diff --git a/composer.json b/composer.json index 5b8ba6c82..14f7f5d9e 100644 --- a/composer.json +++ b/composer.json @@ -53,10 +53,10 @@ "laravel/tinker": "^1.0", "league/oauth2-client": "^2.4", "league/oauth2-google": "^3.0", - "tecnickcom/tcpdf": "6.3.*" + "tecnickcom/tcpdf": "6.3.*", + "fzaninotto/faker": "^1.7" }, "require-dev": { - "fzaninotto/faker": "^1.7", "guzzlehttp/guzzle": "^6.3", "phpunit/phpunit": "~5.7", "filp/whoops": "~2.0", diff --git a/composer.lock b/composer.lock index bea229299..dde7a6aed 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "b8983901a47ab3797270e868d077e885", + "content-hash": "595ef6520db9ea7ab367ed8cbfa12b3f", "packages": [ { "name": "bshaffer/oauth2-server-php", @@ -108,6 +108,7 @@ "laravel", "zip" ], + "abandoned": true, "time": "2020-02-25T11:57:40+00:00" }, { @@ -528,6 +529,56 @@ ], "time": "2019-12-30T22:54:17+00:00" }, + { + "name": "fzaninotto/faker", + "version": "v1.9.1", + "source": { + "type": "git", + "url": "https://github.com/fzaninotto/Faker.git", + "reference": "fc10d778e4b84d5bd315dad194661e091d307c6f" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/fzaninotto/Faker/zipball/fc10d778e4b84d5bd315dad194661e091d307c6f", + "reference": "fc10d778e4b84d5bd315dad194661e091d307c6f", + "shasum": "" + }, + "require": { + "php": "^5.3.3 || ^7.0" + }, + "require-dev": { + "ext-intl": "*", + "phpunit/phpunit": "^4.8.35 || ^5.7", + "squizlabs/php_codesniffer": "^2.9.2" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "1.9-dev" + } + }, + "autoload": { + "psr-4": { + "Faker\\": "src/Faker/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "François Zaninotto" + } + ], + "description": "Faker is a PHP library that generates fake data for you.", + "keywords": [ + "data", + "faker", + "fixtures" + ], + "time": "2019-12-12T13:22:17+00:00" + }, { "name": "geshi/geshi", "version": "dev-master", @@ -840,6 +891,7 @@ "email": "jakub.onderka@gmail.com" } ], + "abandoned": "php-parallel-lint/php-console-color", "time": "2018-09-29T17:23:10+00:00" }, { @@ -886,6 +938,7 @@ } ], "description": "Highlight PHP code in terminal", + "abandoned": "php-parallel-lint/php-console-highlighter", "time": "2018-09-29T18:48:56+00:00" }, { @@ -1636,7 +1689,7 @@ "rest", "server" ], - "time": "2020-02-13T18:25:17+00:00" + "time": "2019-05-12T15:05:48+00:00" }, { "name": "monolog/monolog", @@ -5432,56 +5485,6 @@ ], "time": "2017-02-18T14:22:27+00:00" }, - { - "name": "fzaninotto/faker", - "version": "v1.9.1", - "source": { - "type": "git", - "url": "https://github.com/fzaninotto/Faker.git", - "reference": "fc10d778e4b84d5bd315dad194661e091d307c6f" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/fzaninotto/Faker/zipball/fc10d778e4b84d5bd315dad194661e091d307c6f", - "reference": "fc10d778e4b84d5bd315dad194661e091d307c6f", - "shasum": "" - }, - "require": { - "php": "^5.3.3 || ^7.0" - }, - "require-dev": { - "ext-intl": "*", - "phpunit/phpunit": "^4.8.35 || ^5.7", - "squizlabs/php_codesniffer": "^2.9.2" - }, - "type": "library", - "extra": { - "branch-alias": { - "dev-master": "1.9-dev" - } - }, - "autoload": { - "psr-4": { - "Faker\\": "src/Faker/" - } - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "MIT" - ], - "authors": [ - { - "name": "François Zaninotto" - } - ], - "description": "Faker is a PHP library that generates fake data for you.", - "keywords": [ - "data", - "faker", - "fixtures" - ], - "time": "2019-12-12T13:22:17+00:00" - }, { "name": "instaclick/php-webdriver", "version": "1.4.7", @@ -5853,8 +5856,8 @@ "authors": [ { "name": "Sebastian Bergmann", - "email": "sb@sebastian-bergmann.de", - "role": "lead" + "role": "lead", + "email": "sb@sebastian-bergmann.de" } ], "description": "Library that provides collection, processing, and rendering functionality for PHP code coverage information.", @@ -6121,8 +6124,8 @@ "authors": [ { "name": "Sebastian Bergmann", - "email": "sebastian@phpunit.de", - "role": "lead" + "role": "lead", + "email": "sebastian@phpunit.de" } ], "description": "The PHP Unit Testing framework.", diff --git a/tests/unit/workflow/engine/src/ProcessMaker/BusinessModel/CasesTest.php b/tests/unit/workflow/engine/src/ProcessMaker/BusinessModel/CasesTest.php index cccb6283e..99778d4f2 100644 --- a/tests/unit/workflow/engine/src/ProcessMaker/BusinessModel/CasesTest.php +++ b/tests/unit/workflow/engine/src/ProcessMaker/BusinessModel/CasesTest.php @@ -77,33 +77,4 @@ class CasesTest extends TestCase $case = new Cases(); $case->deleteCase($application->APP_UID, $_SESSION['USER_LOGGED']); } - /** - * This checks the validation of documents - * - * @covers \ProcessMaker\BusinessModel\Cases::validateAppDocUid() - * @test - */ - public function it_should_validate_app_doc_uid() - { - $arrayVariableDocument = [ - 0 => [ - "appDocUid" => "4371401485e7cd60d160062060139220", - "name" => "test_1.txt", - "version" => "1" - ], - 1 => [ - "name" => "test_1.txt", - "version" => "1" - ], - 2 => [ - "appDocUid" => "6837968225e7cd60dc17588042896388", - "name" => "test_1.txt", - "version" => "1" - ] - ]; - $case = new Cases(); - $newArrayVariableDocument = $case->validateAppDocUid($arrayVariableDocument); - $this->assertNotEmpty($newArrayVariableDocument); - $this->assertNotEquals($newArrayVariableDocument, $arrayVariableDocument); - } } diff --git a/workflow/engine/methods/setup/appCacheViewAjax.php b/workflow/engine/methods/setup/appCacheViewAjax.php index 4898a8b38..04fd50930 100644 --- a/workflow/engine/methods/setup/appCacheViewAjax.php +++ b/workflow/engine/methods/setup/appCacheViewAjax.php @@ -175,25 +175,40 @@ switch ($request) { } break; case 'recreate-root': - $user = $_POST['user']; - $pass = $_POST['password']; - $server = $_POST['host']; - $code = $_POST['codeCaptcha']; + // Get the post variables + $user = !empty($_POST['user']) ? $_POST['user'] : ''; + $pass = !empty($_POST['password']) ? $_POST['password'] : ''; + $server = !empty($_POST['host']) ? $_POST['host'] : ''; + $code = !empty($_POST['codeCaptcha']) ? $_POST['codeCaptcha'] : ''; + + // Check if in the host was included the port $server = explode(':', $server); $serverName = $server[0]; $port = (count($server) > 1) ? $server[1] : ''; + + // Review if the captcha is not empty + if (empty($code)) { + echo G::loadTranslation('ID_CAPTCHA_CODE_INCORRECT'); + break; + } + // Review if th captcha is incorrect if ($code !== $_SESSION['securimage_code_disp']['default']) { echo G::loadTranslation('ID_CAPTCHA_CODE_INCORRECT'); break; } - list($success, $message) = System::checkPermissionsDbUser(DB_ADAPTER, $serverName, $port, $user, $pass); - if ($success) { - $id = 'ID_MESSAGE_ROOT_CHANGE_FAILURE'; - if (System::regenerateCredentiaslPathInstalled($server, $user, $pass)) { - $id = 'ID_MESSAGE_ROOT_CHANGE_SUCESS'; + // Define a message of failure + $message = G::loadTranslation('ID_MESSAGE_ROOT_CHANGE_FAILURE'); + if (!empty($user) && !empty($pass) && !empty($serverName)) { + list($success, $message) = System::checkPermissionsDbUser(DB_ADAPTER, $serverName, $port, $user, $pass); + if ($success) { + $id = 'ID_MESSAGE_ROOT_CHANGE_FAILURE'; + if (System::regenerateCredentiaslPathInstalled($serverName, $user, $pass)) { + $id = 'ID_MESSAGE_ROOT_CHANGE_SUCESS'; + } + $message = G::loadTranslation($id); } - $message = G::loadTranslation($id); } + echo $message; break; case 'captcha': diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php b/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php index 0c6fd2964..c8e078d8a 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php @@ -1126,26 +1126,26 @@ class Cases Validator::isString($appUid, '$app_uid'); Validator::appUid($appUid, '$app_uid'); - // Review the permission for delete case - global $RBAC; - if ($RBAC->userCanAccess('PM_DELETECASE') != 1) { - throw new Exception(G::LoadTranslation('ID_NOT_ABLE_DELETE_CASES')); - } - // Review the status and user + // Review the status and owner $caseInfo = ModelApplication::getCase($appUid); - if (!empty($caseInfo)){ + if (!empty($caseInfo)) { + // Check if the requester is the owner + if ($caseInfo['APP_INIT_USER'] !== $usrUid) { + global $RBAC; + // If no we need to review if have the permission + if ($RBAC->userCanAccess('PM_DELETECASE') != 1) { + throw new Exception(G::LoadTranslation('ID_NOT_ABLE_DELETE_CASES')); + } + } + // Review the status if ($caseInfo['APP_STATUS'] != 'DRAFT') { throw new Exception(G::LoadTranslation("ID_DELETE_CASE_NO_STATUS")); } - // Review the user requester - if ($caseInfo['APP_INIT_USER'] != $usrUid) { - throw new Exception(G::LoadTranslation("ID_DELETE_CASE_NO_OWNER")); - } - } - $case = new ClassesCases(); - $case->removeCase($appUid); + $case = new ClassesCases(); + $case->removeCase($appUid); + } } /** @@ -3230,8 +3230,6 @@ class Cases $arrayApplicationData = $this->getApplicationRecordByPk($applicationUid, [], false); $arrayApplicationData['APP_DATA'] = $case->unserializeData($arrayApplicationData['APP_DATA']); $flagDelete = false; - $arrayVariableDocumentToDelete = $this->validateAppDocUid($arrayVariableDocumentToDelete); - foreach ($arrayVariableDocumentToDelete as $key => $value) { if (is_array($value) && !empty($value)) { $type = ''; @@ -3256,13 +3254,15 @@ class Cases $arrayDocumentDelete = $value; foreach ($arrayDocumentDelete as $value2) { - $appDocument->remove($value2['appDocUid'], (int)($value2['version'])); + if ($value2['appDocUid'] !== "") { + $appDocument->remove($value2['appDocUid'], (int)($value2['version'])); - $arrayApplicationData['APP_DATA'] = $this->applicationDataDeleteMultipleFile( - $arrayApplicationData['APP_DATA'], $variable, null, $type, $value2 - ); + $arrayApplicationData['APP_DATA'] = $this->applicationDataDeleteMultipleFile( + $arrayApplicationData['APP_DATA'], $variable, null, $type, $value2 + ); - $flagDelete = true; + $flagDelete = true; + } } break; case 'GRID': @@ -3274,13 +3274,15 @@ class Cases $arrayDocumentDelete = $value3; foreach ($arrayDocumentDelete as $value4) { - $appDocument->remove($value4['appDocUid'], (int)($value4['version'])); + if ($value4['appDocUid'] !== "") { + $appDocument->remove($value4['appDocUid'], (int)($value4['version'])); - $arrayApplicationData['APP_DATA'] = $this->applicationDataDeleteMultipleFile( - $arrayApplicationData['APP_DATA'], $grid, $variable, $type, $value4 - ); + $arrayApplicationData['APP_DATA'] = $this->applicationDataDeleteMultipleFile( + $arrayApplicationData['APP_DATA'], $grid, $variable, $type, $value4 + ); - $flagDelete = true; + $flagDelete = true; + } } } } @@ -3316,24 +3318,6 @@ class Cases } } - /** - * Validate if all documents have appDocUid - * - * @param array $arrayVariableDocument - * - * @return array - */ - public function validateAppDocUid(array $arrayVariableDocument) - { - $newArrayVariableDocument = []; - foreach ($arrayVariableDocument as $value) { - if (array_key_exists('appDocUid', $value)) { - $newArrayVariableDocument[] = $value; - } - } - return $newArrayVariableDocument; - } - /** * Get Permissions, Participate, Access, Objects supervisor *