fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Conflicts

Browse Source
This commit is contained in:
Paula Quispe
2017-02-10 17:59:06 -04:00
parent 5606c1c565 3e687e6bb3
commit efb1576cb5
15 changed files with 257 additions and 90 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -20,7 +20,6 @@ workflow/public_html/index.html
.DS_Store
.idea
composer.phar
composer.lock
vendor/
workflow/engine/config/schema-transformed.xml
workflow/engine/config/_databases_.php

194
composer.lock generated
View File

@@ -4,8 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
"This file is @generated automatically"
],
"hash": "e94e04e50eb74bdfd3dfedcb1af4e6d0",
"content-hash": "f0b89bffcea74fc73605464d3f0ca520",
"content-hash": "da8938c847b4f778aa2acc95daaeb38c",
"packages": [
{
"name": "bshaffer/oauth2-server-php",
@@ -48,7 +47,7 @@
"oauth",
"oauth2"
],
"time": "2013-08-12 16:35:58"
"time": "2013-08-12T16:35:58+00:00"
},
{
"name": "colosa/MichelangeloFE",
@@ -56,7 +55,7 @@
"source": {
"type": "git",
"url": "git@bitbucket.org:colosa/michelangelofe.git",
"reference": "7e889f23a7e8397c052a4d9ae6331334b57c9d48"
"reference": "733277aef23c643b094c123043c3dbee975997a4"
},
"require": {
"colosa/pmui": "release/3.2-dev"
@@ -67,7 +66,7 @@
"keywords": [
"js app ProcessMaker"
],
"time": "2016-03-09 20:18:44"
"time": "2017-01-30 20:34:14"
},
{
"name": "colosa/pmDynaform",
@@ -75,7 +74,7 @@
"source": {
"type": "git",
"url": "git@bitbucket.org:colosa/pmdynaform.git",
"reference": "c2008027bd721ac42e4a7d98cc773f82ac25921e"
"reference": "efb60f8f989ee83f91459f82810f90d8ef7a6d64"
},
"type": "library",
"description": "JS Library to render ProcessMaker Dynaforms",
@@ -83,7 +82,7 @@
"keywords": [
"js lib ProcessMaker Dynaforms"
],
"time": "2016-03-15 17:46:33"
"time": "2017-02-09 17:03:07"
},
{
"name": "colosa/pmUI",
@@ -91,7 +90,7 @@
"source": {
"type": "git",
"url": "git@bitbucket.org:colosa/pmui.git",
"reference": "851ee86a1006df111ee8b281bf2b033cdbcc6f0b"
"reference": "462ab5f45a4cce1ca9920fcb854255f10abea1e1"
},
"type": "library",
"description": "JS UI Library",
@@ -99,20 +98,20 @@
"keywords": [
"js lib ProcessMaker UI"
],
"time": "2016-02-26 21:41:50"
"time": "2017-01-30 20:34:06"
},
{
"name": "dapphp/securimage",
"version": "3.6.4",
"version": "3.6.5",
"source": {
"type": "git",
"url": "https://github.com/dapphp/securimage.git",
"reference": "2ed50264ae5541fec8d8c79e4c9b6235a7cfd506"
"reference": "3f5a84fd80b1a35d58332896c944142713a7e802"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/dapphp/securimage/zipball/2ed50264ae5541fec8d8c79e4c9b6235a7cfd506",
"reference": "2ed50264ae5541fec8d8c79e4c9b6235a7cfd506",
"url": "https://api.github.com/repos/dapphp/securimage/zipball/3f5a84fd80b1a35d58332896c944142713a7e802",
"reference": "3f5a84fd80b1a35d58332896c944142713a7e802",
"shasum": ""
},
"require": {
@@ -130,7 +129,7 @@
"securimage.php"
]
},
"notification-url": "http://packagist.org/downloads/",
"notification-url": "https://packagist.org/downloads/",
"license": [
"BSD"
],
@@ -146,7 +145,7 @@
"captcha",
"security"
],
"time": "2016-03-04 21:08:00"
"time": "2016-12-04T17:45:57+00:00"
},
{
"name": "google/apiclient",
@@ -189,7 +188,7 @@
"keywords": [
"google"
],
"time": "2015-10-16 22:11:08"
"time": "2015-10-16T22:11:08+00:00"
},
{
"name": "luracast/restler",
@@ -197,12 +196,12 @@
"source": {
"type": "git",
"url": "https://github.com/Luracast/Restler.git",
"reference": "1dcf910c1e1fd1ea565a537b053a66971d818e42"
"reference": "581d8d6dc5d37f439765f89725a92f85e98f1826"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/Luracast/Restler/zipball/1dcf910c1e1fd1ea565a537b053a66971d818e42",
"reference": "1dcf910c1e1fd1ea565a537b053a66971d818e42",
"url": "https://api.github.com/repos/Luracast/Restler/zipball/581d8d6dc5d37f439765f89725a92f85e98f1826",
"reference": "581d8d6dc5d37f439765f89725a92f85e98f1826",
"shasum": ""
},
"require": {
@@ -268,7 +267,7 @@
"rest",
"server"
],
"time": "2015-08-04 07:52:49"
"time": "2015-08-04T07:52:49+00:00"
},
{
"name": "monolog/monolog",
@@ -346,7 +345,7 @@
"logging",
"psr-3"
],
"time": "2016-04-12 18:29:35"
"time": "2016-04-12T18:29:35+00:00"
},
{
"name": "psr/log",
@@ -384,7 +383,7 @@
"psr",
"psr-3"
],
"time": "2012-12-21 11:40:51"
"time": "2012-12-21T11:40:51+00:00"
}
],
"packages-dev": [
@@ -453,7 +452,7 @@
"Behat",
"Symfony2"
],
"time": "2013-06-06 10:46:48"
"time": "2013-06-06T10:46:48+00:00"
},
{
"name": "behat/gherkin",
@@ -514,7 +513,7 @@
"Symfony2",
"parser"
],
"time": "2013-03-02 10:38:40"
"time": "2013-03-02T10:38:40+00:00"
},
{
"name": "guzzle/guzzle",
@@ -571,7 +570,7 @@
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "release/3.2-dev"
"dev-master": "3.1-dev"
}
},
"autoload": {
@@ -607,26 +606,29 @@
"web service"
],
"abandoned": "guzzlehttp/guzzle",
"time": "2013-01-28 00:07:40"
"time": "2013-01-28T00:07:40+00:00"
},
{
"name": "symfony/config",
"version": "v2.8.9",
"version": "v2.8.17",
"source": {
"type": "git",
"url": "https://github.com/symfony/config.git",
"reference": "4275ef5b59f18959df0eee3991e9ca0cc208ffd4"
"reference": "747fa191136cf798409183c501435aa4c16184df"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/config/zipball/4275ef5b59f18959df0eee3991e9ca0cc208ffd4",
"reference": "4275ef5b59f18959df0eee3991e9ca0cc208ffd4",
"url": "https://api.github.com/repos/symfony/config/zipball/747fa191136cf798409183c501435aa4c16184df",
"reference": "747fa191136cf798409183c501435aa4c16184df",
"shasum": ""
},
"require": {
"php": ">=5.3.9",
"symfony/filesystem": "~2.3|~3.0.0"
},
"require-dev": {
"symfony/yaml": "~2.7|~3.0.0"
},
"suggest": {
"symfony/yaml": "To use the yaml reference dumper"
},
@@ -660,24 +662,25 @@
],
"description": "Symfony Config Component",
"homepage": "https://symfony.com",
"time": "2016-07-26 08:02:44"
"time": "2017-02-05T10:11:19+00:00"
},
{
"name": "symfony/console",
"version": "v2.8.9",
"version": "v2.8.17",
"source": {
"type": "git",
"url": "https://github.com/symfony/console.git",
"reference": "36e62335caca8a6e909c5c5bac4a8128149911c9"
"reference": "f3c234cd8db9f7e520a91d695db7d8bb5daeb7a4"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/console/zipball/36e62335caca8a6e909c5c5bac4a8128149911c9",
"reference": "36e62335caca8a6e909c5c5bac4a8128149911c9",
"url": "https://api.github.com/repos/symfony/console/zipball/f3c234cd8db9f7e520a91d695db7d8bb5daeb7a4",
"reference": "f3c234cd8db9f7e520a91d695db7d8bb5daeb7a4",
"shasum": ""
},
"require": {
"php": ">=5.3.9",
"symfony/debug": "~2.7,>=2.7.2|~3.0.0",
"symfony/polyfill-mbstring": "~1.0"
},
"require-dev": {
@@ -720,20 +723,77 @@
],
"description": "Symfony Console Component",
"homepage": "https://symfony.com",
"time": "2016-07-30 07:20:35"
"time": "2017-02-06T12:04:06+00:00"
},
{
"name": "symfony/dependency-injection",
"version": "v2.8.9",
"name": "symfony/debug",
"version": "v3.0.9",
"source": {
"type": "git",
"url": "https://github.com/symfony/dependency-injection.git",
"reference": "f2b5a00d176f6a201dc430375c0ef37706ea3d12"
"url": "https://github.com/symfony/debug.git",
"reference": "697c527acd9ea1b2d3efac34d9806bf255278b0a"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/dependency-injection/zipball/f2b5a00d176f6a201dc430375c0ef37706ea3d12",
"reference": "f2b5a00d176f6a201dc430375c0ef37706ea3d12",
"url": "https://api.github.com/repos/symfony/debug/zipball/697c527acd9ea1b2d3efac34d9806bf255278b0a",
"reference": "697c527acd9ea1b2d3efac34d9806bf255278b0a",
"shasum": ""
},
"require": {
"php": ">=5.5.9",
"psr/log": "~1.0"
},
"conflict": {
"symfony/http-kernel": ">=2.3,<2.3.24|~2.4.0|>=2.5,<2.5.9|>=2.6,<2.6.2"
},
"require-dev": {
"symfony/class-loader": "~2.8|~3.0",
"symfony/http-kernel": "~2.8|~3.0"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "3.0-dev"
}
},
"autoload": {
"psr-4": {
"Symfony\\Component\\Debug\\": ""
},
"exclude-from-classmap": [
"/Tests/"
]
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Fabien Potencier",
"email": "fabien@symfony.com"
},
{
"name": "Symfony Community",
"homepage": "https://symfony.com/contributors"
}
],
"description": "Symfony Debug Component",
"homepage": "https://symfony.com",
"time": "2016-07-30T07:22:48+00:00"
},
{
"name": "symfony/dependency-injection",
"version": "v2.8.17",
"source": {
"type": "git",
"url": "https://github.com/symfony/dependency-injection.git",
"reference": "1dfbf6a9e30113a9c4e482ab056e969c70c37a19"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/dependency-injection/zipball/1dfbf6a9e30113a9c4e482ab056e969c70c37a19",
"reference": "1dfbf6a9e30113a9c4e482ab056e969c70c37a19",
"shasum": ""
},
"require": {
@@ -783,20 +843,20 @@
],
"description": "Symfony DependencyInjection Component",
"homepage": "https://symfony.com",
"time": "2016-07-30 07:20:35"
"time": "2017-01-27T23:54:58+00:00"
},
{
"name": "symfony/event-dispatcher",
"version": "v2.8.9",
"version": "v2.8.17",
"source": {
"type": "git",
"url": "https://github.com/symfony/event-dispatcher.git",
"reference": "889983a79a043dfda68f38c38b6dba092dd49cd8"
"reference": "74877977f90fb9c3e46378d5764217c55f32df34"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/event-dispatcher/zipball/889983a79a043dfda68f38c38b6dba092dd49cd8",
"reference": "889983a79a043dfda68f38c38b6dba092dd49cd8",
"url": "https://api.github.com/repos/symfony/event-dispatcher/zipball/74877977f90fb9c3e46378d5764217c55f32df34",
"reference": "74877977f90fb9c3e46378d5764217c55f32df34",
"shasum": ""
},
"require": {
@@ -843,7 +903,7 @@
],
"description": "Symfony EventDispatcher Component",
"homepage": "https://symfony.com",
"time": "2016-07-28 16:56:28"
"time": "2017-01-02T20:30:24+00:00"
},
{
"name": "symfony/filesystem",
@@ -892,7 +952,7 @@
],
"description": "Symfony Filesystem Component",
"homepage": "https://symfony.com",
"time": "2016-07-20 05:43:46"
"time": "2016-07-20T05:43:46+00:00"
},
{
"name": "symfony/finder",
@@ -942,20 +1002,20 @@
],
"description": "Symfony Finder Component",
"homepage": "https://symfony.com",
"time": "2016-05-13 14:58:35"
"time": "2016-05-13T14:58:35+00:00"
},
{
"name": "symfony/polyfill-mbstring",
"version": "v1.2.0",
"version": "v1.3.0",
"source": {
"type": "git",
"url": "https://github.com/symfony/polyfill-mbstring.git",
"reference": "dff51f72b0706335131b00a7f49606168c582594"
"reference": "e79d363049d1c2128f133a2667e4f4190904f7f4"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/dff51f72b0706335131b00a7f49606168c582594",
"reference": "dff51f72b0706335131b00a7f49606168c582594",
"url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/e79d363049d1c2128f133a2667e4f4190904f7f4",
"reference": "e79d363049d1c2128f133a2667e4f4190904f7f4",
"shasum": ""
},
"require": {
@@ -967,7 +1027,7 @@
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "1.2-dev"
"dev-master": "1.3-dev"
}
},
"autoload": {
@@ -978,7 +1038,7 @@
"bootstrap.php"
]
},
"notification-url": "http://packagist.org/downloads/",
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
@@ -1001,20 +1061,20 @@
"portable",
"shim"
],
"time": "2016-05-18 14:26:46"
"time": "2016-11-14T01:06:16+00:00"
},
{
"name": "symfony/translation",
"version": "v2.8.9",
"version": "v2.8.17",
"source": {
"type": "git",
"url": "https://github.com/symfony/translation.git",
"reference": "32b0c824da6df065f43b0c458dc505940e98a7f1"
"reference": "c281ac2b484210bb95106bdb8ae8356e63277725"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/translation/zipball/32b0c824da6df065f43b0c458dc505940e98a7f1",
"reference": "32b0c824da6df065f43b0c458dc505940e98a7f1",
"url": "https://api.github.com/repos/symfony/translation/zipball/c281ac2b484210bb95106bdb8ae8356e63277725",
"reference": "c281ac2b484210bb95106bdb8ae8356e63277725",
"shasum": ""
},
"require": {
@@ -1065,20 +1125,20 @@
],
"description": "Symfony Translation Component",
"homepage": "https://symfony.com",
"time": "2016-07-30 07:20:35"
"time": "2017-01-21T16:59:38+00:00"
},
{
"name": "symfony/yaml",
"version": "v2.8.9",
"version": "v2.8.17",
"source": {
"type": "git",
"url": "https://github.com/symfony/yaml.git",
"reference": "0ceab136f43ed9d3e97b3eea32a7855dc50c121d"
"reference": "322a8c2dfbca15ad6b1b27e182899f98ec0e0153"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/yaml/zipball/0ceab136f43ed9d3e97b3eea32a7855dc50c121d",
"reference": "0ceab136f43ed9d3e97b3eea32a7855dc50c121d",
"url": "https://api.github.com/repos/symfony/yaml/zipball/322a8c2dfbca15ad6b1b27e182899f98ec0e0153",
"reference": "322a8c2dfbca15ad6b1b27e182899f98ec0e0153",
"shasum": ""
},
"require": {
@@ -1114,7 +1174,7 @@
],
"description": "Symfony Yaml Component",
"homepage": "https://symfony.com",
"time": "2016-07-17 09:06:15"
"time": "2017-01-21T16:40:50+00:00"
}
],
"aliases": [],

1
framework/src/Maveriks/WebApplication.php
View File

@@ -533,6 +533,7 @@ class WebApplication
define("PATH_DYNAFORM", PATH_DATA_SITE . "xmlForms/");
define("PATH_IMAGES_ENVIRONMENT_FILES", PATH_DATA_SITE . "usersFiles" . PATH_SEP);
define("PATH_IMAGES_ENVIRONMENT_USERS", PATH_DATA_SITE . "usersPhotographies" . PATH_SEP);
define('DISABLE_PHP_UPLOAD_EXECUTION', $arraySystemConfiguration['disable_php_upload_execution']);
/**
* Global definitions, before it was the defines.php file

35
gulliver/system/class.bootstrap.php
View File

@@ -2964,5 +2964,40 @@ class Bootstrap
);
return $aContext;
}
/**
* get DISABLE_PHP_UPLOAD_EXECUTION value defined in env.ini
* @return int
*/
public static function getDisablePhpUploadExecution()
{
$disablePhpUploadExecution = 0;
if (defined("DISABLE_PHP_UPLOAD_EXECUTION")) {
$disablePhpUploadExecution = (int) DISABLE_PHP_UPLOAD_EXECUTION;
}
return $disablePhpUploadExecution;
}
/**
* Record the action of executing a php file or attempting to upload a php
* file in server.
* @param type $channel
* @param type $level
* @param type $message
* @param type $fileName
*/
public static function registerMonologPhpUploadExecution($channel, $level, $message, $fileName)
{
$context = \Bootstrap::getDefaultContextLog();
$context['action'] = $channel;
$context['filename'] = $fileName;
if (defined("SYS_CURRENT_URI") && defined("SYS_CURRENT_PARMS")) {
$context['url'] = SYS_CURRENT_URI . '?' . SYS_CURRENT_PARMS;
}
$context['usrUid'] = isset($_SESSION['USER_LOGGED']) ? $_SESSION['USER_LOGGED'] : '';
$sysSys = defined("SYS_SYS") ? SYS_SYS : "Undefined";
\Bootstrap::registerMonolog($channel, $level, $message, $context, $sysSys, 'processmaker.log');
}
}

42
gulliver/system/class.g.php
View File

@@ -45,19 +45,16 @@ class G
/**
* is_https
* @return void
*/
* @return bool
*/
public static function is_https()
{
if (isset($_SERVER['HTTPS'])) {
if ($_SERVER['HTTPS']=='on') {
return true;
} else {
return false;
}
} else {
return false;
$is_http = false;
if ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on') ||
(isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')) {
$is_http = true;
}
return $is_http;
}
/**
@@ -1244,7 +1241,14 @@ class G
if ($download) {
G::sendHeaders( $filename, 'text/plain', $download, $downloadFileName );
} else {
require_once ($filename);
if (\Bootstrap::getDisablePhpUploadExecution() === 0) {
\Bootstrap::registerMonologPhpUploadExecution('phpExecution', 200, 'Php Execution', $filename);
require_once ($filename);
} else {
$message = G::LoadTranslation('THE_PHP_FILES_EXECUTION_WAS_DISABLED');
\Bootstrap::registerMonologPhpUploadExecution('phpExecution', 550, $message, $filename);
echo $message;
}
return;
}
break;
@@ -5542,16 +5546,24 @@ class G
$res->status = false;
$allowedTypes = array_map('G::getRealExtension', explode(',', $InpDocAllowedFiles));
// Get the file extension
$aux = pathinfo($fileName);
$fileExtension = isset($aux['extension']) ? strtolower($aux['extension']) : '';
if (\Bootstrap::getDisablePhpUploadExecution() === 1 && $fileExtension === 'php') {
$message = \G::LoadTranslation('THE_UPLOAD_OF_PHP_FILES_WAS_DISABLED');
\Bootstrap::registerMonologPhpUploadExecution('phpUpload', 550, $message, $fileName);
$res->status = false;
$res->message = $message;
return $res;
}
// If required extension is *.* don't validate
if (in_array('*', $allowedTypes)) {
$res->status = true;
return $res;
}
// Get the file extension
$aux = pathinfo($fileName);
$fileExtension = isset($aux['extension']) ? strtolower($aux['extension']) : '';
// If no valid extension finish (unnecesary check file content)
$validExtension = in_array($fileExtension, $allowedTypes);
if (!$validExtension) {

2
pmos.conf.example
View File

@@ -6,7 +6,7 @@
<Directory /example/path/to/processmaker/workflow/public_html>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
AllowOverride All
Order allow,deny
Allow from all
Require all granted

4
workflow/engine/classes/class.case.php
View File

@@ -5325,7 +5325,7 @@ class Cases
$dataLastEmail['configuration'] = $aConfiguration;
$dataLastEmail['subject'] = $sSubject;
$dataLastEmail['pathEmail'] = $pathEmail;
$dataLastEmail['swtplDeafault'] = $swtplDefault;
$dataLastEmail['swtplDefault'] = $swtplDefault;
$dataLastEmail['body'] = $sBody;
$dataLastEmail['from'] = $from;
break;
@@ -5393,7 +5393,7 @@ class Cases
$dataLastEmail['configuration'] = $aConfiguration;
$dataLastEmail['subject'] = $sSubject;
$dataLastEmail['pathEmail'] = $pathEmail;
$dataLastEmail['swtplDeafault'] = $swtplDefault;
$dataLastEmail['swtplDefault'] = $swtplDefault;
$dataLastEmail['body'] = $sBody;
$dataLastEmail['from'] = $from;
break;

3
workflow/engine/classes/class.system.php
View File

@@ -78,7 +78,8 @@ class System
'leave_case_warning' => 0,
'server_hostname_requests_frontend' => '',
'load_headers_ie' => 0,
'redirect_to_mobile' => 0
'redirect_to_mobile' => 0,
'disable_php_upload_execution' => 0
);
/**

12
workflow/engine/content/translations/english/processmaker.en.po
View File

@@ -27419,6 +27419,18 @@ msgstr "External Registration"
msgid "Filter By"
msgstr "Filter By"
# TRANSLATION
# LABEL/THE_UPLOAD_OF_PHP_FILES_WAS_DISABLED
#: LABEL/THE_UPLOAD_OF_PHP_FILES_WAS_DISABLED
msgid "The upload of PHP files was disabled please contact the system administrator."
msgstr "The upload of PHP files was disabled please contact the system administrator."
# TRANSLATION
# LABEL/THE_PHP_FILES_EXECUTION_WAS_DISABLED
#: LABEL/THE_PHP_FILES_EXECUTION_WAS_DISABLED
msgid "The PHP files execution was disabled please contact the system administrator."
msgstr "The PHP files execution was disabled please contact the system administrator."
# TRANSLATION
# LABEL/ID_MAFE_cae0206c31eaa305dd0e847330c5e837
#: LABEL/ID_MAFE_cae0206c31eaa305dd0e847330c5e837

12
workflow/engine/methods/appFolder/appFolderAjax.php
View File

@@ -1534,6 +1534,18 @@ function uploadExternalDocument()
//Read. Instance Document classes
if (!empty($quequeUpload)) {
foreach ($quequeUpload as $key => $fileObj) {
$extension = pathinfo($fileObj['fileName'], PATHINFO_EXTENSION);
if (\Bootstrap::getDisablePhpUploadExecution() === 1 && $extension === 'php') {
$message = \G::LoadTranslation('THE_UPLOAD_OF_PHP_FILES_WAS_DISABLED');
\Bootstrap::registerMonologPhpUploadExecution('phpUpload', 550, $message, $fileObj['fileName']);
$response['error'] = $message;
$response['message'] = $message;
$response['success'] = false;
print_r(G::json_encode($response));
exit();
}
}
$docUid=$_POST['docUid'];
$appDocUid=isset($_POST['APP_DOC_UID'])?$_POST['APP_DOC_UID']:"";
$docVersion=isset($_POST['docVersion'])?$_POST['docVersion']:"";

4
workflow/engine/methods/cases/proxyNewCasesList.php
View File

@@ -10,9 +10,6 @@ if (!isset($_SESSION['USER_LOGGED'])) {
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$_GET = $filter->xssFilterHard($_GET);
$_REQUEST = $filter->xssFilterHard($_REQUEST);
$_SESSION['USER_LOGGED'] = $filter->xssFilterHard($_SESSION['USER_LOGGED']);
try {
$userUid = $_SESSION['USER_LOGGED'];
@@ -187,6 +184,7 @@ try {
);
$response = array();
$response['filters'] = $filters;
$response['totalCount'] = $list->getCountList($userUid, $filters);
$response = $filter->xssFilterHard($response);

10
workflow/engine/src/ProcessMaker/BusinessModel/Cases/InputDocument.php
View File

@@ -971,6 +971,16 @@ class InputDocument
$aFields = array("APP_UID" => $appUid, "DEL_INDEX" => $delIndex, "USR_UID" => $userUid, "DOC_UID" => -1, "APP_DOC_TYPE" => "ATTACHED", "APP_DOC_CREATE_DATE" => date("Y-m-d H:i:s"), "APP_DOC_COMMENT" => "", "APP_DOC_TITLE" => "", "APP_DOC_FILENAME" => $arrayFileName[$i], "APP_DOC_FIELDNAME" => $fieldName);
}
$sExtension = pathinfo($aFields["APP_DOC_FILENAME"]);
if (\Bootstrap::getDisablePhpUploadExecution() === 1 && $sExtension["extension"] === 'php') {
$message = \G::LoadTranslation('THE_UPLOAD_OF_PHP_FILES_WAS_DISABLED');
\Bootstrap::registerMonologPhpUploadExecution('phpUpload', 550, $message, $sFileName);
\G::SendMessageText($message, "ERROR");
$backUrlObj = explode("sys" . SYS_SYS, $_SERVER['HTTP_REFERER']);
\G::header("location: " . "/sys" . SYS_SYS . $backUrlObj[1]);
die();
}
$oAppDocument = new \AppDocument();
$oAppDocument->create($aFields);

5
workflow/engine/src/ProcessMaker/BusinessModel/FilesManager.php
View File

@@ -187,6 +187,11 @@ class FilesManager
if ($extention == '.exe') {
throw new \Exception(\G::LoadTranslation('ID_FILE_UPLOAD_INCORRECT_EXTENSION'));
}
if (\Bootstrap::getDisablePhpUploadExecution() === 1 && $extention === '.php') {
$message = \G::LoadTranslation('THE_UPLOAD_OF_PHP_FILES_WAS_DISABLED');
\Bootstrap::registerMonologPhpUploadExecution('phpUpload', 550, $message, $aData['prf_filename']);
throw new \Exception($message);
}
break;
default:
$sDirectory = PATH_DATA_MAILTEMPLATES . $sProcessUID . PATH_SEP . $sSubDirectory . $aData['prf_filename'];

10
workflow/engine/src/ProcessMaker/BusinessModel/Light.php
View File

@@ -902,6 +902,16 @@ class Light
$response = array();
if (is_array($request_data)) {
foreach ($request_data as $k => $file) {
$ext = pathinfo($file['name'], PATHINFO_EXTENSION);
if (\Bootstrap::getDisablePhpUploadExecution() === 1 && $ext === 'php') {
$message = \G::LoadTranslation('THE_UPLOAD_OF_PHP_FILES_WAS_DISABLED');
\Bootstrap::registerMonologPhpUploadExecution('phpUpload', 550, $message, $file['name']);
$response[$k]['error'] = array(
"code" => "400",
"message" => $message
);
continue;
}
$oCase = new \Cases();
$delIndex = $oCase->getCurrentDelegation($app_uid, $userUid);
$docUid = !empty($file['docUid']) ? $file['docUid'] : -1;

12
workflow/public_html/sysGeneric.php
View File

@@ -337,6 +337,7 @@ define ('WS_IN_LOGIN', isset($config['WS_IN_LOGIN']) ? $config['WS_IN_LOGIN'] :
define('LOAD_HEADERS_IE', $config['load_headers_ie']);
define('LEAVE_CASE_WARNING', $config['leave_case_warning']);
define('REDIRECT_TO_MOBILE', $config['redirect_to_mobile']);
define('DISABLE_PHP_UPLOAD_EXECUTION', $config['disable_php_upload_execution']);
// IIS Compatibility, SERVER_ADDR doesn't exist on that env, so we need to define it.
$_SERVER['SERVER_ADDR'] = isset( $_SERVER['SERVER_ADDR'] ) ? $_SERVER['SERVER_ADDR'] : $_SERVER['SERVER_NAME'];
@@ -801,6 +802,17 @@ if (substr( SYS_COLLECTION, 0, 8 ) === 'gulliver') {
die();
}
Bootstrap::initVendors();
Bootstrap::LoadSystem( 'monologProvider' );
if (\Bootstrap::getDisablePhpUploadExecution() === 1) {
$message = \G::LoadTranslation('THE_PHP_FILES_EXECUTION_WAS_DISABLED');
\Bootstrap::registerMonologPhpUploadExecution('phpExecution', 550, $message, $phpFile);
echo $message;
die();
} else {
\Bootstrap::registerMonologPhpUploadExecution('phpExecution', 200, 'Php Execution', $phpFile);
}
$avoidChangedWorkspaceValidation = true;
$bWE = true;
//$phpFile = PATH_DATA_SITE . 'public' . PATH_SEP . SYS_COLLECTION . PATH_SEP . $auxPart[ count($auxPart)-1];