PMCORE-1191

gulliver/methods/errors/error403.php

@@ -27,9 +27,14 @@ if (isset($_GET["url"]) && $_GET["url"] != "") {
     }
 
     if ($sysSys != "" && $sysLang != "" && $sysSkin != "") {
+        if (count($url) > 4) {
+            $urlLogin = $http . "://" . $host . "/sys" . $sysSys . "/" . $sysLang . "/" . $sysSkin . "/login/login" . "?url=" . implode("/", $url);
+            $urlHome =  $http . "://" . $host . "/sys" . $sysSys . "/" . $sysLang . "/" . $sysSkin . "/cases/main" . "?url=" . implode("/", $url);
+        } else {
             $urlLogin = $http . "://" . $host . "/sys" . $sysSys . "/" . $sysLang . "/" . $sysSkin . "/login/login";
             $urlHome =  $http . "://" . $host . "/sys" . $sysSys . "/" . $sysLang . "/" . $sysSkin . "/cases/main";
         }
+    }
 }
 
 ?>

workflow/engine/methods/cases/cases_ShowDocument.php

@@ -46,7 +46,7 @@ if (empty($_GET['v'])) {
 //Send the parameter a = Case UID
 if ($RBAC->userCanAccess('PM_FOLDERS_ALL') != 1 && defined('DISABLE_DOWNLOAD_DOCUMENTS_SESSION_VALIDATION') && DISABLE_DOWNLOAD_DOCUMENTS_SESSION_VALIDATION == 0) {
     if (!$oAppDocument->canDownloadInput($_SESSION['USER_LOGGED'], $_GET['a'], $docVersion)) {
-        G::header('Location: /errors/error403.php');
+        G::header('Location: /errors/error403.php?url=' . urlencode($_SERVER['REQUEST_URI']));
         die();
     }
 }

workflow/engine/methods/cases/cases_ShowOutputDocument.php

@@ -53,20 +53,21 @@ if ($RBAC->userCanAccess('PM_FOLDERS_ALL') != 1 && defined('DISABLE_DOWNLOAD_DOC
         $sAppDocUid
     )
     ) {
-        G::header('Location: /errors/error403.php');
+        G::header('Location: /errors/error403.php?url=' . urlencode($_SERVER['REQUEST_URI']));
         die();
     }
 }
 
 $docFileName = fixContentDispositionFilename($oAppDocument->getAppDocFilename());
 $info = pathinfo($docFileName);
+
 if (!isset($_GET['ext'])) {
-    $ext = $info['extension'];
+    $ext = (!empty($info['extension'])) ? $info['extension']: 'pdf';
 } else {
     if ($_GET['ext'] != '') {
         $ext = $_GET['ext'];
     } else {
-        $ext = $info['extension'];
+        $ext = (!empty($info['extension'])) ? $info['extension']: 'pdf';
     }
 }
 $ver = (isset($_GET['v']) && $_GET['v'] != '') ? '_' . $_GET['v'] : '';

workflow/engine/methods/login/login.php

@@ -39,20 +39,40 @@ $aFields = array();
 
 //Validated redirect url
 $aFields['URL'] = '';
-if (!empty($_GET['u'])) {
+if (!empty($_GET['u']) || !empty($_GET['url'])) {
     //clean url with protocols
     $flagUrl = true;
     //Most used protocols
     $protocols = ['https://', 'http://', 'ftp://', 'sftp://','smb://', 'file:', 'mailto:'];
     foreach ($protocols as $protocol) {
+        if (!empty($_GET['u'])) {
             if (strpos($_GET['u'], $protocol) !== false) {
                 $_GET['u'] = '';
                 $flagUrl = false;
                 break;
             }
         }
+        if (!empty($_GET['url'])) {
+            if (strpos($_GET['url'], $protocol) !== false) {
+                $_GET['url'] = '';
+                $flagUrl = false;
+                break;
+            }
+        }
+    }
     if ($flagUrl) {
+        if (!empty($_GET['u'])) {
             $aFields['URL'] = htmlspecialchars(addslashes(stripslashes(strip_tags(trim(urldecode($_GET['u']))))));
+        } elseif (!empty($_GET['url'])) {
+            $aFields['URL'] = htmlspecialchars(addslashes(stripslashes(strip_tags(trim(urldecode($_GET['url']))))));
+        }
+        //The following validations are only for the links to an output document
+        if(!empty($_GET['v']) && (strpos($aFields['URL'], '/cases/cases_ShowOutputDocument') != false)) {
+            $aFields['URL'] .= "&v=" . $_GET['v'];
+        }
+        if(!empty($_GET['ext']) && (strpos($aFields['URL'], '/cases/cases_ShowOutputDocument') != false)) {
+            $aFields['URL'] .= "&ext=" . $_GET['ext'];
+        }
     }
 }