fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Revert PMC-602

Browse Source
This commit is contained in:
Julio Cesar Laura Avendaño
2019-06-11 10:14:02 -04:00
parent f427403835
commit cc51c76b12
8 changed files with 143 additions and 512 deletions
Download Patch File Download Diff File Expand all files Collapse all files

103
gulliver/system/class.g.php
View File

@@ -1637,15 +1637,12 @@ class G
/** /**
* Escapes special characters in a string for use in a SQL statement * Escapes special characters in a string for use in a SQL statement
* @param string $sqlString The string to be escaped * @param string $sqlString The string to be escaped
* @param string $dbEngine Target DBMS * @param string $DBEngine Target DBMS
*
* @return string
*/ */
public static function sqlEscape($sqlString, $dbEngine = DB_ADAPTER) public function sqlEscape($sqlString, $DBEngine = DB_ADAPTER)
{ {
// @todo: Research why always this value is set with the same constant? $DBEngine = DB_ADAPTER;
$dbEngine = DB_ADAPTER; switch ($DBEngine) {
switch ($dbEngine) {
case 'mysql': case 'mysql':
$con = Propel::getConnection('workflow'); $con = Propel::getConnection('workflow');
return mysqli_real_escape_string($con->getResource(), stripslashes($sqlString)); return mysqli_real_escape_string($con->getResource(), stripslashes($sqlString));
@@ -1692,15 +1689,9 @@ class G
* @# Non-quoted parameter * @# Non-quoted parameter
* @! Evaluate string : Replace the parameters in value and then in the sql string * @! Evaluate string : Replace the parameters in value and then in the sql string
* @fn() Evaluate string with the function "fn" * @fn() Evaluate string with the function "fn"
* * @author David Callizaya <calidavidx21@hotmail.com>
* @param string $sqlString
* @param array $result
* @param string $dbEngine
* @param bool $applyHtmlEntities
*
* @return string
*/ */
public static function replaceDataField($sqlString, $result, $dbEngine = 'mysql', $applyHtmlEntities = false) public static function replaceDataField($sqlString, $result, $DBEngine = 'mysql')
{ {
if (!is_array($result)) { if (!is_array($result)) {
$result = array(); $result = array();
@@ -1719,12 +1710,7 @@ class G
$u = $match[0][$r][1] + strlen($match[0][$r][0]); $u = $match[0][$r][1] + strlen($match[0][$r][0]);
//Mysql quotes scape //Mysql quotes scape
if (($match[1][$r][0] == '@') && (isset($result[$match[2][$r][0]]))) { if (($match[1][$r][0] == '@') && (isset($result[$match[2][$r][0]]))) {
$text = ($applyHtmlEntities && !stringIsValidHtml($result[$match[2][$r][0]])) ? $__textoEval .= "\"" . G::sqlEscape($result[$match[2][$r][0]], $DBEngine) . "\"";
htmlentities(G::unhtmlentities($result[$match[2][$r][0]]), ENT_COMPAT, 'UTF-8') :
$result[$match[2][$r][0]];
// Replenish the tag <br /> because is valid
$text = str_replace('&lt;br /&gt;', '<br />', $text);
$__textoEval .= "\"" . G::sqlEscape($text, $dbEngine) . "\"";
continue; continue;
} }
//URL encode //URL encode
@@ -1744,7 +1730,7 @@ class G
} }
//Substring (Sub replaceDataField) //Substring (Sub replaceDataField)
if (($match[1][$r][0] == '!') && (isset($result[$match[2][$r][0]]))) { if (($match[1][$r][0] == '!') && (isset($result[$match[2][$r][0]]))) {
$__textoEval .= G::replaceDataField($result[$match[2][$r][0]], $result, $dbEngine, $applyHtmlEntities); $__textoEval .= G::replaceDataField($result[$match[2][$r][0]], $result);
continue; continue;
} }
//Call function //Call function
@@ -1762,33 +1748,18 @@ class G
} }
//Non-quoted //Non-quoted
if (($match[1][$r][0] == '#') && (isset($result[$match[2][$r][0]]))) { if (($match[1][$r][0] == '#') && (isset($result[$match[2][$r][0]]))) {
$text = ($applyHtmlEntities && !stringIsValidHtml($result[$match[2][$r][0]]) && $match[2][$r][0] !== '__ABE__') ? $__textoEval .= G::replaceDataField($result[$match[2][$r][0]], $result);
htmlentities(G::unhtmlentities($result[$match[2][$r][0]]), ENT_COMPAT, 'UTF-8') :
$result[$match[2][$r][0]];
// Replenish the tag <br /> because is valid
$text = str_replace('&lt;br /&gt;', '<br />', $text);
$__textoEval .= G::replaceDataField($text, $result);
continue; continue;
} }
//Non-quoted = //Non-quoted =
if (($match[1][$r][0] == '=') && (isset($result[$match[2][$r][0]]))) { if (($match[1][$r][0] == '=') && (isset($result[$match[2][$r][0]]))) {
$text = ($applyHtmlEntities && !stringIsValidHtml($result[$match[2][$r][0]]) && $match[2][$r][0] !== '__ABE__') ? $__textoEval .= G::replaceDataField($result[$match[2][$r][0]], $result);
htmlentities(G::unhtmlentities($result[$match[2][$r][0]]), ENT_COMPAT, 'UTF-8') :
$result[$match[2][$r][0]];
// Replenish the tag <br /> because is valid
$text = str_replace('&lt;br /&gt;', '<br />', $text);
$__textoEval .= G::replaceDataField($text, $result);
continue; continue;
} }
//Objects attributes //Objects attributes
if (($match[1][$r][0] == '&') && (isset($result[$match[2][$r][0]]))) { if (($match[1][$r][0] == '&') && (isset($result[$match[2][$r][0]]))) {
if (isset($result[$match[2][$r][0]]->{$match[6][$r][0]})) { if (isset($result[$match[2][$r][0]]->{$match[6][$r][0]})) {
$text = ($applyHtmlEntities && !stringIsValidHtml($result[$match[2][$r][0]]->{$match[6][$r][0]})) ? $__textoEval .= $result[$match[2][$r][0]]->{$match[6][$r][0]};
htmlentities(G::unhtmlentities($result[$match[2][$r][0]]->{$match[6][$r][0]}), ENT_COMPAT, 'UTF-8') :
$result[$match[2][$r][0]]->{$match[6][$r][0]};
// Replenish the tag <br /> because is valid
$text = str_replace('&lt;br /&gt;', '<br />', $text);
$__textoEval .= $text;
} }
continue; continue;
} }
@@ -1800,35 +1771,27 @@ class G
} }
/** /**
* Replace Grid Values in a string. * Replace Grid Values
* The tag @>GRID-NAME to open the grid and @<GRID-NAME to close the grid, * The tag @>GRID-NAME to open the grid and @<GRID-NAME to close the grid,
* *
* @param string $content * @param type String $sContent
* @param array $fields * @param type Array $aFields
* @param bool $nl2brRecursive * @return type String
* @param bool $applyHtmlEntities
*
* @return string
*
* @see \Cases->sendMessage()
* @see \WsBase->sendMessage()
* @see \OutputDocument->generate()
* @see \ProcessMaker\BusinessModel\Cases\OutputDocument->generate()
*/ */
public static function replaceDataGridField($content, $fields, $nl2brRecursive = true, $applyHtmlEntities = false) public static function replaceDataGridField($sContent, $aFields, $nl2brRecursive = true)
{ {
$nrt = array("\n", "\r", "\t"); $nrt = array("\n", "\r", "\t");
$nrthtml = array("(n /)", "(r /)", "(t /)"); $nrthtml = array("(n /)", "(r /)", "(t /)");
$strContentAux = str_replace($nrt, $nrthtml, $content); $sContent = G::unhtmlentities($sContent);
$strContentAux = str_replace($nrt, $nrthtml, $sContent);
$occurrences = preg_match_all('/\@(?:([\>])([a-zA-Z\_]\w*)|([a-zA-Z\_][\w\-\>\:]*)\(((?:[^\\\\\)]*(?:[\\\\][\w\W])?)*)\))((?:\s*\[[\'"]?\w+[\'"]?\])+)?/', $iOcurrences = preg_match_all('/\@(?:([\>])([a-zA-Z\_]\w*)|([a-zA-Z\_][\w\-\>\:]*)\(((?:[^\\\\\)]*(?:[\\\\][\w\W])?)*)\))((?:\s*\[[\'"]?\w+[\'"]?\])+)?/', $strContentAux, $arrayMatch1, PREG_PATTERN_ORDER | PREG_OFFSET_CAPTURE);
$strContentAux, $arrayMatch1, PREG_PATTERN_ORDER | PREG_OFFSET_CAPTURE);
if ($occurrences) { if ($iOcurrences) {
$arrayGrid = array(); $arrayGrid = array();
for ($i = 0; $i <= $occurrences - 1; $i++) { for ($i = 0; $i <= $iOcurrences - 1; $i++) {
$arrayGrid[] = $arrayMatch1[2][$i][0]; $arrayGrid[] = $arrayMatch1[2][$i][0];
} }
@@ -1854,16 +1817,16 @@ class G
while (preg_match($ereg, $strContentAux1, $arrayMatch2)) { while (preg_match($ereg, $strContentAux1, $arrayMatch2)) {
$strData = null; $strData = null;
if (isset($fields[$grdName]) && is_array($fields[$grdName])) { if (isset($aFields[$grdName]) && is_array($aFields[$grdName])) {
foreach ($fields[$grdName] as $aRow) { foreach ($aFields[$grdName] as $aRow) {
if ($nl2brRecursive) { if ($nl2brRecursive) {
foreach ($aRow as $key => $item) { foreach ($aRow as $sKey => $vValue) {
if (!is_array($item)) { if (!is_array($vValue)) {
$aRow[$key] = str_replace($nrt, $nrthtml, nl2br($aRow[$key])); $aRow[$sKey] = str_replace($nrt, $nrthtml, nl2br($aRow[$sKey]));
} }
} }
} }
$strData = $strData . G::replaceDataField($arrayMatch2[2], $aRow, 'mysql', $applyHtmlEntities); $strData = $strData . G::replaceDataField($arrayMatch2[2], $aRow);
} }
} }
@@ -1878,19 +1841,19 @@ class G
$strContentAux = str_replace($nrthtml, $nrt, $strContentAux); $strContentAux = str_replace($nrthtml, $nrt, $strContentAux);
$content = $strContentAux; $sContent = $strContentAux;
if ($nl2brRecursive) { if ($nl2brRecursive) {
foreach ($fields as $key => $item) { foreach ($aFields as $sKey => $vValue) {
if (!is_array($item) && !is_object($item)) { if (!is_array($vValue) && !is_object($vValue)) {
$fields[$key] = nl2br($fields[$key]); $aFields[$sKey] = nl2br($aFields[$sKey]);
} }
} }
} }
$content = G::replaceDataField($content, $fields, 'mysql', $applyHtmlEntities); $sContent = G::replaceDataField($sContent, $aFields);
return $content; return $sContent;
} }
/** /**

1
tests/bootstrap.php
View File

@@ -28,7 +28,6 @@ define('PATH_DB', dirname(__DIR__) . '/shared/sites/');
define('PATH_SEP', '/'); define('PATH_SEP', '/');
define('PATH_METHODS', dirname(__DIR__) . '/workflow/engine/methods/'); define('PATH_METHODS', dirname(__DIR__) . '/workflow/engine/methods/');
define('SYS_LANG', 'en'); define('SYS_LANG', 'en');
define('DB_ADAPTER', 'mysql');
define('SYS_SKIN', 'neoclassic'); define('SYS_SKIN', 'neoclassic');
define('SYS_SYS', env('MAIN_SYS_SYS', 'workflow')); define('SYS_SYS', env('MAIN_SYS_SYS', 'workflow'));
define('PATH_WORKSPACE', PATH_TRUNK . '/shared/sites/' . SYS_SYS . '/'); define('PATH_WORKSPACE', PATH_TRUNK . '/shared/sites/' . SYS_SYS . '/');

280
tests/unit/gulliver/system/ReplaceDataFieldTest.php
View File

@@ -1,280 +0,0 @@
<?php
use Tests\TestCase;
class ReplaceDataFieldTest extends TestCase
{
/**
* This checks that strings with HTML reserved characters are replaced with entities
* @test
* @covers G::replaceDataField
*/
public function it_should_replace_entities()
{
// Initializing Faker instance
$faker = Faker\Factory::create();
// Initializing variables to use that will not change
$stringWithVariablesToReplace = 'Hello @@var1 the @#var2 is @=var3 not @&var4->value';
$dbEngine = 'mysql'; // This only affects the way to escape the variables with "@@" prefix
$applyEntities = true; // If a value to replace is a not valid HTML and have HTML reserved characters, entities should be applied
// Initializing variables to test the assertions, entities should be applied in variable with @@
$var4 = new stdClass();
$var4->value = $faker->words(1, true);
$valuesToReplace = [
'var1' => 'Java < PHP & Python',
'var2' => $faker->words(1, true),
'var3' => $faker->words(1, true),
'var4' => $var4
];
// Replace variables in the string
$stringToCheck = G::replaceDataField($stringWithVariablesToReplace, $valuesToReplace, $dbEngine, $applyEntities);
// Assertions
$this->assertRegExp('/&lt;/', $stringToCheck);
$this->assertRegExp('/&amp;/', $stringToCheck);
// Initializing variables to test the assertions, entities should be applied in variable with @#
$var4 = new stdClass();
$var4->value = $faker->words(1, true);
$valuesToReplace = [
'var1' => $faker->words(1, true),
'var2' => 'Java < PHP & Python',
'var3' => $faker->words(1, true),
'var4' => $var4
];
// Replace variables in the string
$stringToCheck = G::replaceDataField($stringWithVariablesToReplace, $valuesToReplace, $dbEngine, $applyEntities);
// Assertions
$this->assertRegExp('/&lt;/', $stringToCheck);
$this->assertRegExp('/&amp;/', $stringToCheck);
// Initializing variables to test the assertions, entities should be applied in variable with @=
$var4 = new stdClass();
$var4->value = $faker->words(1, true);
$valuesToReplace = [
'var1' => $faker->words(1, true),
'var2' => $faker->words(1, true),
'var3' => 'Java < PHP & Python',
'var4' => $var4
];
// Replace variables in the string
$stringToCheck = G::replaceDataField($stringWithVariablesToReplace, $valuesToReplace, $dbEngine, $applyEntities);
// Assertions
$this->assertRegExp('/&lt;/', $stringToCheck);
$this->assertRegExp('/&amp;/', $stringToCheck);
// Initializing variables to test the assertions, entities should be applied in variable with @&
$var4 = new stdClass();
$var4->value = 'Java < PHP & Python';
$valuesToReplace = [
'var1' => $faker->words(1, true),
'var2' => $faker->words(1, true),
'var3' => $faker->words(1, true),
'var4' => $var4
];
// Replace variables in the string
$stringToCheck = G::replaceDataField($stringWithVariablesToReplace, $valuesToReplace, $dbEngine, $applyEntities);
// Assertions
$this->assertRegExp('/&lt;/', $stringToCheck);
$this->assertRegExp('/&amp;/', $stringToCheck);
}
/**
* This checks that strings with HTML reserved characters are NOT replaced with entities
* @test
* @covers G::replaceDataField
*/
public function it_should_no_replace_entities()
{
// Initializing Faker instance
$faker = Faker\Factory::create();
// Initializing variables to use that will not change
$stringWithVariablesToReplace = 'Hello @@var1 the @#var2 is @=var3 not @&var4->value';
$dbEngine = 'mysql'; // This only affects the way to escape the variables with "@@" prefix
$applyEntities = false; // The values should not be replaced with entities
// Initializing variables to test the assertions, entities should be applied in variable with @@
$var4 = new stdClass();
$var4->value = $faker->words(1, true);
$valuesToReplace = [
'var1' => 'Java < PHP & Python',
'var2' => $faker->words(1, true),
'var3' => $faker->words(1, true),
'var4' => $var4
];
// Replace variables in the string
$stringToCheck = G::replaceDataField($stringWithVariablesToReplace, $valuesToReplace, $dbEngine, $applyEntities);
// Assertions
$this->assertRegExp('/</', $stringToCheck);
$this->assertRegExp('/&/', $stringToCheck);
// Initializing variables to test the assertions, entities should be applied in variable with @#
$var4 = new stdClass();
$var4->value = $faker->words(1, true);
$valuesToReplace = [
'var1' => $faker->words(1, true),
'var2' => 'Java < PHP & Python',
'var3' => $faker->words(1, true),
'var4' => $var4
];
// Replace variables in the string
$stringToCheck = G::replaceDataField($stringWithVariablesToReplace, $valuesToReplace, $dbEngine, $applyEntities);
// Assertions
$this->assertRegExp('/</', $stringToCheck);
$this->assertRegExp('/&/', $stringToCheck);
// Initializing variables to test the assertions, entities should be applied in variable with @=
$var4 = new stdClass();
$var4->value = $faker->words(1, true);
$valuesToReplace = [
'var1' => $faker->words(1, true),
'var2' => $faker->words(1, true),
'var3' => 'Java < PHP & Python',
'var4' => $var4
];
// Replace variables in the string
$stringToCheck = G::replaceDataField($stringWithVariablesToReplace, $valuesToReplace, $dbEngine, $applyEntities);
// Assertions
$this->assertRegExp('/</', $stringToCheck);
$this->assertRegExp('/&/', $stringToCheck);
// Initializing variables to test the assertions, entities should be applied in variable with @&
$var4 = new stdClass();
$var4->value = 'Java < PHP & Python';
$valuesToReplace = [
'var1' => $faker->words(1, true),
'var2' => $faker->words(1, true),
'var3' => $faker->words(1, true),
'var4' => $var4
];
// Replace variables in the string
$stringToCheck = G::replaceDataField($stringWithVariablesToReplace, $valuesToReplace, $dbEngine, $applyEntities);
// Assertions
$this->assertRegExp('/</', $stringToCheck);
$this->assertRegExp('/&/', $stringToCheck);
}
/**
* This checks that strings with HTML reserved characters are NOT replaced with entities if is a valid HTML, because
* PS team sometimes build a HTML string to insert in templates (output documents or emails), Ex.- A table to list
* users or results from a query
* @test
* @covers G::replaceDataField
*/
public function it_should_no_replace_entities_if_exists_valid_html()
{
// Initializing Faker instance
$faker = Faker\Factory::create();
// Initializing variables to use
$stringWithVariablesToReplace = 'bla @#var1 bla @=listHtml bla @@var2 bla';
$valuesToReplace = [
'var1' => $faker->words(1, true),
'listHtml' => '<table>
<tr>
<th>t1</th>
<th>t2</th>
<th>t3</th>
<th>t4</th>
<th>t5</th>
<th>t6</th>
</tr>
<tr>
<td>c1</td>
<td>c2</td>
<td>c3</td>
<td>c4</td>
<td>c5</td>
<td>c6</td>
</tr>
</table>',
'var2' => $faker->words(1, true)
];
$dbEngine = 'mysql'; // This only affects the way to escape the variables with "@@" prefix
$applyEntities = true; // Is true because the string will b used in a output document or a email template
// Replace variables in the string
$stringToCheck = G::replaceDataField($stringWithVariablesToReplace, $valuesToReplace, $dbEngine, $applyEntities);
// Assertions
$this->assertRegExp('/<table>/', $stringToCheck);
$this->assertRegExp('/<tr>/', $stringToCheck);
$this->assertRegExp('/<th>/', $stringToCheck);
$this->assertRegExp('/<td>/', $stringToCheck);
}
/**
* This checks that strings with tag <br /> should not be replaced, because is a valid tag
* @test
* @covers G::replaceDataField
*/
public function it_should_no_replace_tag_br()
{
// Initializing variables to use
$stringWithTagBr = nl2br("prospection auprès d'entreprises de CA < 10 M euros
test
<a
>a
&a
\"a
'a
¢a
£a
¥a
€a
©a
®a
test");
$valuesToReplace = [];
$dbEngine = 'mysql'; // This only affects the way to escape the variables with "@@" prefix
$applyEntities = true; // Is true because the string will be used in a output document or a email template
// Replace variables in the string
$stringToCheck = G::replaceDataField($stringWithTagBr, $valuesToReplace, $dbEngine, $applyEntities);
// Assertions
$this->assertRegExp("/<br \/>/", $stringToCheck);
}
/**
* Check that the value for the System variable "__ABE__" should not be replaced never
* @test
* @covers G::replaceDataField
*/
public function it_should_no_replace_entities_for_var_abe()
{
// Initializing variables to use
$string = "bla @#__ABE__ bla @#anotherVar bla";
$valuesToReplace = [// Add a value for reserved system variable "__ABE__" used in Actions By Email feature
'__ABE__' => 'Java < PHP', // The value for System variable "__ABE__" shouldn't be changed never
'anotherVar' => '.NET < Java' // The value for another variables should be validated/replaced normally
];
$dbEngine = 'mysql'; // This only affects the way to escape the variables with "@@" prefix
$applyEntities = true; // Is true because the string will be used in a output document or a email template
// Replace variables in the string
$stringToCheck = G::replaceDataField($string, $valuesToReplace, $dbEngine, $applyEntities);
// Assertions
$this->assertRegExp("/Java < PHP/", $stringToCheck);
$this->assertRegExp("/.NET &lt; Java/", $stringToCheck);
}
}

32
workflow/engine/classes/Cases.php
View File

@@ -5612,30 +5612,30 @@ class Cases
/** /**
* This function send an email for each task in $arrayTask if $to is definded * This function send an email for each task in $arrayTask if $to is definded
* *
* @param array $dataLastEmail * @param $dataLastEmail
* @param array $arrayData * @param $arrayData
* @param array $arrayTask * @param $arrayTask
* @return void * @return void
* *
* @see \Cases->sendNotifications() * @see \Cases->sendNotifications()
*/ */
public function sendMessage($dataLastEmail, $arrayData, $arrayTask) public function sendMessage($dataLastEmail, $arrayData, $arrayTask)
{ {
foreach ($arrayTask as $theTask) { foreach ($arrayTask as $aTask) {
//Check and fix if Task Id is complex //Check and fix if Task Id is complex
if (strpos($theTask['TAS_UID'], "/") !== false) { if (strpos($aTask['TAS_UID'], "/") !== false) {
$aux = explode("/", $theTask['TAS_UID']); $aux = explode("/", $aTask['TAS_UID']);
if (isset($aux[1])) { if (isset($aux[1])) {
$theTask['TAS_UID'] = $aux[1]; $aTask['TAS_UID'] = $aux[1];
} }
} }
//if the next is EOP dont send notification and continue with the next //if the next is EOP dont send notification and continue with the next
if ($theTask['TAS_UID'] === '-1') { if ($aTask['TAS_UID'] === '-1') {
continue; continue;
} }
if (isset($theTask['DEL_INDEX'])) { if (isset($aTask['DEL_INDEX'])) {
$arrayData2 = $arrayData; $arrayData2 = $arrayData;
$appDelegation = AppDelegationPeer::retrieveByPK($dataLastEmail['applicationUid'], $theTask['DEL_INDEX']); $appDelegation = AppDelegationPeer::retrieveByPK($dataLastEmail['applicationUid'], $aTask['DEL_INDEX']);
if (!is_null($appDelegation)) { if (!is_null($appDelegation)) {
$oTaskUpd = new Task(); $oTaskUpd = new Task();
$aTaskUpdate = $oTaskUpd->load($appDelegation->getTasUid()); $aTaskUpdate = $oTaskUpd->load($appDelegation->getTasUid());
@@ -5646,25 +5646,25 @@ class Cases
$arrayData2 = $arrayData; $arrayData2 = $arrayData;
} }
if (isset($theTask['USR_UID']) && !empty($theTask['USR_UID'])) { if (isset($aTask['USR_UID']) && !empty($aTask['USR_UID'])) {
$user = new \ProcessMaker\BusinessModel\User(); $user = new \ProcessMaker\BusinessModel\User();
$arrayUserData = $user->getUser($theTask['USR_UID'], true); $arrayUserData = $user->getUser($aTask['USR_UID'], true);
$arrayData2 = \ProcessMaker\Util\DateTime::convertUtcToTimeZone($arrayData2, $arrayData2 = \ProcessMaker\Util\DateTime::convertUtcToTimeZone($arrayData2,
(trim($arrayUserData['USR_TIME_ZONE']) != '') ? trim($arrayUserData['USR_TIME_ZONE']) : (trim($arrayUserData['USR_TIME_ZONE']) != '') ? trim($arrayUserData['USR_TIME_ZONE']) :
\ProcessMaker\Util\System::getTimeZone()); \ProcessMaker\Util\System::getTimeZone());
} else { } else {
$arrayData2 = \ProcessMaker\Util\DateTime::convertUtcToTimeZone($arrayData2); $arrayData2 = \ProcessMaker\Util\DateTime::convertUtcToTimeZone($arrayData2);
} }
$body2 = G::replaceDataGridField($dataLastEmail['body'], $arrayData2, false, true); $body2 = G::replaceDataGridField($dataLastEmail['body'], $arrayData2, false);
$to = null; $to = null;
$cc = ''; $cc = '';
if ($theTask['TAS_UID'] != '-1') { if ($aTask['TAS_UID'] != '-1') {
$respTo = $this->getTo($theTask['TAS_UID'], $theTask['USR_UID'], $arrayData); $respTo = $this->getTo($aTask['TAS_UID'], $aTask['USR_UID'], $arrayData);
$to = $respTo['to']; $to = $respTo['to'];
$cc = $respTo['cc']; $cc = $respTo['cc'];
} }
if ($theTask["TAS_ASSIGN_TYPE"] === "SELF_SERVICE") { if ($aTask ["TAS_ASSIGN_TYPE"] === "SELF_SERVICE") {
if ($dataLastEmail['swtplDefault'] == 1) { if ($dataLastEmail['swtplDefault'] == 1) {
G::verifyPath($dataLastEmail['pathEmail'], true); // Create if it does not exist G::verifyPath($dataLastEmail['pathEmail'], true); // Create if it does not exist
$fileTemplate = $dataLastEmail['pathEmail'] . G::LoadTranslation('ID_UNASSIGNED_MESSAGE'); $fileTemplate = $dataLastEmail['pathEmail'] . G::LoadTranslation('ID_UNASSIGNED_MESSAGE');

2
workflow/engine/classes/WsBase.php
View File

@@ -990,7 +990,7 @@ class WsBase
$subject, $subject,
G::buildFrom($setup, $from), G::buildFrom($setup, $from),
$to, $to,
G::replaceDataGridField(file_get_contents($fileTemplate), $fieldsCase, false, true), G::replaceDataGridField(file_get_contents($fileTemplate), $fieldsCase, false),
$cc, $cc,
$bcc, $bcc,
'', '',

102
workflow/engine/classes/model/OutputDocument.php
View File

@@ -508,29 +508,20 @@ class OutputDocument extends BaseOutputDocument
} }
} }
/** /*
* Generate the output document * Generate the output document
* * @param string $sUID
* @param string $outDocUid * @param array $aFields
* @param array $caseFields * @param string $sPath
* @param string $path * @return variant
* @param string $filename
* @param string $content
* @param bool $landscape
* @param string $typeDocsToGen
* @param array $properties
*
* @return mixed
*
* @see workflow/engine/methods/cases/cases_Step.php
* @see workflow/engine/classes/class.pmFunctions.php:PMFGenerateOutputDocument()
*/ */
public function generate($outDocUid, $caseFields, $path, $filename, $content, $landscape = false, $typeDocsToGen = 'BOTH', $properties = [])
{
if (($outDocUid != '') && is_array($caseFields) && ($path != '')) {
$content = G::replaceDataGridField($content, $caseFields, true, true);
if (strpos($content, '<!---{') !== false) { public function generate($sUID, $aFields, $sPath, $sFilename, $sContent, $sLandscape = false, $sTypeDocToGener = 'BOTH', $aProperties = array())
{
if (($sUID != '') && is_array($aFields) && ($sPath != '')) {
$sContent = G::replaceDataGridField($sContent, $aFields);
if (strpos($sContent, '<!---{') !== false) {
$template = new Smarty(); $template = new Smarty();
$template->compile_dir = PATH_SMARTY_C; $template->compile_dir = PATH_SMARTY_C;
$template->cache_dir = PATH_SMARTY_CACHE; $template->cache_dir = PATH_SMARTY_CACHE;
@@ -538,20 +529,20 @@ class OutputDocument extends BaseOutputDocument
$template->caching = false; $template->caching = false;
$template->left_delimiter = '<!---{'; $template->left_delimiter = '<!---{';
$template->right_delimiter = '}--->'; $template->right_delimiter = '}--->';
$fp = fopen($path . $filename . '_smarty.html', 'wb'); $oFile = fopen($sPath . $sFilename . '_smarty.html', 'wb');
fwrite($fp, $content); fwrite($oFile, $sContent);
fclose($fp); fclose($oFile);
$template->templateFile = $path . $filename . '_smarty.html'; $template->templateFile = $sPath . $sFilename . '_smarty.html';
//assign the variables and use the template $template //assign the variables and use the template $template
$template->assign($caseFields); $template->assign($aFields);
$content = $template->fetch($template->templateFile); $sContent = $template->fetch($template->templateFile);
unlink($template->templateFile); unlink($template->templateFile);
} }
G::verifyPath($path, true); G::verifyPath($sPath, true);
//Start - Create .doc //Start - Create .doc
$fp = fopen($path . $filename . '.doc', 'wb'); $oFile = fopen($sPath . $sFilename . '.doc', 'wb');
$size = []; $size = [];
$size["Letter"] = "216mm 279mm"; $size["Letter"] = "216mm 279mm";
@@ -575,7 +566,6 @@ class OutputDocument extends BaseOutputDocument
$size["Screenshot800"] = "800mm 600mm"; $size["Screenshot800"] = "800mm 600mm";
$size["Screenshot1024"] = "1024mm 768mm"; $size["Screenshot1024"] = "1024mm 768mm";
$sizeLandscape = [];
$sizeLandscape["Letter"] = "279mm 216mm"; $sizeLandscape["Letter"] = "279mm 216mm";
$sizeLandscape["Legal"] = "357mm 216mm"; $sizeLandscape["Legal"] = "357mm 216mm";
$sizeLandscape["Executive"] = "267mm 184mm"; $sizeLandscape["Executive"] = "267mm 184mm";
@@ -597,41 +587,41 @@ class OutputDocument extends BaseOutputDocument
$sizeLandscape["Screenshot800"] = "600mm 800mm"; $sizeLandscape["Screenshot800"] = "600mm 800mm";
$sizeLandscape["Screenshot1024"] = "768mm 1024mm"; $sizeLandscape["Screenshot1024"] = "768mm 1024mm";
if (!isset($properties['media'])) { if (!isset($aProperties['media'])) {
$properties['media'] = 'Letter'; $aProperties['media'] = 'Letter';
} }
if ($landscape) { if ($sLandscape) {
$media = $sizeLandscape[$properties['media']]; $media = $sizeLandscape[$aProperties['media']];
} else { } else {
$media = $size[$properties['media']]; $media = $size[$aProperties['media']];
} }
$marginLeft = '15'; $marginLeft = '15';
if (isset($properties['margins']['left'])) { if (isset($aProperties['margins']['left'])) {
$marginLeft = $properties['margins']['left']; $marginLeft = $aProperties['margins']['left'];
} }
$marginRight = '15'; $marginRight = '15';
if (isset($properties['margins']['right'])) { if (isset($aProperties['margins']['right'])) {
$marginRight = $properties['margins']['right']; $marginRight = $aProperties['margins']['right'];
} }
$marginTop = '15'; $marginTop = '15';
if (isset($properties['margins']['top'])) { if (isset($aProperties['margins']['top'])) {
$marginTop = $properties['margins']['top']; $marginTop = $aProperties['margins']['top'];
} }
$marginBottom = '15'; $marginBottom = '15';
if (isset($properties['margins']['bottom'])) { if (isset($aProperties['margins']['bottom'])) {
$marginBottom = $properties['margins']['bottom']; $marginBottom = $aProperties['margins']['bottom'];
} }
fwrite($fp, '<html xmlns:v="urn:schemas-microsoft-com:vml" fwrite($oFile, '<html xmlns:v="urn:schemas-microsoft-com:vml"
xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:o="urn:schemas-microsoft-com:office:office"
xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:w="urn:schemas-microsoft-com:office:word"
xmlns="http://www.w3.org/TR/REC-html40"> xmlns="http://www.w3.org/TR/REC-html40">
@@ -677,31 +667,31 @@ class OutputDocument extends BaseOutputDocument
<body> <body>
<div class=WordSection1>'); <div class=WordSection1>');
fwrite($fp, $content); fwrite($oFile, $sContent);
fwrite($fp, "\n</div></body></html>\n\n"); fwrite($oFile, "\n</div></body></html>\n\n");
fclose($fp); fclose($oFile);
/* End - Create .doc */ /* End - Create .doc */
if ($typeDocsToGen == 'BOTH' || $typeDocsToGen == 'PDF') { if ($sTypeDocToGener == 'BOTH' || $sTypeDocToGener == 'PDF') {
$fp = fopen($path . $filename . '.html', 'wb'); $oFile = fopen($sPath . $sFilename . '.html', 'wb');
fwrite($fp, $content); fwrite($oFile, $sContent);
fclose($fp); fclose($oFile);
/* Start - Create .pdf */ /* Start - Create .pdf */
if (isset($properties['report_generator'])) { if (isset($aProperties['report_generator'])) {
switch ($properties['report_generator']) { switch ($aProperties['report_generator']) {
case 'TCPDF': case 'TCPDF':
$this->generateTcpdf($outDocUid, $caseFields, $path, $filename, $content, $landscape, $properties); $this->generateTcpdf($sUID, $aFields, $sPath, $sFilename, $sContent, $sLandscape, $aProperties);
break; break;
case 'HTML2PDF': case 'HTML2PDF':
default: default:
$this->generateHtml2ps_pdf($outDocUid, $caseFields, $path, $filename, $content, $landscape, $properties); $this->generateHtml2ps_pdf($sUID, $aFields, $sPath, $sFilename, $sContent, $sLandscape, $aProperties);
break; break;
} }
} else { } else {
$this->generateHtml2ps_pdf($outDocUid, $caseFields, $path, $filename, $content, $landscape, $properties); $this->generateHtml2ps_pdf($sUID, $aFields, $sPath, $sFilename, $sContent, $sLandscape, $aProperties);
} }
} }
//end if $typeDocsToGen //end if $sTypeDocToGener
/* End - Create .pdf */ /* End - Create .pdf */
} else { } else {
return PEAR::raiseError( return PEAR::raiseError(

98
workflow/engine/src/ProcessMaker/BusinessModel/Cases/OutputDocument.php
View File

@@ -1,9 +1,6 @@
<?php <?php
namespace ProcessMaker\BusinessModel\Cases; namespace ProcessMaker\BusinessModel\Cases;
use G;
use OutputDocument as ClassesOutputDocument;
use PEAR;
use ProcessMaker\Core\System; use ProcessMaker\Core\System;
use ProcessMaker\Plugins\PluginRegistry; use ProcessMaker\Plugins\PluginRegistry;
@@ -595,31 +592,21 @@ class OutputDocument
} }
} }
/** /*
* Generate the output document * Generate the output document
* * @param string $sUID
* @param string $outDocUid * @param array $aFields
* @param array $caseFields * @param string $sPath
* @param string $path * @return variant
* @param string $filename
* @param string $content
* @param bool $landscape
* @param string $typeDocsToGen
* @param array $properties
* @param string $application
*
* @return mixed
*
* @see this->addCasesOutputDocument()
*/ */
public function generate($outDocUid, $caseFields, $path, $filename, $content, $landscape = false, $typeDocsToGen = 'BOTH', $properties = [], $application = '') public function generate($sUID, $aFields, $sPath, $sFilename, $sContent, $sLandscape = false, $sTypeDocToGener = 'BOTH', $aProperties = array(), $sApplication)
{ {
if (($outDocUid != '') && is_array($caseFields) && ($path != '')) { if (($sUID != '') && is_array($aFields) && ($sPath != '')) {
$content = G::replaceDataGridField($content, $caseFields, true, true); $sContent = \G::replaceDataGridField($sContent, $aFields);
G::verifyPath($path, true); \G::verifyPath($sPath, true);
//Start - Create .doc //Start - Create .doc
$fp = fopen($path . $filename . '.doc', 'wb'); $oFile = fopen($sPath . $sFilename . '.doc', 'wb');
$size = []; $size = array();
$size["Letter"] = "216mm 279mm"; $size["Letter"] = "216mm 279mm";
$size["Legal"] = "216mm 357mm"; $size["Legal"] = "216mm 357mm";
$size["Executive"] = "184mm 267mm"; $size["Executive"] = "184mm 267mm";
@@ -640,7 +627,6 @@ class OutputDocument
$size["Screenshot640"] = "640mm 480mm"; $size["Screenshot640"] = "640mm 480mm";
$size["Screenshot800"] = "800mm 600mm"; $size["Screenshot800"] = "800mm 600mm";
$size["Screenshot1024"] = "1024mm 768mm"; $size["Screenshot1024"] = "1024mm 768mm";
$sizeLandscape = [];
$sizeLandscape["Letter"] = "279mm 216mm"; $sizeLandscape["Letter"] = "279mm 216mm";
$sizeLandscape["Legal"] = "357mm 216mm"; $sizeLandscape["Legal"] = "357mm 216mm";
$sizeLandscape["Executive"] = "267mm 184mm"; $sizeLandscape["Executive"] = "267mm 184mm";
@@ -661,31 +647,31 @@ class OutputDocument
$sizeLandscape["Screenshot640"] = "480mm 640mm"; $sizeLandscape["Screenshot640"] = "480mm 640mm";
$sizeLandscape["Screenshot800"] = "600mm 800mm"; $sizeLandscape["Screenshot800"] = "600mm 800mm";
$sizeLandscape["Screenshot1024"] = "768mm 1024mm"; $sizeLandscape["Screenshot1024"] = "768mm 1024mm";
if (!isset($properties['media'])) { if (!isset($aProperties['media'])) {
$properties['media'] = 'Letter'; $aProperties['media'] = 'Letter';
} }
if ($landscape) { if ($sLandscape) {
$media = $sizeLandscape[$properties['media']]; $media = $sizeLandscape[$aProperties['media']];
} else { } else {
$media = $size[$properties['media']]; $media = $size[$aProperties['media']];
} }
$marginLeft = '15'; $marginLeft = '15';
if (isset($properties['margins']['left'])) { if (isset($aProperties['margins']['left'])) {
$marginLeft = $properties['margins']['left']; $marginLeft = $aProperties['margins']['left'];
} }
$marginRight = '15'; $marginRight = '15';
if (isset($properties['margins']['right'])) { if (isset($aProperties['margins']['right'])) {
$marginRight = $properties['margins']['right']; $marginRight = $aProperties['margins']['right'];
} }
$marginTop = '15'; $marginTop = '15';
if (isset($properties['margins']['top'])) { if (isset($aProperties['margins']['top'])) {
$marginTop = $properties['margins']['top']; $marginTop = $aProperties['margins']['top'];
} }
$marginBottom = '15'; $marginBottom = '15';
if (isset($properties['margins']['bottom'])) { if (isset($aProperties['margins']['bottom'])) {
$marginBottom = $properties['margins']['bottom']; $marginBottom = $aProperties['margins']['bottom'];
} }
fwrite($fp, '<html xmlns:v="urn:schemas-microsoft-com:vml" fwrite($oFile, '<html xmlns:v="urn:schemas-microsoft-com:vml"
xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:o="urn:schemas-microsoft-com:office:office"
xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:w="urn:schemas-microsoft-com:office:word"
xmlns="http://www.w3.org/TR/REC-html40"> xmlns="http://www.w3.org/TR/REC-html40">
@@ -730,40 +716,40 @@ class OutputDocument
</head> </head>
<body> <body>
<div class=WordSection1>'); <div class=WordSection1>');
fwrite($fp, $content); fwrite($oFile, $sContent);
fwrite($fp, "\n</div></body></html>\n\n"); fwrite($oFile, "\n</div></body></html>\n\n");
fclose($fp); fclose($oFile);
/* End - Create .doc */ /* End - Create .doc */
if ($typeDocsToGen == 'BOTH' || $typeDocsToGen == 'PDF') { if ($sTypeDocToGener == 'BOTH' || $sTypeDocToGener == 'PDF') {
$fp = fopen($path . $filename . '.html', 'wb'); $oFile = fopen($sPath . $sFilename . '.html', 'wb');
fwrite($fp, $content); fwrite($oFile, $sContent);
fclose($fp); fclose($oFile);
/* Start - Create .pdf */ /* Start - Create .pdf */
if (isset($properties['report_generator'])) { if (isset($aProperties['report_generator'])) {
switch ($properties['report_generator']) { switch ($aProperties['report_generator']) {
case 'TCPDF': case 'TCPDF':
$o = new ClassesOutputDocument(); $o = new \OutputDocument();
if (strlen($content) == 0) { if (strlen($sContent) == 0) {
libxml_use_internal_errors(true); libxml_use_internal_errors(true);
$o->generateTcpdf($outDocUid, $caseFields, $path, $filename, ' ', $landscape, $properties); $o->generateTcpdf($sUID, $aFields, $sPath, $sFilename, ' ', $sLandscape, $aProperties);
libxml_use_internal_errors(false); libxml_use_internal_errors(false);
} else { } else {
$o->generateTcpdf($outDocUid, $caseFields, $path, $filename, $content, $landscape, $properties); $o->generateTcpdf($sUID, $aFields, $sPath, $sFilename, $sContent, $sLandscape, $aProperties);
} }
break; break;
case 'HTML2PDF': case 'HTML2PDF':
default: default:
$this->generateHtml2ps_pdf($outDocUid, $caseFields, $path, $filename, $content, $landscape, $properties, $application); $this->generateHtml2ps_pdf($sUID, $aFields, $sPath, $sFilename, $sContent, $sLandscape, $aProperties, $sApplication);
break; break;
} }
} else { } else {
$this->generateHtml2ps_pdf($outDocUid, $caseFields, $path, $filename, $content, $landscape, $properties); $this->generateHtml2ps_pdf($sUID, $aFields, $sPath, $sFilename, $sContent, $sLandscape, $aProperties);
} }
} }
//end if $typeDocsToGen //end if $sTypeDocToGener
/* End - Create .pdf */ /* End - Create .pdf */
} else { } else {
return PEAR::raiseError( return \PEAR::raiseError(
null, null,
G_ERROR_USER_UID, G_ERROR_USER_UID,
null, null,

27
workflow/engine/src/ProcessMaker/Util/helpers.php
View File

@@ -485,33 +485,6 @@ function csrfToken()
return isset($_SESSION['USR_CSRF_TOKEN']) ? $_SESSION['USR_CSRF_TOKEN'] : ''; return isset($_SESSION['USR_CSRF_TOKEN']) ? $_SESSION['USR_CSRF_TOKEN'] : '';
} }
/**
* Check if a string is a valid HTML code
*
* @param string $string
*
* @return bool
*
* @see G::replaceDataField()
*/
function stringIsValidHtml($string)
{
// To validate we use the DOMDocument class
$doc = new DOMDocument('1.0', 'UTF-8');
// Clean previous errors
libxml_clear_errors();
// This line have to be silenced because if the string is not an HTML a Warning is displayed
@$doc->loadHTML($string);
// Get last error parsing the HTML
$libXmlError = libxml_get_last_error();
// If the attribute "textContent" is empty or exists libxml errors, is not a valid HTML
return $doc->textContent !== '' && empty($libXmlError);
}
// Methods deleted in PHP 7.x, added in this file in order to keep compatibility with old libraries included/used in ProcessMaker // Methods deleted in PHP 7.x, added in this file in order to keep compatibility with old libraries included/used in ProcessMaker
if (!function_exists('set_magic_quotes_runtime')) { if (!function_exists('set_magic_quotes_runtime')) {
function set_magic_quotes_runtime($value) { function set_magic_quotes_runtime($value) {