mirror of
https://github.com/Combodo/iTop.git
synced 2026-04-21 17:48:43 +02:00
Merge remote-tracking branch 'origin/support/2.6' into support/2.7
# Conflicts: # pages/ajax.render.php # setup/wizardsteps.class.inc.php
This commit is contained in:
Pierre Goiffon
@@ -852,28 +852,29 @@ class RuntimeDashboard extends Dashboard
|
||||
{
|
||||
$bCustomized = false;
|
||||
|
||||
if (!appUserPreferences::GetPref('display_original_dashboard_'.$sDashBoardId, false))
|
||||
{
|
||||
$sDashboardFileSanitized = utils::RealPath($sDashboardFile, APPROOT);
|
||||
if (false === $sDashboardFileSanitized) {
|
||||
throw new SecurityException('Invalid dashboard file !');
|
||||
}
|
||||
|
||||
if (!appUserPreferences::GetPref('display_original_dashboard_'.$sDashBoardId, false)) {
|
||||
// Search for an eventual user defined dashboard
|
||||
$oUDSearch = new DBObjectSearch('UserDashboard');
|
||||
$oUDSearch->AddCondition('user_id', UserRights::GetUserId(), '=');
|
||||
$oUDSearch->AddCondition('menu_code', $sDashBoardId, '=');
|
||||
$oUDSet = new DBObjectSet($oUDSearch);
|
||||
if ($oUDSet->Count() > 0)
|
||||
{
|
||||
if ($oUDSet->Count() > 0) {
|
||||
// Assuming there is at most one couple {user, menu}!
|
||||
$oUserDashboard = $oUDSet->Fetch();
|
||||
$sDashboardDefinition = $oUserDashboard->Get('contents');
|
||||
$bCustomized = true;
|
||||
}
|
||||
else
|
||||
{
|
||||
$sDashboardDefinition = @file_get_contents($sDashboardFile);
|
||||
} else {
|
||||
$sDashboardDefinition = @file_get_contents($sDashboardFileSanitized);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
$sDashboardDefinition = @file_get_contents($sDashboardFile);
|
||||
$sDashboardDefinition = @file_get_contents($sDashboardFileSanitized);
|
||||
}
|
||||
|
||||
if ($sDashboardDefinition !== false)
|
||||
@@ -881,7 +882,7 @@ class RuntimeDashboard extends Dashboard
|
||||
$oDashboard = new RuntimeDashboard($sDashBoardId);
|
||||
$oDashboard->FromXml($sDashboardDefinition);
|
||||
$oDashboard->SetCustomFlag($bCustomized);
|
||||
$oDashboard->SetDefinitionFile($sDashboardFile);
|
||||
$oDashboard->SetDefinitionFile($sDashboardFileSanitized);
|
||||
}
|
||||
else
|
||||
{
|
||||
|
||||
@@ -314,42 +314,54 @@ class ActionEmail extends ActionNotification
|
||||
{
|
||||
$this->m_iRecipients = 0;
|
||||
$this->m_aMailErrors = array();
|
||||
$bRes = false; // until we do succeed in sending the email
|
||||
|
||||
|
||||
// Determine recicipients
|
||||
//
|
||||
$sTo = $this->FindRecipients('to', $aContextArgs);
|
||||
$sCC = $this->FindRecipients('cc', $aContextArgs);
|
||||
$sBCC = $this->FindRecipients('bcc', $aContextArgs);
|
||||
|
||||
|
||||
$sFrom = MetaModel::ApplyParams($this->Get('from'), $aContextArgs);
|
||||
$sReplyTo = MetaModel::ApplyParams($this->Get('reply_to'), $aContextArgs);
|
||||
|
||||
|
||||
$sSubject = MetaModel::ApplyParams($this->Get('subject'), $aContextArgs);
|
||||
$sBody = MetaModel::ApplyParams($this->Get('body'), $aContextArgs);
|
||||
|
||||
|
||||
$oObj = $aContextArgs['this->object()'];
|
||||
$sMessageId = sprintf('iTop_%s_%d_%f@%s.openitop.org', get_class($oObj), $oObj->GetKey(), microtime(true /* get as float*/), MetaModel::GetEnvironmentId());
|
||||
$sMessageId = sprintf('iTop_%s_%d_%f@%s.openitop.org', get_class($oObj), $oObj->GetKey(), microtime(true /* get as float*/),
|
||||
MetaModel::GetEnvironmentId());
|
||||
$sReference = '<'.$sMessageId.'>';
|
||||
}
|
||||
catch(Exception $e)
|
||||
{
|
||||
ApplicationContext::SetUrlMakerClass($sPreviousUrlMaker);
|
||||
throw $e;
|
||||
}
|
||||
ApplicationContext::SetUrlMakerClass($sPreviousUrlMaker);
|
||||
|
||||
if (!is_null($oLog))
|
||||
{
|
||||
catch (Exception $e) {
|
||||
/** @noinspection PhpUnhandledExceptionInspection */
|
||||
throw $e;
|
||||
}
|
||||
finally {
|
||||
ApplicationContext::SetUrlMakerClass($sPreviousUrlMaker);
|
||||
}
|
||||
|
||||
if (!is_null($oLog)) {
|
||||
// Note: we have to secure this because those values are calculated
|
||||
// inside the try statement, and we would like to keep track of as
|
||||
// many data as we could while some variables may still be undefined
|
||||
if (isset($sTo)) $oLog->Set('to', $sTo);
|
||||
if (isset($sCC)) $oLog->Set('cc', $sCC);
|
||||
if (isset($sBCC)) $oLog->Set('bcc', $sBCC);
|
||||
if (isset($sFrom)) $oLog->Set('from', $sFrom);
|
||||
if (isset($sSubject)) $oLog->Set('subject', $sSubject);
|
||||
if (isset($sBody)) $oLog->Set('body', $sBody);
|
||||
if (isset($sTo)) {
|
||||
$oLog->Set('to', $sTo);
|
||||
}
|
||||
if (isset($sCC)) {
|
||||
$oLog->Set('cc', $sCC);
|
||||
}
|
||||
if (isset($sBCC)) {
|
||||
$oLog->Set('bcc', $sBCC);
|
||||
}
|
||||
if (isset($sFrom)) {
|
||||
$oLog->Set('from', $sFrom);
|
||||
}
|
||||
if (isset($sSubject)) {
|
||||
$oLog->Set('subject', $sSubject);
|
||||
}
|
||||
if (isset($sBody)) {
|
||||
$oLog->Set('body', $sBody);
|
||||
}
|
||||
}
|
||||
$sStyles = file_get_contents(APPROOT.'css/email.css');
|
||||
$sStyles .= MetaModel::GetConfig()->Get('email_css');
|
||||
@@ -439,4 +451,3 @@ class ActionEmail extends ActionNotification
|
||||
}
|
||||
}
|
||||
}
|
||||
?>
|
||||
|
||||
@@ -7330,9 +7330,11 @@ abstract class MetaModel
|
||||
* @param string $sInput
|
||||
* @param array $aParams
|
||||
*
|
||||
* @return mixed
|
||||
* @return string
|
||||
*
|
||||
* @throws \Exception
|
||||
*/
|
||||
static public function ApplyParams($sInput, $aParams)
|
||||
public static function ApplyParams($sInput, $aParams)
|
||||
{
|
||||
$aParams = static::AddMagicPlaceholders($aParams);
|
||||
|
||||
@@ -7342,7 +7344,7 @@ abstract class MetaModel
|
||||
|
||||
$aSearches = array();
|
||||
$aReplacements = array();
|
||||
foreach($aParams as $sSearch => $replace)
|
||||
foreach ($aParams as $sSearch => $replace)
|
||||
{
|
||||
// Some environment parameters are objects, we just need scalars
|
||||
if (is_object($replace))
|
||||
|
||||
@@ -1217,7 +1217,7 @@ try
|
||||
break;
|
||||
|
||||
case 'save_dashboard':
|
||||
$sDashboardId = utils::ReadParam('dashboard_id', '', false, 'raw_data');
|
||||
$sDashboardId = utils::ReadParam('dashboard_id', '', false, 'element_identifier');
|
||||
$aExtraParams = utils::ReadParam('extra_params', array(), false, 'raw_data');
|
||||
$sReloadURL = utils::ReadParam('reload_url', '', false, 'raw_data');
|
||||
$sJSExtraParams = json_encode($aExtraParams);
|
||||
@@ -1230,17 +1230,16 @@ try
|
||||
$oDashboard = new RuntimeDashboard($sDashboardId);
|
||||
$oDashboard->FromParams($aParams);
|
||||
$oDashboard->Save();
|
||||
$sDashboardFile = addslashes(utils::ReadParam('file', '', false, 'raw_data'));
|
||||
$sDivId = utils::Sanitize($sDashboardId, '', 'element_identifier');
|
||||
$sDashboardFile = addslashes(utils::ReadParam('file', '', false, 'string'));
|
||||
// trigger a reload of the current page since the dashboard just changed
|
||||
$oPage->add_script(
|
||||
<<<EOF
|
||||
$('.dashboard_contents#$sDivId').block();
|
||||
<<<EOF
|
||||
$('.dashboard_contents#$sDashboardId').block();
|
||||
$.post(GetAbsoluteUrlAppRoot()+'pages/ajax.render.php',
|
||||
{ operation: 'reload_dashboard', dashboard_id: '$sDashboardId', file: '$sDashboardFile', extra_params: $sJSExtraParams, reload_url: '$sReloadURL'},
|
||||
function(data){
|
||||
$('.dashboard_contents#$sDivId').html(data);
|
||||
$('.dashboard_contents#$sDivId').unblock();
|
||||
$('.dashboard_contents#$sDashboardId').html(data);
|
||||
$('.dashboard_contents#$sDashboardId').unblock();
|
||||
}
|
||||
);
|
||||
EOF
|
||||
@@ -1292,7 +1291,7 @@ EOF
|
||||
$sId = utils::ReadParam('id', '', false, 'context_param');
|
||||
$aExtraParams = utils::ReadParam('extra_params', array(), false, 'raw_data');
|
||||
$aExtraParams['dashboard_div_id'] = utils::Sanitize($sId, '', 'element_identifier');
|
||||
$sDashboardFile = utils::ReadParam('file', '', false, 'raw_data');
|
||||
$sDashboardFile = utils::ReadParam('file', '', false, 'string');
|
||||
$sReloadURL = utils::ReadParam('reload_url', '', false, 'raw_data');
|
||||
$oKPI = new ExecutionKPI();
|
||||
$oDashboard = RuntimeDashboard::GetDashboard($sDashboardFile, $sId);
|
||||
|
||||
@@ -141,7 +141,7 @@ header("Expires: Fri, 17 Jul 1970 05:00:00 GMT"); // Date in the past
|
||||
$sOperation = Utils::ReadParam('operation', '');
|
||||
try
|
||||
{
|
||||
SetupUtils::CheckSetupToken();
|
||||
SetupUtils::CheckSetupToken(true);
|
||||
|
||||
switch($sOperation)
|
||||
{
|
||||
|
||||
@@ -2540,11 +2540,13 @@ class WizStepDone extends WizardStep
|
||||
$oPage->ok("The installation completed successfully.");
|
||||
}
|
||||
|
||||
$bHasBackup = false;
|
||||
if (($this->oWizard->GetParameter('mode', '') == 'upgrade') && $this->oWizard->GetParameter('db_backup', false) && $this->oWizard->GetParameter('authent', false))
|
||||
{
|
||||
$sBackupDestination = $this->oWizard->GetParameter('db_backup_path', '');
|
||||
if (file_exists($sBackupDestination.'.tar.gz'))
|
||||
{
|
||||
$bHasBackup = true;
|
||||
// To mitigate security risks: pass only the filename without the extension, the download will add the extension itself
|
||||
$oPage->p('Your backup is ready');
|
||||
$oPage->p('<a style="background:transparent;" href="'.utils::GetAbsoluteUrlAppRoot(true).'setup/ajax.dataloader.php?operation=async_action&step_class=WizStepDone¶ms[backup]='.urlencode($sBackupDestination).'&authent='.$this->oWizard->GetParameter('authent','').'" target="_blank"><img src="../images/tar.png" style="border:0;vertical-align:middle;"> Download '.basename($sBackupDestination).'</a>');
|
||||
@@ -2665,10 +2667,14 @@ class WizStepDone extends WizardStep
|
||||
$oPage->add('<img style="border:0" src="'.$sImgUrl.'"/>');
|
||||
$sForm = addslashes($sForm);
|
||||
$oPage->add_ready_script("$('#wiz_form').after('$sForm');");
|
||||
|
||||
// avoid leaving in a dirty state
|
||||
SetupUtils::ExitMaintenanceMode(false);
|
||||
SetupUtils::ExitReadOnlyMode(false);
|
||||
SetupUtils::EraseSetupToken();
|
||||
|
||||
if (false === $bHasBackup) {
|
||||
SetupUtils::EraseSetupToken();
|
||||
}
|
||||
}
|
||||
|
||||
public function CanMoveForward()
|
||||
|
||||
Reference in New Issue
Block a user