fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

HOR-284

Browse Source 
Security Issue - Harcoded credentials
This commit is contained in:
william barra
2016-02-29 15:28:21 -04:00
committed by dheeyi
parent 423944a83c
commit 67137dc673
5 changed files with 0 additions and 617 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
gulliver/system/class.bootstrap.php
View File

@@ -199,7 +199,6 @@ class Bootstrap
//self::registerClass("GroupUser", PATH_CLASSES . "class.groupUser.php"); -> this have conflicts with model/GroupUser.php
self::registerClass("Groups", PATH_CLASSES . "class.groups.php");
self::registerClass("JavaBridgePM", PATH_CLASSES . "class.javaBridgePM.php");
self::registerClass("Jrml", PATH_CLASSES . "class.jrml.php");
self::registerClass("PMmemcached", PATH_CLASSES . "class.memcached.php");
self::registerClass("multipleFilesBackup", PATH_CLASSES . "class.multipleFilesBackup.php");
self::registerClass("NET", PATH_CLASSES . "class.net.php");

139
tests/automated/workflow/engine/classes/classJrmlTest.php
View File

@@ -1,139 +0,0 @@
<?php
require_once PATH_TRUNK . 'gulliver/thirdparty/smarty/libs/Smarty.class.php';
require_once PATH_TRUNK . 'gulliver/system/class.xmlform.php';
require_once PATH_TRUNK . 'gulliver/system/class.xmlDocument.php';
require_once PATH_TRUNK . 'gulliver/system/class.form.php';
require_once PATH_TRUNK . 'gulliver/system/class.dbconnection.php';
require_once PATH_TRUNK . 'gulliver/thirdparty/propel/Propel.php';
require_once PATH_TRUNK . 'gulliver/thirdparty/creole/Creole.php';
require_once PATH_TRUNK . 'gulliver/thirdparty/pear/PEAR.php';
require_once PATH_TRUNK . 'workflow/engine/classes/class.jrml.php';
/**
* Generated by ProcessMaker Test Unit Generator on 2012-07-12 at 22:32:25.
*/
class classJrmlTest extends PHPUnit_Framework_TestCase
{
/**
* @var Jrml
*/
protected $object;
/**
* Sets up the fixture, for example, opens a network connection.
* This method is called before a test is executed.
*/
protected function setUp()
{
$array = array('sql'=>'', 'type'=> array());
$this->object = new Jrml($array);
}
/**
* Tears down the fixture, for example, closes a network connection.
* This method is called after a test is executed.
*/
protected function tearDown()
{
}
/**
* This is the default method to test, if the class still having
* the same number of methods.
*/
public function testNumberOfMethodsInThisClass()
{
$methods = get_class_methods('Jrml');
$this->assertTrue( count($methods) == 7);
}
/**
* @covers Jrml::__construct
* @todo Implement test__construct().
*/
public function test__construct()
{
$methods = get_class_methods($this->object);
$this->assertTrue( in_array('__construct', $methods ), 'exists method __construct' );
$r = new ReflectionMethod('Jrml', '__construct');
$params = $r->getParameters();
$this->assertTrue( $params[0]->getName() == 'data');
$this->assertTrue( $params[0]->isArray() == false);
$this->assertTrue( $params[0]->isOptional () == true);
$this->assertTrue( $params[0]->getDefaultValue() == array());
}
/**
* @covers Jrml::get_md
* @todo Implement testget_md().
*/
public function testget_md()
{
$methods = get_class_methods($this->object);
$this->assertTrue( in_array('get_md', $methods ), 'exists method get_md' );
$r = new ReflectionMethod('Jrml', 'get_md');
$params = $r->getParameters();
}
/**
* @covers Jrml::get_header
* @todo Implement testget_header().
*/
public function testget_header()
{
$methods = get_class_methods($this->object);
$this->assertTrue( in_array('get_header', $methods ), 'exists method get_header' );
$r = new ReflectionMethod('Jrml', 'get_header');
$params = $r->getParameters();
}
/**
* @covers Jrml::get_column_header
* @todo Implement testget_column_header().
*/
public function testget_column_header()
{
$methods = get_class_methods($this->object);
$this->assertTrue( in_array('get_column_header', $methods ), 'exists method get_column_header' );
$r = new ReflectionMethod('Jrml', 'get_column_header');
$params = $r->getParameters();
}
/**
* @covers Jrml::get_detail
* @todo Implement testget_detail().
*/
public function testget_detail()
{
$methods = get_class_methods($this->object);
$this->assertTrue( in_array('get_detail', $methods ), 'exists method get_detail' );
$r = new ReflectionMethod('Jrml', 'get_detail');
$params = $r->getParameters();
}
/**
* @covers Jrml::get_footer
* @todo Implement testget_footer().
*/
public function testget_footer()
{
$methods = get_class_methods($this->object);
$this->assertTrue( in_array('get_footer', $methods ), 'exists method get_footer' );
$r = new ReflectionMethod('Jrml', 'get_footer');
$params = $r->getParameters();
}
/**
* @covers Jrml::export
* @todo Implement testexport().
*/
public function testexport()
{
$methods = get_class_methods($this->object);
$this->assertTrue( in_array('export', $methods ), 'exists method export' );
$r = new ReflectionMethod('Jrml', 'export');
$params = $r->getParameters();
}
}

228
workflow/engine/classes/class.jrml.php
View File

@@ -1,228 +0,0 @@
<?php
/**
* class.jrml.php
*
* @package workflow.engine.ProcessMaker
*
* ProcessMaker Open Source Edition
* Copyright (C) 2004 - 2011 Colosa Inc.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
* Coral Gables, FL, 33134, USA, or email info@colosa.com.
*
*/
/**
* Jrml - Jrml class
*
* @package workflow.engine.ProcessMaker
* @author Maborak <maborak@maborak.com>
* @copyright 2008 COLOSA
*/
class Jrml
{
public $rows;
public $sql;
private $data;
/**
* This function is the constructor of the class Jrml
*
* @param array $data
* @return void
*/
function __construct ($data = array())
{
$this->data = $data;
$this->sql = $data['sql'];
$this->rows = $this->get_rows( $data['type'] );
$this->md = $this->get_md();
}
/**
* This function is for get rows
*
* @param array $a
* @return array
*/
private function get_rows ($a)
{
$b = array ();
foreach ($a as $key => $value) {
$b[] = $key;
}
return $b;
}
public function get_md ()
{
}
/**
* This function is for get the header
*
* @return string
*/
public function get_header ()
{
$xml = "<queryString><![CDATA[{$this->sql}]]></queryString>";
foreach ($this->data['type'] as $key => $value) {
$xml .= "<field name='{$key}' class='{$value}'><fieldDescription><![CDATA[]]></fieldDescription></field>";
}
$xml .= "<background><band/></background>";
$xml .= '
<title>
<band height="58">
<line>
<reportElement x="0" y="8" width="555" height="1"/>
</line>
<line>
<reportElement positionType="FixRelativeToBottom" x="0" y="51" width="555" height="1"/>
</line>
<staticText>
<reportElement x="65" y="13" width="424" height="35"/>
<textElement textAlignment="Center">
<font size="26" isBold="true"/>
</textElement>
<text><![CDATA[' . $this->data['title'] . ']]></text>
</staticText>
</band>
</title>
<pageHeader>
<band/>
</pageHeader>';
return $xml;
}
/**
* This function is for get a column of the header
*
* @return string
*/
public function get_column_header ()
{
$xml = "<columnHeader><band height='18'>";
$w = (int) ($this->data['columnWidth'] / sizeof( $this->rows ));
$i = 0;
foreach ($this->data['type'] as $key => $value) {
$xml .= "<staticText><reportElement mode='Opaque' x='{$i}' y='0' width='{$w}' height='18' forecolor='#FFFFFF' backcolor='#999999'/>
<textElement>
<font size='12'/>
</textElement>
<text><![CDATA[{$key}]]></text>
</staticText>";
$i = $i + $w;
}
$xml .= " </band></columnHeader>";
return $xml;
}
/**
* This function is for get the detail
*
* @return string
*/
public function get_detail ()
{
$xml = '<detail><band height="20">';
$w = (int) ($this->data['columnWidth'] / sizeof( $this->rows ));
$i = 0;
foreach ($this->data['type'] as $key => $value) {
$xml .= "<textField hyperlinkType='None'><reportElement x='{$i}' y='0' width='{$w}' height='20'/><textElement><font size='12'/></textElement><textFieldExpression class='{$value}'><![CDATA[\$F{{$key}}]]></textFieldExpression></textField>";
$i = $i + $w;
}
$xml .= '</band></detail>';
return $xml;
}
/**
* This function is for get the footer
*
* @return string
*/
public function get_footer ()
{
$xml = '<columnFooter>
<band/>
</columnFooter>
<pageFooter>
<band height="26">
<textField evaluationTime="Report" pattern="" isBlankWhenNull="false" hyperlinkType="None">
<reportElement key="textField" x="516" y="6" width="36" height="19" forecolor="#000000" backcolor="#FFFFFF"/>
<box>
<topPen lineWidth="0.0" lineStyle="Solid" lineColor="#000000"/>
<leftPen lineWidth="0.0" lineStyle="Solid" lineColor="#000000"/>
<bottomPen lineWidth="0.0" lineStyle="Solid" lineColor="#000000"/>
<rightPen lineWidth="0.0" lineStyle="Solid" lineColor="#000000"/>
</box>
<textElement>
<font size="10"/>
</textElement>
<textFieldExpression class="java.lang.String"><![CDATA["" + $V{PAGE_NUMBER}]]></textFieldExpression>
</textField>
<textField pattern="" isBlankWhenNull="false" hyperlinkType="None">
<reportElement key="textField" x="342" y="6" width="170" height="19" forecolor="#000000" backcolor="#FFFFFF"/>
<box>
<topPen lineWidth="0.0" lineStyle="Solid" lineColor="#000000"/>
<leftPen lineWidth="0.0" lineStyle="Solid" lineColor="#000000"/>
<bottomPen lineWidth="0.0" lineStyle="Solid" lineColor="#000000"/>
<rightPen lineWidth="0.0" lineStyle="Solid" lineColor="#000000"/>
</box>
<textElement textAlignment="Right">
<font size="10"/>
</textElement>
<textFieldExpression class="java.lang.String"><![CDATA["Page " + $V{PAGE_NUMBER} + " of "]]></textFieldExpression>
</textField>
<textField pattern="" isBlankWhenNull="false" hyperlinkType="None">
<reportElement key="textField" x="1" y="6" width="209" height="19" forecolor="#000000" backcolor="#FFFFFF"/>
<box>
<topPen lineWidth="0.0" lineStyle="Solid" lineColor="#000000"/>
<leftPen lineWidth="0.0" lineStyle="Solid" lineColor="#000000"/>
<bottomPen lineWidth="0.0" lineStyle="Solid" lineColor="#000000"/>
<rightPen lineWidth="0.0" lineStyle="Solid" lineColor="#000000"/>
</box>
<textElement>
<font size="10"/>
</textElement>
<textFieldExpression class="java.util.Date"><![CDATA[new Date()]]></textFieldExpression>
</textField>
</band>
</pageFooter>
<summary>
<band/>
</summary>';
return $xml;
}
/**
* This function is for export
*
* @return string
*/
public function export ()
{
$xml = '<?xml version="1.0" encoding="UTF-8"?>
<jasperReport xmlns="http://jasperreports.sourceforge.net/jasperreports" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://jasperreports.sourceforge.net/jasperreports http://jasperreports.sourceforge.net/xsd/jasperreport.xsd" name="' . $this->data['name'] . '" pageWidth="' . $this->data['pageWidth'] . '" pageHeight="842" columnWidth="' . $this->data['columnWidth'] . '" leftMargin="20" rightMargin="20" topMargin="20" bottomMargin="20">';
$xml .= $this->get_header();
$xml .= $this->get_column_header();
$xml .= $this->get_detail();
$xml .= $this->get_footer();
$xml .= '</jasperReport>';
return $xml;
}
}

136
workflow/engine/methods/setup/jasper.php
View File

@@ -1,136 +0,0 @@
<?php
G::LoadClass( 'jasperReports' );
$oJasper = new jasperReports( '192.168.0.51', 8080, 'jasperadmin', 'jasperadmin' );
$response = $oJasper->ws_list( "/" );
if (is_object( $response ) && get_class( $response ) == 'SOAP_Fault') {
$errorMessage = $response->getFault()->faultstring;
} else {
$folders = $oJasper->getResourceDescriptors( $response );
}
//$result = $oJasper->ws_put();
krumo( $response );
//execute a report
$currentUri = "/reports/samples/Employees";
$result = $oJasper->ws_get( $currentUri );
$folders = $oJasper->getResourceDescriptors( $result );
if (count( $folders ) != 1 || $folders[0]['type'] != 'reportUnit') {
echo "<H1>Invalid RU ($currentUri)</H1>";
echo "<pre>$result</pre>";
exit();
}
$reportUnit = $folders[0];
// 2. Prepare the parameters array looking in the $_GET for params
// starting with PARAM_ ...
//
$report_params = array ();
$moveToPage = "jasper?uri=$currentUri";
foreach (array_keys( $_GET ) as $param_name) {
if (strncmp( "PARAM_", $param_name, 6 ) == 0) {
$report_params[substr( $param_name, 6 )] = $_GET[$param_name];
}
// if ($param_name != "page" && $param_name != "uri") {
// $moveToPage .= "&".urlencode($param_name)."=". urlencode($_GET[$param_name]);
// }
}
$formatReport = RUN_OUTPUT_FORMAT_XML;
$formatReport = RUN_OUTPUT_FORMAT_CSV;
$formatReport = RUN_OUTPUT_FORMAT_RTF;
$formatReport = RUN_OUTPUT_FORMAT_PDF;
$formatReport = RUN_OUTPUT_FORMAT_HTML;
$moveToPage .= "&page=";
// 3. Execute the report
$output_params = array ();
$output_params[RUN_OUTPUT_FORMAT] = $formatReport;
if ($formatReport == RUN_OUTPUT_FORMAT_HTML) {
//$pageReport = isset ( $_GET['page'] ) ? $_GET['page'] : 1;
//$output_params[RUN_OUTPUT_PAGE] = $pageReport;
//$output_params[RUN_OUTPUT_IMAGES_URI] = '/sysos/'. SYS_LANG. '/classic';
}
$result = $oJasper->ws_runReport( $currentUri, $report_params, $output_params, $attachments );
// 4.
if (is_object( $result ) && get_class( $result ) == 'SOAP_Fault') {
$errorMessage = $result->getFault()->faultstring;
echo $errorMessage;
exit();
}
$operationResult = $oJasper->getOperationResult( $result );
if ($operationResult['returnCode'] != '0') {
echo "Error executing the report:<br><font color=\"red\">" . $operationResult['returnMessage'] . "</font>";
exit();
}
if (is_array( $attachments )) {
//krumo ($attachments);
switch ($formatReport) {
case RUN_OUTPUT_FORMAT_PDF:
header( "Content-type: application/pdf" );
echo ($attachments["cid:report"]);
break;
case RUN_OUTPUT_FORMAT_HTML:
// 1. Save attachments....
// 2. Print the report....
header( "Content-type: text/html" );
foreach (array_keys( $attachments ) as $key) {
if ($key != "cid:report") {
$f = fopen( "images/" . substr( $key, 4 ), "w" );
fwrite( $f, $attachments[$key] );
fclose( $f );
}
}
echo "<center>";
$prevpage = ($pageReport > 0) ? $pageReport - 1 : 0;
$nextpage = $pageReport + 1;
echo "<a href=\"" . $moveToPage . $prevpage . "\">Prev page</a> | <a href=\"" . $moveToPage . $nextpage . "\">Next page</a>";
echo "</center><hr>";
echo $attachments["cid:report"];
//print_r(array_keys($attachments));
break;
case RUN_OUTPUT_FORMAT_CSV:
case RUN_OUTPUT_FORMAT_XLS:
header( 'Content-type: application/xls' );
header( 'Content-Disposition: attachment; filename="report.xls"' );
echo ($attachments["cid:report"]);
break;
case RUN_OUTPUT_FORMAT_RTF:
header( 'Content-type: text/rtf' );
header( 'Content-Disposition: attachment; filename="report.rtf"' );
echo ($attachments["cid:report"]);
break;
default:
//header ( 'Content-type: application/xls' );
//header ( 'Content-Disposition: attachment; filename="report.xls"');
echo ($attachments["cid:report"]);
break;
}
exit();
} else
echo "No attachment found!";

113
workflow/engine/test/unit/processmaker/classJrmlTest.php
View File

@@ -1,113 +0,0 @@
<?php
$unitFilename = $_SERVER['PWD'] . '/test/bootstrap/unit.php' ;
require_once( $unitFilename );
require_once( PATH_THIRDPARTY . '/lime/lime.php');
require_once( PATH_THIRDPARTY.'lime/yaml.class.php');
require_once( 'propel/Propel.php' );
require_once ( "creole/Creole.php" );
Propel::init( PATH_CORE . "config/databases.php");
G::LoadThirdParty('smarty/libs','Smarty.class');
G::LoadSystem ( 'error');
G::LoadSystem ( 'xmlform');
G::LoadSystem ( 'xmlDocument');
G::LoadSystem ( 'form');
require_once ( PATH_CORE . "config/databases.php");
G::LoadClass ( 'jrml');
$obj = new Jrml ($dbc);
$t = new lime_test( 19, new lime_output_color() );
$className = Jrml;
$className = strtolower ( substr ($className, 0,1) ) . substr ($className, 1 );
$reflect = new ReflectionClass( $className );
$method = array ( );
$testItems = 0;
foreach ( $reflect->getMethods() as $reflectmethod ) {
$params = '';
foreach ( $reflectmethod->getParameters() as $key => $row ) {
if ( $params != '' ) $params .= ', ';
$params .= '$' . $row->name;
}
$testItems++;
$methods[ $reflectmethod->getName() ] = $params;
}
$t->diag('class $className' );
$t->isa_ok( $obj , 'Jrml', 'class $className created');
$t->is( count($methods) , 8, "class $className have " . 8 . ' methods.' );
//checking method '__construct'
$t->can_ok( $obj, '__construct', '__construct() is callable' );
//$result = $obj->__construct ( $data);
//$t->isa_ok( $result, 'NULL', 'call to method __construct ');
$t->todo( "call to method __construct using $data ");
//checking method 'get_rows'
$t->can_ok( $obj, 'get_rows', 'get_rows() is callable' );
//$result = $obj->get_rows ( $a);
//$t->isa_ok( $result, 'NULL', 'call to method get_rows ');
$t->todo( "call to method get_rows using $a ");
//checking method 'get_md'
$t->can_ok( $obj, 'get_md', 'get_md() is callable' );
//$result = $obj->get_md ( );
//$t->isa_ok( $result, 'NULL', 'call to method get_md ');
$t->todo( "call to method get_md using ");
//checking method 'get_header'
$t->can_ok( $obj, 'get_header', 'get_header() is callable' );
//$result = $obj->get_header ( );
//$t->isa_ok( $result, 'NULL', 'call to method get_header ');
$t->todo( "call to method get_header using ");
//checking method 'get_column_header'
$t->can_ok( $obj, 'get_column_header', 'get_column_header() is callable' );
//$result = $obj->get_column_header ( );
//$t->isa_ok( $result, 'NULL', 'call to method get_column_header ');
$t->todo( "call to method get_column_header using ");
//checking method 'get_detail'
$t->can_ok( $obj, 'get_detail', 'get_detail() is callable' );
//$result = $obj->get_detail ( );
//$t->isa_ok( $result, 'NULL', 'call to method get_detail ');
$t->todo( "call to method get_detail using ");
//checking method 'get_footer'
$t->can_ok( $obj, 'get_footer', 'get_footer() is callable' );
//$result = $obj->get_footer ( );
//$t->isa_ok( $result, 'NULL', 'call to method get_footer ');
$t->todo( "call to method get_footer using ");
//checking method 'export'
$t->can_ok( $obj, 'export', 'export() is callable' );
//$result = $obj->export ( );
//$t->isa_ok( $result, 'NULL', 'call to method export ');
$t->todo( "call to method export using ");
$t->todo ( 'review all pendings methods in this class');