diff --git a/workflow/engine/methods/processes/processes_Ajax.php b/workflow/engine/methods/processes/processes_Ajax.php index cd3fefdc4..775f310e8 100755 --- a/workflow/engine/methods/processes/processes_Ajax.php +++ b/workflow/engine/methods/processes/processes_Ajax.php @@ -498,30 +498,38 @@ try { case 'saveFile': global $G_PUBLISH; $G_PUBLISH = new Publisher(); - $sDir = ""; - if (isset($_REQUEST['MAIN_DIRECTORY'])) { - $sDir = $_REQUEST['MAIN_DIRECTORY']; - } + global $RBAC; + if ( $RBAC->userCanAccess('PM_FACTORY') == 1) { + G::LoadClass('processes'); + $app = new Processes(); + if (!$app->processExists($_REQUEST['pro_uid'])) { + echo G::LoadTranslation('ID_PROCESS_UID_NOT_DEFINED'); + die; + } - switch ($sDir) { - case 'mailTemplates': - $sDirectory = PATH_DATA_MAILTEMPLATES . $_REQUEST['pro_uid'] . PATH_SEP . $_REQUEST['filename']; - break; - case 'public': - $sDirectory = PATH_DATA_PUBLIC . $_REQUEST['pro_uid'] . PATH_SEP . $_REQUEST['filename']; - break; - default: - $sDirectory = PATH_DATA_MAILTEMPLATES . $_REQUEST['pro_uid'] . PATH_SEP . $_REQUEST['filename']; - break; + $sDir = ""; + if (isset($_REQUEST['MAIN_DIRECTORY'])) { + $sDir = $_REQUEST['MAIN_DIRECTORY']; + } + switch ($sDir) { + case 'mailTemplates': + $sDirectory = PATH_DATA_MAILTEMPLATES . $_REQUEST['pro_uid'] . PATH_SEP . $_REQUEST['filename']; + break; + case 'public': + $sDirectory = PATH_DATA_PUBLIC . $_REQUEST['pro_uid'] . PATH_SEP . $_REQUEST['filename']; + break; + default: + $sDirectory = PATH_DATA_MAILTEMPLATES . $_REQUEST['pro_uid'] . PATH_SEP . $_REQUEST['filename']; + break; + } + $fp = fopen($sDirectory, 'w'); + $content = stripslashes($_REQUEST['fcontent']); + $content = str_replace("@amp@", "&", $content); + $content = base64_decode($content); + fwrite($fp, $content); + fclose($fp); + echo 'saved: ' . $sDirectory; } - - $fp = fopen($sDirectory, 'w'); - $content = stripslashes($_REQUEST['fcontent']); - $content = str_replace("@amp@", "&", $content); - $content = base64_decode($content); - fwrite($fp, $content); - fclose($fp); - echo 'saved: ' . $sDirectory; break; case 'events': $oProcessMap->eventsList($oData->pro_uid, $oData->type); diff --git a/workflow/engine/methods/processes/processes_UploadFiles.php b/workflow/engine/methods/processes/processes_UploadFiles.php index 4d6cca241..11fe25373 100755 --- a/workflow/engine/methods/processes/processes_UploadFiles.php +++ b/workflow/engine/methods/processes/processes_UploadFiles.php @@ -1,19 +1,27 @@ -userCanAccess('PM_FACTORY') == 1) { + G::LoadClass('processes'); + $app = new Processes(); + if (!$app->processExists($_POST['form']['PRO_UID'])) { + echo G::LoadTranslation('ID_PROCESS_UID_NOT_DEFINED'); + die; } + switch ($_POST['form']['MAIN_DIRECTORY']) { + case 'mailTemplates': + $sDirectory = PATH_DATA_MAILTEMPLATES . $_POST['form']['PRO_UID'] . PATH_SEP . ($_POST['form']['CURRENT_DIRECTORY'] != '' ? $_POST['form']['CURRENT_DIRECTORY'] . PATH_SEP : ''); + break; + case 'public': + $sDirectory = PATH_DATA_PUBLIC . $_POST['form']['PRO_UID'] . PATH_SEP . ($_POST['form']['CURRENT_DIRECTORY'] != '' ? $_POST['form']['CURRENT_DIRECTORY'] . PATH_SEP : ''); + break; + default: + die(); + break; + } + for ($i = 1; $i <= 5; $i ++) { + if ($_FILES['form']['tmp_name']['FILENAME' . (string) $i] != '') { + G::uploadFile( $_FILES['form']['tmp_name']['FILENAME' . (string) $i], $sDirectory, $_FILES['form']['name']['FILENAME' . (string) $i] ); + } + } } die( '' ); diff --git a/workflow/engine/methods/processes/processes_doUpload.php b/workflow/engine/methods/processes/processes_doUpload.php index 152832ad9..90dc80850 100755 --- a/workflow/engine/methods/processes/processes_doUpload.php +++ b/workflow/engine/methods/processes/processes_doUpload.php @@ -1,29 +1,39 @@ userCanAccess('PM_FACTORY') == 1) { + if (isset( $_SESSION['processes_upload'] )) { + $form = $_SESSION['processes_upload']; + G::LoadClass('processes'); + $app = new Processes(); + if (!$app->processExists($form['PRO_UID'])) { + $result = 0; + $msg = G::LoadTranslation('ID_PROCESS_UID_NOT_DEFINED'); + echo "{'result': $result, 'msg':'$msg'}"; + die; + } + switch ($form['MAIN_DIRECTORY']) { + case 'mailTemplates': + $sDirectory = PATH_DATA_MAILTEMPLATES . $form['PRO_UID'] . PATH_SEP . ($form['CURRENT_DIRECTORY'] != '' ? $form['CURRENT_DIRECTORY'] . PATH_SEP : ''); + break; + case 'public': + $sDirectory = PATH_DATA_PUBLIC . $form['PRO_UID'] . PATH_SEP . ($form['CURRENT_DIRECTORY'] != '' ? $form['CURRENT_DIRECTORY'] . PATH_SEP : ''); + break; + default: + die(); + break; + } } -} -if ($_FILES['form']['error'] == "0") { - G::uploadFile( $_FILES['form']['tmp_name'], $sDirectory, $_FILES['form']['name'] ); - $msg = "Uploaded (" . (round( (filesize( $sDirectory . $_FILES['form']['name'] ) / 1024) * 10 ) / 10) . " kb)"; - $result = 1; - //echo $sDirectory.$_FILES['form']['name']; -} else { - $msg = "Failed"; - $result = 0; -} - -echo "{'result': $result, 'msg':'$msg'}"; \ No newline at end of file + if ($_FILES['form']['error'] == "0") { + G::uploadFile( $_FILES['form']['tmp_name'], $sDirectory, $_FILES['form']['name'] ); + $msg = "Uploaded (" . (round( (filesize( $sDirectory . $_FILES['form']['name'] ) / 1024) * 10 ) / 10) . " kb)"; + $result = 1; + //echo $sDirectory.$_FILES['form']['name']; + } else { + $msg = "Failed"; + $result = 0; + } + + echo "{'result': $result, 'msg':'$msg'}"; +} \ No newline at end of file