Merged colosa/processmaker into master
This commit is contained in:
jonathan quispe
@@ -364,5 +364,90 @@ class InputFilter
|
||||
}
|
||||
return $string;
|
||||
}
|
||||
|
||||
/**
|
||||
* Internal method removes tags/special characters from a string
|
||||
* @author Marcelo Cuiza
|
||||
* @access protected
|
||||
* @param Array or String $input
|
||||
* @return Array or String $input
|
||||
*/
|
||||
public function xssFilter($input)
|
||||
{
|
||||
if(is_array($input)) {
|
||||
if(sizeof($input)) {
|
||||
foreach($input as $i => $val) {
|
||||
if(is_array($val) && sizeof($val)) {
|
||||
$input[$i] = $this->xssFilter($val);
|
||||
} else {
|
||||
$input[$i] = addslashes(htmlspecialchars(filter_var($val, FILTER_SANITIZE_STRING), ENT_COMPAT, 'UTF-8'));
|
||||
}
|
||||
}
|
||||
}
|
||||
return $input;
|
||||
} else {
|
||||
if(!isset($input) || trim($input) === '' || $input === NULL ) {
|
||||
return '';
|
||||
} else {
|
||||
return addslashes(htmlspecialchars(filter_var($input, FILTER_SANITIZE_STRING), ENT_COMPAT, 'UTF-8'));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Internal method: remove malicious code, fix missing end tags, fix illegal nesting, convert deprecated tags, validate CSS, preserve rich formatting
|
||||
* @author Marcelo Cuiza
|
||||
* @access protected
|
||||
* @param Array or String $input
|
||||
* @return Array or String $input
|
||||
*/
|
||||
function xssFilterHard($input)
|
||||
{
|
||||
require_once (PATH_THIRDPARTY . 'HTMLPurifier/HTMLPurifier.auto.php');
|
||||
//G::LoadThirdParty ('HTMLPurifier', 'HTMLPurifier.auto.php');
|
||||
$config = HTMLPurifier_Config::createDefault();
|
||||
$purifier = new HTMLPurifier($config);
|
||||
if(is_array($input)) {
|
||||
if(sizeof($input)) {
|
||||
foreach($input as $i => $val) {
|
||||
if(is_array($val) && sizeof($val)) {
|
||||
$input[$i] = $this->xssFilterHard($val);
|
||||
} else {
|
||||
$inputFiltered = $purifier->purify($val);
|
||||
$input[$i] = addslashes(htmlspecialchars($inputFiltered, ENT_COMPAT, 'UTF-8'));
|
||||
}
|
||||
}
|
||||
}
|
||||
return $input;
|
||||
} else {
|
||||
if(!isset($input) || trim($input) === '' || $input === NULL ) {
|
||||
return '';
|
||||
} else {
|
||||
$input = $purifier->purify($input);
|
||||
return addslashes(htmlspecialchars($input, ENT_COMPAT, 'UTF-8'));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Internal method: protect against SQL injenction
|
||||
* @author Marcelo Cuiza
|
||||
* @access protected
|
||||
* @param Array or String $value
|
||||
* @return Array or String $value
|
||||
*/
|
||||
function protectSql($value)
|
||||
{
|
||||
// Stripslashes
|
||||
if ( get_magic_quotes_gpc() ) {
|
||||
$value = stripslashes( $value );
|
||||
}
|
||||
// Quote if not a number or a numeric string
|
||||
if ( !is_numeric( $value ) )
|
||||
{
|
||||
$value = "'" . mysql_real_escape_string($value) . "'";
|
||||
}
|
||||
return $value;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -183,7 +183,10 @@ class System
|
||||
/* For distros with the lsb_release, this returns a one-line description of
|
||||
* the distro name, such as "CentOS release 5.3 (Final)" or "Ubuntu 10.10"
|
||||
*/
|
||||
$distro = exec( "lsb_release -d -s 2> /dev/null" );
|
||||
$distro = '';
|
||||
if (file_exists("/dev/")){ //Windows does not have this folder
|
||||
$distro = exec( "lsb_release -d -s 2> /dev/null" );
|
||||
}
|
||||
|
||||
/* For distros without lsb_release, we look for *release (such as
|
||||
* redhat-release, gentoo-release, SuSE-release, etc) or *version (such as
|
||||
|
||||
@@ -1033,34 +1033,42 @@ importProcessExistProcess = function()
|
||||
}, {
|
||||
xtype : 'spacer',
|
||||
height : 10
|
||||
}, {
|
||||
items : [
|
||||
{
|
||||
xtype : "radio",
|
||||
boxLabel : _('IMPORT_PROCESS_OVERWRITING'),
|
||||
name : "IMPORT_OPTION",
|
||||
inputValue : '1',
|
||||
tabIndex : 1
|
||||
}
|
||||
},
|
||||
{
|
||||
items: [
|
||||
{
|
||||
xtype: "radio",
|
||||
name: "IMPORT_OPTION",
|
||||
inputValue: "3",
|
||||
boxLabel: _("IMPORT_PROCESS_NEW"),
|
||||
tabIndex: 3,
|
||||
checked: "checked"
|
||||
}
|
||||
]
|
||||
}, {
|
||||
items : [{
|
||||
xtype : "radio",
|
||||
boxLabel : _('IMPORT_PROCESS_DISABLE'),
|
||||
tabIndex : 2,
|
||||
name : "IMPORT_OPTION",
|
||||
inputValue : '2',
|
||||
checked : "checked"
|
||||
}]
|
||||
}, {
|
||||
items: [{
|
||||
xtype : "radio",
|
||||
boxLabel : _('IMPORT_PROCESS_NEW'),
|
||||
name : "IMPORT_OPTION",
|
||||
inputValue : '3',
|
||||
tabIndex : 3
|
||||
}]
|
||||
}, {
|
||||
},
|
||||
//{
|
||||
// items: [
|
||||
// {
|
||||
// xtype: "radio",
|
||||
// name: "IMPORT_OPTION",
|
||||
// inputValue: "2",
|
||||
// boxLabel: _("IMPORT_PROCESS_DISABLE"),
|
||||
// tabIndex: 2
|
||||
// }
|
||||
// ]
|
||||
//},
|
||||
{
|
||||
items: [
|
||||
{
|
||||
xtype: "radio",
|
||||
name: "IMPORT_OPTION",
|
||||
inputValue: "1",
|
||||
boxLabel: _("IMPORT_PROCESS_OVERWRITING"),
|
||||
tabIndex: 1
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
xtype : 'hidden',
|
||||
name : 'ajaxAction',
|
||||
value : 'uploadFileNewProcessExist'
|
||||
|
||||
@@ -237,9 +237,11 @@ audit.application = {
|
||||
|
||||
handler: function ()
|
||||
{
|
||||
Ext.getCmp("cboAction").reset(),
|
||||
Ext.getCmp("dateFrom").reset(),
|
||||
Ext.getCmp("dateTo").reset(),
|
||||
Ext.getCmp("fldDescription").reset()
|
||||
Ext.getCmp("fldDescription").reset(),
|
||||
pagingAudit.moveFirst();
|
||||
}
|
||||
},
|
||||
"-",
|
||||
|
||||
Reference in New Issue
Block a user