Merge remote-tracking branch 'upstream/master'
This commit is contained in:
Gustavo Cruz
@@ -1,4 +1,9 @@
|
||||
<?php
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$_POST = $filter->xssFilterHard($_POST);
|
||||
$_GET = $filter->xssFilterHard($_GET);
|
||||
$_REQUEST = $filter->xssFilterHard($_REQUEST);
|
||||
if (! isset ($_SESSION ['USER_LOGGED'])) {
|
||||
$res ['success'] = false;
|
||||
$res ['error'] = G::LoadTranslation('ID_LOGIN_AGAIN');
|
||||
|
||||
@@ -33,6 +33,12 @@
|
||||
//require_once 'classes/model/AppDelay.php';
|
||||
//require_once 'classes/model/Process.php';
|
||||
//require_once 'classes/model/Task.php';
|
||||
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$_REQUEST = $filter->xssFilterHard($_REQUEST);
|
||||
$_POST = $filter->xssFilterHard($_POST);
|
||||
|
||||
if(isset($_REQUEST['action']) && $_REQUEST['action'] == "verifySession" ) {
|
||||
if (!isset($_SESSION['USER_LOGGED'])) {
|
||||
$response = new stdclass();
|
||||
|
||||
@@ -21,6 +21,10 @@
|
||||
* For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
|
||||
* Coral Gables, FL, 33134, USA, or email info@colosa.com.
|
||||
*/
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$_POST = $filter->xssFilterHard($_POST);
|
||||
$_REQUEST = $filter->xssFilterHard($_REQUEST);
|
||||
|
||||
$arrayToTranslation = array(
|
||||
"TRIGGER" => G::LoadTranslation("ID_TRIGGER_DB"),
|
||||
@@ -31,11 +35,11 @@ $actionAjax = isset( $_REQUEST['actionAjax'] ) ? $_REQUEST['actionAjax'] : null;
|
||||
|
||||
if ($actionAjax == 'messageHistoryGridList_JXP') {
|
||||
|
||||
if (!isset($_REQUEST['start'])) {
|
||||
if (!isset($_REQUEST['start']) || $_REQUEST['start'] =='') {
|
||||
$_REQUEST['start'] = 0;
|
||||
}
|
||||
|
||||
if (!isset($_REQUEST['limit'])) {
|
||||
if (!isset($_REQUEST['limit']) || $_REQUEST['limit'] =='') {
|
||||
$_REQUEST['limit'] = 20;
|
||||
}
|
||||
|
||||
|
||||
@@ -21,6 +21,13 @@
|
||||
* For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
|
||||
* Coral Gables, FL, 33134, USA, or email info@colosa.com.
|
||||
*/
|
||||
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$_GET = $filter->xssFilterHard($_GET);
|
||||
$_POST = $filter->xssFilterHard($_POST);
|
||||
$_REQUEST = $filter->xssFilterHard($_REQUEST);
|
||||
$_SESSION = $filter->xssFilterHard($_SESSION);
|
||||
|
||||
$actionAjax = isset( $_REQUEST['actionAjax'] ) ? $_REQUEST['actionAjax'] : null;
|
||||
|
||||
|
||||
@@ -213,7 +213,6 @@ $menuPerms = $menuPerms . ($RBAC->userCanAccess( 'PM_REASSIGNCASE' ) == 1) ? 'R'
|
||||
$oHeadPublisher->assign( '___p34315105', $menuPerms ); // user menu permissions
|
||||
G::LoadClass( 'configuration' );
|
||||
$c = new Configurations();
|
||||
|
||||
//$oHeadPublisher->addExtJsScript('cases/caseUtils', true);
|
||||
$oHeadPublisher->addExtJsScript( 'app/main', true );
|
||||
$oHeadPublisher->addExtJsScript( 'cases/casesList', false ); //adding a javascript file .js
|
||||
|
||||
@@ -40,6 +40,12 @@ require_once ("classes/model/AdditionalTables.php");
|
||||
require_once ("classes/model/AppDelay.php");*/
|
||||
G::LoadClass( 'case' );
|
||||
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$_POST = $filter->xssFilterHard($_POST);
|
||||
$_REQUEST = $filter->xssFilterHard($_REQUEST);
|
||||
$_SESSION = $filter->xssFilterHard($_SESSION);
|
||||
|
||||
$actionAjax = isset( $_REQUEST['actionAjax'] ) ? $_REQUEST['actionAjax'] : null;
|
||||
|
||||
function filterUserListArray($users = array(), $filter = '')
|
||||
|
||||
@@ -24,8 +24,8 @@ if ($actionAjax == "streaming") {
|
||||
|
||||
$file = \G::getPathFromFileUID($oAppDocument->Fields['APP_UID'], $sAppDocUid);
|
||||
|
||||
$realPath = PATH_DOCUMENT . $app_uid . '/' . $file[0] . $file[1] . '_' . $iDocVersion . '.' . $ext;
|
||||
$realPath1 = PATH_DOCUMENT . $app_uid . '/' . $file[0] . $file[1] . '.' . $ext;
|
||||
$realPath = PATH_DOCUMENT . G::getPathFromUID($app_uid) . '/' . $file[0] . $file[1] . '_' . $iDocVersion . '.' . $ext;
|
||||
$realPath1 = PATH_DOCUMENT . G::getPathFromUID($app_uid) . '/' . $file[0] . $file[1] . '.' . $ext;
|
||||
|
||||
if (file_exists( $realPath )) {
|
||||
$finfo = finfo_open(FILEINFO_MIME_TYPE);
|
||||
|
||||
@@ -1,4 +1,11 @@
|
||||
<?php
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$_GET = $filter->xssFilterHard($_GET);
|
||||
$_POST = $filter->xssFilterHard($_POST);
|
||||
$_REQUEST = $filter->xssFilterHard($_REQUEST);
|
||||
$_SESSION = $filter->xssFilterHard($_SESSION);
|
||||
|
||||
if (!isset($_SESSION['USER_LOGGED'])) {
|
||||
$response = new stdclass();
|
||||
$response->message = G::LoadTranslation('ID_LOGIN_AGAIN');
|
||||
@@ -243,12 +250,16 @@ switch (($_POST['action']) ? $_POST['action'] : $_REQUEST['action']) {
|
||||
G::RenderPage( 'publish', 'raw' );
|
||||
break;
|
||||
case 'showUsers':
|
||||
$_POST['TAS_ASSIGN_TYPE'] = $filter->xssFilterHard($_POST['TAS_ASSIGN_TYPE']);
|
||||
switch ($_POST['TAS_ASSIGN_TYPE']) {
|
||||
// switch verify $_POST['TAS_ASSIGN_TYPE']
|
||||
case 'BALANCED':
|
||||
$_POST['USR_UID'] = $filter->xssFilterHard($_POST['USR_UID']);
|
||||
G::LoadClass( 'user' );
|
||||
$oUser = new User( new DBConnection() );
|
||||
$oUser->load( $_POST['USR_UID'] );
|
||||
$oUser->Fields['USR_FIRSTNAME'] = $filter->xssFilterHard($oUser->Fields['USR_FIRSTNAME']);
|
||||
$oUser->Fields['USR_LASTNAME'] = $filter->xssFilterHard($oUser->Fields['USR_LASTNAME']);
|
||||
echo $oUser->Fields['USR_FIRSTNAME'] . ' ' . $oUser->Fields['USR_LASTNAME'] . '<input type="hidden" name="form[TASKS][1][USR_UID]" id="form[TASKS][1][USR_UID]" value="' . $_POST['USR_UID'] . '">';
|
||||
break;
|
||||
case 'MANUAL':
|
||||
@@ -300,6 +311,8 @@ switch (($_POST['action']) ? $_POST['action'] : $_REQUEST['action']) {
|
||||
echo $sAux;
|
||||
break;
|
||||
case 'EVALUATE':
|
||||
$_POST['TAS_ASSIGN_VARIABLE'] = $filter->xssFilterHard($_POST['TAS_ASSIGN_VARIABLE']);
|
||||
$_SESSION['APPLICATION'] = $filter->xssFilterHard($_SESSION['APPLICATION']);
|
||||
G::LoadClass( 'application' );
|
||||
$oApplication = new Application( new DBConnection() );
|
||||
$oApplication->load( $_SESSION['APPLICATION'] );
|
||||
@@ -315,7 +328,8 @@ switch (($_POST['action']) ? $_POST['action'] : $_REQUEST['action']) {
|
||||
$oUser->load( $sUser );
|
||||
echo $oUser->Fields['USR_FIRSTNAME'] . ' ' . $oUser->Fields['USR_LASTNAME'] . '<input type="hidden" name="form[TASKS][1][USR_UID]" id="form[TASKS][1][USR_UID]" value="' . $sUser . '">';
|
||||
} else {
|
||||
echo '<strong>Error: </strong>' . $_POST['TAS_ASSIGN_VARIABLE'] . ' ' . G::LoadTranslation( 'ID_EMPTY' );
|
||||
$ID_EMPTY = $filter->xssFilterHard(G::LoadTranslation( 'ID_EMPTY' ));
|
||||
echo '<strong>Error: </strong>' . $_POST['TAS_ASSIGN_VARIABLE'] . ' ' . $ID_EMPTY;
|
||||
echo '<input type="hidden" name="_ERROR_" id="_ERROR_" value="">';
|
||||
}
|
||||
break;
|
||||
@@ -447,6 +461,9 @@ switch (($_POST['action']) ? $_POST['action'] : $_REQUEST['action']) {
|
||||
$cases->reassignCase( $_SESSION['APPLICATION'], $_SESSION['INDEX'], $_SESSION['USER_LOGGED'], $_POST['USR_UID'], $_POST['THETYPE'] );
|
||||
break;
|
||||
case 'toRevisePanel':
|
||||
$_POST['APP_UID'] = $filter->xssFilterHard($_POST['APP_UID']);
|
||||
$_POST['DEL_INDEX'] = $filter->xssFilterHard($_POST['DEL_INDEX']);
|
||||
|
||||
$_GET['APP_UID'] = $_POST['APP_UID'];
|
||||
$_GET['DEL_INDEX'] = $_POST['DEL_INDEX'];
|
||||
$G_PUBLISH = new Publisher();
|
||||
|
||||
@@ -130,7 +130,13 @@ if (isset( $oProcessFieds['PRO_DEBUG'] ) && $oProcessFieds['PRO_DEBUG']) {
|
||||
}
|
||||
|
||||
//cleaning debug variables
|
||||
if (! isset( $_GET['breakpoint'] )) {
|
||||
$flagExecuteBeforeTriggers = !isset($_GET["breakpoint"]);
|
||||
|
||||
if (isset($_GET["TYPE"]) && $_GET["TYPE"] == "OUTPUT_DOCUMENT" && isset($_GET["ACTION"]) && $_GET["ACTION"] != "GENERATE") {
|
||||
$flagExecuteBeforeTriggers = false;
|
||||
}
|
||||
|
||||
if ($flagExecuteBeforeTriggers) {
|
||||
if (isset( $_SESSION['TRIGGER_DEBUG']['info'] )) {
|
||||
unset( $_SESSION['TRIGGER_DEBUG']['info'] );
|
||||
}
|
||||
|
||||
@@ -23,6 +23,9 @@
|
||||
*/
|
||||
// die("first");
|
||||
/* Permissions */
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$_GET = $filter->xssFilterHard($_GET,"url");
|
||||
switch ($RBAC->userCanAccess( 'PM_SUPERVISOR' )) {
|
||||
case - 2:
|
||||
G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_SYSTEM', 'error', 'labels' );
|
||||
@@ -35,8 +38,9 @@ switch ($RBAC->userCanAccess( 'PM_SUPERVISOR' )) {
|
||||
die();
|
||||
break;
|
||||
}
|
||||
|
||||
$_SESSION = $filter->xssFilterHard($_SESSION,"url");
|
||||
if ((int) $_SESSION['INDEX'] < 1) {
|
||||
$_SERVER['HTTP_REFERER'] = $filter->xssFilterHard($_SERVER['HTTP_REFERER']);
|
||||
G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_PAGE', 'error', 'labels' );
|
||||
G::header( 'location: ' . $_SERVER['HTTP_REFERER'] );
|
||||
die();
|
||||
|
||||
@@ -23,6 +23,9 @@
|
||||
*/
|
||||
//die("second");
|
||||
/* Permissions */
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$_GET = $filter->xssFilterHard($_GET,"url");
|
||||
switch ($RBAC->userCanAccess( 'PM_SUPERVISOR' )) {
|
||||
case - 2:
|
||||
G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_SYSTEM', 'error', 'labels' );
|
||||
@@ -35,8 +38,9 @@ switch ($RBAC->userCanAccess( 'PM_SUPERVISOR' )) {
|
||||
die();
|
||||
break;
|
||||
}
|
||||
|
||||
$_SESSION = $filter->xssFilterHard($_SESSION,"url");
|
||||
if ((int) $_SESSION['INDEX'] < 1) {
|
||||
$_SERVER['HTTP_REFERER'] = $filter->xssFilterHard($_SERVER['HTTP_REFERER']);
|
||||
G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_PAGE', 'error', 'labels' );
|
||||
G::header( 'location: ' . $_SERVER['HTTP_REFERER'] );
|
||||
die();
|
||||
|
||||
@@ -23,6 +23,9 @@
|
||||
*/
|
||||
|
||||
/* Permissions */
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$_GET = $filter->xssFilterHard($_GET,"url");
|
||||
switch ($RBAC->userCanAccess( 'PM_SUPERVISOR' )) {
|
||||
case - 2:
|
||||
G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_SYSTEM', 'error', 'labels' );
|
||||
@@ -35,7 +38,7 @@ switch ($RBAC->userCanAccess( 'PM_SUPERVISOR' )) {
|
||||
die();
|
||||
break;
|
||||
}
|
||||
|
||||
$_SESSION = $filter->xssFilterHard($_SESSION,"url");
|
||||
/* Includes */
|
||||
G::LoadClass( 'case' );
|
||||
|
||||
|
||||
@@ -23,6 +23,9 @@
|
||||
*/
|
||||
|
||||
/* Permissions */
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$_GET = $filter->xssFilterHard($_GET,"url");
|
||||
switch ($RBAC->userCanAccess( 'PM_SUPERVISOR' )) {
|
||||
case - 2:
|
||||
G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_SYSTEM', 'error', 'labels' );
|
||||
@@ -35,7 +38,7 @@ switch ($RBAC->userCanAccess( 'PM_SUPERVISOR' )) {
|
||||
die();
|
||||
break;
|
||||
}
|
||||
|
||||
$_SESSION = $filter->xssFilterHard($_SESSION,"url");
|
||||
/* Includes */
|
||||
G::LoadClass( 'case' );
|
||||
|
||||
|
||||
@@ -4,6 +4,9 @@
|
||||
* and open the template in the editor.
|
||||
*/
|
||||
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$_POST = $filter->xssFilterHard($_POST);
|
||||
require_once ("classes/model/AdditionalTables.php");
|
||||
require_once ("classes/model/Fields.php");
|
||||
// passing the parameters
|
||||
|
||||
@@ -22,11 +22,19 @@
|
||||
* Coral Gables, FL, 33134, USA, or email info@colosa.com.
|
||||
*
|
||||
*/
|
||||
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$_POST = $filter->xssFilterHard($_POST);
|
||||
$_REQUEST = $filter->xssFilterHard($_REQUEST);
|
||||
|
||||
$_SERVER["QUERY_STRING"] = isset($_SERVER["QUERY_STRING"])?$_SERVER["QUERY_STRING"]:'';
|
||||
$_REQUEST["sProcess"] = isset($_REQUEST["sProcess"])?$_REQUEST["sProcess"]:'';
|
||||
$_REQUEST["sFieldName"] = isset($_REQUEST["sFieldName"])?$_REQUEST["sFieldName"]:'';
|
||||
$_REQUEST['sSymbol']= isset($_REQUEST["sSymbol"])?$_REQUEST["sSymbol"]:'';
|
||||
|
||||
$_SERVER["QUERY_STRING"] = $filter->xssFilterHard($_SERVER["QUERY_STRING"]);
|
||||
|
||||
$html = '<form action="uploader.php?'.$_SERVER["QUERY_STRING"].'&q=upload" onLoad="onLoad()" method="post" enctype="multipart/form-data" onsubmit="">';
|
||||
$html .= '<div id="d_variables">';
|
||||
$html .= '<table width="90%" align="center">';
|
||||
@@ -40,24 +48,24 @@ $html .= '</tr>';
|
||||
|
||||
$html .= '<tr>';
|
||||
$html .= '<td width="50%">';
|
||||
$html .= '<label for="type_label">'.G::LoadTranslation('ID_TINY_TYPE_VARIABLE').'</label>';
|
||||
$html .= '<label for="type_label">'.$filter->xssFilterHard(G::LoadTranslation('ID_TINY_TYPE_VARIABLE')).'</label>';
|
||||
$html .= '</td>';
|
||||
|
||||
$html .= '<td width="25%">';
|
||||
$html .= '<label for="prefix_label">'.G::LoadTranslation('ID_PREFIX').'</label>';
|
||||
$html .= '<label for="prefix_label">'.$filter->xssFilterHard(G::LoadTranslation('ID_PREFIX')).'</label>';
|
||||
$html .= '</td>';
|
||||
|
||||
$html .= '<td width="25%">';
|
||||
$html .= '<label for="variables_label">'.G::LoadTranslation( 'ID_SEARCH').'</label>';
|
||||
$html .= '<label for="variables_label">'.$filter->xssFilterHard(G::LoadTranslation( 'ID_SEARCH')).'</label>';
|
||||
$html .= '</td>';
|
||||
$html .= '</tr>';
|
||||
|
||||
$html .= '<tr>';
|
||||
$html .= '<td width="25%">';
|
||||
$html .= '<select name="type_variables" id="type_variables">';
|
||||
$html .= '<option value="all">'.G::LoadTranslation( 'ID_TINY_ALL_VARIABLES' ).'</option>';
|
||||
$html .= '<option value="system">'.G::LoadTranslation( 'ID_TINY_SYSTEM_VARIABLES' ).'</option>';
|
||||
$html .= '<option value="process">'.G::LoadTranslation( 'ID_TINY_PROCESS_VARIABLES' ).'</option>';
|
||||
$html .= '<option value="all">'.$filter->xssFilterHard(G::LoadTranslation( 'ID_TINY_ALL_VARIABLES' )).'</option>';
|
||||
$html .= '<option value="system">'.$filter->xssFilterHard(G::LoadTranslation( 'ID_TINY_SYSTEM_VARIABLES' )).'</option>';
|
||||
$html .= '<option value="process">'.$filter->xssFilterHard(G::LoadTranslation( 'ID_TINY_PROCESS_VARIABLES' )).'</option>';
|
||||
$html .= '</select> ';
|
||||
$html .= '</td>';
|
||||
|
||||
@@ -79,7 +87,7 @@ $html .= '<input type="text" id="search" size="15">';
|
||||
$html .= '</td>';
|
||||
$html .= '</tr>';
|
||||
$html .= '<tr>';
|
||||
$html .= '<tr><td><label for="prefix_label">'.G::LoadTranslation( 'ID_VARIABLES' ).'</label></td></tr>';
|
||||
$html .= '<tr><td><label for="prefix_label">'.$filter->xssFilterHard(G::LoadTranslation( 'ID_VARIABLES' )).'</label></td></tr>';
|
||||
$html .= '<tr>';
|
||||
|
||||
$html .= '<td colspan="3">';
|
||||
@@ -114,19 +122,19 @@ $html .= '</div>';
|
||||
$html .= '<br>';
|
||||
$html .= '<table border="1" width="90%" align="center">';
|
||||
$html .= '<tr width="40%">';
|
||||
$html .= '<td>'.G::LoadTranslation('ID_RESULT').'</td>';
|
||||
$html .= '<td>'.$filter->xssFilterHard(G::LoadTranslation('ID_RESULT')).'</td>';
|
||||
$html .= '<td><span id="selectedVariableLabel">@@SYS_LANG</span></td>';
|
||||
$html .= '</tr>';
|
||||
$html .= '<tr width="60%">';
|
||||
$html .= '<td>'.G::LoadTranslation('ID_DESCRIPTION').'</td>';
|
||||
$html .= '<td><span id="desc_variables">'.G::LoadTranslation('ID_SYSTEM').'</span></td>';
|
||||
$html .= '<td>'.$filter->xssFilterHard(G::LoadTranslation('ID_DESCRIPTION')).'</td>';
|
||||
$html .= '<td><span id="desc_variables">'.$filter->xssFilterHard(G::LoadTranslation('ID_SYSTEM')).'</span></td>';
|
||||
$html .= '</tr>';
|
||||
$html .= '</table>';
|
||||
$html .= '</div>';
|
||||
$html .= '<br>';
|
||||
$html .= '<table width="90%" align="center">';
|
||||
$html .= '<tr><td>';
|
||||
$html .= '<label for="desc_prefix">*<span id="desc_prefix">' . G::LoadTranslation( 'ID_TO_STRING' ) . '</span></label>';
|
||||
$html .= '<label for="desc_prefix">*<span id="desc_prefix">'.$filter->xssFilterHard(G::LoadTranslation( 'ID_TO_STRING' )).'</span></label>';
|
||||
$html .= '</td></tr>';
|
||||
$html .= '</div>';
|
||||
|
||||
@@ -147,4 +155,4 @@ if (isset($_REQUEST['displayOption'])) {
|
||||
|
||||
echo $html;
|
||||
|
||||
G::RenderPage( 'publish', $display );
|
||||
G::RenderPage( 'publish', $display );
|
||||
@@ -21,6 +21,12 @@
|
||||
* For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
|
||||
* Coral Gables, FL, 33134, USA, or email info@colosa.com.
|
||||
*/
|
||||
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$_POST = $filter->xssFilterHard($_POST);
|
||||
$_GET = $filter->xssFilterHard($_GET);
|
||||
|
||||
if (($RBAC_Response = $RBAC->userCanAccess( "PM_FACTORY" )) != 1) {
|
||||
return $RBAC_Response;
|
||||
}
|
||||
@@ -38,6 +44,9 @@ $G_SUB_MENU = 'processes';
|
||||
$G_ID_MENU_SELECTED = 'PROCESSES';
|
||||
$G_ID_SUB_MENU_SELECTED = 'FIELDS';
|
||||
|
||||
$_GET['PRO_UID'] = $filter->xssFilterHard($_GET['PRO_UID']);
|
||||
$_GET['DYN_UID'] = $filter->xssFilterHard($_GET['DYN_UID']);
|
||||
|
||||
$PRO_UID = isset( $_GET['PRO_UID'] ) ? $_GET['PRO_UID'] : '0';
|
||||
$DYN_UID = (isset( $_GET['DYN_UID'] )) ? urldecode( $_GET['DYN_UID'] ) : '0';
|
||||
$_SESSION['PROCESS'] = $_GET['PRO_UID'];
|
||||
@@ -50,6 +59,7 @@ if ($process->exists( $PRO_UID )) {
|
||||
$process->load( $PRO_UID );
|
||||
} else {
|
||||
//TODO
|
||||
$PRO_UID = $filter->xssFilterHard($PRO_UID);
|
||||
print ("$PRO_UID doesn't exist, continue? yes") ;
|
||||
}
|
||||
|
||||
|
||||
@@ -1,4 +1,7 @@
|
||||
<?php
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$_REQUEST = $filter->xssFilterHard($_REQUEST);
|
||||
|
||||
$action = isset( $_REQUEST['action'] ) ? $_REQUEST['action'] :'';
|
||||
|
||||
@@ -9,6 +12,7 @@ if ($action == '') {
|
||||
|
||||
switch ($action) {
|
||||
case 'setTemplateFile':
|
||||
$_FILES = $filter->xssFilterHard($_FILES);
|
||||
//print_r($_FILES);
|
||||
$_SESSION['outpudocs_tmpFile'] = PATH_DATA . $_FILES['templateFile']['name'];
|
||||
// file_put_contents($_FILES['templateFile']['name'], file_get_contents($_FILES['templateFile']['tmp_name']));
|
||||
@@ -21,6 +25,7 @@ switch ($action) {
|
||||
break;
|
||||
|
||||
case 'getTemplateFile':
|
||||
$_SESSION['outpudocs_tmpFile'] = $filter->xssFilterHard($_SESSION['outpudocs_tmpFile']);
|
||||
$aExtensions = array ("exe","com","dll","ocx","fon","ttf","doc","xls","mdb","rtf","bin","jpeg","jpg","jif","jfif","gif","tif","tiff","png","bmp","pdf","aac","mp3","mp3pro","vorbis","realaudio","vqf","wma","aiff","flac","wav","midi","mka","ogg","jpeg","ilbm","tar","zip","rar","arj","gzip","bzip2","afio","kgb","gz","asf","avi","mov","iff","ogg","ogm","mkv","3gp"
|
||||
);
|
||||
$sFileName = strtolower( $_SESSION['outpudocs_tmpFile'] );
|
||||
@@ -28,11 +33,15 @@ switch ($action) {
|
||||
$searchPos = strpos( $strRev, '.' );
|
||||
$pos = (strlen( $sFileName ) - 1) - $searchPos;
|
||||
$sExtension = substr( $sFileName, $pos + 1, strlen( $sFileName ) );
|
||||
if (! in_array( $sExtension, $aExtensions ))
|
||||
echo $content = file_get_contents( $_SESSION['outpudocs_tmpFile'] );
|
||||
if (! in_array( $sExtension, $aExtensions )) {
|
||||
$content = file_get_contents( $_SESSION['outpudocs_tmpFile'] );
|
||||
$content = $filter->xssFilterHard($content);
|
||||
echo $content;
|
||||
}
|
||||
break;
|
||||
|
||||
case 'loadTemplateContent':
|
||||
$_POST = $filter->xssFilterHard($_POST);
|
||||
require_once 'classes/model/OutputDocument.php';
|
||||
$ooutputDocument = new OutputDocument();
|
||||
if (isset( $_POST['OUT_DOC_UID'] )) {
|
||||
@@ -43,6 +52,7 @@ switch ($action) {
|
||||
break;
|
||||
|
||||
case 'lookForNameOutput':
|
||||
$_POST = $filter->xssFilterHard($_POST);
|
||||
require_once ('classes/model/Content.php');
|
||||
require_once ("classes/model/OutputDocument.php");
|
||||
|
||||
|
||||
@@ -38,6 +38,13 @@ try {
|
||||
break;
|
||||
} */
|
||||
//$oJSON = new Services_JSON();
|
||||
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$_GET = $filter->xssFilterHard($_GET);
|
||||
$_POST = $filter->xssFilterHard($_POST);
|
||||
$_REQUEST = $filter->xssFilterHard($_REQUEST);
|
||||
//$_SESSION = $filter->xssFilterHard($_SESSION);
|
||||
|
||||
if (isset($_REQUEST['data'])) {
|
||||
if($_REQUEST['action']=="addText"||$_REQUEST['action']=="updateText") {
|
||||
@@ -741,6 +748,8 @@ try {
|
||||
// G::RenderPage( 'publish', 'blank' );
|
||||
break;
|
||||
case 'saveFile':
|
||||
$_REQUEST['pro_uid'] = $filter->xssFilterHard($_REQUEST['pro_uid']);
|
||||
$_REQUEST['filename'] = $filter->xssFilterHard($_REQUEST['filename']);
|
||||
global $G_PUBLISH;
|
||||
$G_PUBLISH = new Publisher();
|
||||
global $RBAC;
|
||||
@@ -754,6 +763,7 @@ try {
|
||||
|
||||
$sDir = "";
|
||||
if (isset($_REQUEST['MAIN_DIRECTORY'])) {
|
||||
$_REQUEST['MAIN_DIRECTORY'] = $filter->xssFilterHard($_REQUEST['MAIN_DIRECTORY']);
|
||||
$sDir = $_REQUEST['MAIN_DIRECTORY'];
|
||||
}
|
||||
switch ($sDir) {
|
||||
@@ -775,6 +785,7 @@ try {
|
||||
$content = base64_decode($content);
|
||||
fwrite($fp, $content);
|
||||
fclose($fp);
|
||||
$sDirectory = $filter->xssFilterHard($sDirectory);
|
||||
echo 'saved: ' . $sDirectory;
|
||||
}
|
||||
break;
|
||||
@@ -830,8 +841,10 @@ try {
|
||||
*
|
||||
*/
|
||||
case 'getVariablePrefix':
|
||||
$_REQUEST['prefix'] = $filter->xssFilterHard($_REQUEST['prefix']);
|
||||
$_REQUEST['prefix'] = $_REQUEST['prefix'] != null ? $_REQUEST['prefix'] : 'ID_TO_STRING';
|
||||
echo G::LoadTranslation($_REQUEST['prefix']);
|
||||
$prefix = $filter->xssFilterHard(G::LoadTranslation($_REQUEST['prefix']));
|
||||
echo G::LoadTranslation($prefix);
|
||||
break;
|
||||
/**
|
||||
* return an array with all Variables of Grid type
|
||||
|
||||
@@ -42,7 +42,7 @@ $oTemplatePower->assign('USR_UID', $aUser['USR_UID']);
|
||||
$oTemplatePower->assign('USR_FULLNAME', $aData['USR_FIRSTNAME'] . ' ' . $aData['USR_LASTNAME'] . ' (' . $aData['USR_USERNAME'] . ')');
|
||||
*/
|
||||
$userName = 'admin';
|
||||
$userPass = 'The password introduced at the time of installing the application';
|
||||
$userPass = 'The password introduced at the time of installing the application (admin: if you do not put or changed the password)';
|
||||
if(isset($_SESSION['NW_PASSWORD'])){
|
||||
if($_SESSION['NW_PASSWORD'] != ''){
|
||||
$userPass = $_SESSION['NW_PASSWORD'];
|
||||
|
||||
@@ -1,6 +1,9 @@
|
||||
<?php
|
||||
require_once ('classes/model/AppCacheView.php');
|
||||
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$_POST = $filter->xssFilterHard($_POST);
|
||||
$_GET = $filter->xssFilterHard($_GET);
|
||||
$request = isset( $_POST['request'] ) ? $_POST['request'] : (isset( $_GET['request'] ) ? $_GET['request'] : null);
|
||||
|
||||
function testConnection($type, $server, $user, $passwd, $port = 'none', $dbName = "")
|
||||
|
||||
@@ -21,6 +21,13 @@
|
||||
* For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
|
||||
* Coral Gables, FL, 33134, USA, or email info@colosa.com.
|
||||
*/
|
||||
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$_POST = $filter->xssFilterHard($_POST);
|
||||
if(isset($_SERVER['SERVER_NAME'])) {
|
||||
$_SERVER['SERVER_NAME'] = $filter->xssFilterHard($_SERVER['SERVER_NAME']);
|
||||
}
|
||||
|
||||
global $RBAC;
|
||||
$RBAC->requirePermissions( 'PM_SETUP_ADVANCE' );
|
||||
|
||||
@@ -23,11 +23,16 @@
|
||||
*/
|
||||
try {
|
||||
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$_POST = $filter->xssFilterHard($_POST);
|
||||
|
||||
G::LoadInclude( 'ajax' );
|
||||
if (isset( $_POST['form'] )) {
|
||||
$_POST = $_POST['form'];
|
||||
}
|
||||
$_POST['function'] = get_ajax_value( 'function' );
|
||||
$_POST['function'] = $filter->xssFilterHard($_POST['function']);
|
||||
switch ($_POST['function']) {
|
||||
case 'savePredetermined':
|
||||
require_once "classes/model/Translation.php";
|
||||
@@ -155,16 +160,16 @@ try {
|
||||
if($locale != "en"){ //Default Lengage 'en'
|
||||
if($locale != SYS_LANG){ //Current lenguage
|
||||
//THERE IS NO ANY CASE STARTED FROM THES LANGUAGE
|
||||
if ($aRow[0] == 0) { //so we can delete this language
|
||||
try {
|
||||
Content::removeLanguageContent( $locale );
|
||||
$trn->removeTranslationEnvironment( $locale );
|
||||
echo G::LoadTranslation( 'ID_LANGUAGE_DELETED_SUCCESSFULLY' );
|
||||
} catch (Exception $e) {
|
||||
echo $e->getMessage();
|
||||
}
|
||||
} else {
|
||||
echo str_replace( '{0}', $aRow[0], G::LoadTranslation( 'ID_LANGUAGE_CANT_DELETE' ) );
|
||||
if ($aRow[0] == 0) { //so we can delete this language
|
||||
try {
|
||||
Content::removeLanguageContent( $locale );
|
||||
$trn->removeTranslationEnvironment( $locale );
|
||||
echo G::LoadTranslation( 'ID_LANGUAGE_DELETED_SUCCESSFULLY' );
|
||||
} catch (Exception $e) {
|
||||
echo $e->getMessage();
|
||||
}
|
||||
} else {
|
||||
echo str_replace( '{0}', $aRow[0], G::LoadTranslation( 'ID_LANGUAGE_CANT_DELETE' ) );
|
||||
}
|
||||
} else {
|
||||
echo str_replace( '{0}', $aRow[0], G::LoadTranslation( 'ID_LANGUAGE_CANT_DELETE_CURRENTLY' ) );
|
||||
|
||||
@@ -1,4 +1,8 @@
|
||||
<?php
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$_REQUEST = $filter->xssFilterHard($_REQUEST);
|
||||
|
||||
if (! isset( $_REQUEST['action'] )) {
|
||||
$res['success'] = false;
|
||||
$res['error'] = $res['message'] = G::LoadTranslation('ID_REQUEST_ACTION');
|
||||
@@ -162,7 +166,7 @@ function newSkin ($baseSkin = 'classic')
|
||||
$configFileFinal = PATH_CUSTOM_SKINS . $skinFolder . PATH_SEP . 'config.xml';
|
||||
|
||||
$xmlConfiguration = file_get_contents( $configFileOriginal );
|
||||
|
||||
|
||||
$workspace = ($_REQUEST['workspace'] == 'global') ? '' : SYS_SYS;
|
||||
|
||||
$xmlConfigurationObj = G::xmlParser($xmlConfiguration);
|
||||
@@ -360,6 +364,10 @@ function exportSkin ($skinToExport = "")
|
||||
function deleteSkin ()
|
||||
{
|
||||
try {
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$_REQUEST['SKIN_FOLDER_ID'] = $filter->xssFilterHard($_REQUEST['SKIN_FOLDER_ID']);
|
||||
|
||||
if (! (isset( $_REQUEST['SKIN_FOLDER_ID'] ))) {
|
||||
throw (new Exception( G::LoadTranslation( 'ID_SKIN_FOLDER_REQUIRED' ) ));
|
||||
}
|
||||
|
||||
@@ -23,6 +23,10 @@
|
||||
*/
|
||||
ini_set( "soap.wsdl_cache_enabled", "0" ); // enabling WSDL cache
|
||||
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$_GET = $filter->xssFilterHard($_GET);
|
||||
//$_SESSION = $filter->xssFilterHard($_SESSION);
|
||||
|
||||
G::LoadClass( 'ArrayPeer' );
|
||||
if ($RBAC->userCanAccess( 'PM_SETUP' ) != 1 && $RBAC->userCanAccess( 'PM_FACTORY' ) != 1) {
|
||||
@@ -38,6 +42,8 @@ if ($_POST['action'] == '') {
|
||||
$_POST['action'] = (isset( $_GET['action'] )) ? $_GET['action'] : '';
|
||||
}
|
||||
|
||||
$_POST = $filter->xssFilterHard($_POST);
|
||||
|
||||
switch ($_POST['action']) {
|
||||
case 'showForm':
|
||||
global $G_PUBLISH;
|
||||
@@ -1504,7 +1510,7 @@ try {
|
||||
die();
|
||||
break;
|
||||
default:
|
||||
|
||||
$_POST = $filter->xssFilterHard($_POST);
|
||||
print_r( $_POST );
|
||||
}
|
||||
}
|
||||
|
||||
@@ -22,6 +22,10 @@
|
||||
* Coral Gables, FL, 33134, USA, or email info@colosa.com.
|
||||
*/
|
||||
try {
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$_POST = $filter->xssFilterHard($_POST);
|
||||
|
||||
if (isset( $_POST['form']['action'] )) {
|
||||
$_POST['action'] = $_POST['form']['action'];
|
||||
}
|
||||
|
||||
@@ -1,4 +1,13 @@
|
||||
<?php
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$_POST = $filter->xssFilterHard($_POST);
|
||||
if(isset($_SESSION['USER_LOGGED'])) {
|
||||
$_SESSION['USER_LOGGED'] = $filter->xssFilterHard($_SESSION['USER_LOGGED']);
|
||||
}
|
||||
if(isset($_SESSION['USR_USERNAME'])) {
|
||||
$_SESSION['USR_USERNAME'] = $filter->xssFilterHard($_SESSION['USR_USERNAME']);
|
||||
}
|
||||
|
||||
global $RBAC;
|
||||
$result = new StdClass();
|
||||
|
||||
@@ -23,6 +23,12 @@
|
||||
* Coral Gables, FL, 33134, USA, or email info@colosa.com.
|
||||
*/
|
||||
try {
|
||||
G::LoadSystem('inputfilter');
|
||||
$filter = new InputFilter();
|
||||
$_GET = $filter->xssFilterHard($_GET);
|
||||
$_POST = $filter->xssFilterHard($_POST);
|
||||
$_REQUEST = $filter->xssFilterHard($_REQUEST);
|
||||
|
||||
global $RBAC;
|
||||
switch ($RBAC->userCanAccess('PM_LOGIN')) {
|
||||
case - 2:
|
||||
|
||||
Reference in New Issue
Block a user