diff --git a/workflow/engine/methods/cases/casesMenuLoader.php b/workflow/engine/methods/cases/casesMenuLoader.php index ddb50e00c..d45138fe7 100644 --- a/workflow/engine/methods/cases/casesMenuLoader.php +++ b/workflow/engine/methods/cases/casesMenuLoader.php @@ -9,9 +9,6 @@ switch ($action) { case 'getAllCounters': getAllCounters(); break; - case 'getProcess': - getProcess(); - break; /*----------------------------------********---------------------------------*/ case 'getAllCountersEnterprise': getAllCountersEnterprise(); @@ -218,64 +215,6 @@ function getLoadTreeMenuData () print $xml;*/ } -// get the process summary of specific case list type, -function getProcess () -{ - global $G_TMP_MENU; - global $userId; - if (! isset( $_GET['item'] )) { - die(); - } - - $oMenu = new Menu(); - $oMenu->load( 'cases' ); - $type = $_GET['item']; - $oCases = new AppCacheView(); - - $aTypesID = array (); - $aTypesID['CASES_INBOX'] = 'to_do'; - $aTypesID['CASES_DRAFT'] = 'draft'; - $aTypesID['CASES_CANCELLED'] = 'cancelled'; - $aTypesID['CASES_SENT'] = 'sent'; - $aTypesID['CASES_PAUSED'] = 'paused'; - $aTypesID['CASES_COMPLETED'] = 'completed'; - $aTypesID['CASES_SELFSERVICE'] = 'selfservice'; - //$aTypesID['CASES_TO_REVISE'] = 'to_revise'; - //$aTypesID['CASES_TO_REASSIGN'] = 'to_reassign'; - $aTypesID = Array ('CASES_INBOX' => 'to_do','CASES_DRAFT' => 'draft','CASES_CANCELLED' => 'cancelled','CASES_SENT' => 'sent','CASES_PAUSED' => 'paused','CASES_COMPLETED' => 'completed','CASES_SELFSERVICE' => 'selfservice','CASES_TO_REVISE' => 'to_revise','CASES_TO_REASSIGN' => 'to_reassign'); - - $aCount = $oCases->getAllCounters( Array ($aTypesID[$type] - ), $userId, true ); - - $response = Array (); - //disabling the summary... - /* - $i=0; - foreach($aCount[$aTypesID[$type]]['sumary'] as $PRO_UID=>$process){ - //{"text":"state","id":"src\/state","cls":"folder", loaded:true}, - $response[$i] = new stdClass(); - $response[$i]->text = $process['name'] . ' ('.$process['count'].')'; - $response[$i]->id = $process['name']; - $response[$i]->cls = 'folder'; - $response[$i]->loaded = true; - $i++; - } - */ - //ordering - /*for($i=0; $i<=count($response)-1; $i++){ - for($j=$i+1; $j<=count($response); $j++){ - - echo $response[$j]->text .'<'. $response[$i]->text; - if($response[$j]->text[0] < $response[$i]->text[0]){ - $x = $response[$i]; - $response[$i] = $response[$j]; - $response[$j] = $x; - } - } - }*/ - echo G::json_encode( $response ); -} - /*----------------------------------********---------------------------------*/ function getAllCountersEnterprise() { diff --git a/workflow/engine/methods/cases/proxyNewCasesList.php b/workflow/engine/methods/cases/proxyNewCasesList.php index d56037a82..4bfce0b70 100644 --- a/workflow/engine/methods/cases/proxyNewCasesList.php +++ b/workflow/engine/methods/cases/proxyNewCasesList.php @@ -173,7 +173,7 @@ try { $record["APP_UPDATE_DATE"] = $record["DEL_DELEGATE_DATE"]; } - if (isset($record['DEL_CURRENT_TAS_TITLE'])) { + if (isset($record['DEL_CURRENT_TAS_TITLE']) && $record['DEL_CURRENT_TAS_TITLE'] != '') { $record['APP_TAS_TITLE'] = $record['DEL_CURRENT_TAS_TITLE']; } diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Light/NotificationDevice.php b/workflow/engine/src/ProcessMaker/BusinessModel/Light/NotificationDevice.php index 13e45a3ff..34422b962 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Light/NotificationDevice.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Light/NotificationDevice.php @@ -199,11 +199,6 @@ class NotificationDevice $devices = $oNoti->loadUsersArrayId($userIds); } else { $devices = $oNoti->loadByUsersId($userIds); - $lists = new \ProcessMaker\BusinessModel\Lists(); - $counter = $lists->getCounters($userIds); - $light = new \ProcessMaker\Services\Api\Light(); - $result = $light->parserCountersCases($counter); - $data['counters'] = $result; } $devicesAndroidIds = array(); diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/ProcessSupervisor.php b/workflow/engine/src/ProcessMaker/BusinessModel/ProcessSupervisor.php index 21807d68b..2ed4d6d34 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/ProcessSupervisor.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/ProcessSupervisor.php @@ -129,14 +129,14 @@ class ProcessSupervisor $sql = " SELECT DISTINCT " . \GroupUserPeer::GRP_UID . " FROM " . \GroupUserPeer::TABLE_NAME . ", " . \UsersPeer::TABLE_NAME . ", - " . \UsersRolesPeer::TABLE_NAME . ", " . \RolesPermissionsPeer::TABLE_NAME . ", " . \PermissionsPeer::TABLE_NAME . " + " . DB_RBAC_NAME . '.' . \UsersRolesPeer::TABLE_NAME . ", " . DB_RBAC_NAME . '.' . \RolesPermissionsPeer::TABLE_NAME . ", " . DB_RBAC_NAME . '.' . \PermissionsPeer::TABLE_NAME . " WHERE " . \GroupUserPeer::GRP_UID . " = " . \GroupwfPeer::GRP_UID . " AND " . \GroupUserPeer::USR_UID . " = " . \UsersPeer::USR_UID . " AND " . \UsersPeer::USR_STATUS . " = " . $delimiter . "ACTIVE" . $delimiter . " AND - " . \UsersPeer::USR_UID . " = " . \UsersRolesPeer::USR_UID . " AND - " . \UsersRolesPeer::ROL_UID . " = " . \RolesPermissionsPeer::ROL_UID . " AND - " . \RolesPermissionsPeer::PER_UID . " = " . \PermissionsPeer::PER_UID . " AND - " . \PermissionsPeer::PER_CODE . " = " . $delimiter . "PM_SUPERVISOR" . $delimiter . " AND - " . \PermissionsPeer::PER_SYSTEM . " = " . $delimiter . $arrayRbacSystemData["SYS_CODE"] . $delimiter . " + " . \UsersPeer::USR_UID . " = " . DB_RBAC_NAME . '.' . \UsersRolesPeer::USR_UID . " AND + " . DB_RBAC_NAME . '.' . \UsersRolesPeer::ROL_UID . " = " . DB_RBAC_NAME . '.' . \RolesPermissionsPeer::ROL_UID . " AND + " . DB_RBAC_NAME . '.' . \RolesPermissionsPeer::PER_UID . " = " . DB_RBAC_NAME . '.' . \PermissionsPeer::PER_UID . " AND + " . DB_RBAC_NAME . '.' . \PermissionsPeer::PER_CODE . " = " . $delimiter . "PM_SUPERVISOR" . $delimiter . " AND + " . DB_RBAC_NAME . '.' . \PermissionsPeer::PER_SYSTEM . " = " . $delimiter . $arrayRbacSystemData["SYS_CODE"] . $delimiter . " "; $criteriaGroup->add( @@ -209,13 +209,13 @@ class ProcessSupervisor break; case "AVAILABLE": $sql = " - SELECT DISTINCT " . \UsersRolesPeer::USR_UID . " - FROM " . \UsersRolesPeer::TABLE_NAME . ", " . \RolesPermissionsPeer::TABLE_NAME . ", " . \PermissionsPeer::TABLE_NAME . " - WHERE " . \UsersRolesPeer::USR_UID . " = " . \UsersPeer::USR_UID . " AND - " . \UsersRolesPeer::ROL_UID . " = " . \RolesPermissionsPeer::ROL_UID . " AND - " . \RolesPermissionsPeer::PER_UID . " = " . \PermissionsPeer::PER_UID . " AND - " . \PermissionsPeer::PER_CODE . " = " . $delimiter . "PM_SUPERVISOR" . $delimiter . " AND - " . \PermissionsPeer::PER_SYSTEM . " = " . $delimiter . $arrayRbacSystemData["SYS_CODE"] . $delimiter . " + SELECT DISTINCT " . DB_RBAC_NAME . '.' . \UsersRolesPeer::USR_UID . " + FROM " . DB_RBAC_NAME . '.' . \UsersRolesPeer::TABLE_NAME . ", " . DB_RBAC_NAME . '.' . \RolesPermissionsPeer::TABLE_NAME . ", " . DB_RBAC_NAME . '.' . \PermissionsPeer::TABLE_NAME . " + WHERE " . DB_RBAC_NAME . '.' . \UsersRolesPeer::USR_UID . " = " . \UsersPeer::USR_UID . " AND + " . DB_RBAC_NAME . '.' . \UsersRolesPeer::ROL_UID . " = " . DB_RBAC_NAME . '.' . \RolesPermissionsPeer::ROL_UID . " AND + " . DB_RBAC_NAME . '.' . \RolesPermissionsPeer::PER_UID . " = " . DB_RBAC_NAME . '.' . \PermissionsPeer::PER_UID . " AND + " . DB_RBAC_NAME . '.' . \PermissionsPeer::PER_CODE . " = " . $delimiter . "PM_SUPERVISOR" . $delimiter . " AND + " . DB_RBAC_NAME . '.' . \PermissionsPeer::PER_SYSTEM . " = " . $delimiter . $arrayRbacSystemData["SYS_CODE"] . $delimiter . " "; $criteriaUser->add( diff --git a/workflow/engine/templates/cases/main.js b/workflow/engine/templates/cases/main.js index a8b4b9b4c..cee5b829a 100644 --- a/workflow/engine/templates/cases/main.js +++ b/workflow/engine/templates/cases/main.js @@ -16,7 +16,6 @@ var propStore; var triggerStore; var debugVariablesFilter; -var ReloadTreeMenuItemDetail; var NOTIFIER_FLAG = false; var result; var _action = ''; @@ -258,39 +257,6 @@ Ext.onReady(function(){ } }); - - - var treeMenuItemDetail = new Ext.tree.TreePanel({ - id: 'tree_menuItem_detail', - region: 'south', - animate:true, - autoScroll:true, - loader: new Ext.tree.TreeLoader({ - dataUrl:'casesMenuLoader?action=getProcess' - }), - enableDD:true, - containerScroll: true, - border: false, - width: 250, - height: 120, - dropConfig: {appendOnly:true}, - collapsible: true, - split: true, - margins: '0 2 2 2', - cmargins: '2 2 2 2', - rootVisible: false, - root: new Ext.tree.AsyncTreeNode()/*, - tbar: [{ - text: 'reload', - handler: ReloadTreeMenuItemDetail - }]*/ - }); - - ReloadTreeMenuItemDetail = function(params){ - treeMenuItemDetail.loader.dataUrl = 'casesMenuLoader?action=getProcess&item='+params.item; - treeMenuItemDetail.root.reload(); - } - // set the root node var root = new Ext.tree.AsyncTreeNode({ text: 'Ext JS', @@ -300,8 +266,6 @@ Ext.onReady(function(){ expanded:true }); - treeMenuItemDetail.setRootNode(root); - mainMenu = new Ext.Panel({ id:'menuTreePanel', title: '', @@ -317,8 +281,7 @@ Ext.onReady(function(){ margins: '0 0 0 2', items: [ - treeMenuItems, - treeMenuItemDetail + treeMenuItems ] }); mainMenu.setTitle("
"); @@ -530,15 +493,6 @@ Ext.onReady(function(){ menuPanelC.hide(); menuPanelC.ownerCt.doLayout(); - /**show*/ - //w.show(); - //w.ownerCt.doLayout(); - //w.expand(); - - var menuPanelDetail = Ext.getCmp('tree_menuItem_detail'); - menuPanelDetail.hide(); - menuPanelDetail.ownerCt.doLayout(); - //FORMATS.casesListRefreshTime is in seconds setTimeout("timer()", parseInt(FORMATS.casesListRefreshTime) * 1000); }); @@ -571,9 +525,7 @@ function updateCasesTree() { document.getElementById('refreshNotifiers').src = '/images/ext/default/grid/loading.gif'; itemsTypes = Array('CASES_INBOX', 'CASES_DRAFT', 'CASES_CANCELLED', 'CASES_SENT', 'CASES_PAUSED', 'CASES_COMPLETED', 'CASES_SELFSERVICE'); - if (currentSelectedTreeMenuItem) { - ReloadTreeMenuItemDetail({item: currentSelectedTreeMenuItem}); - } + Ext.Ajax.request({ url: urlProxy + Math.random(), success: function (response) { diff --git a/workflow/engine/templates/cases/reassignList.js b/workflow/engine/templates/cases/reassignList.js index f666d6f7b..08e8d1228 100644 --- a/workflow/engine/templates/cases/reassignList.js +++ b/workflow/engine/templates/cases/reassignList.js @@ -32,7 +32,7 @@ var storeUsersToReassign = new Ext.data.Store({ remoteSort: false, - autoLoad:true, + autoLoad:false, proxy : proxyUsersToReassignList, reader: readerUsersToReassignList, writer: writerUsersToReassignList, // <-- plug a DataWriter into the store just as you would a Reader diff --git a/workflow/public_html/.htaccess b/workflow/public_html/.htaccess index 458bcdada..5d0e4c170 100644 --- a/workflow/public_html/.htaccess +++ b/workflow/public_html/.htaccess @@ -3,7 +3,7 @@ Deny from all - + Order Allow,Deny Allow from All \ No newline at end of file diff --git a/workflow/public_html/sysGeneric.php b/workflow/public_html/sysGeneric.php index 0b32f04eb..b839b75c7 100644 --- a/workflow/public_html/sysGeneric.php +++ b/workflow/public_html/sysGeneric.php @@ -117,6 +117,10 @@ if (file_exists($requestFile)) { header( "location: /errors/error404.php?url=" . urlencode( $_SERVER['REQUEST_URI'] ) ); die; } + if ($request === "app.php" || $request === "sysGeneric.php") { + //HTTP/1.0 403 Forbidden + http_response_code(403); + } $pos = strripos($request, ".") + 1; $size = strlen($request); if($pos < $size) { @@ -307,20 +311,11 @@ if (!(array_key_exists('REMOTE_USER', $_SERVER) && (string)($_SERVER['REMOTE_USE ini_set('session.cookie_httponly', 1); ini_set('session.cookie_secure', 1); } - //$e_all = defined( 'E_DEPRECATED' ) ? E_ALL & ~ E_DEPRECATED : E_ALL; //$e_all = defined( 'E_STRICT' ) ? $e_all & ~ E_STRICT : $e_all; //$e_all = $config['debug'] ? $e_all : $e_all & ~ E_NOTICE; //$e_all = E_ALL & ~ E_DEPRECATED & ~ E_STRICT & ~ E_NOTICE & ~E_WARNING; -G::LoadSystem('inputfilter'); -$filter = new InputFilter(); -$config['display_errors'] = $filter->validateInput($config['display_errors']); -$config['error_reporting'] = $filter->validateInput($config['error_reporting']); -$config['memory_limit'] = $filter->validateInput($config['memory_limit']); -$config['wsdl_cache'] = $filter->validateInput($config['wsdl_cache'],'int'); -$config['time_zone'] = $filter->validateInput($config['time_zone']); - // Do not change any of these settings directly, use env.ini instead ini_set( 'display_errors', $config['display_errors']); ini_set( 'error_reporting', $config['error_reporting']); @@ -515,7 +510,6 @@ if (defined( 'PATH_DATA' ) && file_exists( PATH_DATA )) { $oServerConf = & serverConf::getSingleton(); } $pathFile = PATH_THIRDPARTY . '/pear/PEAR.php'; -$pathFile = $filter->validateInput($pathFile,'path'); require_once $pathFile; //Bootstrap::LoadSystem( 'pmException' ); @@ -531,7 +525,6 @@ if (! defined( 'PATH_DATA' ) || ! file_exists( PATH_DATA )) { //NewRelic Snippet - By JHL transactionLog(PATH_CONTROLLERS.'installer.php'); $pathFile = PATH_CONTROLLERS . 'installer.php'; - $pathFile = $filter->validateInput($pathFile,'path'); require_once ($pathFile); $controller = 'Installer'; @@ -578,7 +571,6 @@ if ($oServerConf->isWSDisabled( SYS_TEMP )) { if (defined( 'SYS_TEMP' ) && SYS_TEMP != '') { //this is the default, the workspace db.php file is in /shared/workflow/sites/SYS_SYS $pathFile = PATH_DB . SYS_TEMP . '/db.php'; - $pathFile = $filter->validateInput($pathFile,'path'); if (file_exists( $pathFile )) { require_once ($pathFile); define( 'SYS_SYS', SYS_TEMP ); @@ -600,7 +592,6 @@ if (defined( 'SYS_TEMP' ) && SYS_TEMP != '') { } else { //when we are in global pages, outside any valid workspace if (SYS_TARGET === 'newSite') { $phpFile = G::ExpandPath( 'methods' ) . SYS_COLLECTION . "/" . SYS_TARGET . '.php'; - $phpFile = $filter->validateInput($phpFile,'path'); //NewRelic Snippet - By JHL transactionLog($phpFile); require_once ($phpFile); @@ -608,12 +599,11 @@ if (defined( 'SYS_TEMP' ) && SYS_TEMP != '') { } else { if (SYS_TARGET == "dbInfo") { //Show dbInfo when no SYS_SYS $pathFile = PATH_METHODS . "login/dbInfo.php"; - $pathFile = $filter->validateInput($pathFile,'path'); require_once ($pathFile); } else { if (substr( SYS_SKIN, 0, 2 ) === 'ux' && SYS_TARGET != 'sysLoginVerify') { // new ux sysLogin - extjs based form - $pathFile = $filter->validateInput(PATH_CONTROLLERS . 'main.php','path'); + $pathFile = PATH_CONTROLLERS . 'main.php'; require_once $pathFile; $controllerClass = 'Main'; $controllerAction = SYS_TARGET == 'sysLoginVerify' ? SYS_TARGET : 'sysLogin'; @@ -625,7 +615,7 @@ if (defined( 'SYS_TEMP' ) && SYS_TEMP != '') { $controller->call( $controllerAction ); } } else { // classic sysLogin interface - $pathFile = $filter->validateInput(PATH_METHODS . "login/sysLogin.php",'path'); + $pathFile = PATH_METHODS . "login/sysLogin.php"; require_once ($pathFile); die(); } @@ -710,9 +700,7 @@ if (defined( 'DEBUG_SQL_LOG' ) && DEBUG_SQL_LOG) { //Set Time Zone /*----------------------------------********---------------------------------*/ -if (PMLicensedFeatures::getSingleton()->verifyfeature('oq3S29xemxEZXJpZEIzN01qenJUaStSekY4cTdJVm5vbWtVM0d4S2lJSS9qUT0=')) { - $_SESSION['__SYSTEM_UTC_TIME_ZONE__'] = (int)($config['system_utc_time_zone']) == 1; -} +$_SESSION['__SYSTEM_UTC_TIME_ZONE__'] = (int)($config['system_utc_time_zone']) == 1; /*----------------------------------********---------------------------------*/ ini_set('date.timezone', (isset($_SESSION['__SYSTEM_UTC_TIME_ZONE__']) && $_SESSION['__SYSTEM_UTC_TIME_ZONE__'])? 'UTC' : $config['time_zone']); //Set Time Zone @@ -737,7 +725,7 @@ ob_start(); // Rebuild the base Workflow translations if not exists if (! is_file( PATH_LANGUAGECONT . 'translation.en' )) { - $pathFile = $filter->validateInput(PATH_CLASSES . "model" . PATH_SEP . "Translation.php", "path"); + $pathFile = PATH_CLASSES . "model" . PATH_SEP . "Translation.php"; require_once ($pathFile); @@ -747,7 +735,7 @@ if (! is_file( PATH_LANGUAGECONT . 'translation.en' )) { // TODO: Verify if the language set into url is defined in translations env. if (SYS_LANG != 'en' && ! is_file( PATH_LANGUAGECONT . 'translation.' . SYS_LANG )) { - $pathFile = $filter->validateInput(PATH_CLASSES . "model" . PATH_SEP . "Translation.php", "path"); + $pathFile = PATH_CLASSES . "model" . PATH_SEP . "Translation.php"; require_once ($pathFile); @@ -821,7 +809,7 @@ if (substr( SYS_COLLECTION, 0, 8 ) === 'gulliver') { //erik: verify if it is a Controller Class or httpProxyController Class if (is_file( PATH_CONTROLLERS . SYS_COLLECTION . '.php' )) { Bootstrap::LoadSystem( 'controller' ); - $pathFile = $filter->validateInput(PATH_CONTROLLERS . SYS_COLLECTION . '.php','path'); + $pathFile = PATH_CONTROLLERS . SYS_COLLECTION . '.php'; require_once $pathFile; $controllerClass = SYS_COLLECTION; //if the method name is empty set default to index method @@ -854,7 +842,6 @@ if (substr( SYS_COLLECTION, 0, 8 ) === 'gulliver') { $pluginControllerPath = PATH_PLUGINS . $pluginName . PATH_SEP . 'controllers' . PATH_SEP; $pathFile = $pluginControllerPath. $controllerClass . '.php'; - $pathFile = $filter->validateInput($pathFile,'path'); if (is_file($pathFile)) { require_once $pathFile; } elseif (is_file($pluginControllerPath. ucfirst($controllerClass) . '.php')) {