diff --git a/gulliver/system/class.g.php b/gulliver/system/class.g.php index ce776b568..71ea52f3a 100755 --- a/gulliver/system/class.g.php +++ b/gulliver/system/class.g.php @@ -5348,7 +5348,7 @@ class G if(($dtype[count($dtype) -1]) != $allowedDocTypes){ $flag = 1; } else { - $flag = 0; + return true; break; } } else { @@ -5371,27 +5371,27 @@ class G switch($allowedDocTypes){ case '*': - $flag = 0; + return true; break; case 'xls': if($docType[1] != 'vnd.ms-excel'){ $flag = 1; } else { - $flag = 0; + return true; } break; case 'doc': if($docType[1] != 'msword'){ $flag = 1; } else { - $flag = 0; + return true; } break; case 'ppt': if($docType[1] != 'vnd.ms-office'){ $flag = 1; } else { - $flag = 0; + return true; } break; case 'docx': @@ -5400,7 +5400,7 @@ class G if($docType[1] != 'zip'){ $flag = 1; } else { - $flag = 0; + return true; } break; case 'exe': @@ -5408,28 +5408,28 @@ class G if($docType[1] != 'octet-stream'){ $flag = 1; } else { - $flag = 0; + return true; } break; case 'jpg': if ($docType[1] != 'jpeg'){ $flag = 1; } else { - $flag = 0; + return true; } break; case 'mp3': if ($docType[1] != 'mpeg'){ $flag = 1; } else { - $flag = 0; + return true; } break; case 'rar': if ($docType[1] != 'x-rar'){ $flag = 1; } else { - $flag = 0; + return true; } break; case 'txt': @@ -5437,7 +5437,7 @@ class G if ($docType[1] != 'plain'){ $flag = 1; } else { - $flag = 0; + return true; } break; case 'htm': @@ -5445,14 +5445,14 @@ class G if ($docType[1] != 'html'){ $flag = 1; } else { - $flag = 0; + return true; } break; case 'po': if ($docType[1] != 'x-po'){ $flag = 1; } else { - $flag = 0; + return true; } break; case 'pdf': @@ -5464,7 +5464,7 @@ class G if ($docType[1] != $allowedDocTypes){ $flag = 1; } else { - $flag = 0; + return true; } break; default: @@ -5472,13 +5472,9 @@ class G if(($dtype[count($dtype) - 1]) != $allowedDocTypes){ $flag = 1; } else { - $flag = 0; + return true; } } - - if($flag == 0){ - break; - } } else { $message = G::LoadTranslation('ID_UPLOAD_ERR_WRONG_ALLOWED_EXTENSION_FORMAT' ); G::SendMessageText( $message, "ERROR" ); @@ -5489,14 +5485,8 @@ class G } } } - - if( $flag == 1){ - $message = G::LoadTranslation( 'ID_UPLOAD_ERR_NOT_ALLOWED_EXTENSION' ); - G::SendMessageText( $message, "ERROR" ); - - $backUrlObj = explode( "sys" . SYS_SYS, $_SERVER['HTTP_REFERER'] ); - G::header( "location: " . "/sys" . SYS_SYS . $backUrlObj[1] ); - die(); + if( $flag == 1){ + return false; } } } diff --git a/workflow/engine/methods/cases/cases_SaveData.php b/workflow/engine/methods/cases/cases_SaveData.php index ee256b11c..de985d291 100644 --- a/workflow/engine/methods/cases/cases_SaveData.php +++ b/workflow/engine/methods/cases/cases_SaveData.php @@ -280,7 +280,13 @@ try { $oFolder = new AppFolder(); //***Validating the file allowed extensions*** - G::verifyInputDocExtension($aID['INP_DOC_TYPE_FILE'], $_FILES["form"]["name"]["input"], $_FILES["form"]["tmp_name"]["input"]); + if(!G::verifyInputDocExtension($aID['INP_DOC_TYPE_FILE'], $_FILES["form"]["name"]["input"], $_FILES["form"]["tmp_name"]["input"])){ + $message = G::LoadTranslation( 'ID_UPLOAD_ERR_NOT_ALLOWED_EXTENSION' ); + G::SendMessageText( $message, "ERROR" ); + $backUrlObj = explode( "sys" . SYS_SYS, $_SERVER['HTTP_REFERER'] ); + G::header( "location: " . "/sys" . SYS_SYS . $backUrlObj[1] ); + die(); + } $aFields = array ("APP_UID" => $_SESSION["APPLICATION"],"DEL_INDEX" => $_SESSION["INDEX"],"USR_UID" => $_SESSION["USER_LOGGED"],"DOC_UID" => $indocUid,"APP_DOC_TYPE" => "INPUT","APP_DOC_CREATE_DATE" => date( "Y-m-d H:i:s" ),"APP_DOC_COMMENT" => "","APP_DOC_TITLE" => "","APP_DOC_FILENAME" => $arrayFileName[$i],"FOLDER_UID" => $oFolder->createFromPath( $aID["INP_DOC_DESTINATION_PATH"] ),"APP_DOC_TAGS" => $oFolder->parseTags( $aID["INP_DOC_TAGS"] ),"APP_DOC_FIELDNAME" => $fieldName); } else { diff --git a/workflow/engine/methods/cases/cases_SaveDocument.php b/workflow/engine/methods/cases/cases_SaveDocument.php index 6200da0a1..5cbb5c33b 100755 --- a/workflow/engine/methods/cases/cases_SaveDocument.php +++ b/workflow/engine/methods/cases/cases_SaveDocument.php @@ -96,7 +96,13 @@ if ($_SESSION["TRIGGER_DEBUG"]["NUM_TRIGGERS"] > 0) { //***Validating the file allowed extensions*** $oInputDocument = new InputDocument(); $InpDocData = $oInputDocument->load( $inputDocumentUid ); -G::verifyInputDocExtension($InpDocData['INP_DOC_TYPE_FILE'], $_FILES["form"]["name"]["APP_DOC_FILENAME"], $_FILES["form"]["tmp_name"]["APP_DOC_FILENAME"]); +if(!G::verifyInputDocExtension($InpDocData['INP_DOC_TYPE_FILE'], $_FILES["form"]["name"]["APP_DOC_FILENAME"], $_FILES["form"]["tmp_name"]["APP_DOC_FILENAME"])){ + $message = G::LoadTranslation( 'ID_UPLOAD_ERR_NOT_ALLOWED_EXTENSION' ); + G::SendMessageText( $message, "ERROR" ); + $backUrlObj = explode( "sys" . SYS_SYS, $_SERVER['HTTP_REFERER'] ); + G::header( "location: " . "/sys" . SYS_SYS . $backUrlObj[1] ); + die(); +} //Add Input Document if (isset($_FILES) && isset($_FILES["form"]) && count($_FILES["form"]) > 0) {