrypt($arrayData['MESS_PASSWORD'], 'EMAILENCRYPT'); + $arrayData['MESS_PASSWORD'] = G::encrypt($arrayData['MESS_PASSWORD'], 'EMAILENCRYPT'); } } @@ -912,6 +985,29 @@ class EmailServer $arrayData = array_change_key_case($arrayData, CASE_LOWER); } + //Logging the update action + $info = array( + 'action' => 'Update email server', + 'messUid' => $emailServerUid, + 'engine' => $arrayData["MESS_ENGINE"], + 'server' => $arrayData["MESS_SERVER"], + 'port' => $arrayData["MESS_PORT"], + 'requireAuthentication' => $arrayData["MESS_RAUTH"], + 'account' => $arrayData["MESS_ACCOUNT"], + 'senderEmail' => $arrayData["MESS_FROM_MAIL"], + 'senderName' => $arrayData["MESS_FROM_NAME"], + 'useSecureConnection' => $arrayData["SMTPSECURE"], + 'sendTestEmail' => $arrayData["MESS_TRY_SEND_INMEDIATLY"], + 'setAsDefaultConfiguration' => $arrayData["MESS_DEFAULT"] + ); + $this->setContextLog($info); + $this->syslog( + 'UpdateEmailServer', + 200, + 'The email server was updated', + $this->getContextLog() + ); + return $arrayData; } else { $msg = ""; @@ -920,14 +1016,14 @@ class EmailServer $msg = $msg . (($msg != "")? "\n" : "") . $validationFailure->getMessage(); } - throw new \Exception(\G::LoadTranslation("ID_RECORD_CANNOT_BE_CREATED") . (($msg != "")? "\n" . $msg : "")); + throw new Exception(G::LoadTranslation("ID_RECORD_CANNOT_BE_CREATED") . (($msg != "")? "\n" . $msg : "")); } - } catch (\Exception $e) { + } catch (Exception $e) { $cnn->rollback(); throw $e; } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -937,22 +1033,32 @@ class EmailServer * * @param string $emailServerUid Unique id of Email Server * - * return void + * @return void + * @throws Exception */ public function delete($emailServerUid) { try { //Verify data $this->throwExceptionIfNotExistsEmailServer($emailServerUid, $this->arrayFieldNameForException["emailServerUid"]); - $this->throwExceptionIfIsDefault($emailServerUid, $this->arrayFieldNameForException["emailServerUid"]); - $criteria = $this->getEmailServerCriteria(); - $criteria->add(\EmailServerPeer::MESS_UID, $emailServerUid, \Criteria::EQUAL); - \EmailServerPeer::doDelete($criteria); - } catch (\Exception $e) { + + //Logging the delete action + $info = array( + 'action' => 'Delete email server', + 'messUid' => $emailServerUid + ); + $this->setContextLog($info); + $this->syslog( + 'DeleteEmailServer', + 200, + 'The email server was deleted', + $this->getContextLog() + ); + } catch (Exception $e) { throw $e; } } @@ -982,7 +1088,7 @@ class EmailServer $criteria->addSelectColumn(\EmailServerPeer::MESS_DEFAULT); return $criteria; - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -992,7 +1098,8 @@ class EmailServer * * @param array $record Record * - * return array Return an array with data Email Server + * @return array, return an array with data Email Server + * @throws Exception */ public function getEmailServerDataFromRecord(array $record) { @@ -1016,7 +1123,7 @@ class EmailServer $this->getFieldNameByFormatFieldName("MESS_EXECUTE_EVERY") => '', $this->getFieldNameByFormatFieldName("MESS_SEND_MAX") => '' ); - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -1064,7 +1171,7 @@ class EmailServer //Return return $arrayData; - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -1078,7 +1185,8 @@ class EmailServer * @param int $start Start * @param int $limit Limit * - * return array Return an array with all Email Servers + * @return array, return an array with all Email Servers + * @throws Exception */ public function getEmailServers($arrayFilterData = null, $sortField = null, $sortDir = null, $start = null, $limit = null) { @@ -1101,10 +1209,10 @@ class EmailServer if (!is_null($arrayFilterData) && is_array($arrayFilterData) && isset($arrayFilterData["filter"]) && trim($arrayFilterData["filter"]) != "") { $criteria->add( $criteria->getNewCriterion(\EmailServerPeer::MESS_ENGINE, "%" . $arrayFilterData["filter"] . "%", \Criteria::LIKE)->addOr( - $criteria->getNewCriterion(\EmailServerPeer::MESS_SERVER, "%" . $arrayFilterData["filter"] . "%", \Criteria::LIKE))->addOr( - $criteria->getNewCriterion(\EmailServerPeer::MESS_ACCOUNT, "%" . $arrayFilterData["filter"] . "%", \Criteria::LIKE))->addOr( - $criteria->getNewCriterion(\EmailServerPeer::MESS_FROM_NAME, "%" . $arrayFilterData["filter"] . "%", \Criteria::LIKE))->addOr( - $criteria->getNewCriterion(\EmailServerPeer::SMTPSECURE, "%" . $arrayFilterData["filter"] . "%", \Criteria::LIKE)) + $criteria->getNewCriterion(\EmailServerPeer::MESS_SERVER, "%" . $arrayFilterData["filter"] . "%", \Criteria::LIKE))->addOr( + $criteria->getNewCriterion(\EmailServerPeer::MESS_ACCOUNT, "%" . $arrayFilterData["filter"] . "%", \Criteria::LIKE))->addOr( + $criteria->getNewCriterion(\EmailServerPeer::MESS_FROM_NAME, "%" . $arrayFilterData["filter"] . "%", \Criteria::LIKE))->addOr( + $criteria->getNewCriterion(\EmailServerPeer::SMTPSECURE, "%" . $arrayFilterData["filter"] . "%", \Criteria::LIKE)) ); } @@ -1156,7 +1264,7 @@ class EmailServer $row = $rsCriteria->getRow(); $passwd = $row["MESS_PASSWORD"]; - $passwdDec = \G::decrypt($passwd, "EMAILENCRYPT"); + $passwdDec = G::decrypt($passwd, "EMAILENCRYPT"); $auxPass = explode("hash:", $passwdDec); if (count($auxPass) > 1) { @@ -1181,7 +1289,7 @@ class EmailServer "filter" => (!is_null($arrayFilterData) && is_array($arrayFilterData) && isset($arrayFilterData["filter"]))? $arrayFilterData["filter"] : "", "data" => $arrayEmailServer ); - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -1192,7 +1300,8 @@ class EmailServer * @param string $emailServerUid Unique id of Email Server * @param bool $flagGetRecord Value that set the getting * - * return array Return an array with data of a Email Server + * @return array, return an array with data of a Email Server + * @throws Exception */ public function getEmailServer($emailServerUid, $flagGetRecord = false) { @@ -1224,7 +1333,7 @@ class EmailServer //Return return (!$flagGetRecord)? $this->getEmailServerDataFromRecord($row) : $row; - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -1246,5 +1355,31 @@ class EmailServer $rsCriteria->next(); return $rsCriteria->getRow(); } + + /** + * Logging information related to the email server + * When the user create, update, delete the email server + * + * @param string $channel + * @param string $level + * @param string $message + * @param array $context + * + * @return void + * @throws Exception + */ + private function syslog( + $channel, + $level, + $message, + $context = array() + ) + { + try { + Bootstrap::registerMonolog($channel, $level, $message, $context, $context['workspace'], 'processmaker.log'); + } catch (Exception $e) { + throw $e; + } + } } From 2f3daccd6b936b6f553b4b19a0fd6ad8c6856f87 Mon Sep 17 00:00:00 2001 From: davidcallizaya Date: Wed, 9 Aug 2017 14:40:02 -0400 Subject: [PATCH 16/52] HOR-3433 Fix ProcessMaker User Password Hash Disclosure. --- rbac/engine/classes/model/RbacUsers.php | 22 ++++++++++++++++++- workflow/engine/classes/model/Users.php | 19 ++++++++++++++++ workflow/engine/methods/users/usersAjax.php | 2 +- .../src/ProcessMaker/BusinessModel/User.php | 2 +- .../ProcessMaker/BusinessModel/WebEntry.php | 2 +- 5 files changed, 43 insertions(+), 4 deletions(-) diff --git a/rbac/engine/classes/model/RbacUsers.php b/rbac/engine/classes/model/RbacUsers.php index 760a9c9b2..f3d0c13fe 100644 --- a/rbac/engine/classes/model/RbacUsers.php +++ b/rbac/engine/classes/model/RbacUsers.php @@ -75,12 +75,13 @@ class RbacUsers extends BaseRbacUsers try { $c = new Criteria('rbac'); $c->add(RbacUsersPeer::USR_USERNAME, $sUsername); + /* @var $rs RbacUsers[] */ $rs = RbacUsersPeer::doSelect($c, Propel::getDbConnection('rbac_ro')); if (is_array($rs) && isset($rs[0]) && is_object($rs[0]) && get_class($rs[0]) == 'RbacUsers') { $aFields = $rs[0]->toArray(BasePeer::TYPE_FIELDNAME); //verify password with md5, and md5 format if (mb_strtoupper($sUsername, 'utf-8') === mb_strtoupper($aFields['USR_USERNAME'], 'utf-8')) { - if( Bootstrap::verifyHashPassword($sPassword, $aFields['USR_PASSWORD']) ) { + if( Bootstrap::verifyHashPassword($sPassword, $rs[0]->getUsrPassword()) ) { if ($aFields['USR_DUE_DATE'] < date('Y-m-d')) { return -4; } @@ -317,6 +318,25 @@ class RbacUsers extends BaseRbacUsers throw($oError); } } + + /** + * {@inheritdoc} except USR_PASSWORD, for security reasons. + * + * @param string $keyType One of the class type constants TYPE_PHPNAME, + * TYPE_COLNAME, TYPE_FIELDNAME, TYPE_NUM + * @return an associative array containing the field names (as keys) and field values + */ + public function toArray($keyType = BasePeer::TYPE_PHPNAME) + { + $key = RbacUsersPeer::translateFieldName( + RbacUsersPeer::USR_PASSWORD, + BasePeer::TYPE_COLNAME, + $keyType + ); + $array = parent::toArray($keyType); + unset($array[$key]); + return $array; + } } // Users diff --git a/workflow/engine/classes/model/Users.php b/workflow/engine/classes/model/Users.php index b2b6e261c..eb92a080f 100644 --- a/workflow/engine/classes/model/Users.php +++ b/workflow/engine/classes/model/Users.php @@ -490,4 +490,23 @@ class Users extends BaseUsers $criteria->add(UsersPeer::USR_ID, $id); return UsersPeer::doSelect($criteria)[0]; } + + /** + * {@inheritdoc} except USR_PASSWORD, for security reasons. + * + * @param string $keyType One of the class type constants TYPE_PHPNAME, + * TYPE_COLNAME, TYPE_FIELDNAME, TYPE_NUM + * @return an associative array containing the field names (as keys) and field values + */ + public function toArray($keyType = BasePeer::TYPE_PHPNAME) + { + $key = UsersPeer::translateFieldName( + UsersPeer::USR_PASSWORD, + BasePeer::TYPE_COLNAME, + $keyType + ); + $array = parent::toArray($keyType); + unset($array[$key]); + return $array; + } } diff --git a/workflow/engine/methods/users/usersAjax.php b/workflow/engine/methods/users/usersAjax.php index 4172aea74..9c97c46ca 100644 --- a/workflow/engine/methods/users/usersAjax.php +++ b/workflow/engine/methods/users/usersAjax.php @@ -318,7 +318,7 @@ switch ($_POST['action']) { require_once 'classes/model/UsersProperties.php'; $oUserProperty = new UsersProperties(); - $aUserProperty = $oUserProperty->loadOrCreateIfNotExists($aFields['USR_UID'], array('USR_PASSWORD_HISTORY' => serialize(array($aFields['USR_PASSWORD'])))); + $aUserProperty = $oUserProperty->loadOrCreateIfNotExists($aFields['USR_UID'], array('USR_PASSWORD_HISTORY' => serialize(array($oUser->getUsrPassword())))); $aFields['USR_LOGGED_NEXT_TIME'] = $aUserProperty['USR_LOGGED_NEXT_TIME']; if (array_key_exists('USR_PASSWORD', $aFields)) { diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/User.php b/workflow/engine/src/ProcessMaker/BusinessModel/User.php index 8808c21f9..fc321d74b 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/User.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/User.php @@ -785,7 +785,7 @@ class User $oUser = new Users(); $aUser = $oUser->load($userUid); $oUserProperty = new UsersProperties(); - $aUserProperty = $oUserProperty->loadOrCreateIfNotExists($userUid, array("USR_PASSWORD_HISTORY" => serialize(array($aUser["USR_PASSWORD"])))); + $aUserProperty = $oUserProperty->loadOrCreateIfNotExists($userUid, array("USR_PASSWORD_HISTORY" => serialize(array($oUser->getUsrPassword())))); $aUserProperty["USR_LOGGED_NEXT_TIME"] = $arrayData["USR_LOGGED_NEXT_TIME"]; $oUserProperty->update($aUserProperty); } diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/WebEntry.php b/workflow/engine/src/ProcessMaker/BusinessModel/WebEntry.php index 2f9a1c405..f72fc9f90 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/WebEntry.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/WebEntry.php @@ -382,7 +382,7 @@ class WebEntry $arrayUserData = $user->load($arrayWebEntryData["USR_UID"]); $usrUsername = $arrayUserData["USR_USERNAME"]; - $usrPassword = $arrayUserData["USR_PASSWORD"]; + $usrPassword = $user->getUsrPassword(); $dynaForm = new \Dynaform(); From 062df2b52736bfc3adf94166fa88852d722b390d Mon Sep 17 00:00:00 2001 From: davidcallizaya Date: Wed, 9 Aug 2017 16:00:49 -0400 Subject: [PATCH 17/52] HOR-3646 Restored requires needed --- gulliver/bin/gulliver.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/gulliver/bin/gulliver.php b/gulliver/bin/gulliver.php index 99a5443c9..8ed17edf8 100644 --- a/gulliver/bin/gulliver.php +++ b/gulliver/bin/gulliver.php @@ -35,6 +35,8 @@ /** * require_once pakeFunction.php */ + require_once( PATH_THIRDPARTY . 'pake' . PATH_SEP . 'pakeFunction.php'); + require_once( PATH_THIRDPARTY . 'pake' . PATH_SEP . 'pakeGetopt.class.php'); require_once( PATH_CORE . 'config' . PATH_SEP . 'environments.php'); // trap -V before pake From de4d75828b0a88716567abbbce6fd37e2841a614 Mon Sep 17 00:00:00 2001 From: Paula Quispe Date: Tue, 8 Aug 2017 16:06:00 -0400 Subject: [PATCH 18/52] HOR-3639 --- .../translations/english/processmaker.en.po | 6 + workflow/engine/data/mysql/insert.sql | 1 + .../ProcessMaker/BusinessModel/Variable.php | 187 ++++++++---------- 3 files changed, 88 insertions(+), 106 deletions(-) diff --git a/workflow/engine/content/translations/english/processmaker.en.po b/workflow/engine/content/translations/english/processmaker.en.po index 258f0b0d9..fa9141d4a 100644 --- a/workflow/engine/content/translations/english/processmaker.en.po +++ b/workflow/engine/content/translations/english/processmaker.en.po @@ -14000,6 +14000,12 @@ msgstr "Not Required" msgid "The variable name already exists!" msgstr "The variable name already exists!" +# TRANSLATION +# LABEL/DYNAFIELD_PHPNAME_ALREADY_EXIST +#: LABEL/DYNAFIELD_PHPNAME_ALREADY_EXIST +msgid "Name error encountered when creating the variable: {0}. Please rename the variable you are creating with a unique name. Avoid differentiating similarly-named variables with only capitalization and '_' characters." +msgstr "Name error encountered when creating the variable: {0}. Please rename the variable you are creating with a unique name. Avoid differentiating similarly-named variables with only capitalization and '_' characters." + # TRANSLATION # LABEL/DYNAFIELD_EMPTY #: LABEL/DYNAFIELD_EMPTY diff --git a/workflow/engine/data/mysql/insert.sql b/workflow/engine/data/mysql/insert.sql index 8bcd5a6e7..00357e0e6 100644 --- a/workflow/engine/data/mysql/insert.sql +++ b/workflow/engine/data/mysql/insert.sql @@ -3823,6 +3823,7 @@ INSERT INTO TRANSLATION (TRN_CATEGORY,TRN_ID,TRN_LANG,TRN_VALUE,TRN_UPDATE_DATE ( 'LABEL','ID_INSTRUCTIONS','en','Instructions','2014-01-15') , ( 'LABEL','ID_NOT_REQUIRED','en','Not Required','2014-01-15') , ( 'LABEL','DYNAFIELD_ALREADY_EXIST','en','The variable name already exists!','2015-04-24') , +( 'LABEL','DYNAFIELD_PHPNAME_ALREADY_EXIST','en','Name error encountered when creating the variable: {0}. Please rename the variable you are creating with a unique name. Avoid differentiating similarly-named variables with only capitalization and ''_'' characters.','2017-08-09') , ( 'LABEL','DYNAFIELD_EMPTY','en','The Field Name is empty','2014-10-21') , ( 'LABEL','DYNAFIELD_NODENAME_NUMBER','en','The field name should not start with a number','2014-01-15') , ( 'LABEL','ID_EMPTY_NODENAME','en','The name field is empty','2014-01-15') , diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Variable.php b/workflow/engine/src/ProcessMaker/BusinessModel/Variable.php index 4d2a65bdb..b1d95a4c8 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Variable.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Variable.php @@ -2,6 +2,8 @@ namespace ProcessMaker\BusinessModel; use \G; +use \Exception; +use \AdditionalTables; class Variable { @@ -13,25 +15,22 @@ class Variable * @param string $processUid Unique id of Process * @param array $arrayData Data * - * return array Return data of the new Variable created + * @return array, return data of the new Variable created + * @throws Exception */ public function create($processUid, array $arrayData) { try { //Verify data Validator::proUid($processUid, '$prj_uid'); - $arrayData = array_change_key_case($arrayData, CASE_UPPER); - $this->existsName($processUid, $arrayData["VAR_NAME"], ""); - $this->throwExceptionFieldDefinition($arrayData); //Create $cnn = \Propel::getConnection("workflow"); try { $variable = new \ProcessVariables(); - $sPkProcessVariables = \ProcessMaker\Util\Common::generateUID(); $variable->setVarUid($sPkProcessVariables); @@ -43,13 +42,13 @@ class Variable if (isset($arrayData["VAR_NAME"])) { $variable->setVarName($arrayData["VAR_NAME"]); } else { - throw new \Exception(\G::LoadTranslation("ID_CAN_NOT_BE_NULL", array('$var_name' ))); + throw new Exception(G::LoadTranslation("ID_CAN_NOT_BE_NULL", array('$var_name' ))); } if (isset($arrayData["VAR_FIELD_TYPE"])) { $arrayData["VAR_FIELD_TYPE"] = $this->validateVarFieldType($arrayData["VAR_FIELD_TYPE"]); $variable->setVarFieldType($arrayData["VAR_FIELD_TYPE"]); } else { - throw new \Exception(\G::LoadTranslation("ID_CAN_NOT_BE_NULL", array('$var_field_type' ))); + throw new Exception(G::LoadTranslation("ID_CAN_NOT_BE_NULL", array('$var_field_type' ))); } if (isset($arrayData["VAR_FIELD_SIZE"])) { $variable->setVarFieldSize($arrayData["VAR_FIELD_SIZE"]); @@ -57,7 +56,7 @@ class Variable if (isset($arrayData["VAR_LABEL"])) { $variable->setVarLabel($arrayData["VAR_LABEL"]); } else { - throw new \Exception(\G::LoadTranslation("ID_CAN_NOT_BE_NULL", array('$var_label' ))); + throw new Exception(G::LoadTranslation("ID_CAN_NOT_BE_NULL", array('$var_label' ))); } if (isset($arrayData["VAR_DBCONNECTION"])) { $variable->setVarDbconnection($arrayData["VAR_DBCONNECTION"]); @@ -78,7 +77,7 @@ class Variable $variable->setVarDefault($arrayData["VAR_DEFAULT"]); } if (isset($arrayData["VAR_ACCEPTED_VALUES"])) { - $encodeAcceptedValues = \G::json_encode($arrayData["VAR_ACCEPTED_VALUES"]); + $encodeAcceptedValues = G::json_encode($arrayData["VAR_ACCEPTED_VALUES"]); $variable->setVarAcceptedValues($encodeAcceptedValues); } if (isset($arrayData["INP_DOC_UID"])) { @@ -94,10 +93,10 @@ class Variable $msg = $msg . (($msg != "")? "\n" : "") . $validationFailure->getMessage(); } - throw new \Exception(\G::LoadTranslation("ID_RECORD_CANNOT_BE_CREATED") . "\n" . $msg); + throw new Exception(G::LoadTranslation("ID_RECORD_CANNOT_BE_CREATED") . "\n" . $msg); } - } catch (\Exception $e) { + } catch (Exception $e) { $cnn->rollback(); throw $e; @@ -108,7 +107,7 @@ class Variable return $variable; - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -120,7 +119,8 @@ class Variable * @param string $variableUid Unique id of Variable * @param array $arrayData Data * - * return array Return data of the Variable updated + * @return array,return data of the Variable updated + * @throws Exception */ public function update($processUid, $variableUid, $arrayData) { @@ -128,7 +128,6 @@ class Variable //Verify data Validator::proUid($processUid, '$prj_uid'); $arrayData = array_change_key_case($arrayData, CASE_UPPER); - $this->throwExceptionFieldDefinition($arrayData); //Update @@ -150,7 +149,6 @@ class Variable $cnn->begin(); if (isset($arrayData["VAR_NAME"])) { $this->existsName($processUid, $arrayData["VAR_NAME"], $variableUid); - $variable->setVarName($arrayData["VAR_NAME"]); } if (isset($arrayData["VAR_FIELD_TYPE"])) { @@ -176,7 +174,7 @@ class Variable $variable->setVarDefault($arrayData["VAR_DEFAULT"]); } if (isset($arrayData["VAR_ACCEPTED_VALUES"])) { - $encodeAcceptedValues = \G::json_encode($arrayData["VAR_ACCEPTED_VALUES"]); + $encodeAcceptedValues = G::json_encode($arrayData["VAR_ACCEPTED_VALUES"]); $variable->setVarAcceptedValues($encodeAcceptedValues); } if (isset($arrayData["INP_DOC_UID"])) { @@ -206,15 +204,15 @@ class Variable $msg = $msg . (($msg != "")? "\n" : "") . $validationFailure->getMessage(); } - throw new \Exception(\G::LoadTranslation("ID_RECORD_CANNOT_BE_CREATED") . "\n" . $msg); + throw new Exception(G::LoadTranslation("ID_RECORD_CANNOT_BE_CREATED") . "\n" . $msg); } - } catch (\Exception $e) { + } catch (Exception $e) { $cnn->rollback(); throw $e; } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -225,35 +223,31 @@ class Variable * @param string $processUid Unique id of Process * @param string $variableUid Unique id of Variable * - * return void + * @return void + * @throws Exception */ public function delete($processUid, $variableUid) { try { //Verify data Validator::proUid($processUid, '$prj_uid'); - $this->throwExceptionIfNotExistsVariable($variableUid); - //Verify variable $this->throwExceptionIfVariableIsAssociatedAditionalTable($variableUid); - $variable = $this->getVariable($processUid, $variableUid); $pmDynaform = new \pmDynaform(); $isUsed = $pmDynaform->isUsed($processUid, $variable); if ($isUsed !== false) { $titleDynaform=$pmDynaform->getDynaformTitle($isUsed); - throw new \Exception(\G::LoadTranslation("ID_VARIABLE_IN_USE", array($titleDynaform))); + throw new Exception(G::LoadTranslation("ID_VARIABLE_IN_USE", array($titleDynaform))); } //Delete $criteria = new \Criteria("workflow"); - $criteria->add(\ProcessVariablesPeer::VAR_UID, $variableUid); - \ProcessVariablesPeer::doDelete($criteria); - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -263,19 +257,18 @@ class Variable * @param string $processUid Unique id of Process * @param string $variableUid Unique id of Variable * - * return array Return an array with data of a Variable + * @return array, return an array with data of a Variable + * @throws Exception */ public function getVariable($processUid, $variableUid) { try { //Verify data Validator::proUid($processUid, '$prj_uid'); - $this->throwExceptionIfNotExistsVariable($variableUid); //Get data $criteria = new \Criteria("workflow"); - $criteria->addSelectColumn(\ProcessVariablesPeer::VAR_UID); $criteria->addSelectColumn(\ProcessVariablesPeer::PRJ_UID); $criteria->addSelectColumn(\ProcessVariablesPeer::VAR_NAME); @@ -292,23 +285,18 @@ class Variable $criteria->addSelectColumn(\DbSourcePeer::DBS_PORT); $criteria->addSelectColumn(\DbSourcePeer::DBS_DATABASE_NAME); $criteria->addSelectColumn(\DbSourcePeer::DBS_TYPE); - $criteria->add(\ProcessVariablesPeer::PRJ_UID, $processUid, \Criteria::EQUAL); $criteria->add(\ProcessVariablesPeer::VAR_UID, $variableUid, \Criteria::EQUAL); $criteria->addJoin(\ProcessVariablesPeer::VAR_DBCONNECTION, \DbSourcePeer::DBS_UID, \Criteria::LEFT_JOIN); - $rsCriteria = \ProcessVariablesPeer::doSelectRS($criteria); - $rsCriteria->setFetchmode(\ResultSet::FETCHMODE_ASSOC); - $rsCriteria->next(); $arrayVariables = array(); - while ($aRow = $rsCriteria->getRow()) { - $VAR_ACCEPTED_VALUES = \G::json_decode($aRow['VAR_ACCEPTED_VALUES'], true); + $VAR_ACCEPTED_VALUES = G::json_decode($aRow['VAR_ACCEPTED_VALUES'], true); if(sizeof($VAR_ACCEPTED_VALUES)) { - $encodeAcceptedValues = preg_replace("/\\\\u([a-f0-9]{4})/e", "iconv('UCS-4LE','UTF-8',pack('V', hexdec('U$1')))", \G::json_encode($VAR_ACCEPTED_VALUES)); + $encodeAcceptedValues = preg_replace("/\\\\u([a-f0-9]{4})/e", "iconv('UCS-4LE','UTF-8',pack('V', hexdec('U$1')))", G::json_encode($VAR_ACCEPTED_VALUES)); } else { $encodeAcceptedValues = $aRow['VAR_ACCEPTED_VALUES']; } @@ -331,7 +319,7 @@ class Variable //Return return $arrayVariables; - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -342,7 +330,8 @@ class Variable * * @param string $processUid Unique id of Process * - * return array Return an array with data of a DynaForm + * @return array, return an array with data of a DynaForm + * @throws Exception */ public function getVariables($processUid) { @@ -352,7 +341,6 @@ class Variable //Get data $criteria = new \Criteria("workflow"); - $criteria->addSelectColumn(\ProcessVariablesPeer::VAR_UID); $criteria->addSelectColumn(\ProcessVariablesPeer::PRJ_UID); $criteria->addSelectColumn(\ProcessVariablesPeer::VAR_NAME); @@ -369,22 +357,17 @@ class Variable $criteria->addSelectColumn(\DbSourcePeer::DBS_PORT); $criteria->addSelectColumn(\DbSourcePeer::DBS_DATABASE_NAME); $criteria->addSelectColumn(\DbSourcePeer::DBS_TYPE); - $criteria->add(\ProcessVariablesPeer::PRJ_UID, $processUid, \Criteria::EQUAL); $criteria->addJoin(\ProcessVariablesPeer::VAR_DBCONNECTION, \DbSourcePeer::DBS_UID . " AND " . \DbSourcePeer::PRO_UID . " = '" . $processUid . "'", \Criteria::LEFT_JOIN); - $rsCriteria = \ProcessVariablesPeer::doSelectRS($criteria); - $rsCriteria->setFetchmode(\ResultSet::FETCHMODE_ASSOC); - $rsCriteria->next(); $arrayVariables = array(); - while ($aRow = $rsCriteria->getRow()) { - $VAR_ACCEPTED_VALUES = \G::json_decode($aRow['VAR_ACCEPTED_VALUES'], true); + $VAR_ACCEPTED_VALUES = G::json_decode($aRow['VAR_ACCEPTED_VALUES'], true); if(sizeof($VAR_ACCEPTED_VALUES)) { - $encodeAcceptedValues = preg_replace("/\\\\u([a-f0-9]{4})/e", "iconv('UCS-4LE','UTF-8',pack('V', hexdec('U$1')))", \G::json_encode($VAR_ACCEPTED_VALUES)); + $encodeAcceptedValues = preg_replace("/\\\\u([a-f0-9]{4})/e", "iconv('UCS-4LE','UTF-8',pack('V', hexdec('U$1')))", G::json_encode($VAR_ACCEPTED_VALUES)); } else { $encodeAcceptedValues = $aRow['VAR_ACCEPTED_VALUES']; } @@ -407,7 +390,7 @@ class Variable //Return return $arrayVariables; - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -416,7 +399,8 @@ class Variable * Verify field definition * * @param array $aData Unique id of Variable to exclude - * + * @return void + * @throws Exception */ public function throwExceptionFieldDefinition($aData) { @@ -428,10 +412,6 @@ class Variable if (isset($aData["VAR_FIELD_TYPE"])) { Validator::isString($aData['VAR_FIELD_TYPE'], '$var_field_type'); Validator::isNotEmpty($aData['VAR_FIELD_TYPE'], '$var_field_type'); - /*if ($aData["VAR_FIELD_TYPE"] != 'string' && $aData["VAR_FIELD_TYPE"] != 'integer' && $aData["VAR_FIELD_TYPE"] != 'boolean' && $aData["VAR_FIELD_TYPE"] != 'float' && - $aData["VAR_FIELD_TYPE"] != 'datetime' && $aData["VAR_FIELD_TYPE"] != 'date_of_birth' && $aData["VAR_FIELD_TYPE"] != 'date') { - throw new \Exception(\G::LoadTranslation("ID_INVALID_VALUE_FOR", array('$var_field_type'))); - }*/ } if (isset($aData["VAR_FIELD_SIZE"])) { Validator::isInteger($aData["VAR_FIELD_SIZE"], '$var_field_size'); @@ -449,10 +429,10 @@ class Variable if (isset($aData["VAR_NULL"])) { Validator::isInteger($aData['VAR_NULL'], '$var_null'); if ($aData["VAR_NULL"] != 0 && $aData["VAR_NULL"] !=1 ) { - throw new \Exception(\G::LoadTranslation("ID_INVALID_VALUE_ONLY_ACCEPTS_VALUES", array('$var_null','0, 1' ))); + throw new Exception(G::LoadTranslation("ID_INVALID_VALUE_ONLY_ACCEPTS_VALUES", array('$var_null','0, 1' ))); } } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -460,8 +440,10 @@ class Variable /** * Verify if exists the name of a variable * - * @param string $processUid Unique id of Process - * @param string $variableName Name + * @param string $processUid, unique id of Process + * @param string $variableName, name of variable + * @param string $variableUidToExclude + * @throws Exception * */ public function existsName($processUid, $variableName, $variableUidToExclude = "") @@ -471,25 +453,23 @@ class Variable $criteria->addSelectColumn(\ProcessVariablesPeer::VAR_UID); $criteria->addSelectColumn(\ProcessVariablesPeer::VAR_NAME); - if ($variableUidToExclude != "") { $criteria->add(\ProcessVariablesPeer::VAR_UID, $variableUidToExclude, \Criteria::NOT_EQUAL); } - - $criteria->add(\ProcessVariablesPeer::VAR_NAME, $variableName, \Criteria::EQUAL); $criteria->add(\ProcessVariablesPeer::PRJ_UID, $processUid, \Criteria::EQUAL); $rsCriteria = \ProcessVariablesPeer::doSelectRS($criteria); - $rsCriteria->setFetchmode(\ResultSet::FETCHMODE_ASSOC); while ($rsCriteria->next()) { $row = $rsCriteria->getRow(); - - if ($variableName == $row["VAR_NAME"]) { - throw new \Exception(\G::LoadTranslation("DYNAFIELD_ALREADY_EXIST")); + if ($variableName === $row["VAR_NAME"]) { + throw new Exception(G::LoadTranslation("DYNAFIELD_ALREADY_EXIST")); + } + if (AdditionalTables::getPHPName($variableName) === AdditionalTables::getPHPName($row["VAR_NAME"])) { + throw new Exception(G::LoadTranslation("DYNAFIELD_PHPNAME_ALREADY_EXIST", array($row["VAR_NAME"]))); } } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -499,21 +479,20 @@ class Variable * * @param string $sql SQL * - * return array Return an array with required variables in the SQL + * @return array, return an array with required variables in the SQL + * @throws Exception */ public function sqlGetRequiredVariables($sql) { try { $arrayVariableRequired = array(); - preg_match_all("/@[@%#\?\x24\=]([A-Za-z_]\w*)/", $sql, $arrayMatch, PREG_SET_ORDER); - foreach ($arrayMatch as $value) { $arrayVariableRequired[] = $value[1]; } return $arrayVariableRequired; - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -525,17 +504,17 @@ class Variable * @param string $variableSql SQL * @param array $arrayVariable The variables * - * return void Throw exception if some required variable in the SQL is missing in the variables + * @return void Throw exception if some required variable in the SQL is missing in the variables + * @throws Exception */ public function throwExceptionIfSomeRequiredVariableSqlIsMissingInVariables($variableName, $variableSql, array $arrayVariable) { try { $arrayResult = array_diff(array_unique($this->sqlGetRequiredVariables($variableSql)), array_keys($arrayVariable)); - if (count($arrayResult) > 0) { - throw new \Exception(\G::LoadTranslation("ID_PROCESS_VARIABLE_REQUIRED_VARIABLES_FOR_QUERY", array($variableName, implode(", ", $arrayResult)))); + throw new Exception(G::LoadTranslation("ID_PROCESS_VARIABLE_REQUIRED_VARIABLES_FOR_QUERY", array($variableName, implode(", ", $arrayResult)))); } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -547,13 +526,14 @@ class Variable * @param string $variableName Variable name * @param array $arrayVariable The variables * - * return array Return an array with all records + * @return array, return an array with all records + * @throws Exception */ public function executeSql($processUid, $variableName, array $arrayVariable = array()) { try { return $this->executeSqlControl($processUid, $arrayVariable); - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -563,7 +543,8 @@ class Variable * * @param string $variableUid Unique id of variable * - * return void Throw exception if does not exist the variable in table PROCESS_VARIABLES + * @return void + * @throws Exception, throw exception if does not exist the variable in table PROCESS_VARIABLES */ public function throwExceptionIfNotExistsVariable($variableUid) { @@ -571,9 +552,9 @@ class Variable $obj = \ProcessVariablesPeer::retrieveByPK($variableUid); if (is_null($obj)) { - throw new \Exception('var_uid: '.$variableUid. ' '.\G::LoadTranslation("ID_DOES_NOT_EXIST")); + throw new Exception('var_uid: '.$variableUid. ' '.G::LoadTranslation("ID_DOES_NOT_EXIST")); } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -584,30 +565,25 @@ class Variable * @param string $variableUid Unique id of variable * * @return void Throw exception + * @throws Exception */ public function throwExceptionIfVariableIsAssociatedAditionalTable($variableUid) { try { $criteria = new \Criteria('workflow'); - $criteria->addSelectColumn(\ProcessVariablesPeer::VAR_UID); - $criteria->addJoin(\ProcessVariablesPeer::PRJ_UID, \AdditionalTablesPeer::PRO_UID, \Criteria::INNER_JOIN); - $arrayCondition = []; $arrayCondition[] = array(\AdditionalTablesPeer::ADD_TAB_UID, \FieldsPeer::ADD_TAB_UID, \Criteria::EQUAL); $arrayCondition[] = array(\ProcessVariablesPeer::VAR_NAME, \FieldsPeer::FLD_NAME, \Criteria::EQUAL); $criteria->addJoinMC($arrayCondition, \Criteria::INNER_JOIN); - $criteria->add(\ProcessVariablesPeer::VAR_UID, $variableUid, \Criteria::EQUAL); - $rsCriteria = \ProcessVariablesPeer::doSelectRS($criteria); $rsCriteria->setFetchmode(\ResultSet::FETCHMODE_ASSOC); - if ($rsCriteria->next()) { - throw new \Exception(\G::LoadTranslation('ID_VARIABLE_ASSOCIATED_WITH_REPORT_TABLE', array($variableUid))); + throw new Exception(G::LoadTranslation('ID_VARIABLE_ASSOCIATED_WITH_REPORT_TABLE', array($variableUid))); } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -615,8 +591,10 @@ class Variable /** * Verify if the variable is being used in a Dynaform * - * @param string $processUid Unique id of Process - * @param string $variableUid Unique id of Variable + * @param string $processUid, Unique id of Process + * @param string $variableUid, Unique id of Variable + * @return void + * @throws Exception * */ public function verifyUse($processUid, $variableUid) @@ -631,10 +609,8 @@ class Variable $rsCriteria->setFetchmode(\ResultSet::FETCHMODE_ASSOC); while ($rsCriteria->next()) { - $row = $rsCriteria->getRow(); - - $contentDecode = \G::json_decode($row["DYN_CONTENT"], true); + $contentDecode = G::json_decode($row["DYN_CONTENT"], true); $content = $contentDecode['items'][0]['items']; if (is_array($content)) { foreach ($content as $key => $value) { @@ -649,14 +625,14 @@ class Variable $rsCriteria->next(); if ($rsCriteria->getRow()) { - throw new \Exception(\G::LoadTranslation("ID_VARIABLE_IN_USE", array($variableUid, $row["DYN_UID"]))); + throw new Exception(G::LoadTranslation("ID_VARIABLE_IN_USE", array($variableUid, $row["DYN_UID"]))); } } } } } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -668,13 +644,14 @@ class Variable * @param string $variableName Variable name * @param array $arrayVariable The variables * - * return array Return an array with all records + * @return array, return an array with all records + * @throws Exception */ public function executeSqlSuggest($processUid, $variableName, array $arrayVariable = array()) { try { return $this->executeSqlControl($processUid, $arrayVariable); - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -698,7 +675,7 @@ class Variable return sizeof($row) ? $row : false; } return false; - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -712,7 +689,8 @@ class Variable * @param bool $throwException Flag to throw the exception if the main parameters are invalid or do not exist * (TRUE: throw the exception; FALSE: returns FALSE) * - * @return array Returns an array with Variable record, ThrowTheException/FALSE otherwise + * @return array, returns an array with Variable record + * @throws Exception, ThrowTheException/FALSE otherwise */ public function getVariableRecordByName( $projectUid, @@ -722,20 +700,17 @@ class Variable ) { try { $criteria = new \Criteria('workflow'); - $criteria->add(\ProcessVariablesPeer::PRJ_UID, $projectUid, \Criteria::EQUAL); $criteria->add(\ProcessVariablesPeer::VAR_NAME, $variableName, \Criteria::EQUAL); - $rsCriteria = \ProcessVariablesPeer::doSelectRS($criteria); $rsCriteria->setFetchmode(\ResultSet::FETCHMODE_ASSOC); - if ($rsCriteria->next()) { $arrayVariableData = $rsCriteria->getRow(); } else { if ($throwException) { - throw new \Exception( + throw new Exception( $arrayVariableNameForException['$variableName'] . ': ' . $variableName. ' ' . - \G::LoadTranslation('ID_DOES_NOT_EXIST') + G::LoadTranslation('ID_DOES_NOT_EXIST') ); } else { return false; @@ -744,7 +719,7 @@ class Variable //Return return $arrayVariableData; - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -753,7 +728,7 @@ class Variable { $vType = strtolower($type); if(!in_array($vType, $this->variableTypes)) { - throw new \Exception(\G::LoadTranslation("ID_RECORD_CANNOT_BE_CREATED")); + throw new Exception(G::LoadTranslation("ID_RECORD_CANNOT_BE_CREATED")); } return $vType; } @@ -774,7 +749,7 @@ class Variable * @param type $proUid * @param array $params * @return array - * @throws \Exception + * @throws Exception */ public function executeSqlControl($proUid, array $params = array()) { @@ -829,7 +804,7 @@ class Variable } } return $result; - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } From 528132230a305df6cc04ddd903a8853b9470e0ca Mon Sep 17 00:00:00 2001 From: Paula Quispe Date: Thu, 10 Aug 2017 10:02:38 -0400 Subject: [PATCH 19/52] PR observations --- workflow/engine/src/ProcessMaker/BusinessModel/Variable.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Variable.php b/workflow/engine/src/ProcessMaker/BusinessModel/Variable.php index b1d95a4c8..a8cb0d838 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Variable.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Variable.php @@ -1,9 +1,9 @@ Date: Thu, 10 Aug 2017 11:35:13 -0400 Subject: [PATCH 20/52] HOR-3658 --- gulliver/system/class.bootstrap.php | 85 +++++++++++++++++++++++++++++ 1 file changed, 85 insertions(+) diff --git a/gulliver/system/class.bootstrap.php b/gulliver/system/class.bootstrap.php index 267c84725..2b74c2fc9 100644 --- a/gulliver/system/class.bootstrap.php +++ b/gulliver/system/class.bootstrap.php @@ -14,6 +14,27 @@ class Bootstrap //below here only approved methods + /** + * @deprecated + */ + public static function autoloadClass($class) + { + } + + /** + * @deprecated + */ + public static function registerClass($className, $includePath) + { + } + + /** + * @deprecated + */ + public static function registerDir($name, $dir) + { + } + /* * these functions still under revision */ @@ -22,6 +43,12 @@ class Bootstrap { return PmSystem::getSystemConfiguration($globalIniFile, $wsIniFile, $wsName); } + /** + * @deprecated + */ + public static function registerSystemClasses() + { + } //below this line, still not approved methods @@ -122,6 +149,19 @@ class Bootstrap $smarty->display($template); } + /** + * Load Gulliver Classes + * + * @author Fernando Ontiveros Lira + * @access public + * @param string $strClass + * @return void + * @deprecated + */ + public static function LoadSystem($strClass) + { + } + /** * Get the temporal directory path on differents O.S. * i.e. /temp -> linux, C:/Temp -> win @@ -411,6 +451,34 @@ class Bootstrap return $content; } + /** + * If the class is not defined by the aplication, it + * attempt to load the class from gulliver.system + * + * @author Fernando Ontiveros Lira , David S. Callizaya + * @access public + * @param string $strClass + * @return void + * @deprecated + */ + public static function LoadClass($strClass) + { + } + + /** + * Loads a Class. + * If the class is not defined by the aplication, it + * attempt to load the class from gulliver.system + * + * @author Fernando Ontiveros Lira , David S. Callizaya + * @access public + * @param string $strClass + * @return void + * @deprecated + */ + public static function LoadThirdParty($sPath, $sFile) + { + } /** * Function LoadTranslationObject @@ -1948,6 +2016,16 @@ class Bootstrap return $result; } + /** + * + * @param unknown_type $model + * @return unknown + * @deprecated + */ + public function getModel($model) + { + } + /** * Create an encrypted unique identifier based on $id and the selected scope id. * @@ -2427,6 +2505,13 @@ class Bootstrap return strtoupper(PHP_OS) == "LINUX"; } + /** + * @deprecated + */ + public static function initVendors() + { + } + public static function parseIniFile($filename) { $data = @parse_ini_file($filename, true); From 90691b6d52b646be5f895bf0c688b181d987e1f8 Mon Sep 17 00:00:00 2001 From: hjonathan Date: Thu, 10 Aug 2017 12:29:25 -0400 Subject: [PATCH 21/52] fix the comments in CR --- workflow/engine/src/ProcessMaker/BusinessModel/DynaForm.php | 2 +- workflow/engine/src/ProcessMaker/BusinessModel/Process.php | 6 +++--- workflow/engine/src/ProcessMaker/BusinessModel/Table.php | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/DynaForm.php b/workflow/engine/src/ProcessMaker/BusinessModel/DynaForm.php index 3572075f3..976f53234 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/DynaForm.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/DynaForm.php @@ -155,7 +155,7 @@ class DynaForm while ($oDataset->next()) { $dataForms = $oDataset->getRow(); - $dynHandler = new \DynaformHandler(PATH_DYNAFORM . $proUid . PATH_SEP . $dataForms["DYN_UID"] . ".xml"); + $dynHandler = new DynaformHandler(PATH_DYNAFORM . $proUid . PATH_SEP . $dataForms["DYN_UID"] . ".xml"); $dynFields = $dynHandler->getFields(); foreach ($dynFields as $field) { $sType = \Step::getAttribute( $field, 'type' ); diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Process.php b/workflow/engine/src/ProcessMaker/BusinessModel/Process.php index 32d824580..c53fa6989 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Process.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Process.php @@ -1686,7 +1686,7 @@ class Process while ($aRow = $oDataset->getRow()) { if (is_file(PATH_DYNAFORM . $aRow['DYN_FILENAME'] . ".xml")) { - $dyn = new \DynaformHandler(PATH_DYNAFORM . $aRow['DYN_FILENAME'] . ".xml"); + $dyn = new DynaformHandler(PATH_DYNAFORM . $aRow['DYN_FILENAME'] . ".xml"); if ($dyn->getHeaderAttribute("type") !== "xmlform" && $dyn->getHeaderAttribute("type") !== "") { // skip it, if that is not a xmlform @@ -1739,7 +1739,7 @@ class Process $oDataset->next(); while ($aRow = $oDataset->getRow()) { if (is_file(PATH_DYNAFORM . $aRow['DYN_FILENAME'] . ".xml")) { - $dyn = new \DynaformHandler(PATH_DYNAFORM . $aRow['DYN_FILENAME'] . ".xml"); + $dyn = new DynaformHandler(PATH_DYNAFORM . $aRow['DYN_FILENAME'] . ".xml"); if ($dyn->getHeaderAttribute("type") === "xmlform") { // skip it, if that is not a xmlform @@ -1785,7 +1785,7 @@ class Process $aMultipleSelectionFields = array("listbox", "checkgroup", "grid"); if (is_file( PATH_DATA . '/sites/'. SYS_SYS .'/xmlForms/'. $proUid .'/'.$dynUid. '.xml' ) && filesize( PATH_DATA . '/sites/'. SYS_SYS .'/xmlForms/'. $proUid .'/'. $dynUid .'.xml' ) > 0) { - $dyn = new \DynaformHandler( PATH_DATA . '/sites/'. SYS_SYS .'/xmlForms/' .$proUid. '/' . $dynUid .'.xml' ); + $dyn = new DynaformHandler( PATH_DATA . '/sites/'. SYS_SYS .'/xmlForms/' .$proUid. '/' . $dynUid .'.xml' ); $dynaformFields[] = $dyn->getFields(); $fields = $dyn->getFields(); diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Table.php b/workflow/engine/src/ProcessMaker/BusinessModel/Table.php index a2c40c84d..4b0ebe3ec 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Table.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Table.php @@ -798,7 +798,7 @@ class Table while ($oDataset->next()) { $aRow = $oDataset->getRow(); if (file_exists( PATH_DYNAFORM . PATH_SEP . $aRow['DYN_FILENAME'] . '.xml' )) { - $dynaformHandler = new \DynaformHandler( PATH_DYNAFORM . $aRow['DYN_FILENAME'] . '.xml' ); + $dynaformHandler = new DynaformHandler( PATH_DYNAFORM . $aRow['DYN_FILENAME'] . '.xml' ); $nodeFieldsList = $dynaformHandler->getFields(); foreach ($nodeFieldsList as $node) { @@ -1052,7 +1052,7 @@ class Table while ($oDataset->next()) { $aRow = $oDataset->getRow(); - $dynaformHandler = new \DynaformHandler( PATH_DYNAFORM . $aRow['DYN_FILENAME'] . '.xml' ); + $dynaformHandler = new DynaformHandler( PATH_DYNAFORM . $aRow['DYN_FILENAME'] . '.xml' ); $nodeFieldsList = $dynaformHandler->getFields(); foreach ($nodeFieldsList as $node) { $arrayNode = $dynaformHandler->getArray( $node ); From fa2938a811a62fcd58ed820b2f84f1aa037bc263 Mon Sep 17 00:00:00 2001 From: Paula Quispe Date: Thu, 10 Aug 2017 12:35:35 -0400 Subject: [PATCH 22/52] Deprecated functions --- gulliver/system/class.bootstrap.php | 42 +++++++---------------------- gulliver/system/class.g.php | 38 +++++--------------------- 2 files changed, 15 insertions(+), 65 deletions(-) diff --git a/gulliver/system/class.bootstrap.php b/gulliver/system/class.bootstrap.php index 2b74c2fc9..b70b2bcef 100644 --- a/gulliver/system/class.bootstrap.php +++ b/gulliver/system/class.bootstrap.php @@ -15,21 +15,21 @@ class Bootstrap //below here only approved methods /** - * @deprecated + * @deprecated 3.2.2, We keep this function only for backwards compatibility because is used in the plugin manager */ public static function autoloadClass($class) { } /** - * @deprecated + * @deprecated 3.2.2, We keep this function only for backwards compatibility because is used in the plugin manager */ public static function registerClass($className, $includePath) { } /** - * @deprecated + * @deprecated 3.2.2, We keep this function only for backwards compatibility because is used in the plugin manager */ public static function registerDir($name, $dir) { @@ -44,7 +44,7 @@ class Bootstrap return PmSystem::getSystemConfiguration($globalIniFile, $wsIniFile, $wsName); } /** - * @deprecated + * @deprecated 3.2.2, We keep this function only for backwards compatibility because is used in the plugin manager */ public static function registerSystemClasses() { @@ -150,13 +150,7 @@ class Bootstrap } /** - * Load Gulliver Classes - * - * @author Fernando Ontiveros Lira - * @access public - * @param string $strClass - * @return void - * @deprecated + * @deprecated 3.2.2, We keep this function only for backwards compatibility because is used in the plugin manager */ public static function LoadSystem($strClass) { @@ -452,29 +446,14 @@ class Bootstrap return $content; } /** - * If the class is not defined by the aplication, it - * attempt to load the class from gulliver.system - * - * @author Fernando Ontiveros Lira , David S. Callizaya - * @access public - * @param string $strClass - * @return void - * @deprecated + * @deprecated 3.2.2, We keep this function only for backwards compatibility because is used in the plugin manager */ public static function LoadClass($strClass) { } /** - * Loads a Class. - * If the class is not defined by the aplication, it - * attempt to load the class from gulliver.system - * - * @author Fernando Ontiveros Lira , David S. Callizaya - * @access public - * @param string $strClass - * @return void - * @deprecated + * @deprecated 3.2.2, We keep this function only for backwards compatibility because is used in the plugin manager */ public static function LoadThirdParty($sPath, $sFile) { @@ -2017,10 +1996,7 @@ class Bootstrap } /** - * - * @param unknown_type $model - * @return unknown - * @deprecated + * @deprecated 3.2.2, We keep this function only for backwards compatibility because is used in the plugin manager */ public function getModel($model) { @@ -2506,7 +2482,7 @@ class Bootstrap } /** - * @deprecated + * @deprecated 3.2.2, We keep this function only for backwards compatibility because is used in the plugin manager */ public static function initVendors() { diff --git a/gulliver/system/class.g.php b/gulliver/system/class.g.php index 435eca3e4..692d2274e 100644 --- a/gulliver/system/class.g.php +++ b/gulliver/system/class.g.php @@ -44,11 +44,7 @@ class G public static $httpHost; /** - * Load Gulliver Classes - * @access public - * @param string $strClass - * @return void - * @deprecated 08-04-2017 + * @deprecated 3.2.2, We keep this function only for backwards compatibility because is used in the plugin manager */ public static function LoadSystem($strClass) { @@ -56,11 +52,7 @@ class G } /** - * Load System Classes - * @access public - * @param string $strClass - * @return void - * @deprecated 08-04-2017 + * @deprecated 3.2.2, We keep this function only for backwards compatibility because is used in the plugin manager */ public function LoadSystemExist($strClass) { @@ -68,11 +60,7 @@ class G } /** - * Include javascript files - * @access public - * @param string $strClass - * @return void - * @deprecated 08-04-2017 + * @deprecated 3.2.2, We keep this function only for backwards compatibility because is used in the plugin manager */ public function LoadInclude($strClass) { @@ -80,11 +68,7 @@ class G } /** - * public function LoadClassRBAC - * @access public - * @param string $strClass - * @return void - * @deprecated 08-04-2017 + * @deprecated 3.2.2, We keep this function only for backwards compatibility because is used in the plugin manager */ public function LoadClassRBAC($strClass) { @@ -92,12 +76,7 @@ class G } /** - * If the class is not defined by the aplication, it - * attempt to load the class from gulliver.system - * @access public - * @param string $strClass - * @return void - * @deprecated 08-04-2017 + * @deprecated 3.2.2, We keep this function only for backwards compatibility because is used in the plugin manager */ public static function LoadClass($strClass) { @@ -105,12 +84,7 @@ class G } /** - * public function LoadThirdParty - * @access public - * @param string $sPath - * @param string $sFile - * @return void - * @deprecated 08-04-2017 + * @deprecated 3.2.2, We keep this function only for backwards compatibility because is used in the plugin manager */ public static function LoadThirdParty($sPath, $sFile) { From 565d239404ee18751435d2108fd259ff4e15ae34 Mon Sep 17 00:00:00 2001 From: Paula Quispe Date: Thu, 10 Aug 2017 10:43:44 -0400 Subject: [PATCH 23/52] HOR-3652 --- .../src/ProcessMaker/BusinessModel/Cases.php | 198 +++++++++--------- 1 file changed, 104 insertions(+), 94 deletions(-) diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php b/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php index e97ab85a0..92e2f312a 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php @@ -1,9 +1,13 @@ @@ -25,7 +29,7 @@ class Cases { try { $this->formatFieldNameInUppercase = $flag; - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -41,7 +45,7 @@ class Cases { try { return ($this->formatFieldNameInUppercase)? strtoupper($fieldName) : strtolower($fieldName); - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -56,7 +60,7 @@ class Cases */ private function throwExceptionCaseDoesNotExist($applicationUid, $fieldNameForException) { - throw new \Exception(\G::LoadTranslation( + throw new Exception(\G::LoadTranslation( 'ID_CASE_DOES_NOT_EXIST2', [$fieldNameForException, $applicationUid] )); } @@ -86,7 +90,7 @@ class Cases if ($flag) { $this->throwExceptionCaseDoesNotExist($applicationUid, $fieldNameForException); } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -121,7 +125,7 @@ class Cases //Return return $obj->toArray(\BasePeer::TYPE_FIELDNAME); - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -148,7 +152,7 @@ class Cases if (is_null($obj)) { if ($throwException) { - throw new \Exception(\G::LoadTranslation( + throw new Exception(\G::LoadTranslation( 'ID_CASE_DEL_INDEX_DOES_NOT_EXIST', [ $arrayVariableNameForException['$applicationUid'], @@ -164,7 +168,7 @@ class Cases //Return return $obj->toArray(\BasePeer::TYPE_FIELDNAME); - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -208,7 +212,7 @@ class Cases //Return return $arrayListCounter; - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -461,11 +465,11 @@ class Cases if (!isset($row)) { continue; } - $ws = new \wsBase(); + $ws = new wsBase(); $fields = $ws->getCaseInfo($applicationUid, $row["DEL_INDEX"]); $array = json_decode(json_encode($fields), true); if ($array ["status_code"] != 0) { - throw (new \Exception($array ["message"])); + throw (new Exception($array ["message"])); } else { $array['app_uid'] = $array['caseId']; $array['app_number'] = $array['caseNumber']; @@ -525,15 +529,15 @@ class Cases "app_name" => $e->getMessage(), "del_index" => $e->getMessage(), "pro_uid" => $e->getMessage()); - throw (new \Exception($arrayData)); + throw (new Exception($arrayData)); } } else { - $ws = new \wsBase(); + $ws = new wsBase(); $fields = $ws->getCaseInfo($applicationUid, 0); $array = json_decode(json_encode($fields), true); if ($array ["status_code"] != 0) { - throw (new \Exception($array ["message"])); + throw (new Exception($array ["message"])); } else { $array['app_uid'] = $array['caseId']; $array['app_number'] = $array['caseNumber']; @@ -591,7 +595,7 @@ class Cases //Return return $oResponse; } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -620,7 +624,7 @@ class Cases $rsCriteria = \ApplicationPeer::doSelectRS($criteria); if ($rsCriteria->next()) { - throw new \Exception(\G::LoadTranslation("ID_CASE_NO_CURRENT_TASKS_BECAUSE_CASE_ITS_COMPLETED", array($this->getFieldNameByFormatFieldName("APP_UID"), $applicationUid))); + throw new Exception(\G::LoadTranslation("ID_CASE_NO_CURRENT_TASKS_BECAUSE_CASE_ITS_COMPLETED", array($this->getFieldNameByFormatFieldName("APP_UID"), $applicationUid))); } //Get data @@ -628,8 +632,8 @@ class Cases $oCriteria = new \Criteria( 'workflow' ); $del = \DBAdapter::getStringDelimiter(); - $oCriteria->addSelectColumn( \AppDelegationPeer::DEL_INDEX ); - $oCriteria->addSelectColumn( \AppDelegationPeer::TAS_UID ); + $oCriteria->addSelectColumn(\AppDelegationPeer::DEL_INDEX); + $oCriteria->addSelectColumn(\AppDelegationPeer::TAS_UID); $oCriteria->addSelectColumn(\AppDelegationPeer::DEL_INIT_DATE); $oCriteria->addSelectColumn(\AppDelegationPeer::DEL_TASK_DUE_DATE); $oCriteria->addSelectColumn(\TaskPeer::TAS_TITLE); @@ -651,11 +655,11 @@ class Cases } //Return if (empty($result)) { - throw new \Exception(\G::LoadTranslation("ID_CASES_INCORRECT_INFORMATION", array($applicationUid))); + throw new Exception(\G::LoadTranslation("ID_CASES_INCORRECT_INFORMATION", array($applicationUid))); } else { return $result; } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -674,19 +678,19 @@ class Cases { try { - $ws = new \wsBase(); + $ws = new wsBase(); if ($variables) { $variables = array_shift($variables); } Validator::proUid($processUid, '$pro_uid'); $oTask = new \Task(); if (! $oTask->taskExists($taskUid)) { - throw new \Exception(\G::LoadTranslation("ID_INVALID_VALUE_FOR", array('tas_uid'))); + throw new Exception(\G::LoadTranslation("ID_INVALID_VALUE_FOR", array('tas_uid'))); } $fields = $ws->newCase($processUid, $userUid, $taskUid, $variables); $array = json_decode(json_encode($fields), true); if ($array ["status_code"] != 0) { - throw (new \Exception($array ["message"])); + throw (new Exception($array ["message"])); } else { $array['app_uid'] = $array['caseId']; $array['app_number'] = $array['caseNumber']; @@ -699,7 +703,7 @@ class Cases $oResponse = json_decode(json_encode($array), false); //Return return $oResponse; - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -718,7 +722,7 @@ class Cases { try { - $ws = new \wsBase(); + $ws = new wsBase(); if ($variables) { $variables = array_shift($variables); } elseif ($variables == null) { @@ -727,17 +731,17 @@ class Cases Validator::proUid($processUid, '$pro_uid'); $user = new \Users(); if (! $user->userExists( $userUid )) { - throw new \Exception(\G::LoadTranslation("ID_INVALID_VALUE_FOR", array('usr_uid'))); + throw new Exception(\G::LoadTranslation("ID_INVALID_VALUE_FOR", array('usr_uid'))); } $fields = $ws->newCaseImpersonate($processUid, $userUid, $variables, $taskUid); $array = json_decode(json_encode($fields), true); if ($array ["status_code"] != 0) { if ($array ["status_code"] == 12) { - throw (new \Exception(\G::loadTranslation('ID_NO_STARTING_TASK') . '. tas_uid.')); + throw (new Exception(\G::loadTranslation('ID_NO_STARTING_TASK') . '. tas_uid.')); } elseif ($array ["status_code"] == 13) { - throw (new \Exception(\G::loadTranslation('ID_MULTIPLE_STARTING_TASKS') . '. tas_uid.')); + throw (new Exception(\G::loadTranslation('ID_MULTIPLE_STARTING_TASKS') . '. tas_uid.')); } - throw (new \Exception($array ["message"])); + throw (new Exception($array ["message"])); } else { $array['app_uid'] = $array['caseId']; $array['app_number'] = $array['caseNumber']; @@ -750,7 +754,7 @@ class Cases $oResponse = json_decode(json_encode($array), false); //Return return $oResponse; - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -770,24 +774,24 @@ class Cases { try { if (!$delIndex) { - $delIndex = \AppDelegation::getCurrentIndex($applicationUid); + $delIndex = AppDelegation::getCurrentIndex($applicationUid); } - $ws = new \wsBase(); + $ws = new wsBase(); $fields = $ws->reassignCase($userUid, $applicationUid, $delIndex, $userUidSource, $userUidTarget); $array = json_decode(json_encode($fields), true); if (array_key_exists("status_code", $array)) { if ($array ["status_code"] != 0) { - throw (new \Exception($array ["message"])); + throw (new Exception($array ["message"])); } else { unset($array['status_code']); unset($array['message']); unset($array['timestamp']); } } else { - throw new \Exception(\G::LoadTranslation("ID_CASES_INCORRECT_INFORMATION", array($applicationUid))); + throw new Exception(\G::LoadTranslation("ID_CASES_INCORRECT_INFORMATION", array($applicationUid))); } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -813,14 +817,14 @@ class Cases Validator::usrUid($usr_uid, '$usr_uid'); if ($del_index === false) { - $del_index = \AppDelegation::getCurrentIndex($app_uid); + $del_index = AppDelegation::getCurrentIndex($app_uid); } Validator::isInteger($del_index, '$del_index'); $case = new \Cases(); $fields = $case->loadCase($app_uid); if ($fields['APP_STATUS'] == 'CANCELLED') { - throw (new \Exception(\G::LoadTranslation("ID_CASE_ALREADY_CANCELED", array($app_uid)))); + throw (new Exception(\G::LoadTranslation("ID_CASE_ALREADY_CANCELED", array($app_uid)))); } $appCacheView = new \AppCacheView(); @@ -839,7 +843,7 @@ class Cases $rsCriteria = \AppDelegationPeer::doSelectRS($criteria); if (!$rsCriteria->next()) { - throw (new \Exception(\G::LoadTranslation("ID_CASE_USER_INVALID_CANCEL_CASE", array($usr_uid)))); + throw (new Exception(\G::LoadTranslation("ID_CASE_USER_INVALID_CANCEL_CASE", array($usr_uid)))); } $case->cancelCase( $app_uid, $del_index, $usr_uid ); @@ -867,7 +871,7 @@ class Cases Validator::usrUid($usr_uid, '$usr_uid'); if ($del_index === false) { - $del_index = \AppDelegation::getCurrentIndex($app_uid); + $del_index = AppDelegation::getCurrentIndex($app_uid); } Validator::isInteger($del_index, '$del_index'); @@ -875,13 +879,13 @@ class Cases $case = new \Cases(); $fields = $case->loadCase($app_uid); if ($fields['APP_STATUS'] == 'CANCELLED') { - throw (new \Exception(\G::LoadTranslation("ID_CASE_IS_CANCELED", array($app_uid)))); + throw (new Exception(\G::LoadTranslation("ID_CASE_IS_CANCELED", array($app_uid)))); } $oDelay = new \AppDelay(); if ($oDelay->isPaused($app_uid, $del_index)) { - throw (new \Exception(\G::LoadTranslation("ID_CASE_PAUSED", array($app_uid)))); + throw (new Exception(\G::LoadTranslation("ID_CASE_PAUSED", array($app_uid)))); } $appCacheView = new \AppCacheView(); @@ -903,7 +907,7 @@ class Cases $rsCriteria = \AppDelegationPeer::doSelectRS($criteria); if (!$rsCriteria->next()) { - throw (new \Exception(\G::LoadTranslation("ID_CASE_USER_INVALID_PAUSED_CASE", array($usr_uid)))); + throw (new Exception(\G::LoadTranslation("ID_CASE_USER_INVALID_PAUSED_CASE", array($usr_uid)))); } if ($unpaused_date != null) { @@ -933,14 +937,14 @@ class Cases Validator::usrUid($usr_uid, '$usr_uid'); if ($del_index === false) { - $del_index = \AppDelegation::getCurrentIndex($app_uid); + $del_index = AppDelegation::getCurrentIndex($app_uid); } Validator::isInteger($del_index, '$del_index'); $oDelay = new \AppDelay(); if (!$oDelay->isPaused($app_uid, $del_index)) { - throw (new \Exception(\G::LoadTranslation("ID_CASE_NOT_PAUSED", array($app_uid)))); + throw (new Exception(\G::LoadTranslation("ID_CASE_NOT_PAUSED", array($app_uid)))); } $appCacheView = new \AppCacheView(); @@ -959,7 +963,7 @@ class Cases $rsCriteria = \AppDelegationPeer::doSelectRS($criteria); if (!$rsCriteria->next()) { - throw (new \Exception(\G::LoadTranslation("ID_CASE_USER_INVALID_UNPAUSE_CASE", array($usr_uid)))); + throw (new Exception(\G::LoadTranslation("ID_CASE_USER_INVALID_UNPAUSE_CASE", array($usr_uid)))); } $case = new \Cases(); @@ -970,39 +974,45 @@ class Cases * Put execute trigger case * * @access public - * @param string $app_uid , Uid for case - * @param string $usr_uid , Uid for user - * @param bool|string $del_index , Index for case + * @param string $appUid, Uid for case + * @param string $triUid, Uid for trigger + * @param string $userUid, Uid for user + * @param bool|string $delIndex, Index for case * - * @author Brayan Pereyra (Cochalo) - * @copyright Colosa - Bolivia + * @return array + * @throws Exception */ - public function putExecuteTriggerCase($app_uid, $tri_uid, $usr_uid, $del_index = false) + public function putExecuteTriggerCase($appUid, $triUid, $userUid, $delIndex = false) { - Validator::isString($app_uid, '$app_uid'); - Validator::isString($tri_uid, '$tri_uid'); - Validator::isString($usr_uid, '$usr_uid'); + Validator::isString($appUid, '$appUid'); + Validator::isString($triUid, '$triUid'); + Validator::isString($userUid, '$userUid'); - Validator::appUid($app_uid, '$app_uid'); - Validator::triUid($tri_uid, '$tri_uid'); - Validator::usrUid($usr_uid, '$usr_uid'); + Validator::appUid($appUid, '$appUid'); + Validator::triUid($triUid, '$triUid'); + Validator::usrUid($userUid, '$userUid'); - if ($del_index === false) { - $del_index = \AppDelegation::getCurrentIndex($app_uid); + if ($delIndex === false) { + //We need to find the last delIndex open related to the user $usr_uid + $delIndex = (integer)$this->getLastParticipatedByUser($appUid, $userUid, 'OPEN'); + //If the is assigned another user the function will be return 0 + if ($delIndex === 0) { + throw new Exception(G::loadTranslation('ID_CASE_ASSIGNED_ANOTHER_USER')); + } } - Validator::isInteger($del_index, '$del_index'); + Validator::isInteger($delIndex, '$del_index'); global $RBAC; if (!method_exists($RBAC, 'initRBAC')) { - $RBAC = \RBAC::getSingleton( PATH_DATA, session_id() ); + $RBAC = RBAC::getSingleton( PATH_DATA, session_id() ); $RBAC->sSystem = 'PROCESSMAKER'; } - $case = new \wsBase(); - $result = $case->executeTrigger($usr_uid, $app_uid, $tri_uid, $del_index); + $case = new wsBase(); + $result = $case->executeTrigger($userUid, $appUid, $triUid, $delIndex); if ($result->status_code != 0) { - throw new \Exception($result->message); + throw new Exception($result->message); } } @@ -1031,11 +1041,11 @@ class Cases $dataset->next(); $aRow = $dataset->getRow(); if ($aRow['APP_STATUS'] != 'DRAFT') { - throw (new \Exception(\G::LoadTranslation("ID_DELETE_CASE_NO_STATUS"))); + throw (new Exception(\G::LoadTranslation("ID_DELETE_CASE_NO_STATUS"))); } if ($aRow['APP_INIT_USER'] != $usr_uid) { - throw (new \Exception(\G::LoadTranslation("ID_DELETE_CASE_NO_OWNER"))); + throw (new Exception(\G::LoadTranslation("ID_DELETE_CASE_NO_OWNER"))); } $case = new \Cases(); @@ -1056,26 +1066,26 @@ class Cases { try { if (!$delIndex) { - $delIndex = \AppDelegation::getCurrentIndex($applicationUid); + $delIndex = AppDelegation::getCurrentIndex($applicationUid); //Check if the next task is a subprocess SYNCHRONOUS with a thread Open $subAppData = new \SubApplication(); $caseSubprocessPending = $subAppData->isSubProcessWithCasePending($applicationUid, $delIndex); if ($caseSubprocessPending) { - throw (new \Exception(\G::LoadTranslation("ID_CASE_ALREADY_DERIVATED"))); + throw (new Exception(\G::LoadTranslation("ID_CASE_ALREADY_DERIVATED"))); } } - $ws = new \wsBase(); + $ws = new wsBase(); $fields = $ws->derivateCase($userUid, $applicationUid, $delIndex, $bExecuteTriggersBeforeAssignment = false); $array = json_decode(json_encode($fields), true); if ($array ["status_code"] != 0) { - throw (new \Exception($array ["message"])); + throw (new Exception($array ["message"])); } else { unset($array['status_code']); unset($array['message']); unset($array['timestamp']); } - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -1392,7 +1402,7 @@ class Cases $conf = new \Configurations(); $confEnvSetting = $conf->getFormats(); - + $cases = new \cases(); $listing = false; @@ -1546,7 +1556,7 @@ class Cases try { $aAux1 = $oUser->load($aAux['USR_UID']); $sUser = $conf->usersNameFormatBySetParameters($confEnvSetting["format"], $aAux1["USR_USERNAME"], $aAux1["USR_FIRSTNAME"], $aAux1["USR_LASTNAME"]); - } catch (\Exception $oException) { + } catch (Exception $oException) { $sUser = '(USER DELETED)'; } //if both documents were generated, we choose the pdf one, only if doc was @@ -1657,7 +1667,7 @@ class Cases //Return return $caseVariable; - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -1756,11 +1766,11 @@ class Cases $arrayResult = $this->getStatusInfo($app_uid); if ($arrayResult["APP_STATUS"] == "CANCELLED") { - throw new \Exception(\G::LoadTranslation("ID_CASE_CANCELLED", array($app_uid))); + throw new Exception(\G::LoadTranslation("ID_CASE_CANCELLED", array($app_uid))); } if ($arrayResult["APP_STATUS"] == "COMPLETED") { - throw new \Exception(\G::LoadTranslation("ID_CASE_IS_COMPLETED", array($app_uid))); + throw new Exception(\G::LoadTranslation("ID_CASE_IS_COMPLETED", array($app_uid))); } $appCacheView = new \AppCacheView(); @@ -1776,7 +1786,7 @@ class Cases $rsCriteria = \AppDelegationPeer::doSelectRS($criteria); if (!$rsCriteria->next()) { - throw (new \Exception(\G::LoadTranslation("ID_NO_PERMISSION_NO_PARTICIPATED", array($usr_uid)))); + throw (new Exception(\G::LoadTranslation("ID_NO_PERMISSION_NO_PARTICIPATED", array($usr_uid)))); } $_SESSION['APPLICATION'] = $app_uid; @@ -1857,11 +1867,11 @@ class Cases $case = new \Cases(); $caseLoad = $case->loadCase($app_uid); $pro_uid = $caseLoad['PRO_UID']; - $tas_uid = \AppDelegation::getCurrentTask($app_uid); + $tas_uid = AppDelegation::getCurrentTask($app_uid); $respView = $case->getAllObjectsFrom( $pro_uid, $app_uid, $tas_uid, $usr_uid, 'VIEW' ); $respBlock = $case->getAllObjectsFrom( $pro_uid, $app_uid, $tas_uid, $usr_uid, 'BLOCK' ); if ($respView['CASES_NOTES'] == 0 && $respBlock['CASES_NOTES'] == 0) { - throw (new \Exception(\G::LoadTranslation("ID_CASES_NOTES_NO_PERMISSIONS"))); + throw (new Exception(\G::LoadTranslation("ID_CASES_NOTES_NO_PERMISSIONS"))); } if ($sort != 'APP_NOTE.NOTE_DATE') { @@ -1945,7 +1955,7 @@ class Cases Validator::isString($note_content, '$note_content'); if (strlen($note_content) > 500) { - throw (new \Exception(\G::LoadTranslation("ID_INVALID_MAX_PERMITTED", array($note_content,'500')))); + throw (new Exception(\G::LoadTranslation("ID_INVALID_MAX_PERMITTED", array($note_content,'500')))); } Validator::isBoolean($send_mail, '$send_mail'); @@ -1953,11 +1963,11 @@ class Cases $case = new \Cases(); $caseLoad = $case->loadCase($app_uid); $pro_uid = $caseLoad['PRO_UID']; - $tas_uid = \AppDelegation::getCurrentTask($app_uid); + $tas_uid = AppDelegation::getCurrentTask($app_uid); $respView = $case->getAllObjectsFrom( $pro_uid, $app_uid, $tas_uid, $usr_uid, 'VIEW' ); $respBlock = $case->getAllObjectsFrom( $pro_uid, $app_uid, $tas_uid, $usr_uid, 'BLOCK' ); if ($respView['CASES_NOTES'] == 0 && $respBlock['CASES_NOTES'] == 0) { - throw (new \Exception(\G::LoadTranslation("ID_CASES_NOTES_NO_PERMISSIONS"))); + throw (new Exception(\G::LoadTranslation("ID_CASES_NOTES_NO_PERMISSIONS"))); } $note_content = addslashes($note_content); @@ -1988,7 +1998,7 @@ class Cases $this->getFieldNameByFormatFieldName("USR_FIRSTNAME") => $record["USR_FIRSTNAME"] . "", $this->getFieldNameByFormatFieldName("USR_LASTNAME") => $record["USR_LASTNAME"] . "" ); - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -2256,7 +2266,7 @@ class Cases //Return return $arrayTask; - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -2334,7 +2344,7 @@ class Cases //Return return $arrayData; - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -2521,7 +2531,7 @@ class Cases //Return return array(); - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -2543,7 +2553,7 @@ class Cases $response = $case->getProcessListStartCase($usrUid, $typeView); return $response; - } catch (\Exception $e) { + } catch (Exception $e) { throw (new RestException(Api::STAT_APP_EXCEPTION, $e->getMessage())); } } @@ -2625,7 +2635,7 @@ class Cases } return $processList; - } catch (\Exception $e) { + } catch (Exception $e) { throw (new RestException(Api::STAT_APP_EXCEPTION, $e->getMessage())); } } @@ -2808,7 +2818,7 @@ class Cases $filterName => (!is_null($arrayFilterData) && is_array($arrayFilterData) && isset($arrayFilterData['filter']))? $arrayFilterData['filter'] : '', 'data' => $arrayUser ]; - } catch (\Exception $e) { + } catch (Exception $e) { throw $e; } } @@ -3167,7 +3177,7 @@ class Cases } } - //Delete simple files. + //Delete simple files. //The observations suggested by 'pull request' approver are applied (please see pull request). foreach ($arrayVariableDocumentToDelete as $key => $value) { if (isset($value['appDocUid'])) { @@ -3181,7 +3191,7 @@ class Cases } } $arrayApplicationData['APP_DATA'][$key] = G::json_encode($files); - } catch (\Exception $e) { + } catch (Exception $e) { Bootstrap::registerMonolog('DeleteFile', 400, $e->getMessage(), $value, SYS_SYS, 'processmaker.log'); } } @@ -3245,7 +3255,7 @@ class Cases * @param array $appData * @param array $dataVariable * @return array - * @throws \Exception + * @throws Exception */ public static function getGlobalVariables($appData = array(), $dataVariable = array()) { From 89071b9e944929db6b183cc0aa63de1901f2e742 Mon Sep 17 00:00:00 2001 From: hjonathan Date: Thu, 10 Aug 2017 13:16:04 -0400 Subject: [PATCH 24/52] remove class.pmFunctions from composer.json --- composer.json | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/composer.json b/composer.json index 36a15fb5c..39e14d053 100644 --- a/composer.json +++ b/composer.json @@ -76,8 +76,7 @@ "gulliver/includes/smarty_plugins/function.pmos.php", "thirdparty/pear/PEAR.php", "thirdparty/HTMLPurifier/HTMLPurifier.auto.php", - "workflow/engine/classes/class.pmFunctions.php", - "workflow/engine/classes/class.pmScript.php" + "workflow/engine/classes/class.pmFunctions.php" ] } } From 3bc88eaf090c476d073bff212d5671f2e9078a09 Mon Sep 17 00:00:00 2001 From: Dante Date: Mon, 12 Jun 2017 16:11:19 -0400 Subject: [PATCH 25/52] HOR-3095 --- workflow/engine/classes/Calendar.php | 6 ------ 1 file changed, 6 deletions(-) diff --git a/workflow/engine/classes/Calendar.php b/workflow/engine/classes/Calendar.php index fe49aca98..43e35035b 100644 --- a/workflow/engine/classes/Calendar.php +++ b/workflow/engine/classes/Calendar.php @@ -799,10 +799,6 @@ class Calendar extends CalendarDefinition return $return; } - - - - /**************SLA classes***************/ public function dashCalculateDate ($iniDate, $duration, $formatDuration, $calendarData = array()) { @@ -841,8 +837,6 @@ class Calendar extends CalendarDefinition if ((is_null($finDate)) || ($finDate == '')) { $finDate = date('Y-m-d H:i:s'); } - - if ((strtotime($finDate)) <= (strtotime($iniDate))) { return 0.00; } From 76bf7f3c423e45ba1907844328a0d32d439e7103 Mon Sep 17 00:00:00 2001 From: "Marco A. Nina Mena" Date: Sun, 6 Aug 2017 20:19:26 -0400 Subject: [PATCH 26/52] HOR-3548 Users can log in with just a password hash without knowing the clear text password - Check if the password contains password hashes. --- workflow/engine/methods/login/authentication.php | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/workflow/engine/methods/login/authentication.php b/workflow/engine/methods/login/authentication.php index ed7e32196..7152e29db 100644 --- a/workflow/engine/methods/login/authentication.php +++ b/workflow/engine/methods/login/authentication.php @@ -41,6 +41,18 @@ try { die(); } + //Check if the password contains the password hashes + if (!empty($_POST['form']['USR_PASSWORD']) && strlen($_POST['form']['USR_PASSWORD']) > 32) { + $pass = trim($_POST['form']['USR_PASSWORD']); + foreach (Bootstrap::getPasswordHashConfig() as $key => $hash) { + $search = substr($pass, 0, strlen($hash) + 1); + if ($search == $hash . ':') { + $pass = substr($pass, strlen($hash) + 1); + } + } + $_POST['form']['USR_PASSWORD'] = $pass; + } + $frm = $_POST['form']; if (isset($frm['USR_USERNAME'])) { From bcba29d7a6a27695b31086e96fbf213542022407 Mon Sep 17 00:00:00 2001 From: "Marco A. Nina Mena" Date: Sun, 6 Aug 2017 20:33:53 -0400 Subject: [PATCH 27/52] Delete changes of file. --- workflow/engine/classes/Calendar.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/workflow/engine/classes/Calendar.php b/workflow/engine/classes/Calendar.php index 43e35035b..2f788a442 100644 --- a/workflow/engine/classes/Calendar.php +++ b/workflow/engine/classes/Calendar.php @@ -799,6 +799,10 @@ class Calendar extends CalendarDefinition return $return; } + + + + /**************SLA classes***************/ public function dashCalculateDate ($iniDate, $duration, $formatDuration, $calendarData = array()) { @@ -824,7 +828,7 @@ class Calendar extends CalendarDefinition $newDate = $onlyDate; $hoursDuration -= (float)($secondRes/3600); } else { - $newDate = date('Y-m-d H:i:s', strtotime('+' . round((((float)$hoursDuration)*3600), 5) . ' seconds', strtotime($newDate))); + $newDate = date('Y-m-d H:i:s', strtotime('+' . (((float)$hoursDuration)*3600) . ' seconds', strtotime($newDate))); $hoursDuration = 0; } } @@ -837,6 +841,8 @@ class Calendar extends CalendarDefinition if ((is_null($finDate)) || ($finDate == '')) { $finDate = date('Y-m-d H:i:s'); } + + if ((strtotime($finDate)) <= (strtotime($iniDate))) { return 0.00; } From 5a476ab9a317cd7044ac2e09c4ed93fb35f3573e Mon Sep 17 00:00:00 2001 From: "Marco A. Nina Mena" Date: Wed, 9 Aug 2017 10:39:26 -0400 Subject: [PATCH 28/52] Delete code for compatibility with old forms of authentication. --- gulliver/system/class.bootstrap.php | 4 ++-- workflow/engine/methods/login/authentication.php | 12 ------------ 2 files changed, 2 insertions(+), 14 deletions(-) diff --git a/gulliver/system/class.bootstrap.php b/gulliver/system/class.bootstrap.php index b70b2bcef..b5b47209d 100644 --- a/gulliver/system/class.bootstrap.php +++ b/gulliver/system/class.bootstrap.php @@ -2582,10 +2582,10 @@ class Bootstrap $passwordHashConfig = Bootstrap::getPasswordHashConfig(); $hashTypeCurrent = $passwordHashConfig['current']; $hashTypePrevious = $passwordHashConfig['previous']; - if ((Bootstrap::hashPassword($pass, $hashTypeCurrent) == $userPass) || ($pass === $hashTypeCurrent . ':' . $userPass)) { + if (Bootstrap::hashPassword($pass, $hashTypeCurrent) == $userPass) { return true; } - if ((Bootstrap::hashPassword($pass, $hashTypePrevious) == $userPass) || ($pass === $hashTypePrevious . ':' . $userPass)) { + if (Bootstrap::hashPassword($pass, $hashTypePrevious) == $userPass) { return true; } return false; diff --git a/workflow/engine/methods/login/authentication.php b/workflow/engine/methods/login/authentication.php index 7152e29db..ed7e32196 100644 --- a/workflow/engine/methods/login/authentication.php +++ b/workflow/engine/methods/login/authentication.php @@ -41,18 +41,6 @@ try { die(); } - //Check if the password contains the password hashes - if (!empty($_POST['form']['USR_PASSWORD']) && strlen($_POST['form']['USR_PASSWORD']) > 32) { - $pass = trim($_POST['form']['USR_PASSWORD']); - foreach (Bootstrap::getPasswordHashConfig() as $key => $hash) { - $search = substr($pass, 0, strlen($hash) + 1); - if ($search == $hash . ':') { - $pass = substr($pass, strlen($hash) + 1); - } - } - $_POST['form']['USR_PASSWORD'] = $pass; - } - $frm = $_POST['form']; if (isset($frm['USR_USERNAME'])) { From f2aa6229db7925c04b9c6eaa2b13259227d6a196 Mon Sep 17 00:00:00 2001 From: hjonathan Date: Thu, 10 Aug 2017 13:55:21 -0400 Subject: [PATCH 29/52] It was added use in the header --- .../src/ProcessMaker/BusinessModel/DataBaseConnection.php | 6 +++--- workflow/engine/src/ProcessMaker/BusinessModel/DynaForm.php | 1 + 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/DataBaseConnection.php b/workflow/engine/src/ProcessMaker/BusinessModel/DataBaseConnection.php index 6db0b6c37..12dfb0afd 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/DataBaseConnection.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/DataBaseConnection.php @@ -1,9 +1,9 @@ Date: Thu, 10 Aug 2017 14:23:15 -0400 Subject: [PATCH 30/52] add uses --- workflow/engine/src/ProcessMaker/BusinessModel/Process.php | 1 + workflow/engine/src/ProcessMaker/BusinessModel/Table.php | 7 ++++--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Process.php b/workflow/engine/src/ProcessMaker/BusinessModel/Process.php index c53fa6989..f8cb963e6 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Process.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Process.php @@ -3,6 +3,7 @@ namespace ProcessMaker\BusinessModel; use G; use Criteria; +use DynaformHandler; class Process { diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Table.php b/workflow/engine/src/ProcessMaker/BusinessModel/Table.php index 4b0ebe3ec..5b40de2cf 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Table.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Table.php @@ -1,9 +1,10 @@ Date: Thu, 10 Aug 2017 14:30:37 -0400 Subject: [PATCH 31/52] Add functionality in rbac for enable or disable compatibility with soap login --- gulliver/system/class.bootstrap.php | 31 +++++++++++++++++---- gulliver/system/class.rbac.php | 32 ++++++++++++++++++++++ workflow/engine/bin/cron.php | 1 + workflow/engine/bin/cron_single.php | 1 + workflow/engine/classes/class.wsBase.php | 11 ++++---- workflow/engine/methods/services/soap2.php | 1 + 6 files changed, 66 insertions(+), 11 deletions(-) diff --git a/gulliver/system/class.bootstrap.php b/gulliver/system/class.bootstrap.php index b5b47209d..ed98a7616 100644 --- a/gulliver/system/class.bootstrap.php +++ b/gulliver/system/class.bootstrap.php @@ -2577,18 +2577,37 @@ class Bootstrap return $var; } + /** + * Verify Hash password with password entered + * + * @param string $pass password + * @param string $userPass hash of password + * @return bool true or false + */ public function verifyHashPassword ($pass, $userPass) { + global $RBAC; $passwordHashConfig = Bootstrap::getPasswordHashConfig(); $hashTypeCurrent = $passwordHashConfig['current']; $hashTypePrevious = $passwordHashConfig['previous']; - if (Bootstrap::hashPassword($pass, $hashTypeCurrent) == $userPass) { - return true; + $acceptance = false; + + if ($RBAC->getStatusLoginHash()) { + //To enable compatibility with soap login + if ($pass === $hashTypeCurrent . ':' . $userPass) { + $acceptance = true; + } else if ($pass === $hashTypePrevious . ':' . $userPass) { + $acceptance = true; + } + } else { + if (Bootstrap::hashPassword($pass, $hashTypeCurrent) == $userPass) { + $acceptance = true; + } else if (Bootstrap::hashPassword($pass, $hashTypePrevious) == $userPass) { + $acceptance = true; + } } - if (Bootstrap::hashPassword($pass, $hashTypePrevious) == $userPass) { - return true; - } - return false; + + return $acceptance; } /** diff --git a/gulliver/system/class.rbac.php b/gulliver/system/class.rbac.php index 253ff34b8..66388a0d6 100644 --- a/gulliver/system/class.rbac.php +++ b/gulliver/system/class.rbac.php @@ -75,6 +75,12 @@ class RBAC private static $instance = null; public $authorizedActions = array(); + /** + * To enable compatibility with soap login. + * @var bool + */ + private $enableLoginHash = false; + public function __construct () { $this->authorizedActions = array( @@ -1572,5 +1578,31 @@ class RBAC throw new RBACException('ID_ACCESS_DENIED', 403); } } + + /** + * Enable compatibility with soap login + */ + public function enableLoginSoapWithHash() + { + $this->enableLoginHash = true; + } + + /** + * Disable compatibility with soap login + */ + public function disableLoginSoapWithHash () + { + $this->enableLoginHash = false; + } + + /** + * Return status login with soap + * + * @return bool + */ + public function getStatusLoginHash () + { + return $this->enableLoginHash; + } } diff --git a/workflow/engine/bin/cron.php b/workflow/engine/bin/cron.php index 8db5a180c..34ca20fc8 100644 --- a/workflow/engine/bin/cron.php +++ b/workflow/engine/bin/cron.php @@ -1,4 +1,5 @@ enableLoginSoapWithHash(); $uid = $RBAC->VerifyLogin( $userid, $password ); switch ($uid) { @@ -113,14 +115,13 @@ class wsBase $session->Save(); //save the session in DataBase - - - return $wsResponse; } catch (Exception $e) { $wsResponse = unserialize( $e->getMessage() ); - - return $wsResponse; } + + //To enable compatibility with soap login, method disable. + $RBAC->disableLoginSoapWithHash(); + return $wsResponse; } /** diff --git a/workflow/engine/methods/services/soap2.php b/workflow/engine/methods/services/soap2.php index 758c21e2a..75a61177a 100644 --- a/workflow/engine/methods/services/soap2.php +++ b/workflow/engine/methods/services/soap2.php @@ -1,6 +1,7 @@ Date: Mon, 12 Jun 2017 16:11:19 -0400 Subject: [PATCH 32/52] HOR-3095 --- workflow/engine/classes/Calendar.php | 6 ------ 1 file changed, 6 deletions(-) diff --git a/workflow/engine/classes/Calendar.php b/workflow/engine/classes/Calendar.php index fe49aca98..43e35035b 100644 --- a/workflow/engine/classes/Calendar.php +++ b/workflow/engine/classes/Calendar.php @@ -799,10 +799,6 @@ class Calendar extends CalendarDefinition return $return; } - - - - /**************SLA classes***************/ public function dashCalculateDate ($iniDate, $duration, $formatDuration, $calendarData = array()) { @@ -841,8 +837,6 @@ class Calendar extends CalendarDefinition if ((is_null($finDate)) || ($finDate == '')) { $finDate = date('Y-m-d H:i:s'); } - - if ((strtotime($finDate)) <= (strtotime($iniDate))) { return 0.00; } From 372eb706437db9ecc72f7fed9237ca2db21c4cb0 Mon Sep 17 00:00:00 2001 From: "Marco A. Nina Mena" Date: Sun, 6 Aug 2017 20:19:26 -0400 Subject: [PATCH 33/52] HOR-3548 Users can log in with just a password hash without knowing the clear text password - Check if the password contains password hashes. --- workflow/engine/methods/login/authentication.php | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/workflow/engine/methods/login/authentication.php b/workflow/engine/methods/login/authentication.php index ed7e32196..7152e29db 100644 --- a/workflow/engine/methods/login/authentication.php +++ b/workflow/engine/methods/login/authentication.php @@ -41,6 +41,18 @@ try { die(); } + //Check if the password contains the password hashes + if (!empty($_POST['form']['USR_PASSWORD']) && strlen($_POST['form']['USR_PASSWORD']) > 32) { + $pass = trim($_POST['form']['USR_PASSWORD']); + foreach (Bootstrap::getPasswordHashConfig() as $key => $hash) { + $search = substr($pass, 0, strlen($hash) + 1); + if ($search == $hash . ':') { + $pass = substr($pass, strlen($hash) + 1); + } + } + $_POST['form']['USR_PASSWORD'] = $pass; + } + $frm = $_POST['form']; if (isset($frm['USR_USERNAME'])) { From a523383252aac8616ec3c0f4dd4b0fc2fbaf51c7 Mon Sep 17 00:00:00 2001 From: "Marco A. Nina Mena" Date: Sun, 6 Aug 2017 20:33:53 -0400 Subject: [PATCH 34/52] Delete changes of file. --- workflow/engine/classes/Calendar.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/workflow/engine/classes/Calendar.php b/workflow/engine/classes/Calendar.php index 43e35035b..2f788a442 100644 --- a/workflow/engine/classes/Calendar.php +++ b/workflow/engine/classes/Calendar.php @@ -799,6 +799,10 @@ class Calendar extends CalendarDefinition return $return; } + + + + /**************SLA classes***************/ public function dashCalculateDate ($iniDate, $duration, $formatDuration, $calendarData = array()) { @@ -824,7 +828,7 @@ class Calendar extends CalendarDefinition $newDate = $onlyDate; $hoursDuration -= (float)($secondRes/3600); } else { - $newDate = date('Y-m-d H:i:s', strtotime('+' . round((((float)$hoursDuration)*3600), 5) . ' seconds', strtotime($newDate))); + $newDate = date('Y-m-d H:i:s', strtotime('+' . (((float)$hoursDuration)*3600) . ' seconds', strtotime($newDate))); $hoursDuration = 0; } } @@ -837,6 +841,8 @@ class Calendar extends CalendarDefinition if ((is_null($finDate)) || ($finDate == '')) { $finDate = date('Y-m-d H:i:s'); } + + if ((strtotime($finDate)) <= (strtotime($iniDate))) { return 0.00; } From e3002e8de1d33c076cfbca12a3b548d9fb305fed Mon Sep 17 00:00:00 2001 From: "Marco A. Nina Mena" Date: Wed, 9 Aug 2017 10:39:26 -0400 Subject: [PATCH 35/52] Delete code for compatibility with old forms of authentication. --- gulliver/system/class.bootstrap.php | 4 ++-- workflow/engine/methods/login/authentication.php | 12 ------------ 2 files changed, 2 insertions(+), 14 deletions(-) diff --git a/gulliver/system/class.bootstrap.php b/gulliver/system/class.bootstrap.php index b70b2bcef..b5b47209d 100644 --- a/gulliver/system/class.bootstrap.php +++ b/gulliver/system/class.bootstrap.php @@ -2582,10 +2582,10 @@ class Bootstrap $passwordHashConfig = Bootstrap::getPasswordHashConfig(); $hashTypeCurrent = $passwordHashConfig['current']; $hashTypePrevious = $passwordHashConfig['previous']; - if ((Bootstrap::hashPassword($pass, $hashTypeCurrent) == $userPass) || ($pass === $hashTypeCurrent . ':' . $userPass)) { + if (Bootstrap::hashPassword($pass, $hashTypeCurrent) == $userPass) { return true; } - if ((Bootstrap::hashPassword($pass, $hashTypePrevious) == $userPass) || ($pass === $hashTypePrevious . ':' . $userPass)) { + if (Bootstrap::hashPassword($pass, $hashTypePrevious) == $userPass) { return true; } return false; diff --git a/workflow/engine/methods/login/authentication.php b/workflow/engine/methods/login/authentication.php index 7152e29db..ed7e32196 100644 --- a/workflow/engine/methods/login/authentication.php +++ b/workflow/engine/methods/login/authentication.php @@ -41,18 +41,6 @@ try { die(); } - //Check if the password contains the password hashes - if (!empty($_POST['form']['USR_PASSWORD']) && strlen($_POST['form']['USR_PASSWORD']) > 32) { - $pass = trim($_POST['form']['USR_PASSWORD']); - foreach (Bootstrap::getPasswordHashConfig() as $key => $hash) { - $search = substr($pass, 0, strlen($hash) + 1); - if ($search == $hash . ':') { - $pass = substr($pass, strlen($hash) + 1); - } - } - $_POST['form']['USR_PASSWORD'] = $pass; - } - $frm = $_POST['form']; if (isset($frm['USR_USERNAME'])) { From fee5d3640d4bc8afd35cc8e3171f20460444520e Mon Sep 17 00:00:00 2001 From: Dante Date: Mon, 12 Jun 2017 16:11:19 -0400 Subject: [PATCH 36/52] HOR-3095 --- workflow/engine/classes/Calendar.php | 6 ------ 1 file changed, 6 deletions(-) diff --git a/workflow/engine/classes/Calendar.php b/workflow/engine/classes/Calendar.php index 2f788a442..53c56a4d2 100644 --- a/workflow/engine/classes/Calendar.php +++ b/workflow/engine/classes/Calendar.php @@ -799,10 +799,6 @@ class Calendar extends CalendarDefinition return $return; } - - - - /**************SLA classes***************/ public function dashCalculateDate ($iniDate, $duration, $formatDuration, $calendarData = array()) { @@ -841,8 +837,6 @@ class Calendar extends CalendarDefinition if ((is_null($finDate)) || ($finDate == '')) { $finDate = date('Y-m-d H:i:s'); } - - if ((strtotime($finDate)) <= (strtotime($iniDate))) { return 0.00; } From f9b59c5f429e6c0f08c6364192337a8d0736f879 Mon Sep 17 00:00:00 2001 From: "Marco A. Nina Mena" Date: Sun, 6 Aug 2017 20:19:26 -0400 Subject: [PATCH 37/52] HOR-3548 Users can log in with just a password hash without knowing the clear text password - Check if the password contains password hashes. --- workflow/engine/methods/login/authentication.php | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/workflow/engine/methods/login/authentication.php b/workflow/engine/methods/login/authentication.php index ed7e32196..7152e29db 100644 --- a/workflow/engine/methods/login/authentication.php +++ b/workflow/engine/methods/login/authentication.php @@ -41,6 +41,18 @@ try { die(); } + //Check if the password contains the password hashes + if (!empty($_POST['form']['USR_PASSWORD']) && strlen($_POST['form']['USR_PASSWORD']) > 32) { + $pass = trim($_POST['form']['USR_PASSWORD']); + foreach (Bootstrap::getPasswordHashConfig() as $key => $hash) { + $search = substr($pass, 0, strlen($hash) + 1); + if ($search == $hash . ':') { + $pass = substr($pass, strlen($hash) + 1); + } + } + $_POST['form']['USR_PASSWORD'] = $pass; + } + $frm = $_POST['form']; if (isset($frm['USR_USERNAME'])) { From 69934f48c1cba81da4dbb3ce6ab0359eda4a0a13 Mon Sep 17 00:00:00 2001 From: "Marco A. Nina Mena" Date: Sun, 6 Aug 2017 20:33:53 -0400 Subject: [PATCH 38/52] Delete changes of file. --- workflow/engine/classes/Calendar.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/workflow/engine/classes/Calendar.php b/workflow/engine/classes/Calendar.php index 53c56a4d2..2f788a442 100644 --- a/workflow/engine/classes/Calendar.php +++ b/workflow/engine/classes/Calendar.php @@ -799,6 +799,10 @@ class Calendar extends CalendarDefinition return $return; } + + + + /**************SLA classes***************/ public function dashCalculateDate ($iniDate, $duration, $formatDuration, $calendarData = array()) { @@ -837,6 +841,8 @@ class Calendar extends CalendarDefinition if ((is_null($finDate)) || ($finDate == '')) { $finDate = date('Y-m-d H:i:s'); } + + if ((strtotime($finDate)) <= (strtotime($iniDate))) { return 0.00; } From 2cce81048b51aa357fb4298a7b879c2be6e95a80 Mon Sep 17 00:00:00 2001 From: "Marco A. Nina Mena" Date: Wed, 9 Aug 2017 10:39:26 -0400 Subject: [PATCH 39/52] Delete code for compatibility with old forms of authentication. --- workflow/engine/methods/login/authentication.php | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/workflow/engine/methods/login/authentication.php b/workflow/engine/methods/login/authentication.php index 7152e29db..ed7e32196 100644 --- a/workflow/engine/methods/login/authentication.php +++ b/workflow/engine/methods/login/authentication.php @@ -41,18 +41,6 @@ try { die(); } - //Check if the password contains the password hashes - if (!empty($_POST['form']['USR_PASSWORD']) && strlen($_POST['form']['USR_PASSWORD']) > 32) { - $pass = trim($_POST['form']['USR_PASSWORD']); - foreach (Bootstrap::getPasswordHashConfig() as $key => $hash) { - $search = substr($pass, 0, strlen($hash) + 1); - if ($search == $hash . ':') { - $pass = substr($pass, strlen($hash) + 1); - } - } - $_POST['form']['USR_PASSWORD'] = $pass; - } - $frm = $_POST['form']; if (isset($frm['USR_USERNAME'])) { From 4683f5b59d37c0660cfd73c953f629ec5811988f Mon Sep 17 00:00:00 2001 From: "Marco A. Nina Mena" Date: Thu, 10 Aug 2017 14:30:37 -0400 Subject: [PATCH 40/52] Add functionality in rbac for enable or disable compatibility with soap login --- gulliver/system/class.bootstrap.php | 31 +++++++++++++++++---- gulliver/system/class.rbac.php | 32 ++++++++++++++++++++++ workflow/engine/bin/cron.php | 1 + workflow/engine/bin/cron_single.php | 1 + workflow/engine/classes/class.wsBase.php | 11 ++++---- workflow/engine/methods/services/soap2.php | 1 + 6 files changed, 66 insertions(+), 11 deletions(-) diff --git a/gulliver/system/class.bootstrap.php b/gulliver/system/class.bootstrap.php index b5b47209d..ed98a7616 100644 --- a/gulliver/system/class.bootstrap.php +++ b/gulliver/system/class.bootstrap.php @@ -2577,18 +2577,37 @@ class Bootstrap return $var; } + /** + * Verify Hash password with password entered + * + * @param string $pass password + * @param string $userPass hash of password + * @return bool true or false + */ public function verifyHashPassword ($pass, $userPass) { + global $RBAC; $passwordHashConfig = Bootstrap::getPasswordHashConfig(); $hashTypeCurrent = $passwordHashConfig['current']; $hashTypePrevious = $passwordHashConfig['previous']; - if (Bootstrap::hashPassword($pass, $hashTypeCurrent) == $userPass) { - return true; + $acceptance = false; + + if ($RBAC->getStatusLoginHash()) { + //To enable compatibility with soap login + if ($pass === $hashTypeCurrent . ':' . $userPass) { + $acceptance = true; + } else if ($pass === $hashTypePrevious . ':' . $userPass) { + $acceptance = true; + } + } else { + if (Bootstrap::hashPassword($pass, $hashTypeCurrent) == $userPass) { + $acceptance = true; + } else if (Bootstrap::hashPassword($pass, $hashTypePrevious) == $userPass) { + $acceptance = true; + } } - if (Bootstrap::hashPassword($pass, $hashTypePrevious) == $userPass) { - return true; - } - return false; + + return $acceptance; } /** diff --git a/gulliver/system/class.rbac.php b/gulliver/system/class.rbac.php index 253ff34b8..66388a0d6 100644 --- a/gulliver/system/class.rbac.php +++ b/gulliver/system/class.rbac.php @@ -75,6 +75,12 @@ class RBAC private static $instance = null; public $authorizedActions = array(); + /** + * To enable compatibility with soap login. + * @var bool + */ + private $enableLoginHash = false; + public function __construct () { $this->authorizedActions = array( @@ -1572,5 +1578,31 @@ class RBAC throw new RBACException('ID_ACCESS_DENIED', 403); } } + + /** + * Enable compatibility with soap login + */ + public function enableLoginSoapWithHash() + { + $this->enableLoginHash = true; + } + + /** + * Disable compatibility with soap login + */ + public function disableLoginSoapWithHash () + { + $this->enableLoginHash = false; + } + + /** + * Return status login with soap + * + * @return bool + */ + public function getStatusLoginHash () + { + return $this->enableLoginHash; + } } diff --git a/workflow/engine/bin/cron.php b/workflow/engine/bin/cron.php index 8db5a180c..34ca20fc8 100644 --- a/workflow/engine/bin/cron.php +++ b/workflow/engine/bin/cron.php @@ -1,4 +1,5 @@ enableLoginSoapWithHash(); $uid = $RBAC->VerifyLogin( $userid, $password ); switch ($uid) { @@ -113,14 +115,13 @@ class wsBase $session->Save(); //save the session in DataBase - - - return $wsResponse; } catch (Exception $e) { $wsResponse = unserialize( $e->getMessage() ); - - return $wsResponse; } + + //To enable compatibility with soap login, method disable. + $RBAC->disableLoginSoapWithHash(); + return $wsResponse; } /** diff --git a/workflow/engine/methods/services/soap2.php b/workflow/engine/methods/services/soap2.php index 758c21e2a..75a61177a 100644 --- a/workflow/engine/methods/services/soap2.php +++ b/workflow/engine/methods/services/soap2.php @@ -1,6 +1,7 @@ Date: Mon, 12 Jun 2017 16:11:19 -0400 Subject: [PATCH 41/52] HOR-3095 --- workflow/engine/classes/Calendar.php | 6 ------ 1 file changed, 6 deletions(-) diff --git a/workflow/engine/classes/Calendar.php b/workflow/engine/classes/Calendar.php index 2f788a442..53c56a4d2 100644 --- a/workflow/engine/classes/Calendar.php +++ b/workflow/engine/classes/Calendar.php @@ -799,10 +799,6 @@ class Calendar extends CalendarDefinition return $return; } - - - - /**************SLA classes***************/ public function dashCalculateDate ($iniDate, $duration, $formatDuration, $calendarData = array()) { @@ -841,8 +837,6 @@ class Calendar extends CalendarDefinition if ((is_null($finDate)) || ($finDate == '')) { $finDate = date('Y-m-d H:i:s'); } - - if ((strtotime($finDate)) <= (strtotime($iniDate))) { return 0.00; } From a7aeb56c343050b6a845f5b57267b1dbe90a9494 Mon Sep 17 00:00:00 2001 From: "Marco A. Nina Mena" Date: Sun, 6 Aug 2017 20:19:26 -0400 Subject: [PATCH 42/52] HOR-3548 Users can log in with just a password hash without knowing the clear text password - Check if the password contains password hashes. --- workflow/engine/methods/login/authentication.php | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/workflow/engine/methods/login/authentication.php b/workflow/engine/methods/login/authentication.php index ed7e32196..7152e29db 100644 --- a/workflow/engine/methods/login/authentication.php +++ b/workflow/engine/methods/login/authentication.php @@ -41,6 +41,18 @@ try { die(); } + //Check if the password contains the password hashes + if (!empty($_POST['form']['USR_PASSWORD']) && strlen($_POST['form']['USR_PASSWORD']) > 32) { + $pass = trim($_POST['form']['USR_PASSWORD']); + foreach (Bootstrap::getPasswordHashConfig() as $key => $hash) { + $search = substr($pass, 0, strlen($hash) + 1); + if ($search == $hash . ':') { + $pass = substr($pass, strlen($hash) + 1); + } + } + $_POST['form']['USR_PASSWORD'] = $pass; + } + $frm = $_POST['form']; if (isset($frm['USR_USERNAME'])) { From 853a079bfdae78a3a9717d550e7945a97c8893d4 Mon Sep 17 00:00:00 2001 From: "Marco A. Nina Mena" Date: Sun, 6 Aug 2017 20:33:53 -0400 Subject: [PATCH 43/52] Delete changes of file. --- workflow/engine/classes/Calendar.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/workflow/engine/classes/Calendar.php b/workflow/engine/classes/Calendar.php index 53c56a4d2..2f788a442 100644 --- a/workflow/engine/classes/Calendar.php +++ b/workflow/engine/classes/Calendar.php @@ -799,6 +799,10 @@ class Calendar extends CalendarDefinition return $return; } + + + + /**************SLA classes***************/ public function dashCalculateDate ($iniDate, $duration, $formatDuration, $calendarData = array()) { @@ -837,6 +841,8 @@ class Calendar extends CalendarDefinition if ((is_null($finDate)) || ($finDate == '')) { $finDate = date('Y-m-d H:i:s'); } + + if ((strtotime($finDate)) <= (strtotime($iniDate))) { return 0.00; } From 722e638e893e2825e11b2c5f7693e28b4120f54a Mon Sep 17 00:00:00 2001 From: "Marco A. Nina Mena" Date: Wed, 9 Aug 2017 10:39:26 -0400 Subject: [PATCH 44/52] Delete code for compatibility with old forms of authentication. --- workflow/engine/classes/Calendar.php | 2 +- workflow/engine/methods/login/authentication.php | 12 ------------ 2 files changed, 1 insertion(+), 13 deletions(-) diff --git a/workflow/engine/classes/Calendar.php b/workflow/engine/classes/Calendar.php index 2f788a442..fe49aca98 100644 --- a/workflow/engine/classes/Calendar.php +++ b/workflow/engine/classes/Calendar.php @@ -828,7 +828,7 @@ class Calendar extends CalendarDefinition $newDate = $onlyDate; $hoursDuration -= (float)($secondRes/3600); } else { - $newDate = date('Y-m-d H:i:s', strtotime('+' . (((float)$hoursDuration)*3600) . ' seconds', strtotime($newDate))); + $newDate = date('Y-m-d H:i:s', strtotime('+' . round((((float)$hoursDuration)*3600), 5) . ' seconds', strtotime($newDate))); $hoursDuration = 0; } } diff --git a/workflow/engine/methods/login/authentication.php b/workflow/engine/methods/login/authentication.php index 7152e29db..ed7e32196 100644 --- a/workflow/engine/methods/login/authentication.php +++ b/workflow/engine/methods/login/authentication.php @@ -41,18 +41,6 @@ try { die(); } - //Check if the password contains the password hashes - if (!empty($_POST['form']['USR_PASSWORD']) && strlen($_POST['form']['USR_PASSWORD']) > 32) { - $pass = trim($_POST['form']['USR_PASSWORD']); - foreach (Bootstrap::getPasswordHashConfig() as $key => $hash) { - $search = substr($pass, 0, strlen($hash) + 1); - if ($search == $hash . ':') { - $pass = substr($pass, strlen($hash) + 1); - } - } - $_POST['form']['USR_PASSWORD'] = $pass; - } - $frm = $_POST['form']; if (isset($frm['USR_USERNAME'])) { From ad53b06ec3093246753b447d328a337e37001246 Mon Sep 17 00:00:00 2001 From: Dante Date: Mon, 12 Jun 2017 16:11:19 -0400 Subject: [PATCH 45/52] HOR-3095 --- workflow/engine/classes/Calendar.php | 6 ------ 1 file changed, 6 deletions(-) diff --git a/workflow/engine/classes/Calendar.php b/workflow/engine/classes/Calendar.php index fe49aca98..43e35035b 100644 --- a/workflow/engine/classes/Calendar.php +++ b/workflow/engine/classes/Calendar.php @@ -799,10 +799,6 @@ class Calendar extends CalendarDefinition return $return; } - - - - /**************SLA classes***************/ public function dashCalculateDate ($iniDate, $duration, $formatDuration, $calendarData = array()) { @@ -841,8 +837,6 @@ class Calendar extends CalendarDefinition if ((is_null($finDate)) || ($finDate == '')) { $finDate = date('Y-m-d H:i:s'); } - - if ((strtotime($finDate)) <= (strtotime($iniDate))) { return 0.00; } From d29f126d4630ad706c794dedfcafbe9d7f3f9077 Mon Sep 17 00:00:00 2001 From: "Marco A. Nina Mena" Date: Sun, 6 Aug 2017 20:19:26 -0400 Subject: [PATCH 46/52] HOR-3548 Users can log in with just a password hash without knowing the clear text password - Check if the password contains password hashes. --- workflow/engine/methods/login/authentication.php | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/workflow/engine/methods/login/authentication.php b/workflow/engine/methods/login/authentication.php index ed7e32196..7152e29db 100644 --- a/workflow/engine/methods/login/authentication.php +++ b/workflow/engine/methods/login/authentication.php @@ -41,6 +41,18 @@ try { die(); } + //Check if the password contains the password hashes + if (!empty($_POST['form']['USR_PASSWORD']) && strlen($_POST['form']['USR_PASSWORD']) > 32) { + $pass = trim($_POST['form']['USR_PASSWORD']); + foreach (Bootstrap::getPasswordHashConfig() as $key => $hash) { + $search = substr($pass, 0, strlen($hash) + 1); + if ($search == $hash . ':') { + $pass = substr($pass, strlen($hash) + 1); + } + } + $_POST['form']['USR_PASSWORD'] = $pass; + } + $frm = $_POST['form']; if (isset($frm['USR_USERNAME'])) { From 275f8a1d69c6c714a57d4b6e975d7773a91b9c40 Mon Sep 17 00:00:00 2001 From: "Marco A. Nina Mena" Date: Sun, 6 Aug 2017 20:33:53 -0400 Subject: [PATCH 47/52] Delete changes of file. --- workflow/engine/classes/Calendar.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/workflow/engine/classes/Calendar.php b/workflow/engine/classes/Calendar.php index 43e35035b..fe49aca98 100644 --- a/workflow/engine/classes/Calendar.php +++ b/workflow/engine/classes/Calendar.php @@ -799,6 +799,10 @@ class Calendar extends CalendarDefinition return $return; } + + + + /**************SLA classes***************/ public function dashCalculateDate ($iniDate, $duration, $formatDuration, $calendarData = array()) { @@ -837,6 +841,8 @@ class Calendar extends CalendarDefinition if ((is_null($finDate)) || ($finDate == '')) { $finDate = date('Y-m-d H:i:s'); } + + if ((strtotime($finDate)) <= (strtotime($iniDate))) { return 0.00; } From c028e15ef3803117be427fd209b26e72f5e4b80c Mon Sep 17 00:00:00 2001 From: "Marco A. Nina Mena" Date: Wed, 9 Aug 2017 10:39:26 -0400 Subject: [PATCH 48/52] Delete code for compatibility with old forms of authentication. --- workflow/engine/methods/login/authentication.php | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/workflow/engine/methods/login/authentication.php b/workflow/engine/methods/login/authentication.php index 7152e29db..ed7e32196 100644 --- a/workflow/engine/methods/login/authentication.php +++ b/workflow/engine/methods/login/authentication.php @@ -41,18 +41,6 @@ try { die(); } - //Check if the password contains the password hashes - if (!empty($_POST['form']['USR_PASSWORD']) && strlen($_POST['form']['USR_PASSWORD']) > 32) { - $pass = trim($_POST['form']['USR_PASSWORD']); - foreach (Bootstrap::getPasswordHashConfig() as $key => $hash) { - $search = substr($pass, 0, strlen($hash) + 1); - if ($search == $hash . ':') { - $pass = substr($pass, strlen($hash) + 1); - } - } - $_POST['form']['USR_PASSWORD'] = $pass; - } - $frm = $_POST['form']; if (isset($frm['USR_USERNAME'])) { From 9cb2940c5d613f2204d7bbe91c0dec759f361a9a Mon Sep 17 00:00:00 2001 From: "Marco A. Nina Mena" Date: Thu, 10 Aug 2017 14:42:47 -0400 Subject: [PATCH 49/52] delete change calendar.php --- workflow/engine/classes/Calendar.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/workflow/engine/classes/Calendar.php b/workflow/engine/classes/Calendar.php index 2f788a442..fe49aca98 100644 --- a/workflow/engine/classes/Calendar.php +++ b/workflow/engine/classes/Calendar.php @@ -828,7 +828,7 @@ class Calendar extends CalendarDefinition $newDate = $onlyDate; $hoursDuration -= (float)($secondRes/3600); } else { - $newDate = date('Y-m-d H:i:s', strtotime('+' . (((float)$hoursDuration)*3600) . ' seconds', strtotime($newDate))); + $newDate = date('Y-m-d H:i:s', strtotime('+' . round((((float)$hoursDuration)*3600), 5) . ' seconds', strtotime($newDate))); $hoursDuration = 0; } } From f41ae291d9235a5ea137aea5ebe8a0c152181790 Mon Sep 17 00:00:00 2001 From: "Marco A. Nina Mena" Date: Thu, 10 Aug 2017 14:55:16 -0400 Subject: [PATCH 50/52] move line use --- workflow/engine/methods/services/soap2.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/workflow/engine/methods/services/soap2.php b/workflow/engine/methods/services/soap2.php index 75a61177a..603ebf596 100644 --- a/workflow/engine/methods/services/soap2.php +++ b/workflow/engine/methods/services/soap2.php @@ -1,8 +1,8 @@ Date: Thu, 10 Aug 2017 15:50:36 -0400 Subject: [PATCH 51/52] HOR-3661 --- .../templates/pluginOnTransitList.php.tpl | 1 - workflow/engine/PmBootstrap.php | 1 - workflow/engine/bin/cron.php | 1 - workflow/engine/bin/cron_single.php | 32 ------------------- workflow/engine/bin/reindex_solr.php | 1 - workflow/engine/bin/verify_solr.php | 2 -- .../engine/classes/class.applications.php | 8 ----- .../engine/classes/class.pluginRegistry.php | 4 --- workflow/engine/classes/class.wsTools.php | 2 -- workflow/engine/config/paths.php | 1 - workflow/engine/controllers/appProxy.php | 5 --- workflow/engine/controllers/home.php | 4 --- workflow/engine/controllers/pmTables.php | 1 - .../methods/appFolder/appFolderAjax.php | 2 -- .../engine/methods/cases/cases_SaveData.php | 1 - .../cases/cases_SaveDataSupervisor.php | 2 -- .../engine/methods/dynaforms/fields_Ajax.php | 2 -- .../methods/inputdocs/inputdocs_Save.php | 3 -- .../ProcessMaker/BusinessModel/Dashboard.php | 4 +-- workflow/public_html/sysGeneric.php | 5 --- 20 files changed, 1 insertion(+), 81 deletions(-) diff --git a/gulliver/bin/tasks/templates/pluginOnTransitList.php.tpl b/gulliver/bin/tasks/templates/pluginOnTransitList.php.tpl index d6aae73da..f95be3549 100644 --- a/gulliver/bin/tasks/templates/pluginOnTransitList.php.tpl +++ b/gulliver/bin/tasks/templates/pluginOnTransitList.php.tpl @@ -27,7 +27,6 @@ $xmlfile = '{className}/{className}OnTransitList'; /* Render page */ - //require_once ( 'classes/class.extendGulliver.php' ); $G_PUBLISH = new Publisher; $G_PUBLISH->AddContent( 'propeltable', '{className}/paged-table', '{className}/{className}OnTransitList', $Criteria ); G::RenderPage( "publish" ); diff --git a/workflow/engine/PmBootstrap.php b/workflow/engine/PmBootstrap.php index 8b5336a63..ec4b5aa82 100644 --- a/workflow/engine/PmBootstrap.php +++ b/workflow/engine/PmBootstrap.php @@ -66,7 +66,6 @@ class PmBootstrap extends Bootstrap // pm workflow classes (static load) $this->autoloader->registerClass('System', PATH_CORE . 'classes/class.system'); - //$this->autoloader->registerClass('Services_JSON', PATH_THIRDPARTY .'pear/json/class.json'); $this->autoloader->registerClass('Smarty', PATH_THIRDPARTY . 'smarty/libs/Smarty.class'); $this->autoloader->registerClass('Propel', PATH_THIRDPARTY . 'propel/Propel'); diff --git a/workflow/engine/bin/cron.php b/workflow/engine/bin/cron.php index 8db5a180c..cdf5df7c2 100644 --- a/workflow/engine/bin/cron.php +++ b/workflow/engine/bin/cron.php @@ -72,7 +72,6 @@ try { $classLoader->add(PATH_TRUNK . 'workflow' . PATH_SEP . 'engine' . PATH_SEP . 'src' . PATH_SEP, 'ProcessMaker'); $classLoader->add(PATH_TRUNK . 'workflow' . PATH_SEP . 'engine' . PATH_SEP . 'src' . PATH_SEP); $classLoader->addClass('Bootstrap', PATH_TRUNK . 'gulliver' . PATH_SEP . 'system' . PATH_SEP . 'class.bootstrap.php'); - Bootstrap::initVendors(); $classLoader->addModelClassPath(PATH_TRUNK . 'workflow' . PATH_SEP . 'engine' . PATH_SEP . 'classes' . PATH_SEP . 'model' . PATH_SEP); //Load classes diff --git a/workflow/engine/bin/cron_single.php b/workflow/engine/bin/cron_single.php index 1aa83d9cd..710251773 100644 --- a/workflow/engine/bin/cron_single.php +++ b/workflow/engine/bin/cron_single.php @@ -90,38 +90,6 @@ try { spl_autoload_register(['Bootstrap', 'autoloadClass']); - //DATABASE propel classes used in 'Cases' Options - Bootstrap::registerClass('AuthenticationSourcePeer', PATH_RBAC . 'model' . PATH_SEP . 'AuthenticationSourcePeer.php'); - Bootstrap::registerClass('BaseAuthenticationSource', PATH_RBAC . 'model' . PATH_SEP . 'om' . PATH_SEP . 'BaseAuthenticationSource.php'); - Bootstrap::registerClass('AuthenticationSource', PATH_RBAC . 'model' . PATH_SEP . 'AuthenticationSource.php'); - Bootstrap::registerClass('RolesPeer', PATH_RBAC . 'model' . PATH_SEP . 'RolesPeer.php'); - Bootstrap::registerClass('BaseRoles', PATH_RBAC . 'model' . PATH_SEP . 'om' . PATH_SEP . 'BaseRoles.php'); - Bootstrap::registerClass('Roles', PATH_RBAC . 'model' . PATH_SEP . 'Roles.php'); - - require_once(PATH_RBAC . 'model' . PATH_SEP . 'UsersRolesPeer.php'); - require_once(PATH_RBAC . 'model' . PATH_SEP . 'om' . PATH_SEP . 'BaseUsersRoles.php'); - require_once(PATH_RBAC . 'model' . PATH_SEP . 'UsersRoles.php'); - - Bootstrap::registerClass('PMLicensedFeatures', PATH_CLASSES . 'class.licensedFeatures.php'); - Bootstrap::registerClass('serverConf', PATH_CLASSES . 'class.serverConfiguration.php'); - Bootstrap::registerClass('calendar', PATH_CLASSES . 'class.calendar.php'); - Bootstrap::registerClass('groups', PATH_CLASSES . 'class.groups.php'); - - Bootstrap::registerClass('Entity_Base', PATH_HOME . 'engine/classes/entities/Base.php'); - Bootstrap::registerClass('Entity_AppSolrQueue', PATH_HOME . 'engine/classes/entities/AppSolrQueue.php'); - Bootstrap::registerClass('XMLDB', PATH_HOME . 'engine/classes/class.xmlDb.php'); - Bootstrap::registerClass('DynaformHandler', PATH_GULLIVER . 'class.dynaformhandler.php'); - Bootstrap::registerClass('DynaFormField', PATH_HOME . 'engine/classes/class.dynaFormField.php'); - Bootstrap::registerClass('SolrRequestData', PATH_HOME . 'engine/classes/entities/SolrRequestData.php'); - Bootstrap::registerClass('SolrUpdateDocument', PATH_HOME . 'engine/classes/entities/SolrUpdateDocument.php'); - Bootstrap::registerClass('Xml_Node', PATH_GULLIVER . 'class.xmlDocument.php'); - Bootstrap::registerClass('wsResponse', PATH_HOME . 'engine' . PATH_SEP . 'classes' . PATH_SEP . 'class.wsResponse.php'); - Bootstrap::initVendors(); - - /*----------------------------------********---------------------------------*/ - Bootstrap::registerClass('dashboards', PATH_HOME . 'engine/classes/class.dashboards.php'); - /*----------------------------------********---------------------------------*/ - //Set variables /*----------------------------------********---------------------------------*/ $dateInit = null; diff --git a/workflow/engine/bin/reindex_solr.php b/workflow/engine/bin/reindex_solr.php index dfd040ca4..a277a001e 100644 --- a/workflow/engine/bin/reindex_solr.php +++ b/workflow/engine/bin/reindex_solr.php @@ -115,7 +115,6 @@ if (! defined ('PATH_HOME')) { define( 'PATH_CLASSES', PATH_HOME . "engine" . PATH_SEP . "classes" . PATH_SEP ); require_once (PATH_HOME . 'engine' . PATH_SEP . 'config' . PATH_SEP . 'paths.php'); - require_once (PATH_GULLIVER . "class.bootstrap.php"); spl_autoload_register(array('Bootstrap', 'autoloadClass')); } diff --git a/workflow/engine/bin/verify_solr.php b/workflow/engine/bin/verify_solr.php index e146ab9e1..e1debf6a2 100644 --- a/workflow/engine/bin/verify_solr.php +++ b/workflow/engine/bin/verify_solr.php @@ -86,8 +86,6 @@ if (! defined ('PATH_HOME')) { require_once PATH_TRUNK . "framework/src/Maveriks/Util/ClassLoader.php"; require_once (PATH_HOME . 'engine' . PATH_SEP . 'config' . PATH_SEP . 'paths.php'); - require_once (PATH_GULLIVER . "class.bootstrap.php"); - Bootstrap::registerSystemClasses(); spl_autoload_register(array('Bootstrap', 'autoloadClass')); diff --git a/workflow/engine/classes/class.applications.php b/workflow/engine/classes/class.applications.php index f34ce1222..88256fd91 100644 --- a/workflow/engine/classes/class.applications.php +++ b/workflow/engine/classes/class.applications.php @@ -236,14 +236,6 @@ class Applications $dateFrom = isset($dateFrom)? $dateFrom : ""; $dateTo = isset($dateTo)? $dateTo : ""; - //require_once ("classes/model/AppCacheView.php"); - //require_once ("classes/model/AppDelegation.php"); - //require_once ("classes/model/AdditionalTables.php"); - //require_once ("classes/model/AppDelay.php"); - //require_once ("classes/model/Fields.php"); - //require_once ("classes/model/Users.php"); - //require_once ("classes/model/Process.php"); - $oAppCache = new AppCacheView(); if ($configuration == true) { diff --git a/workflow/engine/classes/class.pluginRegistry.php b/workflow/engine/classes/class.pluginRegistry.php index 79026e308..1ff5b81e3 100644 --- a/workflow/engine/classes/class.pluginRegistry.php +++ b/workflow/engine/classes/class.pluginRegistry.php @@ -210,9 +210,6 @@ class PMPluginRegistry */ public function registerPlugin ($sNamespace, $sFilename = null) { - //require_once ($sFilename); - - $sClassName = $sNamespace . "plugin"; $plugin = new $sClassName( $sNamespace, $sFilename ); @@ -285,7 +282,6 @@ class PMPluginRegistry $pluginSrcDir = PATH_PLUGINS . $detail->sNamespace . PATH_SEP . 'src'; if (is_dir($pluginSrcDir)) { - //Bootstrap::registerDir($detail->sNamespace.'/src', $pluginSrcDir); $loader = \Maveriks\Util\ClassLoader::getInstance(); $loader->add($pluginSrcDir); } diff --git a/workflow/engine/classes/class.wsTools.php b/workflow/engine/classes/class.wsTools.php index d64660ac8..561ecb431 100644 --- a/workflow/engine/classes/class.wsTools.php +++ b/workflow/engine/classes/class.wsTools.php @@ -467,7 +467,6 @@ class workspaceTools foreach ($information as $key => $value) { $arrayLang[] = trim($value['LOCALE']); } - //require_once ('classes/model/Content.php'); $regenerateContent = new Content(); $regenerateContent->regenerateContent($arrayLang, $workSpace); } @@ -662,7 +661,6 @@ class workspaceTools { $this->initPropel(true); - //require_once ('classes/model/AppCacheView.php'); //check the language, if no info in config about language, the default is 'en' $oConf = new Configurations(); diff --git a/workflow/engine/config/paths.php b/workflow/engine/config/paths.php index 3e08b352b..3a1b86dde 100644 --- a/workflow/engine/config/paths.php +++ b/workflow/engine/config/paths.php @@ -69,7 +69,6 @@ // include Gulliver Class require_once( PATH_GULLIVER . PATH_SEP . 'class.g.php'); // include Bootstrap Class - require_once (PATH_GULLIVER . PATH_SEP . 'class.bootstrap.php'); if(file_exists(FILE_PATHS_INSTALLED)) { // backward compatibility; parsing old definitions in the compiled path constant diff --git a/workflow/engine/controllers/appProxy.php b/workflow/engine/controllers/appProxy.php index 191329456..b62a725fe 100644 --- a/workflow/engine/controllers/appProxy.php +++ b/workflow/engine/controllers/appProxy.php @@ -91,8 +91,6 @@ class AppProxy extends HttpProxyController ); } - //require_once ("classes/model/AppNotes.php"); - $usrUid = isset( $_SESSION['USER_LOGGED'] ) ? $_SESSION['USER_LOGGED'] : ""; $appNotes = new AppNotes(); $response = $appNotes->getNotesList( $appUid, '', $httpData->start, $httpData->limit ); @@ -113,9 +111,6 @@ class AppProxy extends HttpProxyController */ function postNote ($httpData) { - //require_once ("classes/model/AppNotes.php"); - - //extract(getExtJSParams()); if (isset( $httpData->appUid ) && trim( $httpData->appUid ) != "") { $appUid = $httpData->appUid; } else { diff --git a/workflow/engine/controllers/home.php b/workflow/engine/controllers/home.php index 4ac15c7fd..6e0f2e5c3 100644 --- a/workflow/engine/controllers/home.php +++ b/workflow/engine/controllers/home.php @@ -180,8 +180,6 @@ class Home extends Controller public function indexSingle ($httpData) { - require_once 'classes/model/Step.php'; - $step = new Step(); $solrEnabled = false; @@ -377,7 +375,6 @@ class Home extends Controller $sort = "APP_CACHE_VIEW.APP_NUMBER", $category = null) { - require_once ("classes/model/AppNotes.php"); $appNotes = new AppNotes(); @@ -638,7 +635,6 @@ class Home extends Controller function getCategoryArray () { - require_once 'classes/model/ProcessCategory.php'; $category = array(); $category[] = array ("",G::LoadTranslation( "ID_ALL_CATEGORIES" )); diff --git a/workflow/engine/controllers/pmTables.php b/workflow/engine/controllers/pmTables.php index 5ed01b43d..65a58531c 100644 --- a/workflow/engine/controllers/pmTables.php +++ b/workflow/engine/controllers/pmTables.php @@ -122,7 +122,6 @@ class pmTables extends Controller */ public function data ($httpData) { - require_once 'classes/model/AdditionalTables.php'; $additionalTables = new AdditionalTables(); $tableDef = $additionalTables->load( $httpData->id, true ); diff --git a/workflow/engine/methods/appFolder/appFolderAjax.php b/workflow/engine/methods/appFolder/appFolderAjax.php index f95f32645..23b8ffeeb 100644 --- a/workflow/engine/methods/appFolder/appFolderAjax.php +++ b/workflow/engine/methods/appFolder/appFolderAjax.php @@ -160,8 +160,6 @@ function sendJsonResultGeneric($response, $callback) function expandNode() { - //require_once ("classes/model/AppFolder.php"); - extract(getExtJSParams()); $oPMFolder = new AppFolder(); diff --git a/workflow/engine/methods/cases/cases_SaveData.php b/workflow/engine/methods/cases/cases_SaveData.php index 430b73821..b8fe5b4ba 100644 --- a/workflow/engine/methods/cases/cases_SaveData.php +++ b/workflow/engine/methods/cases/cases_SaveData.php @@ -303,7 +303,6 @@ try { } //Save files - //require_once ("classes/model/AppDocument.php"); if (isset( $_FILES["form"]["name"] ) && count( $_FILES["form"]["name"] ) > 0) { $oInputDocument = new \ProcessMaker\BusinessModel\Cases\InputDocument(); diff --git a/workflow/engine/methods/cases/cases_SaveDataSupervisor.php b/workflow/engine/methods/cases/cases_SaveDataSupervisor.php index b456cbafb..cff4b68e5 100644 --- a/workflow/engine/methods/cases/cases_SaveDataSupervisor.php +++ b/workflow/engine/methods/cases/cases_SaveDataSupervisor.php @@ -128,8 +128,6 @@ if (isset( $_FILES["form"]["name"] ) && count( $_FILES["form"]["name"] ) > 0) { } if ($indocUid != null) { - //require_once ("classes/model/AppFolder.php"); - //require_once ("classes/model/InputDocument.php"); $oInputDocument = new InputDocument(); $aID = $oInputDocument->load( $indocUid ); diff --git a/workflow/engine/methods/dynaforms/fields_Ajax.php b/workflow/engine/methods/dynaforms/fields_Ajax.php index cb2cb73ae..3bcd63bc8 100644 --- a/workflow/engine/methods/dynaforms/fields_Ajax.php +++ b/workflow/engine/methods/dynaforms/fields_Ajax.php @@ -47,8 +47,6 @@ if (isset( $_SESSION['CURRENT_PAGE_INITILIZATION'] )) { eval( $_SESSION['CURRENT_PAGE_INITILIZATION'] ); } -//require_once (PATH_THIRDPARTY . 'pear/json/class.json.php'); -//$json = new Services_JSON(); $G_FORM = new form( G::getUIDName( urlDecode( $_POST['form'] ) ) ); $G_FORM->id = urlDecode( $_POST['form'] ); $G_FORM->values = $_SESSION[$G_FORM->id]; diff --git a/workflow/engine/methods/inputdocs/inputdocs_Save.php b/workflow/engine/methods/inputdocs/inputdocs_Save.php index 4511380f0..529390350 100644 --- a/workflow/engine/methods/inputdocs/inputdocs_Save.php +++ b/workflow/engine/methods/inputdocs/inputdocs_Save.php @@ -45,9 +45,6 @@ try { // Bootstrap::mylog("post:".$_POST['function']); switch ($sfunction) { case 'lookForNameInput': - //require_once ('classes/model/Content.php'); - //require_once ("classes/model/InputDocument.php"); - $snameInput = urldecode( $_POST['NAMEINPUT'] ); $sPRO_UID = urldecode( $_POST['proUid'] ); diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Dashboard.php b/workflow/engine/src/ProcessMaker/BusinessModel/Dashboard.php index d83b4ba37..a321947d2 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Dashboard.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Dashboard.php @@ -390,8 +390,7 @@ class Dashboard { $data['USR_UID'] = $usrUid; $data['PRO_UID'] = ""; $data['APP_UID'] = ""; - - //require_once (PATH_HOME . "engine" . PATH_SEP . "classes" . PATH_SEP . "model" . PATH_SEP . "Configuration.php"); + $oConfig = new \Configuration(); $response = $oConfig->create($data); @@ -409,7 +408,6 @@ class Dashboard { */ public function getConfig($usr_uid) { - //require_once (PATH_HOME . "engine" . PATH_SEP . "classes" . PATH_SEP . "model" . PATH_SEP . "Configuration.php"); $oConfig = new \Configuration(); $response = array(); diff --git a/workflow/public_html/sysGeneric.php b/workflow/public_html/sysGeneric.php index 8c2e0961f..d2da8912b 100644 --- a/workflow/public_html/sysGeneric.php +++ b/workflow/public_html/sysGeneric.php @@ -218,7 +218,6 @@ define( 'PATH_RBAC_MSSQL_DATA', PATH_RBAC_CORE . 'data' . PATH_SEP . 'mssql' . P define( 'PATH_CONTROLLERS', PATH_CORE . 'controllers' . PATH_SEP ); // include Gulliver Class -require_once (PATH_GULLIVER . "class.bootstrap.php"); if (file_exists( FILE_PATHS_INSTALLED )) { @@ -651,8 +650,6 @@ if (file_exists( $sSerializedFile )) { } // setup propel definitions and logging //changed to autoloader -//require_once ("propel/Propel.php"); -//require_once ("creole/Creole.php"); if (defined( 'DEBUG_SQL_LOG' ) && DEBUG_SQL_LOG) { define( 'PM_PID', mt_rand( 1, 999999 ) ); @@ -798,8 +795,6 @@ if (substr( SYS_COLLECTION, 0, 8 ) === 'gulliver') { die(); } - Bootstrap::initVendors(); - $isWebEntry = \ProcessMaker\BusinessModel\WebEntry::isWebEntry(SYS_COLLECTION, $phpFile); if (\Bootstrap::getDisablePhpUploadExecution() === 1 && !$isWebEntry) { $message = \G::LoadTranslation('THE_PHP_FILES_EXECUTION_WAS_DISABLED'); From 2820ba7de32f1ba2b67927d54348261465bcfe3c Mon Sep 17 00:00:00 2001 From: "Marco A. Nina Mena" Date: Thu, 10 Aug 2017 16:30:32 -0400 Subject: [PATCH 52/52] fix code review o --- gulliver/system/class.bootstrap.php | 8 ++++---- gulliver/system/class.rbac.php | 12 ++++++------ workflow/engine/classes/class.wsBase.php | 12 ++++++++---- 3 files changed, 18 insertions(+), 14 deletions(-) diff --git a/gulliver/system/class.bootstrap.php b/gulliver/system/class.bootstrap.php index ed98a7616..effe5f3af 100644 --- a/gulliver/system/class.bootstrap.php +++ b/gulliver/system/class.bootstrap.php @@ -2584,7 +2584,7 @@ class Bootstrap * @param string $userPass hash of password * @return bool true or false */ - public function verifyHashPassword ($pass, $userPass) + public function verifyHashPassword($pass, $userPass) { global $RBAC; $passwordHashConfig = Bootstrap::getPasswordHashConfig(); @@ -2592,11 +2592,11 @@ class Bootstrap $hashTypePrevious = $passwordHashConfig['previous']; $acceptance = false; - if ($RBAC->getStatusLoginHash()) { + if ($RBAC->loginWithHash()) { //To enable compatibility with soap login - if ($pass === $hashTypeCurrent . ':' . $userPass) { + if ((Bootstrap::hashPassword($pass, $hashTypeCurrent) == $userPass) || ($pass === $hashTypeCurrent . ':' . $userPass)) { $acceptance = true; - } else if ($pass === $hashTypePrevious . ':' . $userPass) { + } else if ((Bootstrap::hashPassword($pass, $hashTypePrevious) == $userPass) || ($pass === $hashTypePrevious . ':' . $userPass)) { $acceptance = true; } } else { diff --git a/gulliver/system/class.rbac.php b/gulliver/system/class.rbac.php index 66388a0d6..65c4754be 100644 --- a/gulliver/system/class.rbac.php +++ b/gulliver/system/class.rbac.php @@ -1580,27 +1580,27 @@ class RBAC } /** - * Enable compatibility with soap login + * Enable compatibility with hash login */ - public function enableLoginSoapWithHash() + public function enableLoginWithHash() { $this->enableLoginHash = true; } /** - * Disable compatibility with soap login + * Disable compatibility with hash login */ - public function disableLoginSoapWithHash () + public function disableLoginWithHash() { $this->enableLoginHash = false; } /** - * Return status login with soap + * Return status login with hash * * @return bool */ - public function getStatusLoginHash () + public function loginWithHash() { return $this->enableLoginHash; } diff --git a/workflow/engine/classes/class.wsBase.php b/workflow/engine/classes/class.wsBase.php index 2d303b015..f4ef512a5 100644 --- a/workflow/engine/classes/class.wsBase.php +++ b/workflow/engine/classes/class.wsBase.php @@ -65,8 +65,12 @@ class wsBase global $RBAC; try { - //To enable compatibility with soap login, method Enable. - $RBAC->enableLoginSoapWithHash(); + //To enable compatibility with hash login, method Enable. + //It's necessary to enable the hash start session because there are use cases in both, + //the web entry and in the case planner, where the password is still used in the hash + //format so that is possible to start a session. Thiw way we will mantain the + //compatibility with this type of loggin. + $RBAC->enableLoginWithHash(); $uid = $RBAC->VerifyLogin( $userid, $password ); switch ($uid) { @@ -119,8 +123,8 @@ class wsBase $wsResponse = unserialize( $e->getMessage() ); } - //To enable compatibility with soap login, method disable. - $RBAC->disableLoginSoapWithHash(); + //To enable compatibility with hash login, method disable. + $RBAC->disableLoginWithHash(); return $wsResponse; }