diff --git a/gulliver/system/class.g.php b/gulliver/system/class.g.php index df707048e..0edb3d581 100755 --- a/gulliver/system/class.g.php +++ b/gulliver/system/class.g.php @@ -5279,6 +5279,80 @@ function getDirectorySize($path,$maxmtime=0) // handle the rest request $rest->handle(); } + + public function reservedWordsSql() + { + //Reserved words SQL + $reservedWordsSql = array( + "ACCESSIBLE", "ACTION", "ADD", "ALL", "ALTER", + "ANALYZE", "AND", "ANY", "AS", "ASC", + "ASENSITIVE", "AUTHORIZATION", "BACKUP", "BEFORE", "BEGIN", + "BETWEEN", "BIGINT", "BINARY", "BIT", "BLOB", + "BOTH", "BREAK", "BROWSE", "BULK", "BY", + "CALL", "CASCADE", "CASE", "CHANGE", "CHAR", + "CHARACTER", "CHECK", "CHECKPOINT", "CLOSE", "CLUSTERED", + "COALESCE", "COLLATE", "COLUMN", "COMMIT", "COMPUTE", + "CONDITION", "CONSTRAINT", "CONTAINS", "CONTAINSTABLE", "CONTINUE", + "CONVERT", "CREATE", "CROSS", "CURRENT", "CURRENT_DATE", + "CURRENT_TIME", "CURRENT_TIMESTAMP", "CURRENT_USER", "CURSOR", "DATABASE", + "DATABASES", "DATE", "DAY_HOUR", "DAY_MICROSECOND", "DAY_MINUTE", + "DAY_SECOND", "DBCC", "DEALLOCATE", "DEC", "DECIMAL", + "DECLARE", "DEFAULT", "DELAYED", "DELETE", "DENY", + "DESC", "DESCRIBE", "DETERMINISTIC", "DISK", "DISTINCT", + "DISTINCTROW", "DISTRIBUTED", "DIV", "DOUBLE", "DROP", + "DUAL", "DUMMY", "DUMP", "EACH", "ELSE", + "ELSEIF", "ENCLOSED", "END", "ENUM", "ERRLVL", + "ESCAPE", "ESCAPED", "EXCEPT", "EXEC", "EXECUTE", + "EXISTS", "EXIT", "EXPLAIN", "FALSE", "FETCH", + "FILE", "FILLFACTOR", "FLOAT", "FLOAT4", "FLOAT8", + "FOR", "FORCE", "FOREIGN", "FREETEXT", "FREETEXTTABLE", + "FROM", "FULL", "FULLTEXT", "FUNCTION", "GENERAL", + "GOTO", "GRANT", "GROUP", "HAVING", "HIGH_PRIORITY", + "HOLDLOCK", "HOUR_MICROSECOND", "HOUR_MINUTE", "HOUR_SECOND", "IDENTITY", + "IDENTITYCOL", "IDENTITY_INSERT", "IF", "IGNORE", "IGNORE_SERVER_IDS", + "IN", "INDEX", "INFILE", "INNER", "INOUT", + "INSENSITIVE", "INSERT", "INT", "INT1", "INT2", + "INT3", "INT4", "INT8", "INTEGER", "INTERSECT", + "INTERVAL", "INTO", "IS", "ITERATE", "JOIN", + "KEY", "KEYS", "KILL", "LEADING", "LEAVE", + "LEFT", "LIKE", "LIMIT", "LINEAR", "LINENO", + "LINES", "LOAD", "LOCALTIME", "LOCALTIMESTAMP", "LOCK", + "LONG", "LONGBLOB", "LONGTEXT", "LOOP", "LOW_PRIORITY", + "MASTER_HEARTBEAT_PERIOD", "MASTER_SSL_VERIFY_SERVER_CERT", "MATCH", "MAXVALUE", "MEDIUMBLOB", + "MEDIUMINT", "MEDIUMTEXT", "MIDDLEINT", "MINUTE_MICROSECOND", "MINUTE_SECOND", + "MOD", "MODIFIES", "NATIONAL", "NATURAL", "NO", + "NOCHECK", "NONCLUSTERED", "NOT", "NO_WRITE_TO_BINLOG", "NULL", + "NULLIF", "NUMERIC", "OF", "OFF", "OFFSETS", + "ON", "OPEN", "OPENDATASOURCE", "OPENQUERY", "OPENROWSET", + "OPENXML", "OPTIMIZE", "OPTION", "OPTIONALLY", "OR", + "ORDER", "OUT", "OUTER", "OUTFILE", "OVER", + "PERCENT", "PLAN", "PRECISION", "PRIMARY", "PRINT", + "PROC", "PROCEDURE", "PUBLIC", "PURGE", "RAISERROR", + "RANGE", "READ", "READS", "READTEXT", "READ_WRITE", + "REAL", "RECONFIGURE", "REFERENCES", "REGEXP", "RELEASE", + "RENAME", "REPEAT", "REPLACE", "REPLICATION", "REQUIRE", + "RESIGNAL", "RESTORE", "RESTRICT", "RETURN", "REVOKE", + "RIGHT", "RLIKE", "ROLLBACK", "ROWCOUNT", "ROWGUIDCOL", + "RULE", "SAVE", "SCHEMA", "SCHEMAS", "SECOND_MICROSECOND", + "SELECT", "SENSITIVE", "SEPARATOR", "SESSION_USER", "SET", + "SETUSER", "SHOW", "SHUTDOWN", "SIGNAL", "SLOW", + "SMALLINT", "SOME", "SPATIAL", "SPECIFIC", "SQL", + "SQLEXCEPTION", "SQLSTATE", "SQLWARNING", "SQL_BIG_RESULT", "SQL_CALC_FOUND_ROWS", + "SQL_SMALL_RESULT", "SSL", "STARTING", "STATISTICS", "STRAIGHT_JOIN", + "SYSTEM_USER", "TABLE", "TERMINATED", "TEXT", "TEXTSIZE", + "THEN", "TIME", "TIMESTAMP", "TINYBLOB", "TINYINT", + "TINYTEXT", "TO", "TOP", "TRAILING", "TRAN", + "TRANSACTION", "TRIGGER", "TRUE", "TRUNCATE", "TSEQUAL", + "UNDO", "UNION", "UNIQUE", "UNLOCK", "UNSIGNED", + "UPDATE", "UPDATETEXT", "USAGE", "USE", "USER", + "USING", "UTC_DATE", "UTC_TIME", "UTC_TIMESTAMP", "VALUES", + "VARBINARY", "VARCHAR", "VARCHARACTER", "VARYING", "VIEW", + "WAITFOR", "WHEN", "WHERE", "WHILE", "WITH", + "WRITE", "WRITETEXT", "XOR", "YEAR_MONTH", "ZEROFILL" + ); + + return $reservedWordsSql; + } } /** diff --git a/workflow/engine/controllers/pmTablesProxy.php b/workflow/engine/controllers/pmTablesProxy.php index dd608b4b8..a15229455 100755 --- a/workflow/engine/controllers/pmTablesProxy.php +++ b/workflow/engine/controllers/pmTablesProxy.php @@ -235,6 +235,8 @@ class pmTablesProxy extends HttpProxyController 'protected', 'public', 'static', 'switch', 'xor', 'try', 'use', 'var', 'while' ); + $reservedWordsSql = G::reservedWordsSql(); + // verify if exists. if ($data['REP_TAB_UID'] == '' || (isset($httpData->forceUid) && $httpData->forceUid)) { //new report table @@ -249,16 +251,23 @@ class pmTablesProxy extends HttpProxyController throw new Exception(G::loadTranslation('ID_PMTABLE_ALREADY_EXISTS', array($data['REP_TAB_NAME']))); } - if (in_array(strtoupper($data['REP_TAB_NAME']), $reservedWords)) { - throw new Exception(G::loadTranslation('ID_PMTABLE_INVALID_NAME', array($data['REP_TAB_NAME']))); + if (in_array(strtoupper($data["REP_TAB_NAME"]), $reservedWords) || + in_array(strtoupper($data["REP_TAB_NAME"]), $reservedWordsSql) + ) { + throw (new Exception(G::LoadTranslation("ID_PMTABLE_INVALID_NAME", array($data["REP_TAB_NAME"])))); } } //backward compatility foreach ($columns as $i => $column) { - if (in_array(strtolower($columns[$i]->field_name), $reservedWordsPhp)) { - throw new Exception(G::loadTranslation('ID_PMTABLE_INVALID_NAME', array($columns[$i]->field_name))); + if (in_array(strtoupper($columns[$i]->field_name), $reservedWordsSql) || + in_array(strtolower($columns[$i]->field_name), $reservedWordsPhp) + ) { + throw (new Exception( + G::LoadTranslation("ID_PMTABLE_INVALID_FIELD_NAME", array($columns[$i]->field_name)) + )); } + switch ($column->field_type) { case 'INT': $columns[$i]->field_type = 'INTEGER'; break; diff --git a/workflow/engine/methods/processes/processes_Import_Ajax.php b/workflow/engine/methods/processes/processes_Import_Ajax.php index f98279185..7fe00b7d6 100644 --- a/workflow/engine/methods/processes/processes_Import_Ajax.php +++ b/workflow/engine/methods/processes/processes_Import_Ajax.php @@ -24,6 +24,42 @@ */ ini_set('max_execution_time', '0'); + + + + +function reservedWordsSqlValidate($data) +{ + $arrayAux = array(); + $reservedWordsSql = G::reservedWordsSql(); + + foreach ($data->reportTables as $rptIndex => $rptValue) { + if (in_array(strtoupper($rptValue["REP_TAB_NAME"]), $reservedWordsSql)) { + $arrayAux[] = $rptValue["REP_TAB_NAME"]; + } + } + + if (count($arrayAux) > 0) { + throw (new Exception(G::LoadTranslation("ID_PMTABLE_INVALID_NAME", array(implode(", ", $arrayAux))))); + } + + $arrayAux = array(); + + foreach ($data->reportTablesVars as $rptIndex => $rptValue) { + if (in_array(strtoupper($rptValue["REP_VAR_NAME"]), $reservedWordsSql)) { + $arrayAux[] = $rptValue["REP_VAR_NAME"]; + } + } + + if (count($arrayAux) > 0) { + throw (new Exception(G::LoadTranslation("ID_PMTABLE_INVALID_FIELD_NAME", array(implode(", ", $arrayAux))))); + } +} + + + + + $action = isset($_REQUEST['ajaxAction']) ? $_REQUEST['ajaxAction'] : null; $result = new stdClass(); @@ -36,9 +72,9 @@ $processFileType = $_REQUEST["processFileType"]; $oProcess = new stdClass(); $oData = new stdClass(); - + $isCorrectTypeFile = 1; - + if ( isset($_FILES['form']['type']['PROCESS_FILENAME']) ) { $allowedExtensions = array($processFileType); $allowedExtensions = array( 'xpdl', 'bpmn', 'pm'); @@ -83,7 +119,7 @@ G::uploadFile($tempName, $path, $filename ); } } - + //importing a bpmn diagram, using external class to do it. if ($processFileType == "bpmn") { G::LoadClass('bpmnExport'); @@ -92,7 +128,7 @@ die; } - //if file is a .pm or .xpdl file continues normally the importing + //if file is a .pm or .xpdl file continues normally the importing if ($processFileType == "pm") { $oData = $oProcess->getProcessData ( $path . $filename ); } @@ -100,14 +136,16 @@ $oData = $oProcess->getProcessDataXpdl ( $path . $filename ); } - //!Upload file + reservedWordsSqlValidate($oData); + + //!Upload file $Fields['PRO_FILENAME'] = $filename; $Fields['IMPORT_OPTION'] = 2; - + $sProUid = $oData->process['PRO_UID']; - + $oData->process['PRO_UID_OLD'] = $sProUid; - + if ( $oProcess->processExists ( $sProUid ) ) { $result->ExistProcessInDatabase = 1; } @@ -133,10 +171,10 @@ else { if ( !($oProcess->checkExistingGroups($oData->groupwfs) > 0) ) { $result->ExistGroupsInDatabase = 0; - } - } + } + } //!respect of the groups - + if ($result->ExistProcessInDatabase == 0 && $result->ExistGroupsInDatabase == 0){ if ($processFileType == "pm") { $oProcess->createProcessFromData ($oData, $path . $filename ); @@ -148,7 +186,7 @@ } } - //!data ouput + //!data ouput $result->sNewProUid = $sProUid; $result->proFileName = $Fields['PRO_FILENAME']; } @@ -158,9 +196,9 @@ $result->success = true; } } - + if ($action == "uploadFileNewProcessExist") { - try { + try { $option = $_REQUEST["IMPORT_OPTION"]; $filename = $_REQUEST["PRO_FILENAME"]; $processFileType = $_REQUEST["processFileType"]; @@ -188,7 +226,7 @@ } $path = PATH_DOCUMENT . 'input' . PATH_SEP ; - + if ($processFileType == "pm"){ $oData = $oProcess->getProcessData ( $path . $filename ); } @@ -196,6 +234,8 @@ $oData = $oProcess->getProcessDataXpdl ( $path . $filename ); } + reservedWordsSqlValidate($oData); + $Fields['PRO_FILENAME'] = $filename; $sProUid = $oData->process['PRO_UID']; @@ -214,12 +254,12 @@ } $result->ExistGroupsInDatabase = 0; } - else { + else { if ( !($oProcess->checkExistingGroups($oData->groupwfs) > 0) ) { $result->ExistGroupsInDatabase = 0; - } + } } - + if ($result->ExistGroupsInDatabase == 0) { //Update the current Process, overwriting all tasks and steps if ( $option == 1 ) { @@ -253,7 +293,7 @@ $oData->tasks = array(); } $tasks = $oData->tasks; - $oProcess->createProcessFromDataXpdl ($oData,$tasks); + $oProcess->createProcessFromDataXpdl ($oData,$tasks); } } @@ -272,12 +312,12 @@ if ( !isset( $oData->tasks) ) { $oData->tasks = array(); } - $tasks = $oData->tasks; + $tasks = $oData->tasks; $oProcess->createProcessFromDataXpdl ($oData,$tasks); } } } - + //!data ouput $result->fileName = $filename; $result->importOption = $option;