fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

BUG 9649 "Uso de palabras reservadas en la creacion de PM Tables." SOLVED

Browse Source 
- In the creation/editing of PMTables/ReportTables, not validated the
  use of reserved words
- It has validated the use of keywords in the creation/editing of
  PMTables/ReportTables
- It has been validated using reserved words to importing a process with
  ReportTables (old version)
* Available from version 2.0.44
This commit is contained in:
Victor Saisa Lopez
2012-09-04 12:40:47 -04:00
parent ba1fab77dd
commit 68509275f3
3 changed files with 148 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
gulliver/system/class.g.php
View File

@@ -5279,6 +5279,80 @@ function getDirectorySize($path,$maxmtime=0)
// handle the rest request
$rest->handle();
}
public function reservedWordsSql()
{
//Reserved words SQL
$reservedWordsSql = array(
"ACCESSIBLE", "ACTION", "ADD", "ALL", "ALTER",
"ANALYZE", "AND", "ANY", "AS", "ASC",
"ASENSITIVE", "AUTHORIZATION", "BACKUP", "BEFORE", "BEGIN",
"BETWEEN", "BIGINT", "BINARY", "BIT", "BLOB",
"BOTH", "BREAK", "BROWSE", "BULK", "BY",
"CALL", "CASCADE", "CASE", "CHANGE", "CHAR",
"CHARACTER", "CHECK", "CHECKPOINT", "CLOSE", "CLUSTERED",
"COALESCE", "COLLATE", "COLUMN", "COMMIT", "COMPUTE",
"CONDITION", "CONSTRAINT", "CONTAINS", "CONTAINSTABLE", "CONTINUE",
"CONVERT", "CREATE", "CROSS", "CURRENT", "CURRENT_DATE",
"CURRENT_TIME", "CURRENT_TIMESTAMP", "CURRENT_USER", "CURSOR", "DATABASE",
"DATABASES", "DATE", "DAY_HOUR", "DAY_MICROSECOND", "DAY_MINUTE",
"DAY_SECOND", "DBCC", "DEALLOCATE", "DEC", "DECIMAL",
"DECLARE", "DEFAULT", "DELAYED", "DELETE", "DENY",
"DESC", "DESCRIBE", "DETERMINISTIC", "DISK", "DISTINCT",
"DISTINCTROW", "DISTRIBUTED", "DIV", "DOUBLE", "DROP",
"DUAL", "DUMMY", "DUMP", "EACH", "ELSE",
"ELSEIF", "ENCLOSED", "END", "ENUM", "ERRLVL",
"ESCAPE", "ESCAPED", "EXCEPT", "EXEC", "EXECUTE",
"EXISTS", "EXIT", "EXPLAIN", "FALSE", "FETCH",
"FILE", "FILLFACTOR", "FLOAT", "FLOAT4", "FLOAT8",
"FOR", "FORCE", "FOREIGN", "FREETEXT", "FREETEXTTABLE",
"FROM", "FULL", "FULLTEXT", "FUNCTION", "GENERAL",
"GOTO", "GRANT", "GROUP", "HAVING", "HIGH_PRIORITY",
"HOLDLOCK", "HOUR_MICROSECOND", "HOUR_MINUTE", "HOUR_SECOND", "IDENTITY",
"IDENTITYCOL", "IDENTITY_INSERT", "IF", "IGNORE", "IGNORE_SERVER_IDS",
"IN", "INDEX", "INFILE", "INNER", "INOUT",
"INSENSITIVE", "INSERT", "INT", "INT1", "INT2",
"INT3", "INT4", "INT8", "INTEGER", "INTERSECT",
"INTERVAL", "INTO", "IS", "ITERATE", "JOIN",
"KEY", "KEYS", "KILL", "LEADING", "LEAVE",
"LEFT", "LIKE", "LIMIT", "LINEAR", "LINENO",
"LINES", "LOAD", "LOCALTIME", "LOCALTIMESTAMP", "LOCK",
"LONG", "LONGBLOB", "LONGTEXT", "LOOP", "LOW_PRIORITY",
"MASTER_HEARTBEAT_PERIOD", "MASTER_SSL_VERIFY_SERVER_CERT", "MATCH", "MAXVALUE", "MEDIUMBLOB",
"MEDIUMINT", "MEDIUMTEXT", "MIDDLEINT", "MINUTE_MICROSECOND", "MINUTE_SECOND",
"MOD", "MODIFIES", "NATIONAL", "NATURAL", "NO",
"NOCHECK", "NONCLUSTERED", "NOT", "NO_WRITE_TO_BINLOG", "NULL",
"NULLIF", "NUMERIC", "OF", "OFF", "OFFSETS",
"ON", "OPEN", "OPENDATASOURCE", "OPENQUERY", "OPENROWSET",
"OPENXML", "OPTIMIZE", "OPTION", "OPTIONALLY", "OR",
"ORDER", "OUT", "OUTER", "OUTFILE", "OVER",
"PERCENT", "PLAN", "PRECISION", "PRIMARY", "PRINT",
"PROC", "PROCEDURE", "PUBLIC", "PURGE", "RAISERROR",
"RANGE", "READ", "READS", "READTEXT", "READ_WRITE",
"REAL", "RECONFIGURE", "REFERENCES", "REGEXP", "RELEASE",
"RENAME", "REPEAT", "REPLACE", "REPLICATION", "REQUIRE",
"RESIGNAL", "RESTORE", "RESTRICT", "RETURN", "REVOKE",
"RIGHT", "RLIKE", "ROLLBACK", "ROWCOUNT", "ROWGUIDCOL",
"RULE", "SAVE", "SCHEMA", "SCHEMAS", "SECOND_MICROSECOND",
"SELECT", "SENSITIVE", "SEPARATOR", "SESSION_USER", "SET",
"SETUSER", "SHOW", "SHUTDOWN", "SIGNAL", "SLOW",
"SMALLINT", "SOME", "SPATIAL", "SPECIFIC", "SQL",
"SQLEXCEPTION", "SQLSTATE", "SQLWARNING", "SQL_BIG_RESULT", "SQL_CALC_FOUND_ROWS",
"SQL_SMALL_RESULT", "SSL", "STARTING", "STATISTICS", "STRAIGHT_JOIN",
"SYSTEM_USER", "TABLE", "TERMINATED", "TEXT", "TEXTSIZE",
"THEN", "TIME", "TIMESTAMP", "TINYBLOB", "TINYINT",
"TINYTEXT", "TO", "TOP", "TRAILING", "TRAN",
"TRANSACTION", "TRIGGER", "TRUE", "TRUNCATE", "TSEQUAL",
"UNDO", "UNION", "UNIQUE", "UNLOCK", "UNSIGNED",
"UPDATE", "UPDATETEXT", "USAGE", "USE", "USER",
"USING", "UTC_DATE", "UTC_TIME", "UTC_TIMESTAMP", "VALUES",
"VARBINARY", "VARCHAR", "VARCHARACTER", "VARYING", "VIEW",
"WAITFOR", "WHEN", "WHERE", "WHILE", "WITH",
"WRITE", "WRITETEXT", "XOR", "YEAR_MONTH", "ZEROFILL"
);
return $reservedWordsSql;
}
}
/**

17
workflow/engine/controllers/pmTablesProxy.php
View File

@@ -235,6 +235,8 @@ class pmTablesProxy extends HttpProxyController
'protected', 'public', 'static', 'switch', 'xor', 'try', 'use', 'var', 'while'
);
$reservedWordsSql = G::reservedWordsSql();
// verify if exists.
if ($data['REP_TAB_UID'] == '' || (isset($httpData->forceUid) && $httpData->forceUid)) {
//new report table
@@ -249,16 +251,23 @@ class pmTablesProxy extends HttpProxyController
throw new Exception(G::loadTranslation('ID_PMTABLE_ALREADY_EXISTS', array($data['REP_TAB_NAME'])));
}
if (in_array(strtoupper($data['REP_TAB_NAME']), $reservedWords)) {
throw new Exception(G::loadTranslation('ID_PMTABLE_INVALID_NAME', array($data['REP_TAB_NAME'])));
if (in_array(strtoupper($data["REP_TAB_NAME"]), $reservedWords) ||
in_array(strtoupper($data["REP_TAB_NAME"]), $reservedWordsSql)
) {
throw (new Exception(G::LoadTranslation("ID_PMTABLE_INVALID_NAME", array($data["REP_TAB_NAME"]))));
}
}
//backward compatility
foreach ($columns as $i => $column) {
if (in_array(strtolower($columns[$i]->field_name), $reservedWordsPhp)) {
throw new Exception(G::loadTranslation('ID_PMTABLE_INVALID_NAME', array($columns[$i]->field_name)));
if (in_array(strtoupper($columns[$i]->field_name), $reservedWordsSql) ||
in_array(strtolower($columns[$i]->field_name), $reservedWordsPhp)
) {
throw (new Exception(
G::LoadTranslation("ID_PMTABLE_INVALID_FIELD_NAME", array($columns[$i]->field_name))
));
}
switch ($column->field_type) {
case 'INT': $columns[$i]->field_type = 'INTEGER';
break;

82
workflow/engine/methods/processes/processes_Import_Ajax.php
View File

@@ -24,6 +24,42 @@
*/
ini_set('max_execution_time', '0');
function reservedWordsSqlValidate($data)
{
$arrayAux = array();
$reservedWordsSql = G::reservedWordsSql();
foreach ($data->reportTables as $rptIndex => $rptValue) {
if (in_array(strtoupper($rptValue["REP_TAB_NAME"]), $reservedWordsSql)) {
$arrayAux[] = $rptValue["REP_TAB_NAME"];
}
}
if (count($arrayAux) > 0) {
throw (new Exception(G::LoadTranslation("ID_PMTABLE_INVALID_NAME", array(implode(", ", $arrayAux)))));
}
$arrayAux = array();
foreach ($data->reportTablesVars as $rptIndex => $rptValue) {
if (in_array(strtoupper($rptValue["REP_VAR_NAME"]), $reservedWordsSql)) {
$arrayAux[] = $rptValue["REP_VAR_NAME"];
}
}
if (count($arrayAux) > 0) {
throw (new Exception(G::LoadTranslation("ID_PMTABLE_INVALID_FIELD_NAME", array(implode(", ", $arrayAux)))));
}
}
$action = isset($_REQUEST['ajaxAction']) ? $_REQUEST['ajaxAction'] : null;
$result = new stdClass();
@@ -36,9 +72,9 @@
$processFileType = $_REQUEST["processFileType"];
$oProcess = new stdClass();
$oData = new stdClass();
$isCorrectTypeFile = 1;
if ( isset($_FILES['form']['type']['PROCESS_FILENAME']) ) {
$allowedExtensions = array($processFileType);
$allowedExtensions = array( 'xpdl', 'bpmn', 'pm');
@@ -83,7 +119,7 @@
G::uploadFile($tempName, $path, $filename );
}
}
//importing a bpmn diagram, using external class to do it.
if ($processFileType == "bpmn") {
G::LoadClass('bpmnExport');
@@ -92,7 +128,7 @@
die;
}
//if file is a .pm or .xpdl file continues normally the importing
//if file is a .pm or .xpdl file continues normally the importing
if ($processFileType == "pm") {
$oData = $oProcess->getProcessData ( $path . $filename );
}
@@ -100,14 +136,16 @@
$oData = $oProcess->getProcessDataXpdl ( $path . $filename );
}
//!Upload file
reservedWordsSqlValidate($oData);
//!Upload file
$Fields['PRO_FILENAME'] = $filename;
$Fields['IMPORT_OPTION'] = 2;
$sProUid = $oData->process['PRO_UID'];
$oData->process['PRO_UID_OLD'] = $sProUid;
if ( $oProcess->processExists ( $sProUid ) ) {
$result->ExistProcessInDatabase = 1;
}
@@ -133,10 +171,10 @@
else {
if ( !($oProcess->checkExistingGroups($oData->groupwfs) > 0) ) {
$result->ExistGroupsInDatabase = 0;
}
}
}
}
//!respect of the groups
if ($result->ExistProcessInDatabase == 0 && $result->ExistGroupsInDatabase == 0){
if ($processFileType == "pm") {
$oProcess->createProcessFromData ($oData, $path . $filename );
@@ -148,7 +186,7 @@
}
}
//!data ouput
//!data ouput
$result->sNewProUid = $sProUid;
$result->proFileName = $Fields['PRO_FILENAME'];
}
@@ -158,9 +196,9 @@
$result->success = true;
}
}
if ($action == "uploadFileNewProcessExist") {
try {
try {
$option = $_REQUEST["IMPORT_OPTION"];
$filename = $_REQUEST["PRO_FILENAME"];
$processFileType = $_REQUEST["processFileType"];
@@ -188,7 +226,7 @@
}
$path = PATH_DOCUMENT . 'input' . PATH_SEP ;
if ($processFileType == "pm"){
$oData = $oProcess->getProcessData ( $path . $filename );
}
@@ -196,6 +234,8 @@
$oData = $oProcess->getProcessDataXpdl ( $path . $filename );
}
reservedWordsSqlValidate($oData);
$Fields['PRO_FILENAME'] = $filename;
$sProUid = $oData->process['PRO_UID'];
@@ -214,12 +254,12 @@
}
$result->ExistGroupsInDatabase = 0;
}
else {
else {
if ( !($oProcess->checkExistingGroups($oData->groupwfs) > 0) ) {
$result->ExistGroupsInDatabase = 0;
}
}
}
if ($result->ExistGroupsInDatabase == 0) {
//Update the current Process, overwriting all tasks and steps
if ( $option == 1 ) {
@@ -253,7 +293,7 @@
$oData->tasks = array();
}
$tasks = $oData->tasks;
$oProcess->createProcessFromDataXpdl ($oData,$tasks);
$oProcess->createProcessFromDataXpdl ($oData,$tasks);
}
}
@@ -272,12 +312,12 @@
if ( !isset( $oData->tasks) ) {
$oData->tasks = array();
}
$tasks = $oData->tasks;
$tasks = $oData->tasks;
$oProcess->createProcessFromDataXpdl ($oData,$tasks);
}
}
}
//!data ouput
$result->fileName = $filename;
$result->importOption = $option;