diff --git a/rbac/engine/classes/model/AuthenticationSource.php b/rbac/engine/classes/model/AuthenticationSource.php
index 60f093290..90ccd2448 100644
--- a/rbac/engine/classes/model/AuthenticationSource.php
+++ b/rbac/engine/classes/model/AuthenticationSource.php
@@ -63,6 +63,11 @@ class AuthenticationSource extends BaseAuthenticationSource {
}
}
$aData['AUTH_SOURCE_DATA'] = (is_array($aData['AUTH_SOURCE_DATA']) ? serialize($aData['AUTH_SOURCE_DATA']) : $aData['AUTH_SOURCE_DATA']);
+
+ // Removing sensitive data
+ $loggableData = $aData;
+ unset($loggableData['AUTH_SOURCE_PASSWORD']);
+
$oConnection = Propel::getConnection(AuthenticationSourcePeer::DATABASE_NAME);
try {
$oAuthenticationSource = new AuthenticationSource();
@@ -71,7 +76,7 @@ class AuthenticationSource extends BaseAuthenticationSource {
$oConnection->begin();
$iResult = $oAuthenticationSource->save();
$oConnection->commit();
- Log::channel(':ldapAdvanced')->info("create", Bootstrap::context($aData));
+ Log::channel(':ldapAdvanced')->info("create", Bootstrap::context($loggableData));
$authSourceServerName = isset($aData['AUTH_SOURCE_SERVER_NAME']) ? ' - Server Name: '.$aData['AUTH_SOURCE_SERVER_NAME'] : '';
$authSourcePort = isset($aData['AUTH_SOURCE_PORT']) ? ' - Port: '.$aData['AUTH_SOURCE_PORT'] : '';
@@ -116,6 +121,11 @@ class AuthenticationSource extends BaseAuthenticationSource {
$authSourceFilter = isset($aData['AUTH_SOURCE_DATA']['AUTH_SOURCE_ADDITIONAL_FILTER']) ? ' - Aditional Filter: '.$aData['AUTH_SOURCE_DATA']['AUTH_SOURCE_ADDITIONAL_FILTER'] : '';
$aData['AUTH_SOURCE_DATA'] = (is_array($aData['AUTH_SOURCE_DATA']) ? serialize($aData['AUTH_SOURCE_DATA']) : $aData['AUTH_SOURCE_DATA']);
+
+ // Removing sensitive data
+ $loggableData = $aData;
+ unset($loggableData['AUTH_SOURCE_PASSWORD']);
+
$oConnection = Propel::getConnection(AuthenticationSourcePeer::DATABASE_NAME);
try {
$oAuthenticationSource = AuthenticationSourcePeer::retrieveByPK($aData['AUTH_SOURCE_UID']);
@@ -125,7 +135,7 @@ class AuthenticationSource extends BaseAuthenticationSource {
$oConnection->begin();
$iResult = $oAuthenticationSource->save();
$oConnection->commit();
- Log::channel(':ldapAdvanced')->info("update", Bootstrap::context($aData));
+ Log::channel(':ldapAdvanced')->info("update", Bootstrap::context($loggableData));
G::auditLog("UpdateAuthSource", "Authentication Source Name: ".$aData['AUTH_SOURCE_NAME']." - Authentication Source ID: (".$aData['AUTH_SOURCE_UID'].") ".$authSourceServerName.$authSourcePort.$authSourceEnabledTLS.$authSourceVersion.$authSourceBaseDn.$authAnonymous.$authSourceSearchUser.$authSourceLdapType.$authSourceIdentifier.$authSourceFilter);
return $iResult;
}
@@ -135,7 +145,7 @@ class AuthenticationSource extends BaseAuthenticationSource {
foreach($aValidationFailures as $oValidationFailure) {
$sMessage .= $oValidationFailure->getMessage() . '
';
}
- Log::channel(':ldapAdvanced')->error($sMessage, Bootstrap::context($aData));
+ Log::channel(':ldapAdvanced')->error($sMessage, Bootstrap::context($loggableData));
throw(new Exception('The registry cannot be updated!
'.$sMessage));
}
}
diff --git a/workflow/engine/classes/LdapAdvanced.php b/workflow/engine/classes/LdapAdvanced.php
index a8ea2aa15..37321fc67 100644
--- a/workflow/engine/classes/LdapAdvanced.php
+++ b/workflow/engine/classes/LdapAdvanced.php
@@ -511,6 +511,10 @@ class LdapAdvanced
{
$pass = explode("_", $aAuthSource["AUTH_SOURCE_PASSWORD"]);
+ // Removing sensitive data
+ $loggableAuthSource = $aAuthSource;
+ unset($loggableAuthSource["AUTH_SOURCE_PASSWORD"]);
+
foreach ($pass as $index => $value) {
if ($value == "2NnV3ujj3w") {
$aAuthSource["AUTH_SOURCE_PASSWORD"] = G::decrypt($pass[0], $aAuthSource["AUTH_SOURCE_SERVER_NAME"]);
@@ -518,18 +522,18 @@ class LdapAdvanced
}
$ldapcnn = ldap_connect($aAuthSource['AUTH_SOURCE_SERVER_NAME'], $aAuthSource['AUTH_SOURCE_PORT']);
- $this->stdLog($ldapcnn, "ldap_connect", $aAuthSource);
+ $this->stdLog($ldapcnn, "ldap_connect", $loggableAuthSource);
$ldapServer = $aAuthSource["AUTH_SOURCE_SERVER_NAME"] . ":" . $aAuthSource["AUTH_SOURCE_PORT"];
ldap_set_option($ldapcnn, LDAP_OPT_PROTOCOL_VERSION, 3);
- $this->stdLog($ldapcnn, "ldap_set_option", $aAuthSource);
+ $this->stdLog($ldapcnn, "ldap_set_option", $loggableAuthSource);
ldap_set_option($ldapcnn, LDAP_OPT_REFERRALS, 0);
- $this->stdLog($ldapcnn, "ldap_set_option", $aAuthSource);
+ $this->stdLog($ldapcnn, "ldap_set_option", $loggableAuthSource);
if (isset($aAuthSource["AUTH_SOURCE_ENABLED_TLS"]) && $aAuthSource["AUTH_SOURCE_ENABLED_TLS"]) {
$resultLDAPStartTLS = @ldap_start_tls($ldapcnn);
- $this->stdLog($ldapcnn, "ldap_start_tls", $aAuthSource);
+ $this->stdLog($ldapcnn, "ldap_start_tls", $loggableAuthSource);
$ldapServer = "TLS " . $ldapServer;
}
@@ -538,9 +542,9 @@ class LdapAdvanced
$this->log($ldapcnn, "bind $ldapServer like anonymous user");
} else {
$bBind = @ldap_bind($ldapcnn, $aAuthSource['AUTH_SOURCE_SEARCH_USER'], $aAuthSource['AUTH_SOURCE_PASSWORD']);
- $this->log($ldapcnn, "bind $ldapServer with user " . $aAuthSource["AUTH_SOURCE_SEARCH_USER"]);
+ $this->log($ldapcnn, "bind $ldapServer with user " . $loggableAuthSource["AUTH_SOURCE_SEARCH_USER"]);
}
- $this->stdLog($ldapcnn, "ldap_bind", $aAuthSource);
+ $this->stdLog($ldapcnn, "ldap_bind", $loggableAuthSource);
$this->getDiagnosticMessage($ldapcnn);
if (!$bBind) {
throw new Exception("Unable to bind to server: $ldapServer . " . "LDAP-Errno: " . ldap_errno($ldapcnn) . " : " . ldap_error($ldapcnn) . " \n");
diff --git a/workflow/engine/controllers/adminProxy.php b/workflow/engine/controllers/adminProxy.php
index b2521582c..1835061af 100644
--- a/workflow/engine/controllers/adminProxy.php
+++ b/workflow/engine/controllers/adminProxy.php
@@ -449,18 +449,23 @@ class adminProxy extends HttpProxyController
$this->msg = $this->result ? '' : $Server->error;
break;
case 3: //try to connect to host
- if (preg_match('/^(.+):([0-9]+)$/', $srv, $hostinfo)) {
- $server = $hostinfo[1];
- $port = $hostinfo[2];
- } else {
- $host = $srv;
+ try {
+ if (preg_match('/^(.+):([0-9]+)$/', $srv, $hostinfo)) {
+ $server = $hostinfo[1];
+ $port = $hostinfo[2];
+ } else {
+ $server = $srv;
+ }
+
+ $tls = (strtoupper($SMTPSecure) === 'TLS');
+ $ssl = (strtoupper($SMTPSecure) === 'SSL');
+
+ $this->success = $smtp->Connect(($ssl ? 'ssl://':'') . $server, $port, $timeout);
+ $this->msg = $this->result ? '' : $Server->error;
+ } catch (Exception $e) {
+ $this->success = false;
+ $this->msg = $e->getMessage();
}
-
- $tls = (strtoupper($SMTPSecure) == 'tls');
- $ssl = (strtoupper($SMTPSecure) == 'ssl');
-
- $this->success = $smtp->Connect(($ssl ? 'ssl://':'').$server, $port, $timeout);
- $this->msg = $this->result ? '' : $Server->error;
break;
case 4: //try login to host
if ($auth_required == 'true') {
diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Files/FilesLogs.php b/workflow/engine/src/ProcessMaker/BusinessModel/Files/FilesLogs.php
index 2ec41fa8c..1c302d222 100644
--- a/workflow/engine/src/ProcessMaker/BusinessModel/Files/FilesLogs.php
+++ b/workflow/engine/src/ProcessMaker/BusinessModel/Files/FilesLogs.php
@@ -2,13 +2,13 @@
namespace ProcessMaker\BusinessModel\Files;
-use Chumper\Zipper\Zipper;
use Configurations;
use Exception;
use G;
use ProcessMaker\Core\System;
use SplFileInfo;
use Symfony\Component\Finder\Finder;
+use ZipArchive;
class FilesLogs extends Files
{
@@ -227,13 +227,13 @@ class FilesLogs extends Files
private function createZip($files)
{
try {
- $zipper = new Zipper();
+ $zipper = new ZipArchive();
$name = str_replace('.log', '.zip', $files[0]);
if (count($files) > 1) {
$name = 'processmaker_logs.zip';
}
- $zipper->zip($this->getPathDataSaveFile() . $name);
+ $zipper->open($this->getPathDataSaveFile() . $name, ZipArchive::CREATE);
$pathFileLogs = $this->getPathFiles();
$pathSep = '/';
@@ -247,7 +247,7 @@ class FilesLogs extends Files
foreach ($files as $key => $file) {
$info = pathinfo($file);
if (file_exists($pathFileLogs . $info['basename'])) {
- $zipper->add($pathFileLogs . $info['basename']);
+ $zipper->addFile($pathFileLogs . $info['basename'], $info['basename']);
}
}
$zipper->close();