Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
I
intranet-rest
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
project-open
intranet-rest
Commits
8f7c9ea6
Commit
8f7c9ea6
authored
Jun 11, 2020
by
Frank Bergmann
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
- Improving security by added -limit_to xxx to all im_opt_val calls
parent
998f1026
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
5 additions
and
5 deletions
+5
-5
intranet-rest-authentication-procs.tcl
tcl/intranet-rest-authentication-procs.tcl
+1
-1
intranet-rest-create-procs.tcl
tcl/intranet-rest-create-procs.tcl
+4
-4
No files found.
tcl/intranet-rest-authentication-procs.tcl
View file @
8f7c9ea6
...
@@ -161,7 +161,7 @@ ad_proc -private im_rest_authenticate {
...
@@ -161,7 +161,7 @@ ad_proc -private im_rest_authenticate {
# internal debugging: Try to track down issue #42853
# internal debugging: Try to track down issue #42853
if
{[
im_table_exists crm_online_interactions
]}
{
if
{[
im_table_exists crm_online_interactions
]}
{
set user_system_id
[
im_opt_val system_id
]
set user_system_id
[
im_opt_val
-limit_to nohtml
system_id
]
if
{
""
ne
$user
_system_id
}
{
if
{
""
ne
$user
_system_id
}
{
crm_basic_interaction -interaction_type_id 3235 -system_id
$user
_system_id -message
[
im_url_with_query
]
crm_basic_interaction -interaction_type_id 3235 -system_id
$user
_system_id -message
[
im_url_with_query
]
}
}
...
...
tcl/intranet-rest-create-procs.tcl
View file @
8f7c9ea6
...
@@ -591,10 +591,10 @@ ad_proc -private im_rest_post_object_type_im_company {
...
@@ -591,10 +591,10 @@ ad_proc -private im_rest_post_object_type_im_company {
ns_log Notice
"im_rest_post_object_type_
$rest
_otype: Create new main_office_id for company"
ns_log Notice
"im_rest_post_object_type_
$rest
_otype: Create new main_office_id for company"
# Make sure all important fields are somehow defined
# Make sure all important fields are somehow defined
if
{
!
[
info
exists office_name
]
||
""
==
$office
_name
}
{
set office_name
"
[
im_opt_val company_name
]
Main Office"
}
if
{
!
[
info
exists office_name
]
||
""
==
$office
_name
}
{
set office_name
"
[
im_opt_val
-limit_to nohtml
company_name
]
Main Office"
}
if
{
!
[
info
exists office_path
]
||
""
==
$office
_path
}
{
if
{
!
[
info
exists office_path
]
||
""
==
$office
_path
}
{
# Take company_name, make it lower and replace any strange chars with
"_"
# Take company_name, make it lower and replace any strange chars with
"_"
set office_path
[
string
tolower
[
im_opt_val company_name
]]
set office_path
[
string
tolower
[
im_opt_val
-limit_to nohtml
company_name
]]
regsub -all
{[
^a-z0-9
]}
$office
_path
"_"
office_path
regsub -all
{[
^a-z0-9
]}
$office
_path
"_"
office_path
}
}
if
{
!
[
info
exists office_status_id
]
||
""
==
$office
_status_id
}
{
set office_status_id
[
im_office_status_active
]
}
if
{
!
[
info
exists office_status_id
]
||
""
==
$office
_status_id
}
{
set office_status_id
[
im_office_status_active
]
}
...
@@ -1389,12 +1389,12 @@ ad_proc -private im_rest_post_object_type_im_hour_interval {
...
@@ -1389,12 +1389,12 @@ ad_proc -private im_rest_post_object_type_im_hour_interval {
if
{
!
[
info
exists
$var
]}
{
if
{
!
[
info
exists
$var
]}
{
return
[
im_rest_error -format
$format
-http_status 406 -message
"Variable '
$var
' not specified. The following variables are required:
$required
_vars"
]
return
[
im_rest_error -format
$format
-http_status 406 -message
"Variable '
$var
' not specified. The following variables are required:
$required
_vars"
]
}
}
# Fix timestamp format between JavaScript and PostgreSQL 8.4/9.x
# Fix timestamp format between JavaScript and PostgreSQL 8.4/9.x
# Wed Jul 23 2014 19:23:26 GMT+0200
(
Romance Daylight Time
)
# Wed Jul 23 2014 19:23:26 GMT+0200
(
Romance Daylight Time
)
switch
$var
{
switch
$var
{
interval_start - interval_end
{
interval_start - interval_end
{
set val
[
im_rest_normalize_timestamp
[
im_opt_val
$var
]]
set val
[
im_rest_normalize_timestamp
[
im_opt_val
-limit_to nohtml
$var
]]
set
$var
$val
set
$var
$val
set hash_array
(
$var
)
$val
set hash_array
(
$var
)
$val
}
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment