From 4e1f891e281d01fd31f19018708ced55b27ae640 Mon Sep 17 00:00:00 2001 From: Roly Rudy Gutierrez Pinto Date: Tue, 10 Oct 2017 10:06:23 -0400 Subject: [PATCH 01/10] HOR-3961 --- .../src/ProcessMaker/Services/Api/Project.php | 32 ++----------------- 1 file changed, 3 insertions(+), 29 deletions(-) diff --git a/workflow/engine/src/ProcessMaker/Services/Api/Project.php b/workflow/engine/src/ProcessMaker/Services/Api/Project.php index 859e40511..10e54bf4c 100644 --- a/workflow/engine/src/ProcessMaker/Services/Api/Project.php +++ b/workflow/engine/src/ProcessMaker/Services/Api/Project.php @@ -16,12 +16,10 @@ use ProcessMaker\Project\Adapter\BpmnWorkflow; use Exception; /** - * Class Project - * * @package Services\Api\ProcessMaker - * @author Erik Amaru Ortiz - * * @protected + * @access protected + * @class AccessControl {@permission PM_FACTORY} */ class Project extends Api { @@ -53,7 +51,6 @@ class Project extends Api /** * @url GET /:prj_uid - * * @param string $prj_uid {@min 32}{@max 32} */ public function doGetProject($prj_uid) @@ -75,10 +72,6 @@ class Project extends Api * * @param string $prj_name * @param array $request_data - * - * @author Brayan Pereyra (Cochalo) - * @copyright Colosa - Bolivia - * * @url POST * @status 201 */ @@ -97,7 +90,6 @@ class Project extends Api /** * @url PUT /:prj_uid - * * @param string $prj_uid {@min 32}{@max 32} */ public function doPutProject($prj_uid, $request_data) @@ -141,11 +133,10 @@ class Project extends Api /** * Bulk actions + * * @url POST /bulk - * * @access protected * @class AccessControl {@permission PM_FACTORY} - * * @param array $request_data * @return array $response * @throws Exception @@ -162,7 +153,6 @@ class Project extends Api /** * @url GET /:prj_uid/export/listObjects - * * @param string $prj_uid {@min 32}{@max 32} * @return mixed|string * @throws RestException @@ -180,7 +170,6 @@ class Project extends Api /** * @url GET /:prj_uid/export-granular - * * @param string $prj_uid {@min 32}{@max 32} * @param string $objects */ @@ -203,7 +192,6 @@ class Project extends Api /** * @url GET /:prj_uid/export - * * @param string $prj_uid {@min 32}{@max 32} */ public function export($prj_uid) @@ -230,9 +218,7 @@ class Project extends Api /** * @url POST /import - * * @param array $request_data - * * @status 201 */ public function doPostImport(array $request_data, $option = null, $option_group = null) @@ -260,7 +246,6 @@ class Project extends Api /** * @url POST /save-as - * * @param string $prj_uid {@from body} * @param string $prj_name {@from body} * @param string $prj_description {@from body} @@ -274,7 +259,6 @@ class Project extends Api /** * @url GET /:prj_uid/process - * * @param string $prj_uid {@min 32}{@max 32} */ public function doGetProcess($prj_uid) @@ -295,7 +279,6 @@ class Project extends Api /** * @url PUT /:prj_uid/process - * * @param string $prj_uid {@min 32}{@max 32} * @param array $request_data */ @@ -315,9 +298,7 @@ class Project extends Api /** * @url POST /generate-bpmn - * * @param array $request_data - * * @status 201 */ public function doPostGenerateBpmn(array $request_data) @@ -353,7 +334,6 @@ class Project extends Api /** * @url GET /:prj_uid/dynaforms - * * @param string $prj_uid {@min 32}{@max 32} */ public function doGetDynaForms($prj_uid) @@ -373,7 +353,6 @@ class Project extends Api /** * @url GET /:prj_uid/input-documents - * * @param string $prj_uid {@min 32}{@max 32} */ public function doGetInputDocuments($prj_uid) @@ -393,7 +372,6 @@ class Project extends Api /** * @url GET /:prj_uid/variables - * * @param string $prj_uid {@min 32}{@max 32} */ public function doGetVariables($prj_uid) @@ -414,7 +392,6 @@ class Project extends Api /** * @url GET /:prj_uid/grid/variables * @url GET /:prj_uid/grid/:grid_uid/variables - * * @param string $prj_uid {@min 32}{@max 32} * @param string $grid_uid */ @@ -435,7 +412,6 @@ class Project extends Api /** * @url GET /:prj_uid/trigger-wizards - * * @param string $prj_uid {@min 32}{@max 32} */ public function doGetTriggerWizards($prj_uid) @@ -455,7 +431,6 @@ class Project extends Api /** * @url PUT /:prj_uid/update-route-order - * * @param string $prj_uid {@min 32}{@max 32} */ public function doPutUpdateRouteOrder($prj_uid, $request_data) @@ -471,7 +446,6 @@ class Project extends Api /** * @url PUT /:prj_uid/update-route-order-from-project - * * @param string $prj_uid {@min 32}{@max 32} */ public function doPutUpdateRouteOrderFromProject($prj_uid) From e85be7412e95be1ea9ac78ecaf4f58c2ad182ac2 Mon Sep 17 00:00:00 2001 From: Paula Quispe Date: Tue, 10 Oct 2017 12:20:01 -0400 Subject: [PATCH 02/10] HOR-3969 --- workflow/engine/config/mobileios.pem | 129 ++++++++++++++++++--------- 1 file changed, 85 insertions(+), 44 deletions(-) diff --git a/workflow/engine/config/mobileios.pem b/workflow/engine/config/mobileios.pem index f8b631977..bb56d7bda 100644 --- a/workflow/engine/config/mobileios.pem +++ b/workflow/engine/config/mobileios.pem @@ -1,20 +1,20 @@ -----BEGIN CERTIFICATE----- -MIIGVTCCBT2gAwIBAgIIXLYlpPfN6a8wDQYJKoZIhvcNAQELBQAwgZYxCzAJBgNV +MIIGVTCCBT2gAwIBAgIIC2XzArbAqykwDQYJKoZIhvcNAQELBQAwgZYxCzAJBgNV BAYTAlVTMRMwEQYDVQQKDApBcHBsZSBJbmMuMSwwKgYDVQQLDCNBcHBsZSBXb3Js ZHdpZGUgRGV2ZWxvcGVyIFJlbGF0aW9uczFEMEIGA1UEAww7QXBwbGUgV29ybGR3 aWRlIERldmVsb3BlciBSZWxhdGlvbnMgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw -HhcNMTYwOTIwMTczMTI2WhcNMTcxMDIwMTczMTI2WjCBqTEtMCsGCgmSJomT8ixk +HhcNMTcxMDA0MTM0MzMwWhcNMTgxMTAzMTM0MzMwWjCBqTEtMCsGCgmSJomT8ixk AQEMHWNvbS5wcm9jZXNzbWFrZXIuUHJvY2Vzc01ha2VyMTswOQYDVQQDDDJBcHBs ZSBQdXNoIFNlcnZpY2VzOiBjb20ucHJvY2Vzc21ha2VyLlByb2Nlc3NNYWtlcjET MBEGA1UECwwKOTQyUVA3UUpFOTEZMBcGA1UECgwQUHJvY2Vzc01ha2VyIEluYzEL -MAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDsX8rt -KIHrXR6KQpCRFVMOPEpPesTAVUQR5tYk1YdJv/b0MwwcfJk2tu7z8raIOnzm7/Su -FEFKzFGZBWwN9/yvSdmCcmhjm4UqKgaHErD+S5QsP0tkIZvBud776sNFkS0k0rx8 -xXYjCHVk7v2M0UEGadVbxmkZawAbbubyVjREGGjBe6kwTzRHEo2OUXtZkwCF8s6W -dd9SeS653Mn1estlDwqDl38uKF/rcl0Hfav3GP208FdxnPlK4KaCRwdBoTneOLHw -ndUlRmprM1wW0+7SEte+nNbGW4jnMJUTVEgOlUKsPQhsz0vY4JdYT/m9UOapLiQL -a4BlP23BEQDm1wBJAgMBAAGjggKQMIICjDAdBgNVHQ4EFgQUjRosATP+9HjdasRI -GTumZ1QGXaIwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBSIJxcJqbYYYIvs67r2 +MAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwQgZG +uKp6qEd1Uwgh0qmJLEFlMaIPjxkY+mGjbZyZys73oenLHgPwPukm+64oPdxs7UXl +ZifbWYU4rHbQDEkmOC4GyQU5n9s4zgNtgTqCpab3BuODA/1ffm2OullK1SHmS0cG +Cm8WC93SDa9nmF5xIaiUBbfOsZGcjUKM+MTn/5ETWoZEBUqlf5PKPGZ63/99Q/pj +UxNftY3LTE3o37GYATxFX/sIFtB98vB5hcTdt4zfXHzwisAtqQpkuWIGd5nULX5w +JzlAUjq4werqQhg/k/OAw7kL/JP/PDHpgrbCoO9BZTsAD8H21aZDZR1uDSFSa4H/ +2FeWj286U6Uu10XfAgMBAAGjggKQMIICjDAdBgNVHQ4EFgQUZtV15ABNLGW8Kjjp +yUaQl6f5eRowDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBSIJxcJqbYYYIvs67r2 R1nFUlSjtzCCARwGA1UdIASCARMwggEPMIIBCwYJKoZIhvdjZAUBMIH9MIHDBggr BgEFBQcCAjCBtgyBs1JlbGlhbmNlIG9uIHRoaXMgY2VydGlmaWNhdGUgYnkgYW55 IHBhcnR5IGFzc3VtZXMgYWNjZXB0YW5jZSBvZiB0aGUgdGhlbiBhcHBsaWNhYmxl @@ -27,44 +27,85 @@ BgoqhkiG92NkBgMBBAIFADAQBgoqhkiG92NkBgMCBAIFADCBoAYKKoZIhvdjZAYD BgSBkTCBjgwdY29tLnByb2Nlc3NtYWtlci5Qcm9jZXNzTWFrZXIwBQwDYXBwDCJj b20ucHJvY2Vzc21ha2VyLlByb2Nlc3NNYWtlci52b2lwMAYMBHZvaXAMKmNvbS5w cm9jZXNzbWFrZXIuUHJvY2Vzc01ha2VyLmNvbXBsaWNhdGlvbjAODAxjb21wbGlj -YXRpb24wDQYJKoZIhvcNAQELBQADggEBAIkizqjhmF+YyQJJDYGsqa6/mx9xeNAa -rUQj5n156drHN7YG579X2seI4NemlOU72jwyqZR4QJUaLukxQiVVA0vT6OUPbRN1 -iDBf24UhoYj9pQsluCbHK2bh2h7TrNF5bqU4vJ8d97F9eS0Q4zJUVqHlrxJLCcSU -UoAPxLwxXHcU9z2w7l57J+rEKdjs10rPis1kNiFkKAcF/LJy6qg6+IpEWYJH2Pml -R3sc26uxd9i83q9EjA6seMQIu3dTp3KoMlrvA3XvxXYlgQ0xHWpRmV7/dhF2J16F -nc8/Yh7yz0QI9nlTNBHDKvZbeJqANIyvf0i6GIjGE8B8cw883zIkgE4= +YXRpb24wDQYJKoZIhvcNAQELBQADggEBADLO70r/cMu7M2A1xNu356IBL4vOtGK7 +nKaAxnjt7aZB+qGTz9xzjH0sHKIefAtlTTSzUzcR/9+gprKt4cdmwgV0zWBpO0UU +7Nu0WreMJKKJ1COO26d8WywvaNdWWHH7+lksZBJFiqFcYvECu3CaMoe77PUqKrWy +R/7MhsHtTsMLz/IMATgMU32NTUs3qKElXjHwTOyE2c+n5VYNoDDMUpx//mbZ5K1B +zA12bA2lg5VLXq4yA9p2Xc2JBg647CXcMQdzPphQ/NZaetcfmE0F01FAF3dfhmmX +jbNoPanngYpPEUVR6kt4MpB/3SeBXgU3HPhBIo7vtfIwI0wT+QlB5bw= -----END CERTIFICATE----- Bag Attributes - friendlyName: ProcessMaker Production - localKeyID: 8D 1A 2C 01 33 FE F4 78 DD 6A C4 48 19 3B A6 67 54 06 5D A2 + friendlyName: Apple Push Services: com.processmaker.ProcessMaker + localKeyID: 66 D5 75 E4 00 4D 2C 65 BC 2A 38 E9 C9 46 90 97 A7 F9 79 1A +subject=/UID=com.processmaker.ProcessMaker/CN=Apple Push Services: com.processmaker.ProcessMaker/OU=942QP7QJE9/O=ProcessMaker Inc/C=US +issuer=/C=US/O=Apple Inc./OU=Apple Worldwide Developer Relations/CN=Apple Worldwide Developer Relations Certification Authority +-----BEGIN CERTIFICATE----- +MIIGVTCCBT2gAwIBAgIIC2XzArbAqykwDQYJKoZIhvcNAQELBQAwgZYxCzAJBgNV +BAYTAlVTMRMwEQYDVQQKDApBcHBsZSBJbmMuMSwwKgYDVQQLDCNBcHBsZSBXb3Js +ZHdpZGUgRGV2ZWxvcGVyIFJlbGF0aW9uczFEMEIGA1UEAww7QXBwbGUgV29ybGR3 +aWRlIERldmVsb3BlciBSZWxhdGlvbnMgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw +HhcNMTcxMDA0MTM0MzMwWhcNMTgxMTAzMTM0MzMwWjCBqTEtMCsGCgmSJomT8ixk +AQEMHWNvbS5wcm9jZXNzbWFrZXIuUHJvY2Vzc01ha2VyMTswOQYDVQQDDDJBcHBs +ZSBQdXNoIFNlcnZpY2VzOiBjb20ucHJvY2Vzc21ha2VyLlByb2Nlc3NNYWtlcjET +MBEGA1UECwwKOTQyUVA3UUpFOTEZMBcGA1UECgwQUHJvY2Vzc01ha2VyIEluYzEL +MAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwQgZG +uKp6qEd1Uwgh0qmJLEFlMaIPjxkY+mGjbZyZys73oenLHgPwPukm+64oPdxs7UXl +ZifbWYU4rHbQDEkmOC4GyQU5n9s4zgNtgTqCpab3BuODA/1ffm2OullK1SHmS0cG +Cm8WC93SDa9nmF5xIaiUBbfOsZGcjUKM+MTn/5ETWoZEBUqlf5PKPGZ63/99Q/pj +UxNftY3LTE3o37GYATxFX/sIFtB98vB5hcTdt4zfXHzwisAtqQpkuWIGd5nULX5w +JzlAUjq4werqQhg/k/OAw7kL/JP/PDHpgrbCoO9BZTsAD8H21aZDZR1uDSFSa4H/ +2FeWj286U6Uu10XfAgMBAAGjggKQMIICjDAdBgNVHQ4EFgQUZtV15ABNLGW8Kjjp +yUaQl6f5eRowDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBSIJxcJqbYYYIvs67r2 +R1nFUlSjtzCCARwGA1UdIASCARMwggEPMIIBCwYJKoZIhvdjZAUBMIH9MIHDBggr +BgEFBQcCAjCBtgyBs1JlbGlhbmNlIG9uIHRoaXMgY2VydGlmaWNhdGUgYnkgYW55 +IHBhcnR5IGFzc3VtZXMgYWNjZXB0YW5jZSBvZiB0aGUgdGhlbiBhcHBsaWNhYmxl +IHN0YW5kYXJkIHRlcm1zIGFuZCBjb25kaXRpb25zIG9mIHVzZSwgY2VydGlmaWNh +dGUgcG9saWN5IGFuZCBjZXJ0aWZpY2F0aW9uIHByYWN0aWNlIHN0YXRlbWVudHMu +MDUGCCsGAQUFBwIBFilodHRwOi8vd3d3LmFwcGxlLmNvbS9jZXJ0aWZpY2F0ZWF1 +dGhvcml0eTAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vY3JsLmFwcGxlLmNvbS93 +d2RyY2EuY3JsMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAjAQ +BgoqhkiG92NkBgMBBAIFADAQBgoqhkiG92NkBgMCBAIFADCBoAYKKoZIhvdjZAYD +BgSBkTCBjgwdY29tLnByb2Nlc3NtYWtlci5Qcm9jZXNzTWFrZXIwBQwDYXBwDCJj +b20ucHJvY2Vzc21ha2VyLlByb2Nlc3NNYWtlci52b2lwMAYMBHZvaXAMKmNvbS5w +cm9jZXNzbWFrZXIuUHJvY2Vzc01ha2VyLmNvbXBsaWNhdGlvbjAODAxjb21wbGlj +YXRpb24wDQYJKoZIhvcNAQELBQADggEBADLO70r/cMu7M2A1xNu356IBL4vOtGK7 +nKaAxnjt7aZB+qGTz9xzjH0sHKIefAtlTTSzUzcR/9+gprKt4cdmwgV0zWBpO0UU +7Nu0WreMJKKJ1COO26d8WywvaNdWWHH7+lksZBJFiqFcYvECu3CaMoe77PUqKrWy +R/7MhsHtTsMLz/IMATgMU32NTUs3qKElXjHwTOyE2c+n5VYNoDDMUpx//mbZ5K1B +zA12bA2lg5VLXq4yA9p2Xc2JBg647CXcMQdzPphQ/NZaetcfmE0F01FAF3dfhmmX +jbNoPanngYpPEUVR6kt4MpB/3SeBXgU3HPhBIo7vtfIwI0wT+QlB5bw= +-----END CERTIFICATE----- +Bag Attributes + friendlyName: ProcessMaker Prod Key + localKeyID: 66 D5 75 E4 00 4D 2C 65 BC 2A 38 E9 C9 46 90 97 A7 F9 79 1A Key Attributes: -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: DES-EDE3-CBC,BC1E17B433FB3A98 +DEK-Info: DES-EDE3-CBC,6D70077A389A3A8C -lSsYwz/4sOIm/By9K4RfK7EpoyDRBvC9T58UJKgKS9vuwhNusNb1snPU+Bu+Xk/k -/lIxq5Dvrg64ZtIvqSK67Pj+KQ6RkUmNE/bcHnewV/pTZIqpOdhI3jW2r63KdVPZ -/xo663ujEgDIEytPWMP1/bMygfXOAgl5xk3Z6omqV0AvVjxlabvz5uftlEuHI1wy -Hws6q8D5sk7vtSheqYwq+J9hqHONqU1UOKaLSr+x2oQIEcqcVl38NdSqNqwoN9KN -rv18hNuhW3RUnkX+FLSGkPzbNfsHvtoHqnlFafEzELd5dwmHEfLUHORgTQCI6Tew -1qYvzXIzqFKbUrkcAf0RPcciIUn0dfsndMBb9DkF0iw0iJmJ9kt7TbtZD8oj7Hbj -gJKVO55ob5xdNqiXXIPoQmhOWV29n15q7jLJgUpu40McMbYQ+L9xIYRjRB5l0E3j -evymHbXeZB4HqBExZVDPtS/Ue/ewOzSL6O/bdZLbnzQ4dC6sH+rvBJdPzcPBD1rL -4bwArf1gfHgLgsgHkmUg10cjgsbDgtc6NklyNV542iDOSUeYtE4zau7sU+u7yCjb -WoJPWS95zDK/4sDQB3moUOxxUUs79dyElsiDtVbjh8PuPLhpw4KLX7gf+7Cj2RC2 -vLgk2O/xfZRH2OiJxdh+eNVjSFrZGdhQ7ovlV5N+K6/hAtiH4dFBiuN6ptRB9HrI -CQaHwuzqpAWxMAQcCTnTIl+UcGjmKtR7PC3wc2zotH0alRESMbOKcAZuFLgOlCHq -c9TYSHuueNO62b09XAUROHgxS7zpoNYwz3jsgLtLRSeKKWa6cP2i/NsAbBxgkyxJ -h0+cXYI9uMZ1QSojRP05k0TfJ3m0aTfI9r4zipuPPIWMZTfKDpmtBGSK6xJ5TGwH -KQijKqV37/L5uVUHfWqOWdcgy22/pa0VFigSB10oCalEF4CJY600S3MYd5e8JWC3 -B9c86m36BI7/7/V/gn9UmPqWRZNIKMVLb8fHiSMLAtdvdwNkN8bvEpHCxa6dT8aS -gnRqOgaqSU8r6kIjaHH3wsu5vwfKygHUMlpaXntDyUC8jNm2AEMjc79cVdxFGZV+ -eu89Tu9iQFTE3L1y9aUFRDQernmyxqPj6ehrqkb4bPjhkYm5Zl5WJKK+Xu8y81em -N+o12ewdsv6JJhQ7Q4+198DA2YuArLetlJiaxgtJw5xgySfm7gFRztKaH7XEdtfT -kIampxWmoG/Ymcw0UBdEDAIi4kKkOjMpB6tO9sQ+1GZ0op8mjyrvYUefcejRqOyD -EE5ACaUUvK8e6qEcpe9R/v4RBJu+V0h+Bj/JzMx27iu9T5RuCZSsw8ll3SfgTrpp -Z7P1yoR1WWkSMCmlHUFAyMW1PhD1EIiZZ1c5Lr/OcmHAYXbG5YusULRvD1XBd9uv -TtYo1CBznMAa+tI1TgAb1j61asYLREmER11R9hBYgnDei2/xTO4N0VDIkBaY7GEz -KJVCEAxR/7VxHGosAji5gP78J/2hUMmkQSxQeRj4G/mCBrbibU+SPlv4oWMpgQoj -La5yGDm+HsVb3sXGCCPyGGajxIwoiYRubdwIiJ72BCLrBkUnH7TXrgptY657nDHK +bziMWwK5LMeP0dIM2wHeO6juXqzmtH/U9FW5GAZuJEKt0zYAyv1DmEJFfyMMZmob +4j+LfvfdZVium6cIEkC+JMPFwW0dSRQNgA6I44E2AT73MTQr6u7pZi/QiQ09CJCQ +JjFJ2Q08ZgHQXrJMy62PeHO+uWOQW6YuI5aNC/K+AdvIwNyzlCj/HNWcf7IeSaeE +urH5/dL1cVSfpeBXMsqfYSAcfTZOXgAb8BRwngi+RSGNQ6SawEl53vm94gDSH3Mi +3tzCsDcw0Gw5Wu1d/755Zzakl48LOqxLzptbOr5QbJK5BeGhE0y3Db+rYNpG3fzw +I3YdZTMhkzaigG4xp/BLyLL2tgGzSIGg8BARMHF/GkXcdKBJyQrweXMkhhoeYxr2 +dzWurOd0Bkw3DJXONE9uPNQb/i33TYmflQMhWJFlHkKhkHlIgAu5cIzTwRNbHCF7 +aRKiHz5uL+/WufgVlw62JZp9JZ1mPsmJINba4BAT9i9zkUnPvxYN/GB5Z2Ttz1nj +ylyGiAtdAZ7l05OWd7I9gEUTce8dsojThIun3QQ1UFCRJUmg38Dp/XxMzWP5IpTb +E2McM90jyN+M8gII2KU6U5uqTXDiMMFiXFa9WlTc4xIkHNQLINDASBgUQr7pIqth +UTvU4YoST6wma9BNYAuGX9ga6uEg94kmVXrUEBZWI13T56bSpw4cyvzSJvNwcH8m +nClVXMIrysoGgQ1Gxs6G2xWTduXysK5E26bY6Gypk9VPMUyo6oVENnY3EQs3Cj/R +W2vyz1t05xPonPxmun2mFTQQvgSbbkfUbuL02tBQXxkWNoo5rCAVuRMFlVjFzIEF +qZ3uiU8ui5Nj1Tc5SAosuoTu53vLp4ynn9A5WVmLXdE1DucCXTumN8teISF69cUU +XYVy2Ch39LxUGumWTSVZNDJBJgSFtiNxCmpwS4jQsNRF9piK/T+t3INSXRcRB9mF +f3DYOrjor6TTu0hEppZosIUfoo7EDgplfMK5x9ZjL8JWSWEqA2U2JoRbe9ucMkGy +wbFTsbyg9NNSdF1jEZUEKWKr7dT3ShPHhut/F9HOi5KvbMAgUf0HnYgUsCTYhZru +UbVf8cWnfYPyVUW3Doa12/uSpqwrHzOduexb1LzO0mukdfyR7UhY/rRv5w4KkTXJ ++zlNncWiSZQiDJq053i8UYhDj0U7+YzmpxE/BUU5HwMcZ8wtl0MDac66Z1YXkqgs +bO2dK71tNQ1D5msmDDP+Cw0W4wLdRiJn8FNF5oBl2QYMyTyclduhrlCMp8VgnMmT +mDrygATrWoaToSiR+Mc6D7rOLyHt+29HMtFx1Lgs3jpgzLQ4nBWBtLN5uxkxTclH +W35sMR2eDYiM7nEO9TJSBlC8lkFiGsv4xYYK8gLEZ2h7OMPrO/9L9CmHk/v3Ts8I +wSt0FiVZNP4JEL0NZ5nSZMnDT0R47CuFkEgf271Um4lNPPRV7mPA0fWkKXt59FeK +LoBZYkGes/QliAUWdY44tVKgg6oIM6IqubsO92Hru5o36Px7ucVoqiNHnSy1lo/v +KAfvW9/40XJ+z1JUTYwreaLoO+Wlk0Irkvv4Fro0KTA8rXDNFm/JL2gkgknEae4i -----END RSA PRIVATE KEY----- From f8300900b5898a6ba3218215fd91b3ef176070fe Mon Sep 17 00:00:00 2001 From: Marco Antonio Nina Mena Date: Wed, 11 Oct 2017 12:56:52 -0400 Subject: [PATCH 03/10] HOR-3920 Unauthenticated calling of may Ajax pages with tracker_designer=1 (URL INJECTION) - Add validation in sysGeneric with session PIN and CASE --- workflow/engine/controllers/admin.php | 19 ++++++++++++------- workflow/public_html/sysGeneric.php | 16 +++++++++------- 2 files changed, 21 insertions(+), 14 deletions(-) diff --git a/workflow/engine/controllers/admin.php b/workflow/engine/controllers/admin.php index aa87d89ca..76871c03e 100644 --- a/workflow/engine/controllers/admin.php +++ b/workflow/engine/controllers/admin.php @@ -196,15 +196,20 @@ class Admin extends Controller $this->render('extJs'); } - function getSystemInfo () + public function getSystemInfo() { - $this->setResponseType( 'json' ); - $infoList = $this->_getSystemInfo(); - $data = array (); + global $RBAC; + $RBAC->requirePermissions('PM_SETUP'); - foreach ($infoList as $row) { - $data[] = array ('label' => $row[0],'value' => $row[1],'section' => $row[2] - ); + $this->setResponseType('json'); + $data = []; + + foreach ($this->_getSystemInfo() as $row) { + $data[] = [ + 'label' => $row[0], + 'value' => $row[1], + 'section' => $row[2] + ]; } return $data; } diff --git a/workflow/public_html/sysGeneric.php b/workflow/public_html/sysGeneric.php index d61fbc598..f0c0503d3 100644 --- a/workflow/public_html/sysGeneric.php +++ b/workflow/public_html/sysGeneric.php @@ -999,23 +999,25 @@ if (! defined( 'EXECUTE_BY_CRON' )) { } } - if ($bRedirect && !isset($_GET["tracker_designer"])) { - if (substr( SYS_SKIN, 0, 2 ) == 'ux' && SYS_SKIN != 'uxs') { // verify if the current skin is a 'ux' variant + if ($bRedirect && + (!isset($_GET['tracker_designer']) || (!isset($_SESSION['CASE']) && !isset($_SESSION['PIN']))) && + $_GET['tracker_designer'] !== 1) { + if (substr(SYS_SKIN, 0, 2) === 'ux' && SYS_SKIN !== 'uxs') { // verify if the current skin is a 'ux' variant $loginUrl = 'main/login'; - } else if (strpos( $_SERVER['REQUEST_URI'], '/home' ) !== false) { //verify is it is using the uxs skin for simplified interface + } else if (strpos($_SERVER['REQUEST_URI'], '/home') !== false) { //verify is it is using the uxs skin for simplified interface $loginUrl = 'home/login'; } else { $loginUrl = 'login/login'; // just set up the classic login } - if (empty( $_POST )) { - header( 'location: ' . SYS_URI . $loginUrl . '?u=' . urlencode( $_SERVER['REQUEST_URI'] ) ); + if (empty($_POST)) { + header('location: ' . SYS_URI . $loginUrl . '?u=' . urlencode($_SERVER['REQUEST_URI'])); } else { if ($isControllerCall) { - header( "HTTP/1.0 302 session lost in controller" ); + header("HTTP/1.0 302 session lost in controller"); } else { - header( 'location: ' . SYS_URI . $loginUrl ); + header('location: ' . SYS_URI . $loginUrl); } } die(); From 437220f1e562ae6fbe3f0e0df614703e43c158d2 Mon Sep 17 00:00:00 2001 From: Marco Antonio Nina Mena Date: Wed, 11 Oct 2017 14:20:59 -0400 Subject: [PATCH 04/10] - correction validated with tracker_designer parameter missing --- workflow/public_html/sysGeneric.php | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/workflow/public_html/sysGeneric.php b/workflow/public_html/sysGeneric.php index f0c0503d3..87fbbd425 100644 --- a/workflow/public_html/sysGeneric.php +++ b/workflow/public_html/sysGeneric.php @@ -999,9 +999,11 @@ if (! defined( 'EXECUTE_BY_CRON' )) { } } - if ($bRedirect && - (!isset($_GET['tracker_designer']) || (!isset($_SESSION['CASE']) && !isset($_SESSION['PIN']))) && - $_GET['tracker_designer'] !== 1) { + if (isset($_GET['tracker_designer']) && intval($_GET['tracker_designer']) !== 1) { + unset($_GET['tracker_designer']); + } + + if ($bRedirect && (!isset($_GET['tracker_designer']) || (!isset($_SESSION['CASE']) && !isset($_SESSION['PIN'])))) { if (substr(SYS_SKIN, 0, 2) === 'ux' && SYS_SKIN !== 'uxs') { // verify if the current skin is a 'ux' variant $loginUrl = 'main/login'; } else if (strpos($_SERVER['REQUEST_URI'], '/home') !== false) { //verify is it is using the uxs skin for simplified interface From 086cc31982887ee6c2820cf2badf2eba043f995e Mon Sep 17 00:00:00 2001 From: davidcallizaya Date: Fri, 13 Oct 2017 07:57:22 -0400 Subject: [PATCH 05/10] HOR-3921 Fix CSRF security issue. --- workflow/engine/PmBootstrap.php | 3 +- .../engine/methods/login/authentication.php | 6 +- .../methods/login/authenticationSso.php | 7 +- .../processes/processes_Import_Bpmn.php | 1 - .../services/webentry/anonymousLogin.php | 3 +- workflow/engine/methods/users/usersAjax.php | 1 + workflow/engine/skinEngine/skinEngine.php | 3 + .../engine/src/ProcessMaker/Util/helpers.php | 34 ++++++ workflow/engine/templates/users/users.js | 7 ++ workflow/public_html/bootstrap.php | 3 +- workflow/public_html/pmGmail/sso.php | 106 +++++++++--------- workflow/public_html/sysGeneric.php | 6 +- 12 files changed, 112 insertions(+), 68 deletions(-) diff --git a/workflow/engine/PmBootstrap.php b/workflow/engine/PmBootstrap.php index 8c54c057c..0d1e5870e 100644 --- a/workflow/engine/PmBootstrap.php +++ b/workflow/engine/PmBootstrap.php @@ -323,8 +323,7 @@ class PmBootstrap extends Bootstrap require_once 'classes/model/Users.php'; $oUser = new Users(); $aUser = $oUser->load($aSession['USR_UID']); - $_SESSION['USER_LOGGED'] = $aUser['USR_UID']; - $_SESSION['USR_USERNAME'] = $aUser['USR_USERNAME']; + initUserSession($aUser['USR_UID'], $aUser['USR_USERNAME']); $bRedirect = false; $RBAC->initRBAC(); $RBAC->loadUserRolePermission( $RBAC->sSystem, $_SESSION['USER_LOGGED'] ); diff --git a/workflow/engine/methods/login/authentication.php b/workflow/engine/methods/login/authentication.php index 6934fe4ca..d6abdd619 100644 --- a/workflow/engine/methods/login/authentication.php +++ b/workflow/engine/methods/login/authentication.php @@ -182,14 +182,12 @@ try { $oPluginRegistry->executeTriggers ( PM_LOGIN , $loginInfo ); } EnterpriseClass::enterpriseSystemUpdate($loginInfo); - $_SESSION['USER_LOGGED'] = $uid; - $_SESSION['USR_USERNAME'] = $usr; + initUserSession($uid, $usr); } else { setcookie("singleSignOn", '1', time() + (24 * 60 * 60), '/'); $uid = $RBAC->userObj->fields['USR_UID']; $usr = $RBAC->userObj->fields['USR_USERNAME']; - $_SESSION['USER_LOGGED'] = $uid; - $_SESSION['USR_USERNAME'] = $usr; + initUserSession($uid, $usr); } //Set default Languaje diff --git a/workflow/engine/methods/login/authenticationSso.php b/workflow/engine/methods/login/authenticationSso.php index 1d8a9cafb..efb6935a5 100644 --- a/workflow/engine/methods/login/authenticationSso.php +++ b/workflow/engine/methods/login/authenticationSso.php @@ -129,9 +129,10 @@ try { setcookie('singleSignOn', '1', time() + (24 * 60 * 60), '/'); - $_SESSION['USER_LOGGED'] = $_SESSION['__USER_LOGGED_SSO__']; - $_SESSION['USR_USERNAME'] = $_SESSION['__USR_USERNAME_SSO__']; - + initUserSession( + $_SESSION['__USER_LOGGED_SSO__'], + $_SESSION['__USR_USERNAME_SSO__'] + ); unset($_SESSION['__USER_LOGGED_SSO__'], $_SESSION['__USR_USERNAME_SSO__']); G::header('Location: ' . $location); diff --git a/workflow/engine/methods/processes/processes_Import_Bpmn.php b/workflow/engine/methods/processes/processes_Import_Bpmn.php index 8e21eb4bd..42733fa65 100644 --- a/workflow/engine/methods/processes/processes_Import_Bpmn.php +++ b/workflow/engine/methods/processes/processes_Import_Bpmn.php @@ -4,7 +4,6 @@ ini_set("max_execution_time", 0); $filter = new InputFilter(); $_FILES = $filter->xssFilterHard($_FILES); -$_SESSION['USER_LOGGED'] = $filter->xssFilterHard($_SESSION['USER_LOGGED']); if (isset($_FILES["PROCESS_FILENAME"]) && pathinfo($_FILES["PROCESS_FILENAME"]["name"], PATHINFO_EXTENSION) == "bpmn" diff --git a/workflow/engine/methods/services/webentry/anonymousLogin.php b/workflow/engine/methods/services/webentry/anonymousLogin.php index 2b8387149..208cee429 100644 --- a/workflow/engine/methods/services/webentry/anonymousLogin.php +++ b/workflow/engine/methods/services/webentry/anonymousLogin.php @@ -24,8 +24,7 @@ try { throw new \Exception('WebEntry User not found'); } - $_SESSION['USER_LOGGED'] = $userUid; - $_SESSION['USR_USERNAME'] = $userInfo['username']; + initUserSession($userUid, $userInfo['username']); $result = [ 'user_logged' => $userUid, diff --git a/workflow/engine/methods/users/usersAjax.php b/workflow/engine/methods/users/usersAjax.php index 9c97c46ca..2532da641 100644 --- a/workflow/engine/methods/users/usersAjax.php +++ b/workflow/engine/methods/users/usersAjax.php @@ -129,6 +129,7 @@ switch ($_POST['action']) { case 'saveUser': case 'savePersonalInfo': try { + verifyCsrfToken($_POST); $user = new \ProcessMaker\BusinessModel\User(); $form = $_POST; $permissionsToSaveData = $user->getPermissionsForEdit(); diff --git a/workflow/engine/skinEngine/skinEngine.php b/workflow/engine/skinEngine/skinEngine.php index 61f0e37a4..1174d189b 100644 --- a/workflow/engine/skinEngine/skinEngine.php +++ b/workflow/engine/skinEngine/skinEngine.php @@ -261,9 +261,11 @@ class SkinEngine $template = new TemplatePower($templateFile); $template->prepare(); + $header = '' . "\n" . $header; $template->assign('header', $header); $template->assign('styles', $styles); $template->assign('bodyTemplate', $body); + $template->assign('csrf_token', csrfToken()); $doctype = ""; $meta = null; @@ -569,6 +571,7 @@ class SkinEngine $smarty->cache_dir = PATH_SMARTY_CACHE; $smarty->config_dir = PATH_THIRDPARTY . 'smarty/configs'; $smarty->register_function('translate', 'translate'); + $smarty->register_function('csrf_token', 'csrfToken'); $viewVars = $oHeadPublisher->getVars(); diff --git a/workflow/engine/src/ProcessMaker/Util/helpers.php b/workflow/engine/src/ProcessMaker/Util/helpers.php index 828ef8e8d..90747d11f 100644 --- a/workflow/engine/src/ProcessMaker/Util/helpers.php +++ b/workflow/engine/src/ProcessMaker/Util/helpers.php @@ -1,4 +1,8 @@ load($aSession['USR_UID']); - $_SESSION['USER_LOGGED'] = $aUser['USR_UID']; - $_SESSION['USR_USERNAME'] = $aUser['USR_USERNAME']; + initUserSession($aUser['USR_UID'], $aUser['USR_USERNAME']); $bRedirect = false; if (PHP_VERSION < 5.2) { setcookie(session_name(), session_id(), time() + $timelife, '/', '; HttpOnly'); diff --git a/workflow/public_html/pmGmail/sso.php b/workflow/public_html/pmGmail/sso.php index b6958096f..346c6a701 100644 --- a/workflow/public_html/pmGmail/sso.php +++ b/workflow/public_html/pmGmail/sso.php @@ -15,7 +15,7 @@ $server = isset($_GET['server']) ? $_GET['server'] : ''; //We do need the server to continue. if( !isset($_GET['server']) || $server == "" ){ - throw new \Exception(Bootstrap::LoadTranslation( 'ID_GMAIL_NEED_SERVER' )); + throw new \Exception(Bootstrap::LoadTranslation( 'ID_GMAIL_NEED_SERVER' )); } //First check if the feature is enabled in the license. @@ -53,75 +53,77 @@ curl_close($curl); $decodedResp = G::json_decode($curl_response); if(!is_object($decodedResp) || property_exists($decodedResp,'error')) { - die($decodedResp->error->message); + die($decodedResp->error->message); } //getting the enviroment $enviroment = $decodedResp->enviroment; if(count($decodedResp->user) > 1){ - echo Bootstrap::LoadTranslation( 'ID_EMAIL_MORE_THAN_ONE_USER' ); - die; + echo Bootstrap::LoadTranslation( 'ID_EMAIL_MORE_THAN_ONE_USER' ); + die; } else if(count($decodedResp->user) < 1){ - echo Bootstrap::LoadTranslation( 'ID_USER_NOT_FOUND' ); - die; + echo Bootstrap::LoadTranslation( 'ID_USER_NOT_FOUND' ); + die; } //validationg if there is an actual PM session if( !isset($_SESSION['USER_LOGGED']) || $_SESSION['USER_LOGGED'] != $decodedResp->user['0']->USR_UID){ - $url = 'https://www.googleapis.com/oauth2/v1/tokeninfo?access_token='.$gmailToken; + $url = 'https://www.googleapis.com/oauth2/v1/tokeninfo?access_token='.$gmailToken; - // init curl object - $ch = curl_init(); - // define options - $optArray = array( + // init curl object + $ch = curl_init(); + // define options + $optArray = array( CURLOPT_URL => $url, CURLOPT_RETURNTRANSFER => true, CURLOPT_SSL_VERIFYPEER => false, CURLOPT_SSL_VERIFYHOST => false - ); - // apply those options - curl_setopt_array($ch, $optArray); - // execute request and get response - $result = curl_exec($ch); - $response = (G::json_decode($result)); - curl_close($ch); + ); + // apply those options + curl_setopt_array($ch, $optArray); + // execute request and get response + $result = curl_exec($ch); + $response = (G::json_decode($result)); + curl_close($ch); - //First validate if this user (mail) corresponds to a PM user - if(isset($response->email) && ($gmail == $response->email)){ - //If the email corresponds I get the username and with the gmail user_id the session is created. - if($decodedResp->user['0']->USR_STATUS == "ACTIVE"){ - //User Active! lets create the Session - @session_destroy(); - session_start(); - session_regenerate_id(); - - if (PHP_VERSION < 5.2) { - setcookie("workspaceSkin", $enviroment, time() + (24 * 60 * 60), "/sys" . $enviroment, "; HttpOnly"); - } else { - setcookie("workspaceSkin", $enviroment, time() + (24 * 60 * 60), "/sys" . $enviroment, null, false, true); - } + //First validate if this user (mail) corresponds to a PM user + if(isset($response->email) && ($gmail == $response->email)){ + //If the email corresponds I get the username and with the gmail user_id the session is created. + if($decodedResp->user['0']->USR_STATUS == "ACTIVE"){ + //User Active! lets create the Session + @session_destroy(); + session_start(); + session_regenerate_id(); - $_SESSION = array(); - $_SESSION['__EE_INSTALLATION__'] = 2; - $_SESSION['__EE_SW_PMLICENSEMANAGER__'] = 1; - $_SESSION['phpLastFileFound'] = ''; - $_SESSION['USERNAME_PREVIOUS1'] = $decodedResp->user['0']->USR_USERNAME; - $_SESSION['USERNAME_PREVIOUS2'] = $decodedResp->user['0']->USR_USERNAME; - $_SESSION['WORKSPACE'] = $pmws; - $_SESSION['USER_LOGGED'] = $decodedResp->user['0']->USR_UID; - $_SESSION['USR_USERNAME'] = $decodedResp->user['0']->USR_USERNAME; - $_SESSION['USR_FULLNAME'] = $decodedResp->user['0']->USR_FIRSTNAME. ' ' .$decodedResp->user['0']->USR_LASTNAME; - $_SESSION['__sw__'] = 1; - //session created - } else { - echo Bootstrap::LoadTranslation( 'ID_USER_NOT_ACTIVE' ); - die; - } - } else { - echo Bootstrap::LoadTranslation( 'ID_USER_DOES_NOT_CORRESPOND' ); - die; - } + if (PHP_VERSION < 5.2) { + setcookie("workspaceSkin", $enviroment, time() + (24 * 60 * 60), "/sys" . $enviroment, "; HttpOnly"); + } else { + setcookie("workspaceSkin", $enviroment, time() + (24 * 60 * 60), "/sys" . $enviroment, null, false, true); + } + + $_SESSION = array(); + $_SESSION['__EE_INSTALLATION__'] = 2; + $_SESSION['__EE_SW_PMLICENSEMANAGER__'] = 1; + $_SESSION['phpLastFileFound'] = ''; + $_SESSION['USERNAME_PREVIOUS1'] = $decodedResp->user['0']->USR_USERNAME; + $_SESSION['USERNAME_PREVIOUS2'] = $decodedResp->user['0']->USR_USERNAME; + $_SESSION['WORKSPACE'] = $pmws; + $_SESSION['USR_FULLNAME'] = $decodedResp->user['0']->USR_FIRSTNAME. ' ' .$decodedResp->user['0']->USR_LASTNAME; + $_SESSION['__sw__'] = 1; + initUserSession( + $decodedResp->user['0']->USR_UID, + $decodedResp->user['0']->USR_USERNAME + ); + //session created + } else { + echo Bootstrap::LoadTranslation( 'ID_USER_NOT_ACTIVE' ); + die; + } + } else { + echo Bootstrap::LoadTranslation( 'ID_USER_DOES_NOT_CORRESPOND' ); + die; + } } $_SESSION['server'] = 'https://' . $server . '/sys'. $pmws .'/en/'.$enviroment.'/'; diff --git a/workflow/public_html/sysGeneric.php b/workflow/public_html/sysGeneric.php index d61fbc598..8b18f5c18 100644 --- a/workflow/public_html/sysGeneric.php +++ b/workflow/public_html/sysGeneric.php @@ -979,8 +979,10 @@ if (! defined( 'EXECUTE_BY_CRON' )) { require_once 'classes/model/Users.php'; $oUser = new Users(); $aUser = $oUser->load( $aSession['USR_UID'] ); - $_SESSION['USER_LOGGED'] = $aUser['USR_UID']; - $_SESSION['USR_USERNAME'] = $aUser['USR_USERNAME']; + initUserSession( + $_SESSION['USER_LOGGED'], + $aUser['USR_USERNAME'] + ); $bRedirect = false; if ((preg_match("/msie/i", $_SERVER ['HTTP_USER_AGENT']) != 1 || $config['ie_cookie_lifetime'] == 1) && From 69b2370ba6f6ce0284ecb703647a08d3326e6131 Mon Sep 17 00:00:00 2001 From: davidcallizaya Date: Fri, 13 Oct 2017 10:49:45 -0400 Subject: [PATCH 06/10] HOR-3921 Fix CR observations. --- workflow/engine/skinEngine/skinEngine.php | 2 +- workflow/engine/src/ProcessMaker/Util/helpers.php | 13 +++++++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/workflow/engine/skinEngine/skinEngine.php b/workflow/engine/skinEngine/skinEngine.php index 1174d189b..a774506ed 100644 --- a/workflow/engine/skinEngine/skinEngine.php +++ b/workflow/engine/skinEngine/skinEngine.php @@ -261,7 +261,7 @@ class SkinEngine $template = new TemplatePower($templateFile); $template->prepare(); - $header = '' . "\n" . $header; + $header = '' . "\n" . $header; $template->assign('header', $header); $template->assign('styles', $styles); $template->assign('bodyTemplate', $body); diff --git a/workflow/engine/src/ProcessMaker/Util/helpers.php b/workflow/engine/src/ProcessMaker/Util/helpers.php index 90747d11f..cccfbb9ad 100644 --- a/workflow/engine/src/ProcessMaker/Util/helpers.php +++ b/workflow/engine/src/ProcessMaker/Util/helpers.php @@ -376,6 +376,12 @@ function initUserSession($usrUid, $usrName) $_SESSION['USR_CSRF_TOKEN'] = Str::random(40); } +/** + * Verify token for an incoming request. + * + * @param type $request + * @throws TokenMismatchException + */ function verifyCsrfToken($request) { $headers = getallheaders(); @@ -386,11 +392,18 @@ function verifyCsrfToken($request) : null); $match = is_string($_SESSION['USR_CSRF_TOKEN']) && is_string($token) + && !empty($_SESSION['USR_CSRF_TOKEN']) && hash_equals($_SESSION['USR_CSRF_TOKEN'], $token); if (!$match) { throw new TokenMismatchException(); } } + +/** + * Get the current user CSRF token. + * + * @return string + */ function csrfToken() { return isset($_SESSION['USR_CSRF_TOKEN']) ? $_SESSION['USR_CSRF_TOKEN'] : ''; From 8b2e2147d903438d93c2472e1bc4e459c72f1d3f Mon Sep 17 00:00:00 2001 From: Paula Quispe Date: Thu, 12 Oct 2017 08:24:22 -0400 Subject: [PATCH 07/10] HOR-3834 --- gulliver/methods/genericAjax.php | 722 ++++++++++++++++-------------- gulliver/system/class.xmlform.php | 12 +- 2 files changed, 393 insertions(+), 341 deletions(-) diff --git a/gulliver/methods/genericAjax.php b/gulliver/methods/genericAjax.php index 10e0489b0..f75561d26 100644 --- a/gulliver/methods/genericAjax.php +++ b/gulliver/methods/genericAjax.php @@ -1,228 +1,266 @@ xssFilterHard($_GET,"url"); -$_POST = $filter->xssFilterHard($_POST,"url"); -$_REQUEST = $filter->xssFilterHard($_REQUEST,"url"); -$_SESSION = $filter->xssFilterHard($_SESSION,"url"); +$_GET = $filter->xssFilterHard($_GET, "url"); +$_POST = $filter->xssFilterHard($_POST, "url"); +$_REQUEST = $filter->xssFilterHard($_REQUEST, "url"); +$_SESSION = $filter->xssFilterHard($_SESSION, "url"); -$request = isset($_POST['request'])? $_POST['request']: null; -if( !isset($request) ){ - $request = isset($_GET['request'])? $_GET['request']: null; +$request = isset($_POST['request']) ? $_POST['request'] : null; + +if (!isset($request)) { + $request = isset($_GET['request']) ? $_GET['request'] : null; } -if( isset($request) ){ - switch($request){ - case 'deleteGridRowOnDynaform': - //This code is to update the SESSION variable for dependent fields in grids +if (isset($request)) { + switch ($request) { + case 'deleteGridRowOnDynaform': + //This code is to update the SESSION variable for dependent fields in grids - if (!defined("XMLFORM_AJAX_PATH")) { - define("XMLFORM_AJAX_PATH", PATH_XMLFORM); - } - - if (is_array($_SESSION[$_POST["formID"]][$_POST["gridname"]])) { - if (!is_array($_SESSION[$_POST["formID"]][$_POST["gridname"]])) { - $_SESSION[$_POST["formID"]][$_POST["gridname"]] = (array)$_SESSION[$_POST["formID"]][$_POST["gridname"]]; - } - ksort($_SESSION[$_POST["formID"]][$_POST["gridname"]]); - $oFields = array(); - $initialKey = 1; - - foreach ($_SESSION[$_POST["formID"]][$_POST["gridname"]] as $key => $value) { - if ($key != $_POST["rowpos"]) { - $oFields[$initialKey] = $value; - $initialKey++; - } - } - - unset($_SESSION[$_POST["formID"]][$_POST["gridname"]]); - - $_SESSION[$_POST["formID"]][$_POST["gridname"]] = $oFields; - } - - break; - /** widgets **/ - case 'suggest': - - try { - if(isset($_GET["inputEnconde64"])) { - $_GET['input'] = base64_decode($_GET['input']); - } - $sData = base64_decode(str_rot13($_GET['hash'])); - list($SQL, $DB_UID) = explode('@|', $sData); - // Remplace values for dependent fields - $aDependentFieldsKeys = explode("|", base64_decode(str_rot13($_GET['dependentFieldsKeys']))); - $aDependentFieldsValue = explode("|", $_GET['dependentFieldsValue']); - if ($aDependentFieldsKeys) { - $aDependentFields = array(); - foreach ($aDependentFieldsKeys as $nKey => $sFieldVar ) { - $sKeyDepFields = substr($sFieldVar, 2); - $aDependentFields[$sKeyDepFields] = $aDependentFieldsValue[$nKey]; - } - $SQL = G::replaceDataField($SQL, $aDependentFields); - } - - // Parsed SQL Structure - - $parser = new PHPSQLParser($SQL); - $searchType = $_GET["searchType"]; - - // Verif parsed array - // print_r($parser->parsed); - $SQL = queryModified($parser->parsed, $_GET['input'], $searchType); - - $aRows = Array(); - try { - $con = Propel::getConnection($DB_UID); - $con->begin(); - $rs = $con->executeQuery($SQL); - $con->commit(); - - while ( $rs->next() ) { - array_push($aRows, $rs->getRow()); - } - } catch (SQLException $sqle) { - $con->rollback(); - } - - $input = strtolower( $_GET['input'] ); - $len = strlen($input); - $limit = isset($_GET['limit']) ? (int) $_GET['limit'] : 0; - $aResults = array(); - $count = 0; - $aRows = sortByChar($aRows, $input); - - if ($len){ - for ($i=0;$i= 3: - $id = $aRow[0]; - $value = $aRow[1]; - $info = $aRow[2]; - break; + if (!defined("XMLFORM_AJAX_PATH")) { + define("XMLFORM_AJAX_PATH", PATH_XMLFORM); } + if (is_array($_SESSION[$_POST["formID"]][$_POST["gridname"]])) { + if (!is_array($_SESSION[$_POST["formID"]][$_POST["gridname"]])) { + $_SESSION[$_POST["formID"]][$_POST["gridname"]] = (array)$_SESSION[$_POST["formID"]][$_POST["gridname"]]; + } + ksort($_SESSION[$_POST["formID"]][$_POST["gridname"]]); + $oFields = array(); + $initialKey = 1; - // had to use utf_decode, here - // not necessary if the results are coming from mysql - // - $count++; - $aResults[] = array( "id"=>$id ,"value"=>htmlspecialchars($value), "info"=>htmlspecialchars($info) ); + foreach ($_SESSION[$_POST["formID"]][$_POST["gridname"]] as $key => $value) { + if ($key != $_POST["rowpos"]) { + $oFields[$initialKey] = $value; + $initialKey++; + } + } - } - } + unset($_SESSION[$_POST["formID"]][$_POST["gridname"]]); - header ("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past - header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // always modified - header ("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 - header ("Pragma: no-cache"); // HTTP/1.0 + $_SESSION[$_POST["formID"]][$_POST["gridname"]] = $oFields; + } - if (isset($_REQUEST['json'])) { - header("Content-Type: application/json"); - echo Bootstrap::json_encode(array("status" => 0, "results" => $aResults)); - } else { - header("Content-Type: text/xml"); - - echo ""; - for ($i=0;$i".$aResults[$i]['value'].""; - } - echo ""; - } - - } catch(Exception $e){ - $err = $e->getMessage(); - //$err = eregi_replace("[\n|\r|\n\r]", ' ', $err); - $err = preg_replace("[\n|\r|\n\r]", ' ', $err);//Made compatible to PHP 5.3 - echo '{"status":1, "message":"'.$err.'"}'; - } - break; - - - case 'storeInTmp': - if(!isset($_SESSION['USER_LOGGED'])) { - echo "{status: 1, message: \"success\"}"; break; - } - try { - $con = Propel::getConnection($_GET['cnn']); - if($_GET['pkt'] == 'int'){ - - $primaryKeyField = Propel::getDB($_GET['cnn'])->quoteIdentifier($_GET['pk']); - $tableName = Propel::getDB($_GET['cnn'])->quoteIdentifier($_GET['table']); - $rs = $con->executeQuery("SELECT MAX($primaryKeyField) as lastId FROM $tableName"); - $rs->next(); - $row = $rs->getRow(); - $gKey = (int)$row['lastId'] + 1; + /** widgets **/ + case 'suggest': - } else { - $gKey = G::encryptOld(date('Y-m-d H:i:s').'@'.rand()); - } - - // See above. Gross, but it works. - $field = mysql_real_escape_string($_GET['fld']); - $field = str_replace("`", "", $field); - - $query = "INSERT INTO $tableName ($primaryKeyField, $field) VALUES (?, ?)"; // '$gKey', '{$_GET['value']}')"; + try { - $rs = $con->prepareStatement($query); - $rs->set(1, $gKey); - $rs->set(2, $_GET['value']); - $rs->executeQuery(); + if (isset($_GET["inputEnconde64"])) { + $_GET['input'] = base64_decode($_GET['input']); + } - echo "{status: 1, message: \"success\"}"; - } catch (Exception $e) { - $err = $e->getMessage(); - //$err = eregi_replace("[\n|\r|\n\r]", ' ', $err); - $err = preg_replace("[\n|\r|\n\r]", " ", $err); //Made compatible to PHP 5.3 - echo "{status: 0, message: \"" . $err . "\"}"; - } - break; - } + if (!isset($_GET['form']) || !isset($_GET['variable'])) { + throw new Exception('Please contact the system administrator.'); + } + + $gridName = isset($_GET['grid']) ? $_GET['grid'] : ''; + //When is a grid the form parameter include the name of grid + $xmlFile = str_replace($gridName, '', $_GET['form']); + //We will to get the form and variable and the query related + $xmlFile = G::getUIDName(urlDecode($xmlFile)); + $gridName = isset($_GET['grid']) ? $_GET['grid'] : ''; + $xmlFile = str_replace($gridName, '', $xmlFile); + + $myForm = new Form($xmlFile, PATH_DYNAFORM); + $myForm->id = urlDecode($_GET['form']); + + + $bdUid = 'workflow'; + if (isset($_GET['type']) && $_GET['type']==='form' && isset($myForm->fields[$_GET['variable']]->sql)) { + $sqlQuery = $myForm->fields[$_GET['variable']]->sql; + if (isset($myForm->fields[$_GET['variable']]->sqlConnection) && !empty($myForm->fields[$_GET['variable']]->sqlConnection)) { + $bdUid = $myForm->fields[$_GET['variable']]->sqlConnection; + } + } elseif (isset($_GET['type']) && $_GET['type']==='grid' && isset($myForm->fields[$_GET['grid']])) { + foreach ($myForm->fields[$_GET['grid']] as $index => $value) { + if (is_array($value) && isset($value[$_GET['variable']])) { + $newObj = $value[$_GET['variable']]; + $sqlQuery = $newObj->sql; + if (isset($newObj->sqlConnection) && !empty($newObj->sqlConnection)) { + $bdUid = $newObj->sqlConnection; + } + } + } + } else { + throw new Exception('The variable with ' . $_GET['variable'] . ' does not defined in the form.'); + } + + // Replace values for dependent fields + $aDependentFieldsKeys = explode("|", base64_decode(str_rot13($_GET['dependentFieldsKeys']))); + $aDependentFieldsValue = explode("|", $_GET['dependentFieldsValue']); + if ($aDependentFieldsKeys) { + $aDependentFields = array(); + foreach ($aDependentFieldsKeys as $nKey => $sFieldVar) { + $sKeyDepFields = substr($sFieldVar, 2); + $aDependentFields[$sKeyDepFields] = $aDependentFieldsValue[$nKey]; + } + $sqlQuery = G::replaceDataField($sqlQuery, $aDependentFields); + } + + // Parsed SQL Structure + + $parser = new PHPSQLParser($sqlQuery); + $searchType = $_GET["searchType"]; + + // Verify parsed array + $sqlQuery = queryModified($parser->parsed, $_GET['input'], $searchType); + + $aRows = Array(); + try { + $con = Propel::getConnection($bdUid); + $con->begin(); + $rs = $con->executeQuery($sqlQuery); + $con->commit(); + + while ($rs->next()) { + array_push($aRows, $rs->getRow()); + } + } catch (SQLException $sqle) { + $con->rollback(); + } + + $input = strtolower($_GET['input']); + $len = strlen($input); + $limit = isset($_GET['limit']) ? (int)$_GET['limit'] : 0; + $aResults = array(); + $count = 0; + $aRows = sortByChar($aRows, $input); + + if ($len) { + for ($i = 0; $i < count($aRows); $i++) { + $aRow = $aRows[$i]; + $nCols = sizeof($aRow); + + $aRow = array_values($aRow); + switch ($nCols) { + case 1: + $id = $aRow[0]; + $value = $aRow[0]; + $info = ''; + break; + + case 2: + $id = $aRow[0]; + $value = $aRow[1]; + $info = ''; + break; + + case $nCols >= 3: + $id = $aRow[0]; + $value = $aRow[1]; + $info = $aRow[2]; + break; + } + + + // had to use utf_decode, here + // not necessary if the results are coming from mysql + // + $count++; + $aResults[] = array( + "id" => $id, + "value" => htmlspecialchars($value), + "info" => htmlspecialchars($info) + ); + + } + } + + header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past + header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // always modified + header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 + header("Pragma: no-cache"); // HTTP/1.0 + + if (isset($_REQUEST['json'])) { + header("Content-Type: application/json"); + echo Bootstrap::json_encode(array("status" => 0, "results" => $aResults)); + } else { + header("Content-Type: text/xml"); + + echo ""; + for ($i = 0; $i < count($aResults); $i++) { + echo "" . $aResults[$i]['value'] . ""; + } + echo ""; + } + + } catch (Exception $e) { + $err = $e->getMessage(); + $err = preg_replace("[\n|\r|\n\r]", ' ', $err);//Made compatible to PHP 5.3 + echo '{"status":1, "message":"' . $err . '"}'; + } + break; + + + case 'storeInTmp': + if (!isset($_SESSION['USER_LOGGED'])) { + echo "{status: 1, message: \"success\"}"; + break; + } + try { + $con = Propel::getConnection($_GET['cnn']); + if ($_GET['pkt'] == 'int') { + + $primaryKeyField = Propel::getDB($_GET['cnn'])->quoteIdentifier($_GET['pk']); + $tableName = Propel::getDB($_GET['cnn'])->quoteIdentifier($_GET['table']); + $rs = $con->executeQuery("SELECT MAX($primaryKeyField) as lastId FROM $tableName"); + $rs->next(); + $row = $rs->getRow(); + $gKey = (int)$row['lastId'] + 1; + + } else { + $gKey = G::encryptOld(date('Y-m-d H:i:s') . '@' . rand()); + } + + // See above. Gross, but it works. + $field = mysql_real_escape_string($_GET['fld']); + $field = str_replace("`", "", $field); + + $query = "INSERT INTO $tableName ($primaryKeyField, $field) VALUES (?, ?)"; // '$gKey', '{$_GET['value']}')"; + + $rs = $con->prepareStatement($query); + $rs->set(1, $gKey); + $rs->set(2, $_GET['value']); + $rs->executeQuery(); + + echo "{status: 1, message: \"success\"}"; + } catch (Exception $e) { + $err = $e->getMessage(); + $err = preg_replace("[\n|\r|\n\r]", " ", $err); //Made compatible to PHP 5.3 + echo "{status: 0, message: \"" . $err . "\"}"; + } + break; + } } function sortByChar($aRows, $charSel) { - $aIniChar = array(); - $aRest = array(); - for($i=0; $i= 3: - $value = $aRowOrder[1]; - break; + $aIniChar = array(); + $aRest = array(); + for ($i = 0; $i < count($aRows); $i++) { + $aRow = $aRows[$i]; + $nCols = sizeof($aRow); + $aRowOrder = array_values($aRow); + switch ($nCols) { + case 1: + $value = $aRowOrder[0]; + break; + case 2: + $value = $aRowOrder[1]; + break; + case $nCols >= 3: + $value = $aRowOrder[1]; + break; + } + + if (substr(strtolower($value), 0, 1) == substr(strtolower($charSel), 0, 1)) { + array_push($aIniChar, $aRow); + } else { + array_push($aRest, $aRow); + } } - if(substr(strtolower($value), 0, 1) == substr( strtolower($charSel), 0, 1)){ - array_push($aIniChar, $aRow); - } else { - array_push($aRest, $aRow); - } - } - return array_merge($aIniChar, $aRest); + return array_merge($aIniChar, $aRest); } @@ -234,148 +272,164 @@ function sortByChar($aRows, $charSel) */ function queryModified($sqlParsed, $inputSel = "", $searchType) { - if(!empty($sqlParsed['SELECT'])) { - $sqlSelectOptions = (isset($sqlParsed["OPTIONS"]) && count($sqlParsed["OPTIONS"]) > 0)? implode(" ", $sqlParsed["OPTIONS"]) : null; + if (!empty($sqlParsed['SELECT'])) { + $sqlSelectOptions = (isset($sqlParsed["OPTIONS"]) && count($sqlParsed["OPTIONS"]) > 0) ? implode(" ", + $sqlParsed["OPTIONS"]) : null; - $sqlSelect = "SELECT $sqlSelectOptions "; - $aSelect = $sqlParsed["SELECT"]; - - $sFieldSel = (count($aSelect)>1 ) ? $aSelect[1]['base_expr'] : $aSelect[0]['base_expr']; - foreach($aSelect as $key => $value ) { - if($key != 0) - $sqlSelect .= ", "; - $sAlias = str_replace("`","", $aSelect[$key]['alias']); - $sBaseExpr = $aSelect[$key]['base_expr']; - switch($aSelect[$key]['expr_type']){ - case 'colref' : if($sAlias === $sBaseExpr) - $sqlSelect .= $sAlias; - else - $sqlSelect .= $sBaseExpr . ' AS ' . $sAlias; - break; - case 'expression' : if($sAlias === $sBaseExpr) - $sqlSelect .= $sBaseExpr; - else - $sqlSelect .= $sBaseExpr . ' AS ' . $sAlias; - break; - case 'subquery' : if(strpos($sAlias, $sBaseExpr,0) != 0) - $sqlSelect .= $sAlias; - else - $sqlSelect .= $sBaseExpr . " AS " . $sAlias; - break; - case 'operator' : $sqlSelect .= $sBaseExpr; - break; - default : $sqlSelect .= $sBaseExpr; - break; - } - } - - $sqlFrom = " FROM "; - if(!empty($sqlParsed['FROM'])){ - $aFrom = $sqlParsed['FROM']; - if(count($aFrom) > 0){ - foreach($aFrom as $key => $value ){ - if($key == 0) { - $sqlFrom .= $aFrom[$key]['table'] . (($aFrom[$key]['table'] == $aFrom[$key]['alias'])?"" : " " . $aFrom[$key]['alias']); - } else { - $sqlFrom .= " " . (($aFrom[$key]['join_type']=='JOIN')?"INNER": $aFrom[$key]['join_type']) . " JOIN " . $aFrom[$key]['table'] - . (($aFrom[$key]['table'] == $aFrom[$key]['alias'])?"" : " " . $aFrom[$key]['alias']) . " " . $aFrom[$key]['ref_type'] . " " . $aFrom[$key]['ref_clause'] ; - } + $sqlSelect = "SELECT $sqlSelectOptions "; + $aSelect = $sqlParsed["SELECT"]; + $sFieldSel = (count($aSelect) > 1) ? $aSelect[1]['base_expr'] : $aSelect[0]['base_expr']; + foreach ($aSelect as $key => $value) { + if ($key != 0) { + $sqlSelect .= ", "; + } + $sAlias = str_replace("`", "", $aSelect[$key]['alias']); + $sBaseExpr = $aSelect[$key]['base_expr']; + switch ($aSelect[$key]['expr_type']) { + case 'colref' : + if ($sAlias === $sBaseExpr) { + $sqlSelect .= $sAlias; + } else { + $sqlSelect .= $sBaseExpr . ' AS ' . $sAlias; + } + break; + case 'expression' : + if ($sAlias === $sBaseExpr) { + $sqlSelect .= $sBaseExpr; + } else { + $sqlSelect .= $sBaseExpr . ' AS ' . $sAlias; + } + break; + case 'subquery' : + if (strpos($sAlias, $sBaseExpr, 0) != 0) { + $sqlSelect .= $sAlias; + } else { + $sqlSelect .= $sBaseExpr . " AS " . $sAlias; + } + break; + case 'operator' : + $sqlSelect .= $sBaseExpr; + break; + default : + $sqlSelect .= $sBaseExpr; + break; + } } - } - } - $sqlConditionLike = "LIKE '%" . $inputSel . "%'"; + $sqlFrom = " FROM "; + if (!empty($sqlParsed['FROM'])) { + $aFrom = $sqlParsed['FROM']; + if (count($aFrom) > 0) { + foreach ($aFrom as $key => $value) { + if ($key == 0) { + $sqlFrom .= $aFrom[$key]['table'] . (($aFrom[$key]['table'] == $aFrom[$key]['alias']) ? "" : " " . $aFrom[$key]['alias']); + } else { + $sqlFrom .= " " . (($aFrom[$key]['join_type'] == 'JOIN') ? "INNER" : $aFrom[$key]['join_type']) . " JOIN " . $aFrom[$key]['table'] + . (($aFrom[$key]['table'] == $aFrom[$key]['alias']) ? "" : " " . $aFrom[$key]['alias']) . " " . $aFrom[$key]['ref_type'] . " " . $aFrom[$key]['ref_clause']; + } - switch ($searchType) { - case "searchtype*": - $sqlConditionLike = "LIKE '" . $inputSel . "%'"; - break; - case "*searchtype": - $sqlConditionLike = "LIKE '%" . $inputSel . "'"; - break; - } + } + } + } - if(!empty($sqlParsed['WHERE'])){ - $sqlWhere = " WHERE "; - $aWhere = $sqlParsed['WHERE']; - foreach($aWhere as $key => $value ){ - $sqlWhere .= $value['base_expr'] . " "; - } - $sqlWhere .= " AND " . $sFieldSel . " " . $sqlConditionLike; - } - else { - $sqlWhere = " WHERE " . $sFieldSel . " " . $sqlConditionLike; - } + $sqlConditionLike = "LIKE '%" . $inputSel . "%'"; - $sqlGroupBy = ""; - if(!empty($sqlParsed['GROUP'])){ - $sqlGroupBy = "GROUP BY "; - $aGroup = $sqlParsed['GROUP']; - foreach($aGroup as $key => $value ){ - if($key != 0) - $sqlGroupBy .= ", "; - if($value['direction'] == 'ASC' ) - $sqlGroupBy .= $value['base_expr']; - else - $sqlGroupBy .= $value['base_expr'] . " " . $value['direction']; - } - } + switch ($searchType) { + case "searchtype*": + $sqlConditionLike = "LIKE '" . $inputSel . "%'"; + break; + case "*searchtype": + $sqlConditionLike = "LIKE '%" . $inputSel . "'"; + break; + } - $sqlHaving = ""; - if(!empty($sqlParsed['HAVING'])){ - $sqlHaving = "HAVING "; - $aHaving = $sqlParsed['HAVING']; - foreach($aHaving as $key => $value ){ - $sqlHaving .= $value['base_expr'] . " "; - } - } + if (!empty($sqlParsed['WHERE'])) { + $sqlWhere = " WHERE "; + $aWhere = $sqlParsed['WHERE']; + foreach ($aWhere as $key => $value) { + $sqlWhere .= $value['base_expr'] . " "; + } + $sqlWhere .= " AND " . $sFieldSel . " " . $sqlConditionLike; + } else { + $sqlWhere = " WHERE " . $sFieldSel . " " . $sqlConditionLike; + } - $sqlOrderBy = ""; - if(!empty($sqlParsed['ORDER'])){ - $sqlOrderBy = "ORDER BY "; - $aOrder = $sqlParsed['ORDER']; - foreach($aOrder as $key => $value ){ - if($key != 0) - $sqlOrderBy .= ", "; - if($value['direction'] == 'ASC' ) - $sqlOrderBy .= $value['base_expr']; - else - $sqlOrderBy .= $value['base_expr'] . " " . $value['direction']; - } - } else { - $sqlOrderBy = " ORDER BY " . $sFieldSel; - } + $sqlGroupBy = ""; + if (!empty($sqlParsed['GROUP'])) { + $sqlGroupBy = "GROUP BY "; + $aGroup = $sqlParsed['GROUP']; + foreach ($aGroup as $key => $value) { + if ($key != 0) { + $sqlGroupBy .= ", "; + } + if ($value['direction'] == 'ASC') { + $sqlGroupBy .= $value['base_expr']; + } else { + $sqlGroupBy .= $value['base_expr'] . " " . $value['direction']; + } + } + } - $sqlLimit = ""; - if(!empty($sqlParsed['LIMIT'])){ - $sqlLimit = "LIMIT ". $sqlParsed['LIMIT']['start'] . ", " . $sqlParsed['LIMIT']['end']; - } + $sqlHaving = ""; + if (!empty($sqlParsed['HAVING'])) { + $sqlHaving = "HAVING "; + $aHaving = $sqlParsed['HAVING']; + foreach ($aHaving as $key => $value) { + $sqlHaving .= $value['base_expr'] . " "; + } + } - return $sqlSelect . $sqlFrom . $sqlWhere . $sqlGroupBy . $sqlHaving . $sqlOrderBy . $sqlLimit; - } - if(!empty($sqlParsed['CALL'])){ - $sCall = "CALL "; - $aCall = $sqlParsed['CALL']; - foreach($aCall as $key => $value ){ - $sCall .= $value . " "; + $sqlOrderBy = ""; + if (!empty($sqlParsed['ORDER'])) { + $sqlOrderBy = "ORDER BY "; + $aOrder = $sqlParsed['ORDER']; + foreach ($aOrder as $key => $value) { + if ($key != 0) { + $sqlOrderBy .= ", "; + } + if ($value['direction'] == 'ASC') { + $sqlOrderBy .= $value['base_expr']; + } else { + $sqlOrderBy .= $value['base_expr'] . " " . $value['direction']; + } + } + } else { + $sqlOrderBy = " ORDER BY " . $sFieldSel; + } + + $sqlLimit = ""; + if (!empty($sqlParsed['LIMIT'])) { + $sqlLimit = "LIMIT " . $sqlParsed['LIMIT']['start'] . ", " . $sqlParsed['LIMIT']['end']; + } + + return $sqlSelect . $sqlFrom . $sqlWhere . $sqlGroupBy . $sqlHaving . $sqlOrderBy . $sqlLimit; } - return $sCall; - } - if(!empty($sqlParsed['EXECUTE'])){ - $sCall = "EXECUTE "; - $aCall = $sqlParsed['EXECUTE']; - foreach($aCall as $key => $value ){ - $sCall .= $value . " "; + if (!empty($sqlParsed['CALL'])) { + $sCall = "CALL "; + $aCall = $sqlParsed['CALL']; + foreach ($aCall as $key => $value) { + $sCall .= $value . " "; + } + + return $sCall; } - return $sCall; - } - if(!empty($sqlParsed[''])){ - $sCall = ""; - $aCall = $sqlParsed['']; - foreach($aCall as $key => $value ){ - $sCall .= $value . " "; + if (!empty($sqlParsed['EXECUTE'])) { + $sCall = "EXECUTE "; + $aCall = $sqlParsed['EXECUTE']; + foreach ($aCall as $key => $value) { + $sCall .= $value . " "; + } + + return $sCall; + } + if (!empty($sqlParsed[''])) { + $sCall = ""; + $aCall = $sqlParsed['']; + foreach ($aCall as $key => $value) { + $sCall .= $value . " "; + } + + return $sCall; } - return $sCall; - } } diff --git a/gulliver/system/class.xmlform.php b/gulliver/system/class.xmlform.php index 43d70a182..614693bff 100644 --- a/gulliver/system/class.xmlform.php +++ b/gulliver/system/class.xmlform.php @@ -1354,8 +1354,7 @@ class XmlFormFieldSuggest extends XmlFormFieldSimpleText } else { $sCallBack = ''; } - - $hash = str_rot13( base64_encode( $this->sql . '@|' . $this->sqlConnection ) ); + $sSQL = $this->sql; $nCount = preg_match_all( '/\@(?:([\@\%\#\!Qq])([a-zA-Z\_]\w*)|([a-zA-Z\_][\w\-\>\:]*)\(((?:[^\\\\\)]*?)*)\))/', $sSQL, $match, PREG_PATTERN_ORDER | PREG_OFFSET_CAPTURE ); @@ -1405,8 +1404,8 @@ class XmlFormFieldSuggest extends XmlFormFieldSimpleText $sOptions = 'script: function (input) { '; $sOptions .= ' var inputValue = base64_encode(getField(\'' . $this->name . '_label\').value); '; - $sOptions .= ' return "' . $this->ajaxServer . '?request=suggest&json=true&limit=' . $this->maxresults; - $sOptions .= '&hash=' . $hash . '&dependentFieldsKeys=' . $sResultKeys . '&dependentFieldsValue="'; + $sOptions .= ' return "' . $this->ajaxServer . '?request=suggest&type=form&form=' . $owner->id . '&variable=' . $this->name . '&json=true&limit=' . $this->maxresults; + $sOptions .= '&dependentFieldsKeys=' . $sResultKeys . '&dependentFieldsValue="'; $sOptions .= $depValues . '"&input="+inputValue+"&inputEnconde64=enable&searchType=' . $this->searchType . '";'; @@ -1561,7 +1560,6 @@ class XmlFormFieldSuggest extends XmlFormFieldSimpleText $sCallBack = ''; } - $hash = str_rot13( base64_encode( $this->sql . '@|' . $this->sqlConnection ) ); $sSQL = $this->sql; $nCount = preg_match_all( '/\@(?:([\@\%\#\!Qq])([a-zA-Z\_]\w*)|([a-zA-Z\_][\w\-\>\:]*)\(((?:[^\\\\\)]*?)*)\))/', $sSQL, $match, PREG_PATTERN_ORDER | PREG_OFFSET_CAPTURE ); @@ -1602,8 +1600,8 @@ class XmlFormFieldSuggest extends XmlFormFieldSimpleText $sOptions .= ' var inputValue = base64_encode(getField(\'' . $rowIdField . '[' . $this->name . '_label\').value); '; - $sOptions .= ' return "' . $this->ajaxServer . '?request=suggest&json=true&limit=' . $this->maxresults; - $sOptions .= '&hash=' . $hash . '&dependentFieldsKeys=' . $sResultKeys . '&dependentFieldsValue="'; + $sOptions .= ' return "' . $this->ajaxServer . '?request=suggest&type=grid&form=' . $owner->id . '&grid=' . $owner->name . '&variable=' . $this->name . '&json=true&limit=' . $this->maxresults; + $sOptions .= '&dependentFieldsKeys=' . $sResultKeys . '&dependentFieldsValue="'; $sOptions .= $depValues . '"&input="+inputValue+"&inputEnconde64=enable&searchType=' . $this->searchType . '";'; $sOptions .= '},'; From be147ee39de804650412c110e1fe692faa2046ec Mon Sep 17 00:00:00 2001 From: davidcallizaya Date: Fri, 13 Oct 2017 16:22:56 -0400 Subject: [PATCH 08/10] HOR-3979 Add PLUGIN_TASK_EXTENDED_PROPERTIES for plugins. --- .../model/map/PluginsRegistryMapBuilder.php | 2 + .../classes/model/om/BasePluginsRegistry.php | 66 +++++++++++++++++-- .../model/om/BasePluginsRegistryPeer.php | 23 ++++--- workflow/engine/config/schema.xml | 1 + workflow/engine/data/mysql/schema.sql | 1 + .../Plugins/Adapters/PluginAdapter.php | 1 + 6 files changed, 81 insertions(+), 13 deletions(-) diff --git a/workflow/engine/classes/model/map/PluginsRegistryMapBuilder.php b/workflow/engine/classes/model/map/PluginsRegistryMapBuilder.php index 7be2b32e9..25cfaf8c6 100644 --- a/workflow/engine/classes/model/map/PluginsRegistryMapBuilder.php +++ b/workflow/engine/classes/model/map/PluginsRegistryMapBuilder.php @@ -109,6 +109,8 @@ class PluginsRegistryMapBuilder $tMap->addColumn('PLUGIN_REST_SERVICE', 'PluginRestService', 'string', CreoleTypes::LONGVARCHAR, false, null); + $tMap->addColumn('PLUGIN_TASK_EXTENDED_PROPERTIES', 'PluginTaskExtendedProperties', 'string', CreoleTypes::LONGVARCHAR, false, null); + $tMap->addColumn('PLUGIN_ATTRIBUTES', 'PluginAttributes', 'string', CreoleTypes::LONGVARCHAR, false, null); } // doBuild() diff --git a/workflow/engine/classes/model/om/BasePluginsRegistry.php b/workflow/engine/classes/model/om/BasePluginsRegistry.php index 042361f6d..d6f0be021 100644 --- a/workflow/engine/classes/model/om/BasePluginsRegistry.php +++ b/workflow/engine/classes/model/om/BasePluginsRegistry.php @@ -159,6 +159,12 @@ abstract class BasePluginsRegistry extends BaseObject implements Persistent */ protected $plugin_rest_service; + /** + * The value for the plugin_task_extended_properties field. + * @var string + */ + protected $plugin_task_extended_properties; + /** * The value for the plugin_attributes field. * @var string @@ -421,6 +427,17 @@ abstract class BasePluginsRegistry extends BaseObject implements Persistent return $this->plugin_rest_service; } + /** + * Get the [plugin_task_extended_properties] column value. + * + * @return string + */ + public function getPluginTaskExtendedProperties() + { + + return $this->plugin_task_extended_properties; + } + /** * Get the [plugin_attributes] column value. * @@ -916,6 +933,28 @@ abstract class BasePluginsRegistry extends BaseObject implements Persistent } // setPluginRestService() + /** + * Set the value of [plugin_task_extended_properties] column. + * + * @param string $v new value + * @return void + */ + public function setPluginTaskExtendedProperties($v) + { + + // Since the native PHP type for this column is string, + // we will cast the input to a string (if it is not). + if ($v !== null && !is_string($v)) { + $v = (string) $v; + } + + if ($this->plugin_task_extended_properties !== $v) { + $this->plugin_task_extended_properties = $v; + $this->modifiedColumns[] = PluginsRegistryPeer::PLUGIN_TASK_EXTENDED_PROPERTIES; + } + + } // setPluginTaskExtendedProperties() + /** * Set the value of [plugin_attributes] column. * @@ -999,14 +1038,16 @@ abstract class BasePluginsRegistry extends BaseObject implements Persistent $this->plugin_rest_service = $rs->getString($startcol + 21); - $this->plugin_attributes = $rs->getString($startcol + 22); + $this->plugin_task_extended_properties = $rs->getString($startcol + 22); + + $this->plugin_attributes = $rs->getString($startcol + 23); $this->resetModified(); $this->setNew(false); // FIXME - using NUM_COLUMNS may be clearer. - return $startcol + 23; // 23 = PluginsRegistryPeer::NUM_COLUMNS - PluginsRegistryPeer::NUM_LAZY_LOAD_COLUMNS). + return $startcol + 24; // 24 = PluginsRegistryPeer::NUM_COLUMNS - PluginsRegistryPeer::NUM_LAZY_LOAD_COLUMNS). } catch (Exception $e) { throw new PropelException("Error populating PluginsRegistry object", $e); @@ -1277,6 +1318,9 @@ abstract class BasePluginsRegistry extends BaseObject implements Persistent return $this->getPluginRestService(); break; case 22: + return $this->getPluginTaskExtendedProperties(); + break; + case 23: return $this->getPluginAttributes(); break; default: @@ -1321,7 +1365,8 @@ abstract class BasePluginsRegistry extends BaseObject implements Persistent $keys[19] => $this->getPluginCss(), $keys[20] => $this->getPluginJs(), $keys[21] => $this->getPluginRestService(), - $keys[22] => $this->getPluginAttributes(), + $keys[22] => $this->getPluginTaskExtendedProperties(), + $keys[23] => $this->getPluginAttributes(), ); return $result; } @@ -1420,6 +1465,9 @@ abstract class BasePluginsRegistry extends BaseObject implements Persistent $this->setPluginRestService($value); break; case 22: + $this->setPluginTaskExtendedProperties($value); + break; + case 23: $this->setPluginAttributes($value); break; } // switch() @@ -1534,7 +1582,11 @@ abstract class BasePluginsRegistry extends BaseObject implements Persistent } if (array_key_exists($keys[22], $arr)) { - $this->setPluginAttributes($arr[$keys[22]]); + $this->setPluginTaskExtendedProperties($arr[$keys[22]]); + } + + if (array_key_exists($keys[23], $arr)) { + $this->setPluginAttributes($arr[$keys[23]]); } } @@ -1636,6 +1688,10 @@ abstract class BasePluginsRegistry extends BaseObject implements Persistent $criteria->add(PluginsRegistryPeer::PLUGIN_REST_SERVICE, $this->plugin_rest_service); } + if ($this->isColumnModified(PluginsRegistryPeer::PLUGIN_TASK_EXTENDED_PROPERTIES)) { + $criteria->add(PluginsRegistryPeer::PLUGIN_TASK_EXTENDED_PROPERTIES, $this->plugin_task_extended_properties); + } + if ($this->isColumnModified(PluginsRegistryPeer::PLUGIN_ATTRIBUTES)) { $criteria->add(PluginsRegistryPeer::PLUGIN_ATTRIBUTES, $this->plugin_attributes); } @@ -1736,6 +1792,8 @@ abstract class BasePluginsRegistry extends BaseObject implements Persistent $copyObj->setPluginRestService($this->plugin_rest_service); + $copyObj->setPluginTaskExtendedProperties($this->plugin_task_extended_properties); + $copyObj->setPluginAttributes($this->plugin_attributes); diff --git a/workflow/engine/classes/model/om/BasePluginsRegistryPeer.php b/workflow/engine/classes/model/om/BasePluginsRegistryPeer.php index 7b900ec09..f6c8814a7 100644 --- a/workflow/engine/classes/model/om/BasePluginsRegistryPeer.php +++ b/workflow/engine/classes/model/om/BasePluginsRegistryPeer.php @@ -25,7 +25,7 @@ abstract class BasePluginsRegistryPeer const CLASS_DEFAULT = 'classes.model.PluginsRegistry'; /** The total number of columns. */ - const NUM_COLUMNS = 23; + const NUM_COLUMNS = 24; /** The number of lazy-loaded columns. */ const NUM_LAZY_LOAD_COLUMNS = 0; @@ -97,6 +97,9 @@ abstract class BasePluginsRegistryPeer /** the column name for the PLUGIN_REST_SERVICE field */ const PLUGIN_REST_SERVICE = 'PLUGINS_REGISTRY.PLUGIN_REST_SERVICE'; + /** the column name for the PLUGIN_TASK_EXTENDED_PROPERTIES field */ + const PLUGIN_TASK_EXTENDED_PROPERTIES = 'PLUGINS_REGISTRY.PLUGIN_TASK_EXTENDED_PROPERTIES'; + /** the column name for the PLUGIN_ATTRIBUTES field */ const PLUGIN_ATTRIBUTES = 'PLUGINS_REGISTRY.PLUGIN_ATTRIBUTES'; @@ -111,10 +114,10 @@ abstract class BasePluginsRegistryPeer * e.g. self::$fieldNames[self::TYPE_PHPNAME][0] = 'Id' */ private static $fieldNames = array ( - BasePeer::TYPE_PHPNAME => array ('PrUid', 'PluginNamespace', 'PluginDescription', 'PluginClassName', 'PluginFriendlyName', 'PluginFile', 'PluginFolder', 'PluginSetupPage', 'PluginCompanyLogo', 'PluginWorkspaces', 'PluginVersion', 'PluginEnable', 'PluginPrivate', 'PluginMenus', 'PluginFolders', 'PluginTriggers', 'PluginPmFunctions', 'PluginRedirectLogin', 'PluginSteps', 'PluginCss', 'PluginJs', 'PluginRestService', 'PluginAttributes', ), - BasePeer::TYPE_COLNAME => array (PluginsRegistryPeer::PR_UID, PluginsRegistryPeer::PLUGIN_NAMESPACE, PluginsRegistryPeer::PLUGIN_DESCRIPTION, PluginsRegistryPeer::PLUGIN_CLASS_NAME, PluginsRegistryPeer::PLUGIN_FRIENDLY_NAME, PluginsRegistryPeer::PLUGIN_FILE, PluginsRegistryPeer::PLUGIN_FOLDER, PluginsRegistryPeer::PLUGIN_SETUP_PAGE, PluginsRegistryPeer::PLUGIN_COMPANY_LOGO, PluginsRegistryPeer::PLUGIN_WORKSPACES, PluginsRegistryPeer::PLUGIN_VERSION, PluginsRegistryPeer::PLUGIN_ENABLE, PluginsRegistryPeer::PLUGIN_PRIVATE, PluginsRegistryPeer::PLUGIN_MENUS, PluginsRegistryPeer::PLUGIN_FOLDERS, PluginsRegistryPeer::PLUGIN_TRIGGERS, PluginsRegistryPeer::PLUGIN_PM_FUNCTIONS, PluginsRegistryPeer::PLUGIN_REDIRECT_LOGIN, PluginsRegistryPeer::PLUGIN_STEPS, PluginsRegistryPeer::PLUGIN_CSS, PluginsRegistryPeer::PLUGIN_JS, PluginsRegistryPeer::PLUGIN_REST_SERVICE, PluginsRegistryPeer::PLUGIN_ATTRIBUTES, ), - BasePeer::TYPE_FIELDNAME => array ('PR_UID', 'PLUGIN_NAMESPACE', 'PLUGIN_DESCRIPTION', 'PLUGIN_CLASS_NAME', 'PLUGIN_FRIENDLY_NAME', 'PLUGIN_FILE', 'PLUGIN_FOLDER', 'PLUGIN_SETUP_PAGE', 'PLUGIN_COMPANY_LOGO', 'PLUGIN_WORKSPACES', 'PLUGIN_VERSION', 'PLUGIN_ENABLE', 'PLUGIN_PRIVATE', 'PLUGIN_MENUS', 'PLUGIN_FOLDERS', 'PLUGIN_TRIGGERS', 'PLUGIN_PM_FUNCTIONS', 'PLUGIN_REDIRECT_LOGIN', 'PLUGIN_STEPS', 'PLUGIN_CSS', 'PLUGIN_JS', 'PLUGIN_REST_SERVICE', 'PLUGIN_ATTRIBUTES', ), - BasePeer::TYPE_NUM => array (0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, ) + BasePeer::TYPE_PHPNAME => array ('PrUid', 'PluginNamespace', 'PluginDescription', 'PluginClassName', 'PluginFriendlyName', 'PluginFile', 'PluginFolder', 'PluginSetupPage', 'PluginCompanyLogo', 'PluginWorkspaces', 'PluginVersion', 'PluginEnable', 'PluginPrivate', 'PluginMenus', 'PluginFolders', 'PluginTriggers', 'PluginPmFunctions', 'PluginRedirectLogin', 'PluginSteps', 'PluginCss', 'PluginJs', 'PluginRestService', 'PluginTaskExtendedProperties', 'PluginAttributes', ), + BasePeer::TYPE_COLNAME => array (PluginsRegistryPeer::PR_UID, PluginsRegistryPeer::PLUGIN_NAMESPACE, PluginsRegistryPeer::PLUGIN_DESCRIPTION, PluginsRegistryPeer::PLUGIN_CLASS_NAME, PluginsRegistryPeer::PLUGIN_FRIENDLY_NAME, PluginsRegistryPeer::PLUGIN_FILE, PluginsRegistryPeer::PLUGIN_FOLDER, PluginsRegistryPeer::PLUGIN_SETUP_PAGE, PluginsRegistryPeer::PLUGIN_COMPANY_LOGO, PluginsRegistryPeer::PLUGIN_WORKSPACES, PluginsRegistryPeer::PLUGIN_VERSION, PluginsRegistryPeer::PLUGIN_ENABLE, PluginsRegistryPeer::PLUGIN_PRIVATE, PluginsRegistryPeer::PLUGIN_MENUS, PluginsRegistryPeer::PLUGIN_FOLDERS, PluginsRegistryPeer::PLUGIN_TRIGGERS, PluginsRegistryPeer::PLUGIN_PM_FUNCTIONS, PluginsRegistryPeer::PLUGIN_REDIRECT_LOGIN, PluginsRegistryPeer::PLUGIN_STEPS, PluginsRegistryPeer::PLUGIN_CSS, PluginsRegistryPeer::PLUGIN_JS, PluginsRegistryPeer::PLUGIN_REST_SERVICE, PluginsRegistryPeer::PLUGIN_TASK_EXTENDED_PROPERTIES, PluginsRegistryPeer::PLUGIN_ATTRIBUTES, ), + BasePeer::TYPE_FIELDNAME => array ('PR_UID', 'PLUGIN_NAMESPACE', 'PLUGIN_DESCRIPTION', 'PLUGIN_CLASS_NAME', 'PLUGIN_FRIENDLY_NAME', 'PLUGIN_FILE', 'PLUGIN_FOLDER', 'PLUGIN_SETUP_PAGE', 'PLUGIN_COMPANY_LOGO', 'PLUGIN_WORKSPACES', 'PLUGIN_VERSION', 'PLUGIN_ENABLE', 'PLUGIN_PRIVATE', 'PLUGIN_MENUS', 'PLUGIN_FOLDERS', 'PLUGIN_TRIGGERS', 'PLUGIN_PM_FUNCTIONS', 'PLUGIN_REDIRECT_LOGIN', 'PLUGIN_STEPS', 'PLUGIN_CSS', 'PLUGIN_JS', 'PLUGIN_REST_SERVICE', 'PLUGIN_TASK_EXTENDED_PROPERTIES', 'PLUGIN_ATTRIBUTES', ), + BasePeer::TYPE_NUM => array (0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, ) ); /** @@ -124,10 +127,10 @@ abstract class BasePluginsRegistryPeer * e.g. self::$fieldNames[BasePeer::TYPE_PHPNAME]['Id'] = 0 */ private static $fieldKeys = array ( - BasePeer::TYPE_PHPNAME => array ('PrUid' => 0, 'PluginNamespace' => 1, 'PluginDescription' => 2, 'PluginClassName' => 3, 'PluginFriendlyName' => 4, 'PluginFile' => 5, 'PluginFolder' => 6, 'PluginSetupPage' => 7, 'PluginCompanyLogo' => 8, 'PluginWorkspaces' => 9, 'PluginVersion' => 10, 'PluginEnable' => 11, 'PluginPrivate' => 12, 'PluginMenus' => 13, 'PluginFolders' => 14, 'PluginTriggers' => 15, 'PluginPmFunctions' => 16, 'PluginRedirectLogin' => 17, 'PluginSteps' => 18, 'PluginCss' => 19, 'PluginJs' => 20, 'PluginRestService' => 21, 'PluginAttributes' => 22, ), - BasePeer::TYPE_COLNAME => array (PluginsRegistryPeer::PR_UID => 0, PluginsRegistryPeer::PLUGIN_NAMESPACE => 1, PluginsRegistryPeer::PLUGIN_DESCRIPTION => 2, PluginsRegistryPeer::PLUGIN_CLASS_NAME => 3, PluginsRegistryPeer::PLUGIN_FRIENDLY_NAME => 4, PluginsRegistryPeer::PLUGIN_FILE => 5, PluginsRegistryPeer::PLUGIN_FOLDER => 6, PluginsRegistryPeer::PLUGIN_SETUP_PAGE => 7, PluginsRegistryPeer::PLUGIN_COMPANY_LOGO => 8, PluginsRegistryPeer::PLUGIN_WORKSPACES => 9, PluginsRegistryPeer::PLUGIN_VERSION => 10, PluginsRegistryPeer::PLUGIN_ENABLE => 11, PluginsRegistryPeer::PLUGIN_PRIVATE => 12, PluginsRegistryPeer::PLUGIN_MENUS => 13, PluginsRegistryPeer::PLUGIN_FOLDERS => 14, PluginsRegistryPeer::PLUGIN_TRIGGERS => 15, PluginsRegistryPeer::PLUGIN_PM_FUNCTIONS => 16, PluginsRegistryPeer::PLUGIN_REDIRECT_LOGIN => 17, PluginsRegistryPeer::PLUGIN_STEPS => 18, PluginsRegistryPeer::PLUGIN_CSS => 19, PluginsRegistryPeer::PLUGIN_JS => 20, PluginsRegistryPeer::PLUGIN_REST_SERVICE => 21, PluginsRegistryPeer::PLUGIN_ATTRIBUTES => 22, ), - BasePeer::TYPE_FIELDNAME => array ('PR_UID' => 0, 'PLUGIN_NAMESPACE' => 1, 'PLUGIN_DESCRIPTION' => 2, 'PLUGIN_CLASS_NAME' => 3, 'PLUGIN_FRIENDLY_NAME' => 4, 'PLUGIN_FILE' => 5, 'PLUGIN_FOLDER' => 6, 'PLUGIN_SETUP_PAGE' => 7, 'PLUGIN_COMPANY_LOGO' => 8, 'PLUGIN_WORKSPACES' => 9, 'PLUGIN_VERSION' => 10, 'PLUGIN_ENABLE' => 11, 'PLUGIN_PRIVATE' => 12, 'PLUGIN_MENUS' => 13, 'PLUGIN_FOLDERS' => 14, 'PLUGIN_TRIGGERS' => 15, 'PLUGIN_PM_FUNCTIONS' => 16, 'PLUGIN_REDIRECT_LOGIN' => 17, 'PLUGIN_STEPS' => 18, 'PLUGIN_CSS' => 19, 'PLUGIN_JS' => 20, 'PLUGIN_REST_SERVICE' => 21, 'PLUGIN_ATTRIBUTES' => 22, ), - BasePeer::TYPE_NUM => array (0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, ) + BasePeer::TYPE_PHPNAME => array ('PrUid' => 0, 'PluginNamespace' => 1, 'PluginDescription' => 2, 'PluginClassName' => 3, 'PluginFriendlyName' => 4, 'PluginFile' => 5, 'PluginFolder' => 6, 'PluginSetupPage' => 7, 'PluginCompanyLogo' => 8, 'PluginWorkspaces' => 9, 'PluginVersion' => 10, 'PluginEnable' => 11, 'PluginPrivate' => 12, 'PluginMenus' => 13, 'PluginFolders' => 14, 'PluginTriggers' => 15, 'PluginPmFunctions' => 16, 'PluginRedirectLogin' => 17, 'PluginSteps' => 18, 'PluginCss' => 19, 'PluginJs' => 20, 'PluginRestService' => 21, 'PluginTaskExtendedProperties' => 22, 'PluginAttributes' => 23, ), + BasePeer::TYPE_COLNAME => array (PluginsRegistryPeer::PR_UID => 0, PluginsRegistryPeer::PLUGIN_NAMESPACE => 1, PluginsRegistryPeer::PLUGIN_DESCRIPTION => 2, PluginsRegistryPeer::PLUGIN_CLASS_NAME => 3, PluginsRegistryPeer::PLUGIN_FRIENDLY_NAME => 4, PluginsRegistryPeer::PLUGIN_FILE => 5, PluginsRegistryPeer::PLUGIN_FOLDER => 6, PluginsRegistryPeer::PLUGIN_SETUP_PAGE => 7, PluginsRegistryPeer::PLUGIN_COMPANY_LOGO => 8, PluginsRegistryPeer::PLUGIN_WORKSPACES => 9, PluginsRegistryPeer::PLUGIN_VERSION => 10, PluginsRegistryPeer::PLUGIN_ENABLE => 11, PluginsRegistryPeer::PLUGIN_PRIVATE => 12, PluginsRegistryPeer::PLUGIN_MENUS => 13, PluginsRegistryPeer::PLUGIN_FOLDERS => 14, PluginsRegistryPeer::PLUGIN_TRIGGERS => 15, PluginsRegistryPeer::PLUGIN_PM_FUNCTIONS => 16, PluginsRegistryPeer::PLUGIN_REDIRECT_LOGIN => 17, PluginsRegistryPeer::PLUGIN_STEPS => 18, PluginsRegistryPeer::PLUGIN_CSS => 19, PluginsRegistryPeer::PLUGIN_JS => 20, PluginsRegistryPeer::PLUGIN_REST_SERVICE => 21, PluginsRegistryPeer::PLUGIN_TASK_EXTENDED_PROPERTIES => 22, PluginsRegistryPeer::PLUGIN_ATTRIBUTES => 23, ), + BasePeer::TYPE_FIELDNAME => array ('PR_UID' => 0, 'PLUGIN_NAMESPACE' => 1, 'PLUGIN_DESCRIPTION' => 2, 'PLUGIN_CLASS_NAME' => 3, 'PLUGIN_FRIENDLY_NAME' => 4, 'PLUGIN_FILE' => 5, 'PLUGIN_FOLDER' => 6, 'PLUGIN_SETUP_PAGE' => 7, 'PLUGIN_COMPANY_LOGO' => 8, 'PLUGIN_WORKSPACES' => 9, 'PLUGIN_VERSION' => 10, 'PLUGIN_ENABLE' => 11, 'PLUGIN_PRIVATE' => 12, 'PLUGIN_MENUS' => 13, 'PLUGIN_FOLDERS' => 14, 'PLUGIN_TRIGGERS' => 15, 'PLUGIN_PM_FUNCTIONS' => 16, 'PLUGIN_REDIRECT_LOGIN' => 17, 'PLUGIN_STEPS' => 18, 'PLUGIN_CSS' => 19, 'PLUGIN_JS' => 20, 'PLUGIN_REST_SERVICE' => 21, 'PLUGIN_TASK_EXTENDED_PROPERTIES' => 22, 'PLUGIN_ATTRIBUTES' => 23, ), + BasePeer::TYPE_NUM => array (0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, ) ); /** @@ -272,6 +275,8 @@ abstract class BasePluginsRegistryPeer $criteria->addSelectColumn(PluginsRegistryPeer::PLUGIN_REST_SERVICE); + $criteria->addSelectColumn(PluginsRegistryPeer::PLUGIN_TASK_EXTENDED_PROPERTIES); + $criteria->addSelectColumn(PluginsRegistryPeer::PLUGIN_ATTRIBUTES); } diff --git a/workflow/engine/config/schema.xml b/workflow/engine/config/schema.xml index a8dfd703e..276ccb68d 100644 --- a/workflow/engine/config/schema.xml +++ b/workflow/engine/config/schema.xml @@ -5673,6 +5673,7 @@ + diff --git a/workflow/engine/data/mysql/schema.sql b/workflow/engine/data/mysql/schema.sql index 4d2ebb4e0..0f75d38d0 100644 --- a/workflow/engine/data/mysql/schema.sql +++ b/workflow/engine/data/mysql/schema.sql @@ -3177,6 +3177,7 @@ CREATE TABLE `PLUGINS_REGISTRY` `PLUGIN_CSS` MEDIUMTEXT, `PLUGIN_JS` MEDIUMTEXT, `PLUGIN_REST_SERVICE` MEDIUMTEXT, + `PLUGIN_TASK_EXTENDED_PROPERTIES` MEDIUMTEXT, `PLUGIN_ATTRIBUTES` MEDIUMTEXT, PRIMARY KEY (`PR_UID`) )ENGINE=InnoDB ; diff --git a/workflow/engine/src/ProcessMaker/Plugins/Adapters/PluginAdapter.php b/workflow/engine/src/ProcessMaker/Plugins/Adapters/PluginAdapter.php index 97118e7c0..9d95a1786 100644 --- a/workflow/engine/src/ProcessMaker/Plugins/Adapters/PluginAdapter.php +++ b/workflow/engine/src/ProcessMaker/Plugins/Adapters/PluginAdapter.php @@ -90,6 +90,7 @@ class PluginAdapter '_aJavascripts' => ['name' => 'PLUGIN_JS', 'type' => 'array'], '_aJs' => ['name' => 'PLUGIN_JS', 'type' => 'array'], '_restServices' => ['name' => 'PLUGIN_REST_SERVICE', 'type' => 'array'], + '_aTaskExtendedProperties' => ['name' => 'PLUGIN_TASK_EXTENDED_PROPERTIES', 'type' => 'array'], ]; /** From cda3c88d98489b68682e78cf3d40827089b980bc Mon Sep 17 00:00:00 2001 From: davidcallizaya Date: Mon, 16 Oct 2017 15:07:23 -0400 Subject: [PATCH 09/10] HOR-3979 Wrong trigger class registration because of class case sensitive names in PluginsRegistry. --- .../src/ProcessMaker/Plugins/PluginRegistry.php | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/workflow/engine/src/ProcessMaker/Plugins/PluginRegistry.php b/workflow/engine/src/ProcessMaker/Plugins/PluginRegistry.php index d521627fb..803b531ac 100644 --- a/workflow/engine/src/ProcessMaker/Plugins/PluginRegistry.php +++ b/workflow/engine/src/ProcessMaker/Plugins/PluginRegistry.php @@ -855,12 +855,19 @@ class PluginRegistry } if ($found) { require_once($classFile); - $sClassName = substr($this->_aPluginDetails[$trigger->getNamespace()]->getClassName(), 0, 1) . + $sClassNameA = substr($this->_aPluginDetails[$trigger->getNamespace()]->getClassName(), 0, 1) . str_replace( - 'plugin', + ['Plugin','plugin'], + 'Class', + substr($this->_aPluginDetails[$trigger->getNamespace()]->getClassName(), 1) + ); + $sClassNameB = substr($this->_aPluginDetails[$trigger->getNamespace()]->getClassName(), 0, 1) . + str_replace( + ['Plugin','plugin'], 'class', substr($this->_aPluginDetails[$trigger->getNamespace()]->getClassName(), 1) ); + $sClassName = class_exists($sClassNameA) ? $sClassNameA : $sClassNameB; $obj = new $sClassName(); $methodName = $trigger->getTriggerName(); $response = $obj->{$methodName}($oData); From 229ad1e40f6fbea671afd2481750d44fbf85a5e1 Mon Sep 17 00:00:00 2001 From: Marco Antonio Nina Mena Date: Tue, 17 Oct 2017 08:02:50 -0400 Subject: [PATCH 10/10] change permission PM_SETUP TO PM_SETUP_ADVANCE --- workflow/engine/controllers/admin.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/workflow/engine/controllers/admin.php b/workflow/engine/controllers/admin.php index 76871c03e..8d681f524 100644 --- a/workflow/engine/controllers/admin.php +++ b/workflow/engine/controllers/admin.php @@ -199,7 +199,7 @@ class Admin extends Controller public function getSystemInfo() { global $RBAC; - $RBAC->requirePermissions('PM_SETUP'); + $RBAC->requirePermissions('PM_SETUP_ADVANCE'); $this->setResponseType('json'); $data = [];