diff --git a/gulliver/system/class.inputfilter.php b/gulliver/system/class.inputfilter.php index d3f6c9c4f..e512d97f0 100644 --- a/gulliver/system/class.inputfilter.php +++ b/gulliver/system/class.inputfilter.php @@ -364,5 +364,90 @@ class InputFilter } return $string; } + + /** + * Internal method removes tags/special characters from a string + * @author Marcelo Cuiza + * @access protected + * @param Array or String $input + * @return Array or String $input + */ + public function xssFilter($input) + { + if(is_array($input)) { + if(sizeof($input)) { + foreach($input as $i => $val) { + if(is_array($val) && sizeof($val)) { + $input[$i] = $this->xssFilter($val); + } else { + $input[$i] = addslashes(htmlspecialchars(filter_var($val, FILTER_SANITIZE_STRING), ENT_COMPAT, 'UTF-8')); + } + } + } + return $input; + } else { + if(!isset($input) || trim($input) === '' || $input === NULL ) { + return ''; + } else { + return addslashes(htmlspecialchars(filter_var($input, FILTER_SANITIZE_STRING), ENT_COMPAT, 'UTF-8')); + } + } + } + + /** + * Internal method: remove malicious code, fix missing end tags, fix illegal nesting, convert deprecated tags, validate CSS, preserve rich formatting + * @author Marcelo Cuiza + * @access protected + * @param Array or String $input + * @return Array or String $input + */ + function xssFilterHard($input) + { + require_once (PATH_THIRDPARTY . 'HTMLPurifier/HTMLPurifier.auto.php'); + //G::LoadThirdParty ('HTMLPurifier', 'HTMLPurifier.auto.php'); + $config = HTMLPurifier_Config::createDefault(); + $purifier = new HTMLPurifier($config); + if(is_array($input)) { + if(sizeof($input)) { + foreach($input as $i => $val) { + if(is_array($val) && sizeof($val)) { + $input[$i] = $this->xssFilterHard($val); + } else { + $inputFiltered = $purifier->purify($val); + $input[$i] = addslashes(htmlspecialchars($inputFiltered, ENT_COMPAT, 'UTF-8')); + } + } + } + return $input; + } else { + if(!isset($input) || trim($input) === '' || $input === NULL ) { + return ''; + } else { + $input = $purifier->purify($input); + return addslashes(htmlspecialchars($input, ENT_COMPAT, 'UTF-8')); + } + } + } + + /** + * Internal method: protect against SQL injenction + * @author Marcelo Cuiza + * @access protected + * @param Array or String $value + * @return Array or String $value + */ + function protectSql($value) + { + // Stripslashes + if ( get_magic_quotes_gpc() ) { + $value = stripslashes( $value ); + } + // Quote if not a number or a numeric string + if ( !is_numeric( $value ) ) + { + $value = "'" . mysql_real_escape_string($value) . "'"; + } + return $value; + } } diff --git a/workflow/engine/classes/class.system.php b/workflow/engine/classes/class.system.php index 1ec808e89..4e11f5f96 100755 --- a/workflow/engine/classes/class.system.php +++ b/workflow/engine/classes/class.system.php @@ -183,7 +183,10 @@ class System /* For distros with the lsb_release, this returns a one-line description of * the distro name, such as "CentOS release 5.3 (Final)" or "Ubuntu 10.10" */ - $distro = exec( "lsb_release -d -s 2> /dev/null" ); + $distro = ''; + if (file_exists("/dev/")){ //Windows does not have this folder + $distro = exec( "lsb_release -d -s 2> /dev/null" ); + } /* For distros without lsb_release, we look for *release (such as * redhat-release, gentoo-release, SuSE-release, etc) or *version (such as diff --git a/workflow/engine/templates/processes/main.js b/workflow/engine/templates/processes/main.js index 23a5a3c76..8641c838b 100755 --- a/workflow/engine/templates/processes/main.js +++ b/workflow/engine/templates/processes/main.js @@ -1033,34 +1033,42 @@ importProcessExistProcess = function() }, { xtype : 'spacer', height : 10 - }, { - items : [ - { - xtype : "radio", - boxLabel : _('IMPORT_PROCESS_OVERWRITING'), - name : "IMPORT_OPTION", - inputValue : '1', - tabIndex : 1 - } + }, + { + items: [ + { + xtype: "radio", + name: "IMPORT_OPTION", + inputValue: "3", + boxLabel: _("IMPORT_PROCESS_NEW"), + tabIndex: 3, + checked: "checked" + } ] - }, { - items : [{ - xtype : "radio", - boxLabel : _('IMPORT_PROCESS_DISABLE'), - tabIndex : 2, - name : "IMPORT_OPTION", - inputValue : '2', - checked : "checked" - }] - }, { - items: [{ - xtype : "radio", - boxLabel : _('IMPORT_PROCESS_NEW'), - name : "IMPORT_OPTION", - inputValue : '3', - tabIndex : 3 - }] - }, { + }, + //{ + // items: [ + // { + // xtype: "radio", + // name: "IMPORT_OPTION", + // inputValue: "2", + // boxLabel: _("IMPORT_PROCESS_DISABLE"), + // tabIndex: 2 + // } + // ] + //}, + { + items: [ + { + xtype: "radio", + name: "IMPORT_OPTION", + inputValue: "1", + boxLabel: _("IMPORT_PROCESS_OVERWRITING"), + tabIndex: 1 + } + ] + }, + { xtype : 'hidden', name : 'ajaxAction', value : 'uploadFileNewProcessExist' diff --git a/workflow/engine/templates/setup/auditLog.js b/workflow/engine/templates/setup/auditLog.js index 924abb1d9..b16e4de6f 100644 --- a/workflow/engine/templates/setup/auditLog.js +++ b/workflow/engine/templates/setup/auditLog.js @@ -237,9 +237,11 @@ audit.application = { handler: function () { + Ext.getCmp("cboAction").reset(), Ext.getCmp("dateFrom").reset(), Ext.getCmp("dateTo").reset(), - Ext.getCmp("fldDescription").reset() + Ext.getCmp("fldDescription").reset(), + pagingAudit.moveFirst(); } }, "-",