fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

HOR-3290 improvement

Browse Source
This commit is contained in:
Roly Rudy Gutierrez Pinto
2017-05-30 10:57:29 -04:00
parent ccc3552e12
commit f1e9e1e492
2 changed files with 44 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
gulliver/system/class.g.php
View File

@@ -2951,6 +2951,16 @@ class G
return (bool) preg_match( '/^[0-9A-Za-z]{14,}/', $uid ); return (bool) preg_match( '/^[0-9A-Za-z]{14,}/', $uid );
} }
/**
* Verify if the input string is a valid UID of size 32
* @param string $uid
* @return boolean
*/
public static function verifyUniqueID32($uid)
{
return (bool) preg_match('/^[0-9A-Za-z]{32,32}$/', $uid);
}
/** /**
* is_utf8 * is_utf8
* *

46
workflow/engine/methods/services/ActionsByEmailDataFormPost.php
View File

@@ -29,35 +29,35 @@ if (PMLicensedFeatures
*/ */
$backupSession = serialize($_SESSION); $backupSession = serialize($_SESSION);
if ($_REQUEST['APP_UID'] == '') { if (empty($_GET['APP_UID'])) {
if($_GET['APP_UID'] == ''){ $sw = empty($_REQUEST['APP_UID']);
if (!$sw && !G::verifyUniqueID32($_REQUEST['APP_UID'])) {
$_GET['APP_UID'] = $_REQUEST['APP_UID'];
}
if ($sw) {
throw new Exception('The parameter APP_UID is empty.'); throw new Exception('The parameter APP_UID is empty.');
} else {
$_REQUEST['APP_UID'] = $_GET['APP_UID'];
} }
} }
if ($_REQUEST['DEL_INDEX'] == '') { if (empty($_REQUEST['DEL_INDEX'])) {
throw new Exception('The parameter DEL_INDEX is empty.'); throw new Exception('The parameter DEL_INDEX is empty.');
} }
if ($_REQUEST['ABER'] == '') { if (empty($_REQUEST['ABER'])) {
throw new Exception('The parameter ABER is empty.'); throw new Exception('The parameter ABER is empty.');
} }
if (!isset($_REQUEST['form'])) { $appUid = G::decrypt($_GET['APP_UID'], URL_KEY);
$_REQUEST['form'] = array(); $delIndex = G::decrypt($_REQUEST['DEL_INDEX'], URL_KEY);
} $aber = G::decrypt($_REQUEST['ABER'], URL_KEY);
$forms = isset($_REQUEST['form']) ? $_REQUEST['form'] : [];
$_REQUEST['APP_UID'] = G::decrypt($_REQUEST['APP_UID'], URL_KEY);
$_REQUEST['DEL_INDEX'] = G::decrypt($_REQUEST['DEL_INDEX'], URL_KEY);
$_REQUEST['ABER'] = G::decrypt($_REQUEST['ABER'], URL_KEY);
G::LoadClass('case'); G::LoadClass('case');
$case = new Cases(); $case = new Cases();
$casesFields = $case->loadCase($_REQUEST['APP_UID'], $_REQUEST['DEL_INDEX']); $casesFields = $case->loadCase($appUid, $delIndex);
$casesFields['APP_DATA'] = array_merge($casesFields['APP_DATA'], $_REQUEST['form']); $casesFields['APP_DATA'] = array_merge($casesFields['APP_DATA'], $forms);
//Get user info //Get user info
$current_user_uid = null; $current_user_uid = null;
@@ -66,8 +66,8 @@ if (PMLicensedFeatures
$criteria = new Criteria("workflow"); $criteria = new Criteria("workflow");
$criteria->addSelectColumn(AppDelegationPeer::USR_UID); $criteria->addSelectColumn(AppDelegationPeer::USR_UID);
$criteria->add(AppDelegationPeer::APP_UID, $_REQUEST["APP_UID"]); $criteria->add(AppDelegationPeer::APP_UID, $appUid);
$criteria->add(AppDelegationPeer::DEL_INDEX, $_REQUEST["DEL_INDEX"]); $criteria->add(AppDelegationPeer::DEL_INDEX, $delIndex);
$rsSQL = AppDelegationPeer::doSelectRS($criteria); $rsSQL = AppDelegationPeer::doSelectRS($criteria);
$rsSQL->setFetchmode(ResultSet::FETCHMODE_ASSOC); $rsSQL->setFetchmode(ResultSet::FETCHMODE_ASSOC);
@@ -101,18 +101,18 @@ if (PMLicensedFeatures
} }
//Update case info //Update case info
$case->updateCase($_REQUEST['APP_UID'], $casesFields); $case->updateCase($appUid, $casesFields);
G::LoadClass('wsBase'); G::LoadClass('wsBase');
$wsBaseInstance = new wsBase(); $wsBaseInstance = new wsBase();
$result = $wsBaseInstance->derivateCase($casesFields['CURRENT_USER_UID'], $_REQUEST['APP_UID'], $_REQUEST ['DEL_INDEX'], true); $result = $wsBaseInstance->derivateCase($casesFields['CURRENT_USER_UID'], $appUid, $delIndex, true);
$code = (is_array($result) ? $result['status_code'] : $result->status_code); $code = (is_array($result) ? $result['status_code'] : $result->status_code);
$dataResponses = array(); $dataResponses = array();
$dataResponses['ABE_REQ_UID'] = $_REQUEST['ABER']; $dataResponses['ABE_REQ_UID'] = $aber;
$dataResponses['ABE_RES_CLIENT_IP'] = $_SERVER['REMOTE_ADDR']; $dataResponses['ABE_RES_CLIENT_IP'] = $_SERVER['REMOTE_ADDR'];
$dataResponses['ABE_RES_DATA'] = serialize($_REQUEST['form']); $dataResponses['ABE_RES_DATA'] = serialize($forms);
$dataResponses['ABE_RES_STATUS'] = 'PENDING'; $dataResponses['ABE_RES_STATUS'] = 'PENDING';
$dataResponses['ABE_RES_MESSAGE'] = ''; $dataResponses['ABE_RES_MESSAGE'] = '';
@@ -129,13 +129,13 @@ if (PMLicensedFeatures
//Save Cases Notes //Save Cases Notes
include_once 'utils.php'; include_once 'utils.php';
$dataAbeRequests = loadAbeRequest($_REQUEST['ABER']); $dataAbeRequests = loadAbeRequest($aber);
$dataAbeConfiguration = loadAbeConfiguration($dataAbeRequests['ABE_UID']); $dataAbeConfiguration = loadAbeConfiguration($dataAbeRequests['ABE_UID']);
if ($dataAbeConfiguration['ABE_CASE_NOTE_IN_RESPONSE'] == 1) { if ($dataAbeConfiguration['ABE_CASE_NOTE_IN_RESPONSE'] == 1) {
$response = new stdclass(); $response = new stdclass();
$response->usrUid = $casesFields['APP_DATA']['USER_LOGGED']; $response->usrUid = $casesFields['APP_DATA']['USER_LOGGED'];
$response->appUid = $_REQUEST['APP_UID']; $response->appUid = $appUid;
$response->noteText = "Check the information that was sent for the receiver: " . $dataAbeRequests['ABE_REQ_SENT_TO']; $response->noteText = "Check the information that was sent for the receiver: " . $dataAbeRequests['ABE_REQ_SENT_TO'];
postNote($response); postNote($response);
@@ -147,7 +147,7 @@ if (PMLicensedFeatures
if (isset($_FILES ['form'])) { if (isset($_FILES ['form'])) {
if (isset($_FILES["form"]["name"]) && count($_FILES["form"]["name"]) > 0) { if (isset($_FILES["form"]["name"]) && count($_FILES["form"]["name"]) > 0) {
$oInputDocument = new \ProcessMaker\BusinessModel\Cases\InputDocument(); $oInputDocument = new \ProcessMaker\BusinessModel\Cases\InputDocument();
$oInputDocument->uploadFileCase($_FILES, $case, $casesFields, $current_user_uid, $_REQUEST['APP_UID'], $_REQUEST["DEL_INDEX"]); $oInputDocument->uploadFileCase($_FILES, $case, $casesFields, $current_user_uid, $appUid, $delIndex);
} }
} }