composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-05-20 15:52:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Feature/merge 3 0 develop (#298)

Browse Source 
* merging 3.0 into develop

* N°5102 - Allow to send emails (eg. notifications) using GSuite SMTP and OAuth
* migration to iTop 3.1

Co-authored-by: Eric Espie <eric.espie@combodo.com>
This commit is contained in:
bdalsass
2022-06-08 16:27:20 +02:00
committed by GitHub
parent 1fd792fed9
commit 2b885beb82
347 changed files with 53400 additions and 3034 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
datamodels/2.x/itop-portal-base/portal/src/Form/ObjectFormManager.php
View File

@@ -91,6 +91,7 @@ class ObjectFormManager extends FormManager
* @return array formmanager_data as a PHP array
*
* @since 2.7.6 3.0.0 N°4384 method creation : factorize as this is used twice now
* @since 2.7.7 3.0.1 N°4867 now only used once, but we decided to keep this method anyway
*/
protected static function DecodeFormManagerData($formManagerData)
{
@@ -106,17 +107,15 @@ class ObjectFormManager extends FormManager
* - formobject_class : The class of the object that is being edited/viewed
* - formmode : view|edit|create
* - values for parent
* @param bool $bTrustContent if false then won't allow modified TWIG content
*
* @return \Combodo\iTop\Portal\Form\ObjectFormManager new instance init from JSON data
*
* @inheritDoc
* @throws \Exception
* @throws \SecurityException if twig content is present and $bTrustContent is false
*
* @since 2.7.6 3.0.0 N°4384 new $bTrustContent parameter
* @since 2.7.7 3.0.1 N°4867 remove param $bTrustContent
*/
public static function FromJSON($sJson, $bTrustContent = false)
public static function FromJSON($sJson)
{
$aJson = static::DecodeFormManagerData($sJson);
@@ -172,37 +171,6 @@ class ObjectFormManager extends FormManager
return $oFormManager;
}
/**
* @param string $sPostedFormManagerData received data from the browser
* @param array $aOriginalFormProperties data generated server side
*
* @return bool true if the data are identical
*
* @since 2.7.6 3.0.0 N°4384 Check formmanager_data
*/
public static function CanTrustFormLayoutContent($sPostedFormManagerData, $aOriginalFormProperties)
{
$aPostedFormManagerData = static::DecodeFormManagerData($sPostedFormManagerData);
$sPostedFormLayoutType = (isset($aPostedFormManagerData['formproperties']['layout']['type'])) ? $aPostedFormManagerData['formproperties']['layout']['type'] : '';
if ($sPostedFormLayoutType === 'xhtml') {
return true;
}
// We need to parse the content so that autoclose tags are returned correctly (`<div />` => `<div></div>`)
$oHtmlDocument = new \DOMDocument();
$sPostedFormLayoutContent = (isset($aPostedFormManagerData['formproperties']['layout']['content'])) ? $aPostedFormManagerData['formproperties']['layout']['content'] : '';
$oHtmlDocument->loadXML('<root>'.$sPostedFormLayoutContent.'</root>');
$sPostedFormLayoutRendered = $oHtmlDocument->saveHTML();
$sOriginalFormLayoutContent = (isset($aOriginalFormProperties['layout']['content'])) ? $aOriginalFormProperties['layout']['content'] : '';
$oHtmlDocument->loadXML('<root>'.$sOriginalFormLayoutContent.'</root>');
$sOriginalFormLayoutContentRendered = $oHtmlDocument->saveHTML();
return ($sPostedFormLayoutRendered === $sOriginalFormLayoutContentRendered);
}
/**
*
* @return \Symfony\Component\DependencyInjection\ContainerInterface

31
datamodels/2.x/itop-portal-base/portal/src/Helper/ObjectFormHandlerHelper.php
View File

@@ -132,12 +132,10 @@ class ObjectFormHandlerHelper
$bModal = ($oRequest->isXmlHttpRequest() && empty($sOperation));
// - Retrieve form properties
$aOriginalFormProperties = ApplicationHelper::GetLoadedFormFromClass($this->aCombodoPortalInstanceConf['forms'], $sObjectClass, $sMode);
if ($aFormProperties === null)
{
$aFormProperties = $aOriginalFormProperties;
$aFormProperties = ApplicationHelper::GetLoadedFormFromClass($this->aCombodoPortalInstanceConf['forms'], $sObjectClass, $sMode);
}
// - Create and
if (empty($sOperation))
{
@@ -300,8 +298,8 @@ class ObjectFormHandlerHelper
throw new HttpException(Response::HTTP_INTERNAL_SERVER_ERROR, 'Parameters formmanager_class and formmanager_data must be defined.');
}
$bTrustContent = $sFormManagerClass::CanTrustFormLayoutContent($sFormManagerData, $aOriginalFormProperties);
$oFormManager = $sFormManagerClass::FromJSON($sFormManagerData, $bTrustContent);
$this->CheckReadFormDataAllowed($sFormManagerData);
$oFormManager = $sFormManagerClass::FromJSON($sFormManagerData);
$oFormManager->SetContainer($this->oContainer);
// Applying action rules if present
@@ -439,6 +437,29 @@ class ObjectFormHandlerHelper
return $oTwig->render($sId, $aData);
}
/**
* Check if read object include in form data is allowed, throw an exception otherwise.
*
* @since 2.7.7
*
* @param $sFormManagerData form data to check
*
* @return void
* @throws \CoreException
* @throws \MissingQueryArgument
* @throws \MySQLException
* @throws \MySQLHasGoneAwayException
* @throws \OQLException
*/
public function CheckReadFormDataAllowed($sFormManagerData){
$aJsonFromData = json_decode($sFormManagerData, true);
if(isset($aJsonFromData['formobject_class'])
&& isset($aJsonFromData['formobject_id'])
&& !$this->oSecurityHelper->IsActionAllowed(UR_ACTION_READ, $aJsonFromData['formobject_class'], $aJsonFromData['formobject_id'])){
throw new HttpException(Response::HTTP_INTERNAL_SERVER_ERROR, 'Form data access denied.');
}
}
/**
* Return an array of the available modes for a form.
*