From 46d09f5b84872622cde16c368ef48b69442e7512 Mon Sep 17 00:00:00 2001 From: Dante Date: Mon, 12 Jun 2017 16:11:19 -0400 Subject: [PATCH 1/3] HOR-3095 --- workflow/engine/classes/Calendar.php | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/workflow/engine/classes/Calendar.php b/workflow/engine/classes/Calendar.php index 2f788a442..43e35035b 100644 --- a/workflow/engine/classes/Calendar.php +++ b/workflow/engine/classes/Calendar.php @@ -799,10 +799,6 @@ class Calendar extends CalendarDefinition return $return; } - - - - /**************SLA classes***************/ public function dashCalculateDate ($iniDate, $duration, $formatDuration, $calendarData = array()) { @@ -828,7 +824,7 @@ class Calendar extends CalendarDefinition $newDate = $onlyDate; $hoursDuration -= (float)($secondRes/3600); } else { - $newDate = date('Y-m-d H:i:s', strtotime('+' . (((float)$hoursDuration)*3600) . ' seconds', strtotime($newDate))); + $newDate = date('Y-m-d H:i:s', strtotime('+' . round((((float)$hoursDuration)*3600), 5) . ' seconds', strtotime($newDate))); $hoursDuration = 0; } } @@ -841,8 +837,6 @@ class Calendar extends CalendarDefinition if ((is_null($finDate)) || ($finDate == '')) { $finDate = date('Y-m-d H:i:s'); } - - if ((strtotime($finDate)) <= (strtotime($iniDate))) { return 0.00; } From b846a246ef90cb0bd383ff974b4a3301e890ced8 Mon Sep 17 00:00:00 2001 From: "Marco A. Nina Mena" Date: Sun, 6 Aug 2017 20:19:26 -0400 Subject: [PATCH 2/3] HOR-3548 Users can log in with just a password hash without knowing the clear text password - Check if the password contains password hashes. --- workflow/engine/methods/login/authentication.php | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/workflow/engine/methods/login/authentication.php b/workflow/engine/methods/login/authentication.php index ed7e32196..7152e29db 100644 --- a/workflow/engine/methods/login/authentication.php +++ b/workflow/engine/methods/login/authentication.php @@ -41,6 +41,18 @@ try { die(); } + //Check if the password contains the password hashes + if (!empty($_POST['form']['USR_PASSWORD']) && strlen($_POST['form']['USR_PASSWORD']) > 32) { + $pass = trim($_POST['form']['USR_PASSWORD']); + foreach (Bootstrap::getPasswordHashConfig() as $key => $hash) { + $search = substr($pass, 0, strlen($hash) + 1); + if ($search == $hash . ':') { + $pass = substr($pass, strlen($hash) + 1); + } + } + $_POST['form']['USR_PASSWORD'] = $pass; + } + $frm = $_POST['form']; if (isset($frm['USR_USERNAME'])) { From 890dd720e6231155798e10deb08af7d29003754d Mon Sep 17 00:00:00 2001 From: "Marco A. Nina Mena" Date: Sun, 6 Aug 2017 20:33:53 -0400 Subject: [PATCH 3/3] Delete changes of file. --- workflow/engine/classes/Calendar.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/workflow/engine/classes/Calendar.php b/workflow/engine/classes/Calendar.php index 43e35035b..2f788a442 100644 --- a/workflow/engine/classes/Calendar.php +++ b/workflow/engine/classes/Calendar.php @@ -799,6 +799,10 @@ class Calendar extends CalendarDefinition return $return; } + + + + /**************SLA classes***************/ public function dashCalculateDate ($iniDate, $duration, $formatDuration, $calendarData = array()) { @@ -824,7 +828,7 @@ class Calendar extends CalendarDefinition $newDate = $onlyDate; $hoursDuration -= (float)($secondRes/3600); } else { - $newDate = date('Y-m-d H:i:s', strtotime('+' . round((((float)$hoursDuration)*3600), 5) . ' seconds', strtotime($newDate))); + $newDate = date('Y-m-d H:i:s', strtotime('+' . (((float)$hoursDuration)*3600) . ' seconds', strtotime($newDate))); $hoursDuration = 0; } } @@ -837,6 +841,8 @@ class Calendar extends CalendarDefinition if ((is_null($finDate)) || ($finDate == '')) { $finDate = date('Y-m-d H:i:s'); } + + if ((strtotime($finDate)) <= (strtotime($iniDate))) { return 0.00; }