From b593a44fec9ee09b62f829f654457a32f390a7ca Mon Sep 17 00:00:00 2001 From: Carrie Hanscom Date: Wed, 26 Jul 2023 16:02:55 -0400 Subject: [PATCH 1/6] LEAF 3899 fix field name --- LEAF_Nexus/sources/Employee.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LEAF_Nexus/sources/Employee.php b/LEAF_Nexus/sources/Employee.php index 485e68c75..56fc593a7 100644 --- a/LEAF_Nexus/sources/Employee.php +++ b/LEAF_Nexus/sources/Employee.php @@ -562,7 +562,7 @@ private function getEmployeeDataByEmpUID(array $empUID, Db $db): array private function updateEmployeeByUserName(string $user_name, array $national_user, Db $db): array { $vars = array( - ':userName' => $national_user['user_name'], + ':userName' => $national_user['userName'], ':lastName' => $national_user['lastName'], ':firstName' => $national_user['firstName'], ':midInit' => $national_user['middleName'], From 28e4f2f69db1b11701fdf30fcb81d720066b38df Mon Sep 17 00:00:00 2001 From: Jamie P Holcomb Date: Thu, 10 Aug 2023 10:23:45 -0400 Subject: [PATCH 2/6] Leaf 3932 - error log update --- LEAF_Nexus/scripts/updateDatabase.php | 3 +- .../TemplateFileHistoryController.php | 1 - LEAF_Request_Portal/dynicons/index.php | 19 +++++-- .../scripts/automated_email.php | 2 +- .../scripts/updateDatabase.php | 3 +- LEAF_Request_Portal/sources/Email.php | 51 +++++++++++-------- LEAF_Request_Portal/sources/Form.php | 10 ++-- LEAF_Request_Portal/sources/FormWorkflow.php | 18 +++++-- LEAF_Request_Portal/sources/System.php | 18 ++++--- 9 files changed, 83 insertions(+), 42 deletions(-) diff --git a/LEAF_Nexus/scripts/updateDatabase.php b/LEAF_Nexus/scripts/updateDatabase.php index d547a7c8f..76404f0a1 100644 --- a/LEAF_Nexus/scripts/updateDatabase.php +++ b/LEAF_Nexus/scripts/updateDatabase.php @@ -64,7 +64,8 @@ function updateDB($thisVer, $updateList, $folder, $db) $res = $db->prepared_query('SELECT * FROM settings WHERE setting="dbversion"', array()); if ($res[0]['data'] == $thisVer) { - echo 'Update failed.' . BR; + echo PORTAL_PATH . BR; + echo 'Nexus DB Update failed.' . BR; } else { diff --git a/LEAF_Request_Portal/api/controllers/TemplateFileHistoryController.php b/LEAF_Request_Portal/api/controllers/TemplateFileHistoryController.php index 5985b2841..bc66c1d37 100644 --- a/LEAF_Request_Portal/api/controllers/TemplateFileHistoryController.php +++ b/LEAF_Request_Portal/api/controllers/TemplateFileHistoryController.php @@ -69,7 +69,6 @@ public function post($act) }); $this->index['POST']->register('templateEmailHistoryMergeFile/[text]', function ($args) use ($templateFileHistory) { - error_log(print_r('Controller ', true)); return $templateFileHistory->setEmailMergeTemplate($args[0]); }); diff --git a/LEAF_Request_Portal/dynicons/index.php b/LEAF_Request_Portal/dynicons/index.php index 0694b13ff..cb5f40324 100644 --- a/LEAF_Request_Portal/dynicons/index.php +++ b/LEAF_Request_Portal/dynicons/index.php @@ -19,9 +19,22 @@ include_once LIB_PATH . '/php-commons/Dynicon.php'; include_once LIB_PATH . '/php-commons/XSSHelpers.php'; -if (isset($_GET['w']) && isset($_GET['img'])) { - $image = new \Leaf\Dynicon(\Leaf\XSSHelpers::scrubFilename($_GET['img']), $_GET['w']); -} else { +if (!isset($_GET['w']) && !isset($_GET['img'])) { // want to see what is being sent to here if anything. error_log(print_r($_GET, true)); +} else { + if (!isset($_GET['w']) && isset($_GET['img'])) { + // some apps are sending an array with img only and that value is + // system-users.svg;w=16 + // create two variables here extracted from this value + $index = strpos($_GET['img'], ';w='); + $img = substr($_GET['img'], 0, $index); + + $width = substr($_GET['img'], $index + 3); + } else { + $img = $_GET['img']; + $width = $_GET['w']; + } + + $image = new \Leaf\Dynicon(\Leaf\XSSHelpers::scrubFilename($img), $width); } diff --git a/LEAF_Request_Portal/scripts/automated_email.php b/LEAF_Request_Portal/scripts/automated_email.php index ceb71f4a8..fbb3f652f 100644 --- a/LEAF_Request_Portal/scripts/automated_email.php +++ b/LEAF_Request_Portal/scripts/automated_email.php @@ -46,7 +46,7 @@ $daysago = $eventDataArray['AutomatedEmailReminders']['DaysSelected']; // pass ?current=asdasd to get the present time for testing purposes - $intialDaysAgoTimestamp = time() - ($daysago * $timeAdjustment); + $intialDaysAgoTimestamp = time() - ((int) $daysago * $timeAdjustment); echo "Working on step: {$workflowStep['stepID']}, Initial Notification: ".date('Y-m-d H:i:s',$intialDaysAgoTimestamp)."\r\n"; diff --git a/LEAF_Request_Portal/scripts/updateDatabase.php b/LEAF_Request_Portal/scripts/updateDatabase.php index 42f867e6c..040bb48d6 100644 --- a/LEAF_Request_Portal/scripts/updateDatabase.php +++ b/LEAF_Request_Portal/scripts/updateDatabase.php @@ -62,7 +62,8 @@ function updateDB($thisVer, $updateList, $folder, $db) $res = $db->prepared_query('SELECT * FROM settings WHERE setting="dbversion"', array()); if ($res[0]['data'] == $thisVer) { - echo 'Update failed.' . BR; + echo PORTAL_PATH . BR; + echo 'Portal DB Update failed.' . BR; } else { diff --git a/LEAF_Request_Portal/sources/Email.php b/LEAF_Request_Portal/sources/Email.php index 592b63b13..c5ed0220f 100644 --- a/LEAF_Request_Portal/sources/Email.php +++ b/LEAF_Request_Portal/sources/Email.php @@ -41,6 +41,8 @@ class Email private object $nexus_db; + private object $login; + private bool $orgchartInitialized = false; private int $recordID; @@ -370,12 +372,12 @@ private function logEmailSent(int $recordID): void private function initOrgchart(): void { // set up org chart assets - $oc_db = new \Leaf\Db(\DIRECTORY_HOST, \DIRECTORY_USER, \DIRECTORY_PASS, \ORGCHART_DB); - $oc_login = new \Orgchart\Login($oc_db, $oc_db); + $oc_login = new \Orgchart\Login($this->nexus_db, $this->nexus_db); $oc_login->loginUser(); - $this->employee = new \Orgchart\Employee($oc_db, $oc_login); - $this->position = new \Orgchart\Position($oc_db, $oc_login); - $this->group = new \Orgchart\Group($oc_db, $oc_login); + $this->login = $oc_login; + $this->employee = new \Orgchart\Employee($this->nexus_db, $oc_login); + $this->position = new \Orgchart\Position($this->nexus_db, $oc_login); + $this->group = new \Orgchart\Group($this->nexus_db, $oc_login); $this->orgchartInitialized = true; } @@ -457,14 +459,15 @@ function getTemplateIDByLabel(string $emailTemplateLabel): int function setTemplateByID(int $emailTemplateID): void { $vars = array(':emailTemplateID' => $emailTemplateID); - $strSQL = "SELECT `emailTo`, `emailCc`,`subject`, `body` FROM `email_templates` ". - "WHERE emailTemplateID = :emailTemplateID;"; + $strSQL = "SELECT `emailTo`, `emailCc`,`subject`, `body` + FROM `email_templates` + WHERE `emailTemplateID` = :emailTemplateID"; $res = $this->portal_db->prepared_query($strSQL, $vars); - $this->setEmailToCcWithTemplate(\Leaf\XSSHelpers::xscrub($res[0]['emailTo'])); - $this->setEmailToCcWithTemplate(\Leaf\XSSHelpers::xscrub($res[0]['emailCc']), true); - $this->setSubjectWithTemplate(\Leaf\XSSHelpers::xscrub($res[0]['subject'])); - $this->setBodyWithTemplate(\Leaf\XSSHelpers::xscrub($res[0]['body'])); + $this->setEmailToCcWithTemplate(\Leaf\XSSHelpers::xscrub($res[0]['emailTo'] == null ? '' : $res[0]['emailTo'])); + $this->setEmailToCcWithTemplate(\Leaf\XSSHelpers::xscrub($res[0]['emailCc'] == null ? '' : $res[0]['emailCc']), true); + $this->setSubjectWithTemplate(\Leaf\XSSHelpers::xscrub($res[0]['subject'] == null ? '' : $res[0]['subject'])); + $this->setBodyWithTemplate(\Leaf\XSSHelpers::xscrub($res[0]['body'] == null ? '' : $res[0]['body'])); } /** @@ -578,12 +581,12 @@ private function getFields(int $recordID): array JOIN `indicators` USING (`indicatorID`) WHERE `recordID` = :recordID'; - $fields = $this->db->prepared_query($strSQL, $vars); - + $fields = $this->portal_db->prepared_query($strSQL, $vars); + $formattedFields = array(); - foreach($fields as $field) - { + foreach($fields as $field) + { if ($field["is_sensitive"] == 1) { $formattedFields[$field['indicatorID']] = "**********"; continue; @@ -626,14 +629,14 @@ private function getFields(int $recordID): array return $formattedFields; } - + // method for building grid private function buildGrid(array $data): string { // get the grid in the form of array $cells = $data['cells']; $headers = $data['names']; - + // build the grid $grid = ""; @@ -682,19 +685,27 @@ private function buildFileLink(string $data, string $id, string $series): string return $formattedData; } + private function getOrgchartEmployee(int $data): string + { + $employeeData = $this->employee->lookupEmpUID($data)[0]; + $employeeName = $employeeData["firstName"]." ".$employeeData["lastName"]; + + return $employeeName; + } + // method for building orgchart group, position, employee private function getOrgchartGroup(int $data): string { // reference the group by id - $group = new Group($this->db, $this->login); + $group = new Group($this->portal_db, $this->login); $groupName = $group->getGroupName($data); - + return $groupName; } private function getOrgchartPosition(int $data): string { - $position = new \Orgchart\Position($this->oc_db, $this->login); + $position = new \Orgchart\Position($this->nexus_db, $this->login); $positionName = $position->getTitle($data); return $positionName; diff --git a/LEAF_Request_Portal/sources/Form.php b/LEAF_Request_Portal/sources/Form.php index ee0a6b87f..4c7d4b2e9 100644 --- a/LEAF_Request_Portal/sources/Form.php +++ b/LEAF_Request_Portal/sources/Form.php @@ -501,7 +501,11 @@ public function getIndicator($indicatorID, $series, $recordID = null, $parseTemp && !empty($data[0]['data'])) { $empRes = $this->employee->lookupEmpUID($data[0]['data']); - $form[$idx]['displayedValue'] = "{$empRes[0]['firstName']} {$empRes[0]['lastName']}"; + if (!empty($empRes)) { + $form[$idx]['displayedValue'] = "{$empRes[0]['firstName']} {$empRes[0]['lastName']}"; + } else { + $form[$idx]['displayedValue'] = ''; + } } if ($data[0]['format'] == 'orgchart_position' && isset($data[0]['data'])) @@ -806,7 +810,7 @@ public function deleteAttachment(int $recordID, int $indicatorID, int $series, s $uploadDir = isset(Config::$uploadDir) ? Config::$uploadDir : UPLOAD_DIR; - if (isset($value[$index])) { + if (is_array($value) && isset($value[$index])) { $_POST['overwrite'] = true; $_POST['series'] = 1; $_POST[$indicatorID] = ''; @@ -2083,7 +2087,7 @@ public function checkReadAccess($records) } } - if($countPurged > 0) { + if($countPurged > 0 && !headers_sent()) { header('LEAF-Query: continue'); } diff --git a/LEAF_Request_Portal/sources/FormWorkflow.php b/LEAF_Request_Portal/sources/FormWorkflow.php index 0251ba4d5..708a373dc 100644 --- a/LEAF_Request_Portal/sources/FormWorkflow.php +++ b/LEAF_Request_Portal/sources/FormWorkflow.php @@ -1223,12 +1223,15 @@ private function getFields(): array switch(true) { case (str_starts_with($format, "grid") != false): - $data = $this->buildGrid(unserialize($data)); + if ($this->isJsonString($data) && is_array(json_decode($data))) { + $data = $this->buildGrid(json_decode($data)); + } break; case (str_starts_with($format, "checkboxes") != false): - case (str_starts_with($format, "multiselect") != false && is_array($data)): - error_log(print_r($data, true)); - $data = $this->buildMultiselect(unserialize($data)); + case (str_starts_with($format, "multiselect") != false): + if ($this->isJsonString($data) && is_array(json_decode($data))) { + $data = $this->buildMultiselect(json_decode($data)); + } break; case (str_starts_with($format, "radio") != false): case (str_starts_with($format, "checkbox") != false): @@ -1257,6 +1260,13 @@ private function getFields(): array return $formattedFields; } + private function isJsonString(mixed $data): bool + { + json_decode($data); + + return json_last_error() === 0; + } + // method for building grid private function buildGrid(array $data): string { diff --git a/LEAF_Request_Portal/sources/System.php b/LEAF_Request_Portal/sources/System.php index a9b7bcaeb..bdb887fa5 100644 --- a/LEAF_Request_Portal/sources/System.php +++ b/LEAF_Request_Portal/sources/System.php @@ -177,9 +177,9 @@ public function updateGroup(int $groupID): array $tag = new \Orgchart\Tag($oc_db, $this->login); // clear out old data first - $delete_groups = $this->clearGroups($groupID); + //$delete_groups = $this->clearGroups($groupID); - if ($delete_groups['status']['code'] == 2) { + //if ($delete_groups['status']['code'] == 2) { // find quadrad/ELT tag name $upperLevelTag = $tag->getParent('service'); $isQuadrad = false; @@ -272,7 +272,7 @@ public function updateGroup(int $groupID): array ) ); } - } else { + /* } else { // something happened with the delete groups $return_value = array ( 'status' => array ( @@ -280,7 +280,7 @@ public function updateGroup(int $groupID): array 'message' => 'There was an error when deleting groups.' ) ); - } + } */ } return $return_value; @@ -297,13 +297,13 @@ private function updateCatPrivs(int $groupID): array { $cat_privs = $this->getCatPrivs($groupID); - if ($cat_privs['status']['code'] == 2) { + if ($cat_privs['status']['code'] == 2 && !empty($cat_privs['data'])) { $return_value = $this->deleteCatPrivs($groupID); } else { $return_value = array ( 'status' => array ( - 'code' => 4, - 'message' => 'Action failed to add backups.' + 'code' => 2, + 'message' => 'Nothing to be done with category_privs' ) ); } @@ -521,7 +521,9 @@ private function insertGroup(int $groupID, bool $isQuadrad, string $title): arra ':groupDescription' => '', ); $sql = 'INSERT INTO `groups` (`groupID`, `parentGroupID`, `name`, `groupDescription`) - VALUES (:groupID, :parentGroupID, :name, :groupDescription)'; + VALUES (:groupID, :parentGroupID, :name, :groupDescription) + ON DUPLICATE KEY UPDATE `parentGroupID` = :parentGroupID, `name` = :name, + `groupDescription` = :groupDescription'; $return_value = $this->db->pdo_insert_query($sql, $vars); From 260e4b74af5f9ae58544b5dd446b78e83edd1ac7 Mon Sep 17 00:00:00 2001 From: mgaoVA <16783916+mgaoVA@users.noreply.github.com> Date: Fri, 11 Aug 2023 10:56:44 -0400 Subject: [PATCH 3/6] attempt to clear cookies --- LEAF_Nexus/sources/Login.php | 1 + LEAF_Request_Portal/sources/Login.php | 1 + 2 files changed, 2 insertions(+) diff --git a/LEAF_Nexus/sources/Login.php b/LEAF_Nexus/sources/Login.php index 0978a9878..3abd5e85a 100644 --- a/LEAF_Nexus/sources/Login.php +++ b/LEAF_Nexus/sources/Login.php @@ -237,6 +237,7 @@ public function logout() // $https = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on' ? true : false; $https = true; setcookie('PHPSESSID', '', time() - 3600, $cookie['path'], $cookie['domain'], $https, true); + setcookie('REMOTE_USER', '', time() - 3600, $cookie['path'], $cookie['domain'], $https, true); } public function isLogin() diff --git a/LEAF_Request_Portal/sources/Login.php b/LEAF_Request_Portal/sources/Login.php index 85df412db..bccc1e947 100644 --- a/LEAF_Request_Portal/sources/Login.php +++ b/LEAF_Request_Portal/sources/Login.php @@ -173,6 +173,7 @@ public function logout() // $https = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on' ? true : false; $https = true; setcookie('PHPSESSID', '', time() - 3600, $cookie['path'], $cookie['domain'], $https, true); + setcookie('REMOTE_USER', '', time() - 3600, $cookie['path'], $cookie['domain'], $https, true); } public function isLogin() From 2ac65c4f36352c22d6b54d0c15fafdcf733a04e0 Mon Sep 17 00:00:00 2001 From: Jamie P Holcomb Date: Fri, 11 Aug 2023 11:06:37 -0400 Subject: [PATCH 4/6] Leaf 3932 - UAG bug fix --- LEAF_Request_Portal/sources/System.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LEAF_Request_Portal/sources/System.php b/LEAF_Request_Portal/sources/System.php index bdb887fa5..c9b9d2303 100644 --- a/LEAF_Request_Portal/sources/System.php +++ b/LEAF_Request_Portal/sources/System.php @@ -468,7 +468,7 @@ private function insertUser(int $groupID, array $emp): array $vars = array(':userID' => $emp['userName'], ':groupID' => $groupID, ); $sql = 'INSERT INTO `users` (`userID`, `groupID`, `backupID`, `active`) - VALUES (:userID, :groupID, "", 0) + VALUES (:userID, :groupID, "", 1) ON DUPLICATE KEY UPDATE `userID` = :userID, `groupID` = :groupID'; $return_value = $this->db->pdo_insert_query($sql, $vars); From 236ed3e8ef813083c06fe34c24832e7979cad9f0 Mon Sep 17 00:00:00 2001 From: Jamie P Holcomb Date: Mon, 14 Aug 2023 07:26:18 -0400 Subject: [PATCH 5/6] Leaf 3932 - update UAG to remove emp from portal --- LEAF_Request_Portal/sources/Group.php | 30 +++++++++----------------- LEAF_Request_Portal/sources/System.php | 7 +++--- 2 files changed, 13 insertions(+), 24 deletions(-) diff --git a/LEAF_Request_Portal/sources/Group.php b/LEAF_Request_Portal/sources/Group.php index da2ea0394..d48e81b94 100644 --- a/LEAF_Request_Portal/sources/Group.php +++ b/LEAF_Request_Portal/sources/Group.php @@ -139,33 +139,23 @@ public function removeGroup($groupID): bool|string * * Created at: 9/15/2022, 8:51:59 AM (America/New_York) */ - public function removeUser(string $userID, int $groupID, string|null $backupID): array + public function removeUser(string $userID, int $groupID, string $backupID = ""): array { $this->dataActionLogger->logAction(\Leaf\DataActions::DELETE, \Leaf\LoggableTypes::EMPLOYEE, [ new \Leaf\LogItem("users", "userID", $userID, $this->getEmployeeDisplay($userID)), new \Leaf\LogItem("users", "groupID", $groupID, $this->getGroupName($groupID)) ]); - if ($backupID == null) { - $sql_vars = array(':userID' => $userID, - ':groupID' => $groupID,); + $vars = array(':userID' => $userID, + ':groupID' => $groupID, + ':backupID' => $backupID); + $sql = 'DELETE + FROM `users` + WHERE `userID` = :userID + AND `groupID` = :groupID + AND `backupID` = :backupID'; - $result = $this->db->prepared_query('DELETE FROM users - WHERE userID=:userID - AND groupID=:groupID - AND backupID IS NULL', - $sql_vars); - } else { - $sql_vars = array(':userID' => $userID, - ':groupID' => $groupID, - ':backupID' => $backupID, ); - - $result = $this->db->prepared_query('DELETE FROM users - WHERE userID=:userID - AND groupID=:groupID - AND backupID=:backupID', - $sql_vars); - } + $result = $this->db->prepared_query($sql, $vars); return (array) $result; } diff --git a/LEAF_Request_Portal/sources/System.php b/LEAF_Request_Portal/sources/System.php index c9b9d2303..9fccd853f 100644 --- a/LEAF_Request_Portal/sources/System.php +++ b/LEAF_Request_Portal/sources/System.php @@ -193,7 +193,7 @@ public function updateGroup(int $groupID): array $insert_group = $this->insertGroup($groupID, $isQuadrad, $resGroup['groupTitle']); if ($insert_group['status']['code'] == 2) { - $delete_user_backups = $this->deleteUserBackups($groupID); + $delete_user_backups = $this->deleteUsers($groupID); if ($delete_user_backups['status']['code'] == 2) { $resEmp = array(); @@ -491,13 +491,12 @@ private function insertUser(int $groupID, array $emp): array * * Created at: 6/30/2023, 1:27:47 PM (America/New_York) */ - private function deleteUserBackups(int $groupID): array + private function deleteUsers(int $groupID): array { $vars = array(':groupID' => $groupID); $sql = 'DELETE FROM `users` - WHERE `backupID` <> "" - AND `groupID` = :groupID'; + WHERE `groupID` = :groupID'; $return_value = $this->db->pdo_delete_query($sql , $vars); From 6c1b1e8990885f79136ddb5d9808156df00ebcb7 Mon Sep 17 00:00:00 2001 From: Jamie P Holcomb Date: Mon, 14 Aug 2023 07:44:54 -0400 Subject: [PATCH 6/6] Leaf 3932 - keep locals --- LEAF_Request_Portal/sources/System.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/LEAF_Request_Portal/sources/System.php b/LEAF_Request_Portal/sources/System.php index 9fccd853f..173fd77c5 100644 --- a/LEAF_Request_Portal/sources/System.php +++ b/LEAF_Request_Portal/sources/System.php @@ -496,7 +496,8 @@ private function deleteUsers(int $groupID): array $vars = array(':groupID' => $groupID); $sql = 'DELETE FROM `users` - WHERE `groupID` = :groupID'; + WHERE `groupID` = :groupID + AND `locallyManaged` = 0'; $return_value = $this->db->pdo_delete_query($sql , $vars);