Merge remote-tracking branch 'origin/develop' into feature/PMCORE-3140

workflow/engine/methods/cases/cases_CatchSelfService.php

@@ -78,8 +78,7 @@ if (
 
     // Get the label of previous task
     if (!empty($fieldsDelegation['TAS_ID'])) {
-        $taskInstance = new ModelTask();
-        $fieldsCase['PREVIOUS_TASK'] = $taskInstance->title($fieldsDelegation['TAS_ID']);
+        $fieldsCase['PREVIOUS_TASK'] = ModelTask::title($fieldsDelegation['TAS_ID'])['title'];
     }
 
     // To enable information (dynaforms, steps) before claim a case

workflow/engine/methods/login/authentication.php

@@ -15,8 +15,9 @@ try {
         $urlLogin = (substr(SYS_SKIN, 0, 2) !== 'ux')? 'login' : '../main/login';
     }
 
+    $cookieOptions = Bootstrap::buildCookieOptions(['expires' => time() + (24 * 60 * 60)]);
     if (!$RBAC->singleSignOn) {
-        setcookie("singleSignOn", '0', time() + (24 * 60 * 60), '/');
+        setcookie('singleSignOn', '0', $cookieOptions);
         if (!isset($_POST['form']) ) {
             G::SendTemporalMessage ('ID_USER_HAVENT_RIGHTS_SYSTEM', 'error');
             G::header('Location: login');
@@ -181,7 +182,7 @@ try {
         EnterpriseClass::enterpriseSystemUpdate($loginInfo);
         initUserSession($uid, $usr);
     } else {
-        setcookie("singleSignOn", '1', time() + (24 * 60 * 60), '/');
+        setcookie('singleSignOn', '1', $cookieOptions);
         $uid = $RBAC->userObj->fields['USR_UID'];
         $usr = $RBAC->userObj->fields['USR_USERNAME'];
         initUserSession($uid, $usr);
@@ -416,7 +417,7 @@ try {
     $configS = System::getSystemConfiguration('', '', config("system.workspace"));
     $activeSession = isset($configS['session_block']) ? !(int)$configS['session_block']:true;
     if ($activeSession){
-        setcookie("PM-TabPrimary", 101010010, time() + (24 * 60 * 60), '/');
+        setcookie('PM-TabPrimary', 101010010, $cookieOptions);
     }
 
     // Update the User's last login date

workflow/engine/methods/login/authenticationSso.php

@@ -81,8 +81,8 @@ try {
         }
     }
     /*----------------------------------********---------------------------------*/
-
-    setcookie('singleSignOn', '1', time() + (24 * 60 * 60), '/');
+    $cookieOptions = Bootstrap::buildCookieOptions(['expires' => time() + (24 * 60 * 60)]);
+    setcookie('singleSignOn', '1', $cookieOptions);
 
     initUserSession(
         $_SESSION['__USER_LOGGED_SSO__'],

workflow/engine/methods/login/login.php

@@ -1,27 +1,4 @@
 <?php
-/**
- * login.php
- *
- * ProcessMaker Open Source Edition
- * Copyright (C) 2004 - 2008 Colosa Inc.23
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- *
- * For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
- * Coral Gables, FL, 33134, USA, or email info@colosa.com.
- *
- */
 
 use ProcessMaker\Core\System;
 use ProcessMaker\Plugins\PluginRegistry;
@@ -182,11 +159,11 @@ if (isset($_SESSION['USER_LOGGED'])) {
 session_start();
 session_regenerate_id();
 
-if (PHP_VERSION < 5.2) {
-    setcookie("workspaceSkin", SYS_SKIN, time() + (24 * 60 * 60), "/sys" . config("system.workspace"), "; HttpOnly");
-} else {
-    setcookie("workspaceSkin", SYS_SKIN, time() + (24 * 60 * 60), "/sys" . config("system.workspace"), null, false, true);
-}
+$cookieOptions = Bootstrap::buildCookieOptions(['expires' => time() + (24 * 60 * 60), 'httponly' => true]);
+setcookie(session_name(), session_id(), $cookieOptions);
+
+$cookieOptions = Bootstrap::buildCookieOptions(['expires' => time() + (24 * 60 * 60), 'path' => '/sys' . config('system.workspace'), 'httponly' => true]);
+setcookie('workspaceSkin', SYS_SKIN, $cookieOptions);
 
 if (strlen($msg) > 0) {
     $_SESSION['G_MESSAGE'] = $msg;
@@ -323,14 +300,16 @@ $flagForgotPassword = isset($oConf->aConfig['login_enableForgotPassword'])
                       ? $oConf->aConfig['login_enableForgotPassword']
                       : 'off';
 
-setcookie('PM-Warning', trim(G::LoadTranslation('ID_BLOCKER_MSG'), '*'), time() + (24 * 60 * 60), SYS_URI);
+$cookieOptions = Bootstrap::buildCookieOptions(['expires' => time() + (24 * 60 * 60), 'path' => SYS_URI]);
+setcookie('PM-Warning', trim(G::LoadTranslation('ID_BLOCKER_MSG'), '*'), $cookieOptions);
 
 $configS = System::getSystemConfiguration('', '', config("system.workspace"));
 $activeSession = isset($configS['session_block']) ? !(int)$configS['session_block'] : true;
+$cookieOptions = Bootstrap::buildCookieOptions(['expires' => time() + (24 * 60 * 60)]);
 if ($activeSession) {
-    setcookie("PM-TabPrimary", 101010010, time() + (24 * 60 * 60), '/');
+    setcookie('PM-TabPrimary', 101010010, $cookieOptions);
 } else {
-    setcookie("PM-TabPrimary", uniqid(), time() + (24 * 60 * 60), '/');
+    setcookie('PM-TabPrimary', uniqid(), $cookieOptions);
 }
 
 $oHeadPublisher->addScriptCode("var flagForgotPassword = '$flagForgotPassword';");

workflow/engine/methods/login/sysLogin.php

@@ -1,28 +1,5 @@
 <?php
-/**
- * sysLogin.php
- *
- * ProcessMaker Open Source Edition
- * Copyright (C) 2004 - 2008 Colosa Inc.23
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- *
- * For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
- * Coral Gables, FL, 33134, USA, or email info@colosa.com.
- *
- */
-/*----------------------------------********---------------------------------*/
+
 //Browser Compatibility
 $browserSupported = G::checkBrowserCompatibility();
 if ($browserSupported==false) {
@@ -50,11 +27,14 @@ if (!empty($_SESSION['G_MESSAGE_TYPE'])) {
 }
 
 //Initialize session
-
 @session_destroy();
 session_start();
 session_regenerate_id();
 
+//Set options for PHP session cookie
+$cookieOptions = Bootstrap::buildCookieOptions(['expires' => time() + (24 * 60 * 60), 'httponly' => true]);
+setcookie(session_name(), session_id(), $cookieOptions);
+
 //Restore session variables
 $_SESSION = array_merge($_SESSION, $arraySession);
 
@@ -169,8 +149,12 @@ switch (WS_IN_LOGIN) {
         $fileLogin = 'login/sysLogin';
         break;
 }
-setcookie("PM-Warning", trim(G::LoadTranslation('ID_BLOCKER_MSG'), '*'), time() + (24 * 60 * 60), SYS_CURRENT_URI);
-setcookie("PM-TabPrimary", uniqid(), time() + (24 * 60 * 60), '/');
+$cookieOptions = Bootstrap::buildCookieOptions(['expires' => time() + (24 * 60 * 60), 'path' => SYS_CURRENT_URI]);
+setcookie('PM-Warning', trim(G::LoadTranslation('ID_BLOCKER_MSG'), '*'), $cookieOptions);
+
+$cookieOptions = Bootstrap::buildCookieOptions(['expires' => time() + (24 * 60 * 60)]);
+setcookie('PM-TabPrimary', uniqid(), $cookieOptions);
+
 $oHeadPublisher = headPublisher::getSingleton();
 $oHeadPublisher->addScriptFile('/jscore/src/PM.js');
 $oHeadPublisher->addScriptFile('/jscore/src/Sessions.js');

workflow/engine/methods/services/ActionsByEmailDataForm.php

@@ -34,6 +34,9 @@ if (isset($_GET['BROWSER_TIME_ZONE_OFFSET'])) {
 
             $caseFields = $case->loadCase($applicationUid, $delIndex);
 
+            //this value is only important for Propel::getConnection()
+            $_SESSION['PROCESS'] = $caseFields['PRO_UID'];
+
             // Updating case variables with system constants
             $systemConstants = G::getSystemConstants();
             $caseFields['APP_DATA']['USER_LOGGED'] = $systemConstants['USER_LOGGED'];