Merged in bugfix/HOR-2783 (pull request #5463)

HOR-2783 Approved-by: Julio Cesar Laura Avendaño
2017-02-23 19:50:32 +00:00
parent 55bea03c6a b4d1624716
commit c7f72d971b
2 changed files with 121 additions and 136 deletions
--- a/workflow/engine/methods/processes/processes_doUpload.php
+++ b/workflow/engine/methods/processes/processes_doUpload.php
@@ -1,4 +1,5 @@
 <?php
+
 sleep(1);
 global $RBAC;
 if ($RBAC->userCanAccess('PM_FACTORY') == 1) {
@@ -25,13 +26,24 @@ if ( $RBAC->userCanAccess('PM_FACTORY') == 1) {
        }
    }

-    if ($_FILES['form']['error'] == "0") {
-        G::uploadFile( $_FILES['form']['tmp_name'], $sDirectory, $_FILES['form']['name'] );
-        $msg = "Uploaded (" . (round( (filesize( $sDirectory . $_FILES['form']['name'] ) / 1024) * 10 ) / 10) . " kb)";
+    $fileName = $_FILES['form']['name'];
+    $canUploadPhpFile = true;
+    $extension = pathinfo($fileName, PATHINFO_EXTENSION);
+    if (\Bootstrap::getDisablePhpUploadExecution() === 1 && $extension === 'php') {
+        $message = \G::LoadTranslation('THE_UPLOAD_OF_PHP_FILES_WAS_DISABLED');
+        \Bootstrap::registerMonologPhpUploadExecution('phpUpload', 550, $message, $fileName);
+        $canUploadPhpFile = false;
+    }
+
+    if ($_FILES['form']['error'] == "0" && $canUploadPhpFile) {
+        G::uploadFile($_FILES['form']['tmp_name'], $sDirectory, $fileName);
+        $msg = "Uploaded (" . (round((filesize($sDirectory . $fileName) / 1024) * 10) / 10) . " kb)";
        $result = 1;
-        //echo $sDirectory.$_FILES['form']['name'];
    } else {
        $msg = "Failed";
+        if ($canUploadPhpFile === false) {
+            $msg = $message;
+        }
        $result = 0;
    }

--- a/workflow/engine/templates/processes/processes_Upload.php
+++ b/workflow/engine/templates/processes/processes_Upload.php
@@ -16,55 +16,40 @@
        <script src="/js/jquery/jquery-1.3.2.min.js" type="text/javascript"></script>
        <script src="/js/jquery/jquery-ui-1.7.2.custom.min.js" type="text/javascript"></script>
        <script type="text/javascript" src="/js/jquery/ajaxupload.3.6.js"></script>
-
        <script type= "text/javascript">
-
            var cClient = window.parent.getBrowserClient();
-
            $(document).ready(function () {
-
-	/* example 1 */
                var button = $('#button1'), interval;
                new AjaxUpload(button, {
                    action: 'processes_doUpload', // I disabled uploads in this example for security reasons
-		//action: 'upload.htm',
                    name: 'form',
                    onSubmit: function (file, ext) {
-			
                        if (cClient.browser != 'msie') {
                            $("#uxmsg").html('Uploading...');
                            $("#uxmsg").fadeIn(2000);
-                //this.disable();
                            $('#button1').attr('disabled', true);
                        } else {
-               // document.getElementById("uxfiles").style.display = 'block';
-                //$("#uxmsg").html('Uploading....');
                            document.getElementById("uxfiles").innerHTML = 'Uploading...';
-                //document.getElementById("uxfiles").style.display = 'block';
                        }
-    		
                        if (cClient.browser != 'msie') {
                            interval = window.setInterval(function () {
-				
                                var text = button.text();
                                if (text.length < 13) {
                                    button.text(text + '.');
                                } else {
                                    button.text('Uploading');
                                }
-                
                            }, 200);
                        }

                    },
                    onComplete: function (file, response) {
-           
                        parent.xReaload();
-                
-			    if(file.length>24) file = file.substr(0,24) + '..';
-			    
+                        if (file.length > 24) {
+                            file = file.substr(0, 24) + '..';
+                        }
                        resp = eval("(" + response + ")");
-			    xcolor = resp.result? 'green': red;
+                        xcolor = resp.result ? 'green' : 'red';
                        if (cClient.browser != 'msie') {
                            $("#uxmsg").fadeOut(1500, function () {
                                $("#uxmsg").fadeIn(1100);
@@ -72,24 +57,14 @@ $(document).ready(function(){
                            });
                        } else {
                            document.getElementById("uxfiles").innerHTML = '<font color=black>' + file + '</font> <font color=' + xcolor + '>' + resp.msg + '<font>';
-                    // document.getElementById("uxfiles").style.display = 'block';
                        }
                        button.text('Upload++');
                        window.clearInterval(interval);
-                
                        document.getElementById('button1').disabled = false;
                        $('#button1').attr('disabled', false);
-                //alert(document.getElementById('button1').id);
-			    //parent.xReaload();
-			    //setTimeout('xclear()', 4000);
                    }
                });
-
-
-	
-	
            });
-
            var xclear = function () {
                if (cClient.browser != 'msie') {
                    $("#uxmsg").fadeOut(1500);
@@ -97,8 +72,6 @@ var xclear = function(){
                    $("#uxfiles").html('');
                }
            }
-
-
        </script>
    </head>
    <body>