diff --git a/gulliver/core/Session/PmSessionHandler.php b/gulliver/core/Session/PmSessionHandler.php
index 94ab7d676..6d3b7b321 100644
--- a/gulliver/core/Session/PmSessionHandler.php
+++ b/gulliver/core/Session/PmSessionHandler.php
@@ -229,7 +229,7 @@ class PmSessionHandler //implements SessionHandlerInterface
/**
* Garbase Collection method
*
- * @param int $maxlifetime max time that especify if the session is active or not
+ * @param int $maxlifetime max time that specifies if the session is active or not
* @return bool always returns true
*/
public function gc($maxlifetime)
@@ -255,4 +255,4 @@ class PmSessionHandler //implements SessionHandlerInterface
error_log('PM Session Handler :: ' . print_r($data, true));
}
-}
\ No newline at end of file
+}
diff --git a/gulliver/js/highlight/core/test.html b/gulliver/js/highlight/core/test.html
index c1256f8a5..e65c1b716 100755
--- a/gulliver/js/highlight/core/test.html
+++ b/gulliver/js/highlight/core/test.html
@@ -160,7 +160,7 @@ abstract class Zend_Uri
*/
$uri = explode(':', $uri, 2);
$scheme = strtolower($uri[0]);
- $schemeSpecific = isset($uri[1]) ? $uri[1] : '';
+ $schemeSpecify = isset($uri[1]) ? $uri[1] : '';
if (!strlen($scheme)) {
throw new Zend_Uri_Exception('An empty string was supplied for the scheme');
@@ -617,4 +617,4 @@ public boolean unpack(container packedClass)
<div id="contents">
<p>Hello, World!
</div>
-
\ No newline at end of file
+
diff --git a/gulliver/system/class.bootstrap.php b/gulliver/system/class.bootstrap.php
index f625536db..0edcae85b 100644
--- a/gulliver/system/class.bootstrap.php
+++ b/gulliver/system/class.bootstrap.php
@@ -463,7 +463,7 @@ class Bootstrap
$filter = new InputFilter();
$file = $filter->xssFilterHard($file);
$downloadFileName = $filter->xssFilterHard($downloadFileName);
-
+
$fileNameIni = $file;
$browserCacheFilesUid = G::browserCacheFilesGetUid();
@@ -1273,7 +1273,7 @@ class Bootstrap
$checkSum = '';
foreach ($files as $file) {
if (is_file($file)) {
- $checkSum .= md5_file($file);
+ $checkSum .= Bootstrap::encryptFileOld($file);
}
}
return Bootstrap::encryptOld($checkSum . $key);
@@ -1376,7 +1376,7 @@ class Bootstrap
{
global $translation;
- // if the second parameter $lang is an array does mean it was especified to use as data
+ // if the second parameter ($lang) is an array, it was specified to use it as data
if (is_array($lang)) {
$data = $lang;
$lang = SYS_LANG;
@@ -1409,7 +1409,7 @@ class Bootstrap
*
* @param $path path to scan recursively the write permission
* @param $flags to notive glob function
- * @param $pattern pattern to filter some especified files
+ * @param $pattern pattern to filter some specified files
* @return array containing the recursive glob results
*/
public function rglob($pattern = '*', $flags = 0, $path = '')
@@ -2894,7 +2894,7 @@ class Bootstrap
if ($hashType == '') {
$hashType = Bootstrap::getPasswordHashType();
}
-
+
G::LoadSystem('inputfilter');
$filter = new InputFilter();
$hashType = $filter->validateInput($hashType);
@@ -2934,4 +2934,3 @@ class Bootstrap
return md5($string);
}
}
-
diff --git a/gulliver/system/class.g.php b/gulliver/system/class.g.php
index 846fbd558..ca57a81f0 100755
--- a/gulliver/system/class.g.php
+++ b/gulliver/system/class.g.php
@@ -2095,7 +2095,7 @@ class G
{
global $translation;
- // if the second parameter $lang is an array does mean it was especified to use as data
+ // if the second parameter ($lang) is an array, it was specified to use as data
if (is_array( $lang )) {
$data = $lang;
$lang = SYS_LANG;
@@ -2634,8 +2634,8 @@ class G
$oldumask = umask( 0 );
if (! is_dir( $path )) {
G::verifyPath( $path, true );
- }
-
+ }
+
if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
$file = str_replace("\\\\","\\",$file,$count);
if(!$count) {
@@ -2647,13 +2647,13 @@ class G
}
}
$file = substr($file,0,-1);
- }
+ }
}
-
+
G::LoadSystem('inputfilter');
$filter = new InputFilter();
- $file = $filter->validateInput($file, "path");
-
+ $file = $filter->validateInput($file, "path");
+
move_uploaded_file( $file, $path . "/" . $nameToSave );
@chmod( $path . "/" . $nameToSave, $permission );
umask( $oldumask );
@@ -3133,6 +3133,9 @@ class G
*/
public function evalJScript ($c)
{
+ G::LoadSystem('inputfilter');
+ $filter = new InputFilter();
+ $c = $filter->xssFilterHard($c);
print ("") ;
}
@@ -3634,7 +3637,7 @@ class G
* @author Erik Amaru Ortiz
*
* @param $path path to scan recursively the write permission
- * @param $pattern pattern to filter some especified files
+ * @param $pattern pattern to filter some specified files
* @return if the $path, assuming that is a directory -> all files in it are writeables or not
*/
public function is_rwritable($path, $pattern = '*')
@@ -3655,7 +3658,7 @@ class G
*
* @param $path path to scan recursively the write permission
* @param $flags to notive glob function
- * @param $pattern pattern to filter some especified files
+ * @param $pattern pattern to filter some specified files
* @return array containing the recursive glob results
*/
public static function rglob($pattern = '*', $flags = 0, $path = '')
@@ -4582,7 +4585,7 @@ class G
$checkSum = '';
foreach ($files as $file) {
if (is_file( $file )) {
- $checkSum .= md5_file( $file );
+ $checkSum .= G::encryptFileOld( $file );
}
}
return G::encryptOld( $checkSum . $key );
@@ -5600,6 +5603,17 @@ class G
return md5($string);
}
/**
+ * encryptFileOld
+ *
+ * @param string $string
+ *
+ * @return md5_file($string)
+ */
+ public function encryptFileOld ($string)
+ {
+ return md5_file($string);
+ }
+ /**
* crc32
*
* @param string $string
@@ -5705,4 +5719,3 @@ function __ ($msgID, $lang = SYS_LANG, $data = null)
{
return G::LoadTranslation( $msgID, $lang, $data );
}
-
diff --git a/gulliver/thirdparty/creole/drivers/pgsql/metadata/PgSQLTableInfo.php b/gulliver/thirdparty/creole/drivers/pgsql/metadata/PgSQLTableInfo.php
index be6988af0..4e9febde8 100755
--- a/gulliver/thirdparty/creole/drivers/pgsql/metadata/PgSQLTableInfo.php
+++ b/gulliver/thirdparty/creole/drivers/pgsql/metadata/PgSQLTableInfo.php
@@ -80,8 +80,7 @@ class PgSQLTableInfo extends TableInfo {
require_once($pathTrunk.'gulliver/system/class.inputfilter.php');
$filter = new InputFilter();
$this->oid = $filter->validateInput($this->oid, 'int');
-
- $result = pg_query ($this->conn->getResource(), sprintf ("SELECT
+ $query = "SELECT
att.attname,
att.atttypmod,
att.atthasdef,
@@ -102,7 +101,9 @@ class PgSQLTableInfo extends TableInfo {
LEFT OUTER JOIN pg_attrdef def ON adrelid=att.attrelid AND adnum=att.attnum
WHERE att.attrelid = %d AND att.attnum > 0
AND att.attisdropped IS FALSE
- ORDER BY att.attnum", $this->oid));
+ ORDER BY att.attnum";
+ $query = $filter->preventSqlInjection($query);
+ $result = pg_query ($this->conn->getResource(), sprintf ($query, $this->oid));
if (!$result) {
throw new SQLException("Could not list fields for table: " . $this->name, pg_last_error($this->conn->getResource()));
@@ -224,8 +225,7 @@ class PgSQLTableInfo extends TableInfo {
require_once($pathTrunk.'gulliver/system/class.inputfilter.php');
$filter = new InputFilter();
$strDomain = $filter->validateInput($strDomain);
-
- $result = pg_query ($this->conn->getResource(), sprintf ("SELECT
+ $query = "SELECT
d.typname as domname,
b.typname as basetype,
d.typlen,
@@ -237,7 +237,9 @@ class PgSQLTableInfo extends TableInfo {
WHERE
d.typtype = 'd'
AND d.typname = '%s'
- ORDER BY d.typname", $strDomain));
+ ORDER BY d.typname";
+ $query = $filter->preventSqlInjection($query);
+ $result = pg_query ($this->conn->getResource(), sprintf ($query, $strDomain));
if (!$result) {
throw new SQLException("Query for domain [" . $strDomain . "] failed.", pg_last_error($this->conn->getResource()));
@@ -276,7 +278,7 @@ class PgSQLTableInfo extends TableInfo {
$filter = new InputFilter();
$this->oid = $filter->validateInput($this->oid, 'int');
- $result = pg_query ($this->conn->getResource(), sprintf ("SELECT
+ $query = "SELECT
conname,
confupdtype,
confdeltype,
@@ -294,7 +296,9 @@ class PgSQLTableInfo extends TableInfo {
AND conrelid = %d
AND a2.attnum = ct.conkey[1]
AND a1.attnum = ct.confkey[1]
- ORDER BY conname", $this->oid));
+ ORDER BY conname";
+ $query = $filter->preventSqlInjection($query);
+ $result = pg_query ($this->conn->getResource(), sprintf ($query, $this->oid));
if (!$result) {
throw new SQLException("Could not list foreign keys for table: " . $this->name, pg_last_error($this->conn->getResource()));
}
@@ -371,15 +375,17 @@ class PgSQLTableInfo extends TableInfo {
$filter = new InputFilter();
$this->oid = $filter->validateInput($this->oid, 'int');
- $result = pg_query ($this->conn->getResource(), sprintf ("SELECT
- DISTINCT ON(cls.relname)
- cls.relname as idxname,
- indkey,
- indisunique
- FROM pg_index idx
- JOIN pg_class cls ON cls.oid=indexrelid
- WHERE indrelid = %d AND NOT indisprimary
- ORDER BY cls.relname", $this->oid));
+ $query = "SELECT
+ DISTINCT ON(cls.relname)
+ cls.relname as idxname,
+ indkey,
+ indisunique
+ FROM pg_index idx
+ JOIN pg_class cls ON cls.oid=indexrelid
+ WHERE indrelid = %d AND NOT indisprimary
+ ORDER BY cls.relname";
+ $query = $filter->preventSqlInjection($query);
+ $result = pg_query ($this->conn->getResource(), sprintf ($query, $this->oid));
if (!$result) {
@@ -407,10 +413,12 @@ class PgSQLTableInfo extends TableInfo {
{
$intColNum = $filter->validateInput($intColNum, 'int');
- $result2 = pg_query ($this->conn->getResource(), sprintf ("SELECT a.attname
+ $query = "SELECT a.attname
FROM pg_catalog.pg_class c JOIN pg_catalog.pg_attribute a ON a.attrelid = c.oid
WHERE c.oid = '%s' AND a.attnum = %d AND NOT a.attisdropped
- ORDER BY a.attnum", $this->oid, $intColNum));
+ ORDER BY a.attnum";
+ $query = $filter->preventSqlInjection($query);
+ $result2 = pg_query ($this->conn->getResource(), sprintf ($query, $this->oid, $intColNum));
if (!$result2)
{
throw new SQLException("Could not list indexes keys for table: " . $this->name, pg_last_error($this->conn->getResource()));
@@ -444,7 +452,7 @@ class PgSQLTableInfo extends TableInfo {
$filter = new InputFilter();
$this->oid = $filter->validateInput($this->oid);
- $result = pg_query($this->conn->getResource(), sprintf ("SELECT
+ $query = "SELECT
DISTINCT ON(cls.relname)
cls.relname as idxname,
indkey,
@@ -452,7 +460,9 @@ class PgSQLTableInfo extends TableInfo {
FROM pg_index idx
JOIN pg_class cls ON cls.oid=indexrelid
WHERE indrelid = %s AND indisprimary
- ORDER BY cls.relname", $this->oid));
+ ORDER BY cls.relname";
+ $query = $filter->preventSqlInjection($query);
+ $result = pg_query($this->conn->getResource(), sprintf ($query, $this->oid));
if (!$result) {
throw new SQLException("Could not list primary keys for table: " . $this->name, pg_last_error($this->conn->getResource()));
}
@@ -477,10 +487,12 @@ class PgSQLTableInfo extends TableInfo {
{
$intColNum = $filter->validateInput($intColNum, 'int');
- $result2 = pg_query ($this->conn->getResource(), sprintf ("SELECT a.attname
+ $query = "SELECT a.attname
FROM pg_catalog.pg_class c JOIN pg_catalog.pg_attribute a ON a.attrelid = c.oid
WHERE c.oid = '%s' AND a.attnum = %d AND NOT a.attisdropped
- ORDER BY a.attnum", $this->oid, $intColNum));
+ ORDER BY a.attnum";
+ $query = $filter->preventSqlInjection($query);
+ $result2 = pg_query ($this->conn->getResource(), sprintf ($query, $this->oid, $intColNum));
if (!$result2)
{
throw new SQLException("Could not list indexes keys for table: " . $this->name, pg_last_error($this->conn->getResource()));
diff --git a/gulliver/thirdparty/creole/drivers/sqlite/metadata/SQLiteTableInfo.php b/gulliver/thirdparty/creole/drivers/sqlite/metadata/SQLiteTableInfo.php
index c88eab6a1..98e9c32ff 100755
--- a/gulliver/thirdparty/creole/drivers/sqlite/metadata/SQLiteTableInfo.php
+++ b/gulliver/thirdparty/creole/drivers/sqlite/metadata/SQLiteTableInfo.php
@@ -123,7 +123,9 @@ class SQLiteTableInfo extends TableInfo {
$this->indexes[$name] = new IndexInfo($name);
// get columns for that index
- $res2 = sqlite_query($this->conn->getResource(), "PRAGMA index_info('$name')");
+ $query = "PRAGMA index_info('$name')";
+ $query = $filter->preventSqlInjection($query);
+ $res2 = sqlite_query($this->conn->getResource(), $query);
while($row2 = sqlite_fetch_array($res2, SQLITE_ASSOC)) {
$colname = $row2['name'];
$this->indexes[$name]->addColumn($this->columns[ $colname ]);
diff --git a/gulliver/thirdparty/pear/PEAR/Frontend/CLI.php b/gulliver/thirdparty/pear/PEAR/Frontend/CLI.php
index 55ee979eb..67c15b9ea 100755
--- a/gulliver/thirdparty/pear/PEAR/Frontend/CLI.php
+++ b/gulliver/thirdparty/pear/PEAR/Frontend/CLI.php
@@ -72,6 +72,15 @@ class PEAR_Frontend_CLI extends PEAR
function _displayLine($text)
{
+ $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
+ $docuroot = explode( '/', $realdocuroot );
+ array_pop( $docuroot );
+ $pathhome = implode( '/', $docuroot ) . '/';
+ array_pop( $docuroot );
+ $pathTrunk = implode( '/', $docuroot ) . '/';
+ require_once($pathTrunk.'gulliver/system/class.inputfilter.php');
+ $filter = new InputFilter();
+ $text = $filter->xssFilterHard($text);
print "$this->lp$text\n";
}
@@ -124,15 +133,25 @@ class PEAR_Frontend_CLI extends PEAR
function userDialog($command, $prompts, $types = array(), $defaults = array())
{
+ $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
+ $docuroot = explode( '/', $realdocuroot );
+ array_pop( $docuroot );
+ $pathhome = implode( '/', $docuroot ) . '/';
+ array_pop( $docuroot );
+ $pathTrunk = implode( '/', $docuroot ) . '/';
+ require_once($pathTrunk.'gulliver/system/class.inputfilter.php');
+ $filter = new InputFilter();
$result = array();
if (is_array($prompts)) {
$fp = fopen("php://stdin", "r");
foreach ($prompts as $key => $prompt) {
$type = $types[$key];
$default = @$defaults[$key];
+ $default = $filter->xssFilterHard($default);
if ($type == 'password') {
system('stty -echo');
}
+ $prompt = $filter->xssFilterHard($prompt);
print "$this->lp$prompt ";
if ($default) {
print "[$default] ";
diff --git a/gulliver/thirdparty/pear/SOAP/Interop/interop_client_run.php b/gulliver/thirdparty/pear/SOAP/Interop/interop_client_run.php
index c77eb78f1..70f98dddb 100755
--- a/gulliver/thirdparty/pear/SOAP/Interop/interop_client_run.php
+++ b/gulliver/thirdparty/pear/SOAP/Interop/interop_client_run.php
@@ -82,10 +82,19 @@ function print_test_names()
function print_endpoint_names()
{
global $iop;
+ $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
+ $docuroot = explode( '/', $realdocuroot );
+ array_pop( $docuroot );
+ $pathhome = implode( '/', $docuroot ) . '/';
+ array_pop( $docuroot );
+ $pathTrunk = implode( '/', $docuroot ) . '/';
+ require_once($pathTrunk.'gulliver/system/class.inputfilter.php');
+ $filter = new InputFilter();
+ $currTest = $filter->xssFilterHard($iop->currentTest);
if (!$iop->getEndpoints($iop->currentTest)) {
- die("Unable to retrieve endpoints for $iop->currentTest\n");
+ die("Unable to retrieve endpoints for $currTest\n");
}
- print "Interop Servers for $iop->currentTest:\n";
+ print "Interop Servers for $currTestt:\n";
foreach ($iop->endpoints as $server) {
print " $server->name\n";
}
diff --git a/gulliver/thirdparty/pear/class.wsdlcache.php b/gulliver/thirdparty/pear/class.wsdlcache.php
index 048a8a4f3..6e5075bed 100755
--- a/gulliver/thirdparty/pear/class.wsdlcache.php
+++ b/gulliver/thirdparty/pear/class.wsdlcache.php
@@ -134,7 +134,7 @@ class wsdlcache {
$this->debug("Lock for $filename already exists");
return false;
}
- $this->fplock[md5($filename)] = fopen($filename.".lock", "w");
+ $this->fplock[G::encryptOld($filename)] = fopen($filename.".lock", "w");
if ($mode == "r") {
return flock($this->fplock[G::encryptOld($filename)], LOCK_SH);
} else {
@@ -173,9 +173,18 @@ class wsdlcache {
* @access private
*/
function releaseMutex($filename) {
- $ret = flock($this->fplock[md5($filename)], LOCK_UN);
- fclose($this->fplock[md5($filename)]);
- unset($this->fplock[md5($filename)]);
+ if(!class_exists('G')){
+ $realdocuroot = str_replace( '\\', '/', $_SERVER['DOCUMENT_ROOT'] );
+ $docuroot = explode( '/', $realdocuroot );
+ array_pop( $docuroot );
+ $pathhome = implode( '/', $docuroot ) . '/';
+ array_pop( $docuroot );
+ $pathTrunk = implode( '/', $docuroot ) . '/';
+ require_once($pathTrunk.'gulliver/system/class.g.php');
+ }
+ $ret = flock($this->fplock[G::encryptOld($filename)], LOCK_UN);
+ fclose($this->fplock[G::encryptOld($filename)]);
+ unset($this->fplock[G::encryptOld($filename)]);
if (! $ret) {
$this->debug("Not able to release lock for $filename");
}
diff --git a/gulliver/thirdparty/phpmailer/class.phpmailer.php b/gulliver/thirdparty/phpmailer/class.phpmailer.php
index 830cd592d..50ae12c4f 100755
--- a/gulliver/thirdparty/phpmailer/class.phpmailer.php
+++ b/gulliver/thirdparty/phpmailer/class.phpmailer.php
@@ -2527,7 +2527,7 @@ class PHPMailer {
$mimeType = self::_mime_types($ext);
if ( strlen($basedir) > 1 && substr($basedir, -1) != '/') { $basedir .= '/'; }
if ( strlen($directory) > 1 && substr($directory, -1) != '/') { $directory .= '/'; }
- if ( $this->AddEmbeddedImage($basedir.$directory.$filename, md5($url), $filename, 'base64', $mimeType) ) {
+ if ( $this->AddEmbeddedImage($basedir.$directory.$filename, G::encryptOld($url), $filename, 'base64', $mimeType) ) {
$message = preg_replace("/".$images[1][$i]."=[\"']".preg_quote($url, '/')."[\"']/Ui", $images[1][$i]."=\"".$cid."\"", $message);
}
}
diff --git a/workflow/engine/bin/cron.php b/workflow/engine/bin/cron.php
index 4e0932e73..9ab67a4ad 100755
--- a/workflow/engine/bin/cron.php
+++ b/workflow/engine/bin/cron.php
@@ -5,7 +5,7 @@
*/
if ( !defined('PATH_SEP') ) {
- define('PATH_SEP', ( substr(PHP_OS, 0, 3) == 'WIN' ) ? '\\' : '/');
+ define("PATH_SEP", (substr(PHP_OS, 0, 3) == "WIN")? "\\" : "/");
}
$docuroot = explode(PATH_SEP, str_replace('engine' . PATH_SEP . 'methods' . PATH_SEP . 'services', '', dirname(__FILE__)));
@@ -129,7 +129,7 @@ if ($force || !$bCronIsRunning) {
$oDirectory = dir(PATH_DB);
$cws = 0;
- while($sObject = $oDirectory->read()) {
+ while (($sObject = $oDirectory->read()) !== false) {
if (($sObject != ".") && ($sObject != "..")) {
if (is_dir(PATH_DB . $sObject)) {
if (file_exists(PATH_DB . $sObject . PATH_SEP . "db.php")) {
@@ -141,6 +141,10 @@ if ($force || !$bCronIsRunning) {
}
}
} else {
+ if (!is_dir(PATH_DB . $ws) || !file_exists(PATH_DB . $ws . PATH_SEP . "db.php")) {
+ throw new Exception("Error: The workspace \"$ws\" does not exist");
+ }
+
$cws = 1;
system("php -f \"" . dirname(__FILE__) . PATH_SEP . "cron_single.php\" $ws \"$sDate\" \"$dateSystem\" $argsx", $retval);
diff --git a/workflow/engine/bin/cron_single.php b/workflow/engine/bin/cron_single.php
index dbe2951c0..4d7b59945 100755
--- a/workflow/engine/bin/cron_single.php
+++ b/workflow/engine/bin/cron_single.php
@@ -10,11 +10,6 @@ register_shutdown_function(
)
);
-/**
- * cron_single.php
- * @package workflow-engine-bin
- */
-
if (!defined('SYS_LANG')) {
define('SYS_LANG', 'en');
}
@@ -220,9 +215,6 @@ Bootstrap::registerClass('CaseTrackerObject', PATH_HOME . "engine/classes/mod
Bootstrap::registerClass('BaseCaseTrackerObjectPeer',PATH_HOME . "engine/classes/model/om/BaseCaseTrackerObjectPeer.php");
Bootstrap::registerClass('CaseTrackerObjectPeer', PATH_HOME . "engine/classes/model/CaseTrackerObjectPeer.php");
-Bootstrap::registerClass('BaseConfiguration', PATH_HOME . "engine/classes/model/om/BaseConfiguration.php");
-Bootstrap::registerClass('Configuration', PATH_HOME . "engine/classes/model/Configuration.php");
-
Bootstrap::registerClass('BaseDbSource', PATH_HOME . "engine/classes/model/om/BaseDbSource.php");
Bootstrap::registerClass('DbSource', PATH_HOME . "engine/classes/model/DbSource.php");
@@ -367,7 +359,7 @@ Bootstrap::registerClass("AddonsManagerPeer", PATH_HOME . "engine" . PATH_SEP
Bootstrap::registerClass('dashboards', PATH_HOME . "engine/classes/class.dashboards.php");
/*----------------------------------********---------------------------------*/
-$arrayClass = array("EmailServer", "ListInbox", "ListParticipatedHistory");
+$arrayClass = array("Configuration", "EmailServer", "ListInbox", "ListParticipatedHistory");
foreach ($arrayClass as $value) {
Bootstrap::registerClass("Base" . $value, PATH_HOME . "engine" . PATH_SEP . "classes" . PATH_SEP . "model" . PATH_SEP . "om" . PATH_SEP . "Base" . $value . ".php");
diff --git a/workflow/engine/bin/messageeventcron.php b/workflow/engine/bin/messageeventcron.php
index e8d1d9a50..4d884768d 100644
--- a/workflow/engine/bin/messageeventcron.php
+++ b/workflow/engine/bin/messageeventcron.php
@@ -114,6 +114,10 @@ try {
}
}
} else {
+ if (!is_dir(PATH_DB . $workspace) || !file_exists(PATH_DB . $workspace . PATH_SEP . "db.php")) {
+ throw new Exception("Error: The workspace \"$workspace\" does not exist");
+ }
+
$countw++;
passthru("php -f \"$messageEventCronSinglePath\" $workspace \"" . base64_encode(PATH_HOME) . "\" \"" . base64_encode(PATH_TRUNK) . "\" \"" . base64_encode(PATH_OUTTRUNK) . "\"");
diff --git a/workflow/engine/bin/rest-gen b/workflow/engine/bin/rest-gen
index aa2135bc2..e5b3bf127 100755
--- a/workflow/engine/bin/rest-gen
+++ b/workflow/engine/bin/rest-gen
@@ -24,8 +24,8 @@ Usage: {$argv[0]} [build-crud] [gen-ini] [-p ] [-w
Options:
build-crud : Task, build Rest Crud API.
gen-ini : Task, generates the rest config ini file.
- -p : Especify a plugin to set as enviroment to perform the tasks.
- -w : Especify a workspace to set as enviroment to perform the tasks.
+ -p : Specifies a plugin to set as environment to perform the tasks.
+ -w : Specifies a workspace to set as environment to perform the tasks.
EOT;
@@ -42,7 +42,7 @@ try {
case 'gen-ini':
if (isset($argv[2])) {
if (! isset($argv[3])) {
- throw new Exception("Missing option, need especify a valid argument after option '{$argv[2]}'");
+ throw new Exception("Missing option, need specify a valid argument after option '{$argv[2]}'");
}
switch ($argv[2]) {
diff --git a/workflow/engine/bin/tasks/cliUpgrade.php b/workflow/engine/bin/tasks/cliUpgrade.php
index 5d6bd71bf..958413427 100755
--- a/workflow/engine/bin/tasks/cliUpgrade.php
+++ b/workflow/engine/bin/tasks/cliUpgrade.php
@@ -217,7 +217,7 @@ function run_unify_database($args)
if ($count > 1) {
if(!Bootstrap::isLinuxOs()){
- CLI::error("This is not a Linux enviroment, please especify workspace.\n");
+ CLI::error("This is not a Linux enviroment, please specify workspace.\n");
return;
}
}
diff --git a/workflow/engine/classes/class.Upgrade.php b/workflow/engine/classes/class.Upgrade.php
index 4e830c09f..2f0f0b903 100644
--- a/workflow/engine/classes/class.Upgrade.php
+++ b/workflow/engine/classes/class.Upgrade.php
@@ -98,7 +98,7 @@ class Upgrade
$installedMD5 = "";
} else {
$time = microtime(1);
- $installedMD5 = md5_file($installedFile);
+ $installedMD5 = G::encryptFileOld($installedFile);
$checksumTime += microtime(1) - $time;
}
$archiveMD5 = $checksum;
diff --git a/workflow/engine/classes/class.derivation.php b/workflow/engine/classes/class.derivation.php
index 7e81cab80..1085bab39 100755
--- a/workflow/engine/classes/class.derivation.php
+++ b/workflow/engine/classes/class.derivation.php
@@ -752,14 +752,19 @@ class Derivation
//$appFields['APP_PROC_CODE'] = $nextDel['TAS_DEF_PROC_CODE'];
/*----------------------------------********---------------------------------*/
if ($nextDel['TAS_UID'] != '-1') {
- $taskCur = TaskPeer::retrieveByPK($nextDel['TAS_UID']);
- $aTask = $taskCur->toArray( BasePeer::TYPE_FIELDNAME );
+ $taskNex = TaskPeer::retrieveByPK($nextDel['TAS_UID']);
+ $aTask = $taskNex->toArray( BasePeer::TYPE_FIELDNAME );
$arrayTaskTypeToExclude = array("WEBENTRYEVENT", "END-MESSAGE-EVENT", "START-MESSAGE-EVENT", "INTERMEDIATE-THROW-MESSAGE-EVENT", "INTERMEDIATE-CATCH-MESSAGE-EVENT");
if (!in_array($aTask['TAS_TYPE'], $arrayTaskTypeToExclude)) {
if (!empty($iNewDelIndex) && empty($aSP)) {
$oAppDel = AppDelegationPeer::retrieveByPK( $appFields['APP_UID'], $iNewDelIndex );
$aFields = $oAppDel->toArray( BasePeer::TYPE_FIELDNAME );
$aFields['APP_STATUS'] = $currentDelegation['APP_STATUS'];
+ $taskCur = TaskPeer::retrieveByPK($currentDelegation['TAS_UID']);
+ $aTaskCur = $taskCur->toArray( BasePeer::TYPE_FIELDNAME );
+ if ($aTaskCur['TAS_TYPE'] == "INTERMEDIATE-CATCH-MESSAGE-EVENT") {
+ $removeList = false;
+ }
$aFields['REMOVED_LIST'] = $removeList;
$inbox = new ListInbox();
$inbox->newRow($aFields, $appFields['CURRENT_USER_UID'], false, array(), ($nextDel['TAS_ASSIGN_TYPE'] == 'SELF_SERVICE' ? true : false));
diff --git a/workflow/engine/classes/class.pluginRegistry.php b/workflow/engine/classes/class.pluginRegistry.php
index e6a24a476..27248d4fa 100755
--- a/workflow/engine/classes/class.pluginRegistry.php
+++ b/workflow/engine/classes/class.pluginRegistry.php
@@ -399,22 +399,19 @@ class PMPluginRegistry
}
/**
- * get status plugin in the singleton
+ * Get status plugin in the singleton
*
- * @param unknown_type $sNamespace
+ * @param string $name Plugin name
+ *
+ * return mixed Return a string with status plugin, 0 otherwise
*/
- public function getStatusPlugin ($sNamespace)
+ public function getStatusPlugin($name)
{
- foreach ($this->_aPluginDetails as $namespace => $detail) {
- if ($sNamespace == $namespace) {
- if ($this->_aPluginDetails[$sNamespace]->enabled) {
- return 'enabled';
- } else {
- return 'disabled';
- }
- }
+ try {
+ return (isset($this->_aPluginDetails[$name]))? (($this->_aPluginDetails[$name]->enabled)? "enabled" : "disabled") : 0;
+ } catch (Excepton $e) {
+ throw $e;
}
- return 0;
}
/**
diff --git a/workflow/engine/classes/class.system.php b/workflow/engine/classes/class.system.php
index 12f4bb0dc..4c8b48c29 100755
--- a/workflow/engine/classes/class.system.php
+++ b/workflow/engine/classes/class.system.php
@@ -260,7 +260,7 @@ class System
continue;
}
if (file_exists( realpath( $filename ) )) {
- if (strcmp( $checksum, md5_file( realpath( $filename ) ) ) != 0) {
+ if (strcmp( $checksum, G::encryptFileOld( realpath( $filename ) ) ) != 0) {
$result['diff'][] = $filename;
}
} else {
@@ -542,7 +542,7 @@ class System
$file = PATH_TRUNK . trim( $line[2] );
if (is_readable( $file )) {
$size = sprintf( "%07d", filesize( $file ) );
- $checksum = sprintf( "%010u", crc32( file_get_contents( $file ) ) );
+ $checksum = sprintf( "%010u", G::encryptCrc32( file_get_contents( $file ) ) );
if (! ($line[0] == $size && $line[1] == $checksum) && substr( $file, - 4 ) != '.xml') {
$distinctFiles .= $file . "\n";
$distinct ++;
diff --git a/workflow/engine/classes/model/AddonsManager.php b/workflow/engine/classes/model/AddonsManager.php
index ada2ffb3e..f9fddeb6a 100644
--- a/workflow/engine/classes/model/AddonsManager.php
+++ b/workflow/engine/classes/model/AddonsManager.php
@@ -61,7 +61,7 @@ class AddonsManager extends BaseAddonsManager
if ($download_md5 == null) {
return null;
}
- return (strcasecmp(md5_file($filename), $download_md5) == 0);
+ return (strcasecmp(G::encryptFileOld($filename), $download_md5) == 0);
}
/**
diff --git a/workflow/engine/classes/model/Application.php b/workflow/engine/classes/model/Application.php
index 2c08b541d..944bf3932 100755
--- a/workflow/engine/classes/model/Application.php
+++ b/workflow/engine/classes/model/Application.php
@@ -367,7 +367,7 @@ class Application extends BaseApplication
$pin = G::generateCode(4, 'ALPHANUMERIC');
$this->setAppData(serialize(array('PIN' => $pin)));
- $this->setAppPin(md5($pin));
+ $this->setAppPin(G::encryptOld($pin));
$c = new Criteria();
$c->clearSelectColumns();
diff --git a/workflow/engine/controllers/installer.php b/workflow/engine/controllers/installer.php
index 6222f97fc..737653c5a 100755
--- a/workflow/engine/controllers/installer.php
+++ b/workflow/engine/controllers/installer.php
@@ -848,7 +848,7 @@ class Installer extends Controller
// Write the paths_installed.php file (contains all the information configured so far)
if (! file_exists( FILE_PATHS_INSTALLED )) {
- $sh = md5( filemtime( PATH_GULLIVER . '/class.g.php' ) );
+ $sh = G::encryptOld( filemtime( PATH_GULLIVER . '/class.g.php' ) );
$h = G::encrypt( $db_hostname . $sh . $db_username . $sh . $db_password, $sh );
$dbText = "mssqlQuery( $query );
- $query = sprintf( "UPDATE USERS SET USR_USERNAME = '%s', USR_PASSWORD = '%s' WHERE USR_UID = '00000000000000000000000000000001' ", $adminUsername, md5( $adminPassword ) );
+ $query = sprintf( "UPDATE USERS SET USR_USERNAME = '%s', USR_PASSWORD = '%s' WHERE USR_UID = '00000000000000000000000000000001' ", $adminUsername, G::encryptOld( $adminPassword ) );
$this->mssqlQuery( $query );
$query = sprintf( "USE %s;", $wf );
$this->mssqlQuery( $query );
- $query = sprintf( "UPDATE RBAC_USERS SET USR_USERNAME = '%s', USR_PASSWORD = '%s' WHERE USR_UID = '00000000000000000000000000000001' ", $adminUsername, md5( $adminPassword ) );
+ $query = sprintf( "UPDATE RBAC_USERS SET USR_USERNAME = '%s', USR_PASSWORD = '%s' WHERE USR_UID = '00000000000000000000000000000001' ", $adminUsername, G::encryptOld( $adminPassword ) );
$this->mssqlQuery( $query );
// Write the paths_installed.php file (contains all the information configured so far)
if (! file_exists( FILE_PATHS_INSTALLED )) {
- $sh = md5( filemtime( PATH_GULLIVER . '/class.g.php' ) );
+ $sh = G::encryptOld( filemtime( PATH_GULLIVER . '/class.g.php' ) );
$h = G::encrypt( $db_hostname . $sh . $db_username . $sh . $db_password . '1', $sh );
$dbText = "read()) {
if (($sObject != '.') && ($sObject != '..') && ($sObject != '.svn') && ($sObject != 'ldap')) {
if (is_file( PATH_RBAC . 'plugins' . PATH_SEP . $sObject )) {
- $sType = trim( str_replace( 'class.', '', str_replace( '.php', '', $sObject ) ) );
- $aAuthSourceTypes['sType'] = $sType;
- $aAuthSourceTypes['sLabel'] = $sType;
- $arr[] = $aAuthSourceTypes;
+ $sType = trim(str_replace(array("class.", ".php"), "", $sObject));
+
+ $statusPlugin = $pluginRegistry->getStatusPlugin($sType);
+ $flagAdd = false;
+
+ if (preg_match("/^(?:enabled|disabled)$/", $statusPlugin)) {
+ if ($statusPlugin == "enabled") {
+ $flagAdd = true;
+ }
+ } else {
+ $flagAdd = true;
+ }
+
+ if ($flagAdd) {
+ $arr[] = array("sType" => $sType, "sLabel" => $sType);
+ }
}
}
}
diff --git a/workflow/engine/methods/cases/caseHistory_Ajax.php b/workflow/engine/methods/cases/caseHistory_Ajax.php
index 85c94c7f4..052298332 100644
--- a/workflow/engine/methods/cases/caseHistory_Ajax.php
+++ b/workflow/engine/methods/cases/caseHistory_Ajax.php
@@ -137,7 +137,7 @@ if ($actionAjax == "showDynaformHistoryGetNomDynaform_JXP") {
$dynTitle = $contentObjeto->getConValue();
}
- $md5Hash = md5( $idDin . $dynDate );
+ $md5Hash = G::encryptOld( $idDin . $dynDate );
//assign task
$result = new stdClass();
diff --git a/workflow/engine/methods/cases/casesListExtJs.php b/workflow/engine/methods/cases/casesListExtJs.php
index 7d86cf9b0..48e7560e3 100755
--- a/workflow/engine/methods/cases/casesListExtJs.php
+++ b/workflow/engine/methods/cases/casesListExtJs.php
@@ -42,6 +42,12 @@ switch ($action) {
$urlProxy = 'proxyCasesList';
$action = 'unassigned';
break;
+ case 'to_revise':
+ $urlProxy = 'proxyCasesList';
+ break;
+ case 'to_reassign':
+ $urlProxy = 'proxyCasesList';
+ break;
}
/*----------------------------------********---------------------------------*/
diff --git a/workflow/engine/methods/cases/cases_StepToRevise.php b/workflow/engine/methods/cases/cases_StepToRevise.php
index d693fae4c..dbf7e5f88 100755
--- a/workflow/engine/methods/cases/cases_StepToRevise.php
+++ b/workflow/engine/methods/cases/cases_StepToRevise.php
@@ -138,7 +138,7 @@ if (! isset( $_GET['ex'] )) {
// DEPRECATED this JS section is marked for removal
function setSelect()
{
- var ex=;
+ var ex=xssFilterHard($_GET['ex'])?>;
try {
for(i=1; i<50; i++) {
if (i == ex) {
diff --git a/workflow/engine/methods/cases/cases_StepToReviseInputs.php b/workflow/engine/methods/cases/cases_StepToReviseInputs.php
index b4999f81e..07d45ca39 100755
--- a/workflow/engine/methods/cases/cases_StepToReviseInputs.php
+++ b/workflow/engine/methods/cases/cases_StepToReviseInputs.php
@@ -140,7 +140,7 @@ G::RenderPage( 'publish', 'blank' );
//Deprecated Section since the interface are now movig to ExtJS
function setSelect()
{
- var ex=;
+ var ex=xssFilterHard($_GET['ex'])?>;
try {
for (i=1; i<50; i++) {
if (i == ex) {
diff --git a/workflow/engine/methods/cases/cases_StepToReviseOutputs.php b/workflow/engine/methods/cases/cases_StepToReviseOutputs.php
index 976b75dc5..1a78eaf4f 100755
--- a/workflow/engine/methods/cases/cases_StepToReviseOutputs.php
+++ b/workflow/engine/methods/cases/cases_StepToReviseOutputs.php
@@ -84,7 +84,7 @@ if (! isset( $_GET['ex'] )) {
//Deprecated Section since the interface are now movig to ExtJS
function setSelect()
{
- var ex=;
+ var ex=xssFilterHard($_GET['ex'])?>;
try{
for (i=1; i<50; i++) {
if (i == ex) {
diff --git a/workflow/engine/methods/cases/cases_ToReviseOutputDocView.php b/workflow/engine/methods/cases/cases_ToReviseOutputDocView.php
index 351d778d9..b978b21e0 100755
--- a/workflow/engine/methods/cases/cases_ToReviseOutputDocView.php
+++ b/workflow/engine/methods/cases/cases_ToReviseOutputDocView.php
@@ -104,7 +104,7 @@ if (! isset( $_GET['ex'] )) {
/*------------------------------ To Revise Routines ---------------------------*/
function setSelect()
{
- var ex=;
+ var ex=xssFilterHard($_GET['ex'])?>;
try{
for(i=1; i<50; i++)
{
diff --git a/workflow/engine/methods/dynaforms/dynaforms_FlatEditor.php b/workflow/engine/methods/dynaforms/dynaforms_FlatEditor.php
index 0014b64f9..b615b5005 100755
--- a/workflow/engine/methods/dynaforms/dynaforms_FlatEditor.php
+++ b/workflow/engine/methods/dynaforms/dynaforms_FlatEditor.php
@@ -170,12 +170,12 @@ G::RenderPage( "publish", "raw" );