diff --git a/workflow/engine/methods/processes/processes_doUpload.php b/workflow/engine/methods/processes/processes_doUpload.php index 90dc80850..afe1d21ba 100644 --- a/workflow/engine/methods/processes/processes_doUpload.php +++ b/workflow/engine/methods/processes/processes_doUpload.php @@ -1,19 +1,20 @@ userCanAccess('PM_FACTORY') == 1) { - if (isset( $_SESSION['processes_upload'] )) { - $form = $_SESSION['processes_upload']; - G::LoadClass('processes'); - $app = new Processes(); - if (!$app->processExists($form['PRO_UID'])) { - $result = 0; - $msg = G::LoadTranslation('ID_PROCESS_UID_NOT_DEFINED'); - echo "{'result': $result, 'msg':'$msg'}"; - die; - } + +sleep(1); +global $RBAC; +if ($RBAC->userCanAccess('PM_FACTORY') == 1) { + if (isset($_SESSION['processes_upload'])) { + $form = $_SESSION['processes_upload']; + G::LoadClass('processes'); + $app = new Processes(); + if (!$app->processExists($form['PRO_UID'])) { + $result = 0; + $msg = G::LoadTranslation('ID_PROCESS_UID_NOT_DEFINED'); + echo "{'result': $result, 'msg':'$msg'}"; + die; + } switch ($form['MAIN_DIRECTORY']) { - case 'mailTemplates': + case 'mailTemplates': $sDirectory = PATH_DATA_MAILTEMPLATES . $form['PRO_UID'] . PATH_SEP . ($form['CURRENT_DIRECTORY'] != '' ? $form['CURRENT_DIRECTORY'] . PATH_SEP : ''); break; case 'public': @@ -22,18 +23,29 @@ if ( $RBAC->userCanAccess('PM_FACTORY') == 1) { default: die(); break; - } + } } - if ($_FILES['form']['error'] == "0") { - G::uploadFile( $_FILES['form']['tmp_name'], $sDirectory, $_FILES['form']['name'] ); - $msg = "Uploaded (" . (round( (filesize( $sDirectory . $_FILES['form']['name'] ) / 1024) * 10 ) / 10) . " kb)"; + $fileName = $_FILES['form']['name']; + $canUploadPhpFile = true; + $extension = pathinfo($fileName, PATHINFO_EXTENSION); + if (\Bootstrap::getDisablePhpUploadExecution() === 1 && $extension === 'php') { + $message = \G::LoadTranslation('THE_UPLOAD_OF_PHP_FILES_WAS_DISABLED'); + \Bootstrap::registerMonologPhpUploadExecution('phpUpload', 550, $message, $fileName); + $canUploadPhpFile = false; + } + + if ($_FILES['form']['error'] == "0" && $canUploadPhpFile) { + G::uploadFile($_FILES['form']['tmp_name'], $sDirectory, $fileName); + $msg = "Uploaded (" . (round((filesize($sDirectory . $fileName) / 1024) * 10) / 10) . " kb)"; $result = 1; - //echo $sDirectory.$_FILES['form']['name']; } else { $msg = "Failed"; + if ($canUploadPhpFile === false) { + $msg = $message; + } $result = 0; } - - echo "{'result': $result, 'msg':'$msg'}"; + + echo "{'result': $result, 'msg':'$msg'}"; } \ No newline at end of file diff --git a/workflow/engine/templates/processes/processes_Upload.php b/workflow/engine/templates/processes/processes_Upload.php index ec3884cb1..1d95ed0ba 100644 --- a/workflow/engine/templates/processes/processes_Upload.php +++ b/workflow/engine/templates/processes/processes_Upload.php @@ -1,123 +1,96 @@ - - - - - - - + + + - - - - - - - - -
-
  • -
    - - - -
     
    -
    -
    • -
    + } + + + + + + + + + +
    +
  • +
    + + + +
     
    +
    +
    • +