From 0f1d4ae1fa90adb4e8785dbebe7565d44f97fbeb Mon Sep 17 00:00:00 2001 From: saravanan_477at17 Date: Mon, 28 Feb 2022 10:34:12 +0530 Subject: [PATCH 01/19] Fixes #4376: User activities API call changes added --- server/php/libs/core.php | 3 --- sql/upgrade-1.7-1.7.1.sql | 15 ++++++++++++++- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/server/php/libs/core.php b/server/php/libs/core.php index 9d5f24d1e..bd66b8427 100644 --- a/server/php/libs/core.php +++ b/server/php/libs/core.php @@ -536,9 +536,6 @@ function checkAclLinks($r_request_method = 'GET', $r_resource_cmd = '/users', $r if (!empty($r_request_method) && ($r_request_method === 'POST') && !empty($r_resource_cmd) && ($r_resource_cmd === '/settings')) { $r_request_method = 'GET'; } - if (!empty($r_request_method) && ($r_request_method === 'GET') && !empty($r_resource_cmd) && ($r_resource_cmd === '/users/?/activities')) { - return true; - } if (!empty($r_request_method) && ($r_request_method === 'PUT') && !empty($r_resource_cmd) && $r_resource_cmd === '/users/?' && !empty($post_data['last_activity_id'])) { return true; } diff --git a/sql/upgrade-1.7-1.7.1.sql b/sql/upgrade-1.7-1.7.1.sql index c313bcc27..de2400e9a 100644 --- a/sql/upgrade-1.7-1.7.1.sql +++ b/sql/upgrade-1.7-1.7.1.sql @@ -106,4 +106,17 @@ SELECT cards.id, FROM (((cards cards LEFT JOIN users u ON ((u.id = cards.user_id))) LEFT JOIN boards b ON ((b.id = cards.board_id))) - LEFT JOIN lists l ON ((l.id = cards.list_id))); \ No newline at end of file + LEFT JOIN lists l ON ((l.id = cards.list_id))); + +DELETE FROM "acl_links_roles" WHERE acl_link_id = (select id from acl_links where slug='user_activities_listing'); +DELETE FROM "acl_links" WHERE slug = 'user_activities_listing'; + +SELECT pg_catalog.setval('acl_links_id_seq', (SELECT MAX(id) FROM acl_links), true); + +INSERT INTO "acl_links" ("created", "modified", "name", "url", "method", "slug", "group_id", "is_user_action", "is_guest_action", "is_admin_action", "is_hide", "is_default") values ('now()', 'now()', 'User activities', '/users/?/activities', 'GET', 'user_activities_listing', '2', '1', '0', '0', '0', 't'); + +SELECT pg_catalog.setval('acl_links_roles_roles_id_seq', (SELECT MAX(id) FROM acl_links_roles), true); + +INSERT INTO "acl_links_roles" ("created", "modified", "acl_link_id", "role_id") VALUES +(now(), now(), (select id from acl_links where slug='user_activities_listing'), '1'), +(now(), now(), (select id from acl_links where slug='user_activities_listing'), '2'); \ No newline at end of file From 2f0228fded4ba00a4feeef6f63711025a21669e2 Mon Sep 17 00:00:00 2001 From: saravanan_477at17 Date: Mon, 28 Feb 2022 11:50:29 +0530 Subject: [PATCH 02/19] Fixes #4376: User activities API call changes added --- sql/restyaboard_with_empty_data.sql | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sql/restyaboard_with_empty_data.sql b/sql/restyaboard_with_empty_data.sql index 85f6105e6..cd72cdc45 100644 --- a/sql/restyaboard_with_empty_data.sql +++ b/sql/restyaboard_with_empty_data.sql @@ -4360,6 +4360,7 @@ COPY public.acl_links (id, created, modified, name, url, method, slug, group_id, 157 2020-06-12 19:03:13.498349 2020-06-12 19:03:13.498349 Card search with Custom Field /cards/search GET view_card_search_custom_field 3 1 0 1 0 f 158 2020-06-12 19:21:43.506093 2020-06-12 19:21:43.506093 Card search with Custom Field /cards/search GET view_card_search_custom_field 3 1 0 1 0 f 159 2021-07-24 12:21:21.858991 2021-07-24 12:21:21.858991 Login /users/login POST users_login 1 0 1 0 0 f +160 2022-02-28 10:41:23.833814 2022-02-28 10:41:23.833814 User activities /users/?/activities GET user_activities_listing 2 1 0 0 0 t \. @@ -4512,6 +4513,8 @@ COPY public.acl_links_roles (id, created, modified, acl_link_id, role_id) FROM s 1279 2020-06-12 19:03:13.573564 2020-06-12 19:03:13.573564 157 1 1280 2020-06-12 19:03:13.573564 2020-06-12 19:03:13.573564 157 2 1281 2021-07-24 12:21:21.875677 2021-07-24 12:21:21.875677 159 3 +1282 2022-02-28 10:41:23.836104 2022-02-28 10:41:23.836104 160 1 +1283 2022-02-28 10:41:23.836104 2022-02-28 10:41:23.836104 160 2 \. From d084752d0b3e5265e956b5369eb598068647a29f Mon Sep 17 00:00:00 2001 From: saravanan_477at17 Date: Mon, 28 Feb 2022 12:12:49 +0530 Subject: [PATCH 03/19] Fixes #4378: Media directories access Nginx configuration changes added --- docker-scripts/nginx.conf | 4 ++++ restyaboard.conf | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/docker-scripts/nginx.conf b/docker-scripts/nginx.conf index 9341ad75b..7f048a0aa 100644 --- a/docker-scripts/nginx.conf +++ b/docker-scripts/nginx.conf @@ -29,6 +29,10 @@ server { root /var/lib/nginx/html/client; } + location ^~ /media { + deny all; + } + location ~ \.php$ { try_files $uri =404; include fastcgi_params; diff --git a/restyaboard.conf b/restyaboard.conf index effec5d14..83621345e 100644 --- a/restyaboard.conf +++ b/restyaboard.conf @@ -29,6 +29,10 @@ server { root /usr/share/nginx/html/client; } + location ^~ /media { + deny all; + } + location ~ \.php$ { try_files $uri =404; include fastcgi_params; From 1ae814c22aae92e593aab678e99a05d663d60e3c Mon Sep 17 00:00:00 2001 From: saravanan_477at17 Date: Mon, 28 Feb 2022 12:31:23 +0530 Subject: [PATCH 04/19] Fixes #4380: Card attachment update API call changes added --- server/php/R/r.php | 24 +++--------------------- server/php/download.php | 10 +++++++--- 2 files changed, 10 insertions(+), 24 deletions(-) diff --git a/server/php/R/r.php b/server/php/R/r.php index 487e5b8c6..8fb129673 100644 --- a/server/php/R/r.php +++ b/server/php/R/r.php @@ -7692,24 +7692,6 @@ function r_put($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_put) echo json_encode($response); break; - case '/boards/?/lists/?/cards/?/attachments/?': // card attachment update - $table_name = 'card_attachments'; - $id = $r_resource_vars['attachments']; - $foreign_ids['board_id'] = $r_resource_vars['boards']; - $foreign_ids['list_id'] = $r_resource_vars['lists']; - $foreign_ids['card_id'] = $r_resource_vars['cards']; - $data = array( - $foreign_ids['card_id'], - $foreign_ids['board_id'], - $foreign_ids['list_id'] - ); - pg_query_params($db_lnk, 'UPDATE card_attachments SET is_cover = false WHERE card_id = $1 AND board_id = $2 AND list_id = $3', $data); - $comment = '##USER_NAME## updated card attachments to this card ##CARD_LINK##'; - $activity_type = 'update_card_attachment'; - $response = update_query($table_name, $id, $r_resource_cmd, $r_put, $comment, $activity_type, $foreign_ids); - echo json_encode($response); - break; - case '/boards/?/lists/?/cards/?/checklists/?': $table_name = 'checklists'; $id = $r_resource_vars['checklists']; @@ -8315,21 +8297,21 @@ function r_delete($r_resource_cmd, $r_resource_vars, $r_resource_filters) $attachment = executeQuery('SELECT name, path FROM card_attachments WHERE id = $1', $qry_val_arr); if (!empty($attachment)) { $file = MEDIA_PATH . DS . $attachment['path']; - if (file_exists($file)) { + if (file_exists($file) && strpos(realpath($file), MEDIA_PATH) !== false) { unlink($file); } foreach ($thumbsizes['CardAttachment'] as $key => $value) { $file_ext = explode('.', $attachment['name']); $hash = md5(SECURITYSALT . 'CardAttachment' . $r_resource_vars['attachments'] . $file_ext[1] . $key); $thumb_file = IMG_PATH . DS . $key . DS . 'CardAttachment' . DS . $r_resource_vars['attachments'] . '.' . $hash . '.' . $file_ext[1]; - if (file_exists($thumb_file)) { + if (file_exists($thumb_file) && strpos(realpath($thumb_file), IMG_PATH) !== false) { unlink($thumb_file); } } $file_ext = explode('.', $attachment['name']); $hash = md5(SECURITYSALT . 'CardAttachment' . $r_resource_vars['attachments'] . $file_ext[1] . $key); $thumb_file = IMG_PATH . DS . 'original' . DS . 'CardAttachment' . DS . $r_resource_vars['attachments'] . '.' . $hash . '.' . $file_ext[1]; - if (file_exists($thumb_file)) { + if (file_exists($thumb_file) && strpos(realpath($thumb_file), IMG_PATH) !== false) { unlink($thumb_file); } } diff --git a/server/php/download.php b/server/php/download.php index 57377ed69..a5933c111 100644 --- a/server/php/download.php +++ b/server/php/download.php @@ -30,7 +30,7 @@ $board = pg_fetch_assoc($result); if (!empty($board) && $board['board_visibility'] === '2') { $file = MEDIA_PATH . DS . $attachment['path']; - if (file_exists($file)) { + if (file_exists($file) && strpos(realpath($file) , MEDIA_PATH) !== false) { $basename = basename($file); $add_slash = addcslashes($basename, '"\\'); $quoted = sprintf('"%s"', $add_slash); @@ -61,6 +61,8 @@ } readfile($file); exit; + } else { + header($_SERVER['SERVER_PROTOCOL'] . ' 404 Not Found', true, 404); } } else if (isset($_COOKIE['auth'])) { $auth = json_decode($_COOKIE['auth'], true); @@ -84,7 +86,7 @@ $board_user = pg_fetch_assoc($result); if (!empty($board_user) || ($auth['user']['role_id'] == 1)) { $file = MEDIA_PATH . DS . $attachment['path']; - if (file_exists($file)) { + if (file_exists($file) && strpos(realpath($file) , MEDIA_PATH) !== false) { $basename = basename($file); $add_slash = addcslashes($basename, '"\\'); $quoted = sprintf('"%s"', $add_slash); @@ -115,6 +117,8 @@ } readfile($file); exit; + } else { + header($_SERVER['SERVER_PROTOCOL'] . ' 404 Not Found', true, 404); } } else { header($_SERVER['SERVER_PROTOCOL'] . ' 401 Unauthorized 1', true, 401); @@ -138,7 +142,7 @@ $md5_hash = md5(SECURITYSALT . $_GET['id'] . '.csv'); if ($md5_hash == $_GET['hash']) { $file = MEDIA_PATH . DS . 'reports' . DS . $_GET['id'] . '.csv'; - if (file_exists($file)) { + if (file_exists($file) && strpos(realpath($file) , MEDIA_PATH) !== false) { $basename = basename($file); $add_slash = addcslashes($basename, '"\\'); $quoted = sprintf('"%s"', $add_slash); From 6288910aad7b92fd0d3672ed00c151df5664c747 Mon Sep 17 00:00:00 2001 From: saravanan_477at17 Date: Mon, 28 Feb 2022 12:41:03 +0530 Subject: [PATCH 05/19] Fixes #4382: Site URL for Shell file changes added --- server/php/R/r.php | 8 +++++--- server/php/bootstrap.php | 1 + server/php/config.inc.php | 1 + 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/server/php/R/r.php b/server/php/R/r.php index 487e5b8c6..b0965df8b 100644 --- a/server/php/R/r.php +++ b/server/php/R/r.php @@ -17,9 +17,11 @@ $r_debug = ''; $authUser = $client = $form = array(); $_server_protocol = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') ? 'https' : 'http'; -$request_uri_arr = explode('/api/', $_SERVER['REQUEST_URI'], 2); -$_server_context = $request_uri_arr[0]; -$_server_domain_url = $_server_protocol . '://' . $_SERVER['HTTP_HOST'] . $_server_context; // http://localhost/context +// Please uncomment the below line for the sub folder usage +// $request_uri_arr = explode('/api/', $_SERVER['REQUEST_URI'], 2); +// $_server_context = $request_uri_arr[0]; +// $_server_domain_url = $_server_protocol . '://' . $_SERVER['HTTP_HOST'] . $_server_context; // http://localhost/context +$_server_domain_url = $_server_protocol . '://' . $_SERVER['HTTP_HOST']; header('x-response-url:' . $_SERVER['REQUEST_URI']); header('Access-Control-Allow-Origin: *'); header('Access-Control-Allow-Methods: *'); diff --git a/server/php/bootstrap.php b/server/php/bootstrap.php index 1404f0c62..eeb82760a 100644 --- a/server/php/bootstrap.php +++ b/server/php/bootstrap.php @@ -48,6 +48,7 @@ function main() fwrite($fh, ' Date: Mon, 28 Feb 2022 12:52:37 +0530 Subject: [PATCH 06/19] Fixes #4383: Diagnose file changes added --- README.md | 4 ++++ diagnose.php | 6 ++++++ 2 files changed, 10 insertions(+) diff --git a/README.md b/README.md index 71f203ddd..d35296096 100644 --- a/README.md +++ b/README.md @@ -72,6 +72,10 @@ sudo ./restyaboard.sh * Change admin email and password * To add/reply cards via email, visit `/#/settings/10` to configure IMAP settings +### Diagnose Configuration +* You can check the status of the Restyaboard in the diagnose and you can access the diagnose page using username `restya`, password `restya123` +* You can also configure the different password for the diagnose page by following the instructions from the link https://www.php.net/manual/en/features.http-auth.php + ### Forum * [Restya Google Group](https://groups.google.com/d/forum/restya) diff --git a/diagnose.php b/diagnose.php index b326ff8c0..75c26c623 100755 --- a/diagnose.php +++ b/diagnose.php @@ -12,6 +12,12 @@ * @license http://restya.com/ Restya Licence * @link http://restya.com/ */ +if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']) || $_SERVER['PHP_AUTH_USER'] != 'restya' ||$_SERVER['PHP_AUTH_PW'] != 'restya123') { // https://www.php.net/manual/en/features.http-auth.php + header("WWW-Authenticate: Basic realm=\"Newsletter\""); + header("HTTP/1.0 401 Unauthorized"); + echo '

Rejected!

Wrong Username or Password!'; + exit; +} $nginx_class = true; exec("which nginx", $nginx_version); if (!empty($nginx_version[0])) { From c11e778eb4c23879e1e2ceb9e384e65f22b6bf54 Mon Sep 17 00:00:00 2001 From: saravanan_477at17 Date: Mon, 28 Feb 2022 16:05:36 +0530 Subject: [PATCH 07/19] Fixes #4383: Diagnose file changes added --- .htpasswd | 1 + diagnose.php | 6 ------ docker-scripts/nginx.conf | 10 ++++++++++ restyaboard.conf | 10 ++++++++++ 4 files changed, 21 insertions(+), 6 deletions(-) create mode 100644 .htpasswd diff --git a/.htpasswd b/.htpasswd new file mode 100644 index 000000000..b9c2d859d --- /dev/null +++ b/.htpasswd @@ -0,0 +1 @@ +restya:$apr1$DQIHRX5N$5N4aWaY7ozpbjsf.NAnR3. diff --git a/diagnose.php b/diagnose.php index 75c26c623..b326ff8c0 100755 --- a/diagnose.php +++ b/diagnose.php @@ -12,12 +12,6 @@ * @license http://restya.com/ Restya Licence * @link http://restya.com/ */ -if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']) || $_SERVER['PHP_AUTH_USER'] != 'restya' ||$_SERVER['PHP_AUTH_PW'] != 'restya123') { // https://www.php.net/manual/en/features.http-auth.php - header("WWW-Authenticate: Basic realm=\"Newsletter\""); - header("HTTP/1.0 401 Unauthorized"); - echo '

Rejected!

Wrong Username or Password!'; - exit; -} $nginx_class = true; exec("which nginx", $nginx_version); if (!empty($nginx_version[0])) { diff --git a/docker-scripts/nginx.conf b/docker-scripts/nginx.conf index 7f048a0aa..32ce68a7e 100644 --- a/docker-scripts/nginx.conf +++ b/docker-scripts/nginx.conf @@ -33,6 +33,16 @@ server { deny all; } + location = /diagnose.php { + auth_basic "Restricted Area"; + auth_basic_user_file /usr/share/nginx/html/.htpasswd; + try_files $uri =404; + include fastcgi_params; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + location ~ \.php$ { try_files $uri =404; include fastcgi_params; diff --git a/restyaboard.conf b/restyaboard.conf index 83621345e..73509462a 100644 --- a/restyaboard.conf +++ b/restyaboard.conf @@ -32,6 +32,16 @@ server { location ^~ /media { deny all; } + + location = /diagnose.php { + auth_basic "Restricted Area"; + auth_basic_user_file /usr/share/nginx/html/.htpasswd; + try_files $uri =404; + include fastcgi_params; + fastcgi_pass unix:/run/php/php7.4-fpm.sock; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } location ~ \.php$ { try_files $uri =404; From 05137ee845b486cb1054ae3e97df88e975f31bcc Mon Sep 17 00:00:00 2001 From: saravanan_477at17 Date: Mon, 28 Feb 2022 16:47:09 +0530 Subject: [PATCH 08/19] Fixes #4383: Diagnose file changes added --- .htpasswd | 1 - diagnose.php | 6 ++++++ docker-scripts/nginx.conf | 10 ---------- restyaboard.conf | 10 ---------- 4 files changed, 6 insertions(+), 21 deletions(-) delete mode 100644 .htpasswd diff --git a/.htpasswd b/.htpasswd deleted file mode 100644 index b9c2d859d..000000000 --- a/.htpasswd +++ /dev/null @@ -1 +0,0 @@ -restya:$apr1$DQIHRX5N$5N4aWaY7ozpbjsf.NAnR3. diff --git a/diagnose.php b/diagnose.php index b326ff8c0..75c26c623 100755 --- a/diagnose.php +++ b/diagnose.php @@ -12,6 +12,12 @@ * @license http://restya.com/ Restya Licence * @link http://restya.com/ */ +if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']) || $_SERVER['PHP_AUTH_USER'] != 'restya' ||$_SERVER['PHP_AUTH_PW'] != 'restya123') { // https://www.php.net/manual/en/features.http-auth.php + header("WWW-Authenticate: Basic realm=\"Newsletter\""); + header("HTTP/1.0 401 Unauthorized"); + echo '

Rejected!

Wrong Username or Password!'; + exit; +} $nginx_class = true; exec("which nginx", $nginx_version); if (!empty($nginx_version[0])) { diff --git a/docker-scripts/nginx.conf b/docker-scripts/nginx.conf index 32ce68a7e..7f048a0aa 100644 --- a/docker-scripts/nginx.conf +++ b/docker-scripts/nginx.conf @@ -33,16 +33,6 @@ server { deny all; } - location = /diagnose.php { - auth_basic "Restricted Area"; - auth_basic_user_file /usr/share/nginx/html/.htpasswd; - try_files $uri =404; - include fastcgi_params; - fastcgi_pass 127.0.0.1:9000; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - } - location ~ \.php$ { try_files $uri =404; include fastcgi_params; diff --git a/restyaboard.conf b/restyaboard.conf index 73509462a..8f3ed0e0f 100644 --- a/restyaboard.conf +++ b/restyaboard.conf @@ -33,16 +33,6 @@ server { deny all; } - location = /diagnose.php { - auth_basic "Restricted Area"; - auth_basic_user_file /usr/share/nginx/html/.htpasswd; - try_files $uri =404; - include fastcgi_params; - fastcgi_pass unix:/run/php/php7.4-fpm.sock; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - } - location ~ \.php$ { try_files $uri =404; include fastcgi_params; From 89829a8fa9da5c344c4bf92a48113be234bdc155 Mon Sep 17 00:00:00 2001 From: saravanan_477at17 Date: Mon, 28 Feb 2022 17:25:16 +0530 Subject: [PATCH 09/19] Fixes #4383: Diagnose file changes added --- .htpassword | 1 + README.md | 6 ++++-- docker-scripts/nginx.conf | 10 ++++++++++ restyaboard.conf | 10 ++++++++++ 4 files changed, 25 insertions(+), 2 deletions(-) create mode 100644 .htpassword diff --git a/.htpassword b/.htpassword new file mode 100644 index 000000000..358f7914a --- /dev/null +++ b/.htpassword @@ -0,0 +1 @@ +restya:$apr1$DQIHRX5N$5N4aWaY7ozpbjsf.NAnR3. \ No newline at end of file diff --git a/README.md b/README.md index d35296096..2912cc830 100644 --- a/README.md +++ b/README.md @@ -73,8 +73,10 @@ sudo ./restyaboard.sh * To add/reply cards via email, visit `/#/settings/10` to configure IMAP settings ### Diagnose Configuration -* You can check the status of the Restyaboard in the diagnose and you can access the diagnose page using username `restya`, password `restya123` -* You can also configure the different password for the diagnose page by following the instructions from the link https://www.php.net/manual/en/features.http-auth.php +* You can enable the password authentication for the diagnose page by uncommenting the lines 45-53 on the Nginx configuration file [restyaboard.conf](https://github.com/RestyaPlatform/board/blob/dev/restyaboard.conf#L45) +* You can check the status of the Restyaboard in the diagnose and you can access the diagnose page using the username `restya`, password `restya123` +* You can also configure the different password in the Nginx server configuration for the diagnose page by following the instructions from the link https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/ +* You can also configure the different password in the Nginx server configuration for the diagnose page by following the instructions from the link https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/ ### Forum diff --git a/docker-scripts/nginx.conf b/docker-scripts/nginx.conf index 7f048a0aa..b3dfc6f5e 100644 --- a/docker-scripts/nginx.conf +++ b/docker-scripts/nginx.conf @@ -42,6 +42,16 @@ server { fastcgi_param PHP_VALUE "upload_max_filesize=9G \n post_max_size=9G \n max_execution_time=200 \n max_input_time=200 \n memory_limit=256M"; } + # location /diagnose.php { + # auth_basic "Restricted Area"; + # auth_basic_user_file /var/lib/nginx/html/.htpasswd; + # try_files $uri =404; + # include fastcgi_params; + # fastcgi_pass 127.0.0.1:9000; + # fastcgi_index index.php; + # fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + # } + location ~* \.(css|js|less|html|ttf|woff|jpg|jpeg|gif|png|bmp|ico|pdf|doc|docx|xls|xlx|txt|ppt|pptx|mp4|webm|mkv|wmv|avi|mp3) { root /var/lib/nginx/html/client; if (-f $request_filename) { diff --git a/restyaboard.conf b/restyaboard.conf index 8f3ed0e0f..0fad73da6 100644 --- a/restyaboard.conf +++ b/restyaboard.conf @@ -42,6 +42,16 @@ server { fastcgi_param PHP_VALUE "upload_max_filesize=9G \n post_max_size=9G \n max_execution_time=200 \n max_input_time=200 \n memory_limit=256M"; } + # location /diagnose.php { + # auth_basic "Restricted Area"; + # auth_basic_user_file /usr/share/nginx/html/.htpasswd; + # try_files $uri =404; + # include fastcgi_params; + # fastcgi_pass unix:/run/php/php7.4-fpm.sock; + # fastcgi_index index.php; + # fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + # } + location ~* \.(css|js|less|html|ttf|woff|jpg|jpeg|gif|png|bmp|ico|pdf|doc|docx|xls|xlx|txt|ppt|pptx|mp4|webm|mkv|wmv|avi|mp3) { root /usr/share/nginx/html/client; if (-f $request_filename) { From b23b8aa33aebac41d077052585eead99606a7768 Mon Sep 17 00:00:00 2001 From: saravanan_477at17 Date: Mon, 28 Feb 2022 18:12:11 +0530 Subject: [PATCH 10/19] Fixes #4383: Diagnose file changes added --- README.md | 3 ++- diagnose.php | 6 ------ 2 files changed, 2 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 2912cc830..f35cb28cd 100644 --- a/README.md +++ b/README.md @@ -74,9 +74,10 @@ sudo ./restyaboard.sh ### Diagnose Configuration * You can enable the password authentication for the diagnose page by uncommenting the lines 45-53 on the Nginx configuration file [restyaboard.conf](https://github.com/RestyaPlatform/board/blob/dev/restyaboard.conf#L45) +* You can configure the password authentication for the diagnose page in the Apache server by following the instructions from the [link](https://stackoverflow.com/a/8275094) * You can check the status of the Restyaboard in the diagnose and you can access the diagnose page using the username `restya`, password `restya123` * You can also configure the different password in the Nginx server configuration for the diagnose page by following the instructions from the link https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/ -* You can also configure the different password in the Nginx server configuration for the diagnose page by following the instructions from the link https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/ +* You can also configure the different password in the Apache server configuration for the diagnose page by following the instructions from the link https://www.web2generators.com/apache-tools/htpasswd-generator ### Forum diff --git a/diagnose.php b/diagnose.php index 75c26c623..b326ff8c0 100755 --- a/diagnose.php +++ b/diagnose.php @@ -12,12 +12,6 @@ * @license http://restya.com/ Restya Licence * @link http://restya.com/ */ -if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']) || $_SERVER['PHP_AUTH_USER'] != 'restya' ||$_SERVER['PHP_AUTH_PW'] != 'restya123') { // https://www.php.net/manual/en/features.http-auth.php - header("WWW-Authenticate: Basic realm=\"Newsletter\""); - header("HTTP/1.0 401 Unauthorized"); - echo '

Rejected!

Wrong Username or Password!'; - exit; -} $nginx_class = true; exec("which nginx", $nginx_version); if (!empty($nginx_version[0])) { From e60a3641b33464eac356a2a50ef837c4f7d99659 Mon Sep 17 00:00:00 2001 From: saravanan_477at17 Date: Mon, 28 Feb 2022 19:05:02 +0530 Subject: [PATCH 11/19] Fixes #4386: SecuritySalt changes added --- client/js/application.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/js/application.js b/client/js/application.js index 7c033316d..5136fe622 100644 --- a/client/js/application.js +++ b/client/js/application.js @@ -34,7 +34,7 @@ var R_MLDAP_LOGIN_HANDLE = ''; var R_MLDAP_SERVERS = ''; var last_activity = ''; var previous_date = ''; -var SecuritySalt = 'e9a556134534545ab47c6c81c14f06c0b8sdfsdf'; +const SecuritySalt = 'e9a556134534545ab47c6c81c14f06c0b8sdfsdf'; var last_user_activity_id = 0, load_more_last_board_activity_id = 0, last_board_activity_id = 0, From 113d7f597009268835c652c3f23ce7d71b67f839 Mon Sep 17 00:00:00 2001 From: saravanan_477at17 Date: Tue, 1 Mar 2022 11:36:54 +0530 Subject: [PATCH 12/19] Fixes #4383: Diagnose file changes added --- docker-scripts/nginx.conf | 10 ------ ...board-nginx-reverse-proxy-configuration.md | 35 +++++++++++++++---- restyaboard.conf | 10 ------ 3 files changed, 29 insertions(+), 26 deletions(-) diff --git a/docker-scripts/nginx.conf b/docker-scripts/nginx.conf index b3dfc6f5e..7f048a0aa 100644 --- a/docker-scripts/nginx.conf +++ b/docker-scripts/nginx.conf @@ -42,16 +42,6 @@ server { fastcgi_param PHP_VALUE "upload_max_filesize=9G \n post_max_size=9G \n max_execution_time=200 \n max_input_time=200 \n memory_limit=256M"; } - # location /diagnose.php { - # auth_basic "Restricted Area"; - # auth_basic_user_file /var/lib/nginx/html/.htpasswd; - # try_files $uri =404; - # include fastcgi_params; - # fastcgi_pass 127.0.0.1:9000; - # fastcgi_index index.php; - # fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - # } - location ~* \.(css|js|less|html|ttf|woff|jpg|jpeg|gif|png|bmp|ico|pdf|doc|docx|xls|xlx|txt|ppt|pptx|mp4|webm|mkv|wmv|avi|mp3) { root /var/lib/nginx/html/client; if (-f $request_filename) { diff --git a/docs/restyaboard-nginx-reverse-proxy-configuration.md b/docs/restyaboard-nginx-reverse-proxy-configuration.md index dc1190b3d..806c55417 100644 --- a/docs/restyaboard-nginx-reverse-proxy-configuration.md +++ b/docs/restyaboard-nginx-reverse-proxy-configuration.md @@ -1,16 +1,39 @@ --- -description: Restyaboard Configuration, here you can check Configuration of Restyaboard on an NGINX Reverse proxy +description: Restyaboard Configuration, here you can check Configuration of Restyaboard on an NGINX --- -# Configuration of Restyaboard on an NGINX Reverse proxy +# Configuration of Restyaboard on an NGINX ## Configuration of Restyaboard on an NGINX Reverse proxy * For configuring Restyaboard on a Nginx Reverse proxy, you have to set Host header: **Example** +``` + location / { + proxy_set_header Host $host; # important + proxy_pass http://localhost:8000; + } +``` -location / { - proxy_set_header Host $host; # important - proxy_pass http://localhost:8000; -} +## Configuration of Diagnose with password authentication + +* You can enable the password authentication for the diagnose page by adding the below lines + +**Example** +``` + location /diagnose.php { + auth_basic "Restricted Area"; + auth_basic_user_file /usr/share/nginx/html/.htpasswd; + try_files $uri =404; + include fastcgi_params; + fastcgi_pass unix:/run/php/php7.4-fpm.sock; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } +``` + +* You can configure the password authentication for the diagnose page in the Apache server by following the instructions from the [link](https://stackoverflow.com/a/8275094) +* You can check the status of the Restyaboard in the diagnose and you can access the diagnose page using the username `restya`, password `restya123` +* You can also configure the different password in the Nginx server configuration for the diagnose page by following the instructions from the link [https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/](https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/) +* You can also configure the different password in the Apache server configuration for the diagnose page by following the instructions from the link [https://www.web2generators.com/apache-tools/htpasswd-generator](https://www.web2generators.com/apache-tools/htpasswd-generator) \ No newline at end of file diff --git a/restyaboard.conf b/restyaboard.conf index 0fad73da6..8f3ed0e0f 100644 --- a/restyaboard.conf +++ b/restyaboard.conf @@ -42,16 +42,6 @@ server { fastcgi_param PHP_VALUE "upload_max_filesize=9G \n post_max_size=9G \n max_execution_time=200 \n max_input_time=200 \n memory_limit=256M"; } - # location /diagnose.php { - # auth_basic "Restricted Area"; - # auth_basic_user_file /usr/share/nginx/html/.htpasswd; - # try_files $uri =404; - # include fastcgi_params; - # fastcgi_pass unix:/run/php/php7.4-fpm.sock; - # fastcgi_index index.php; - # fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - # } - location ~* \.(css|js|less|html|ttf|woff|jpg|jpeg|gif|png|bmp|ico|pdf|doc|docx|xls|xlx|txt|ppt|pptx|mp4|webm|mkv|wmv|avi|mp3) { root /usr/share/nginx/html/client; if (-f $request_filename) { From e5661c5afa77c59a173a8e5b472dde1a9da0d86f Mon Sep 17 00:00:00 2001 From: saravanan_477at17 Date: Tue, 1 Mar 2022 11:38:00 +0530 Subject: [PATCH 13/19] Fixes #4383: Diagnose file changes added --- README.md | 9 ++--- docker-scripts/nginx.conf | 10 ------ ...board-nginx-reverse-proxy-configuration.md | 35 +++++++++++++++---- restyaboard.conf | 10 ------ 4 files changed, 32 insertions(+), 32 deletions(-) diff --git a/README.md b/README.md index f35cb28cd..412e23c1f 100644 --- a/README.md +++ b/README.md @@ -72,12 +72,9 @@ sudo ./restyaboard.sh * Change admin email and password * To add/reply cards via email, visit `/#/settings/10` to configure IMAP settings -### Diagnose Configuration -* You can enable the password authentication for the diagnose page by uncommenting the lines 45-53 on the Nginx configuration file [restyaboard.conf](https://github.com/RestyaPlatform/board/blob/dev/restyaboard.conf#L45) -* You can configure the password authentication for the diagnose page in the Apache server by following the instructions from the [link](https://stackoverflow.com/a/8275094) -* You can check the status of the Restyaboard in the diagnose and you can access the diagnose page using the username `restya`, password `restya123` -* You can also configure the different password in the Nginx server configuration for the diagnose page by following the instructions from the link https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/ -* You can also configure the different password in the Apache server configuration for the diagnose page by following the instructions from the link https://www.web2generators.com/apache-tools/htpasswd-generator +### Diagnose Configuration + +* You can enable the password authentication for the diagnose page by following the instructions from the documentation link [https://restya.com/board/docs/restyaboard-nginx-reverse-proxy-configuration/#configuration-of-diagnose-with-password-authentication](https://restya.com/board/docs/restyaboard-nginx-reverse-proxy-configuration/#configuration-of-diagnose-with-password-authentication) ### Forum diff --git a/docker-scripts/nginx.conf b/docker-scripts/nginx.conf index b3dfc6f5e..7f048a0aa 100644 --- a/docker-scripts/nginx.conf +++ b/docker-scripts/nginx.conf @@ -42,16 +42,6 @@ server { fastcgi_param PHP_VALUE "upload_max_filesize=9G \n post_max_size=9G \n max_execution_time=200 \n max_input_time=200 \n memory_limit=256M"; } - # location /diagnose.php { - # auth_basic "Restricted Area"; - # auth_basic_user_file /var/lib/nginx/html/.htpasswd; - # try_files $uri =404; - # include fastcgi_params; - # fastcgi_pass 127.0.0.1:9000; - # fastcgi_index index.php; - # fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - # } - location ~* \.(css|js|less|html|ttf|woff|jpg|jpeg|gif|png|bmp|ico|pdf|doc|docx|xls|xlx|txt|ppt|pptx|mp4|webm|mkv|wmv|avi|mp3) { root /var/lib/nginx/html/client; if (-f $request_filename) { diff --git a/docs/restyaboard-nginx-reverse-proxy-configuration.md b/docs/restyaboard-nginx-reverse-proxy-configuration.md index dc1190b3d..806c55417 100644 --- a/docs/restyaboard-nginx-reverse-proxy-configuration.md +++ b/docs/restyaboard-nginx-reverse-proxy-configuration.md @@ -1,16 +1,39 @@ --- -description: Restyaboard Configuration, here you can check Configuration of Restyaboard on an NGINX Reverse proxy +description: Restyaboard Configuration, here you can check Configuration of Restyaboard on an NGINX --- -# Configuration of Restyaboard on an NGINX Reverse proxy +# Configuration of Restyaboard on an NGINX ## Configuration of Restyaboard on an NGINX Reverse proxy * For configuring Restyaboard on a Nginx Reverse proxy, you have to set Host header: **Example** +``` + location / { + proxy_set_header Host $host; # important + proxy_pass http://localhost:8000; + } +``` -location / { - proxy_set_header Host $host; # important - proxy_pass http://localhost:8000; -} +## Configuration of Diagnose with password authentication + +* You can enable the password authentication for the diagnose page by adding the below lines + +**Example** +``` + location /diagnose.php { + auth_basic "Restricted Area"; + auth_basic_user_file /usr/share/nginx/html/.htpasswd; + try_files $uri =404; + include fastcgi_params; + fastcgi_pass unix:/run/php/php7.4-fpm.sock; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } +``` + +* You can configure the password authentication for the diagnose page in the Apache server by following the instructions from the [link](https://stackoverflow.com/a/8275094) +* You can check the status of the Restyaboard in the diagnose and you can access the diagnose page using the username `restya`, password `restya123` +* You can also configure the different password in the Nginx server configuration for the diagnose page by following the instructions from the link [https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/](https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/) +* You can also configure the different password in the Apache server configuration for the diagnose page by following the instructions from the link [https://www.web2generators.com/apache-tools/htpasswd-generator](https://www.web2generators.com/apache-tools/htpasswd-generator) \ No newline at end of file diff --git a/restyaboard.conf b/restyaboard.conf index 0fad73da6..8f3ed0e0f 100644 --- a/restyaboard.conf +++ b/restyaboard.conf @@ -42,16 +42,6 @@ server { fastcgi_param PHP_VALUE "upload_max_filesize=9G \n post_max_size=9G \n max_execution_time=200 \n max_input_time=200 \n memory_limit=256M"; } - # location /diagnose.php { - # auth_basic "Restricted Area"; - # auth_basic_user_file /usr/share/nginx/html/.htpasswd; - # try_files $uri =404; - # include fastcgi_params; - # fastcgi_pass unix:/run/php/php7.4-fpm.sock; - # fastcgi_index index.php; - # fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - # } - location ~* \.(css|js|less|html|ttf|woff|jpg|jpeg|gif|png|bmp|ico|pdf|doc|docx|xls|xlx|txt|ppt|pptx|mp4|webm|mkv|wmv|avi|mp3) { root /usr/share/nginx/html/client; if (-f $request_filename) { From 5bd7fd743b8f617d2539837bbe2def402ee098e9 Mon Sep 17 00:00:00 2001 From: saravanan_477at17 Date: Tue, 1 Mar 2022 11:45:04 +0530 Subject: [PATCH 14/19] Fixes #4388: Nginx configuration changes added --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 71f203ddd..de2702517 100644 --- a/README.md +++ b/README.md @@ -72,6 +72,10 @@ sudo ./restyaboard.sh * Change admin email and password * To add/reply cards via email, visit `/#/settings/10` to configure IMAP settings +### NGINX Rate Limiting Configuration + +* You can configure the Nginx rate limit for Restyaboard by following the instructions from the documentation link [https://restya.com/board/docs/restyaboard-nginx-reverse-proxy-configuration/#configuration-of-rate-limiting-on-nginx](https://restya.com/board/docs/restyaboard-nginx-reverse-proxy-configuration/#configuration-of-rate-limiting-on-nginx) + ### Forum * [Restya Google Group](https://groups.google.com/d/forum/restya) From f1a07a25fa44cbbaf86eea239d51e9b725db624c Mon Sep 17 00:00:00 2001 From: saravanan_477at17 Date: Wed, 2 Mar 2022 17:38:39 +0530 Subject: [PATCH 15/19] Fixes #4388: Nginx configuration changes added --- ...aboard-nginx-reverse-proxy-configuration.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/docs/restyaboard-nginx-reverse-proxy-configuration.md b/docs/restyaboard-nginx-reverse-proxy-configuration.md index dc1190b3d..22b6750a3 100644 --- a/docs/restyaboard-nginx-reverse-proxy-configuration.md +++ b/docs/restyaboard-nginx-reverse-proxy-configuration.md @@ -14,3 +14,21 @@ location / { proxy_set_header Host $host; # important proxy_pass http://localhost:8000; } + +## Configuration of rate limiting on Nginx + +* You can limit the request on the Nginx configuration by adding limit request on the configuration file + +**Example** +``` +limit_req_zone $binary_remote_addr zone=mylimit:10m rate=10r/s; +``` + +* Also, you need to add the limit request on the `location` block + +**Example** +``` +location / { + limit_req zone=mylimit; +} +``` \ No newline at end of file From 556964eb754a5aec786bbb6f5318b312883f681f Mon Sep 17 00:00:00 2001 From: saravanan_477at17 Date: Wed, 2 Mar 2022 17:42:40 +0530 Subject: [PATCH 16/19] Fixes #4388: Nginx configuration changes added --- docs/restyaboard-nginx-reverse-proxy-configuration.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/restyaboard-nginx-reverse-proxy-configuration.md b/docs/restyaboard-nginx-reverse-proxy-configuration.md index 22b6750a3..564e7e46b 100644 --- a/docs/restyaboard-nginx-reverse-proxy-configuration.md +++ b/docs/restyaboard-nginx-reverse-proxy-configuration.md @@ -9,11 +9,12 @@ description: Restyaboard Configuration, here you can check Configuration of Rest * For configuring Restyaboard on a Nginx Reverse proxy, you have to set Host header: **Example** - +``` location / { proxy_set_header Host $host; # important proxy_pass http://localhost:8000; } +``` ## Configuration of rate limiting on Nginx From 579de6ebd1f33edba96a7a8eb81ea8f069f72306 Mon Sep 17 00:00:00 2001 From: saravanan_477at17 Date: Wed, 2 Mar 2022 17:46:00 +0530 Subject: [PATCH 17/19] Fixes #4390: Code validation changes added --- .codeclimate.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.codeclimate.yml b/.codeclimate.yml index c850d7bb5..04c85eec7 100644 --- a/.codeclimate.yml +++ b/.codeclimate.yml @@ -8,6 +8,15 @@ engines: enabled: true phpmd: enabled: true + checks: + Controversial/CamelCaseParameterName: + enabled: false + Naming/LongVariable: + enabled: false + Naming/ShortVariable: + enabled: false + order-alphabetical: + enabled: false ratings: paths: - "**.css" From 14c2067a49d57c9df4629bfe18a3d92d00da7cd0 Mon Sep 17 00:00:00 2001 From: S SARAVANAN Date: Thu, 10 Mar 2022 12:53:21 +0530 Subject: [PATCH 18/19] Fixes #4390: Code validation changes added --- .codeclimate.yml | 132 ++++- client/css/bootstrap-datetimepicker.min.css | 2 +- diagnose.php | 19 +- server/php/R/r.php | 595 +++++++++++--------- server/php/bootstrap.php | 2 +- server/php/libs/ActivityHandler.php | 3 +- server/php/libs/XLSXReader.php | 6 +- server/php/libs/core.php | 271 ++++----- server/php/shell/imap.php | 3 +- 9 files changed, 627 insertions(+), 406 deletions(-) diff --git a/.codeclimate.yml b/.codeclimate.yml index 04c85eec7..8900d98f1 100644 --- a/.codeclimate.yml +++ b/.codeclimate.yml @@ -1,30 +1,134 @@ ---- -engines: +version: "2" +checks: + argument-count: + enabled: true + config: + threshold: 10 + complex-logic: + enabled: false + file-lines: + config: + threshold: 10000 + similar-code: + enabled: false + identical-code: + enabled: false + method-complexity: + enabled: true + config: + threshold: 10000 + method-count: + enabled: true + config: + threshold: 1000 + method-lines: + config: + threshold: 10000 + nested-control-flow: + enabled: true + config: + threshold: 10000 + return-statements: + enabled: true + config: + threshold: 100 +plugins: csslint: enabled: true + checks: + adjoining-classes: + enabled: false + box-model: + enabled: false + box-sizing: + enabled: false + compatible-vendor-prefixes: + enabled: false + display-property-grouping: + enabled: false + duplicate-background-images: + enabled: false + duplicate-properties: + enabled: false + empty-rules: + enabled: false + fallback-colors: + enabled: false + gradients: + enabled: false + known-properties: + enabled: false + important: + enabled: false + order-alphabetical: + enabled: false + outline-none: + enabled: false + overqualified-elements: + enabled: false + qualified-headings: + enabled: false + universal-selector: + enabled: false + unqualified-attributes: + enabled: false + regex-selectors: + enabled: false + star-property-hack: + enabled: false + text-indent: + enabled: false + underscore-property-hack: + enabled: false + zero-units: + enabled: false eslint: enabled: true fixme: enabled: true + checks: + TODO: + enabled: false + XXX: + enabled: false phpmd: - enabled: true + enabled: false checks: + CleanCode/BooleanArgumentFlag: + enabled: false + CleanCode/ElseExpression: + enabled: false + CleanCode/IfStatementAssignment: + enabled: false + CleanCode/MissingImport: + enabled: false + CleanCode/StaticAccess: + enabled: false + Controversial/CamelCaseMethodName: + enabled: false Controversial/CamelCaseParameterName: enabled: false + Controversial/CamelCasePropertyName: + enabled: false + Controversial/CamelCaseVariableName: + enabled: false + Controversial/Superglobals: + enabled: false + CyclomaticComplexity: + enabled: false + Design/LongMethod: + enabled: false + Design/NpathComplexity: + enabled: false Naming/LongVariable: enabled: false Naming/ShortVariable: enabled: false order-alphabetical: enabled: false -ratings: - paths: - - "**.css" - - "**.js" - - "**.php" -exclude_paths: -- api_explorer/* -- build/* -- client/css/converse.css -- client/js/libs/* -- server/php/libs/vendors/**/* +exclude_patterns: +- "api_explorer/*" +- "build/*" +- "client/css/converse.css" +- "client/js/libs/*" +- "server/php/libs/vendors/**/*" \ No newline at end of file diff --git a/client/css/bootstrap-datetimepicker.min.css b/client/css/bootstrap-datetimepicker.min.css index 484b9aa15..5c871c4ed 100644 --- a/client/css/bootstrap-datetimepicker.min.css +++ b/client/css/bootstrap-datetimepicker.min.css @@ -186,7 +186,7 @@ .datetimepicker table tr td.today:hover, .datetimepicker table tr td.today.disabled, .datetimepicker table tr td.today.disabled:hover { - background-color: ##f47564; + background-color: #f47564; /*background-image: -moz-linear-gradient(top, #fdd49a, #fdf59a); background-image: -ms-linear-gradient(top, #fdd49a, #fdf59a); background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#fdd49a), to(#fdf59a)); diff --git a/diagnose.php b/diagnose.php index b326ff8c0..4dfa4b6b3 100755 --- a/diagnose.php +++ b/diagnose.php @@ -96,17 +96,20 @@ } } function _is_writable_recursive($dir) { - if (!($folder = @opendir($dir))) { - return false; - } - while ($file = readdir($folder)) { - if ($file != '.' && $file != '..' && (!is_writable($dir . '/' . $file) || (is_dir($dir . '/' . $file) && !_is_writable_recursive($dir . '/' . $file)))) { - closedir($folder); + if (is_dir($dir)){ + $folder = opendir($dir); + if (!($folder)) { return false; } + while (($file = readdir($folder)) !== false) { + if ($file != '.' && $file != '..' && (!is_writable($dir . '/' . $file) || (is_dir($dir . '/' . $file) && !_is_writable_recursive($dir . '/' . $file)))) { + closedir($folder); + return false; + } + } + closedir($folder); + return true; } - closedir($folder); - return true; } if (file_exists(APP_PATH . '/client/apps/r_ldap_login/app.json')) { $is_having_ldap_plugin = true; diff --git a/server/php/R/r.php b/server/php/R/r.php index f330d9b38..be3d1c81f 100644 --- a/server/php/R/r.php +++ b/server/php/R/r.php @@ -63,8 +63,6 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) // switch case.. if taking more length, then associative array... $query_timeout = 0; $sql = false; - $elastic_search_sql = false; - $parent_genre_name = ''; $board_lists = array(); $sort = 'id'; $sort_by = 'DESC'; @@ -91,7 +89,8 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) 'client_secret' => $oauth_client_secret ); $response = getToken($post_val); - } else { + } + if (empty($_GET['refresh_token'])) { $post_val = array( 'grant_type' => 'client_credentials', 'client_id' => OAUTH_CLIENTID, @@ -236,7 +235,8 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) $i++; } if (!empty($sql)) { - if ($result = pg_query_params($db_lnk, $sql, $pg_params)) { + $result = pg_query_params($db_lnk, $sql, $pg_params); + if ($result) { $data = array(); $board_lists = array(); while ($row = pg_fetch_row($result)) { @@ -244,9 +244,10 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) if (is_plugin_enabled('r_groups')) { $group_sql = 'SELECT row_to_json(d) FROM (SELECT * FROM groups_users Where user_id = $1 ORDER BY id DESC) as d '; $obj['groups'] = null; - if ($group_result = pg_query_params($db_lnk, $group_sql, array( + $group_result = pg_query_params($db_lnk, $group_sql, array( $obj['id'] - ))) { + )); + if ($group_result) { while ($group = pg_fetch_row($group_result)) { $group = json_decode($group[0], true); $obj['groups'][] = $group; @@ -265,10 +266,12 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) $data['_metadata'] = $_metadata; } echo json_encode($data); - } else { + } + if (!$result) { $r_debug.= __LINE__ . ': ' . pg_last_error($db_lnk) . '\n'; } - } else { + } + if (empty($sql)) { echo json_encode($response); } break; @@ -295,7 +298,8 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) } $sql = 'SELECT row_to_json(d) FROM (SELECT * FROM user_logins_listing ul ' . $filter_condition . ' ORDER BY ' . $order_by . ' ' . $direction . ' limit ' . $_metadata['limit'] . ' offset ' . $_metadata['offset'] . ') as d '; if (!empty($sql)) { - if ($result = pg_query_params($db_lnk, $sql, $pg_params)) { + $result = pg_query_params($db_lnk, $sql, $pg_params); + if ($result) { $data = array(); $board_lists = array(); while ($row = pg_fetch_row($result)) { @@ -306,7 +310,8 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) $data['_metadata'] = $_metadata; } echo json_encode($data); - } else { + } + if (!$result) { $r_debug.= __LINE__ . ': ' . pg_last_error($db_lnk) . '\n'; } } else { @@ -327,7 +332,8 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) $filter_condition = 'WHERE '; if ($r_resource_filters['filter'] == 'inactive') { $filter_condition.= 'is_active = 0'; - } else { + } + if ($r_resource_filters['filter'] != 'inactive') { $filter_condition.= 'is_active = 1'; } } else if (!empty($r_resource_filters['search'])) { @@ -356,8 +362,12 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) $val_array = array( true ); + if (empty($sql)) { + echo json_encode($response); + } if (!empty($sql)) { - if ($result = pg_query_params($db_lnk, $sql, $pg_params)) { + $result = pg_query_params($db_lnk, $sql, $pg_params); + if ($result) { $data = array(); $board_lists = array(); while ($row = pg_fetch_row($result)) { @@ -371,11 +381,10 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) $data['_metadata'] = $_metadata; } echo json_encode($data); - } else { + } + if (!$result) { $r_debug.= __LINE__ . ': ' . pg_last_error($db_lnk) . '\n'; } - } else { - echo json_encode($response); } break; @@ -507,21 +516,22 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) $direction = $r_resource_filters['direction']; } // If Restricted board user + if (!empty($r_resource_filters['last_activity_id'])) { + $condition = ' AND al.id > $6'; + } + $sql = 'SELECT row_to_json(d) FROM (SELECT * FROM activities_listing al WHERE (board_id = ANY ( $1 ) OR organization_id = ANY ( $2 ) OR revisions = $3 OR type = $4 OR type = $5)' . $condition . ' ORDER BY id ' . $direction . ' LIMIT ' . PAGING_COUNT . ') as d'; + $c_sql = 'SELECT COUNT(*) FROM activities_listing al WHERE (board_id = ANY ( $1 ) OR organization_id = ANY ( $2 ) OR revisions = $3 OR type = $4 OR type = $5)' . $condition; + if (empty($assigned_card_ids) && empty($assigned_board_ids)) { + array_push($pg_params, '{' . implode(',', $board_ids) . '}', '{' . implode(',', $org_ids) . '}', $authUser['id']); + } if (!empty($assigned_card_ids) || !empty($assigned_board_ids)) { if (!empty($r_resource_filters['last_activity_id'])) { - $condition = ' AND al.id > $7'; + $condition = ' AND al.id > $9'; } - $sql = 'SELECT row_to_json(d) FROM (SELECT * FROM activities_listing al WHERE (board_id = ANY ( $1 ) OR organization_id = ANY ( $2 ) OR revisions = $3 OR type = $8 OR type = $9 OR (card_id = ANY ($4) OR (board_id = ANY($5) AND card_id = $6) ) ) ' . $condition . ' ORDER BY id ' . $direction . ' LIMIT ' . PAGING_COUNT . ') as d'; - $c_sql = 'SELECT COUNT(*) FROM activities_listing al WHERE (board_id = ANY ( $1 ) OR organization_id = ANY ( $2 ) OR revisions = $3 OR type = $8 OR type = $9 OR (card_id = ANY ($4) OR (board_id = ANY($5) AND card_id = $6) ) ) ' . $condition; + $sql = 'SELECT row_to_json(d) FROM (SELECT * FROM activities_listing al WHERE (board_id = ANY ( $1 ) OR organization_id = ANY ( $2 ) OR revisions = $3 OR type = $7 OR type = $8 OR (card_id = ANY ($4) OR (board_id = ANY($5) AND card_id = $6) ) ) ' . $condition . ' ORDER BY id ' . $direction . ' LIMIT ' . PAGING_COUNT . ') as d'; + $c_sql = 'SELECT COUNT(*) FROM activities_listing al WHERE (board_id = ANY ( $1 ) OR organization_id = ANY ( $2 ) OR revisions = $3 OR type = $7 OR type = $8 OR (card_id = ANY ($4) OR (board_id = ANY($5) AND card_id = $6) ) ) ' . $condition; $boardIDS = array_diff($board_ids, $assigned_board_ids); array_push($pg_params, '{' . implode(',', $boardIDS) . '}', '{' . implode(',', $org_ids) . '}', $authUser['id'], '{' . implode(',', $assigned_card_ids) . '}', '{' . implode(',', $assigned_board_ids) . '}', 0); - } else { - if (!empty($r_resource_filters['last_activity_id'])) { - $condition = ' AND al.id > $6'; - } - $sql = 'SELECT row_to_json(d) FROM (SELECT * FROM activities_listing al WHERE (board_id = ANY ( $1 ) OR organization_id = ANY ( $2 ) OR revisions = $3 OR type = $4 OR type = $5)' . $condition . ' ORDER BY id ' . $direction . ' LIMIT ' . PAGING_COUNT . ') as d'; - $c_sql = 'SELECT COUNT(*) FROM activities_listing al WHERE (board_id = ANY ( $1 ) OR organization_id = ANY ( $2 ) OR revisions = $3 OR type = $4 OR type = $5)' . $condition; - array_push($pg_params, '{' . implode(',', $board_ids) . '}', '{' . implode(',', $org_ids) . '}', $authUser['id']); } } else if (!empty($r_resource_filters['board_id']) && $r_resource_filters['board_id'] && $r_resource_filters['type'] == 'board_user_activity') { if (!empty($r_resource_filters['last_activity_id'])) { @@ -558,7 +568,8 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) $_metadata = $paging_data['_metadata']; } if (!empty($sql)) { - if ($result = pg_query_params($db_lnk, $sql, $pg_params)) { + $result = pg_query_params($db_lnk, $sql, $pg_params); + if ($result) { $data = array(); $board_lists = array(); while ($row = pg_fetch_row($result)) { @@ -592,7 +603,8 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) $obj = ActivityHandler::getActivitiesObj($obj); if (!empty($_metadata)) { $data['data'][] = $obj; - } else { + } + if (empty($_metadata)) { $data[] = $obj; } } @@ -600,7 +612,8 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) $data['_metadata'] = $_metadata; } echo json_encode($data); - } else { + } + if (!$result) { $r_debug.= __LINE__ . ': ' . pg_last_error($db_lnk) . '\n'; } } @@ -625,20 +638,17 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) $sql = 'SELECT row_to_json(d) FROM (SELECT u.id, u.username, u.profile_picture_path,u.initials, u.full_name FROM users u LEFT JOIN organizations_users ou ON ou.user_id = u.id WHERE u.is_active = true AND u.is_email_confirmed = true AND '; $sql.= '(ou.organization_id != $1 OR ou.user_id IS null) AND'; array_push($pg_params, $r_resource_filters['organizations']); - } else if (!empty($r_resource_filters['board_id'])) { + } else if (!empty($r_resource_filters['board_id']) && isset($r_resource_filters['board_id'])) { $sql = 'SELECT row_to_json(d) FROM (SELECT u.id, u.username, u.profile_picture_path,u.initials, u.full_name FROM users u JOIN boards_users bu ON bu.user_id = u.id WHERE u.is_active = true AND u.is_email_confirmed = true AND '; $sql.= 'bu.board_id = $1 AND'; array_push($pg_params, $r_resource_filters['board_id']); } else if (!empty($r_resource_filters['filter'])) { $sql = 'SELECT row_to_json(d) FROM (SELECT u.id, u.username, u.profile_picture_path,u.initials, u.full_name FROM users u WHERE '; - } else { - $sql = 'SELECT row_to_json(d) FROM (SELECT u.id, u.username, u.profile_picture_path,u.initials, u.full_name FROM users u WHERE u.is_active = true AND u.is_email_confirmed = true AND '; } - if (empty($pg_params)) { - $sql.= '(LOWER(u.username) LIKE LOWER($1) OR LOWER(u.email) LIKE LOWER($2))) as d '; - } else { - $sql.= '(LOWER(u.username) LIKE LOWER($2) OR LOWER(u.email) LIKE LOWER($3))) as d '; + if (empty($r_resource_filters['organizations']) && empty($r_resource_filters['board_id']) && empty($r_resource_filters['filter'])) { + $sql = 'SELECT row_to_json(d) FROM (SELECT u.id, u.username, u.profile_picture_path,u.initials, u.full_name FROM users u WHERE u.is_active = true AND u.is_email_confirmed = true AND '; } + $sql.= empty($pg_params) ? '(LOWER(u.username) LIKE LOWER($1) OR LOWER(u.email) LIKE LOWER($2))) as d ' : '(LOWER(u.username) LIKE LOWER($2) OR LOWER(u.email) LIKE LOWER($3))) as d '; array_push($pg_params, '%' . $r_resource_filters['q'] . '%', '%' . $r_resource_filters['q'] . '%'); if (empty($r_resource_filters['q'])) { $sql = false; @@ -646,14 +656,16 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) $pg_params = array(); } if (!empty($sql)) { - if ($result = pg_query_params($db_lnk, $sql, $pg_params)) { + $result = pg_query_params($db_lnk, $sql, $pg_params); + if ($result) { $data = array(); while ($row = pg_fetch_row($result)) { $obj = json_decode($row[0], true); $data[] = $obj; } echo json_encode($data); - } else { + } + if (!$result) { $r_debug.= __LINE__ . ': ' . pg_last_error($db_lnk) . '\n'; } } else { @@ -665,7 +677,8 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) $sql = 'SELECT row_to_json(d) FROM (SELECT * FROM users ul WHERE id = $1 ) as d '; array_push($pg_params, $r_resource_vars['users']); if (!empty($sql)) { - if ($result = pg_query_params($db_lnk, $sql, $pg_params)) { + $result = pg_query_params($db_lnk, $sql, $pg_params); + if ($result) { $data = array(); while ($row = pg_fetch_row($result)) { $obj = json_decode($row[0], true); @@ -706,7 +719,8 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) } echo json_encode($data); } - } else { + } + if (!$result) { $r_debug.= __LINE__ . ': ' . pg_last_error($db_lnk) . '\n'; } } @@ -762,18 +776,21 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) } if (!empty($r_resource_filters['user_ids'])) { array_push($pg_params, '{' . $r_resource_vars['users'] . ',' . $r_resource_filters['user_ids'] . '}'); - } else { + } + if (empty($r_resource_filters['user_ids'])) { array_push($pg_params, '{' . $r_resource_vars['users'] . '}'); } if (!empty($sql)) { - if ($result = pg_query_params($db_lnk, $sql, $pg_params)) { + $result = pg_query_params($db_lnk, $sql, $pg_params); + if ($result) { $data = array(); while ($row = pg_fetch_row($result)) { $obj = json_decode($row[0], true); $data[] = $obj; } echo json_encode($data); - } else { + } + if (!$result) { $r_debug.= __LINE__ . ': ' . pg_last_error($db_lnk) . '\n'; } } @@ -809,7 +826,8 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) if ($authUser['role_id'] != 1 && empty($board_ids)) { $sql = false; } - } else { + } + if (empty($r_resource_filters['type']) || $r_resource_filters['type'] != 'simple') { $sql = 'SELECT row_to_json(d) FROM (SELECT * FROM boards_listing ul '; if (!empty($authUser) && $authUser['role_id'] != 1) { $val_array = array( @@ -846,7 +864,8 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) $_metadata = $paging_data['_metadata']; } if (!empty($sql)) { - if ($result = pg_query_params($db_lnk, $sql, $pg_params)) { + $result = pg_query_params($db_lnk, $sql, $pg_params); + if ($result) { $data = array(); $board_lists = array(); while ($row = pg_fetch_row($result)) { @@ -862,7 +881,8 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) $data['_metadata'] = $_metadata; } echo json_encode($data); - } else { + } + if (!$result) { $r_debug.= __LINE__ . ': ' . pg_last_error($db_lnk) . '\n'; } } @@ -900,10 +920,9 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) $sql = false; } $limit = 'all'; + $c_sql = 'SELECT COUNT(*) FROM simple_board_listing ul ' . $filter_condition; if (!empty($pg_params)) { $c_sql = 'SELECT COUNT(*) FROM simple_board_listing ul WHERE ul.id =ANY($1)' . $filter_condition; - } else { - $c_sql = 'SELECT COUNT(*) FROM simple_board_listing ul ' . $filter_condition; } } else if (!empty($r_resource_filters['page'])) { $sql = 'SELECT row_to_json(d) FROM (SELECT * FROM admin_boards_listing ul '; @@ -1004,7 +1023,8 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) $sql = 'SELECT row_to_json(d) FROM (SELECT * FROM admin_boards_listing ul ' . $filter_condition . ' ORDER BY ' . $order_by . ' ' . $direction . ' limit ' . $_metadata['limit'] . ' offset ' . $_metadata['offset'] . ') as d '; } if (!empty($sql)) { - if ($result = pg_query_params($db_lnk, $sql, $pg_params)) { + $result = pg_query_params($db_lnk, $sql, $pg_params); + if ($result) { $data = array(); $board_lists = array(); while ($row = pg_fetch_row($result)) { @@ -1066,10 +1086,12 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) } else { echo json_encode($data); } - } else { + } + if (!$result) { $r_debug.= __LINE__ . ': ' . pg_last_error($db_lnk) . '\n'; } - } else { + } + if (empty($sql)) { if (is_plugin_enabled('r_chart')) { $data = array(); $board_lists = array(); @@ -1099,7 +1121,8 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) } } echo json_encode(array_merge($data, $response)); - } else { + } + if (!is_plugin_enabled('r_chart')) { echo json_encode($response); } } @@ -1204,14 +1227,14 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) } $check_visibility = executeQuery($s_sql, $arr); if (!empty($check_visibility)) { + $sql = 'SELECT row_to_json(d) FROM (SELECT * FROM boards_listing ul WHERE id = $1 ORDER BY id DESC) as d'; if (isset($_GET["type"]) && $_GET["type"] == "instant_card") { $sql = 'SELECT row_to_json(d) FROM (SELECT * FROM instant_board_listing ul WHERE id = $1 ORDER BY id DESC) as d'; - } else { - $sql = 'SELECT row_to_json(d) FROM (SELECT * FROM boards_listing ul WHERE id = $1 ORDER BY id DESC) as d'; } array_push($pg_params, $r_resource_vars['boards']); if (!empty($sql)) { - if ($result = pg_query_params($db_lnk, $sql, $pg_params)) { + $result = pg_query_params($db_lnk, $sql, $pg_params); + if ($result) { $data = array(); while ($row = pg_fetch_row($result)) { $obj = json_decode($row[0], true); @@ -1274,18 +1297,21 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) } echo json_encode($data); pg_free_result($result); - } else { + } + if (!$result) { $r_debug.= __LINE__ . ': ' . pg_last_error($db_lnk) . '\n'; } } - } else { + } + if (empty($check_visibility)) { $response['error']['type'] = 'visibility'; $response['error']['message'] = 'Unauthorized'; echo json_encode($response); // header($_SERVER['SERVER_PROTOCOL'] . ' 401 Unauthorized', true, 401); } - } else { + } + if (empty($check_board)) { $response['error']['type'] = 'board'; $response['error']['message'] = 'Bad Request'; header($_SERVER['SERVER_PROTOCOL'] . ' 400 Bad Request', true, 400); @@ -1324,26 +1350,25 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) while ($row = pg_fetch_assoc($s_result)) { array_push($organization_ids, $row['organization_id']); } - if (!empty($organization_ids)) { - $sql.= ' WHERE id IN (' . implode(",", array_unique($organization_ids)) . ')'; - } else { - $sql.= ' WHERE user_id = ' . $authUser['id']; - } + $sql.= !empty($organization_ids) ? ' WHERE id IN (' . implode(",", array_unique($organization_ids)) . ')' : ' WHERE user_id = ' . $authUser['id']; } $sql.= ' ORDER BY id ASC) as d '; if (!empty($sql)) { - if ($result = pg_query_params($db_lnk, $sql, $pg_params)) { + $result = pg_query_params($db_lnk, $sql, $pg_params); + if ($result) { $data = array(); while ($row = pg_fetch_row($result)) { $obj = json_decode($row[0], true); $data[] = $obj; } echo json_encode($data); - } else { + } + if (!$result) { $r_debug.= __LINE__ . ': ' . pg_last_error($db_lnk) . '\n'; } } - } else { + } + if (empty($r_resource_filters['type']) || $r_resource_filters['type'] != 'simple') { $organization_ids = array(); $sql = 'SELECT row_to_json(d) FROM (SELECT * FROM organizations_listing'; if (!empty($authUser) && $authUser['role_id'] != 1) { @@ -1373,15 +1398,12 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) while ($row = pg_fetch_assoc($s_result)) { array_push($organization_ids, $row['organization_id']); } - if (!empty($organization_ids)) { - $sql.= ' WHERE id IN (' . implode(",", array_unique($organization_ids)) . ')'; - } else { - $sql.= ' WHERE user_id = ' . $authUser['id']; - } + $sql.= !empty($organization_ids) ? ' WHERE id IN (' . implode(",", array_unique($organization_ids)) . ')' : ' WHERE user_id = ' . $authUser['id']; } $sql.= ' ORDER BY id ASC) as d '; if (!empty($sql)) { - if ($result = pg_query_params($db_lnk, $sql, $pg_params)) { + $result = pg_query_params($db_lnk, $sql, $pg_params); + if ($result) { $data = array(); while ($row = pg_fetch_row($result)) { $obj = json_decode($row[0], true); @@ -1400,7 +1422,8 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) $data[] = $obj; } echo json_encode($data); - } else { + } + if (!$result) { $r_debug.= __LINE__ . ': ' . pg_last_error($db_lnk) . '\n'; } } @@ -1422,7 +1445,8 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) $sql = 'SELECT row_to_json(d) FROM (SELECT * FROM organization_listing ul WHERE id = $1 ORDER BY id DESC ) as d'; array_push($pg_params, $r_resource_vars['organizations']); if (!empty($sql)) { - if ($result = pg_query_params($db_lnk, $sql, $pg_params)) { + $result = pg_query_params($db_lnk, $sql, $pg_params); + if ($result) { $data = array(); while ($row = pg_fetch_row($result)) { $obj = json_decode($row[0], true); @@ -1441,11 +1465,13 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) $data['organization_user_roles'][] = $row; } echo json_encode($data); - } else { + } + if (!$result) { $r_debug.= __LINE__ . ': ' . pg_last_error($db_lnk) . '\n'; } } - } else { + } + if (empty($check_visibility)) { $response['error']['type'] = 'visibility'; $response['error']['message'] = 'Unauthorized'; echo json_encode($response); @@ -1473,10 +1499,9 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) array_push($pg_params, $r_resource_vars['boards']); $i = 2; if (isset($r_resource_filters['last_activity_id']) && $r_resource_filters['last_activity_id'] > 0) { + $condition = ' AND al.id > $' . $i; if (!empty($r_resource_filters['type']) && $r_resource_filters['type'] == 'all') { $condition = ' AND al.id < $' . $i; - } else { - $condition = ' AND al.id > $' . $i; } array_push($pg_params, $r_resource_filters['last_activity_id']); $i++; @@ -1549,19 +1574,28 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) while ($row = pg_fetch_assoc($cardsIDS)) { $assigned_card_ids[] = $row['id']; } + $cardFilter = 'al.card_id = $2'; + if ($i === 3) { + $cardFilter = 'al.card_id = $3'; + } + $sql = 'SELECT row_to_json(d) FROM (SELECT al.*, u.username, u.profile_picture_path, u.initials, u.full_name, c.description, c.name as card_name FROM activities_listing al LEFT JOIN users u ON al.user_id = u.id LEFT JOIN cards c on al.card_id = c.id WHERE (al.board_id = $1 AND ' . $cardFilter . ') ' . $condition . ' ' . $order . ' LIMIT ' . $limit . ' ' . $construct_offset . ') as d '; + if (empty($r_resource_filters['from']) || (!empty($r_resource_filters['from']) && $r_resource_filters['from'] != 'app')) { + $c_sql = 'SELECT COUNT(*) FROM activities_listing al WHERE al.board_id = $1 AND ' . $cardFilter . $condition; + } + if (empty($assigned_card_ids)) { + array_push($pg_params, 0); + } if (!empty($assigned_card_ids)) { - $sql = 'SELECT row_to_json(d) FROM (SELECT al.*, u.username, u.profile_picture_path, u.initials, u.full_name, c.description, c.name as card_name FROM activities_listing al LEFT JOIN users u ON al.user_id = u.id LEFT JOIN cards c on al.card_id = c.id WHERE al.board_id = $1 AND (al.card_id = ANY ($3) OR al.revisions = $2 )' . $condition . ' ' . $order . ' LIMIT ' . $limit . ' ' . $construct_offset . ') as d '; - if (empty($r_resource_filters['from']) || (!empty($r_resource_filters['from']) && $r_resource_filters['from'] != 'app')) { - $c_sql = 'SELECT COUNT(*) FROM activities_listing al WHERE (al.board_id = $1 AND al.card_id = ANY ($3)) OR al.revisions = $2 ' . $condition; + $cardFilter = 'al.card_id = ANY ($2)'; + if ($i === 3) { + $cardFilter = 'al.card_id = ANY ($3)'; } - array_push($assigned_card_ids, 0); - array_push($pg_params, $authUser['id'], '{' . implode(',', $assigned_card_ids) . '}'); - } else { - $sql = 'SELECT row_to_json(d) FROM (SELECT al.*, u.username, u.profile_picture_path, u.initials, u.full_name, c.description, c.name as card_name FROM activities_listing al LEFT JOIN users u ON al.user_id = u.id LEFT JOIN cards c on al.card_id = c.id WHERE (al.board_id = $1 AND al.card_id = $2) ' . $condition . ' ' . $order . ' LIMIT ' . $limit . ' ' . $construct_offset . ') as d '; + $sql = 'SELECT row_to_json(d) FROM (SELECT al.*, u.username, u.profile_picture_path, u.initials, u.full_name, c.description, c.name as card_name FROM activities_listing al LEFT JOIN users u ON al.user_id = u.id LEFT JOIN cards c on al.card_id = c.id WHERE al.board_id = $1 AND (' . $cardFilter . ')' . $condition . ' ' . $order . ' LIMIT ' . $limit . ' ' . $construct_offset . ') as d '; if (empty($r_resource_filters['from']) || (!empty($r_resource_filters['from']) && $r_resource_filters['from'] != 'app')) { - $c_sql = 'SELECT COUNT(*) FROM activities_listing al WHERE al.board_id = $1 AND card_id = $2 ' . $condition; + $c_sql = 'SELECT COUNT(*) FROM activities_listing al WHERE (al.board_id = $1 AND ' . $cardFilter . ') ' . $condition; } - array_push($pg_params, 0); + array_push($assigned_card_ids, 0); + array_push($pg_params, '{' . implode(',', $assigned_card_ids) . '}'); } } } @@ -1571,7 +1605,8 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) $_metadata = $paging_data['_metadata']; } if (!empty($sql)) { - if ($result = pg_query_params($db_lnk, $sql, $pg_params)) { + $result = pg_query_params($db_lnk, $sql, $pg_params); + if ($result) { $data = array(); $board_lists = array(); while ($row = pg_fetch_row($result)) { @@ -1620,7 +1655,8 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) ); $obj['comment'] = strtr($obj['comment'], $replaceContent); } - } else { + } + if (empty($r_resource_filters['view'])) { if ($obj['type'] === 'add_comment') { $obj['comment'] = $obj['comment']; } @@ -1636,7 +1672,8 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) $data['_metadata'] = $_metadata; } echo json_encode($data); - } else { + } + if (!$result) { $r_debug.= __LINE__ . ': ' . pg_last_error($db_lnk) . '\n'; } } @@ -1652,14 +1689,16 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) } $sql.= ' ORDER BY id DESC) as d '; if (!empty($sql)) { - if ($result = pg_query_params($db_lnk, $sql, $pg_params)) { + $result = pg_query_params($db_lnk, $sql, $pg_params); + if ($result) { $data = array(); while ($row = pg_fetch_row($result)) { $obj = json_decode($row[0], true); $data = $obj; } echo json_encode($data); - } else { + } + if (!$result) { $r_debug.= __LINE__ . ': ' . pg_last_error($db_lnk) . '\n'; } } @@ -1673,14 +1712,16 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) array_push($pg_params, $authUser['id']); } $sql.= ' ORDER BY id DESC) as d '; - if ($result = pg_query_params($db_lnk, $sql, $pg_params)) { + $result = pg_query_params($db_lnk, $sql, $pg_params); + if ($result) { $data = array(); while ($row = pg_fetch_row($result)) { $obj = json_decode($row[0], true); $data[] = $obj; } echo json_encode($data); - } else { + } + if (!$result) { $r_debug.= __LINE__ . ': ' . pg_last_error($db_lnk) . '\n'; } break; @@ -1688,14 +1729,16 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) case '/boards/search': $sql = 'SELECT row_to_json(d) FROM (SELECT id, name, background_color FROM boards ul WHERE name ILIKE $1 ORDER BY id DESC) as d'; array_push($pg_params, '%' . $r_resource_filters['q'] . '%'); - if ($result = pg_query_params($db_lnk, $sql, $pg_params)) { + $result = pg_query_params($db_lnk, $sql, $pg_params); + if ($result) { $data = array(); while ($row = pg_fetch_row($result)) { $obj = json_decode($row[0], true); $data = $obj; } echo json_encode($data); - } else { + } + if (!$result) { $r_debug.= __LINE__ . ': ' . pg_last_error($db_lnk) . '\n'; } break; @@ -1704,7 +1747,8 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) case '/boards/?/cards/?': $sql = 'SELECT row_to_json(d) FROM (SELECT * FROM cards_listing cll WHERE id = $1) as d '; array_push($pg_params, $r_resource_vars['cards']); - if ($result = pg_query_params($db_lnk, $sql, $pg_params)) { + $result = pg_query_params($db_lnk, $sql, $pg_params); + if ($result) { $data = array(); while ($row = pg_fetch_row($result)) { $obj = json_decode($row[0], true); @@ -1723,17 +1767,18 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) } } echo json_encode($data); - } else { + } + if (!$result) { $r_debug.= __LINE__ . ': ' . pg_last_error($db_lnk) . '\n'; } break; case '/boards/?/labels': - $metadata = array(); $data = array(); array_push($pg_params, $r_resource_vars['boards']); $sql = 'SELECT DISTINCT label_id, MAX(name) FROM cards_labels_listing cll WHERE board_id = $1 GROUP BY label_id ORDER BY MAX(name) ASC'; - if ($res = pg_query_params($db_lnk, $sql, $pg_params)) { + $res = pg_query_params($db_lnk, $sql, $pg_params); + if ($res) { while ($row = pg_fetch_assoc($res)) { $val_arr = array( $row['label_id'] @@ -1744,7 +1789,8 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) } } echo json_encode($data); - } else { + } + if (!$res) { $r_debug.= __LINE__ . ': ' . pg_last_error($db_lnk) . '\n'; } break; @@ -1762,7 +1808,8 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) $_metadata = $paging_data['_metadata']; } } - if ($result = pg_query_params($db_lnk, $sql, $pg_params)) { + $result = pg_query_params($db_lnk, $sql, $pg_params); + if ($result) { $data = array(); $board_lists = array(); while ($row = pg_fetch_row($result)) { @@ -1778,7 +1825,8 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) $data['_metadata'] = $_metadata; } echo json_encode($data); - } else { + } + if (!$result) { $r_debug.= __LINE__ . ': ' . pg_last_error($db_lnk) . '\n'; } break; @@ -1792,6 +1840,7 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) ); $sort_by_data = pg_query_params($db_lnk, 'SELECT sort_by, sort_direction FROM boards WHERE id = $1', $qry_val_arr); $sort_by = pg_fetch_assoc($sort_by_data); + $sql = 'SELECT row_to_json(d) FROM (SELECT ' . $fields . ' FROM cards_listing cll WHERE board_id = $1 AND list_id = $2 ORDER BY position asc) as d '; if (!empty($sort_by['sort_by']) && !empty($sort_by['sort_direction'])) { $sort_by_field = ""; $sort_by_direction = $sort_by['sort_direction']; @@ -1808,8 +1857,6 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) $sort_by_field = "custom_fields::json#>>'{start_date}'"; } $sql = 'SELECT row_to_json(d) FROM (SELECT ' . $fields . ' FROM cards_listing cll WHERE board_id = $1 AND list_id = $2 ORDER BY ' . $sort_by_field . ' ' . $sort_by_direction . ' ) as d '; - } else { - $sql = 'SELECT row_to_json(d) FROM (SELECT ' . $fields . ' FROM cards_listing cll WHERE board_id = $1 AND list_id = $2 ORDER BY position asc) as d '; } if (empty($r_resource_filters['from']) || (!empty($r_resource_filters['from']) && $r_resource_filters['from'] != 'app')) { $c_sql = 'SELECT COUNT(*) FROM cards_listing cll'; @@ -1828,7 +1875,8 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) while ($attachment = pg_fetch_assoc($attachments)) { $data['attachments'][] = $attachment; } - if ($result = pg_query_params($db_lnk, $sql, $pg_params)) { + $result = pg_query_params($db_lnk, $sql, $pg_params); + if ($result) { $board_lists = array(); while ($row = pg_fetch_row($result)) { $obj = json_decode($row[0], true); @@ -1846,7 +1894,8 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) $data = customFieldAfterFetchBoardsListsCards($r_resource_cmd, $r_resource_vars, $r_resource_filters, $data); } echo json_encode($data); - } else { + } + if (!$result) { $r_debug.= __LINE__ . ': ' . pg_last_error($db_lnk) . '\n'; } break; @@ -1856,7 +1905,8 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) $data = array(); $fields = !empty($r_resource_filters['fields']) ? $r_resource_filters['fields'] : '*'; $sql = "SELECT row_to_json(d) FROM (SELECT " . $fields . " FROM cards_listing cll WHERE custom_fields LIKE '%" . $r_resource_filters['custom_field'] . "%' ORDER BY position asc) as d "; - if ($result = pg_query_params($db_lnk, $sql, array())) { + $result = pg_query_params($db_lnk, $sql, array()); + if ($result) { $board_lists = array(); while ($row = pg_fetch_row($result)) { $obj = json_decode($row[0], true); @@ -1870,7 +1920,8 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) $data['_metadata'] = $_metadata; } echo json_encode($data); - } else { + } + if (!$result) { $r_debug.= __LINE__ . ': ' . pg_last_error($db_lnk) . '\n'; } break; @@ -1903,7 +1954,8 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) $_metadata = $paging_data['_metadata']; } if (!empty($sql)) { - if ($result = pg_query_params($db_lnk, $sql, $pg_params)) { + $result = pg_query_params($db_lnk, $sql, $pg_params); + if ($result) { $data = array(); $board_lists = array(); while ($row = pg_fetch_row($result)) { @@ -1943,7 +1995,8 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) $data['_metadata'] = $_metadata; } echo json_encode($data); - } else { + } + if (!$result) { $r_debug.= __LINE__ . ': ' . pg_last_error($db_lnk) . '\n'; } } @@ -1951,14 +2004,16 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) case '/timezones': $sql = 'SELECT row_to_json(d) FROM (SELECT * FROM timezones order by utc_offset::int) as d '; - if ($result = pg_query_params($db_lnk, $sql, array())) { + $result = pg_query_params($db_lnk, $sql, array()); + if ($result) { $data = array(); while ($row = pg_fetch_row($result)) { $obj = json_decode($row[0], true); $data[] = $obj; } echo json_encode($data); - } else { + } + if (!$result) { $r_debug.= __LINE__ . ': ' . pg_last_error($db_lnk) . '\n'; } break; @@ -1966,14 +2021,16 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) case '/boards/?/lists/?/cards/?/checklists': $sql = 'SELECT row_to_json(d) FROM (SELECT * FROM checklist_add_listing al WHERE board_id = $1) as d '; array_push($pg_params, $r_resource_vars['boards']); - if ($result = pg_query_params($db_lnk, $sql, $pg_params)) { + $result = pg_query_params($db_lnk, $sql, $pg_params); + if ($result) { $data = array(); while ($row = pg_fetch_row($result)) { $obj = json_decode($row[0], true); $data[] = $obj; } echo json_encode($data); - } else { + } + if (!$result) { $r_debug.= __LINE__ . ': ' . pg_last_error($db_lnk) . '\n'; } break; @@ -1981,14 +2038,16 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) case '/boards/?/visibility': $sql = 'SELECT row_to_json(d) FROM (SELECT board_visibility FROM boards bl WHERE bl.id = $1) as d '; array_push($pg_params, $r_resource_vars['boards']); - if ($result = pg_query_params($db_lnk, $sql, $pg_params)) { + $result = pg_query_params($db_lnk, $sql, $pg_params); + if ($result) { $data = array(); while ($row = pg_fetch_row($result)) { $obj = json_decode($row[0], true); $data = $obj; } echo json_encode($data); - } else { + } + if (!$result) { $r_debug.= __LINE__ . ': ' . pg_last_error($db_lnk) . '\n'; } break; @@ -2016,15 +2075,18 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) $response = array(); $pg_params = array(); echo json_encode($response); - } else { - if ($result = pg_query_params($db_lnk, $sql, $pg_params)) { + } + if (!empty($r_resource_filters['q'])) { + $result = pg_query_params($db_lnk, $sql, $pg_params); + if ($result) { $data = array(); while ($row = pg_fetch_row($result)) { $obj = json_decode($row[0], true); $data[] = $obj; } echo json_encode($data); - } else { + } + if (!$result) { $r_debug.= __LINE__ . ': ' . pg_last_error($db_lnk) . '\n'; } } @@ -2044,8 +2106,10 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) $response = array(); $pg_params = array(); echo json_encode($response); - } else { - if ($result = pg_query_params($db_lnk, $sql, $pg_params)) { + } + if (!empty($r_resource_filters['q'])) { + $result = pg_query_params($db_lnk, $sql, $pg_params); + if ($result) { $data = array(); while ($row = pg_fetch_row($result)) { $obj = json_decode($row[0], true); @@ -2058,7 +2122,8 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) } } echo json_encode($data); - } else { + } + if (!$result) { $r_debug.= __LINE__ . ': ' . pg_last_error($db_lnk) . '\n'; } } @@ -2189,7 +2254,8 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) $fields = $data['settings_from_db']; if ($data['id'] !== 'r_multiple_ldap_login') { $result = pg_query_params($db_lnk, 'SELECT * FROM settings WHERE name IN (' . $fields . ') ORDER BY "order" ASC', array()); - } else { + } + if ($data['id'] === 'r_multiple_ldap_login') { $result = pg_query_params($db_lnk, 'SELECT * FROM settings WHERE name LIKE $1 ORDER BY "order" ASC', array( '%R_MLDAP%' )); @@ -2214,7 +2280,8 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) $value['settings_description'] = strtr($data['settings_description'], $replaceContent); $response[] = $value; } - } else { + } + if (empty($data['settings_from_db'])) { if (!empty($data['settings'])) { foreach ($data['settings'] as $key => $value) { $value['name'] = $key; @@ -2243,14 +2310,16 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) array_push($pg_params, $condition_param); } $sql = 'SELECT row_to_json(d) FROM (SELECT * FROM oauth_clients c ' . $condition . ') as d '; - if ($result = pg_query_params($db_lnk, $sql, $pg_params)) { + $result = pg_query_params($db_lnk, $sql, $pg_params); + if ($result) { $data = array(); while ($row = pg_fetch_row($result)) { $obj = json_decode($row[0], true); $data[] = $obj; } echo json_encode($data); - } else { + } + if (!$result) { $r_debug.= __LINE__ . ': ' . pg_last_error($db_lnk) . '\n'; } break; @@ -2266,13 +2335,15 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) $sql.= $paging_data['sql']; $_metadata = $paging_data['_metadata']; } - if ($result = pg_query_params($db_lnk, $sql, $pg_params)) { + $result = pg_query_params($db_lnk, $sql, $pg_params); + if ($result) { $data = array(); while ($row = pg_fetch_row($result)) { $obj = json_decode($row[0], true); if (!empty($_metadata)) { $data['data'][] = $obj; - } else { + } + if (empty($_metadata)) { $data[] = $obj; } } @@ -2280,7 +2351,8 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) $data['_metadata'] = $_metadata; } echo json_encode($data); - } else { + } + if (!$result) { $r_debug.= __LINE__ . ': ' . pg_last_error($db_lnk) . '\n'; } break; @@ -2299,7 +2371,8 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) $sql.= $paging_data['sql']; $_metadata = $paging_data['_metadata']; } - if ($result = pg_query_params($db_lnk, $sql, $pg_params)) { + $result = pg_query_params($db_lnk, $sql, $pg_params); + if ($result) { $data = array(); while ($row = pg_fetch_row($result)) { $obj = json_decode($row[0], true); @@ -2309,7 +2382,8 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) $data['_metadata'] = $_metadata; } echo json_encode($data); - } else { + } + if (!$result) { $r_debug.= __LINE__ . ': ' . pg_last_error($db_lnk) . '\n'; } break; @@ -2401,7 +2475,8 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) echo json_encode($plugin_return); } else if ($pluginToBePassed === 'CustomFields') { echo json_encode($plugin_return); - } else { + } + if ($pluginToBePassed !== 'CardTemplate' && $pluginToBePassed !== 'CustomFields') { if (!empty($plugin_return)) { foreach ($plugin_return as $return_plugin_key => $return_plugin_values) { $ { @@ -2427,9 +2502,7 @@ function r_get($r_resource_cmd, $r_resource_vars, $r_resource_filters) function r_post($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_post) { global $r_debug, $db_lnk, $authUser, $thumbsizes, $_server_domain_url, $jabberHost; - $emailFindReplace = $response = $foreign_id = $cards = $foreign_ids = $diff = $no_organization_users = $srow = $revisions = array(); - $fields = 'created, modified'; - $values = 'now(), now()'; + $emailFindReplace = $response = $foreign_id = $cards = $foreign_ids = $diff = $srow = $revisions = array(); $json = $sql = $is_return_vlaue = $is_import_board = $keepcards = false; $is_keep_attachment = $is_keep_user = $is_keep_label = $is_keep_activity = $is_keep_checklist = $copied_card_id = 0; $uuid = $table_name = ''; @@ -2476,7 +2549,7 @@ function r_post($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_post) $conditions = array( $user_id['user_id'] ); - $users = pg_query_params($db_lnk, 'DELETE FROM users WHERE id= $1 RETURNING username', $conditions); + pg_query_params($db_lnk, 'DELETE FROM users WHERE id= $1 RETURNING username', $conditions); } $response = array( 'success' => 'Checked users are deleted successfully.' @@ -2564,7 +2637,8 @@ function r_post($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_post) 'success' => 'An email has been sent with your new password.' ); sendMail('forgetpassword', $emailFindReplace, $user['email']); - } else { + } + if (empty($user)) { $response = array( 'error' => 'No matching email id is found in the database.' ); @@ -2586,19 +2660,18 @@ function r_post($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_post) $r_post['role_id'] = 2; // user $r_post['ip_id'] = saveIp(); // admin selected email notification + $default_email_notification = 0; + if (DEFAULT_EMAIL_NOTIFICATION === 'Periodically') { + $default_email_notification = 1; + } else if (DEFAULT_EMAIL_NOTIFICATION === 'Instantly') { + $default_email_notification = 2; + } else if (DEFAULT_EMAIL_NOTIFICATION === 'Daily') { + $default_email_notification = 3; + } else if (DEFAULT_EMAIL_NOTIFICATION === 'Weekly') { + $default_email_notification = 4; + } if (isset($r_post['is_send_newsletter'])) { $default_email_notification = $r_post['is_send_newsletter']; - } else { - $default_email_notification = 0; - if (DEFAULT_EMAIL_NOTIFICATION === 'Periodically') { - $default_email_notification = 1; - } else if (DEFAULT_EMAIL_NOTIFICATION === 'Instantly') { - $default_email_notification = 2; - } else if (DEFAULT_EMAIL_NOTIFICATION === 'Daily') { - $default_email_notification = 3; - } else if (DEFAULT_EMAIL_NOTIFICATION === 'Weekly') { - $default_email_notification = 4; - } } $activity = executeQuery('SELECT id FROM activities ORDER BY id DESC'); $r_post['last_email_notified_activity_id'] = $activity['id']; @@ -2636,7 +2709,8 @@ function r_post($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_post) $emailFindReplace['##NAME##'] = $r_post['full_name']; $emailFindReplace['##ACTIVATION_URL##'] = $_server_domain_url . '/#/users/activation/' . $row['id'] . '/' . md5($r_post['username']); sendMail('activation', $emailFindReplace, $r_post['email']); - } else { + } + if (empty($activation_permission)) { $response['activation'] = 1; $qry_val_arr = array( 'true', @@ -2651,7 +2725,8 @@ function r_post($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_post) } } } - } else { + } + if ($user) { $msg = ''; if ($user['email'] == $r_post['email']) { $msg = 1; @@ -2717,7 +2792,8 @@ function r_post($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_post) sendMail('new_project_user_invite', $emailFindReplace, $r_post['email']); } } - } else { + } + if ($user) { $response = array( 'error' => 'Email address already exist' ); @@ -2786,7 +2862,8 @@ function r_post($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_post) $emailFindReplace['##NAME##'] = $r_post['full_name']; $emailFindReplace['##ACTIVATION_URL##'] = $_server_domain_url . '/#/users/activation/' . $row['id'] . '/' . md5($r_post['username']); sendMail('activation', $emailFindReplace, $r_post['email']); - } else { + } + if (empty($activation_permission)) { $response['activation'] = 1; $qry_val_arr = array( 'true', @@ -2801,7 +2878,8 @@ function r_post($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_post) } } } - } else { + } + if (!empty($user)) { if ($user['is_invite_from_board'] == 't' && $user['is_active'] == 0 && $user['is_email_confirmed'] == 0) { $r_post['password'] = getCryptHash($r_post['password']); $qry_val_arr = array( @@ -2840,7 +2918,8 @@ function r_post($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_post) ); if (filter_var($r_post['email'], FILTER_VALIDATE_EMAIL) !== false) { $where = 'LOWER(email) = LOWER($1)'; - } else { + } + if (!filter_var($r_post['email'], FILTER_VALIDATE_EMAIL)) { $where = 'LOWER(username)=LOWER($1)'; } $log_user = executeQuery('SELECT id, role_id, password, is_ldap::boolean::int FROM users WHERE ' . $where, $val_arr); @@ -2880,7 +2959,8 @@ function r_post($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_post) if ($checkResult) { $is_provide_access_token = true; } - } else { + } + if (empty($r_post['verification_code'])) { $is_provide_access_token = true; } if ($is_provide_access_token) { @@ -2970,7 +3050,8 @@ function r_post($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_post) $result = pg_execute_insert($table_name, $post); } } - } else { + } + if (!$is_provide_access_token) { $response = array( 'code' => 'verification_code', 'error' => 'Entered verification code is wrong. Please try again.' @@ -2982,7 +3063,8 @@ function r_post($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_post) 'success' => 'User authenticated successfully' ); } - } else { + } + if (empty($user)) { $last_login_ip_id = saveIp(); $user_agent = !empty($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : ''; if (!empty($log_user)) { @@ -2997,16 +3079,15 @@ function r_post($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_post) // login failed error logged $login_fail_string = date('Y-m-d H:i:s') . '|' . $_SERVER['REMOTE_ADDR'] . '|' . $r_post['email'] . '|' . $user_agent; error_log($login_fail_string . PHP_EOL, 3, CACHE_PATH . DS . 'user_logins_failed.log'); + $response = array( + 'code' => 'email', + 'error' => 'Sorry, login failed. Either your username or password are incorrect or admin deactivated your account.' + ); if (!empty($ldap_error)) { $response = array( 'code' => 'LDAP', 'error' => $ldap_error ); - } else { - $response = array( - 'code' => 'email', - 'error' => 'Sorry, login failed. Either your username or password are incorrect or admin deactivated your account.' - ); } } echo json_encode($response); @@ -3048,7 +3129,8 @@ function r_post($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_post) 'success' => 'Password change successfully.' ); } - } else { + } + if (empty($user)) { $response = array( 'error' => 1 ); @@ -3229,9 +3311,6 @@ function r_post($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_post) $sfields = ''; foreach ($put as $key => $value) { if ($key != 'is_send_newsletter') { - if ($key != 'id') { - $fields.= ', ' . $key; - } if ($key != 'id' && $key != 'position') { $sfields.= (empty($sfields)) ? $key : ", " . $key; } @@ -3250,10 +3329,9 @@ function r_post($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_post) } $revision = serialize($revisions); $foreign_id = $id; + $response['activity'] = ''; if (!empty($temp_revisions)) { $response['activity'] = insertActivity($authUser['id'], $comment, 'update_profile', $foreign_ids, $revision, $foreign_id); - } else { - $response['activity'] = ''; } if (!empty($response['activity']['revisions']) && trim($response['activity']['revisions']) != '') { $revisions = unserialize($response['activity']['revisions']); @@ -3409,7 +3487,8 @@ function r_post($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_post) } else { $response['error'] = 'Invalid file format. Upload json file'; } - } else { + } + if ($_FILES['board_import']['error'] != 0) { $response['error'] = 'Unable to import. please try again.'; } } elseif (!empty($_FILES['board_import_wekan'])) { @@ -3424,10 +3503,12 @@ function r_post($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_post) if (!empty($imported_board)) { $board = importWekanBoard($imported_board); $response['id'] = $board['id']; - } else { + } + if (empty($imported_board)) { $response['error'] = 'Invalid file format. Upload json file'; } - } else { + } + if ($_FILES['board_import_wekan']['error'] != 0) { $response['error'] = 'Unable to import. please try again.'; } } elseif (!empty($_FILES['board_import_kantree'])) { @@ -3445,7 +3526,8 @@ function r_post($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_post) } else { $response['error'] = 'Invalid file format. Upload json file'; } - } else { + } + if ($_FILES['board_import_kantree']['error'] != 0) { $response['error'] = 'Unable to import. please try again.'; } } elseif (!empty($_FILES['board_import_taiga'])) { @@ -3463,7 +3545,8 @@ function r_post($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_post) } else { $response['error'] = 'Invalid file format. Upload json file'; } - } else { + } + if ($_FILES['board_import_taiga']['error'] != 0) { $response['error'] = 'Unable to import. please try again.'; } } elseif (!empty($_FILES['board_import_asana'])) { @@ -3478,10 +3561,12 @@ function r_post($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_post) if (!empty($imported_board)) { $board = importAsanaBoard($imported_board['data']); $response['id'] = $board['id']; - } else { + } + if (empty($imported_board)) { $response['error'] = 'Invalid file format. Upload json file'; } - } else { + } + if ($_FILES['board_import_asana']['error'] != 0) { $response['error'] = 'Unable to import. please try again.'; } } elseif (!empty($_FILES['board_import_taskwarrior'])) { @@ -3499,7 +3584,8 @@ function r_post($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_post) } else { $response['error'] = 'Invalid file format. Upload json file'; } - } else { + } + if ($_FILES['board_import_taskwarrior']['error'] != 0) { $response['error'] = 'Unable to import. please try again.'; } } elseif (!empty($_FILES['board_import_pipefy'])) { @@ -3507,9 +3593,11 @@ function r_post($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_post) if ($_FILES['board_import_pipefy']['type'] === 'text/csv') { $all_rows = array(); $imported_board = array(); - if (($handle = fopen($_FILES['board_import_pipefy']['tmp_name'], "r")) !== false) { + $handle = fopen($_FILES['board_import_pipefy']['tmp_name'], "r"); + if ($handle !== false) { $row = 1; - while (($data = fgetcsv($handle, 40000, ",")) !== false) { + $data = fgetcsv($handle, 40000, ","); + while ($data !== false) { if ($row > 1) { $arrResult = array(); foreach ($data as $key => $value) { @@ -3524,15 +3612,18 @@ function r_post($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_post) if (!empty($imported_board)) { $board = importpipefyBoard($imported_board); $response['id'] = $board['id']; - } else { + } + if (empty($imported_board)) { $response['error'] = 'Invalid file format. Upload CSV file'; } } fclose($handle); - } else { + } + if ($_FILES['board_import_pipefy']['type'] !== 'text/csv') { $response['error'] = 'Invalid file format. Upload CSV file'; } - } else { + } + if ($_FILES['board_import_pipefy']['error'] != 0) { $response['error'] = 'Unable to import. please try again.'; } } elseif (!empty($_FILES['board_import_monday'])) { @@ -3565,7 +3656,8 @@ function r_post($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_post) if (!empty($filecount)) { $board = importMondayBoards($mediadir, $time); $response["msg"] = "Success"; - } else { + } + if (empty($filecount)) { $response['error'] = 'Kindly upload valid zip file, no boards found.'; } } else { @@ -3904,7 +3996,8 @@ function r_post($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_post) pg_query_params($db_lnk, 'INSERT INTO board_subscribers (' . $boards_subscriber_fields . ') VALUES (' . $boards_subscriber_val . ')', $boards_subscriber_values); } } - } else { + } + if (!$keepusers) { //Add into board users $qry_val_arr = array( $new_board_id, @@ -3980,7 +4073,8 @@ function r_post($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_post) $list_fields.= ', ' . $key; if ($value === false) { array_push($list_values, 'false'); - } else { + } + if ($value !== false) { array_push($list_values, $value); } } @@ -4025,7 +4119,8 @@ function r_post($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_post) pg_query_params($db_lnk, 'INSERT INTO list_subscribers (' . $lists_subscriber_fields . ') VALUES (' . $lists_subscriber_val . ')', $lists_subscriber_values); } } - } else { + } + if (!$keepusers) { //Copy list subscribers $qry_val_arr = array( $list_id, @@ -4315,7 +4410,8 @@ function r_post($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_post) array_push($cards_subscriber_values, 'false'); } else if ($value === null) { array_push($cards_subscriber_values, null); - } else { + } + if ($value !== false && $value !== null) { array_push($cards_subscriber_values, $value); } } @@ -4481,7 +4577,8 @@ function r_post($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_post) } unset($r_post['name']); $response['activity'] = update_query('boards', $r_resource_vars['boards'], $r_resource_cmd, $r_post, $comment, $activity_type, $foreign_ids); - } else { + } + if (!in_array($file_ext, $allowed_ext)) { $response['error'] = 'File extension not supported. It supports only jpg, png, bmp and gif.'; } } @@ -4696,7 +4793,8 @@ function r_post($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_post) $r_post['user_id'] ); pg_query_params($db_lnk, 'UPDATE list_subscribers SET is_subscribed = $1 WHERE list_id = $2 and user_id = $3', $qry_val_arr); - } else { + } + if (empty($check_subscribed)) { $r_post['list_id'] = $r_resource_vars['lists']; $sql = true; } @@ -4716,6 +4814,7 @@ function r_post($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_post) $r_post = json_decode($_POST['data'], true); $r_post['image_link'] = $_POST['image_link']; } + $response_file = $obj = array(); $table_name = 'cards'; if (!empty($r_post['is_support_app'])) { $admin = executeQuery('SELECT id FROM users WHERE role_id = $1', [1]); @@ -4829,9 +4928,9 @@ function r_post($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_post) $response_file['activity'] = insertActivity($userID, $comment, 'add_card_attachment', $foreign_ids, null, $response_file['card_attachments'][$i]['id']); foreach ($thumbsizes['CardAttachment'] as $key => $value) { $imgdir = IMG_PATH . DS . $key . DS . 'CardAttachment' . DS . $response_file['card_attachments'][$i]['id']; - $list = glob($imgdir . '.*'); - if (!empty($list) && isset($list[0]) && file_exists($list[0])) { - unlink($list[0]); + $imageList = glob($imgdir . '.*'); + if (!empty($imageList) && isset($imageList[0]) && file_exists($imageList[0])) { + unlink($imageList[0]); } } } @@ -4880,9 +4979,9 @@ function r_post($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_post) $response_file['activity'] = insertActivity($userID, $comment, 'add_card_attachment', $foreign_ids, null, $row['id']); foreach ($thumbsizes['CardAttachment'] as $key => $value) { $mediadir = IMG_PATH . DS . $key . DS . 'CardAttachment' . DS . $row['id']; - $list = glob($mediadir . '.*'); - if (!empty($list) && isset($list[0]) && file_exists($list[0])) { - unlink($list[0]); + $imageList = glob($mediadir . '.*'); + if (!empty($imageList) && isset($imageList[0]) && file_exists($imageList[0])) { + unlink($imageList[0]); } } } @@ -5091,7 +5190,7 @@ function r_post($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_post) $r_post['card_id'], $user['id'] ); - $card_subscribed = executeQuery('DELETE FROM card_subscribers WHERE id = (SELECT id FROM card_subscribers WHERE card_id = $1 and user_id = $2)', $qry_val_arr); + executeQuery('DELETE FROM card_subscribers WHERE id = (SELECT id FROM card_subscribers WHERE card_id = $1 and user_id = $2)', $qry_val_arr); $qry_val_arr = array( $r_post['card_id'], $user['id'], @@ -5174,7 +5273,8 @@ function r_post($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_post) $subscribe = pg_fetch_assoc($s_result); $response['id'] = $subscribe['id']; if ($sql && ($sql !== true) && !empty($json) && !empty($response['id'])) { - if ($result = pg_query_params($db_lnk, $sql, array())) { + $result = pg_query_params($db_lnk, $sql, array()); + if ($result) { $count = pg_num_rows($result); $i = 0; while ($row = pg_fetch_row($result)) { @@ -5501,10 +5601,9 @@ function r_post($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_post) $path = $save_path . DS . $filename['file_name']; $mimetype = explode('.', $r_post['name']); $mimetypeStore = ""; + $mimetypeStore = "application/" + $mimetype[count($mimetype) - 1]; if ($mimetype[count($mimetype) - 1] == "jpg" || $mimetype[count($mimetype) - 1] == "gif" || $mimetype[count($mimetype) - 1] == "jpeg" || $mimetype[count($mimetype) - 1] == "png") { $mimetypeStore = "image/" + $mimetype[count($mimetype) - 1]; - } else { - $mimetypeStore = "application/" + $mimetype[count($mimetype) - 1]; } $qry_val_arr = array( $r_post['card_id'], @@ -5515,7 +5614,8 @@ function r_post($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_post) $mimetypeStore, NULL ); - } else { + } + if (empty($image_type_check)) { $qry_val_arr = array( $r_post['card_id'], $r_post['name'], @@ -5606,7 +5706,6 @@ function r_post($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_post) $label_names = pg_query_params($db_lnk, 'SELECT l.name FROM labels l inner join cards_labels cl on cl.label_id = l.id WHERE card_id = $1', $qry_val_arr); $delete_labels = pg_query_params($db_lnk, 'DELETE FROM ' . $table_name . ' WHERE card_id = $1 RETURNING label_id', $qry_val_arr); $delete_label = pg_fetch_assoc($delete_labels); - $delete_labels_count = pg_affected_rows($delete_labels); $names = ''; if (!empty($r_post['name'])) { $label_names = explode(',', $r_post['name']); @@ -5615,7 +5714,8 @@ function r_post($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_post) foreach ($label_names as $label_name) { if (in_array($label_name, $previous_cards_labels)) { $oldlabel[] = $label_name; - } else { + } + if (!in_array($label_name, $previous_cards_labels)) { $newlabel[] = $label_name; } $names.= $label_name . ', '; @@ -6057,6 +6157,9 @@ function r_post($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_post) ); $custom_fields = pg_query_params($db_lnk, 'SELECT * FROM custom_fields WHERE board_id IS NULL or board_id = $1', $qry_val_arr); while ($custom_field = pg_fetch_assoc($custom_fields)) { + if (!empty($custom_field) && empty($custom_field['board_id'])) { + $customFields[$custom_field['id']] = $custom_field['id']; + } if (!empty($custom_field['board_id'])) { $qry_val_arr = array( $r_post['board_id'], @@ -6079,7 +6182,8 @@ function r_post($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_post) $result = pg_execute_insert('custom_fields', $data); $row = pg_fetch_assoc($result); $customFields[$custom_field['id']] = (int)($row['id']); - } else { + } + if (!empty($customField)) { $qry_val_arr = array( $r_resource_vars['boards'], $custom_field['name'] @@ -6099,8 +6203,6 @@ function r_post($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_post) } $customFields[$custom_field['id']] = $customField['id']; } - } else { - $customFields[$custom_field['id']] = $custom_field['id']; } } if (!empty($customFields)) { @@ -6453,7 +6555,8 @@ function r_post($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_post) $response['status']['code'] = 200; echo json_encode($response); break; - } else { + } + if ($get_saml_idp_meta_data_responces['status']['code'] != '200' || empty($get_saml_idp_meta_data_responces['metadata'])) { $response['status']['code'] = 401; $response['error']['type'] = 'IdP metadata not generated'; $response['error']['content'] = 'Please check your IdP metadata XML'; @@ -6558,7 +6661,8 @@ function r_post($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_post) 'R_SAML_META_DATA' ); pg_query_params($db_lnk, "UPDATE settings SET value = $1 WHERE name = $2", $saml_qry_val_arr); - } else { + } + if ($get_saml_meta_data_responces['status']['code'] != '200') { $response['error']['type'] = 'Metadata Error'; $response['error']['content'] = 'Metadata Not Updated'; echo json_encode($response); @@ -6566,7 +6670,8 @@ function r_post($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_post) } } $response['success'] = 'App updated successfully'; - } else { + } + if (!is_writable(APP_PATH . '/client/apps/' . $folder_name . '/app.json')) { $response['error']['type'] = 'File permission'; $response['error']['content'] = '/client/apps/ ' . $folder_name . ' / app.json'; } @@ -6733,15 +6838,15 @@ function r_post($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_post) $passed_values['r_resource_filters'] = $r_resource_filters; $passed_values['authUser'] = $authUser; $passed_values['r_post'] = $r_post; - if (!empty($table_name)) { + /* if (!empty($table_name)) { $passed_values['table_name'] = $table_name; - } - if (!empty($siteCurrencyCode)) { + } */ + /* if (!empty($siteCurrencyCode)) { $passed_values['siteCurrencyCode'] = $siteCurrencyCode; - } - if (!empty($enabledPlugins)) { + } */ + /* if (!empty($enabledPlugins)) { $passed_values['enabledPlugins'] = $enabledPlugins; - } + } */ $plugin_return = call_user_func($plugin_key . '_r_post', $passed_values); echo json_encode($plugin_return); break; @@ -6763,13 +6868,9 @@ function r_post($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_post) function r_put($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_put) { global $r_debug, $db_lnk, $authUser, $thumbsizes, $_server_domain_url; - $fields = 'modified'; - $values = array( - date('Y-m-d H:i:s') - ); - $sfields = $table_name = $id = $activity_type = ''; - $response = $diff = $pg_params = $foreign_id = $foreign_ids = $revisions = $previous_value = $obj = array(); - $sql = $json = false; + $table_name = $id = $activity_type = ''; + $response = $foreign_id = $foreign_ids = $revisions = $previous_value = array(); + $sql = false; unset($r_put['temp_id']); switch ($r_resource_cmd) { case '/users/?/activation': //users activation @@ -6882,6 +6983,7 @@ function r_put($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_put) case '/labels/?': //labels update $json = true; + $label_id = array(); $table_name = 'labels'; $id = $r_resource_vars['labels']; $response['success'] = 'Label has been updated successfully.'; @@ -6925,6 +7027,7 @@ function r_put($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_put) case '/boards/?': $table_name = 'boards'; + $board = array(); $id = $r_resource_vars['boards']; $qry_val_arr = array( $r_resource_vars['boards'] @@ -6950,9 +7053,6 @@ function r_put($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_put) } if (isset($r_put['r_gridview_configure'])) { if (is_plugin_enabled('r_gridview_configure')) { - $field_arr = array( - 'r_gridview_configure', - ); $custom_fields_array = array(); $custom_fields_array['r_gridview_configure'] = $r_put['r_gridview_configure']; $boardCustomFields = executeQuery('SELECT board_custom_fields FROM boards WHERE id = $1', [$id]); @@ -6987,9 +7087,6 @@ function r_put($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_put) } if (isset($r_put['r_listview_configure'])) { if (is_plugin_enabled('r_listview_configure')) { - $field_arr = array( - 'r_listview_configure' - ); $custom_fields_array = array(); $custom_fields_array['r_listview_configure'] = $r_put['r_listview_configure']; $boardCustomFields = executeQuery('SELECT board_custom_fields FROM boards WHERE id = $1', [$id]); @@ -7022,19 +7119,15 @@ function r_put($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_put) } if (isset($r_put['r_listview_configure_position'])) { if (is_plugin_enabled('r_listview_configure')) { - $field_arr = array( - 'r_listview_configure_position', - ); $custom_fields_array = array(); $custom_fields_array['r_listview_configure_position'] = $r_put['r_listview_configure_position']; $boardCustomFields = executeQuery('SELECT board_custom_fields FROM boards WHERE id = $1', [$id]); if (!empty($boardCustomFields['board_custom_fields'])) { $boardCustomFields = json_decode($boardCustomFields['board_custom_fields'], true); foreach ($boardCustomFields as $key => $boardValue) { + $custom_fields_array[$key] = $boardValue; if (array_key_exists($key, $custom_fields_array)) { $custom_fields_array[$key] = $custom_fields_array[$key]; - } else { - $custom_fields_array[$key] = $boardValue; } } } @@ -7562,6 +7655,9 @@ function r_put($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_put) ); $custom_fields = pg_query_params($db_lnk, 'SELECT * FROM custom_fields WHERE board_id IS NULL or board_id = $1', $qry_val_arr); while ($custom_field = pg_fetch_assoc($custom_fields)) { + if (!empty($custom_field) && empty($custom_field['board_id'])) { + $customFields[$custom_field['id']] = $custom_field['id']; + } if (!empty($custom_field['board_id'])) { $qry_val_arr = array( $r_put['board_id'], @@ -7604,8 +7700,6 @@ function r_put($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_put) } $customFields[$custom_field['id']] = $customField['id']; } - } else { - $customFields[$custom_field['id']] = $custom_field['id']; } } if (!empty($customFields)) { @@ -7642,10 +7736,9 @@ function r_put($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_put) $comment = '##USER_NAME## added card description in the card ##CARD_LINK## - ##DESCRIPTION##'; $activity_type = 'add_card_desc'; } else if (isset($previous_value) && isset($r_put['description']) && $r_put['description'] != $previous_value['description']) { + $comment = '##USER_NAME## updated description on the card ##CARD_LINK##'; if (empty($r_put['description'])) { $comment = '##USER_NAME## removed description from the card ##CARD_LINK##'; - } else { - $comment = '##USER_NAME## updated description on the card ##CARD_LINK##'; } $activity_type = 'edit_card_desc'; } @@ -7743,7 +7836,7 @@ function r_put($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_put) } } else if (isset($r_put['is_completed']) && $r_put['is_completed'] == 'false') { $comment = '##USER_NAME## updated ' . $prev_value['name'] . ' as incomplete on the card ##CARD_LINK##'; - } else { + } else if (!empty($r_put['name'])) { $comment = '##USER_NAME## updated item name of ' . $r_put['name'] . ' in the card ##CARD_LINK##'; } $response = update_query($table_name, $id, $r_resource_cmd, $r_put, $comment, $activity_type, $foreign_ids); @@ -7987,15 +8080,15 @@ function r_put($r_resource_cmd, $r_resource_vars, $r_resource_filters, $r_put) $passed_values['r_resource_filters'] = $r_resource_filters; $passed_values['authUser'] = $authUser; $passed_values['r_put'] = $r_put; - if (!empty($table_name)) { + /* if (!empty($table_name)) { $passed_values['table_name'] = $table_name; - } - if (!empty($siteCurrencyCode)) { + } */ + /* if (!empty($siteCurrencyCode)) { $passed_values['siteCurrencyCode'] = $siteCurrencyCode; - } - if (!empty($enabledPlugins)) { + } */ + /* if (!empty($enabledPlugins)) { $passed_values['enabledPlugins'] = $enabledPlugins; - } + } */ $plugin_return = call_user_func($plugin_key . '_r_put', $passed_values); echo json_encode($plugin_return); break; @@ -8164,6 +8257,7 @@ function r_delete($r_resource_cmd, $r_resource_vars, $r_resource_filters) break; case '/boards/?/labels/?': // delete Labels in Filter + $label_id = array(); $sql = 'DELETE FROM cards_labels WHERE board_id = $1 AND label_id = $2'; array_push($pg_params, $r_resource_vars['boards'], $r_resource_vars['labels']); $comment = __l('##USER_NAME## removed label ##LABEL_NAME## on ##BOARD_NAME##'); @@ -8178,7 +8272,7 @@ function r_delete($r_resource_cmd, $r_resource_vars, $r_resource_filters) $_GET['token'], $revision ); - $activity = pg_fetch_assoc(pg_query_params($db_lnk, 'INSERT INTO activities (created, modified, board_id, user_id, type, comment, token, revisions) VALUES (now(), now(),$1, $2, $3, $4, $5, $6) RETURNING id', $qry_val_arr)); + pg_fetch_assoc(pg_query_params($db_lnk, 'INSERT INTO activities (created, modified, board_id, user_id, type, comment, token, revisions) VALUES (now(), now(),$1, $2, $3, $4, $5, $6) RETURNING id', $qry_val_arr)); break; case '/boards/?/lists/?/cards/?': // delete card @@ -8219,10 +8313,9 @@ function r_delete($r_resource_cmd, $r_resource_vars, $r_resource_filters) if (!empty($revisions['revisions'])) { $revision = unserialize($revisions['revisions']); $revisions_del['comment'] = $comment; + $revisions_del['old_value'] = ''; if (isset($revision['new_value']['comment'])) { $revisions_del['old_value'] = $revision['new_value']['comment']; - } else { - $revisions_del['old_value'] = ''; } $revisions_del['new_value'] = ''; $revisions_del = serialize($revisions_del); @@ -8459,15 +8552,15 @@ function r_delete($r_resource_cmd, $r_resource_vars, $r_resource_filters) $passed_values['r_resource_vars'] = $r_resource_vars; $passed_values['r_resource_filters'] = $r_resource_filters; $passed_values['authUser'] = $authUser; - if (!empty($table_name)) { + /* if (!empty($table_name)) { $passed_values['table_name'] = $table_name; - } - if (!empty($siteCurrencyCode)) { + } */ + /* if (!empty($siteCurrencyCode)) { $passed_values['siteCurrencyCode'] = $siteCurrencyCode; - } - if (!empty($enabledPlugins)) { + } */ + /* if (!empty($enabledPlugins)) { $passed_values['enabledPlugins'] = $enabledPlugins; - } + } */ $plugin_return = call_user_func($plugin_key . '_r_delete', $passed_values); echo json_encode($plugin_return); exit; diff --git a/server/php/bootstrap.php b/server/php/bootstrap.php index eeb82760a..6f7bbd9e3 100644 --- a/server/php/bootstrap.php +++ b/server/php/bootstrap.php @@ -9,7 +9,7 @@ require_once 'libs' . DS . 'vendors' . DS . 'OAuth2' . DS . 'Autoloader.php'; function main() { - global $r_debug, $authUser, $token, $localAccessIps, $db_lnk, $token_exception_url, $exception_url, $scope_exception_url, $post_exception_url, $put_exception_url, $exception_before_token, $exception_url, $admin_access_url, $put_admin_access_url, $_server_domain_url, $locales; + global $r_debug, $authUser, $token, $db_lnk, $token_exception_url, $exception_url, $scope_exception_url, $put_exception_url, $exception_before_token, $exception_url, $admin_access_url, $_server_domain_url, $locales; if (PHP_SAPI == 'cli') { // if command line mode... if ($_SERVER['argc'] < 2) { echo 'Usage: php ' . __FILE__ . ' ' . "\n"; diff --git a/server/php/libs/ActivityHandler.php b/server/php/libs/ActivityHandler.php index 555c1d6bc..a17fb045e 100644 --- a/server/php/libs/ActivityHandler.php +++ b/server/php/libs/ActivityHandler.php @@ -47,7 +47,8 @@ public static function getActivitiesObj($obj) if (getRevisiondifference($old_val, $new_val) !== false) { $diff[] = getRevisiondifference($old_val, $new_val); } - } else { + } + if ($obj_type != 'edit_comment') { $diff[] = nl2br(getRevisiondifference($old_val, $new_val)); } } diff --git a/server/php/libs/XLSXReader.php b/server/php/libs/XLSXReader.php index fffe942e2..ee3953956 100644 --- a/server/php/libs/XLSXReader.php +++ b/server/php/libs/XLSXReader.php @@ -290,7 +290,8 @@ private function _parse() if ((int)$workbook->workbookPr['date1904'] === 1) { $this->date1904 = 1; } - if ($workbookRelations = $this->getEntryXML(dirname($rel_target) . '/_rels/workbook.xml.rels')) { + $workbookRelations = $this->getEntryXML(dirname($rel_target) . '/_rels/workbook.xml.rels'); + if ($workbookRelations) { // Loop relations for workbook and extract sheets... foreach ($workbookRelations->Relationship as $workbookRelation) { $wrel_type = basename(trim((string)$workbookRelation['Type'])); @@ -713,7 +714,8 @@ public function unixstamp($excelDateTime) */ public function getCell($worksheetIndex = 0, $cell = 'A1') { - if (($ws = $this->worksheet($worksheetIndex)) === false) { + $ws = $this->worksheet($worksheetIndex); + if ($ws === false) { return false; } $idx = is_array($cell) ? $cell : $this->getIndex((string)$cell); diff --git a/server/php/libs/core.php b/server/php/libs/core.php index bd66b8427..ab2ee29ae 100644 --- a/server/php/libs/core.php +++ b/server/php/libs/core.php @@ -58,7 +58,8 @@ function getToken($post) $server->addGrantType(new OAuth2\GrantType\RefreshToken($storage, $always_issue_new_refresh_token)); } elseif (isset($_POST['grant_type']) && $_POST['grant_type'] == 'authorization_code') { $server->addGrantType(new OAuth2\GrantType\AuthorizationCode($storage)); - } else { + } + if (!isset($_POST['grant_type']) && $_POST['grant_type'] != 'password' && $_POST['grant_type'] != 'refresh_token' && $_POST['grant_type'] != 'authorization_code') { $val_array = array( 'client_secret' => OAUTH_CLIENT_SECRET ); @@ -106,10 +107,9 @@ function getCryptHash($str) { $salt = ''; if (CRYPT_BLOWFISH) { + $algo_selector = '$2a$'; if (version_compare(PHP_VERSION, '5.3.7') >= 0) { // http://www.php.net/security/crypt_blowfish.php $algo_selector = '$2y$'; - } else { - $algo_selector = '$2a$'; } $workload_factor = '12$'; // (around 300ms on Core i7 machine) $val_arr = array( @@ -212,6 +212,7 @@ function curlExecute($url, $method = 'get', $post = array() , $format = 'plain') curl_setopt($ch, CURLOPT_HEADER, false); } } elseif ($method == 'post') { + $post_string = http_build_query($post, '', '&'); if ($format == 'json') { $post_string = json_encode($post); $curl_opt = array( @@ -219,8 +220,6 @@ function curlExecute($url, $method = 'get', $post = array() , $format = 'plain') 'Content-Length: ' . strlen($post_string) ); curl_setopt($ch, CURLOPT_HTTPHEADER, $curl_opt); - } else { - $post_string = http_build_query($post, '', '&'); } curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $post_string); @@ -325,10 +324,9 @@ function insertActivity($user_id, $comment, $type, $foreign_ids = array() , $rev 'revisions', 'token' ); + $token = ''; if (!empty($_GET['token'])) { $token = $_GET['token']; - } else { - $token = ''; } $values = array( 'now()', @@ -364,7 +362,6 @@ function insertActivity($user_id, $comment, $type, $foreign_ids = array() , $rev $row = pg_fetch_assoc($result); $id_converted = base_convert($row['id'], 10, 36); $materialized_path = sprintf("%08s", $id_converted); - $freshness_ts = date('Y-m-d H:i:s'); $path = 'P' . $row['id']; $depth = 0; $qry_val_arr = array( @@ -445,7 +442,7 @@ function checkAclLinks($r_request_method = 'GET', $r_resource_cmd = '/users', $r $r_resource_vars['boards'] ); $board = executeQuery('SELECT board_visibility FROM boards WHERE id = $1', $qry_val_arr); - if ($board['board_visibility'] == 2 && $r_request_method == 'GET') { + if (!empty($board) && $board['board_visibility'] == 2 && $r_request_method == 'GET') { return true; } } @@ -454,7 +451,7 @@ function checkAclLinks($r_request_method = 'GET', $r_resource_cmd = '/users', $r $r_resource_vars['organizations'] ); $organizations = executeQuery('SELECT organization_visibility FROM organizations WHERE id = $1', $qry_val_arr); - if ($organizations['organization_visibility'] == 1 && $r_request_method == 'GET') { + if (!empty($organizations) && $organizations['organization_visibility'] == 1 && $r_request_method == 'GET') { return true; } } @@ -532,7 +529,8 @@ function checkAclLinks($r_request_method = 'GET', $r_resource_cmd = '/users', $r if (empty($organization_allowed_link)) { return false; } - } else { + } + if (empty($r_resource_vars['boards']) && empty($r_resource_vars['organizations'])) { if (!empty($r_request_method) && ($r_request_method === 'POST') && !empty($r_resource_cmd) && ($r_resource_cmd === '/settings')) { $r_request_method = 'GET'; } @@ -612,14 +610,14 @@ function sendMail($template, $replaceContent, $toMail, $replyToMail = '') if (is_plugin_enabled('r_sparkpost')) { require_once PLUGIN_PATH . DS . 'SparkPost' . DS . 'functions.php'; $result = SparkPostMail($toMail, $subject, $message, $headers, DEFAULT_FROM_EMAIL_ADDRESS); - } else { + } + if (!is_plugin_enabled('r_sparkpost')) { $result = mail($toMail, $subject, $message, $headers, '-f' . DEFAULT_FROM_EMAIL_ADDRESS); } if (R_DEBUG) { + $compose_string = 'S, ' . $from_email . ', ' . $toMail . ', ' . $subject; if (!$result) { $compose_string = 'F, ' . $from_email . ', ' . $toMail . ', ' . $subject; - } else { - $compose_string = 'S, ' . $from_email . ', ' . $toMail . ', ' . $subject; } error_log($compose_string, 3, CACHE_PATH . DS . 'mail.log'); } @@ -643,7 +641,7 @@ function PushNotificationCurlExecute($url, $payload) $headers = array(); $headers[] = 'Content-Type: application/x-www-form-urlencoded'; curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); - $result = curl_exec($ch); + curl_exec($ch); if (curl_errno($ch)) { echo 'Error:' . curl_error($ch); } @@ -657,12 +655,11 @@ function PushNotificationCurlExecute($url, $payload) * @param string $profile_picture_path Notification user Avatar * @param string $title Notification title * @param string $comment Notification Comment - * @param string $additional_info Notification Additional Information * * * @return void */ -function sendPushNotification($user_id, $user_device_tokens = [], $profile_picture_path, $title, $comment, $additional_info) +function sendPushNotification($user_id, $user_device_tokens = [], $profile_picture_path, $title, $comment) { global $db_lnk; $andriod_push_message = array( @@ -678,8 +675,6 @@ function sendPushNotification($user_id, $user_device_tokens = [], $profile_pictu $apns_push_message = array( "aps" => ["alert" => $comment], ); - $andriod_device_tokens = array(); - $ios_device_tokens = array(); $device_tokens = json_decode($user_device_tokens); foreach ($device_tokens as $value) { if ($value->device_os === 'Android') { @@ -688,7 +683,8 @@ function sendPushNotification($user_id, $user_device_tokens = [], $profile_pictu 'data' => $andriod_push_message ); PushNotificationCurlExecute('http://push.restya.com:8322/api/push/fcm', $payload); - } else { + } + if ($value->device_os !== 'Android') { $payload = array( 'service' => 'apns', 'headers' => ["apns-priority" => 10, @@ -725,7 +721,7 @@ function saveIp() $country_id = 0; $_geo = array(); if (function_exists('geoip_record_by_name')) { - $_geo = @geoip_record_by_name($_SERVER['REMOTE_ADDR']); + $_geo = geoip_record_by_name($_SERVER['REMOTE_ADDR']); } if (!empty($_geo)) { $qry_val_arr = array( @@ -798,7 +794,6 @@ function copyCards($cards, $new_list_id, $name, $new_board_id = '') global $db_lnk, $authUser; $foreign_ids = $response = array(); while ($card = pg_fetch_object($cards)) { - $old_list_id = $card->list_id; $card->list_id = $new_list_id; $card_id = $card->id; if ($card->due_date === null) { @@ -986,7 +981,8 @@ function pg_execute_insert($table_name, $r_post, $return_row = 1) } if (!empty($return_row)) { $row = pg_query_params($db_lnk, 'INSERT INTO ' . $table_name . ' (' . $fields . ') VALUES (' . $values . ') RETURNING *', $val_arr); - } else { + } + if (empty($return_row)) { $row = pg_query_params($db_lnk, 'INSERT INTO ' . $table_name . ' (' . $fields . ') VALUES (' . $values . ')', $val_arr); } return $row; @@ -1025,13 +1021,12 @@ function getbindValues($table, $data) $ip_id = saveIp(); $bindValues[$field] = $ip_id; } elseif (array_key_exists($field, $data)) { + $bindValues[$field] = $data[$field]; if ($field == 'is_active' || $field == 'is_allow_email_alias') { $boolean = !empty($data[$field]) ? 'true' : 'false'; $bindValues[$field] = $boolean; } else if ($field == 'due_date' && $data[$field] == null) { $bindValues[$field] = null; - } else { - $bindValues[$field] = $data[$field]; } } } @@ -1072,6 +1067,9 @@ function createTrelloMember($member = array() , $admin_user_id = array() , $new_ utf8_decode($member['username']) ); $userExist = executeQuery('SELECT * FROM users WHERE username = $1', $qry_val_arr); + if (!empty($userExist)) { + $user_id = $userExist['id']; + } if (!$userExist) { $default_email_notification = 0; if (DEFAULT_EMAIL_NOTIFICATION === 'Periodically') { @@ -1104,8 +1102,6 @@ function createTrelloMember($member = array() , $admin_user_id = array() , $new_ ); $user = pg_fetch_assoc(pg_query_params($db_lnk, 'INSERT INTO users (created, modified, role_id, username, email, password, is_active, is_email_confirmed, initials, full_name, is_send_newsletter, default_desktop_notification, is_list_notifications_enabled, is_card_notifications_enabled, is_card_members_notifications_enabled, is_card_labels_notifications_enabled, is_card_checklists_notifications_enabled, is_card_attachments_notifications_enabled) VALUES (now(), now(), 2, $1, $13, $2, true, true, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12) RETURNING id', $qry_val_arr)); $user_id = $user['id']; - } else { - $user_id = $userExist['id']; } $board_user_role_id = 2; if (in_array($member['id'], $admin_user_id)) { @@ -1146,7 +1142,7 @@ function createTrelloMember($member = array() , $admin_user_id = array() , $new_ function importTrelloBoard($board = array()) { global $r_debug, $db_lnk, $authUser, $_server_domain_url; - $users = $lists = $cards = $cardLists = $listNames = array(); + $users = $lists = $cards = $cardLists = $listNames = $customFieldOptions = $customFields = array(); if (!empty($board)) { $user_id = $authUser['id']; $board_visibility = 0; @@ -1155,10 +1151,11 @@ function importTrelloBoard($board = array()) } $background_image = $background_pattern = ''; if (!empty($board['prefs']['backgroundImage'])) { + if ($board['prefs']['backgroundTile'] == 'false') { + $background_image = $board['prefs']['backgroundImage']; + } if ($board['prefs']['backgroundTile'] == 'true') { $background_pattern = $board['prefs']['backgroundImage']; - } else { - $background_image = $board['prefs']['backgroundImage']; } } $qry_val_arr = array( @@ -1241,6 +1238,9 @@ function importTrelloBoard($board = array()) utf8_decode($member['username']) ); $userExist = executeQuery('SELECT * FROM users WHERE username = $1', $qry_val_arr); + if (!empty($userExist)) { + $users[$member['id']] = $userExist['id']; + } if (!$userExist) { $default_email_notification = 0; if (DEFAULT_EMAIL_NOTIFICATION === 'Periodically') { @@ -1285,8 +1285,6 @@ function importTrelloBoard($board = array()) ); pg_query_params($db_lnk, 'UPDATE users SET profile_picture_path = $1 WHERE id = $2', $qry_val_arr); } - } else { - $users[$member['id']] = $userExist['id']; } $board_user_role_id = 2; if (in_array($member['id'], $admin_user_id)) { @@ -1401,7 +1399,8 @@ function importTrelloBoard($board = array()) $attachment['mimeType'] ); pg_fetch_assoc(pg_query_params($db_lnk, 'INSERT INTO card_attachments (created, modified, board_id, list_id, card_id, name, path, mimetype) VALUES ($1, $2, $3, $4, $5, $6, $7, $8) RETURNING id', $qry_val_arr)); - } else { + } + if (!$attachment['isUpload']) { $qry_val_arr = array( $created, $modified, @@ -1600,24 +1599,23 @@ function importTrelloBoard($board = array()) $comment = utf8_decode($comment); $created = $modified = $action['date']; if (!empty($action['data']['list']['id'])) { + $lists_key = ''; if (array_key_exists($action['data']['list']['id'], $lists)) { $lists_key = $lists[$action['data']['list']['id']]; - } else { - $lists_key = ''; } } if (!empty($action['data']['card']['id'])) { + $cards_key = ''; if (array_key_exists($action['data']['card']['id'], $cards)) { $cards_key = $cards[$action['data']['card']['id']]; $lists_key = $cardLists[$action['data']['card']['id']]; - } else { - $cards_key = ''; } } if (!array_key_exists($action['idMemberCreator'], $users) || empty($users[$action['idMemberCreator']])) { if (!empty($action['memberCreator'])) { $users[$action['idMemberCreator']] = createTrelloMember($action['memberCreator'], $admin_user_id, $new_board); - } else { + } + if (empty($action['memberCreator'])) { $users[$action['idMemberCreator']] = 1; } } @@ -1718,7 +1716,7 @@ function importTrelloBoard($board = array()) function importKantreeBoard($jsonArr = array()) { global $r_debug, $db_lnk, $authUser, $_server_domain_url; - $users = $userNames = $lists = $listNames = $cards = $cardLists = $labels = array(); + $users = $userNames = $lists = $listNames = $cards = $cardLists = $labels = $board = $custom_fields = $memberNames = array(); if (!empty($jsonArr)) { foreach ($jsonArr as $json) { if (!empty($json['board_created'])) { @@ -1732,7 +1730,8 @@ function importKantreeBoard($jsonArr = array()) } } } - } else { + } + if (empty($json['board_created'])) { $board['cards'][] = $json; } if (!empty($json['groups'])) { @@ -1769,7 +1768,8 @@ function importKantreeBoard($jsonArr = array()) ob_end_flush(); // Strange behaviour, will not work flush(); // Unless both are called ! ob_end_clean(); - } else { + } + if (!strpos($server, 'apache')) { echo json_encode($new_board); fastcgi_finish_request(); } @@ -1957,35 +1957,31 @@ function importKantreeBoard($jsonArr = array()) $cards_key = $cards[$action['target']['id']]; if ($action['object']['value'] == 'Description') { $type = 'edit_card_desc'; + $comment = __l('##USER_NAME## updated card description in ##CARD_LINK##'); if ($action['message'] == '{actor} cleared {object} on {target}') { $comment = __l('##USER_NAME## removed card description from ##CARD_LINK##'); - } else { - $comment = __l('##USER_NAME## updated card description in ##CARD_LINK##'); } } elseif ($action['object']['value'] == 'Assignees') { $memberName = (!empty($memberNames[$action['sub_object']['id']])) ? $memberNames[$action['sub_object']['id']] : ''; + $type = 'add_card_user'; + $comment = sprintf(__l('##USER_NAME## added %s as member to the card ##CARD_LINK##') , $memberName); if ($action['message'] == '{actor} unassigned {sub_object} from {object} on {target}') { $type = 'delete_card_users'; $comment = __l('##USER_NAME## deleted member from card ##CARD_LINK##'); - } else { - $type = 'add_card_user'; - $comment = sprintf(__l('##USER_NAME## added %s as member to the card ##CARD_LINK##') , $memberName); } } elseif ($action['object']['value'] == 'Due Date') { + $type = 'add_card_duedate'; + $comment = __l('##USER_NAME## SET due date to the card ##CARD_LINK##'); if ($action['message'] == '{actor} cleared {object} on {target}') { $type = 'delete_card_duedate'; $comment = __l('Due date was removed to the card ##CARD_LINK##'); - } else { - $type = 'add_card_duedate'; - $comment = __l('##USER_NAME## SET due date to the card ##CARD_LINK##'); } } elseif ($action['object']['value'] == 'Attachments') { + $type = 'add_card_attachment'; + $comment = __l('##USER_NAME## added attachment to the card ##CARD_LINK##'); if ($action['message'] == '{actor} removed all files from {object} in {target}') { $type = 'delete_card_attachment'; $comment = __l('##USER_NAME## deleted attachment from card ##CARD_LINK##'); - } else { - $type = 'add_card_attachment'; - $comment = __l('##USER_NAME## added attachment to the card ##CARD_LINK##'); } } elseif (!empty($action['origin'])) { $type = 'edit_card'; @@ -1994,22 +1990,20 @@ function importKantreeBoard($jsonArr = array()) } elseif ($action['verb'] == 'ARCHIVE' && $action['object']['type'] == 'Card') { $lists_key = $cardLists[$action['object']['id']]; $cards_key = $cards[$action['object']['id']]; + $type = 'archived_card'; $comment = __l('##USER_NAME## archived card ##CARD_LINK##'); - $activity_type = 'archived_card'; } elseif ($action['verb'] == 'MOVE' && $action['target']['type'] == 'CardGroup') { $lists_key = $cardLists[$action['object']['id']]; $cards_key = $cards[$action['object']['id']]; + $type = 'moved_list_card'; + $comment = sprintf(__l('##USER_NAME## moved card to list %s') , $action['target']['value']); if (!empty($labels[$action['target']['id']])) { + $type = 'add_card_label'; + $comment = __l('##USER_NAME## added label to the card ##CARD_LINK## - ##LABEL_NAME##'); if ($action['message'] == '{actor} removed {object} from {target}') { $type = 'delete_card_label'; $comment = sprintf(__l('##USER_NAME## removed label in the card ##CARD_LINK## - %s') , $action['target']['value']); - } else { - $type = 'add_card_label'; - $comment = __l('##USER_NAME## added label to the card ##CARD_LINK## - ##LABEL_NAME##'); } - } else { - $type = 'moved_list_card'; - $comment = sprintf(__l('##USER_NAME## moved card to list %s') , $action['target']['value']); } } elseif ($action['verb'] == 'CREATE' && $action['object']['type'] == 'CardGroup' && !empty($action['project_id'])) { $type = 'add_list'; @@ -2111,7 +2105,8 @@ function importTaigaBoard($board = array()) ob_end_flush(); // Strange behaviour, will not work flush(); // Unless both are called ! ob_end_clean(); - } else { + } + if (!strpos($server, 'apache')) { echo json_encode($new_board); fastcgi_finish_request(); } @@ -2214,11 +2209,16 @@ function importTaigaBoard($board = array()) } if (!empty($card['attachments'])) { foreach ($card['attachments'] as $attachment) { + $mediadir = ''; $mediadir = MEDIA_PATH . DS . 'Card' . DS . $_card['id']; - $save_path = MEDIA_PATH . DS . 'Card' . DS . $_card['id']; + if (!file_exists($mediadir)) { + mkdir($mediadir, 0777, true); + } + $mediadir .= DS . $attachment['name']; + $save_path = 'Card' . DS . $_card['id']; $save_path = str_replace('\\', '/', $save_path); $path = $save_path . DS . $attachment['name']; - $fh = fopen($path, 'w'); + $fh = fopen($mediadir, 'w'); fwrite($fh, $attachment['attached_file']['data']); fclose($fh); $qry_val_arr = array( @@ -2266,17 +2266,17 @@ function importTaigaBoard($board = array()) if ($action['data']['values_diff']['assigned_users'][0]) { $type = 'delete_card_users'; $comment = __l('##USER_NAME## deleted member from card ##CARD_LINK##'); - } else { + } + if ($action['data']['values_diff']['assigned_users'][1]) { $type = 'add_card_user'; $comment = sprintf(__l('##USER_NAME## added %s as member to the card ##CARD_LINK##') , $action['data']['values_diff']['assigned_users'][1]); } } elseif (isset($action['data']['values_diff']['tags']) && !empty($action['data']['values_diff']['tags'])) { + $type = 'delete_card_label'; + $comment = sprintf(__l('##USER_NAME## removed label in the card ##CARD_LINK## - %s') , $action['data']['values_diff']['tags'][1][0]); if ($action['data']['values_diff']['tags'][0][0]) { $type = 'add_card_label'; $comment = sprintf(__l('##USER_NAME## added label to the card ##CARD_LINK## - %s') , $action['data']['values_diff']['tags'][0][0]); - } else { - $type = 'delete_card_label'; - $comment = sprintf(__l('##USER_NAME## removed label in the card ##CARD_LINK## - %s') , $action['data']['values_diff']['tags'][1][0]); } } elseif (isset($action['data']['values_diff']['description_diff']) && !empty($action['data']['values_diff']['description_diff'])) { $type = 'edit_card_desc'; @@ -2288,12 +2288,11 @@ function importTaigaBoard($board = array()) $type = 'add_list'; $comment = sprintf(__l('##USER_NAME## added list %s') , $action['data']['values_diff']['status'][1]); } elseif (isset($action['data']['values_diff']['due_date']) && !empty($action['data']['values_diff']['due_date'])) { + $type = 'add_card_duedate'; + $comment = __l('##USER_NAME## SET due date to the card ##CARD_LINK##'); if ($action['data']['values_diff']['due_date'][0]) { $type = 'delete_card_duedate'; $comment = __l('Due date was removed to the card ##CARD_LINK##'); - } else { - $type = 'add_card_duedate'; - $comment = __l('##USER_NAME## SET due date to the card ##CARD_LINK##'); } } } @@ -2371,10 +2370,11 @@ function importWekanBoard($board = array()) } $background_image = $background_pattern = ''; if (!empty($board['backgroundImage'])) { + if ($board['backgroundTile'] !== 'true') { + $background_image = $board['backgroundImage']; + } if ($board['backgroundTile'] == 'true') { $background_pattern = $board['backgroundImage']; - } else { - $background_image = $board['backgroundImage']; } } //board Creation @@ -2400,7 +2400,8 @@ function importWekanBoard($board = array()) ob_end_flush(); // Strange behaviour, will not work flush(); // Unless both are called ! ob_end_clean(); - } else { + } + if (!strpos($server, 'apache')) { echo json_encode($new_board); fastcgi_finish_request(); } @@ -2428,6 +2429,10 @@ function importWekanBoard($board = array()) ); $username = $member['username']; $userExist = executeQuery('SELECT * FROM users WHERE username = $1', $qry_val_arr); + if (!empty($userExist)) { + $users[$wekan_user_id] = $userExist['id']; + $user_data[$wekan_user_id] = $username; + } if (!$userExist) { $default_email_notification = 0; if (DEFAULT_EMAIL_NOTIFICATION === 'Periodically') { @@ -2461,9 +2466,6 @@ function importWekanBoard($board = array()) $user = pg_fetch_assoc(pg_query_params($db_lnk, 'INSERT INTO users (created, modified, role_id, username, email, password, is_active, is_email_confirmed, initials, full_name, is_send_newsletter, default_desktop_notification, is_list_notifications_enabled, is_card_notifications_enabled, is_card_members_notifications_enabled, is_card_labels_notifications_enabled, is_card_checklists_notifications_enabled, is_card_attachments_notifications_enabled) VALUES (now(), now(), 2, $1, $13, $2, true, true, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12) RETURNING id', $qry_val_arr)); $users[$wekan_user_id] = $user['id']; $user_data[$wekan_user_id] = $username; - } else { - $users[$wekan_user_id] = $userExist['id']; - $user_data[$wekan_user_id] = $username; } foreach ($board['members'] as $member) { if ($wekan_user_id === $member['userId']) { @@ -2526,10 +2528,9 @@ function importWekanBoard($board = array()) foreach ($board['cards'] as $card) { $is_closed = ($card['archived']) ? 'true' : 'false'; $date = (!empty($card['dueAt'])) ? $card['dueAt'] : NULL; + $description = ''; if (isset($card['description']) && !empty($card['description'])) { $description = $card['description']; - } else { - $description = ''; } $qry_val_arr = array( $new_board['id'], @@ -2640,17 +2641,15 @@ function importWekanBoard($board = array()) $comment = utf8_decode($comment); $created = $modified = $action['createdAt']; if (!empty($action['listId'])) { + $lists_key = ''; if (array_key_exists($action['listId'], $lists)) { $lists_key = $lists[$action['listId']]; - } else { - $lists_key = ''; } } if (!empty($action['cardId'])) { + $cards_key = ''; if (array_key_exists($action['cardId'], $cards)) { $cards_key = $cards[$action['cardId']]; - } else { - $cards_key = ''; } } if (empty($lists_key) && empty($cards_key)) { @@ -2748,12 +2747,11 @@ function splitAsanatasks($board, $task) $tmp_list = $task['memberships'][0]['section']; } else { $board['todo_template'] = true; + $tmp_list = $board['lists'][0]; if (!empty($task['completed']) && $task['completed'] == true) { $tmp_list = $board['lists'][2]; } else if (!empty($task['assignee']) || !empty($task['due_on'])) { $tmp_list = $board['lists'][1]; - } else { - $tmp_list = $board['lists'][0]; } $board['card_count'][$tmp_list['gid']] = 1; } @@ -2852,7 +2850,8 @@ function importAsanaBoard($jsonArr = array()) ob_end_flush(); // Strange behaviour, will not work flush(); // Unless both are called ! ob_end_clean(); - } else { + } + if (!strpos($server, 'apache')) { echo json_encode($new_board); fastcgi_finish_request(); } @@ -2997,7 +2996,7 @@ function importAsanaBoard($jsonArr = array()) function importTaskWarriorBoard($jsonArr = array()) { global $r_debug, $db_lnk, $authUser, $_server_domain_url; - $users = $userNames = $lists = $cards = $labels = array(); + $lists = $cards = $labels = $board = array(); $board['lists'] = array( array( 'gid' => 1, @@ -3018,12 +3017,11 @@ function importTaskWarriorBoard($jsonArr = array()) if (!empty($json['project']) && isset($json['project'])) { $board_name = $json['project']; } + $tmp_list = $board['lists'][0]; if ($json['status'] == 'completed') { $tmp_list = $board['lists'][2]; } else if ($json['status'] == 'waiting' || $json['status'] == 'recurring') { $tmp_list = $board['lists'][1]; - } else { - $tmp_list = $board['lists'][0]; } $json['idList'] = $tmp_list['gid']; $board['cards'][] = $json; @@ -3059,7 +3057,8 @@ function importTaskWarriorBoard($jsonArr = array()) ob_end_flush(); // Strange behaviour, will not work flush(); // Unless both are called ! ob_end_clean(); - } else { + } + if (!strpos($server, 'apache')) { echo json_encode($new_board); fastcgi_finish_request(); } @@ -3160,7 +3159,7 @@ function importTaskWarriorBoard($jsonArr = array()) function importpipefyBoard($board = array()) { global $r_debug, $db_lnk, $authUser, $_server_domain_url; - $users = $userNames = $lists = $listNames = $cards = $cardLists = $labels = array(); + $users = $userNames = $lists = $listNames = $cards = $labels = $data = array(); if (!empty($board)) { $user_id = $authUser['id']; foreach ($board as $key => $value) { @@ -3203,7 +3202,8 @@ function importpipefyBoard($board = array()) ob_end_flush(); // Strange behaviour, will not work flush(); // Unless both are called ! ob_end_clean(); - } else { + } + if (!strpos($server, 'apache')) { echo json_encode($new_board); fastcgi_finish_request(); } @@ -3281,10 +3281,9 @@ function importpipefyBoard($board = array()) $i+= 1; $is_closed = 'false'; $date = (!empty($card['Due date']) && $card['Due date'] !== 'NULL') ? date('Y-m-d H:i:s', strtotime($card['Due date'])) : NULL; + $description = ''; if (isset($card['Describe this bug']) && !empty($card['Describe this bug']) && $card['Describe this bug'] !== 'NULL') { $description = $card['Describe this bug']; - } else { - $description = ''; } $card_user_id = (!empty($card['Creator']) && $card['Creator'] !== "NULL") ? $userNames[$card['Creator']] : $user_id; $created_at = (!empty($card['Created at']) && $card['Created at'] !== "NULL") ? date('Y-m-d H:i:s', strtotime($card['Created at'])) : date('Y-m-d H:i:s'); @@ -3371,7 +3370,7 @@ function importpipefyBoard($board = array()) function importMondayBoards($path, $folder) { global $r_debug, $db_lnk, $authUser, $_server_domain_url; - $team_peoples = $boards = $card_updates = $sub_boards_names = $new_boards = array(); + $team_peoples = $boards = $card_updates = $sub_boards_names = $new_boards = $custom_fields = $prev_root = $card_parent = array(); // Reading team files for the peoples $team_filecount = 0; $teamfiles = glob($path . 'team' . DS . '*.xlsx'); @@ -3379,7 +3378,8 @@ function importMondayBoards($path, $folder) $team_filecount = count($teamfiles); if (!empty($team_filecount)) { foreach ($teamfiles as $key => $value) { - if ($xlsx = SimpleXLSX::parse($value)) { + $xlsx = SimpleXLSX::parse($value); + if ($xlsx) { $all_rows = array(); $data = $xlsx->rows(); $row = 0; @@ -3410,7 +3410,8 @@ function importMondayBoards($path, $folder) $updates_filecount = count($updatesfiles); if (!empty($updates_filecount)) { foreach ($updatesfiles as $key => $value) { - if ($xlsx = SimpleXLSX::parse($value)) { + $xlsx = SimpleXLSX::parse($value); + if ($xlsx) { $all_rows = array(); $data = $xlsx->rows(); $row = 0; @@ -3447,9 +3448,10 @@ function importMondayBoards($path, $folder) if (!empty($board_filecount)) { foreach ($boardfiles as $key => $value) { $board_file_name = basename($value); + $xlsx = SimpleXLSX::parse($value); if (array_search($board_file_name, $sub_boards_names) > - 1) { continue; - } else if ($xlsx = SimpleXLSX::parse($value)) { + } else if ($xlsx) { $all_rows = array(); $data = $xlsx->rows(); $tmpboard = array(); @@ -3463,6 +3465,9 @@ function importMondayBoards($path, $folder) } else { $arrResult = array(); foreach ($value as $valKey => $val) { + if ($all_rows[$valKey] != 'Item ID (auto generated)') { + $arrResult[$all_rows[$valKey]] = $val; + } if ($all_rows[$valKey] == 'Status') { $status = $val; if ($val == '') { @@ -3492,8 +3497,6 @@ function importMondayBoards($path, $folder) } } else if ($all_rows[$valKey] == 'Item ID (auto generated)') { $arrResult['Item ID'] = $val; - } else { - $arrResult[$all_rows[$valKey]] = $val; } } $tmpboard['cards'][] = $arrResult; @@ -3524,12 +3527,13 @@ function importMondayBoards($path, $folder) ob_end_flush(); // Strange behaviour, will not work flush(); // Unless both are called ! ob_end_clean(); - } else { + } + if (!strpos($server, 'apache')) { echo json_encode(["msg" => "Success"]); fastcgi_finish_request(); } foreach ($boards as $key => $board) { - $users = $userNames = $lists = $listNames = $cards = $cardLists = $labels = array(); + $users = $userNames = $lists = $listNames = $cards = $labels = array(); if (!empty($board)) { $user_id = $authUser['id']; // insert new board @@ -3617,10 +3621,9 @@ function importMondayBoards($path, $folder) $i+= 1; $is_closed = 'false'; $date = (!empty($card['Date']) && $card['Date'] !== '') ? date('Y-m-d H:i:s', strtotime($card['Date'])) : NULL; + $description = ''; if (isset($card['Text']) && !empty($card['Text']) && $card['Text'] !== 'NULL') { $description = $card['Text']; - } else { - $description = ''; } $card_user_id = (!empty($card['Creator']) && $card['Creator'] !== "") ? $userNames[$card['Creator']] : $user_id; $created_at = (!empty($card['Created at']) && $card['Created at'] !== "") ? date('Y-m-d H:i:s', strtotime($card['Created at'])) : date('Y-m-d H:i:s'); @@ -3704,6 +3707,7 @@ function importMondayBoards($path, $folder) $depth = 0; $root = $activity['id']; $revisions = Null; + $revision = $prev_depth = array(); if (!empty($cardComment['Parent Post ID']) && $cardComment['Content Type'] == 'Reply') { $path = 'P' . $card_parent[$cardComment['Parent Post ID']] . '.P' . $activity['id']; $materialized_path = $mat_path[$cardComment['Parent Post ID']] . '-' . $materialized_path; @@ -3751,7 +3755,7 @@ function importMondayBoards($path, $folder) $created_at, $updated_at ); - $_subcard = pg_fetch_assoc(pg_query_params($db_lnk, 'INSERT INTO cards (created, modified, board_id, list_id, name, description, is_archived, position, due_date, user_id) VALUES ($9, $10, $1, $2, $3, $4, $5, $6, $7, $8) RETURNING id', $qry_val_arr)); + pg_fetch_assoc(pg_query_params($db_lnk, 'INSERT INTO cards (created, modified, board_id, list_id, name, description, is_archived, position, due_date, user_id) VALUES ($9, $10, $1, $2, $3, $4, $5, $6, $7, $8) RETURNING id', $qry_val_arr)); } } // Import labels @@ -3786,7 +3790,6 @@ function importMondayBoards($path, $folder) if (!file_exists($mediadir)) { mkdir($mediadir, 0777, true); } - $fullpath = MEDIA_PATH . DS . 'import' . DS . $folder . DS . 'assets' . DS . $attachment_id . "_" . $attachment_name; copy($imagefiles[0], $mediadir . DS . $attachment_name); $qry_val_arr = array( $new_board['id'], @@ -3863,10 +3866,9 @@ function email2name($email) // replace non-text $name = trim(ucwords(preg_replace('/[\W\d_]+/', ' ', strtolower($email)))); // split by final space + $full_name = $name; if (preg_match('/(.*)?\s(.*)$/', $name, $matches)) { $full_name = $matches[1] . ' ' . $matches[2]; - } else { - $full_name = $name; } return $full_name; } @@ -3924,6 +3926,7 @@ function convertBooleanValues($table, $row) function paginate_data($c_sql, $db_lnk, $pg_params, $r_resource_filters, $limit = PAGING_COUNT) { global $r_debug, $db_lnk, $authUser, $_server_domain_url; + $arr = array(); $c_result = pg_query_params($db_lnk, $c_sql, $pg_params); $c_data = pg_fetch_object($c_result, 0); $page = (isset($r_resource_filters['page']) && $r_resource_filters['page']) ? $r_resource_filters['page'] : 1; @@ -3952,7 +3955,7 @@ function paginate_data($c_sql, $db_lnk, $pg_params, $r_resource_filters, $limit function update_query($table_name, $id, $r_resource_cmd, $r_put, $comment = '', $activity_type = '', $foreign_ids = '') { global $r_debug, $db_lnk, $authUser, $_server_domain_url; - $values = array(); + $values = $diff = array(); $sfields = ''; $fields = ''; if ($activity_type != 'delete_card_evergreen_card' && $activity_type != 'add_card_evergreen_card') { @@ -4035,7 +4038,8 @@ function update_query($table_name, $id, $r_resource_cmd, $r_put, $comment = '', if (getRevisiondifference($old_val, $new_val) !== false) { $diff[] = getRevisiondifference($old_val, $new_val); } - } else { + } + if ($activity_type != 'edit_comment') { $diff[] = nl2br(getRevisiondifference($old_val, $new_val)); } } @@ -4049,7 +4053,7 @@ function update_query($table_name, $id, $r_resource_cmd, $r_put, $comment = '', $new_val = (isset($revisions['new_value'])) ? $revisions['new_value'] : ''; $diff[] = nl2br(getRevisiondifference($old_val, $new_val)); } - } else if (!empty($revisions['old_value']) && isset($obj['type']) && $obj['type'] == 'delete_card_comment') { + } else if (!empty($revisions['old_value']) && isset($activity_type) && $activity_type == 'delete_card_comment') { $diff[] = nl2br(getRevisiondifference($revisions['old_value'], '')); } } @@ -4108,7 +4112,8 @@ function json_response($table_name, $r_resource_vars) $sql = 'SELECT row_to_json(d) FROM (SELECT * FROM cards_listing WHERE list_id = $1) as d '; array_push($pg_params, $r_resource_vars['lists']); } - if ($result = pg_query_params($db_lnk, $sql, $pg_params)) { + $result = pg_query_params($db_lnk, $sql, $pg_params); + if ($result) { $count = pg_num_rows($result); $i = 0; while ($row = pg_fetch_row($result)) { @@ -4160,7 +4165,11 @@ function importMember($member, $new_board, $import_type) utf8_decode($member['username']) ); global $r_debug, $db_lnk; + $users = array(); $userExist = executeQuery('SELECT * FROM users WHERE username = $1', $qry_val_arr); + if (!empty($userExist)) { + $users[$member['id']] = $userExist['id']; + } if (!$userExist) { $default_email_notification = 0; if (DEFAULT_EMAIL_NOTIFICATION === 'Periodically') { @@ -4205,8 +4214,6 @@ function importMember($member, $new_board, $import_type) ); pg_query_params($db_lnk, 'UPDATE users SET profile_picture_path = $1 WHERE id = $2', $qry_val_arr); } - } else { - $users[$member['id']] = $userExist['id']; } $qry_val_arr = array( $users[$member['id']], @@ -4317,6 +4324,7 @@ function __l($text) function sendMailNotification($notificationType) { global $r_debug, $db_lnk, $_server_domain_url; + $activity_id = array(); $qry_val_arr = array( $notificationType ); @@ -4413,6 +4421,7 @@ function sendMailNotification($notificationType) $i++; } $is_mention_activity = $is_board_mention_activity = $is_card_mention_activity = 0; + $br = '
 
'; if ($activity['type'] == 'add_comment' || $activity['type'] == 'edit_comment') { preg_match_all('/@(board*)/', $activity['comment'], $boardmatches); if (!empty($boardmatches[1])) { @@ -4440,13 +4449,13 @@ function sendMailNotification($notificationType) $activity['comment'] = __l('##USER_NAME## commented to the card ##CARD_NAME## on ##BOARD_NAME##') . '
' . $activity['comment'] . '
'; } $br = '
 
'; - } else { + } + if ($activity['type'] != 'add_comment' && $activity['type'] != 'edit_comment') { if ($is_mention_activity) { $mentioned_activity['comment'].= __l(' on ##BOARD_NAME##'); - $br = '
 
'; - } else { + } + if (!$is_mention_activity) { $activity['comment'].= __l(' on ##BOARD_NAME##'); - $br = '
 
'; } } if (!empty($activity['list_name']) && in_array($activity['type'], $card_activity_types)) { @@ -4516,7 +4525,8 @@ function sendMailNotification($notificationType) } if ($is_mention_activity) { $mentioned_activity['comment'].= '
' . $difference . '
'; - } else { + } + if (!$is_mention_activity) { $activity['comment'].= '
' . $difference . '
'; } } @@ -4554,7 +4564,7 @@ function sendMailNotification($notificationType) } $push_message_title = (!empty($activity['full_name']) ? $activity['full_name'] : 'Deleted account'); if (!empty($user['user_push_tokens'])) { - sendPushNotification($user['id'], $user['user_push_tokens'], $profile_picture_path, $push_message_title, strip_tags($comment) , $reply_to); + sendPushNotification($user['id'], $user['user_push_tokens'], $profile_picture_path, $push_message_title, strip_tags($comment)); } $notification_count++; } @@ -4610,11 +4620,13 @@ function sendMailNotification($notificationType) $activity['comment'] = __l('##USER_NAME## commented to the card ##CARD_NAME## on ##BOARD_NAME##') . '
' . $activity['comment'] . '
'; } $br = '
 
'; - } else { + } + if ($activity['type'] != 'add_comment' && $activity['type'] != 'edit_comment') { if ($is_mention_activity) { $mentioned_activity['comment'].= __l(' on ##BOARD_NAME##'); $br = '
 
'; - } else { + } + if (!$is_mention_activity) { $activity['comment'].= __l(' on ##BOARD_NAME##'); $br = '
 
'; } @@ -4651,6 +4663,7 @@ function sendMailNotification($notificationType) $revisions = unserialize($activity['revisions']); $activity['revisions'] = $revisions; unset($dif); + $dif = array(); if (!empty($revisions['new_value'])) { foreach ($revisions['new_value'] as $key => $value) { if ($key != 'is_archived' && $key != 'is_deleted' && $key != 'created' && $key != 'modified' && $key != 'is_offline' && $key != 'uuid' && $key != 'to_date' && $key != 'temp_id' && $activity['type'] != 'moved_card_checklist_item' && $activity['type'] != 'add_card_desc' && $activity['type'] != 'add_card_duedate' && $activity['type'] != 'delete_card_duedate' && $activity['type'] != 'add_background' && $activity['type'] != 'change_background' && $activity['type'] != 'change_visibility') { @@ -4665,7 +4678,7 @@ function sendMailNotification($notificationType) } else if (!empty($revisions['old_value']) && isset($activity['type']) && $activity['type'] == 'delete_card_comment') { $dif[] = nl2br(getRevisiondifference($revisions['old_value'], '')); } - if (isset($dif)) { + if (isset($dif) && !empty($dif)) { $activity['difference'] = $dif; } if (!empty($activity['difference'][0])) { @@ -4724,7 +4737,7 @@ function sendMailNotification($notificationType) } $push_message_title = (!empty($activity['full_name']) ? $activity['full_name'] : 'Deleted account'); if (!empty($user['user_push_tokens'])) { - sendPushNotification($user['id'], $user['user_push_tokens'], $profile_picture_path, $push_message_title, strip_tags($comment) , $reply_to); + sendPushNotification($user['id'], $user['user_push_tokens'], $profile_picture_path, $push_message_title, strip_tags($comment)); } $notification_count++; } @@ -4780,11 +4793,13 @@ function sendMailNotification($notificationType) $activity['comment'] = __l('##USER_NAME## commented to the card ##CARD_NAME## on ##BOARD_NAME##') . '
' . $activity['comment'] . '
'; } $br = '
 
'; - } else { + } + if ($activity['type'] != 'add_comment' && $activity['type'] != 'edit_comment') { if ($is_mention_activity) { $mentioned_activity['comment'].= __l(' on ##BOARD_NAME##'); $br = '
 
'; - } else { + } + if (!$is_mention_activity) { $activity['comment'].= __l(' on ##BOARD_NAME##'); $br = '
 
'; } @@ -4821,6 +4836,7 @@ function sendMailNotification($notificationType) $revisions = unserialize($activity['revisions']); $activity['revisions'] = $revisions; unset($dif); + $dif = array(); if (!empty($revisions['new_value'])) { foreach ($revisions['new_value'] as $key => $value) { if ($key != 'is_archived' && $key != 'is_deleted' && $key != 'created' && $key != 'modified' && $key != 'is_offline' && $key != 'uuid' && $key != 'to_date' && $key != 'temp_id' && $activity['type'] != 'moved_card_checklist_item' && $activity['type'] != 'add_card_desc' && $activity['type'] != 'add_card_duedate' && $activity['type'] != 'delete_card_duedate' && $activity['type'] != 'add_background' && $activity['type'] != 'change_background' && $activity['type'] != 'change_visibility') { @@ -4835,7 +4851,7 @@ function sendMailNotification($notificationType) } else if (!empty($revisions['old_value']) && isset($activity['type']) && $activity['type'] == 'delete_card_comment') { $dif[] = nl2br(getRevisiondifference($revisions['old_value'], '')); } - if (isset($dif)) { + if (isset($dif) && !empty($dif)) { $activity['difference'] = $dif; } if (!empty($activity['difference'][0])) { @@ -4856,7 +4872,8 @@ function sendMailNotification($notificationType) } if ($is_mention_activity) { $mentioned_activity['comment'].= '
' . $difference . '
'; - } else { + } + if (!$is_mention_activity) { $activity['comment'].= '
' . $difference . '
'; } } @@ -4894,7 +4911,7 @@ function sendMailNotification($notificationType) } $push_message_title = (!empty($activity['full_name']) ? $activity['full_name'] : 'Deleted account'); if (!empty($user['user_push_tokens'])) { - sendPushNotification($user['id'], $user['user_push_tokens'], $profile_picture_path, $push_message_title, strip_tags($comment) , $reply_to); + sendPushNotification($user['id'], $user['user_push_tokens'], $profile_picture_path, $push_message_title, strip_tags($comment)); } $notification_count++; } diff --git a/server/php/shell/imap.php b/server/php/shell/imap.php index 85c5fbdc4..0c9f51aac 100644 --- a/server/php/shell/imap.php +++ b/server/php/shell/imap.php @@ -321,7 +321,8 @@ function imapBodyDecode($mbox, $mid, $p, $partno) // so append parts together with blank row. if (strtolower($p->subtype) == 'plain') { $message.= trim($data) . "\n\n"; - } else { + } + if (strtolower($p->subtype) != 'plain') { $message.= $data . "

"; } } From 96982031b17610a1eea224c9625b17303d399391 Mon Sep 17 00:00:00 2001 From: S SARAVANAN Date: Thu, 10 Mar 2022 19:06:47 +0530 Subject: [PATCH 19/19] Fixes #4383: Diagnose file changes added --- restyaboard.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/restyaboard.conf b/restyaboard.conf index 8f3ed0e0f..83621345e 100644 --- a/restyaboard.conf +++ b/restyaboard.conf @@ -32,7 +32,7 @@ server { location ^~ /media { deny all; } - + location ~ \.php$ { try_files $uri =404; include fastcgi_params;