fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

PMCORE-1296

Browse Source
This commit is contained in:
Andrea Adamczyk
2020-08-19 16:45:08 -04:00
parent 96c3a4545c
commit 8c41a8bcd5
3 changed files with 97 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
workflow/engine/methods/login/retrivePassword.php
View File

@@ -8,6 +8,7 @@ global $RBAC;
$rbacUser = new RbacUsers();
$user = new Users();
$data['USR_USERNAME'] = strip_tags($data['USR_USERNAME']);
$data['USR_EMAIL'] = strtolower($data['USR_EMAIL']);
$userData = $rbacUser->getByUsername($data['USR_USERNAME']);
$userExists = $userData === false ? false : true;
@@ -102,4 +103,3 @@ if ($userExists === true && $userData['USR_EMAIL'] != '' && $userData['USR_EMAIL
G::SendTemporalMessage($msg, "warning", 'string');
G::header('location: forgotPassword');
}

5
workflow/engine/methods/users/usersAjax.php Normal file → Executable file
View File

@@ -5,6 +5,7 @@ use ProcessMaker\BusinessModel\User as BmUser;
// Sanitizing the values sent in the global variables
$filter = new InputFilter();
$_POST = $filter->xssFilterHard($_POST);
if (isset($_SESSION['USER_LOGGED'])) {
$_SESSION['USER_LOGGED'] = $filter->xssFilterHard($_SESSION['USER_LOGGED']);
}
@@ -145,6 +146,10 @@ try {
$permissionsToSaveData = $user->getPermissionsForEdit();
$form = $user->checkPermissionForEdit($_SESSION['USER_LOGGED'], $permissionsToSaveData, $form);
if (!empty($form["USR_EMAIL"])) {
$form["USR_EMAIL"] = strtolower($form["USR_EMAIL"]);
}
switch ($_POST['action']) {
case 'saveUser':
if (!$user->checkPermission($_SESSION['USER_LOGGED'], 'PM_USERS')) {