diff --git a/config/customMimeTypes.php b/config/customMimeTypes.php index 2469474e3..c78f3e0fa 100644 --- a/config/customMimeTypes.php +++ b/config/customMimeTypes.php @@ -22,6 +22,7 @@ return [ 'pptx' => 'application/vnd.openxmlformats-officedocument.presentationml.presentation', 'pm' => 'text/plain', 'pmt' => 'text/plain', + 'pmx' => 'application/xml', 'po' => 'text/x-po', 'pdf' => 'application/pdf', 'png' => 'image/png', diff --git a/workflow/engine/controllers/pmTablesProxy.php b/workflow/engine/controllers/pmTablesProxy.php index 4507ea2ff..798271ccd 100644 --- a/workflow/engine/controllers/pmTablesProxy.php +++ b/workflow/engine/controllers/pmTablesProxy.php @@ -8,7 +8,7 @@ */ use ProcessMaker\Core\System; -use ProcessMaker\Validation\Exception429; +use ProcessMaker\Validation\ExceptionRestApi; use ProcessMaker\Validation\ValidationUploadedFiles; header("Content-type: text/html;charset=utf-8"); @@ -726,7 +726,7 @@ class pmTablesProxy extends HttpProxyController try { ValidationUploadedFiles::getValidationUploadedFiles()->dispach(function($validator) { - throw new Exception429($validator->getMessage()); + throw new ExceptionRestApi($validator->getMessage()); }); $result = new stdClass(); $errors = ''; @@ -896,7 +896,7 @@ class pmTablesProxy extends HttpProxyController } $result->message = $msg; - } catch (Exception429 $e) { + } catch (ExceptionRestApi $e) { $result = new stdClass(); $result->success = false; $result->errorType = 'notice'; diff --git a/workflow/engine/methods/enterprise/addonsStoreAction.php b/workflow/engine/methods/enterprise/addonsStoreAction.php index 7197606cb..05ff152dd 100644 --- a/workflow/engine/methods/enterprise/addonsStoreAction.php +++ b/workflow/engine/methods/enterprise/addonsStoreAction.php @@ -2,7 +2,7 @@ use ProcessMaker\Core\System; use ProcessMaker\Plugins\PluginRegistry; -use ProcessMaker\Validation\Exception429; +use ProcessMaker\Validation\ExceptionRestApi; use ProcessMaker\Validation\ValidationUploadedFiles; function runBgProcessmaker($task, $log) @@ -19,7 +19,7 @@ function runBgProcessmaker($task, $log) try { ValidationUploadedFiles::getValidationUploadedFiles()->dispach(function($validator) { - throw new Exception429($validator->getMessage()); + throw new ExceptionRestApi($validator->getMessage()); }); if (isset($_REQUEST["action"])) { $action = $_REQUEST["action"]; @@ -317,7 +317,7 @@ try { $result["addons"] = array(); } G::outRes(G::json_encode($result)); -} catch (Exception429 $e) { +} catch (ExceptionRestApi $e) { $token = strtotime("now"); PMException::registerErrorLog($e, $token); G::outRes( diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Light.php b/workflow/engine/src/ProcessMaker/BusinessModel/Light.php index fda4a306e..6013a824d 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Light.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Light.php @@ -32,6 +32,8 @@ use ProcessMaker\Core\RoutingScreen; use ProcessMaker\Core\System; use ProcessMaker\Services\Api\Project\Activity\Step as ActivityStep; use ProcessMaker\Util\DateTime; +use ProcessMaker\Validation\ExceptionRestApi; +use ProcessMaker\Validation\Validator; use ProcessPeer; use Propel; use RBAC; @@ -1061,7 +1063,7 @@ class Light * * @throws Exception */ - public function documentUploadFiles($userUid, $app_uid, $app_doc_uid, $request_data) + public function documentUploadFiles($userUid, $app_uid, $app_doc_uid) { $response = array("status" => "fail"); if (isset($_FILES["form"]["name"]) && count($_FILES["form"]["name"]) > 0) { @@ -1097,6 +1099,58 @@ class Light } } if (count($arrayField) > 0) { + //rule validation + $appDocument = new AppDocument(); + $appDocument->load($app_doc_uid); + $inputDocument = new InputDocument(); + $ifInputExist = $inputDocument->InputExists($appDocument->getDocUid()); + if ($ifInputExist) { + $inputProperties = $inputDocument->load($appDocument->getDocUid()); + $inpDocTypeFile = $inputProperties['INP_DOC_TYPE_FILE']; + $inpDocMaxFilesize = (int) $inputProperties["INP_DOC_MAX_FILESIZE"]; + $inpDocMaxFilesizeUnit = $inputProperties["INP_DOC_MAX_FILESIZE_UNIT"]; + } + + for ($i = 0; $ifInputExist && $i < count($arrayField); $i++) { + $file = [ + 'filename' => $arrayFileName[$i], + 'path' => $arrayFileTmpName[$i] + ]; + $validator = new Validator(); + //rule: extension + $validator->addRule() + ->validate($file, function($file) use($inpDocTypeFile) { + $result = G::verifyInputDocExtension($inpDocTypeFile, $file->filename, $file->path); + return $result->status === false; + }) + ->status(415) + ->message(G::LoadTranslation('ID_UPLOAD_ERR_NOT_ALLOWED_EXTENSION')) + ->log(function($rule) { + Bootstrap::registerMonologPhpUploadExecution('phpUpload', 250, $rule->getMessage(), $rule->getData()->filename); + }); + + //rule: maximum file size + $validator->addRule() + ->validate($file, function($file) use($inpDocMaxFilesize, $inpDocMaxFilesizeUnit) { + if ($inpDocMaxFilesize > 0) { + $totalMaxFileSize = $inpDocMaxFilesize * ($inpDocMaxFilesizeUnit == "MB" ? 1024 * 1024 : 1024); + $fileSize = filesize($file->path); + if ($fileSize > $totalMaxFileSize) { + return true; + } + } + return false; + }) + ->status(413) + ->message(G::LoadTranslation("ID_SIZE_VERY_LARGE_PERMITTED")) + ->log(function($rule) { + Bootstrap::registerMonologPhpUploadExecution('phpUpload', 250, $rule->getMessage(), $rule->getData()->filename); + }); + $validator->validate(); + if ($validator->fails()) { + throw new ExceptionRestApi($validator->getMessage(), $validator->getStatus()); + } + } for ($i = 0; $i <= count($arrayField) - 1; $i++) { if ($arrayFileError[$i] == 0) { $indocUid = null; diff --git a/workflow/engine/src/ProcessMaker/Services/Api/Light.php b/workflow/engine/src/ProcessMaker/Services/Api/Light.php index 7dec46cf7..9f4233246 100644 --- a/workflow/engine/src/ProcessMaker/Services/Api/Light.php +++ b/workflow/engine/src/ProcessMaker/Services/Api/Light.php @@ -23,7 +23,7 @@ use ProcessMaker\Project\Adapter; use ProcessMaker\Services\Api; use ProcessMaker\Services\Api\Project\Activity\Step; use ProcessMaker\Util\DateTime; -use ProcessMaker\Validation\Exception429; +use ProcessMaker\Validation\ExceptionRestApi; use RBAC; use stdclass; use StepPeer; @@ -1467,8 +1467,8 @@ class Light extends Api $userUid = $this->getUserId(); $oMobile = new BusinessModelLight(); $filesUids = $oMobile->postUidUploadFiles($userUid, $app_uid, $request_data); - } catch (Exception429 $e) { - throw new RestException($e->getStatus()); + } catch (ExceptionRestApi $e) { + throw new RestException($e->getCode(), $e->getMessage()); } catch (Exception $e) { throw new RestException(Api::STAT_APP_EXCEPTION, $e->getMessage()); } @@ -1502,9 +1502,9 @@ class Light extends Api try { $userUid = $this->getUserId(); $oMobile = new BusinessModelLight(); - $response = $oMobile->documentUploadFiles($userUid, $app_uid, $app_doc_uid, $request_data); - } catch (Exception429 $e) { - throw new RestException($e->getStatus()); + $response = $oMobile->documentUploadFiles($userUid, $app_uid, $app_doc_uid); + } catch (ExceptionRestApi $e) { + throw new RestException($e->getCode(), $e->getMessage()); } catch (Exception $e) { throw (new RestException(Api::STAT_APP_EXCEPTION, $e->getMessage())); } diff --git a/workflow/engine/src/ProcessMaker/Services/Api/Project/FilesManager.php b/workflow/engine/src/ProcessMaker/Services/Api/Project/FilesManager.php index 876cd15cd..55c22fb9d 100644 --- a/workflow/engine/src/ProcessMaker/Services/Api/Project/FilesManager.php +++ b/workflow/engine/src/ProcessMaker/Services/Api/Project/FilesManager.php @@ -5,7 +5,7 @@ use Exception; use Luracast\Restler\RestException; use ProcessMaker\BusinessModel\FilesManager as FilesManagerBusinessModel; use ProcessMaker\Services\Api; -use ProcessMaker\Validation\Exception429; +use ProcessMaker\Validation\ExceptionRestApi; /** * Project\ProjectUsers Api Controller @@ -64,8 +64,8 @@ class FilesManager extends Api $arrayData = $filesManager->addProcessFilesManager($prj_uid, $userUid, $request_data); //Response $response = $arrayData; - } catch (Exception429 $e) { - throw new RestException($e->getStatus()); + } catch (ExceptionRestApi $e) { + throw new RestException($e->getCode(), $e->getMessage()); } catch (Exception $e) { //response throw new RestException(Api::STAT_APP_EXCEPTION, $e->getMessage()); @@ -94,8 +94,8 @@ class FilesManager extends Api $sData = $filesManager->uploadProcessFilesManager($prj_uid, $prf_uid); //Response $response = $sData; - } catch (Exception429 $e) { - throw new RestException($e->getStatus()); + } catch (ExceptionRestApi $e) { + throw new RestException($e->getCode(), $e->getMessage()); } catch (Exception $e) { //response throw new RestException(Api::STAT_APP_EXCEPTION, $e->getMessage()); diff --git a/workflow/engine/src/ProcessMaker/Validation/Exception429.php b/workflow/engine/src/ProcessMaker/Validation/Exception429.php deleted file mode 100644 index 200844d39..000000000 --- a/workflow/engine/src/ProcessMaker/Validation/Exception429.php +++ /dev/null @@ -1,23 +0,0 @@ -status; - } -} diff --git a/workflow/engine/src/ProcessMaker/Validation/ExceptionRestApi.php b/workflow/engine/src/ProcessMaker/Validation/ExceptionRestApi.php new file mode 100644 index 000000000..e781a81c6 --- /dev/null +++ b/workflow/engine/src/ProcessMaker/Validation/ExceptionRestApi.php @@ -0,0 +1,10 @@ +