fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Put security fixes to develop branch

Browse Source
This commit is contained in:
Julio Cesar Laura Avendaño
2017-06-14 11:14:23 -04:00
parent 440c2e5f22 3a26dce3a0
commit 720e3eb458
15 changed files with 400 additions and 322 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
workflow/engine/controllers/designer.php
View File

@@ -29,6 +29,18 @@ class Designer extends Controller
$client = $this->getClientCredentials();
if (isset($httpData->tracker_designer) && $httpData->tracker_designer == 1) {
try {
if (!isset($_SESSION['CASE']) && !isset($_SESSION['PIN'])) {
throw (new \Exception(
\G::LoadTranslation('ID_CASE_NOT_EXISTS') . "\n" . \G::LoadTranslation('ID_PIN_INVALID')
));
}
\ProcessMaker\BusinessModel\Light\Tracker::authentication($_SESSION['CASE'], $_SESSION['PIN']);
} catch (\Exception $e) {
Bootstrap::registerMonolog('CaseTracker', 400, $e->getMessage(), [], SYS_SYS, 'processmaker.log');
\G::header('Location: /errors/error403.php');
die();
}
$client["tracker_designer"] = 1;
}

14
workflow/engine/controllers/installer.php
View File

@@ -38,10 +38,18 @@ class Installer extends Controller
public function index ($httpData)
{
if (file_exists(FILE_PATHS_INSTALLED)) {
$this->setJSVar('messageError', G::LoadTranslation('ID_PROCESSMAKER_ALREADY_INSTALLED'));
$this->includeExtJS('installer/stopInstall');
$this->setView('installer/mainStopInstall');
G::RenderPage('publish', 'extJs');
return;
}
if ((strtoupper(substr(PHP_OS, 0, 3)) == 'WIN') && (file_exists($this->path_shared . 'partner.info'))) {
$this->includeExtJS( 'installer/stopInstall');
$this->setView( 'installer/mainStopInstall' );
G::RenderPage( 'publish', 'extJs' );
$this->setJSVar('messageError', G::LoadTranslation('ID_NO_INSTALL'));
$this->includeExtJS('installer/stopInstall');
$this->setView('installer/mainStopInstall');
G::RenderPage('publish', 'extJs');
return;
}