Merged in cmdeguzman/cdgz-processmaker/HOR-282-3018 (pull request #3783)
HOR-282
This commit is contained in:
David Callizaya
@@ -70,7 +70,7 @@
|
||||
<div class="block_exception clear_fix">
|
||||
<h2>
|
||||
<abbr title="RuntimeException">RuntimeException</abbr>:
|
||||
<pre><?php echo $message?></pre>
|
||||
<pre><?php echo htmlspecialchars($message)?></pre>
|
||||
</h2>
|
||||
</div>
|
||||
<div class="block">
|
||||
|
||||
@@ -284,7 +284,7 @@ class Xml_document extends Xml_Node
|
||||
{ //$content is a new variable, if it has any value then use it instead of the file content.
|
||||
if ($content == "") {
|
||||
if (! file_exists( $filename )) {
|
||||
throw (new Exception( "failed to open Xmlform File : No such file or directory in $filename " ));
|
||||
throw (new Exception( "failed to open Xmlform File : No such file or directory in ".htmlspecialchars($filename) ));
|
||||
}
|
||||
$data = implode( '', file( $filename ) );
|
||||
} else {
|
||||
|
||||
@@ -313,7 +313,7 @@ class adminProxy extends HttpProxyController
|
||||
public function testingOption($params)
|
||||
{
|
||||
$data['success'] = true;
|
||||
$data['optionAuthS'] = $params->optionAuthS;
|
||||
$data['optionAuthS'] = htmlspecialchars($params->optionAuthS);
|
||||
return $data;
|
||||
|
||||
}
|
||||
|
||||
@@ -75,8 +75,8 @@ class Designer extends Controller
|
||||
}
|
||||
/*----------------------------------********---------------------------------*/
|
||||
|
||||
$this->setVar('prj_uid', $proUid);
|
||||
$this->setVar('app_uid', $appUid);
|
||||
$this->setVar('prj_uid', htmlspecialchars($proUid));
|
||||
$this->setVar('app_uid', htmlspecialchars($appUid));
|
||||
$this->setVar('consolidated', $consolidated);
|
||||
$this->setVar('enterprise', $enterprise);
|
||||
$this->setVar('prj_readonly', $proReadOnly);
|
||||
|
||||
@@ -118,7 +118,7 @@ class ProcessProxy extends HttpProxyController
|
||||
$oProcess = new Processes();
|
||||
if (count( $ids ) > 0) {
|
||||
foreach ($ids as $id) {
|
||||
$oProcess->changeStatus( $id );
|
||||
$oProcess->changeStatus( htmlspecialchars($id) );
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -6,7 +6,7 @@ $actionAjax = isset( $_REQUEST['actionAjax'] ) ? $_REQUEST['actionAjax'] : null;
|
||||
if ($actionAjax == "streaming") {
|
||||
|
||||
$app_uid = isset( $_REQUEST['a'] ) ? $_REQUEST['a'] : null;
|
||||
$inp_doc_uid = isset( $_REQUEST['d'] ) ? $_REQUEST['d'] : null;
|
||||
$inp_doc_uid = isset( $_REQUEST['d'] ) ? htmlspecialchars($_REQUEST['d']) : null;
|
||||
$oAppDocument = new \AppDocument();
|
||||
|
||||
if (! isset( $fileData['version'] )) {
|
||||
@@ -52,7 +52,7 @@ if ($actionAjax == "streaming") {
|
||||
|
||||
if ($actionAjax == "fileMobile") {
|
||||
$app_uid = isset( $_REQUEST['a'] ) ? $_REQUEST['a'] : null;
|
||||
$inp_doc_uid = isset( $_REQUEST['d'] ) ? $_REQUEST['d'] : null;
|
||||
$inp_doc_uid = isset( $_REQUEST['d'] ) ? htmlspecialchars($_REQUEST['d']) : null;
|
||||
|
||||
$structure = file_get_contents(PATH_HTML ."/mobile/index.json");
|
||||
$structure = json_decode($structure);
|
||||
|
||||
@@ -32,7 +32,7 @@ $aFields = $oAppDocument->load( $_GET['a'] );
|
||||
require_once 'classes/model/OutputDocument.php';
|
||||
$oOutputDocument = new OutputDocument();
|
||||
$aOD = $oOutputDocument->load( $aFields['DOC_UID'] );
|
||||
$a = $_GET['a'];
|
||||
$a = htmlspecialchars($_GET['a']);
|
||||
$ext = strtolower( $aOD['OUT_DOC_GENERATE'] );
|
||||
|
||||
G::header( 'location: cases_ShowOutputDocument?a=' . $a . '&ext=' . $ext );
|
||||
|
||||
@@ -38,17 +38,20 @@ if (! isset( $_GET['APP_UID'] ) || ! isset( $_GET['DEL_INDEX'] )) {
|
||||
if (isset( $_GET['APP_NUMBER'] )) {
|
||||
G::LoadClass( 'case' );
|
||||
$oCase = new Cases();
|
||||
$_GET['APP_UID'] = $oCase->getApplicationUIDByNumber( $_GET['APP_NUMBER'] );
|
||||
$_GET['DEL_INDEX'] = $oCase->getCurrentDelegation( $_GET['APP_UID'], $_SESSION['USER_LOGGED'] );
|
||||
if (is_null( $_GET['APP_UID'] )) {
|
||||
$appUid = $oCase->getApplicationUIDByNumber( htmlspecialchars($_GET['APP_NUMBER']) );
|
||||
$delIndex = $oCase->getCurrentDelegation( $appUid, $_SESSION['USER_LOGGED'] );
|
||||
if (is_null( $appUid )) {
|
||||
throw new Exception( G::LoadTranslation( 'ID_CASE_DOES_NOT_EXISTS' ) );
|
||||
}
|
||||
if (is_null( $_GET['DEL_INDEX'] )) {
|
||||
if (is_null( $delIndex )) {
|
||||
throw new Exception( G::LoadTranslation( 'ID_CASE_IS_CURRENTLY_WITH_ANOTHER_USER' ) );
|
||||
}
|
||||
} else {
|
||||
throw new Exception( "Application ID or Delegation Index is missing!. The System can't open the case." );
|
||||
}
|
||||
} else {
|
||||
$appUid = htmlspecialchars($_GET['APP_UID']);
|
||||
$delIndex = htmlspecialchars($_GET['DEL_INDEX']);
|
||||
}
|
||||
|
||||
require_once ("classes/model/Step.php");
|
||||
@@ -85,19 +88,16 @@ foreach ($_GET as $k => $v) {
|
||||
$uri .= ($uri == '') ? "$k=$v" : "&$k=$v";
|
||||
}
|
||||
|
||||
//$case = $oCase->loadCase( $_GET['APP_UID'], $_GET['DEL_INDEX'] );
|
||||
if( isset($_GET['action']) && ($_GET['action'] == 'jump') ) {
|
||||
$case = $oCase->loadCase( $_GET['APP_UID'], $_GET['DEL_INDEX'], $_GET['action']);
|
||||
$case = $oCase->loadCase( $appUid, $delIndex, $_GET['action']);
|
||||
} else {
|
||||
$case = $oCase->loadCase( $_GET['APP_UID'], $_GET['DEL_INDEX'] );
|
||||
$case = $oCase->loadCase( $appUid, $delIndex );
|
||||
}
|
||||
|
||||
if (! isset( $_GET['to_revise'] )) {
|
||||
$script = 'cases_Open?';
|
||||
} else {
|
||||
$script = 'cases_OpenToRevise?';
|
||||
$delIndex = $_GET['DEL_INDEX'];
|
||||
$appUid = $_GET['APP_UID'];
|
||||
$oHeadPublisher->assign( 'treeToReviseTitle', G::loadtranslation( 'ID_STEP_LIST' ) );
|
||||
$casesPanelUrl = 'casesToReviseTreeContent?APP_UID=' . $appUid . '&DEL_INDEX=' . $delIndex;
|
||||
$oHeadPublisher->assign( 'casesPanelUrl', $casesPanelUrl ); //translations
|
||||
@@ -121,7 +121,7 @@ $oHeadPublisher->assign( 'uri', $script . $uri );
|
||||
$oHeadPublisher->assign( '_APP_NUM', '#: ' . $case['APP_NUMBER'] );
|
||||
$oHeadPublisher->assign( '_PROJECT_TYPE', in_array($case['PRO_UID'], $bpmnProjects) ? 'bpmn' : 'classic' );
|
||||
$oHeadPublisher->assign( '_PRO_UID', $case['PRO_UID']);
|
||||
$oHeadPublisher->assign( '_APP_UID', $_GET['APP_UID']);
|
||||
$oHeadPublisher->assign( '_APP_UID', $appUid);
|
||||
$oHeadPublisher->assign( '_ENV_CURRENT_DATE', $conf->getSystemDate( date( 'Y-m-d' ) ) );
|
||||
$oHeadPublisher->assign( '_ENV_CURRENT_DATE_NO_FORMAT', date( 'Y-m-d-h-i-A' ) );
|
||||
$oHeadPublisher->assign( 'idfirstform', is_null( $oStep ) ? '' : $oStep->getStepUidObj() );
|
||||
|
||||
@@ -5,12 +5,11 @@
|
||||
*/
|
||||
|
||||
$appUid = isset($_POST["appUid"])? $_POST["appUid"] : "";
|
||||
$dynUid = isset($_POST["dynUid"])? $_POST["dynUid"] : "";
|
||||
$proUid = isset($_POST["proUid"])? $_POST["proUid"] : "";
|
||||
$dynUid = isset($_POST["dynUid"])? htmlspecialchars($_POST["dynUid"]) : "";
|
||||
$proUid = isset($_POST["proUid"])? htmlspecialchars($_POST["proUid"]) : "";
|
||||
$fieldName = isset($_POST["fieldName"])? $_POST["fieldName"] : "";
|
||||
|
||||
$filename = $proUid . PATH_SEP . $dynUid . ".xml";
|
||||
|
||||
$G_FORM = new xmlform();
|
||||
$G_FORM->home = PATH_DYNAFORM;
|
||||
$G_FORM->parseFile($filename, SYS_LANG, true);
|
||||
|
||||
@@ -1,135 +0,0 @@
|
||||
<?php
|
||||
/**
|
||||
* saveForm.php
|
||||
*
|
||||
* ProcessMaker Open Source Edition
|
||||
* Copyright (C) 2004 - 2013 Colosa Inc.23
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
* For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
|
||||
* Coral Gables, FL, 33134, USA, or email info@colosa.com.
|
||||
*/
|
||||
|
||||
|
||||
try {
|
||||
|
||||
$oForm = new Form( $_SESSION["PROCESS"] . "/" . $_GET["UID"], PATH_DYNAFORM );
|
||||
$oForm->validatePost();
|
||||
|
||||
//Includes
|
||||
G::LoadClass( "case" );
|
||||
|
||||
//Load the variables
|
||||
$oCase = new Cases();
|
||||
$Fields = $oCase->loadCase( $_SESSION["APPLICATION"] );
|
||||
|
||||
$Fields["APP_DATA"] = array_merge( $Fields["APP_DATA"], G::getSystemConstants() );
|
||||
$Fields["APP_DATA"] = array_merge( $Fields["APP_DATA"], $_POST["form"] );
|
||||
|
||||
//save data in PM Tables if necessary
|
||||
$newValues = array ();
|
||||
foreach ($_POST['form'] as $sField => $sAux) {
|
||||
if (isset( $oForm->fields[$sField]->pmconnection ) && isset( $oForm->fields[$sField]->pmfield )) {
|
||||
if (($oForm->fields[$sField]->pmconnection != '') && ($oForm->fields[$sField]->pmfield != '')) {
|
||||
if (isset( $oForm->fields[$oForm->fields[$sField]->pmconnection] )) {
|
||||
require_once PATH_CORE . 'classes' . PATH_SEP . 'model' . PATH_SEP . 'AdditionalTables.php';
|
||||
$oAdditionalTables = new AdditionalTables();
|
||||
try {
|
||||
$aData = $oAdditionalTables->load( $oForm->fields[$oForm->fields[$sField]->pmconnection]->pmtable, true );
|
||||
} catch (Exception $oError) {
|
||||
$aData = array ('FIELDS' => array ()
|
||||
);
|
||||
}
|
||||
$aKeys = array ();
|
||||
$aAux = explode( '|', $oForm->fields[$oForm->fields[$sField]->pmconnection]->keys );
|
||||
$i = 0;
|
||||
$aValues = array ();
|
||||
foreach ($aData['FIELDS'] as $aField) {
|
||||
if ($aField['FLD_KEY'] == '1') {
|
||||
$aKeys[$aField['FLD_NAME']] = (isset( $aAux[$i] ) ? G::replaceDataField( $aAux[$i], $Fields['APP_DATA'] ) : '');
|
||||
$i ++;
|
||||
}
|
||||
if ($aField['FLD_NAME'] == $oForm->fields[$sField]->pmfield) {
|
||||
$aValues[$aField['FLD_NAME']] = $Fields['APP_DATA'][$sField];
|
||||
} else {
|
||||
$aValues[$aField['FLD_NAME']] = '';
|
||||
}
|
||||
}
|
||||
try {
|
||||
$aRow = $oAdditionalTables->getDataTable( $oForm->fields[$oForm->fields[$sField]->pmconnection]->pmtable, $aKeys );
|
||||
} catch (Exception $oError) {
|
||||
$aRow = false;
|
||||
}
|
||||
if ($aRow) {
|
||||
foreach ($aValues as $sKey => $sValue) {
|
||||
if ($sKey != $oForm->fields[$sField]->pmfield) {
|
||||
$aValues[$sKey] = $aRow[$sKey];
|
||||
}
|
||||
}
|
||||
try {
|
||||
$oAdditionalTables->updateDataInTable( $oForm->fields[$oForm->fields[$sField]->pmconnection]->pmtable, $aValues );
|
||||
} catch (Exception $oError) {
|
||||
//Nothing
|
||||
}
|
||||
} else {
|
||||
try {
|
||||
// assembling the field list in order to save the data ina new record of a pm table
|
||||
if (empty( $newValues )) {
|
||||
$newValues = $aValues;
|
||||
} else {
|
||||
foreach ($aValues as $aValueKey => $aValueCont) {
|
||||
if (trim( $newValues[$aValueKey] ) == '') {
|
||||
$newValues[$aValueKey] = $aValueCont;
|
||||
}
|
||||
}
|
||||
}
|
||||
//$oAdditionalTables->saveDataInTable ( $oForm->fields [$oForm->fields [$sField]->pmconnection]->pmtable, $aValues );
|
||||
} catch (Exception $oError) {
|
||||
//Nothing
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
//save data
|
||||
$aData = array ();
|
||||
$aData['APP_NUMBER'] = $Fields['APP_NUMBER'];
|
||||
$aData['APP_PROC_STATUS'] = $Fields['APP_PROC_STATUS'];
|
||||
$aData['APP_DATA'] = $Fields['APP_DATA'];
|
||||
$aData['DEL_INDEX'] = $_SESSION['INDEX'];
|
||||
$aData['TAS_UID'] = $_SESSION['TASK'];
|
||||
$aData['CURRENT_DYNAFORM'] = $_GET['UID'];
|
||||
$aData['USER_UID'] = $_SESSION['USER_LOGGED'];
|
||||
$aData['APP_STATUS'] = $Fields['APP_STATUS'];
|
||||
$aData['PRO_UID'] = $_SESSION['PROCESS'];
|
||||
|
||||
$oCase->updateCase( $_SESSION['APPLICATION'], $aData );
|
||||
|
||||
// saving the data ina pm table in case that is a new record
|
||||
if (! empty( $newValues )) {
|
||||
$id = key( $newValues );
|
||||
if (! $oAdditionalTables->updateDataInTable( $oForm->fields[$oForm->fields[$id]->pmconnection]->pmtable, $newValues )) {
|
||||
//<--This is to know if it is a new registry on the PM Table
|
||||
$oAdditionalTables->saveDataInTable( $oForm->fields[$oForm->fields[$id]->pmconnection]->pmtable, $newValues );
|
||||
}
|
||||
}
|
||||
|
||||
die('OK');
|
||||
|
||||
} catch (Exception $e) {
|
||||
die($e->getMessage());
|
||||
}
|
||||
@@ -135,6 +135,7 @@ switch($req){
|
||||
$criteria->setLimit($limit);
|
||||
$criteria->setOffset($start);
|
||||
}
|
||||
|
||||
$result = AppEventPeer::doSelectRS($criteria);
|
||||
$result->setFetchmode(ResultSet::FETCHMODE_ASSOC);
|
||||
$data = Array();
|
||||
|
||||
@@ -67,11 +67,11 @@ class Ajax
|
||||
$result->msg = $res['message'];
|
||||
} else {
|
||||
$result->success = true;
|
||||
$result->msg = 'Label ' . $id . ' saved Successfully!';
|
||||
$result->msg = 'Label ' . htmlspecialchars($id) . ' saved Successfully!';
|
||||
}
|
||||
} catch (Exception $e) {
|
||||
$result->success = false;
|
||||
$result->msg = $e->getMessage();
|
||||
$result->msg = htmlspecialchars($e->getMessage());
|
||||
}
|
||||
print G::json_encode($result);
|
||||
}
|
||||
@@ -93,7 +93,7 @@ class Ajax
|
||||
$result->msg = 'Deleted Successfully!';
|
||||
} catch (Exception $e) {
|
||||
$result->success = false;
|
||||
$result->msg = $e->getMessage();
|
||||
$result->msg = htmlspecialchars($e->getMessage());
|
||||
}
|
||||
print G::json_encode($result);
|
||||
}
|
||||
@@ -106,7 +106,7 @@ class Ajax
|
||||
$result['success'] = true;
|
||||
} catch (Exception $e) {
|
||||
$result->success = false;
|
||||
$result->msg = $e->getMessage();
|
||||
$result->msg = htmlspecialchars($e->getMessage());
|
||||
}
|
||||
print G::json_encode($result);
|
||||
}
|
||||
|
||||
@@ -37,11 +37,11 @@ switch ($function) {
|
||||
case "changeLabel":
|
||||
$query = $ses->execute( "select * from $table where TRN_CATEGORY='$cat' and TRN_ID='$node' and TRN_LANG='$lang'", false );
|
||||
if ($query->count() === 0) {
|
||||
echo ("Not found $cat:$node:$lang in table '$table'");
|
||||
echo ("Not found ".htmlspecialchars("$cat:$node:$lang")." in table '".htmlspecialchars($table)."'");
|
||||
return;
|
||||
}
|
||||
if ($query->count() > 1) {
|
||||
echo ("The $cat:$node:$lang in table '$table' is not unique");
|
||||
echo ("The $".htmlspecialchars("$cat:$node:$lang")." in table '".htmlspecialchars($table)."' is not unique");
|
||||
return;
|
||||
}
|
||||
$res = $query->read();
|
||||
@@ -55,11 +55,11 @@ switch ($function) {
|
||||
$update = $ses->execute( "update $table set TRN_VALUE='$langLabel' where TRN_CATEGORY='$cat' and TRN_ID='$node' and TRN_LANG='$lang'", false );
|
||||
$query = $ses->execute( "select * from $table where TRN_CATEGORY='$cat' and TRN_ID='$node' and TRN_LANG='$lang'", false );
|
||||
if ($query->count() === 0) {
|
||||
echo ("Not found $cat:$node:$lang in table '$table'");
|
||||
echo ("Not found ".htmlspecialchars("$cat:$node:$lang")." in table '".htmlspecialchars($table)."'");
|
||||
return;
|
||||
}
|
||||
if ($query->count() > 1) {
|
||||
echo ("The $cat:$node:$lang in table '$table' is not unique");
|
||||
echo ("The ".htmlspecialchars("$cat:$node:$lang")." in table '".htmlspecialchars($table)."' is not unique");
|
||||
return;
|
||||
}
|
||||
$res = $query->read();
|
||||
|
||||
@@ -16,6 +16,12 @@ if (isset($_GET["url"]) && $_GET["url"] != "") {
|
||||
|
||||
if (isset($url[1]) && preg_match("/^sys(.+)$/", $url[1], $match)) {
|
||||
$sysSys = $match[1];
|
||||
|
||||
// Check if sys path exists
|
||||
$checkDir = PATH_DATA."sites/".$sysSys;
|
||||
if(!is_dir($checkDir)) {
|
||||
$sysSys = '';
|
||||
}
|
||||
}
|
||||
|
||||
if (isset($url[2])) {
|
||||
@@ -24,6 +30,16 @@ if (isset($_GET["url"]) && $_GET["url"] != "") {
|
||||
|
||||
if (isset($url[3])) {
|
||||
$sysSkin = $url[3];
|
||||
|
||||
// Check if sys path exists
|
||||
$checkDir = PATH_SKIN_ENGINE.$sysSkin;
|
||||
if(!is_dir($checkDir)) {
|
||||
// Try this again
|
||||
$checkDir = PATH_CUSTOM_SKINS.$sysSkin;
|
||||
if(!is_dir($checkDir)) {
|
||||
$sysSkin = '';
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ($sysSys != "" && $sysLang != "" && $sysSkin != "") {
|
||||
@@ -84,8 +100,8 @@ if (isset($_GET["url"]) && $_GET["url"] != "") {
|
||||
<!-- Page links -->
|
||||
<ul id="textInfo">
|
||||
<li>You might try retyping the URL and trying again.</li>
|
||||
<li>Or we could take you back to the <a href="<?php echo $urlHome; ?>">home page.</a></li>
|
||||
<li>Or you could start again from the <a href="<?php echo $urlLogin; ?>">login page.</a></li>
|
||||
<li>Or we could take you back to the <a href="<?php echo htmlspecialchars($urlHome); ?>">home page.</a></li>
|
||||
<li>Or you could start again from the <a href="<?php echo htmlspecialchars($urlLogin); ?>">login page.</a></li>
|
||||
</ul>
|
||||
<!-- End page links -->
|
||||
</div>
|
||||
|
||||
@@ -9,6 +9,7 @@ $urlLogin = $http . "://" . $host . "/sys/en/neoclassic/login/login";
|
||||
$urlHome = $urlLogin;
|
||||
|
||||
if (isset($_GET["url"]) && $_GET["url"] != "") {
|
||||
|
||||
$url = urldecode($_GET["url"]);
|
||||
$url = explode("/", $url);
|
||||
|
||||
@@ -18,14 +19,31 @@ if (isset($_GET["url"]) && $_GET["url"] != "") {
|
||||
|
||||
if (isset($url[1]) && preg_match("/^sys(.+)$/", $url[1], $match)) {
|
||||
$sysSys = $match[1];
|
||||
|
||||
// Check if sys path exists
|
||||
$checkDir = PATH_DATA."sites/".$sysSys;
|
||||
if(!is_dir($checkDir)) {
|
||||
$sysSys = '';
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
if (isset($url[2])) {
|
||||
$sysLang = $url[2];
|
||||
}
|
||||
|
||||
if (isset($url[3])) {
|
||||
$sysSkin = $url[3];
|
||||
|
||||
// Check if sys path exists
|
||||
$checkDir = PATH_SKIN_ENGINE.$sysSkin;
|
||||
if(!is_dir($checkDir)) {
|
||||
// Try this again
|
||||
$checkDir = PATH_CUSTOM_SKINS.$sysSkin;
|
||||
if(!is_dir($checkDir)) {
|
||||
$sysSkin = '';
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ($sysSys != "" && $sysLang != "" && $sysSkin != "") {
|
||||
@@ -85,8 +103,8 @@ if (isset($_GET["url"]) && $_GET["url"] != "") {
|
||||
<!-- Page links -->
|
||||
<ul id="textInfo">
|
||||
<li>You might try retyping the URL and trying again.</li>
|
||||
<li>Or we could take you back to the <a href="<?php echo $urlHome; ?>">home page.</a></li>
|
||||
<li>Or you could start again from the <a href="<?php echo $urlLogin; ?>">login page.</a></li>
|
||||
<li>Or we could take you back to the <a href="<?php echo htmlspecialchars($urlHome); ?>">home page.</a></li>
|
||||
<li>Or you could start again from the <a href="<?php echo htmlspecialchars($urlLogin); ?>">login page.</a></li>
|
||||
</ul>
|
||||
<!-- End page links -->
|
||||
</div>
|
||||
|
||||
@@ -31,7 +31,7 @@ class ProcessSupervisors extends Api
|
||||
|
||||
return (preg_match("/^.*\/paged.*$/", $this->restler->url))? $response : $response["data"];
|
||||
} catch (\Exception $e) {
|
||||
throw new RestException(Api::STAT_APP_EXCEPTION, $e->getMessage());
|
||||
throw new RestException(Api::STAT_APP_EXCEPTION, htmlspecialchars($e->getMessage()));
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user