From dbac85204f3ffdfa869f4336e2baec20a7f0905e Mon Sep 17 00:00:00 2001 From: Anatoly Date: Thu, 7 Jun 2018 13:33:18 +0300 Subject: [PATCH 1/3] whitelist --- src/Filter/Login.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/Filter/Login.php b/src/Filter/Login.php index 70ad01d..2891e2e 100644 --- a/src/Filter/Login.php +++ b/src/Filter/Login.php @@ -17,7 +17,8 @@ class Filter_Login extends Filter_Filter //AJAX-Реквесты для которых не требуется авторизация, потребовалось для сбора статистики public $whiteRequestList = [['module' => "requiredcontent", "action" => "getcount"], ['module' => "requiredcontent", "action" => "teststructure"], - ['module' => "requiredcontent", "action" => "specialdump"] + ['module' => "requiredcontent", "action" => "specialdump"], + ['module' => "requiredcontent", "action" => "MDOUMonitoring"] ]; /** * Проверка авторизации From cbd50862ce920c74a6093561de0a802e49a3514b Mon Sep 17 00:00:00 2001 From: "CORP\\phedor" Date: Fri, 8 Jun 2018 15:20:43 +0300 Subject: [PATCH 2/3] =?UTF-8?q?schema=20=D0=B4=D0=BB=D1=8F=20bd?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/Controller/Component.php | 2 +- src/Controller/Service.php | 5 ++++- src/Database.php | 4 ++++ 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/src/Controller/Component.php b/src/Controller/Component.php index efc3cdf..e5a4bc2 100644 --- a/src/Controller/Component.php +++ b/src/Controller/Component.php @@ -273,7 +273,7 @@ class Controller_Component $instance->componentsConfig[] = $editor; } else { global $componentsConfig; - $componentsConfig[] = $editor; + $componentsConfig[] = $editor; } } diff --git a/src/Controller/Service.php b/src/Controller/Service.php index 46f96aa..5bc439f 100644 --- a/src/Controller/Service.php +++ b/src/Controller/Service.php @@ -5,11 +5,14 @@ */ class Controller_Service { - public $viewPath = array(); + public $viewPath = []; + public $webPath = []; public $registry; // Registry->getInstance public $template; public $templatePath; public $COMPONENTS_WEB; + + public $db; public function getTemplatePath($name) { diff --git a/src/Database.php b/src/Database.php index 415619d..9544526 100644 --- a/src/Database.php +++ b/src/Database.php @@ -35,6 +35,10 @@ class Database extends PDO if ($dsn['phptype'] == 'pgsql') { $connection->query('SET client_encoding="UTF-8"'); } + + if (isset($dsn['schema'])) { + $connection->query('SET search_path TO ' . $dsn['schema']); + } } if ($dsn['phptype'] == 'sqlite') { /*.Database.*/$connection = new static("{$dsn['phptype']}:{$dsn['database']}"); From aa61c2ddc10c4a1f5bccd7f217561637ac0b76d1 Mon Sep 17 00:00:00 2001 From: Origami11 Date: Tue, 14 Jan 2020 10:40:01 +0300 Subject: [PATCH 3/3] =?UTF-8?q?=D0=A1=D0=B8=D0=BD=D1=85=D1=80=D0=BE=D0=BD?= =?UTF-8?q?=D0=B8=D0=B7=D0=B0=D1=86=D0=B8=D1=8F=20=D1=81=20=D1=81=D0=B5?= =?UTF-8?q?=D1=80=D0=B2=D0=B5=D1=80=D0=BE=D0=BC?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/Controller/Component.php | 3 ++- src/Controller/Service.php | 9 +++++++++ src/Database.php | 6 ++++++ src/Database/PDOStatement.php | 8 +++++++- src/Database/Statement.php | 18 ++++++------------ src/Excel/Number.php | 2 +- src/Filter/Login.php | 16 +++++++++++----- src/Filter/UserAccess.php | 2 +- src/Tools/TemplateImage.php | 2 +- src/Validator/Rule/Date.php | 1 + src/View/Page.php | 4 ++-- 11 files changed, 47 insertions(+), 24 deletions(-) diff --git a/src/Controller/Component.php b/src/Controller/Component.php index e5a4bc2..65587fb 100644 --- a/src/Controller/Component.php +++ b/src/Controller/Component.php @@ -23,7 +23,8 @@ class ComponentRequest { if ($key == 'active_page') { return $this->r->get($key); } - if ($arr = $this->r->get($key)) { + $arr = $this->r->get($key); + if ($arr !== NULL) { if (is_array($arr)) { return Arr::get($arr, $this->component_id, $default); } else { diff --git a/src/Controller/Service.php b/src/Controller/Service.php index 5bc439f..a1f7185 100644 --- a/src/Controller/Service.php +++ b/src/Controller/Service.php @@ -61,5 +61,14 @@ class Controller_Service } return $result; } + + function getInfo() { + $filename = Path::join($this->viewPath[0], 'install.json'); + if (file_exists($filename)) { + $settings = json_decode(File::getContents($filename), true); + return $settings; + } + return array(); + } } diff --git a/src/Database.php b/src/Database.php index 9544526..def3072 100644 --- a/src/Database.php +++ b/src/Database.php @@ -13,8 +13,14 @@ class Database extends PDO { parent::__construct($dsn, $username, $password); $this->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); + $this->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC); $this->setAttribute(PDO::ATTR_STATEMENT_CLASS, array('Database_PDOStatement', array())); } + + function prepare($sql, $args = []) { + $result = parent::prepare($sql, $args); + return $result; + } public function getDSN() { diff --git a/src/Database/PDOStatement.php b/src/Database/PDOStatement.php index 4561611..43c7564 100644 --- a/src/Database/PDOStatement.php +++ b/src/Database/PDOStatement.php @@ -74,7 +74,7 @@ class Database_PDOStatement extends PDOStatement implements IteratorAggregate } function getString($name) { - return $this->fields[$name]; + return isset($this->fields[$name]) ? $this->fields[$name]: null; } function getBoolean($name) { @@ -92,4 +92,10 @@ class Database_PDOStatement extends PDOStatement implements IteratorAggregate function getRecordCount() { return count($this->cache); } + + function execute($args = null) { + $result = parent::execute($args); + return $result; + } + } diff --git a/src/Database/Statement.php b/src/Database/Statement.php index 80b77da..dbcee3a 100644 --- a/src/Database/Statement.php +++ b/src/Database/Statement.php @@ -17,33 +17,27 @@ class Database_Statement $this->conn = $conn; } - function setInt($n, $value) - { + function setInt($n, $value) { $this->binds [] = array($n, $value, PDO::PARAM_INT); } - function setString($n, $value) - { + function setString($n, $value) { $this->binds [] = array($n, $value, PDO::PARAM_STR); } - function setBlob($n, $value) - { + function setBlob($n, $value) { $this->binds [] = array($n, $value, PDO::PARAM_LOB); } - function setLimit($limit) - { + function setLimit($limit) { $this->limit = $limit; } - function setOffset($offset) - { + function setOffset($offset) { $this->offset = $offset; } - function executeQuery() - { + function executeQuery() { if ($this->limit) { $this->query .= " LIMIT {$this->limit} OFFSET {$this->offset}"; } diff --git a/src/Excel/Number.php b/src/Excel/Number.php index 66dd6b6..dfc220a 100644 --- a/src/Excel/Number.php +++ b/src/Excel/Number.php @@ -6,7 +6,7 @@ class Excel_Number function __construct($value) { - $this->value = intval($value); + $this->value = (int)($value); } function getString() diff --git a/src/Filter/Login.php b/src/Filter/Login.php index 2891e2e..b7e9cac 100644 --- a/src/Filter/Login.php +++ b/src/Filter/Login.php @@ -13,13 +13,18 @@ class Filter_Login extends Filter_Filter const SESSION_BROWSER_SIGN_SECRET = '@w3dsju45Msk#'; const SESSION_BROWSER_SIGN_KEYNAME = 'session.app.browser.sign'; public $mode = 'ajax'; + public $user; //AJAX-Реквесты для которых не требуется авторизация, потребовалось для сбора статистики - public $whiteRequestList = [['module' => "requiredcontent", "action" => "getcount"], - ['module' => "requiredcontent", "action" => "teststructure"], - ['module' => "requiredcontent", "action" => "specialdump"], - ['module' => "requiredcontent", "action" => "MDOUMonitoring"] - ]; + public $whiteRequestList = [ + ['module' => "requiredcontent", "action" => "getcount"], + ['module' => "requiredcontent", "action" => "teststructure"], + ['module' => "requiredcontent", "action" => "specialdump"], + ['module' => "requiredcontent", "action" => "OrgMonitoring"], + ['module' => "requiredcontent", "action" => "OrgMonitoringSchema"], + ['module' => "appeals", "action" => "changestatus"], + ['module' => "appeals", "action" => "savestatus"] + ]; /** * Проверка авторизации * @return Boolean Авторизовани пользователь или нет @@ -30,6 +35,7 @@ class Filter_Login extends Filter_Filter session_start(); $db = $this->getConnection(); Filter_UserAccess::setUp($db); // Соединение + switch ($request->getAction()) { // Авторизация по постоянному паролю case 'login': diff --git a/src/Filter/UserAccess.php b/src/Filter/UserAccess.php index ce27a66..fbf97b4 100644 --- a/src/Filter/UserAccess.php +++ b/src/Filter/UserAccess.php @@ -62,7 +62,7 @@ class Filter_UserAccess $time = time(); if ($time - $lasttime > self::LIFE_TIME) return null; // Вышло время сессии $id = self::$id; - self::$db->executeQuery("UPDATE users SET lasttime = $time WHERE id_user = $id"); // Время последнего обращения входа + // self::$db->executeQuery("UPDATE users SET lasttime = $time WHERE id_user = $id"); // Время последнего обращения входа } return $result; } diff --git a/src/Tools/TemplateImage.php b/src/Tools/TemplateImage.php index 6ce9a33..171f285 100644 --- a/src/Tools/TemplateImage.php +++ b/src/Tools/TemplateImage.php @@ -134,7 +134,7 @@ class Tools_TemplateImage } if ($value->valign[0]) { - $valign = Drawing::ALIGN_TOP; + $valign = Tools_Drawing::ALIGN_TOP; } elseif ($value->valign[1]) { $valign = Tools_Drawing::ALIGN_CENTER; } else { diff --git a/src/Validator/Rule/Date.php b/src/Validator/Rule/Date.php index be8e17e..166907a 100644 --- a/src/Validator/Rule/Date.php +++ b/src/Validator/Rule/Date.php @@ -15,6 +15,7 @@ class Validator_Rule_Date extends Validator_Rule_Abstract public function isValid(Collection $container, $status = null) { $pattern = "/^([0-9]{1,2})\/([0-9]{1,2})\/([0-9]{4})$/"; + $matches = []; return (preg_match($pattern, $container->get($this->field), $matches) && checkdate($matches[2], $matches[1], $matches[3])); } diff --git a/src/View/Page.php b/src/View/Page.php index a280f26..1982fcb 100644 --- a/src/View/Page.php +++ b/src/View/Page.php @@ -8,7 +8,7 @@ class View_Page extends View_View function __construct($data) { // Вставка компонентов на странице - $pattern = '/<(\w+)(\s+[a-zA-Z\-]+=\"[^\"]*\")*\s+tal:replace="structure\s+component:([^\"]*)"[^>]*>/u'; + $pattern = '/<(\w+)(\s+[a-zA-Z\-]+(=\"[^\"]*\")?)*\s+tal:replace="structure\s+component:([^\"]*)"[^>]*>/u'; $matches = array(); preg_match_all($pattern, $data, $matches, PREG_OFFSET_CAPTURE, 0); @@ -20,7 +20,7 @@ class View_Page extends View_View $split[] = array('type' => 'page-text', 'content' => $text, 'component' => '', 'module' => ''); } $offset = $match[1] + strlen($match[0]); - $split[] = $this->replaceContent($matches[3][$key][0], $matches[3][$key][1]); + $split[] = $this->replaceContent($matches[4][$key][0], $matches[4][$key][1]); } $text = $this->fixHTML(substr($data, $offset)); if (trim($text)) {