diff --git a/framework/src/templates/Exception.phtml b/framework/src/templates/Exception.phtml index 0d821fb2f..af2526926 100644 --- a/framework/src/templates/Exception.phtml +++ b/framework/src/templates/Exception.phtml @@ -70,7 +70,7 @@

RuntimeException: -
+

@@ -88,4 +88,4 @@
- \ No newline at end of file + diff --git a/gulliver/system/class.bootstrap.php b/gulliver/system/class.bootstrap.php index 58dd0fa08..c7ebf4897 100644 --- a/gulliver/system/class.bootstrap.php +++ b/gulliver/system/class.bootstrap.php @@ -463,12 +463,12 @@ class Bootstrap $file = $filter->xssFilterHard($file); $downloadFileName = $filter->xssFilterHard($downloadFileName); - $fileNameIni = $file; - $browserCacheFilesUid = G::browserCacheFilesGetUid(); if ($browserCacheFilesUid != null) { - $file = str_replace(".$browserCacheFilesUid", null, $file); + $fileNameIni = $file = str_replace(".$browserCacheFilesUid", null, $file); + } else { + $fileNameIni = $file; } $folderarray = explode('/', $file); diff --git a/gulliver/system/class.g.php b/gulliver/system/class.g.php index 98548910c..23269b8a4 100644 --- a/gulliver/system/class.g.php +++ b/gulliver/system/class.g.php @@ -229,7 +229,7 @@ class G * @param string $key * @return string */ - public function encrypt ($string, $key) + public static function encrypt ($string, $key) { //print $string; // if ( defined ( 'ENABLE_ENCRYPT' ) && ENABLE_ENCRYPT == 'yes' ) { @@ -3368,7 +3368,7 @@ class G * * @author Erik A.O. */ - public function json_decode($Json, $assoc = false) + public static function json_decode($Json, $assoc = false) { if (function_exists('json_decode')) { return json_decode($Json, $assoc); @@ -5034,7 +5034,7 @@ class G $rest->handle(); } - public function reservedWordsSql () + public static function reservedWordsSql () { //Reserved words SQL $reservedWordsSql = array ("ACCESSIBLE","ACTION","ADD","ALL","ALTER","ANALYZE","AND","ANY","AS","ASC","ASENSITIVE","AUTHORIZATION","BACKUP","BEFORE","BEGIN","BETWEEN","BIGINT","BINARY","BIT","BLOB","BOTH","BREAK","BROWSE","BULK","BY","CALL","CASCADE","CASE","CHANGE","CHAR","CHARACTER","CHECK","CHECKPOINT","CLOSE","CLUSTERED","COALESCE","COLLATE","COLUMN","COMMIT","COMPUTE","CONDITION","CONSTRAINT","CONTAINS","CONTAINSTABLE","CONTINUE","CONVERT","CREATE","CROSS","CURRENT","CURRENT_DATE","CURRENT_TIME","CURRENT_TIMESTAMP","CURRENT_USER","CURSOR","DATABASE","DATABASES","DATE","DAY_HOUR","DAY_MICROSECOND","DAY_MINUTE","DAY_SECOND","DBCC","DEALLOCATE","DEC","DECIMAL","DECLARE","DEFAULT","DELAYED","DELETE","DENY","DESC","DESCRIBE","DETERMINISTIC","DISK","DISTINCT","DISTINCTROW", diff --git a/gulliver/system/class.restClient.php b/gulliver/system/class.restClient.php index 83442f496..5cc5d29cd 100755 --- a/gulliver/system/class.restClient.php +++ b/gulliver/system/class.restClient.php @@ -33,7 +33,7 @@ class RestClient * * @return RestClient */ - public function execute () + public function execute ($getResponseIfDelete = false) { if ($this->method === "POST") { curl_setopt( $this->curl, CURLOPT_POST, true ); @@ -59,7 +59,7 @@ class RestClient } curl_setopt( $this->curl, CURLOPT_URL, $this->url ); $r = curl_exec( $this->curl ); - if ($this->method !== "DELETE") { + if ($this->method !== "DELETE" || $getResponseIfDelete) { $this->treatResponse( $r ); // Extract the headers and response return $this; } else { @@ -325,9 +325,9 @@ class RestClient * @param string $password=null [optional] * @return RestClient */ - public static function delete ($url, $user = null, $pwd = null, $contentType = null) + public static function delete ($url, $user = null, $pwd = null, $contentType = null, $getResponse = false) { - return self::call( "DELETE", $url, null, $user, $pwd, $contentType ); + return self::call( "DELETE", $url, null, $user, $pwd, $contentType, $getResponse ); } /** @@ -341,9 +341,9 @@ class RestClient * @param string $contentType=null [optional] * @return RestClient */ - public static function call ($method, $url, $body, $user = null, $pwd = null, $contentType = null) + public static function call ($method, $url, $body, $user = null, $pwd = null, $contentType = null, $getResponseIfDelete) { - return self::createClient( $url )->setParameters( $body )->setMethod( $method )->setCredentials( $user, $pwd )->setContentType( $contentType )->execute()->close(); + return self::createClient( $url )->setParameters( $body )->setMethod( $method )->setCredentials( $user, $pwd )->setContentType( $contentType )->execute($getResponseIfDelete)->close(); } } diff --git a/gulliver/system/class.xmlDocument.php b/gulliver/system/class.xmlDocument.php index 8b75d6137..6c8ac1704 100755 --- a/gulliver/system/class.xmlDocument.php +++ b/gulliver/system/class.xmlDocument.php @@ -284,7 +284,7 @@ class Xml_document extends Xml_Node { //$content is a new variable, if it has any value then use it instead of the file content. if ($content == "") { if (! file_exists( $filename )) { - throw (new Exception( "failed to open Xmlform File : No such file or directory in $filename " )); + throw (new Exception( "failed to open Xmlform File : No such file or directory in ".htmlspecialchars($filename) )); } $data = implode( '', file( $filename ) ); } else { diff --git a/workflow/engine/classes/class.applications.php b/workflow/engine/classes/class.applications.php index c891122a2..4653e642c 100755 --- a/workflow/engine/classes/class.applications.php +++ b/workflow/engine/classes/class.applications.php @@ -18,7 +18,9 @@ class Applications $sort = "APP_CACHE_VIEW.APP_NUMBER", $category = null, $configuration = true, - $paged = true + $paged = true, + $newerThan = '', + $oldestThan = '' ) { $callback = isset($callback)? $callback : "stcCallback1001"; $dir = isset($dir)? $dir : "DESC"; @@ -301,7 +303,7 @@ class Applications } $Criteria->add( $Criteria->getNewCriterion( AppCacheViewPeer::DEL_DELEGATE_DATE, $dateFrom, Criteria::GREATER_EQUAL )->addAnd( $Criteria->getNewCriterion( AppCacheViewPeer::DEL_DELEGATE_DATE, $dateTo, Criteria::LESS_EQUAL ) ) ); - $CriteriaCount->add( $CriteriaCount->getNewCriterion( AppCacheViewPeer::DEL_DELEGATE_DATE, $dateFrom, Criteria::GREATER_EQUAL )->addAnd( $Criteria->getNewCriterion( AppCacheViewPeer::DEL_DELEGATE_DATE, $dateTo, Criteria::LESS_EQUAL ) ) ); + $CriteriaCount->add( $CriteriaCount->getNewCriterion( AppCacheViewPeer::DEL_DELEGATE_DATE, $dateFrom, Criteria::GREATER_EQUAL )->addAnd( $CriteriaCount->getNewCriterion( AppCacheViewPeer::DEL_DELEGATE_DATE, $dateTo, Criteria::LESS_EQUAL ) ) ); } else { $dateFrom = $dateFrom . " 00:00:00"; @@ -315,6 +317,27 @@ class Applications $CriteriaCount->add( AppCacheViewPeer::DEL_DELEGATE_DATE, $dateTo, Criteria::LESS_EQUAL ); } + if ($newerThan != '') { + if ($oldestThan != '') { + $Criteria->add( + $Criteria->getNewCriterion(AppCacheViewPeer::DEL_DELEGATE_DATE, $newerThan, Criteria::GREATER_THAN)->addAnd( + $Criteria->getNewCriterion(AppCacheViewPeer::DEL_DELEGATE_DATE, $oldestThan, Criteria::LESS_THAN)) + ); + $CriteriaCount->add( + $CriteriaCount->getNewCriterion(AppCacheViewPeer::DEL_DELEGATE_DATE, $newerThan, Criteria::GREATER_THAN)->addAnd( + $CriteriaCount->getNewCriterion(AppCacheViewPeer::DEL_DELEGATE_DATE, $oldestThan, Criteria::LESS_THAN)) + ); + } else { + $Criteria->add(AppCacheViewPeer::DEL_DELEGATE_DATE, $newerThan, Criteria::GREATER_THAN); + $CriteriaCount->add( AppCacheViewPeer::DEL_DELEGATE_DATE, $newerThan, Criteria::GREATER_THAN); + } + } else { + if ($oldestThan != '') { + $Criteria->add(AppCacheViewPeer::DEL_DELEGATE_DATE, $oldestThan, Criteria::LESS_THAN); + $CriteriaCount->add(AppCacheViewPeer::DEL_DELEGATE_DATE, $oldestThan, Criteria::LESS_THAN); + } + } + //add the filter if ($filter != '') { switch ($filter) { diff --git a/workflow/engine/classes/class.case.php b/workflow/engine/classes/class.case.php index 8bbad3544..2a78d7d6b 100755 --- a/workflow/engine/classes/class.case.php +++ b/workflow/engine/classes/class.case.php @@ -338,12 +338,8 @@ class Cases $c->addJoinMC($aConditions, Criteria::LEFT_JOIN); $c->add(TaskPeer::TAS_UID, $tasks, Criteria::IN); - if ($typeView == 'category') { - $c->addDescendingOrderByColumn('PRO_CATEGORY'); - } else { - $c->addAscendingOrderByColumn('PRO_TITLE'); - $c->addAscendingOrderByColumn('TAS_TITLE'); - } + $c->addAscendingOrderByColumn('PRO_TITLE'); + $c->addAscendingOrderByColumn('TAS_TITLE'); $rs = TaskPeer::doSelectRS($c); $rs->setFetchmode(ResultSet::FETCHMODE_ASSOC); @@ -378,7 +374,13 @@ class Cases $rs->next(); $row = $rs->getRow(); } - return $rows; + + $rowsToReturn = $rows; + if ($typeView === 'category') { + $rowsToReturn = $this->orderStartCasesByCategoryAndName($rows); + } + + return $rowsToReturn; } /* @@ -7320,5 +7322,35 @@ class Cases } } + private function orderStartCasesByCategoryAndName ($rows) { + //now we order in category, proces_name order: + $comparatorSequence = array( + function($a, $b) { + $retval = 0; + if(array_key_exists('catname', $a) && array_key_exists('catname', $b)) { + $retval = strcmp($a['catname'], $b['catname']); + } + return $retval; + } + , function($a, $b) { + $retval = 0; + if(array_key_exists('value', $a) && array_key_exists('value', $b)) { + $retval = strcmp($a['value'], $b['value']); + } + return $retval; + } + ); + + usort($rows, function($a, $b) use ($comparatorSequence) { + foreach ($comparatorSequence as $cmpFn) { + $diff = call_user_func($cmpFn, $a, $b); + if ($diff !== 0) { + return $diff; + } + } + return 0; + }); + return $rows; + } } diff --git a/workflow/engine/classes/class.derivation.php b/workflow/engine/classes/class.derivation.php index 460a12415..2607dea14 100755 --- a/workflow/engine/classes/class.derivation.php +++ b/workflow/engine/classes/class.derivation.php @@ -297,13 +297,11 @@ class Derivation //1. There is no rule if (empty($arrayNextTask)) { - $oProcess = new Process(); - $oProcessFieds = $oProcess->Load( $_SESSION['PROCESS'] ); - if(isset($oProcessFieds['PRO_BPMN']) && $oProcessFieds['PRO_BPMN'] == 1){ - throw new Exception(G::LoadTranslation("ID_NO_DERIVATION_BPMN_RULE")); - }else{ - throw new Exception(G::LoadTranslation("ID_NO_DERIVATION_RULE")); - } + $bpmn = new \ProcessMaker\Project\Bpmn(); + + throw new Exception(G::LoadTranslation( + 'ID_NO_DERIVATION_' . (($bpmn->exists($arrayApplicationData['PRO_UID']))? 'BPMN_RULE' : 'RULE') + )); } //Return @@ -636,15 +634,12 @@ class Derivation */ function getDenpendentUser ($USR_UID) { - //Here the uid to next user - $oC = new Criteria(); - $oC->addSelectColumn( UsersPeer::USR_REPORTS_TO ); - $oC->add( UsersPeer::USR_UID, $USR_UID ); - $oDataset = UsersPeer::doSelectRS( $oC ); - $oDataset->setFetchmode( ResultSet::FETCHMODE_ASSOC ); - $oDataset->next(); - $aRow = $oDataset->getRow(); - return $aRow['USR_REPORTS_TO'] != '' ? $aRow['USR_REPORTS_TO'] : $USR_UID; + $user = new \ProcessMaker\BusinessModel\User(); + + $manager = $user->getUsersManager($USR_UID); + + //Return + return ($manager !== false)? $manager : $USR_UID; } /* setTasLastAssigned diff --git a/workflow/engine/classes/class.pmDynaform.php b/workflow/engine/classes/class.pmDynaform.php index b99731cf9..e26baad11 100644 --- a/workflow/engine/classes/class.pmDynaform.php +++ b/workflow/engine/classes/class.pmDynaform.php @@ -36,6 +36,20 @@ class pmDynaform $this->record["DYN_CONTENT"] = $decode; } } + + //todo: compatibility checkbox + if ($this->record !== null && isset($this->record["DYN_CONTENT"]) && $this->record["DYN_CONTENT"] !== "") { + $json = G::json_decode($this->record["DYN_CONTENT"]); + $fields = $this->jsonsf2($json, "checkbox", "type"); + foreach ($fields as $field) { + if (isset($field->dataType) && $field->dataType === "string") { + $field->type = "checkgroup"; + $field->dataType = "array"; + } + $this->jsonReplace($json, $field->id, "id", $field); + } + $this->record["DYN_CONTENT"] = G::json_encode($json); + } } public function getDynaformTitle($idDynaform) @@ -181,7 +195,6 @@ class pmDynaform case 'dataVariable': $dataVariable = (preg_match('/^\s*@.(.+)\s*$/', $json->dataVariable, $arrayMatch)) ? $arrayMatch[1] : $json->dataVariable; - if (isset($this->fields['APP_DATA'][$dataVariable]) && is_array($this->fields['APP_DATA'][$dataVariable]) && !empty($this->fields['APP_DATA'][$dataVariable]) @@ -189,8 +202,7 @@ class pmDynaform foreach ($this->fields['APP_DATA'][$dataVariable] as $row) { $option = new stdClass(); $option->value = $row[0]; - $option->label = (isset($row[1])) ? $row[1] : $row[0]; - + $option->label = isset($row[1]) ? $row[1] : ""; $json->optionsSql[] = $option; } } @@ -207,7 +219,7 @@ class pmDynaform $row = $rs->getRow(); $option = new stdClass(); $option->value = $row[0]; - $option->label = isset($row[1]) ? $row[1] : $row[0]; + $option->label = isset($row[1]) ? $row[1] : ""; $json->optionsSql[] = $option; } } catch (Exception $e) { @@ -234,7 +246,6 @@ class pmDynaform $json->data->value = $this->fields["APP_DATA"][$json->name]; $json->data->label = $this->fields["APP_DATA"][$json->name]; } - $json->optionsSql = array(); } if ($key === "type" && ($value === "dropdown")) { $json->data = new stdClass(); @@ -287,7 +298,6 @@ class pmDynaform if (isset($this->fields["APP_DATA"][$json->name . "_label"])) { $json->data->label = $this->fields["APP_DATA"][$json->name . "_label"]; } - $json->optionsSql = array(); } if ($key === "type" && ($value === "radio")) { $json->data = new stdClass(); @@ -438,15 +448,15 @@ class pmDynaform } } //synchronize var_label - if ($key === "type" && ($value === "dropdown" || $value === "suggest")) { + if ($key === "type" && ($value === "dropdown" || $value === "suggest" || $value === "radio")) { if (isset($this->fields["APP_DATA"]["__VAR_CHANGED__"]) && in_array($json->name, explode(",", $this->fields["APP_DATA"]["__VAR_CHANGED__"]))) { foreach ($json->optionsSql as $io) { - if ($json->data->value === $io->value) { + if ($this->toStringNotNullValues($json->data->value) === $io->value) { $json->data->label = $io->label; } } foreach ($json->options as $io) { - if ($json->data->value === $io->value) { + if ($this->toStringNotNullValues($json->data->value) === $io->value) { $json->data->label = $io->label; } } @@ -466,14 +476,14 @@ class pmDynaform foreach ($dv as $idv) { foreach ($json->optionsSql as $os) { if ($os->value === $idv) { - array_push($dataValue, $os->value); - array_push($dataLabel, $os->label); + $dataValue[] = $os->value; + $dataLabel[] = $os->label; } } foreach ($json->options as $os) { if ($os->value === $idv) { - array_push($dataValue, $os->value); - array_push($dataLabel, $os->label); + $dataValue[] = $os->value; + $dataLabel[] = $os->label; } } } @@ -488,6 +498,10 @@ class pmDynaform $_SESSION["TRIGGER_DEBUG"]["DATA"][] = Array("key" => $json->name . "_label", "value" => $json->data->label); } } + //clear optionsSql + if ($key === "type" && ($value === "text" || $value === "textarea" || $value === "hidden" || $value === "suggest")) { + $json->optionsSql = array(); + } //grid if ($key === "type" && ($value === "grid")) { if (isset($this->fields["APP_DATA"][$json->name])) { @@ -1198,6 +1212,35 @@ class pmDynaform return null; } + /** + * You obtain an array of elements according to search criteria. + * + * @param object $json + * @param string $id + * @param string $for + * @return array + */ + private function jsonsf2(&$json, $id, $for = "id") + { + $result = array(); + foreach ($json as $key => $value) { + $sw1 = is_array($value); + $sw2 = is_object($value); + if ($sw1 || $sw2) { + $fields = $this->jsonsf2($value, $id, $for); + foreach ($fields as $field) { + $result[] = $field; + } + } + if (!$sw1 && !$sw2) { + if ($key === $for && $id === $value) { + $result[] = $json; + } + } + } + return $result; + } + public function downloadLanguage($dyn_uid, $lang) { if ($lang === "en") { @@ -1528,4 +1571,18 @@ class pmDynaform return array('dsn' => $dsn, 'username' => DB_USER, 'password' => DB_PASS); } + /** + * Returns the value converted to string if it is not null. + * + * @param string $string + * @return string + */ + private function toStringNotNullValues($value) + { + if (is_null($value)) { + return ""; + } + return (string) $value; + } + } diff --git a/workflow/engine/classes/class.pmFunctions.php b/workflow/engine/classes/class.pmFunctions.php index 3ae650437..2811f826b 100755 --- a/workflow/engine/classes/class.pmFunctions.php +++ b/workflow/engine/classes/class.pmFunctions.php @@ -2954,7 +2954,7 @@ function PMFSaveCurrentData () } /** - * @method + * @method * Return an array of associative arrays which contain the unique task ID and title. * @name PMFTasksListByProcessId * @label PMF Tasks List By Process Id @@ -2999,23 +2999,23 @@ function PMFGetProcessUidByName($processName = '') { try { $processUid = ''; - + if ($processName == '') { //Return return (isset($_SESSION['PROCESS']))? $_SESSION['PROCESS'] : false; } - + $criteria = new Criteria('workflow'); - + $criteria->addSelectColumn(ProcessPeer::PRO_UID); - + $criteria->addJoin(ContentPeer::CON_ID, ProcessPeer::PRO_UID, Criteria::LEFT_JOIN); $criteria->add(ContentPeer::CON_VALUE, $processName, Criteria::EQUAL); $criteria->add(ContentPeer::CON_CATEGORY, 'PRO_TITLE', Criteria::EQUAL); - + $rsCriteria = ContentPeer::doSelectRS($criteria); $rsCriteria->setFetchmode(ResultSet::FETCHMODE_ASSOC); - + if ($rsCriteria->next()) { $row = $rsCriteria->getRow(); $processUid = $row['PRO_UID']; @@ -3023,7 +3023,7 @@ function PMFGetProcessUidByName($processName = '') //Return return false; } - + //Return return $processUid; } catch (Exception $e) { @@ -3032,7 +3032,7 @@ function PMFGetProcessUidByName($processName = '') } /** - * @method + * @method * The requested text in the specified language | If not found returns false * @name PMFGeti18nText * @label PMF Get i18n Text @@ -3061,9 +3061,9 @@ function PMFGeti18nText($id, $category, $lang = "en") /** * @method - * Function to return an array of objects containing the properties of the fields - * in a specified DynaForm. - * It also inserts the "value" and "value_label" as properties in the fields' objects, + * Function to return an array of objects containing the properties of the fields + * in a specified DynaForm. + * It also inserts the "value" and "value_label" as properties in the fields' objects, * if the case is specified. * @name PMFDynaFormFields * @label PMF DynaForm Fields @@ -3229,4 +3229,92 @@ function PMFGetGroupUsers($GroupUID) $usersGroup = $groups->getUsersOfGroup($GroupUID, 'ALL'); return $usersGroup; -} \ No newline at end of file +} + +/** + * @method + * + * Get next derivation info + * + * @name PMFGetNextDerivationInfo + * @label PMF Get next derivation info + * @link http://wiki.processmaker.com/index.php/ProcessMaker_Functions#PMFGetNextDerivationInfo.28.29 + * + * @param string(32) | $caseUid | ID of the case | The unique ID of the case + * @param int | $delIndex | Delegation index of the case | The delegation index of the current task in the case + * + * @return array | $arrayNextDerivationInfo | Next derivation info | Returns the next derivation info, FALSE otherwise + */ +function PMFGetNextDerivationInfo($caseUid, $delIndex) +{ + try { + $arrayNextDerivationInfo = []; + + //Verify data and Set variables + $case = new \ProcessMaker\BusinessModel\Cases(); + + $arrayAppDelegationData = $case->getAppDelegationRecordByPk( + $caseUid, + $delIndex, + ['$applicationUid' => '$caseUid', '$delIndex' => '$delIndex'], + false + ); + + if ($arrayAppDelegationData === false) { + return false; + } + + //Set variables + $processUid = $arrayAppDelegationData['PRO_UID']; + $userUid = $arrayAppDelegationData['USR_UID']; + + //Get next derivation + $derivation = new Derivation(); + + $arrayData = $derivation->prepareInformation([ + 'APP_UID' => $caseUid, + 'DEL_INDEX' => $delIndex, + 'USER_UID' => $userUid //User logged + ]); + + $task = new \ProcessMaker\BusinessModel\Task(); + + foreach ($arrayData as $value) { + $arrayInfo = $value; + + $nextTaskUid = $arrayInfo['NEXT_TASK']['TAS_UID']; + + $arrayUserUid = []; + $arrayGroupUid = []; + + if ($nextTaskUid != '-1') { + $arrayResult = $task->getTaskAssignees($processUid, $nextTaskUid, 'ASSIGNEE', 1); + + foreach ($arrayResult['data'] as $value2) { + $arrayAssigneeData = $value2; + + switch ($arrayAssigneeData['aas_type']) { + case 'user': + $arrayUserUid[] = $arrayAssigneeData['aas_uid']; + break; + case 'group': + $arrayGroupUid[] = $arrayAssigneeData['aas_uid']; + break; + } + } + } + + $arrayNextDerivationInfo[] = [ + 'taskUid' => $nextTaskUid, + 'users' => $arrayUserUid, + 'groups' => $arrayGroupUid, + ]; + } + + //Return + return $arrayNextDerivationInfo; + } catch (Exception $e) { + throw $e; + } +} + diff --git a/workflow/engine/classes/model/AdditionalTables.php b/workflow/engine/classes/model/AdditionalTables.php index ccc949199..dc66876aa 100755 --- a/workflow/engine/classes/model/AdditionalTables.php +++ b/workflow/engine/classes/model/AdditionalTables.php @@ -311,7 +311,7 @@ class AdditionalTables extends BaseAdditionalTables $pmTable->remove(); } - public function getPHPName($sName) + public static function getPHPName($sName) { $sName = trim($sName); $aAux = explode('_', $sName); diff --git a/workflow/engine/classes/model/Department.php b/workflow/engine/classes/model/Department.php index f0bea9d9c..38127f0c3 100755 --- a/workflow/engine/classes/model/Department.php +++ b/workflow/engine/classes/model/Department.php @@ -114,7 +114,7 @@ class Department extends BaseDepartment $res = $this->save(); $con->commit(); - + G::auditLog("Create".$msgLog, $msgLog." Name: ". $aData['DEP_TITLE']); return $this->getDepUid(); @@ -332,7 +332,7 @@ class Department extends BaseDepartment } public function updateDepartmentManager ($depId) - { + { $managerId = ''; $depParent = ''; $oDept = DepartmentPeer::retrieveByPk( $depId ); @@ -347,10 +347,6 @@ class Department extends BaseDepartment $selectCriteria = new Criteria( 'workflow' ); $selectCriteria->add( UsersPeer::DEP_UID, $depId ); $selectCriteria->add( UsersPeer::USR_UID, $managerId, Criteria::NOT_EQUAL ); - - if(empty($depParent)) { - $depParent = $depId; - } // Create a Criteria object includes the value you want to set $updateCriteria = new Criteria( 'workflow' ); @@ -370,7 +366,7 @@ class Department extends BaseDepartment } $oUser->save(); } - + if ($managerId) { $user = $oUser->loadDetailed ($managerId); if (is_object( $oDept ) && get_class( $oDept ) == 'Department') { @@ -393,41 +389,6 @@ class Department extends BaseDepartment } $oDataset->next(); } - - $this->updateUserReportsTo($depId); - } - - public function updateUserReportsTo($depId) - { - $departments = $this->getChildDepartments($depId); - $departments = explode("_",$departments); - $departments = array_filter(array_unique($departments)); - foreach($departments as $depUid) { - $mgrParentId = $this->getDepartmentParentManager($depUid); - $conn = Propel::getConnection( UsersPeer::DATABASE_NAME ); - $selectCriteria = new Criteria( 'workflow' ); - $selectCriteria->add( UsersPeer::DEP_UID, $depUid ); - $updateCriteria = new Criteria( 'workflow' ); - $updateCriteria->add( UsersPeer::USR_REPORTS_TO, $mgrParentId ); - BasePeer::doUpdate( $selectCriteria, $updateCriteria, $conn ); - } - } - - public function getChildDepartments($depId) - { - $depIds = ""; - $depIds .= $depId."_"; - $childrenCriteria = new Criteria( 'workflow' ); - $childrenCriteria->add( DepartmentPeer::DEP_PARENT, $depId ); - $oDataset = DepartmentPeer::doSelectRS( $childrenCriteria ); - $oDataset->setFetchmode( ResultSet::FETCHMODE_ASSOC ); - $oDataset->next(); - while ($aRow = $oDataset->getRow()) { - $depId = $aRow['DEP_UID']; - $depIds .= $this->getChildDepartments($depId); - $oDataset->next(); - } - return $depIds; } //add an user to a department and sync all about manager info @@ -623,7 +584,7 @@ class Department extends BaseDepartment $oUser->setDepUid( '' ); $oUser->setUsrReportsTo( '' ); $oUser->save(); - + G::auditLog("RemoveUsersFromDepartament", "Remove user ".$user['USR_USERNAME']."( ".$UsrUid.") from departament ".$dptoTitle['DEPO_TITLE']." (".$DepUid.") "); } } catch (exception $oError) { @@ -738,19 +699,5 @@ class Department extends BaseDepartment } return $departments; } - - public function getDepartmentParentManager($depId) - { - $managerUid = ""; - $depInfo = $this->Load($depId); - if(empty($depInfo['DEP_MANAGER'])) { - if(!empty($depInfo['DEP_PARENT'])) { - $managerUid = $this->getDepartmentParentManager($depInfo['DEP_PARENT']); - } - } else { - $managerUid = $depInfo['DEP_MANAGER']; - } - return $managerUid; - } } diff --git a/workflow/engine/classes/model/ListInbox.php b/workflow/engine/classes/model/ListInbox.php index 8a0dfbcce..70b45554b 100644 --- a/workflow/engine/classes/model/ListInbox.php +++ b/workflow/engine/classes/model/ListInbox.php @@ -482,6 +482,13 @@ class ListInbox extends BaseListInbox return (int)$total; } + /** + * @param $usr_uid + * @param array $filters + * @param null $callbackRecord + * @return array + * @throws PropelException + */ public function loadList($usr_uid, $filters = array(), $callbackRecord = null) { $criteria = new Criteria(); @@ -505,6 +512,11 @@ class ListInbox extends BaseListInbox $criteria->addSelectColumn(ListInboxPeer::DEL_INIT_DATE); $criteria->addSelectColumn(ListInboxPeer::DEL_DUE_DATE); $criteria->addSelectColumn(ListInboxPeer::DEL_PRIORITY); + $criteria->addSelectColumn(UsersPeer::USR_UID); + $criteria->addSelectColumn(UsersPeer::USR_FIRSTNAME); + $criteria->addSelectColumn(UsersPeer::USR_LASTNAME); + $criteria->addSelectColumn(UsersPeer::USR_USERNAME); + $criteria->addJoin( ListInboxPeer::USR_UID, UsersPeer::USR_UID, Criteria::LEFT_JOIN ); $criteria->add( ListInboxPeer::USR_UID, $usr_uid, Criteria::EQUAL ); self::loadFilters($criteria, $filters); diff --git a/workflow/engine/classes/triggers/class.pmAlfrescoFunctions.php b/workflow/engine/classes/triggers/class.pmAlfrescoFunctions.php index f6d3a3065..28c328452 100755 --- a/workflow/engine/classes/triggers/class.pmAlfrescoFunctions.php +++ b/workflow/engine/classes/triggers/class.pmAlfrescoFunctions.php @@ -179,12 +179,15 @@ function createFolder($alfrescoServerUrl, $parentFolder, $folderName, $user, $pw */ function deleteObject($alfrescoServerUrl, $objetcId, $user, $pwd) { + $getResponse = true; $alfresco_url = "$alfrescoServerUrl/s/cmis/s/workspace:SpacesStore/i/$objetcId"; - $alfresco_exec = RestClient::delete($alfresco_url, $user, $pwd, "application/atom+xml"); - - $alfresco_res = G::json_decode($alfresco_exec->getResponse()); - - return $alfresco_res; + $alfresco_exec = RestClient::delete($alfresco_url, $user, $pwd, "application/atom+xml", $getResponse); + if($alfresco_exec->getResponseCode() === 204 && trim($alfresco_exec->getResponse()) === '') { + $alfresco_res = true; + } else { + $alfresco_res = false; + } + return $getResponse ? $alfresco_res : ''; } /** diff --git a/workflow/engine/config/schema.xml b/workflow/engine/config/schema.xml index 1f0ba14de..aacab4534 100755 --- a/workflow/engine/config/schema.xml +++ b/workflow/engine/config/schema.xml @@ -4030,6 +4030,15 @@ + + + + + + + + + diff --git a/workflow/engine/controllers/adminProxy.php b/workflow/engine/controllers/adminProxy.php index 467cb39d0..c1e7e47d9 100644 --- a/workflow/engine/controllers/adminProxy.php +++ b/workflow/engine/controllers/adminProxy.php @@ -313,7 +313,7 @@ class adminProxy extends HttpProxyController public function testingOption($params) { $data['success'] = true; - $data['optionAuthS'] = $params->optionAuthS; + $data['optionAuthS'] = htmlspecialchars($params->optionAuthS); return $data; } diff --git a/workflow/engine/controllers/designer.php b/workflow/engine/controllers/designer.php index f41eacfc7..606ba6a42 100644 --- a/workflow/engine/controllers/designer.php +++ b/workflow/engine/controllers/designer.php @@ -75,8 +75,8 @@ class Designer extends Controller } /*----------------------------------********---------------------------------*/ - $this->setVar('prj_uid', $proUid); - $this->setVar('app_uid', $appUid); + $this->setVar('prj_uid', htmlspecialchars($proUid)); + $this->setVar('app_uid', htmlspecialchars($appUid)); $this->setVar('consolidated', $consolidated); $this->setVar('enterprise', $enterprise); $this->setVar('prj_readonly', $proReadOnly); diff --git a/workflow/engine/controllers/home.php b/workflow/engine/controllers/home.php index ba446fbe0..749193c59 100755 --- a/workflow/engine/controllers/home.php +++ b/workflow/engine/controllers/home.php @@ -410,28 +410,39 @@ class Home extends Controller $category ); } else { - G::LoadClass( 'applications' ); + $dataList['userId'] = $user; + $dataList['start'] = $start; + $dataList['limit'] = $limit; + $dataList['filter'] = $filter; + $dataList['search'] = $search; + $dataList['process'] = $process; + $dataList['status'] = $status; + $dataList['dateFrom'] = $dateFrom; + $dataList['dateTo'] = $dateTo; + $dataList['callback'] = $callback; + $dataList['dir'] = $dir; + $dataList['sort'] = $sort; + $dataList['category'] = $category; + /*----------------------------------********---------------------------------*/ + if (true) { + //In enterprise version this block of code should always be executed + //In community version this block of code is deleted and is executed the other + $list = new \ProcessMaker\BusinessModel\Lists(); + $cases = $list->getList('inbox', $dataList); + } else { + /*----------------------------------********---------------------------------*/ + $case = new \ProcessMaker\BusinessModel\Cases(); + $cases = $case->getList($dataList); + foreach ($cases['data'] as &$value) { + $value = array_change_key_case($value, CASE_UPPER); + } + if(!isset($cases['totalCount'])){ + $cases['totalCount'] = $cases['total']; + } + /*----------------------------------********---------------------------------*/ + } + /*----------------------------------********---------------------------------*/ - $apps = new Applications(); - - $cases = $apps->getAll( - $user, - $start, - $limit, - $type, - $filter, - $search, - $process, - $status, - '', - $dateFrom, - $dateTo, - $callback, - $dir, - $sort, - $category, - false - ); } // formating & complitting apps data with 'Notes' diff --git a/workflow/engine/controllers/pmTablesProxy.php b/workflow/engine/controllers/pmTablesProxy.php index e98926dcf..9199e3452 100755 --- a/workflow/engine/controllers/pmTablesProxy.php +++ b/workflow/engine/controllers/pmTablesProxy.php @@ -937,6 +937,11 @@ class pmTablesProxy extends HttpProxyController */ public function import ($httpData) { + define('ERROR_PM_TABLES_OVERWRITE', '1'); + define('ERROR_PROCESS_NOT_EXIST', '2'); + define('ERROR_RP_TABLES_OVERWRITE', '3'); + define('ERROR_NO_REPORT_TABLE', '4'); + define('ERROR_OVERWRITE_RELATED_PROCESS', '5'); $fromAdmin = false; if (isset( $_POST["form"]["TYPE_TABLE"] ) && ! empty( $_POST["form"]["TYPE_TABLE"] )) { if($_POST["form"]["TYPE_TABLE"] == 'admin') { @@ -986,21 +991,223 @@ class pmTablesProxy extends HttpProxyController throw new Exception( G::loadTranslation( 'ID_PMTABLE_INVALID_FILE' ) ); } - $fp = fopen( $PUBLIC_ROOT_PATH . $filename, "rb" ); - $fsData = intval( fread( $fp, 9 ) ); //reading the metadata - $sType = fread( $fp, $fsData ); - - //Ask for all Process - $processMap = new processMap(); - $aProcess = json_decode ($processMap->getAllProcesses()); - foreach($aProcess as $key => $val){ - if ($val->value != ''){ - $proUids[] = $val->value; - } + $currentProUid = ''; + if (isset( $_POST["form"]["PRO_UID_HELP"] ) && !empty($_POST["form"]["PRO_UID_HELP"])) { + $currentProUid = $_POST["form"]["PRO_UID_HELP"]; + } else { + if(isset( $_POST["form"]["PRO_UID"]) && !empty( $_POST["form"]["PRO_UID"])){ + $currentProUid = $_POST["form"]["PRO_UID"]; + $_SESSION['PROCESS'] = $currentProUid; + } else{ + $currentProUid = $_SESSION['PROCESS']; + } } - // first create the tables structures - while (! feof( $fp )) { + //First Validate the file + $pathPmtableFile = $PUBLIC_ROOT_PATH . $filename; + $arrayOverwrite = array(); + $arrayRelated = array(); + $arrayMessage = array(); + $validationType = 0; + if(!$fromConfirm){ + $aErrors = $this->checkPmtFileThrowErrors($pathPmtableFile,$filename,$fromAdmin,$overWrite,$currentProUid); + $countC = 0; + $countM = 0; + $countI = 0; + foreach($aErrors as $row){ + if($row['ERROR_TYPE'] == ERROR_PM_TABLES_OVERWRITE || $row['ERROR_TYPE'] == ERROR_RP_TABLES_OVERWRITE){ + $arrayOverwrite[$countC] = $row; + $countC++; + } else { + if($row['ERROR_TYPE'] == ERROR_OVERWRITE_RELATED_PROCESS){ + $arrayRelated[$countI] = $row; + $countI++; + } else { + $arrayMessage[$countM] = $row; + $countM++; + } + } + } + if(sizeof($aErrors)){ + $validationType = 1; //Yes no + throw new Exception(G::loadTranslation( 'ID_PMTABLE_IMPORT_WITH_ERRORS', array ($filename))); + } + } + //Then create the tables + if(isset($_POST["form"]["TABLES_OF_NO"])){ + $arrayOfNo = $_POST["form"]["TABLES_OF_NO"]; + $arrayOfNew = $_POST["form"]["TABLES_OF_NEW"]; + $aTablesCreateNew = explode('|',$arrayOfNew); + $aTablesNoCreate = explode('|',$arrayOfNo); + $errors = $this->createStructureOfTables($pathPmtableFile, $fromAdmin, $currentProUid, true, $aTablesNoCreate, $aTablesCreateNew); + } else { + $errors = $this->createStructureOfTables($pathPmtableFile, $fromAdmin, $currentProUid, true); + } + + if ($errors == '') { + $result->success = true; + $msg = G::loadTranslation( 'ID_DONE' ); + } else { + $result->success = false; + $result->errorType = 'warning'; + $msg = G::loadTranslation( 'ID_PMTABLE_IMPORT_WITH_ERRORS', array ($filename) ) . "\n\n" . $errors; + } + + $result->message = $msg; + } catch (Exception $e) { + $result = new stdClass(); + $result->fromAdmin = $fromAdmin; + $result->arrayMessage = $arrayMessage; + $result->arrayRelated = $arrayRelated; + $result->arrayOverwrite = $arrayOverwrite; + $result->validationType = $validationType; + $result->errorType = 'error'; + $result->buildResult = ob_get_contents(); + ob_end_clean(); + $result->success = false; + + // if it is a propel exception message + if (preg_match( '/(.*)\s\[(.*):\s(.*)\]\s\[(.*):\s(.*)\]/', $e->getMessage(), $match )) { + $result->message = $match[3]; + $result->type = G::loadTranslation( 'ID_ERROR' ); + } else { + $result->message = $e->getMessage(); + $result->type = G::loadTranslation( 'ID_EXCEPTION' ); + } + } + + return $result; + } + /** + * Review the *.pmt file and Throw all errors + * @param string $tableFile + * @param string $fileName + * @param bool $fromAdmin + * @param bool $overWrite + * @param string $currentProUid + * @return string $aErrors + */ + public static function checkPmtFileThrowErrors($tableFile,$fileName,$fromAdmin,$overWrite,$currentProUid){ + $aErrors = array(); + //Ask for all Process + $processMap = new processMap(); + $aProcess = G::json_decode($processMap->getAllProcesses()); + foreach($aProcess as $key => $val){ + if ($val->value != ''){ + $proUids[] = $val->value; + } + } + + $fp = fopen( $tableFile, "rb" ); + $fsData = intval( fread( $fp, 9 ) ); //reading the metadata + $sType = fread( $fp, $fsData ); + $count = 0; + while (! feof( $fp )) { + $validationType = 0; + switch ($sType) { + case '@META': + $fsData = intval( fread( $fp, 9 ) ); + $METADATA = fread( $fp, $fsData ); + break; + case '@SCHEMA': + $fsUid = intval( fread( $fp, 9 ) ); + $uid = fread( $fp, $fsUid ); + $fsData = intval( fread( $fp, 9 ) ); + $schema = fread( $fp, $fsData ); + $contentSchema = unserialize( $schema ); + //The table exists? + $additionalTable = new additionalTables(); + $tableExists = $additionalTable->loadByName( $contentSchema['ADD_TAB_NAME'] ); + + $tableProUid = isset($contentSchema["PRO_UID"])?$contentSchema["PRO_UID"]:$_POST["form"]["PRO_UID"]; + $isPmTable = empty($contentSchema["PRO_UID"])? true : false; + + if($fromAdmin) { + if($isPmTable){ + if ($tableExists !== false && !$overWrite) { + $aErrors[$count]['NAME_TABLE'] = $contentSchema['ADD_TAB_NAME']; + $aErrors[$count]['ERROR_TYPE'] = ERROR_PM_TABLES_OVERWRITE; + $aErrors[$count]['ERROR_MESS'] = G::loadTranslation('ID_OVERWRITE_PMTABLE', array($contentSchema['ADD_TAB_NAME'])); + $aErrors[$count]['IS_PMTABLE'] = $isPmTable; + $aErrors[$count]['PRO_UID'] = $tableProUid; + } + } else { + if(!in_array($tableProUid, $proUids)){ + $aErrors[$count]['NAME_TABLE'] = $contentSchema['ADD_TAB_NAME']; + $aErrors[$count]['ERROR_TYPE'] = ERROR_PROCESS_NOT_EXIST; + $aErrors[$count]['ERROR_MESS'] = G::loadTranslation('ID_PROCESS_NOT_EXIST', array($contentSchema['ADD_TAB_NAME'])); + $aErrors[$count]['IS_PMTABLE'] = $isPmTable; + $aErrors[$count]['PRO_UID'] = $tableProUid; + } else { + $aErrors[$count]['NAME_TABLE'] = $contentSchema['ADD_TAB_NAME']; + $aErrors[$count]['ERROR_TYPE'] = ERROR_RP_TABLES_OVERWRITE; + $aErrors[$count]['ERROR_MESS'] = G::loadTranslation('ID_OVERWRITE_RPTABLE', array($contentSchema['ADD_TAB_NAME'])); + $aErrors[$count]['IS_PMTABLE'] = $isPmTable; + $aErrors[$count]['PRO_UID'] = $tableProUid; + } + } + } else { + if($isPmTable){ + $aErrors[$count]['NAME_TABLE'] = $contentSchema['ADD_TAB_NAME']; + $aErrors[$count]['ERROR_TYPE'] = ERROR_NO_REPORT_TABLE; + $aErrors[$count]['ERROR_MESS'] = G::loadTranslation('ID_NO_REPORT_TABLE', array($contentSchema['ADD_TAB_NAME'])); + $aErrors[$count]['IS_PMTABLE'] = $isPmTable; + $aErrors[$count]['PRO_UID'] = $tableProUid; + } else { + if(!$currentProUid != $tableProUid){ + $aErrors[$count]['NAME_TABLE'] = $contentSchema['ADD_TAB_NAME']; + $aErrors[$count]['ERROR_TYPE'] = ERROR_OVERWRITE_RELATED_PROCESS; + $aErrors[$count]['ERROR_MESS'] = G::loadTranslation('ID_OVERWRITE_RELATED_PROCESS', array($contentSchema['ADD_TAB_NAME'])); + $aErrors[$count]['IS_PMTABLE'] = $isPmTable; + $aErrors[$count]['PRO_UID'] = $tableProUid; + } else { + if ($tableExists !== false && !$overWrite) { + $aErrors[$count]['NAME_TABLE'] = $contentSchema['ADD_TAB_NAME']; + $aErrors[$count]['ERROR_TYPE'] = ERROR_RP_TABLES_OVERWRITE; + $aErrors[$count]['ERROR_MESS'] = G::loadTranslation('ID_OVERWRITE_RPTABLE', array($contentSchema['ADD_TAB_NAME'])); + $aErrors[$count]['IS_PMTABLE'] = $isPmTable; + $aErrors[$count]['PRO_UID'] = $tableProUid; + } + } + } + } + break; + case '@DATA': + break; + } + + $fsData = intval( fread( $fp, 9 ) ); + if ($fsData > 0) { + $sType = fread( $fp, $fsData ); + } else { + break; + } + $count++; + } + fclose( $fp ); + return $aErrors; + } + + /** + * Create the structure of tables + * @param string $tableFile, + * @param bool $fromAdmin + * @param string $currentProUid + * @param bool $overWrite + * @param array $aTables + * @return string $errors + */ + public function createStructureOfTables($tableFile,$fromAdmin,$currentProUid,$overWrite = true, $aTables=array(), $aTablesNew=array()){ + + $fp = fopen( $tableFile, "rb" ); + $fsData = intval( fread( $fp, 9 ) ); + $sType = fread( $fp, $fsData ); + $errors = ''; + $tableNameMap = array(); + $processQueue = array(); + $processQueueTables = array(); + while (! feof( $fp )) { + $validationType = 0; switch ($sType) { case '@META': $fsData = intval( fread( $fp, 9 ) ); @@ -1013,115 +1220,86 @@ class pmTablesProxy extends HttpProxyController $schema = fread( $fp, $fsData ); $contentSchema = unserialize( $schema ); $additionalTable = new additionalTables(); - $tableExists = $additionalTable->loadByName( $contentSchema['ADD_TAB_NAME'] ); - $tableNameMap[$contentSchema['ADD_TAB_NAME']] = $contentSchema['ADD_TAB_NAME']; - - $tableData = new stdClass(); + if(!in_array($contentSchema['ADD_TAB_NAME'],$aTables)){ + $tableExists = $additionalTable->loadByName( $contentSchema['ADD_TAB_NAME'] ); + $tableNameMap[$contentSchema['ADD_TAB_NAME']] = $contentSchema['ADD_TAB_NAME']; - if(isset( $contentSchema["PRO_UID"] )){ - $tableData->PRO_UID = $contentSchema["PRO_UID"]; - }else{ - $tableData->PRO_UID = $_POST["form"]["PRO_UID"]; - } - $isPmTable = false; /*is a report table*/ - if($contentSchema["PRO_UID"] == "" ) { - $isPmTable = true; - } - $currentPRO_UID = ''; - if (isset( $_POST["form"]["PRO_UID_HELP"] ) && !empty($_POST["form"]["PRO_UID_HELP"])) { - $currentPRO_UID = $_POST["form"]["PRO_UID_HELP"]; - } else { - if(isset( $_POST["form"]["PRO_UID"]) && !empty( $_POST["form"]["PRO_UID"])){ - $currentPRO_UID = $_POST["form"]["PRO_UID"]; - $_SESSION['PROCESS'] = $currentPRO_UID; - } else{ - $currentPRO_UID = $_SESSION['PROCESS']; - } - } + $tableData = new stdClass(); - if($fromAdmin) { /* from admin tab */ - if ($tableExists !== false && !$fromConfirm && !$overWrite) { - $validationType = 1; - throw new Exception( G::loadTranslation( 'ID_OVERWRITE_PMTABLE' ) ); + if(isset( $contentSchema["PRO_UID"] )){ + $tableData->PRO_UID = $contentSchema["PRO_UID"]; + }else{ + $tableData->PRO_UID = $_POST["form"]["PRO_UID"]; } - if(!in_array($tableData->PRO_UID, $proUids) && !$isPmTable) { - $validationType = 2; - throw new Exception( G::loadTranslation( 'ID_NO_RELATED_PROCESS' ) ); + $isPmTable = false; /*is a report table*/ + if($contentSchema["PRO_UID"] === '' ) { + $isPmTable = true; } - } else { /* from designer tab */ - if($isPmTable){ - $validationType = ''; - throw new Exception( G::loadTranslation( 'ID_NO_REPORT_TABLE' ) ); + if(!$fromAdmin && !$isPmTable) { + $tableData->PRO_UID = $currentProUid; } - if ($tableExists !== false && !$fromConfirm && !$overWrite) { - $validationType = 1; - throw new Exception( G::loadTranslation( 'ID_OVERWRITE_PMTABLE' ) ); + if(in_array($contentSchema['ADD_TAB_NAME'],$aTablesNew)){ + $overWrite = false; } - if($currentPRO_UID != $tableData->PRO_UID) { - if(!in_array($tableData->PRO_UID, $proUids)) { - $validationType = 2; - if(($fromConfirm == $validationType || !$fromConfirm) && !$isPmTable) { - throw new Exception( G::loadTranslation( 'ID_OVERWRITE_RELATED_PROCESS' ) ); - } else { - $tableData->PRO_UID = $currentPRO_UID; - } - } else { - $validationType = 3; - throw new Exception( G::loadTranslation( 'ID_ALREADY_RELATED_TABLE ' ) ); + if ($overWrite) { + if ($tableExists !== false) { + $additionalTable->deleteAll( $tableExists['ADD_TAB_UID'] ); + } + } else { + if ($tableExists !== false) { + // some table exists with the same name + // renaming... + $tNameOld = $contentSchema['ADD_TAB_NAME']; + $newTableName = $contentSchema['ADD_TAB_NAME'] . '_' . date( 'YmdHis' ); + $contentSchema['ADD_TAB_UID'] = G::generateUniqueID(); + $contentSchema['ADD_TAB_NAME'] = $newTableName; + $contentSchema['ADD_TAB_CLASS_NAME'] = additionalTables::getPHPName( $newTableName ); + //mapping the table name for posterior uses + $tableNameMap[$tNameOld] = $contentSchema['ADD_TAB_NAME']; } } - } - - if ($overWrite) { - if ($tableExists !== false) { - $additionalTable->deleteAll( $tableExists['ADD_TAB_UID'] ); + + // validating invalid bds_uid in old tables definition -> mapped to workflow + if (! $contentSchema['DBS_UID'] || $contentSchema['DBS_UID'] == '0' || ! $contentSchema['DBS_UID']) { + $contentSchema['DBS_UID'] = 'workflow'; } - } else { - if ($tableExists !== false) { - // some table exists with the same name - // renaming... - $tNameOld = $contentSchema['ADD_TAB_NAME']; - $newTableName = $contentSchema['ADD_TAB_NAME'] . '_' . date( 'YmdHis' ); - $contentSchema['ADD_TAB_UID'] = G::generateUniqueID(); - $contentSchema['ADD_TAB_NAME'] = $newTableName; - $contentSchema['ADD_TAB_CLASS_NAME'] = additionalTables::getPHPName( $newTableName ); - //mapping the table name for posterior uses - $tableNameMap[$tNameOld] = $contentSchema['ADD_TAB_NAME']; + + $columns = array (); + foreach ($contentSchema['FIELDS'] as $field) { + $column = array ( + 'uid' => '', + 'field_uid' => '', + 'field_name' => $field['FLD_NAME'], + 'field_dyn' => isset( $field['FLD_DYN_NAME'] ) ? $field['FLD_DYN_NAME'] : '', + 'field_label' => isset( $field['FLD_DESCRIPTION'] ) ? $field['FLD_DESCRIPTION'] : '', + 'field_type' => $field['FLD_TYPE'],'field_size' => $field['FLD_SIZE'], + 'field_key' => isset( $field['FLD_KEY'] ) ? $field['FLD_KEY'] : 0, + 'field_null' => isset( $field['FLD_NULL'] ) ? $field['FLD_NULL'] : 1, + 'field_autoincrement' => isset( $field['FLD_AUTO_INCREMENT'] ) ? $field['FLD_AUTO_INCREMENT'] : 0 + ); + $columns[] = $column; + } + + $tableData->REP_TAB_UID = $contentSchema['ADD_TAB_UID']; + $tableData->REP_TAB_NAME = $contentSchema['ADD_TAB_NAME']; + $tableData->REP_TAB_DSC = $contentSchema['ADD_TAB_DESCRIPTION']; + $tableData->REP_TAB_CONNECTION = $contentSchema['DBS_UID']; + $tableData->REP_TAB_TYPE = isset( $contentSchema['ADD_TAB_TYPE'] ) ? $contentSchema['ADD_TAB_TYPE'] : ''; + $tableData->REP_TAB_GRID = isset( $contentSchema['ADD_TAB_GRID'] ) ? $contentSchema['ADD_TAB_GRID'] : ''; + $tableData->columns = G::json_encode( $columns ); + $tableData->forceUid = true; + + //save the table + $alterTable = false; + $result = $this->save( $tableData, $alterTable ); + + if ($result->success) { + G::auditLog("ImportTable", $contentSchema['ADD_TAB_NAME']." (".$contentSchema['ADD_TAB_UID'].") "); + $processQueueTables[$contentSchema['DBS_UID']][] = $contentSchema['ADD_TAB_NAME']; + } else { + $errors .= G::loadTranslation('ID_ERROR_CREATE_TABLE') . $tableData->REP_TAB_NAME . '-> ' . $result->message . "\n\n"; } } - - // validating invalid bds_uid in old tables definition -> mapped to workflow - if (! $contentSchema['DBS_UID'] || $contentSchema['DBS_UID'] == '0' || ! $contentSchema['DBS_UID']) { - $contentSchema['DBS_UID'] = 'workflow'; - } - - $columns = array (); - foreach ($contentSchema['FIELDS'] as $field) { - $column = array ('uid' => '','field_uid' => '','field_name' => $field['FLD_NAME'],'field_dyn' => isset( $field['FLD_DYN_NAME'] ) ? $field['FLD_DYN_NAME'] : '','field_label' => isset( $field['FLD_DESCRIPTION'] ) ? $field['FLD_DESCRIPTION'] : '','field_type' => $field['FLD_TYPE'],'field_size' => $field['FLD_SIZE'],'field_key' => isset( $field['FLD_KEY'] ) ? $field['FLD_KEY'] : 0,'field_null' => isset( $field['FLD_NULL'] ) ? $field['FLD_NULL'] : 1,'field_autoincrement' => isset( $field['FLD_AUTO_INCREMENT'] ) ? $field['FLD_AUTO_INCREMENT'] : 0 - ); - $columns[] = $column; - } - - $tableData->REP_TAB_UID = $contentSchema['ADD_TAB_UID']; - $tableData->REP_TAB_NAME = $contentSchema['ADD_TAB_NAME']; - $tableData->REP_TAB_DSC = $contentSchema['ADD_TAB_DESCRIPTION']; - $tableData->REP_TAB_CONNECTION = $contentSchema['DBS_UID']; - - $tableData->REP_TAB_TYPE = isset( $contentSchema['ADD_TAB_TYPE'] ) ? $contentSchema['ADD_TAB_TYPE'] : ''; - $tableData->REP_TAB_GRID = isset( $contentSchema['ADD_TAB_GRID'] ) ? $contentSchema['ADD_TAB_GRID'] : ''; - $tableData->columns = G::json_encode( $columns ); - $tableData->forceUid = true; - - //save the table - $alterTable = false; - $result = $this->save( $tableData, $alterTable ); - - if ($result->success) { - $processQueueTables[$contentSchema['DBS_UID']][] = $contentSchema['ADD_TAB_NAME']; - } else { - $errors .= 'Error creating table: ' . $tableData->REP_TAB_NAME . '-> ' . $result->message . "\n\n"; - } - break; case '@DATA': $fstName = intval( fread( $fp, 9 ) ); @@ -1140,79 +1318,73 @@ class pmTablesProxy extends HttpProxyController } else { break; } - } + } + fclose( $fp ); - fclose( $fp ); - G::loadClass( 'pmTable' ); - - foreach ($processQueueTables as $dbsUid => $tables) { + G::loadClass( 'pmTable' ); + foreach ($processQueueTables as $dbsUid => $tables) { $pmTable = new pmTable(); ob_start(); $pmTable->buildModelFor( $dbsUid, $tables ); $buildResult = ob_get_contents(); ob_end_clean(); $errors .= $pmTable->upgradeDatabaseFor( $pmTable->getDataSource(), $tables ); - } - - $fp = fopen( $PUBLIC_ROOT_PATH . $filename, "rb" ); - $fsData = intval( fread( $fp, 9 ) ); - $sType = fread( $fp, $fsData ); - - // data processing - while (! feof( $fp )) { - + } + if(sizeof($tableNameMap)>0){ + $errors = $this->dataProcessingOfTables($tableFile,$tableNameMap); + } + return $errors; + } + /** + * Review the *.pmt file and populate the data + * @param string $tableFile + * @param array $tableNameMap + * @return string errors + */ + public function dataProcessingOfTables($tableFile,$tableNameMap){ + $fp = fopen( $tableFile, "rb" ); + $fsData = intval( fread( $fp, 9 ) ); + $sType = fread( $fp, $fsData ); + $errors = ''; + while (! feof( $fp )) { switch ($sType) { case '@META': - $fsData = intval( fread( $fp, 9 ) ); - $METADATA = fread( $fp, $fsData ); - break; case '@SCHEMA': - $fsUid = intval( fread( $fp, 9 ) ); - $uid = fread( $fp, $fsUid ); - $fsData = intval( fread( $fp, 9 ) ); - $schema = fread( $fp, $fsData ); - $contentSchema = unserialize( $schema ); - $additionalTable = new additionalTables(); - $table = $additionalTable->loadByName( $tableNameMap[$contentSchema['ADD_TAB_NAME']] ); - if ($table['PRO_UID'] != '') { - // is a report table, try populate it - $additionalTable->populateReportTable( $table['ADD_TAB_NAME'], pmTable::resolveDbSource( $table['DBS_UID'] ), $table['ADD_TAB_TYPE'], $table['PRO_UID'], $table['ADD_TAB_GRID'], $table['ADD_TAB_UID'] ); - } - G::auditLog("ImportTable", $table['ADD_TAB_NAME']." (".$table['ADD_TAB_UID'].") "); break; case '@DATA': $fstName = intval( fread( $fp, 9 ) ); $tableName = fread( $fp, $fstName ); $fsData = intval( fread( $fp, 9 ) ); - if ($fsData > 0) { $data = fread( $fp, $fsData ); $contentData = unserialize( $data ); - $tableName = $tableNameMap[$tableName]; + if(isset($tableNameMap[$tableName])){ + $tableName = $tableNameMap[$tableName]; - $oAdditionalTables = new AdditionalTables(); - $table = $oAdditionalTables->loadByName( $tableName ); - $isReport = $table['PRO_UID'] !== '' ? true : false; + $oAdditionalTables = new AdditionalTables(); + $table = $oAdditionalTables->loadByName( $tableName ); + $isReport = $table['PRO_UID'] !== '' ? true : false; - if ($table !== false) { - if (! $isReport) { - if (count( $contentData ) > 0) { - $oAdditionalTables->load( $table['ADD_TAB_UID'], true ); - $primaryKeys = $oAdditionalTables->getPrimaryKeys(); - // Obtain a list of columns - $primaryKeyColumn = array(); - foreach ($contentData as $key => $row) { - $primaryKeyColumn[$key] = $row[$primaryKeys[0]['FLD_NAME']]; - } - unset($row); - array_multisort($primaryKeyColumn, SORT_ASC, $contentData); - foreach ($contentData as $row) { - $data = new StdClass(); - $data->id = $table['ADD_TAB_UID']; - $data->rows = base64_encode( serialize( $row ) ); - $res = $this->dataCreate( $data, 'base64' ); - if (! $res->success) { - $errors .= $res->message; + if ($table !== false) { + if (! $isReport) { + if (count( $contentData ) > 0) { + $oAdditionalTables->load( $table['ADD_TAB_UID'], true ); + $primaryKeys = $oAdditionalTables->getPrimaryKeys(); + // Obtain a list of columns + $primaryKeyColumn = array(); + foreach ($contentData as $key => $row) { + $primaryKeyColumn[$key] = $row[$primaryKeys[0]['FLD_NAME']]; + } + unset($row); + array_multisort($primaryKeyColumn, SORT_ASC, $contentData); + foreach ($contentData as $row) { + $data = new StdClass(); + $data->id = $table['ADD_TAB_UID']; + $data->rows = base64_encode( serialize( $row ) ); + $res = $this->dataCreate( $data, 'base64' ); + if (! $res->success) { + $errors .= $res->message; + } } } } @@ -1228,44 +1400,8 @@ class pmTablesProxy extends HttpProxyController } else { break; } - } - - //////////// - - - if ($errors == '') { - $result->success = true; - $msg = G::loadTranslation( 'ID_PMTABLE_IMPORT_SUCCESS', array ($filename - ) ); - } else { - $result->success = false; - $result->errorType = 'warning'; - $msg = G::loadTranslation( 'ID_PMTABLE_IMPORT_WITH_ERRORS', array ($filename - ) ) . "\n\n" . $errors; - } - - $result->message = $msg; - } catch (Exception $e) { - $result = new stdClass(); - $result->fromAdmin = $fromAdmin; - $result->validationType = $validationType; - $result->errorType = 'error'; - $result->buildResult = ob_get_contents(); - ob_end_clean(); - $result->success = false; - - // if it is a propel exception message - if (preg_match( '/(.*)\s\[(.*):\s(.*)\]\s\[(.*):\s(.*)\]/', $e->getMessage(), $match )) { - $result->message = $match[3]; - $result->type = G::loadTranslation( 'ID_ERROR' ); - } else { - $result->message = $e->getMessage(); - $result->type = G::loadTranslation( 'ID_EXCEPTION' ); - } - //$result->trace = $e->getTraceAsString(); } - - return $result; + return $errors; } /** diff --git a/workflow/engine/controllers/processProxy.php b/workflow/engine/controllers/processProxy.php index 072ce56b5..3e3607644 100755 --- a/workflow/engine/controllers/processProxy.php +++ b/workflow/engine/controllers/processProxy.php @@ -118,7 +118,7 @@ class ProcessProxy extends HttpProxyController $oProcess = new Processes(); if (count( $ids ) > 0) { foreach ($ids as $id) { - $oProcess->changeStatus( $id ); + $oProcess->changeStatus( htmlspecialchars($id) ); } } } diff --git a/workflow/engine/data/mysql/schema.sql b/workflow/engine/data/mysql/schema.sql index 0df76cd45..b4ab29371 100755 --- a/workflow/engine/data/mysql/schema.sql +++ b/workflow/engine/data/mysql/schema.sql @@ -2263,6 +2263,7 @@ CREATE TABLE `LIST_INBOX` `DEL_RISK_DATE` DATETIME, `DEL_PRIORITY` VARCHAR(32) default '3' NOT NULL, PRIMARY KEY (`APP_UID`,`DEL_INDEX`), + KEY `indexUser`(`USR_UID`), KEY `indexInboxUser`(`USR_UID`, `DEL_DELEGATE_DATE`), KEY `indexInboxUserStatusUpdateDate`(`USR_UID`, `APP_STATUS`, `APP_UPDATE_DATE`) )ENGINE=InnoDB DEFAULT CHARSET='utf8' COMMENT='Inbox list'; diff --git a/workflow/engine/menus/caseOptions.php b/workflow/engine/menus/caseOptions.php index 905c52c47..8c683d07a 100755 --- a/workflow/engine/menus/caseOptions.php +++ b/workflow/engine/menus/caseOptions.php @@ -24,26 +24,59 @@ */ global $G_TMP_MENU; global $sStatus; +global $RBAC; +$statusSendAndUnassigned = false; -if ((($sStatus == 'DRAFT') || ($sStatus == 'TO_DO')) && ($_SESSION['TASK'] != -1)) { - if (isset($_SESSION['bNoShowSteps'])) { - unset($_SESSION['bNoShowSteps']); - } else { - $G_TMP_MENU->AddIdOption('STEPS' , G::LoadTranslation('ID_STEPS') , 'javascript:showSteps();' , 'absolute'); - $G_TMP_MENU->AddIdOption('INFO' , G::LoadTranslation('ID_INFORMATION'), 'javascript:showInformation();', 'absolute'); - } - $G_TMP_MENU->AddIdOption('ACTIONS' , G::LoadTranslation('ID_ACTIONS') , 'javascript:showActions();' , 'absolute'); -} else { - $G_TMP_MENU->AddIdOption('INFO' , G::LoadTranslation('ID_INFORMATION'), 'javascript:showInformation();', 'absolute'); +//caseOptions +switch ($_SESSION['actionCaseOptions']) { + case 'todo': + case 'draft': + if (isset($_SESSION['bNoShowSteps'])) { + unset($_SESSION['bNoShowSteps']); + } + break; + case 'sent': + case 'unassigned': + $_SESSION['TASK'] = -1; + $statusSendAndUnassigned = true; + break; + case 'paused': + $access = $RBAC->requirePermissions('PM_ALLCASES'); + if ($access) { + if (isset($_SESSION['bNoShowSteps'])) { + unset($_SESSION['bNoShowSteps']); + } + } else { + $_SESSION['TASK'] = -1; + } + break; + case 'to_revise': + case 'to_reassign': + $access = $RBAC->requirePermissions('PM_REASSIGNCASE', 'PM_SUPERVISOR'); + if ($access) { + if (isset($_SESSION['bNoShowSteps'])) { + unset($_SESSION['bNoShowSteps']); + } + } else { + $_SESSION['TASK'] = -1; + } + break; + default: + unset($_SESSION['bNoShowSteps']); + break; } -$G_TMP_MENU->AddIdOption('NOTES' , G::LoadTranslation('ID_NOTES'), 'javascript:showNotes();', 'absolute'); - - - - - - - - +unset($_SESSION['actionCaseOptions']); +if ((($sStatus === 'DRAFT') || ($sStatus === 'TO_DO')) && !$statusSendAndUnassigned) { + if (isset($_SESSION['bNoShowSteps'])) { + unset($_SESSION['bNoShowSteps']); + } else { + $G_TMP_MENU->AddIdOption('STEPS', G::LoadTranslation('ID_STEPS'), 'javascript:showSteps();', 'absolute'); + $G_TMP_MENU->AddIdOption('INFO', G::LoadTranslation('ID_INFORMATION'), 'javascript:showInformation();', 'absolute'); + } + $G_TMP_MENU->AddIdOption('ACTIONS', G::LoadTranslation('ID_ACTIONS'), 'javascript:showActions();', 'absolute'); +} else { + $G_TMP_MENU->AddIdOption('INFO', G::LoadTranslation('ID_INFORMATION'), 'javascript:showInformation();', 'absolute'); +} +$G_TMP_MENU->AddIdOption('NOTES', G::LoadTranslation('ID_NOTES'), 'javascript:showNotes();', 'absolute'); diff --git a/workflow/engine/methods/cases/casesStreamingFile.php b/workflow/engine/methods/cases/casesStreamingFile.php index 77116077d..f4def7ef6 100644 --- a/workflow/engine/methods/cases/casesStreamingFile.php +++ b/workflow/engine/methods/cases/casesStreamingFile.php @@ -6,7 +6,7 @@ $actionAjax = isset( $_REQUEST['actionAjax'] ) ? $_REQUEST['actionAjax'] : null; if ($actionAjax == "streaming") { $app_uid = isset( $_REQUEST['a'] ) ? $_REQUEST['a'] : null; - $inp_doc_uid = isset( $_REQUEST['d'] ) ? $_REQUEST['d'] : null; + $inp_doc_uid = isset( $_REQUEST['d'] ) ? htmlspecialchars($_REQUEST['d']) : null; $oAppDocument = new \AppDocument(); if (! isset( $fileData['version'] )) { @@ -52,7 +52,7 @@ if ($actionAjax == "streaming") { if ($actionAjax == "fileMobile") { $app_uid = isset( $_REQUEST['a'] ) ? $_REQUEST['a'] : null; - $inp_doc_uid = isset( $_REQUEST['d'] ) ? $_REQUEST['d'] : null; + $inp_doc_uid = isset( $_REQUEST['d'] ) ? htmlspecialchars($_REQUEST['d']) : null; $structure = file_get_contents(PATH_HTML ."/mobile/index.json"); $structure = json_decode($structure); diff --git a/workflow/engine/methods/cases/cases_Redirect.php b/workflow/engine/methods/cases/cases_Redirect.php index a6cb95f65..3ab1bd579 100755 --- a/workflow/engine/methods/cases/cases_Redirect.php +++ b/workflow/engine/methods/cases/cases_Redirect.php @@ -32,7 +32,7 @@ $aFields = $oAppDocument->load( $_GET['a'] ); require_once 'classes/model/OutputDocument.php'; $oOutputDocument = new OutputDocument(); $aOD = $oOutputDocument->load( $aFields['DOC_UID'] ); -$a = $_GET['a']; +$a = htmlspecialchars($_GET['a']); $ext = strtolower( $aOD['OUT_DOC_GENERATE'] ); G::header( 'location: cases_ShowOutputDocument?a=' . $a . '&ext=' . $ext ); diff --git a/workflow/engine/methods/cases/cases_SaveData.php b/workflow/engine/methods/cases/cases_SaveData.php index c1a5aadd0..1cb1fc46e 100755 --- a/workflow/engine/methods/cases/cases_SaveData.php +++ b/workflow/engine/methods/cases/cases_SaveData.php @@ -90,12 +90,8 @@ try { $Fields = $oCase->loadCase( $_SESSION["APPLICATION"] ); if ($swpmdynaform) { - $oStep = new Step(); - $oStep = $oStep->loadByProcessTaskPosition($_SESSION['PROCESS'], $_SESSION['TASK'], $_SESSION['STEP_POSITION']); - $dataFields = $Fields["APP_DATA"]; $dataFields["CURRENT_DYNAFORM"] = $_GET['UID']; - $dataFields["STEP_MODE"] = $oStep->getStepMode(); G::LoadClass('pmDynaform'); $oPmDynaform = new pmDynaform($dataFields); diff --git a/workflow/engine/methods/cases/open.php b/workflow/engine/methods/cases/open.php index b7c67650e..b3c2107b1 100755 --- a/workflow/engine/methods/cases/open.php +++ b/workflow/engine/methods/cases/open.php @@ -38,17 +38,20 @@ if (! isset( $_GET['APP_UID'] ) || ! isset( $_GET['DEL_INDEX'] )) { if (isset( $_GET['APP_NUMBER'] )) { G::LoadClass( 'case' ); $oCase = new Cases(); - $_GET['APP_UID'] = $oCase->getApplicationUIDByNumber( $_GET['APP_NUMBER'] ); - $_GET['DEL_INDEX'] = $oCase->getCurrentDelegation( $_GET['APP_UID'], $_SESSION['USER_LOGGED'] ); - if (is_null( $_GET['APP_UID'] )) { + $appUid = $oCase->getApplicationUIDByNumber( htmlspecialchars($_GET['APP_NUMBER']) ); + $delIndex = $oCase->getCurrentDelegation( $appUid, $_SESSION['USER_LOGGED'] ); + if (is_null( $appUid )) { throw new Exception( G::LoadTranslation( 'ID_CASE_DOES_NOT_EXISTS' ) ); } - if (is_null( $_GET['DEL_INDEX'] )) { + if (is_null( $delIndex )) { throw new Exception( G::LoadTranslation( 'ID_CASE_IS_CURRENTLY_WITH_ANOTHER_USER' ) ); } } else { throw new Exception( "Application ID or Delegation Index is missing!. The System can't open the case." ); } +} else { + $appUid = htmlspecialchars($_GET['APP_UID']); + $delIndex = htmlspecialchars($_GET['DEL_INDEX']); } require_once ("classes/model/Step.php"); @@ -85,19 +88,16 @@ foreach ($_GET as $k => $v) { $uri .= ($uri == '') ? "$k=$v" : "&$k=$v"; } -//$case = $oCase->loadCase( $_GET['APP_UID'], $_GET['DEL_INDEX'] ); if( isset($_GET['action']) && ($_GET['action'] == 'jump') ) { - $case = $oCase->loadCase( $_GET['APP_UID'], $_GET['DEL_INDEX'], $_GET['action']); + $case = $oCase->loadCase( $appUid, $delIndex, $_GET['action']); } else { - $case = $oCase->loadCase( $_GET['APP_UID'], $_GET['DEL_INDEX'] ); + $case = $oCase->loadCase( $appUid, $delIndex ); } if (! isset( $_GET['to_revise'] )) { $script = 'cases_Open?'; } else { $script = 'cases_OpenToRevise?'; - $delIndex = $_GET['DEL_INDEX']; - $appUid = $_GET['APP_UID']; $oHeadPublisher->assign( 'treeToReviseTitle', G::loadtranslation( 'ID_STEP_LIST' ) ); $casesPanelUrl = 'casesToReviseTreeContent?APP_UID=' . $appUid . '&DEL_INDEX=' . $delIndex; $oHeadPublisher->assign( 'casesPanelUrl', $casesPanelUrl ); //translations @@ -121,7 +121,7 @@ $oHeadPublisher->assign( 'uri', $script . $uri ); $oHeadPublisher->assign( '_APP_NUM', '#: ' . $case['APP_NUMBER'] ); $oHeadPublisher->assign( '_PROJECT_TYPE', in_array($case['PRO_UID'], $bpmnProjects) ? 'bpmn' : 'classic' ); $oHeadPublisher->assign( '_PRO_UID', $case['PRO_UID']); -$oHeadPublisher->assign( '_APP_UID', $_GET['APP_UID']); +$oHeadPublisher->assign( '_APP_UID', $appUid); $oHeadPublisher->assign( '_ENV_CURRENT_DATE', $conf->getSystemDate( date( 'Y-m-d' ) ) ); $oHeadPublisher->assign( '_ENV_CURRENT_DATE_NO_FORMAT', date( 'Y-m-d-h-i-A' ) ); $oHeadPublisher->assign( 'idfirstform', is_null( $oStep ) ? '' : $oStep->getStepUidObj() ); @@ -132,12 +132,7 @@ if(!isset($_SESSION['APPLICATION']) || !isset($_SESSION['TASK']) || !isset($_SES $_SESSION['APPLICATION'] = $case['APP_UID']; $_SESSION['TASK'] = $case['TAS_UID']; $_SESSION['INDEX'] = $case['DEL_INDEX']; -} -$_SESSION['TASK'] = ($_GET['action'] == "unassigned" || $_GET['action'] == "sent" ) ? -1 : $_SESSION['TASK']; -if($_GET['action'] == "todo" || $_GET['action'] == "draft") { - if (isset($_SESSION['bNoShowSteps'])) { - unset($_SESSION['bNoShowSteps']); - } } +$_SESSION['actionCaseOptions'] = (isset($_REQUEST['action'])) ? $_REQUEST['action'] : ''; G::RenderPage( 'publish', 'extJs' ); diff --git a/workflow/engine/methods/cases/proxyDataCombobox.php b/workflow/engine/methods/cases/proxyDataCombobox.php index 4d086afc9..a0d65d2df 100755 --- a/workflow/engine/methods/cases/proxyDataCombobox.php +++ b/workflow/engine/methods/cases/proxyDataCombobox.php @@ -5,12 +5,11 @@ */ $appUid = isset($_POST["appUid"])? $_POST["appUid"] : ""; -$dynUid = isset($_POST["dynUid"])? $_POST["dynUid"] : ""; -$proUid = isset($_POST["proUid"])? $_POST["proUid"] : ""; +$dynUid = isset($_POST["dynUid"])? htmlspecialchars($_POST["dynUid"]) : ""; +$proUid = isset($_POST["proUid"])? htmlspecialchars($_POST["proUid"]) : ""; $fieldName = isset($_POST["fieldName"])? $_POST["fieldName"] : ""; $filename = $proUid . PATH_SEP . $dynUid . ".xml"; - $G_FORM = new xmlform(); $G_FORM->home = PATH_DYNAFORM; $G_FORM->parseFile($filename, SYS_LANG, true); @@ -72,4 +71,4 @@ foreach ($aResult as $field) { $response["records"] = $array; -echo G::json_encode($response); \ No newline at end of file +echo G::json_encode($response); diff --git a/workflow/engine/methods/cases/proxyProcessList.php b/workflow/engine/methods/cases/proxyProcessList.php index c522a6732..6e2c91f9f 100755 --- a/workflow/engine/methods/cases/proxyProcessList.php +++ b/workflow/engine/methods/cases/proxyProcessList.php @@ -44,6 +44,37 @@ try { if (isset( $start )) { $Criteria->setOffset( $start ); } + + + // The $sort field is arbitrary + // This can result in ORDER BY + // SQL injection + + // This ensures that ORDER BY will ONLY + // use a known good sort field. + // There is a matching list on the javascript side at + // workflow/engine/templates/processes/main.js + + $allowedSortField = array( + "PRO_TITLE", + "PROJECT_TYPE", + "PRO_CATEGORY_LABEL", + "PRO_STATUS_LABEL", + "PRO_CREATE_USER_LABEL", + "PRO_CREATE_DATE", + "CASES_COUNT_TO_DO", + "CASES_COUNT_DRAFT", + "CASES_COUNT_COMPLETED", + "CASES_COUNT_CANCELLED", + "CASES_COUNT", + "PRO_DEBUG_LABEL", + "PRO_TYPE_PROCESS", + "PRO_UPDATE_DATE", + ); + + if(!in_array($sort, $allowedSortField)) { + $sort = ''; + } if ($sort != '') { if ($dir == 'DESC') { diff --git a/workflow/engine/methods/cases/saveFormSupervisor.php b/workflow/engine/methods/cases/saveFormSupervisor.php deleted file mode 100644 index 4a8525aae..000000000 --- a/workflow/engine/methods/cases/saveFormSupervisor.php +++ /dev/null @@ -1,135 +0,0 @@ -. - * - * For more information, contact Colosa Inc, 2566 Le Jeune Rd., - * Coral Gables, FL, 33134, USA, or email info@colosa.com. - */ - - -try { - - $oForm = new Form( $_SESSION["PROCESS"] . "/" . $_GET["UID"], PATH_DYNAFORM ); - $oForm->validatePost(); - - //Includes - G::LoadClass( "case" ); - - //Load the variables - $oCase = new Cases(); - $Fields = $oCase->loadCase( $_SESSION["APPLICATION"] ); - - $Fields["APP_DATA"] = array_merge( $Fields["APP_DATA"], G::getSystemConstants() ); - $Fields["APP_DATA"] = array_merge( $Fields["APP_DATA"], $_POST["form"] ); - - //save data in PM Tables if necessary - $newValues = array (); - foreach ($_POST['form'] as $sField => $sAux) { - if (isset( $oForm->fields[$sField]->pmconnection ) && isset( $oForm->fields[$sField]->pmfield )) { - if (($oForm->fields[$sField]->pmconnection != '') && ($oForm->fields[$sField]->pmfield != '')) { - if (isset( $oForm->fields[$oForm->fields[$sField]->pmconnection] )) { - require_once PATH_CORE . 'classes' . PATH_SEP . 'model' . PATH_SEP . 'AdditionalTables.php'; - $oAdditionalTables = new AdditionalTables(); - try { - $aData = $oAdditionalTables->load( $oForm->fields[$oForm->fields[$sField]->pmconnection]->pmtable, true ); - } catch (Exception $oError) { - $aData = array ('FIELDS' => array () - ); - } - $aKeys = array (); - $aAux = explode( '|', $oForm->fields[$oForm->fields[$sField]->pmconnection]->keys ); - $i = 0; - $aValues = array (); - foreach ($aData['FIELDS'] as $aField) { - if ($aField['FLD_KEY'] == '1') { - $aKeys[$aField['FLD_NAME']] = (isset( $aAux[$i] ) ? G::replaceDataField( $aAux[$i], $Fields['APP_DATA'] ) : ''); - $i ++; - } - if ($aField['FLD_NAME'] == $oForm->fields[$sField]->pmfield) { - $aValues[$aField['FLD_NAME']] = $Fields['APP_DATA'][$sField]; - } else { - $aValues[$aField['FLD_NAME']] = ''; - } - } - try { - $aRow = $oAdditionalTables->getDataTable( $oForm->fields[$oForm->fields[$sField]->pmconnection]->pmtable, $aKeys ); - } catch (Exception $oError) { - $aRow = false; - } - if ($aRow) { - foreach ($aValues as $sKey => $sValue) { - if ($sKey != $oForm->fields[$sField]->pmfield) { - $aValues[$sKey] = $aRow[$sKey]; - } - } - try { - $oAdditionalTables->updateDataInTable( $oForm->fields[$oForm->fields[$sField]->pmconnection]->pmtable, $aValues ); - } catch (Exception $oError) { - //Nothing - } - } else { - try { - // assembling the field list in order to save the data ina new record of a pm table - if (empty( $newValues )) { - $newValues = $aValues; - } else { - foreach ($aValues as $aValueKey => $aValueCont) { - if (trim( $newValues[$aValueKey] ) == '') { - $newValues[$aValueKey] = $aValueCont; - } - } - } - //$oAdditionalTables->saveDataInTable ( $oForm->fields [$oForm->fields [$sField]->pmconnection]->pmtable, $aValues ); - } catch (Exception $oError) { - //Nothing - } - } - } - } - } - } - - //save data - $aData = array (); - $aData['APP_NUMBER'] = $Fields['APP_NUMBER']; - $aData['APP_PROC_STATUS'] = $Fields['APP_PROC_STATUS']; - $aData['APP_DATA'] = $Fields['APP_DATA']; - $aData['DEL_INDEX'] = $_SESSION['INDEX']; - $aData['TAS_UID'] = $_SESSION['TASK']; - $aData['CURRENT_DYNAFORM'] = $_GET['UID']; - $aData['USER_UID'] = $_SESSION['USER_LOGGED']; - $aData['APP_STATUS'] = $Fields['APP_STATUS']; - $aData['PRO_UID'] = $_SESSION['PROCESS']; - - $oCase->updateCase( $_SESSION['APPLICATION'], $aData ); - - // saving the data ina pm table in case that is a new record - if (! empty( $newValues )) { - $id = key( $newValues ); - if (! $oAdditionalTables->updateDataInTable( $oForm->fields[$oForm->fields[$id]->pmconnection]->pmtable, $newValues )) { - //<--This is to know if it is a new registry on the PM Table - $oAdditionalTables->saveDataInTable( $oForm->fields[$oForm->fields[$id]->pmconnection]->pmtable, $newValues ); - } - } - - die('OK'); - -} catch (Exception $e) { - die($e->getMessage()); -} diff --git a/workflow/engine/methods/events/eventsAjax.php b/workflow/engine/methods/events/eventsAjax.php index d3c10ed03..48567b6ca 100755 --- a/workflow/engine/methods/events/eventsAjax.php +++ b/workflow/engine/methods/events/eventsAjax.php @@ -135,6 +135,7 @@ switch($req){ $criteria->setLimit($limit); $criteria->setOffset($start); } + $result = AppEventPeer::doSelectRS($criteria); $result->setFetchmode(ResultSet::FETCHMODE_ASSOC); $data = Array(); diff --git a/workflow/engine/methods/tools/ajaxListener.php b/workflow/engine/methods/tools/ajaxListener.php index 963b9c82b..687b6e62c 100755 --- a/workflow/engine/methods/tools/ajaxListener.php +++ b/workflow/engine/methods/tools/ajaxListener.php @@ -67,11 +67,11 @@ class Ajax $result->msg = $res['message']; } else { $result->success = true; - $result->msg = 'Label ' . $id . ' saved Successfully!'; + $result->msg = 'Label ' . htmlspecialchars($id) . ' saved Successfully!'; } } catch (Exception $e) { $result->success = false; - $result->msg = $e->getMessage(); + $result->msg = htmlspecialchars($e->getMessage()); } print G::json_encode($result); } @@ -93,7 +93,7 @@ class Ajax $result->msg = 'Deleted Successfully!'; } catch (Exception $e) { $result->success = false; - $result->msg = $e->getMessage(); + $result->msg = htmlspecialchars($e->getMessage()); } print G::json_encode($result); } @@ -106,7 +106,7 @@ class Ajax $result['success'] = true; } catch (Exception $e) { $result->success = false; - $result->msg = $e->getMessage(); + $result->msg = htmlspecialchars($e->getMessage()); } print G::json_encode($result); } diff --git a/workflow/engine/methods/tools/translationsAjax.php b/workflow/engine/methods/tools/translationsAjax.php index 9d2544357..eead4afa1 100755 --- a/workflow/engine/methods/tools/translationsAjax.php +++ b/workflow/engine/methods/tools/translationsAjax.php @@ -37,11 +37,11 @@ switch ($function) { case "changeLabel": $query = $ses->execute( "select * from $table where TRN_CATEGORY='$cat' and TRN_ID='$node' and TRN_LANG='$lang'", false ); if ($query->count() === 0) { - echo ("Not found $cat:$node:$lang in table '$table'"); + echo ("Not found ".htmlspecialchars("$cat:$node:$lang")." in table '".htmlspecialchars($table)."'"); return; } if ($query->count() > 1) { - echo ("The $cat:$node:$lang in table '$table' is not unique"); + echo ("The $".htmlspecialchars("$cat:$node:$lang")." in table '".htmlspecialchars($table)."' is not unique"); return; } $res = $query->read(); @@ -55,11 +55,11 @@ switch ($function) { $update = $ses->execute( "update $table set TRN_VALUE='$langLabel' where TRN_CATEGORY='$cat' and TRN_ID='$node' and TRN_LANG='$lang'", false ); $query = $ses->execute( "select * from $table where TRN_CATEGORY='$cat' and TRN_ID='$node' and TRN_LANG='$lang'", false ); if ($query->count() === 0) { - echo ("Not found $cat:$node:$lang in table '$table'"); + echo ("Not found ".htmlspecialchars("$cat:$node:$lang")." in table '".htmlspecialchars($table)."'"); return; } if ($query->count() > 1) { - echo ("The $cat:$node:$lang in table '$table' is not unique"); + echo ("The ".htmlspecialchars("$cat:$node:$lang")." in table '".htmlspecialchars($table)."' is not unique"); return; } $res = $query->read(); diff --git a/workflow/engine/skinEngine/base/error404.php b/workflow/engine/skinEngine/base/error404.php index 5972ede39..c34ca9902 100644 --- a/workflow/engine/skinEngine/base/error404.php +++ b/workflow/engine/skinEngine/base/error404.php @@ -13,17 +13,33 @@ if (isset($_GET["url"]) && $_GET["url"] != "") { $sysSys = ""; $sysLang = ""; $sysSkin = ""; - + if (isset($url[1]) && preg_match("/^sys(.+)$/", $url[1], $match)) { $sysSys = $match[1]; - } + // Check if sys path exists + $checkDir = PATH_DATA."sites/".$sysSys; + if(!is_dir($checkDir)) { + $sysSys = ''; + } + } + if (isset($url[2])) { $sysLang = $url[2]; } if (isset($url[3])) { $sysSkin = $url[3]; + + // Check if sys path exists + $checkDir = PATH_SKIN_ENGINE.$sysSkin; + if(!is_dir($checkDir)) { + // Try this again + $checkDir = PATH_CUSTOM_SKINS.$sysSkin; + if(!is_dir($checkDir)) { + $sysSkin = ''; + } + } } if ($sysSys != "" && $sysLang != "" && $sysSkin != "") { @@ -84,8 +100,8 @@ if (isset($_GET["url"]) && $_GET["url"] != "") {
  • You might try retyping the URL and trying again.
    • -
  • Or we could take you back to the home page.
    • -
  • Or you could start again from the login page.
    • +
  • Or we could take you back to the home page.
    • +
  • Or you could start again from the login page.
@@ -125,4 +141,4 @@ if (isset($_GET["url"]) && $_GET["url"] != "") { - \ No newline at end of file + diff --git a/workflow/engine/skinEngine/neoclassic/error404.php b/workflow/engine/skinEngine/neoclassic/error404.php index 79a4ec960..fc695a3d5 100644 --- a/workflow/engine/skinEngine/neoclassic/error404.php +++ b/workflow/engine/skinEngine/neoclassic/error404.php @@ -9,23 +9,41 @@ $urlLogin = $http . "://" . $host . "/sys/en/neoclassic/login/login"; $urlHome = $urlLogin; if (isset($_GET["url"]) && $_GET["url"] != "") { + $url = urldecode($_GET["url"]); $url = explode("/", $url); $sysSys = ""; $sysLang = ""; $sysSkin = ""; - + if (isset($url[1]) && preg_match("/^sys(.+)$/", $url[1], $match)) { $sysSys = $match[1]; + + // Check if sys path exists + $checkDir = PATH_DATA."sites/".$sysSys; + if(!is_dir($checkDir)) { + $sysSys = ''; + } } + if (isset($url[2])) { $sysLang = $url[2]; } if (isset($url[3])) { $sysSkin = $url[3]; + + // Check if sys path exists + $checkDir = PATH_SKIN_ENGINE.$sysSkin; + if(!is_dir($checkDir)) { + // Try this again + $checkDir = PATH_CUSTOM_SKINS.$sysSkin; + if(!is_dir($checkDir)) { + $sysSkin = ''; + } + } } if ($sysSys != "" && $sysLang != "" && $sysSkin != "") { @@ -85,8 +103,8 @@ if (isset($_GET["url"]) && $_GET["url"] != "") {
  • You might try retyping the URL and trying again.
    • -
  • Or we could take you back to the home page.
    • -
  • Or you could start again from the login page.
    • +
  • Or we could take you back to the home page.
    • +
  • Or you could start again from the login page.
@@ -126,4 +144,4 @@ if (isset($_GET["url"]) && $_GET["url"] != "") { - \ No newline at end of file + diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php b/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php index be0981826..cdfa9fd8b 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php @@ -250,6 +250,8 @@ class Cases $type = "extjs"; $dateFrom = (!empty( $dataList["dateFrom"] )) ? substr( $dataList["dateFrom"], 0, 10 ) : ""; $dateTo = (!empty( $dataList["dateTo"] )) ? substr( $dataList["dateTo"], 0, 10 ) : ""; + $newerThan = (!empty($dataList['newerThan']))? $dataList['newerThan'] : ''; + $oldestThan = (!empty($dataList['oldestthan']))? $dataList['oldestthan'] : ''; $first = isset( $dataList["first"] ) ? true :false; $u = new \ProcessMaker\BusinessModel\User(); @@ -291,7 +293,7 @@ class Cases } $dir = G::toUpper($dir); if (!($dir == 'DESC' || $dir == 'ASC')) { - $dir = 'DESC'; + $dir = 'ASC'; } if ($process != '') { Validator::proUid($process, '$pro_uid'); @@ -383,7 +385,9 @@ class Cases (strpos($sort, ".") !== false)? $sort : "APP_CACHE_VIEW." . $sort, $category, true, - $paged + $paged, + $newerThan, + $oldestThan ); } if (!empty($result['data'])) { diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Department.php b/workflow/engine/src/ProcessMaker/BusinessModel/Department.php index f240f994c..0d1149873 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Department.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Department.php @@ -91,6 +91,41 @@ class Department } } + /** + * Get Department record + * + * @param string $departmentUid Unique id of Department + * @param array $arrayVariableNameForException Variable name for exception + * @param bool $throwException Flag to throw the exception if the main parameters are invalid or do not exist + * (TRUE: throw the exception; FALSE: returns FALSE) + * + * @return array Returns an array with Department record, ThrowTheException/FALSE otherwise + */ + public function getDepartmentRecordByPk( + $departmentUid, + array $arrayVariableNameForException, + $throwException = true + ) { + try { + $obj = \DepartmentPeer::retrieveByPK($departmentUid); + + if (is_null($obj)) { + if ($throwException) { + throw new \Exception(\G::LoadTranslation( + 'ID_DEPARTMENT_NOT_EXIST', [$arrayVariableNameForException['$departmentUid'], $departmentUid] + )); + } else { + return false; + } + } + + //Return + return $obj->toArray(\BasePeer::TYPE_FIELDNAME); + } catch (\Exception $e) { + throw $e; + } + } + /** * Get list for Departments * @@ -187,7 +222,7 @@ class Department $oCriteria->setOffset( $start ); if ($search != '') { - $oCriteria->add( $oCriteria->getNewCriterion( UsersPeer::USR_USERNAME, '%' . $search . '%', \Criteria::LIKE )->addOr( $oCriteria->getNewCriterion( UsersPeer::USR_FIRSTNAME, '%' . $search . '%', \Criteria::LIKE )->addOr( $oCriteria->getNewCriterion( UsersPeer::USR_LASTNAME, '%' . $search . '%', \Criteria::LIKE ) ) ) ); + $oCriteria->add( $oCriteria->getNewCriterion( UsersPeer::USR_USERNAME, '%' . $search . '%', \Criteria::LIKE )->addOr( $oCriteria->getNewCriterion( UsersPeer::USR_FIRSTNAME, '%' . $search . '%', \Criteria::LIKE )->addOr( $oCriteria->getNewCriterion( UsersPeer::USR_LASTNAME, '%' . $search . '%', \Criteria::LIKE ) ) ) ); } $oDataset = UsersPeer::doSelectRS( $oCriteria ); diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/User.php b/workflow/engine/src/ProcessMaker/BusinessModel/User.php index 2449e92d7..368f07422 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/User.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/User.php @@ -328,6 +328,38 @@ class User } } + /** + * Get User record + * + * @param string $userUid Unique id of User + * @param array $arrayVariableNameForException Variable name for exception + * @param bool $throwException Flag to throw the exception if the main parameters are invalid or do not exist + * (TRUE: throw the exception; FALSE: returns FALSE) + * + * @return array Returns an array with User record, ThrowTheException/FALSE otherwise + */ + public function getUserRecordByPk($userUid, array $arrayVariableNameForException, $throwException = true) + { + try { + $obj = \UsersPeer::retrieveByPK($userUid); + + if (is_null($obj)) { + if ($throwException) { + throw new \Exception(\G::LoadTranslation( + 'ID_USER_DOES_NOT_EXIST', [$arrayVariableNameForException['$userUid'], $userUid] + )); + } else { + return false; + } + } + + //Return + return $obj->toArray(\BasePeer::TYPE_FIELDNAME); + } catch (\Exception $e) { + throw $e; + } + } + /** * Get data of a from a record * @@ -1288,5 +1320,68 @@ class User throw $e; } } -} + /** + * Get the User's Manager + * + * @param string $userUid Unique id of User + * @param bool $throwException Flag to throw the exception if the main parameters are invalid or do not exist + * (TRUE: throw the exception; FALSE: returns FALSE) + * + * @return string Returns an string with Unique id of User (Manager), ThrowTheException/FALSE otherwise + */ + public function getUsersManager($userUid, $throwException = true) + { + try { + //Verify data and Set variables + $arrayUserData = $this->getUserRecordByPk($userUid, ['$userUid' => '$userUid'], $throwException); + + if ($arrayUserData === false) { + return false; + } + + //Set variables + $department = new \ProcessMaker\BusinessModel\Department(); + + //Get Manager + if ((string)($arrayUserData['USR_REPORTS_TO']) == '' || + (string)($arrayUserData['USR_REPORTS_TO']) == $userUid + ) { + if ((string)($arrayUserData['DEP_UID']) != '') { + $departmentUid = $arrayUserData['DEP_UID']; + + do { + $flagd = false; + + $arrayDepartmentData = $department->getDepartmentRecordByPk( + $departmentUid, ['$departmentUid' => '$departmentUid'], $throwException + ); + + if ($arrayDepartmentData === false) { + return false; + } + + if ((string)($arrayDepartmentData['DEP_MANAGER']) == '' || + (string)($arrayDepartmentData['DEP_MANAGER']) == $userUid + ) { + if ((string)($arrayDepartmentData['DEP_PARENT']) != '') { + $departmentUid = $arrayDepartmentData['DEP_PARENT']; + $flagd = true; + } else { + return false; + } + } else { + return $arrayDepartmentData['DEP_MANAGER']; + } + } while ($flagd); + } else { + return false; + } + } else { + return $arrayUserData['USR_REPORTS_TO']; + } + } catch (\Exception $e) { + throw $e; + } + } +} diff --git a/workflow/engine/src/ProcessMaker/Services/Api/Light.php b/workflow/engine/src/ProcessMaker/Services/Api/Light.php index 2a66f9c63..a235b39af 100644 --- a/workflow/engine/src/ProcessMaker/Services/Api/Light.php +++ b/workflow/engine/src/ProcessMaker/Services/Api/Light.php @@ -20,7 +20,7 @@ class Light extends Api private $arrayFieldIso8601 = [ // request lists - 'newestthan', + 'newerThan', 'oldestthan', //return lists 'date', @@ -132,7 +132,7 @@ class Light extends Api $filter = '', $date_from = '', $date_to = '', - $newestthan = '', + $newerThan = '', $oldestthan ='' ) { try { @@ -142,15 +142,15 @@ class Light extends Api $dataList['start'] = $start; $dataList['limit'] = $limit; $dataList['sort'] = $sort; - $dataList['dir'] = ($newestthan != '') ? 'ASC':$dir; + $dataList['dir'] = $dir; $dataList['category'] = $cat_uid; $dataList['process'] = $pro_uid; $dataList['search'] = $search; $dataList['filter'] = $filter; $dataList['dateFrom'] = $date_from; $dataList['dateTo'] = $date_to; - $dataList['newestthan'] = $newestthan; - $dataList['oldestthan'] = $oldestthan; + $dataList['newerThan'] = $newerThan; + $dataList['oldestthan'] = $oldestthan; Validator::throwExceptionIfDataNotMetIso8601Format($dataList, $this->arrayFieldIso8601); $dataList = DateTime::convertDataToUtc($dataList, $this->arrayFieldIso8601); @@ -169,7 +169,7 @@ class Light extends Api } /*----------------------------------********---------------------------------*/ - if ($newestthan != '') { + if ($newerThan != '') { $response['data'] = array_reverse($response['data']); } $result = $this->parserDataTodo($response['data']); @@ -227,7 +227,7 @@ class Light extends Api $cat_uid = '', $pro_uid = '', $search = '', - $newestthan = '', + $newerThan = '', $oldestthan ='' ) { try { @@ -238,12 +238,12 @@ class Light extends Api $dataList['start'] = $start; $dataList['limit'] = $limit; $dataList['sort'] = $sort; - $dataList['dir'] = ($newestthan != '') ? 'ASC':$dir; + $dataList['dir'] = $dir; $dataList['category'] = $cat_uid; $dataList['process'] = $pro_uid; $dataList['search'] = $search; - $dataList['newestthan'] = $newestthan; - $dataList['oldestthan'] = $oldestthan; + $dataList['newerThan'] = $newerThan; + $dataList['oldestthan'] = $oldestthan; Validator::throwExceptionIfDataNotMetIso8601Format($dataList, $this->arrayFieldIso8601); $dataList = DateTime::convertDataToUtc($dataList, $this->arrayFieldIso8601); @@ -262,7 +262,7 @@ class Light extends Api } /*----------------------------------********---------------------------------*/ - if ($newestthan != '') { + if ($newerThan != '') { $response['data'] = array_reverse($response['data']); } $result = $this->parserDataDraft($response['data']); @@ -285,11 +285,11 @@ class Light extends Api 'user' => array( 'USR_UID' => 'userId' ), - 'prevUser' => array( - 'PREVIOUS_USR_UID' => 'userId', - 'PREVIOUS_USR_FIRSTNAME' => 'firstName', - 'PREVIOUS_USR_LASTNAME' => 'lastName', - 'PREVIOUS_USR_USERNAME' => 'fullName', + 'currentUser' => array( + 'USR_UID' => 'userId', + 'USR_FIRSTNAME' => 'firstName', + 'USR_LASTNAME' => 'lastName', + 'USR_USERNAME' => 'fullName', ), 'process' => array( 'PRO_UID' => 'processId', @@ -325,7 +325,7 @@ class Light extends Api $filter = '', $date_from = '', $date_to = '', - $newestthan = '', + $newerThan = '', $oldestthan ='' ) { try { @@ -337,7 +337,7 @@ class Light extends Api $dataList['start'] = $start; $dataList['limit'] = $limit; $dataList['sort'] = $sort; - $dataList['dir'] = ($newestthan != '') ? 'ASC':$dir; + $dataList['dir'] = $dir; $dataList['category'] = $category; $dataList['process'] = $process; @@ -345,7 +345,7 @@ class Light extends Api $dataList['filter'] = $filter; $dataList['dateFrom'] = $date_from; $dataList['dateTo'] = $date_to; - $dataList['newestthan'] = $newestthan; + $dataList['newerThan'] = $newerThan; $dataList['oldestthan'] = $oldestthan; Validator::throwExceptionIfDataNotMetIso8601Format($dataList, $this->arrayFieldIso8601); @@ -365,7 +365,7 @@ class Light extends Api } /*----------------------------------********---------------------------------*/ - if ($newestthan != '') { + if ($newerThan != '') { $response['data'] = array_reverse($response['data']); } $result = $this->parserDataParticipated($response['data']); @@ -428,7 +428,9 @@ class Light extends Api $search = '', $filter = '', $date_from = '', - $date_to = '' + $date_to = '', + $newerThan = '', + $oldestthan = '' ) { try { $dataList['userId'] = $this->getUserId(); @@ -445,6 +447,8 @@ class Light extends Api $dataList['filter'] = $filter; $dataList['dateFrom'] = $date_from; $dataList['dateTo'] = $date_to; + $dataList['newerThan'] = $newerThan; + $dataList['oldestthan'] = $oldestthan; /*----------------------------------********---------------------------------*/ if (true) { @@ -518,7 +522,7 @@ class Light extends Api $cat_uid = '', $pro_uid = '', $search = '', - $newestthan = '', + $newerThan = '', $oldestthan ='' ) { try { @@ -529,11 +533,11 @@ class Light extends Api $dataList['start'] = $start; $dataList['limit'] = $limit; $dataList['sort'] = $sort; - $dataList['dir'] = ($newestthan != '') ? 'ASC':$dir; + $dataList['dir'] = $dir; $dataList['category'] = $cat_uid; $dataList['process'] = $pro_uid; $dataList['search'] = $search; - $dataList['newestthan'] = $newestthan; + $dataList['newerThan'] = $newerThan; $dataList['oldestthan'] = $oldestthan; Validator::throwExceptionIfDataNotMetIso8601Format($dataList, $this->arrayFieldIso8601); $dataList = DateTime::convertDataToUtc($dataList, $this->arrayFieldIso8601); diff --git a/workflow/engine/src/ProcessMaker/Services/Api/Project/ProcessSupervisors.php b/workflow/engine/src/ProcessMaker/Services/Api/Project/ProcessSupervisors.php index 1d2575ea2..1bfe40447 100644 --- a/workflow/engine/src/ProcessMaker/Services/Api/Project/ProcessSupervisors.php +++ b/workflow/engine/src/ProcessMaker/Services/Api/Project/ProcessSupervisors.php @@ -31,7 +31,7 @@ class ProcessSupervisors extends Api return (preg_match("/^.*\/paged.*$/", $this->restler->url))? $response : $response["data"]; } catch (\Exception $e) { - throw new RestException(Api::STAT_APP_EXCEPTION, $e->getMessage()); + throw new RestException(Api::STAT_APP_EXCEPTION, htmlspecialchars($e->getMessage())); } } diff --git a/workflow/engine/templates/pmTables/list.js b/workflow/engine/templates/pmTables/list.js index ad7acc67a..90e5e93b1 100755 --- a/workflow/engine/templates/pmTables/list.js +++ b/workflow/engine/templates/pmTables/list.js @@ -515,6 +515,9 @@ DeletePMTable = function() { //Load Import PM Table Form ImportPMTable = function(){ + var aOverwrite, + aRelated, + aMessage; var w = new Ext.Window({ id: 'windowPmTableUploaderImport', title: '', @@ -550,12 +553,6 @@ ImportPMTable = function(){ buttonCfg: { iconCls: 'upload-icon' } - }, { - id: 'importPMTableOverwrite', - xtype: 'checkbox', - fieldLabel: '', - boxLabel: _('ID_OVERWRITE_EXIST'), // 'Overwrite if exists?', - name: 'form[OVERWRITE]' }, { xtype: 'hidden', name: 'form[TYPE_TABLE]', @@ -580,7 +577,7 @@ ImportPMTable = function(){ var result = Ext.util.JSON.decode(resp.response.responseText); if (result.success) { - PMExt.notify(_('ID_IMPORT_RESULT'), result.message); + PMExt.notify('', result.message); } else { win = new Ext.Window({ @@ -613,219 +610,34 @@ ImportPMTable = function(){ var result = Ext.util.JSON.decode(resp.response.responseText); if (result.errorType == 'warning') { - PMExt.warning(_('ID_WARNING'), result.message.replace(/\n/g,'
')); - } - else { + Ext.MessageBox.show({ + title: _('ID_WARNING_PMTABLES'), + width: 510, + height: 300, + msg: "
" + result.message.replace(/\n/g,'
') + "
", + buttons: Ext.MessageBox.OK, + animEl: 'mb9', + fn: function(){}, + icon: Ext.MessageBox.INFO + }); + } else { if(result.fromAdmin) { /* from admin tab */ - if(result.validationType == 1) { - Ext.MessageBox.confirm('Confirmation', result.message.replace(/\n/g,'
'), function(btn, text){ - if (btn == 'yes'){ - Ext.Ajax.request({ - url: 'pmTablesProxy/import', - params: { - 'form[FROM_CONFIRM]':'overWrite', - 'form[TYPE_TABLE]':(PRO_UID? 'designer' : 'admin'), - 'form[OVERWRITE]':true - }, - success: function(resp){ - var result = Ext.util.JSON.decode(resp.responseText); - if (result.success) { - PMExt.notify(_('ID_IMPORT_RESULT'), result.message); - Ext.getCmp('infoGrid').getStore().reload(); - } else { - if(result.validationType == 2) { - PMExt.error(_('ID_ERROR'), result.message.replace(/\n/g,'
')); - } - } - }, - failure: function(obj, resp){ - var result = Ext.util.JSON.decode(resp.responseText); - if(result.validationType == 2) { - PMExt.error(_('ID_ERROR'), result.message.replace(/\n/g,'
')); - } - } - }); - } else { - Ext.Ajax.request({ - url: 'pmTablesProxy/import', - params: { - 'form[FROM_CONFIRM]':'clear', - 'form[TYPE_TABLE]':(PRO_UID? 'designer' : 'admin') - }, - success: function(resp) { - var result = Ext.util.JSON.decode(resp.responseText); - PMExt.notify(_('ID_IMPORT_RESULT'), result.message); - Ext.getCmp('infoGrid').getStore().reload(); - } - }); - } - Ext.getCmp('infoGrid').getStore().reload(); - }); - return false; - } else { - PMExt.error(_('ID_ERROR'), result.message.replace(/\n/g,'
')); - } + aOverwrite = result.arrayOverwrite; + aRelated = result.arrayRelated; + aMessage = result.arrayMessage; + pmtablesErrors(aOverwrite,aRelated,aMessage); } else { /* from designer tab */ - if(result.validationType == 1) { - Ext.MessageBox.confirm('Confirmation', result.message.replace(/\n/g,'
'), function(btn, text){ - if (btn == 'yes'){ - Ext.Ajax.request({ - url: 'pmTablesProxy/import', - params: { - 'form[FROM_CONFIRM]':'2', - 'form[TYPE_TABLE]':(PRO_UID? 'designer' : 'admin'), - 'form[OVERWRITE]':true - }, - success: function(resp){ - var result = Ext.util.JSON.decode(resp.responseText); - if (result.success) { - PMExt.notify(_('ID_IMPORT_RESULT'), result.message); - Ext.getCmp('infoGrid').getStore().reload(); - } else { - if(result.validationType == 2) { - Ext.MessageBox.confirm('Confirmation', result.message.replace(/\n/g,'
'), function(btn, text){ - if (btn == 'yes'){ - Ext.Ajax.request({ - url: 'pmTablesProxy/import', - params: { - 'form[FROM_CONFIRM]':'overWrite', - 'form[TYPE_TABLE]':(PRO_UID? 'designer' : 'admin'), - 'form[OVERWRITE]':true - }, - success: function(resp){ - var result = Ext.util.JSON.decode(resp.responseText); - if (result.success) { - PMExt.notify(_('ID_IMPORT_RESULT'), result.message); - Ext.getCmp('infoGrid').getStore().reload(); - } else { - PMExt.error(_('ID_ERROR'), result.message.replace(/\n/g,'
')); - } - }, - failure: function(obj, resp){ - PMExt.error(_('ID_ERROR'), result.message.replace(/\n/g,'
')); - } - }); - Ext.getCmp('infoGrid').getStore().reload(); - } - }); - return false; - } - else { - PMExt.error(_('ID_ERROR'), result.message.replace(/\n/g,'
')); - } - } - }, - failure: function(obj, resp){ - var result = Ext.util.JSON.decode(resp.responseText); - if(result.validationType == 2) { - PMExt.error(_('ID_ERROR'), result.message.replace(/\n/g,'
')); - } - } - }); - Ext.getCmp('infoGrid').getStore().reload(); - } else { - Ext.Ajax.request({ - url: 'pmTablesProxy/import', - params: { - 'form[FROM_CONFIRM]':'2', - 'form[TYPE_TABLE]':(PRO_UID? 'designer' : 'admin'), - 'form[PRO_UID_HELP]':PRO_UID - }, - success: function(resp) { - var result = Ext.util.JSON.decode(resp.responseText); - if(result.validationType == 2) { - /*add code if related process*/ - Ext.MessageBox.confirm('Confirmation', result.message.replace(/\n/g,'
'), function(btn, text){ - if (btn == 'yes'){ - Ext.Ajax.request({ - url: 'pmTablesProxy/import', - params: { - 'form[FROM_CONFIRM]':'overWrite', - 'form[TYPE_TABLE]':(PRO_UID? 'designer' : 'admin'), - 'form[PRO_UID_HELP]':PRO_UID - }, - success: function(resp){ - var result = Ext.util.JSON.decode(resp.responseText); - if (result.success) { - PMExt.notify(_('ID_IMPORT_RESULT'), result.message); - Ext.getCmp('infoGrid').getStore().reload(); - } else { - PMExt.error(_('ID_ERROR'), result.message.replace(/\n/g,'
')); - } - }, - failure: function(obj, resp){ - PMExt.error(_('ID_ERROR'), result.message.replace(/\n/g,'
')); - } - }); - Ext.getCmp('infoGrid').getStore().reload(); - } - }); - return false; - } else { - var result = Ext.util.JSON.decode(resp.responseText); - if (result.success) { - PMExt.notify(_('ID_IMPORT_RESULT'), result.message); - Ext.getCmp('infoGrid').getStore().reload(); - } else { - PMExt.error(_('ID_ERROR'), result.message.replace(/\n/g,'
')); - } - } - //PMExt.notify(_('ID_IMPORT_RESULT'), result.message); - }, - failure: function(obj, resp){ - var result = Ext.util.JSON.decode(resp.responseText); - PMExt.error(_('ID_ERROR'), result.message.replace(/\n/g,'
')); - } - }); - } - Ext.getCmp('infoGrid').getStore().reload(); - }); - return false; - } - if(result.validationType == 2) { - Ext.MessageBox.confirm('Confirmation', result.message.replace(/\n/g,'
'), function(btn, text){ - if (btn == 'yes'){ - Ext.Ajax.request({ - url: 'pmTablesProxy/import', - params: { - 'form[FROM_CONFIRM]':'overWrite', - 'form[TYPE_TABLE]':(PRO_UID? 'designer' : 'admin'), - 'form[OVERWRITE]':true, - 'form[PRO_UID_HELP]':PRO_UID - }, - success: function(resp){ - var result = Ext.util.JSON.decode(resp.responseText); - if (result.success) { - PMExt.notify(_('ID_IMPORT_RESULT'), result.message); - Ext.getCmp('infoGrid').getStore().reload(); - } else { - PMExt.error(_('ID_ERROR'), result.message.replace(/\n/g,'
')); - } - }, - failure: function(obj, resp){ - PMExt.error(_('ID_ERROR'), result.message.replace(/\n/g,'
')); - } - }); - Ext.getCmp('infoGrid').getStore().reload(); - } - }); - return false; - } else { - PMExt.error(_('ID_ERROR'), result.message.replace(/\n/g,'
')); - } + aOverwrite = result.arrayOverwrite; + aRelated = result.arrayRelated; + aMessage = result.arrayMessage; + pmtablesErrors(aOverwrite,aRelated,aMessage); } } } }); } } - }/*,{ - text: 'Reset', - handler: function(){ - uploader = Ext.getCmp('uploader'); - uploader.getForm().reset(); - } - }*/,{ + },{ id: 'importPMTableButtonCancel', text: TRANSLATIONS.ID_CANCEL, handler: function(){ @@ -959,3 +771,167 @@ function updateTagPermissions(){ var top = (Ext.getBody().getViewSize().height/3); var targetWin = window.open (pageURL, title, 'toolbar=no, location=no, directories=no, status=no, menubar=no, scrollbars=no, resizable=no, copyhistory=no, width='+w+', height='+h+', top='+top+', left='+left); } + +function pmtablesErrors(aOverwrite,aRelated,aMessage){ + var jsonDataArray = [], + i, + fieldMessage, + fieldRadio2Options, + fieldRadio3Options, + win, + tablesOfNo, + tablesOfYes, + tablesOfNew, + valueSelected, + nameId, + number; + //Show the error message ERROR_PROCESS_NOT_EXIST or ERROR_NO_REPORT_TABLE + for (i = 0; i < aMessage.length; i++){ + fieldMessage = { + xtype : 'fieldset', + title : aMessage[i]['ERROR_MESS'], + id : aMessage[i]['NAME_TABLE'], + autoHeight : true + }; + jsonDataArray.push(fieldMessage); + } + //Check the ERROR_OVERWRITE_RELATED_PROCESS + for (i = 0; i < aRelated.length; i++){ + fieldRadio2Options = { + xtype : 'fieldset', + title : aRelated[i]['ERROR_MESS'], + id : aRelated[i]['NAME_TABLE'], + autoHeight : true, + defaultType: 'radio', // each item will be a radio button + items: [{ + checked : true, + boxLabel : _('ID_RADIO_RELATED_PROCESS'), + name : aRelated[i]['NAME_TABLE'], + inputValue : 'related' + }, { + boxLabel : _('ID_RADIO_NOT_IMPORTED_RPT'), + name : aRelated[i]['NAME_TABLE'], + inputValue : 'no' + }] + }; + jsonDataArray.push(fieldRadio2Options); + } + // check the ERROR_PM_TABLES_OVERWRITE or ERROR_RP_TABLES_OVERWRITE + for (i = 0; i < aOverwrite.length; i++){ + fieldRadio3Options = { + xtype : 'fieldset', + title : aOverwrite[i]['ERROR_MESS'], + id : aOverwrite[i]['NAME_TABLE'], + autoHeight : true, + defaultType : 'radio', // each item will be a radio button + items: [{ + boxLabel : _('ID_RADIO_CREATE_NEW'), + name : aOverwrite[i]['NAME_TABLE'], + inputValue : 'new' + }, { + boxLabel : _('ID_RADIO_OVERWRITE'), + name : aOverwrite[i]['NAME_TABLE'], + inputValue : 'overwrite' + }, { + checked : true, + boxLabel : _('ID_RADIO_NOT_IMPORTED'), + name : aOverwrite[i]['NAME_TABLE'], + inputValue : 'no' + }] + }; + jsonDataArray.push(fieldRadio3Options); + } + + number = Math.floor((Math.random() * 100) + 1); + win = new Ext.Window({ + id : 'winPmtableRptableErrors'+number, + layout : 'fit', + width : 700, + height : 400, + title : _('ID_WARNING_PMTABLES'), + modal : true, + maximizable: true, + constrain : true, + plain : true, + autoScroll : true, + items : jsonDataArray, + buttons : [{ + text : _('ID_CONTINUE'), + handler: function(){ + tablesOfNo = ''; + tablesOfYes = ''; + tablesOfNew = ''; + for (i = 0; i < aMessage.length; i++){ + nameId = aMessage[i]['NAME_TABLE']; + tablesOfNo = tablesOfNo.concat('|',nameId); + } + for (i = 0; i < aRelated.length; i++){ + nameId = aRelated[i]['NAME_TABLE']; + valueSelected = Ext.getCmp(nameId).items.get(0).getGroupValue(); + switch(valueSelected) { + case 'related': + tablesOfYes = tablesOfYes.concat('|',nameId); + break; + case 'no': + tablesOfNo = tablesOfNo.concat('|',nameId); + break; + } + } + for (i = 0; i < aOverwrite.length; i++){ + nameId = aOverwrite[i]['NAME_TABLE']; + valueSelected = Ext.getCmp(nameId).items.get(0).getGroupValue(); + switch(valueSelected) { + case 'new': + tablesOfNew = tablesOfNew.concat('|',nameId); + break; + case 'overwrite': + tablesOfYes = tablesOfYes.concat('|',nameId); + break; + case 'no': + tablesOfNo = tablesOfNo.concat('|',nameId); + break; + } + } + win.close(); + Ext.Ajax.request({ + url: 'pmTablesProxy/import', + params: { + 'form[FROM_CONFIRM]':'yes', + 'form[TYPE_TABLE]':(PRO_UID? 'designer' : 'admin'), + 'form[OVERWRITE]':true, + 'form[TABLES_OF_NO]':tablesOfNo, + 'form[TABLES_OF_YES]':tablesOfYes, + 'form[TABLES_OF_NEW]':tablesOfNew + }, + success: function(resp){ + var result = Ext.util.JSON.decode(resp.responseText); + if (result.success) { + PMExt.notify('', result.message); + Ext.getCmp('infoGrid').getStore().reload(); + } + }, + failure: function(obj, resp){ + var result = Ext.util.JSON.decode(resp.responseText); + Ext.getCmp('infoGrid').getStore().reload(); + } + }); + } + },{ + text: _('ID_CANCEL'), + handler: function(){ + win.close(); + } + }] + }); + win.show(); + + for (i = 0; i < aMessage.length; i++){ + Ext.get(aMessage[i]['NAME_TABLE']).setStyle({border: '0', marginTop:'0'} ); + } + for (i = 0; i < aRelated.length; i++){ + Ext.get(aRelated[i]['NAME_TABLE']).setStyle({border: '0', marginTop:'0'} ); + } + for (i = 0; i < aOverwrite.length; i++){ + Ext.get(aOverwrite[i]['NAME_TABLE']).setStyle({border: '0', marginTop:'0'} ); + } +} \ No newline at end of file diff --git a/workflow/engine/templates/processes/main.js b/workflow/engine/templates/processes/main.js index 30218cc00..d7641d546 100755 --- a/workflow/engine/templates/processes/main.js +++ b/workflow/engine/templates/processes/main.js @@ -280,6 +280,15 @@ Ext.onReady(function(){ }, columns: [ expander, + + // There is a list of allowed columns to sort: + // workflow/engine/methods/cases/proxyProcessList.php + // This is to prevent ORDER BY injection attacks + + // It is identical to this list. + // If you need to add a new column that is sortable, please + // make sure it is added there or sorting will not work. + {id:'PRO_UID', dataIndex: 'PRO_UID', hidden:true, hideable:false}, {header: "", dataIndex: 'PRO_STATUS', width: 50, hidden:true, hideable:false}, {header: _('ID_PRO_DESCRIPTION'), dataIndex: 'PRO_DESCRIPTION',hidden:true, hideable:false},