gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2024-11-26 15:32:13 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge branch 'seeddms-4.3.x' into seeddms-5.0.x

Browse Source
This commit is contained in:
Uwe Steinmann 2016-01-22 09:30:14 +01:00
commit 6f4c1cb519
10 changed files with 81 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG
View File

@ -3,12 +3,13 @@
-------------------------------------------------------------------------------- --------------------------------------------------------------------------------
- send notification if document is delete to those users watching the folder - send notification if document is delete to those users watching the folder
- fix editing of customer attributes of type checkbox - fix editing of customer attributes of type checkbox
- disallow read access for group didn't prevent the users from being selected - disallowed read access for a group didn't prevent the users from being selected
as a reviewer/approver as a reviewer/approver
- move the last bits of plain sql code from op/*.php into the core - move the last bits of plain sql code from op/*.php into the core
- group manager uses ajax like user manager - group manager uses ajax like user manager
- start to enforce content security policy - start to enforce content security policy
- fixed possible XSS attack in user manager - fixed possible XSS attack in user manager
- ldap search can be filtered (Thanks to Tobias for the patch)
-------------------------------------------------------------------------------- --------------------------------------------------------------------------------
Changes in version 4.3.22 Changes in version 4.3.22

38
SeedDMS_Core/package.xml
View File

@ -12,8 +12,8 @@
<email>uwe@steinmann.cx</email> <email>uwe@steinmann.cx</email>
<active>yes</active> <active>yes</active>
</lead> </lead>
<date>2015-04-15</date> <date>2016-01-22</date>
<time>08:02:04</time> <time>09:28:28</time>
<version> <version>
<release>5.0.0</release> <release>5.0.0</release>
<api>5.0.0</api> <api>5.0.0</api>
@ -909,5 +909,39 @@ by a group or user right
- user getCurrentTimestamp() and getCurrentDatetime() whenever possible - user getCurrentTimestamp() and getCurrentDatetime() whenever possible
</notes> </notes>
</release> </release>
<release>
<date>2015-11-09</date>
<time>19:49:20</time>
<version>
<release>4.3.22</release>
<api>4.3.22</api>
</version>
<stability>
<release>stable</release>
<api>stable</api>
</stability>
<license uri="http://opensource.org/licenses/gpl-license">GPL License</license>
<notes>
- fix sql statement to reset password
- pass some more information for timeline
</notes>
</release>
<release>
<date>2016-01-21</date>
<time>07:12:53</time>
<version>
<release>4.3.23</release>
<api>4.3.23</api>
</version>
<stability>
<release>stable</release>
<api>stable</api>
</stability>
<license uri="http://opensource.org/licenses/gpl-license">GPL License</license>
<notes>
- new method SeedDMS_Core_DMS::createDump()
- minor improvements int SeedDMS_Core_Document::getReadAccessList()
</notes>
</release>
</changelog> </changelog>
</package> </package>

2
conf/settings.xml.template
View File

@ -111,6 +111,7 @@
- URIs are supported, e.g.: ldaps://ldap.host.com - URIs are supported, e.g.: ldaps://ldap.host.com
- port: port of the authentification server - port: port of the authentification server
- baseDN: top level of the LDAP directory tree - baseDN: top level of the LDAP directory tree
- filter: Additional filters which are to be checked
--> -->
<connector <connector
enable = "false" enable = "false"
@ -120,6 +121,7 @@
baseDN = "" baseDN = ""
bindDN="" bindDN=""
bindPw="" bindPw=""
filter=""
> >
</connector> </connector>
<!-- ***** CONNECTOR Microsoft Active Directory ***** <!-- ***** CONNECTOR Microsoft Active Directory *****

3
inc/inc.ClassSettings.php
View File

@ -223,6 +223,7 @@ class Settings { /* {{{ */
var $_ldapBindPw = ""; var $_ldapBindPw = "";
var $_ldapAccountDomainName = ""; var $_ldapAccountDomainName = "";
var $_ldapType = 1; // 0 = ldap; 1 = AD var $_ldapType = 1; // 0 = ldap; 1 = AD
var $_ldapFilter = "";
var $_converters = array(); // list of commands used to convert files to text for Indexer var $_converters = array(); // list of commands used to convert files to text for Indexer
var $_extensions = array(); // configuration for extensions var $_extensions = array(); // configuration for extensions
@ -430,6 +431,7 @@ class Settings { /* {{{ */
$this->_ldapBindDN = strVal($connectorNode["bindDN"]); $this->_ldapBindDN = strVal($connectorNode["bindDN"]);
$this->_ldapBindPw = strVal($connectorNode["bindPw"]); $this->_ldapBindPw = strVal($connectorNode["bindPw"]);
$this->_ldapType = 0; $this->_ldapType = 0;
$this->_ldapFilter = strVal($connectorNode["filter"]);
} }
else if ($params['enable'] && ($typeConn == "AD")) else if ($params['enable'] && ($typeConn == "AD"))
{ {
@ -439,6 +441,7 @@ class Settings { /* {{{ */
$this->_ldapBindDN = strVal($connectorNode["bindDN"]); $this->_ldapBindDN = strVal($connectorNode["bindDN"]);
$this->_ldapBindPw = strVal($connectorNode["bindPw"]); $this->_ldapBindPw = strVal($connectorNode["bindPw"]);
$this->_ldapType = 1; $this->_ldapType = 1;
$this->_ldapFilter = strVal($connectorNode["filter"]);
$this->_ldapAccountDomainName = strVal($connectorNode["accountDomainName"]); $this->_ldapAccountDomainName = strVal($connectorNode["accountDomainName"]);
} }
} }

2
install/settings.xml.template_install
View File

@ -118,6 +118,7 @@
- URIs are supported, e.g.: ldaps://ldap.host.com - URIs are supported, e.g.: ldaps://ldap.host.com
- port: port of the authentification server - port: port of the authentification server
- baseDN: top level of the LDAP directory tree - baseDN: top level of the LDAP directory tree
- filter: Additional filters which are to be checked
--> -->
<connector <connector
enable = "false" enable = "false"
@ -127,6 +128,7 @@
baseDN = "" baseDN = ""
bindDN="" bindDN=""
bindPw="" bindPw=""
filter=""
> >
</connector> </connector>
<!-- ***** CONNECTOR Microsoft Active Directory ***** <!-- ***** CONNECTOR Microsoft Active Directory *****

24
op/op.Login.php
View File

@ -112,7 +112,7 @@ if (isset($settings->_ldapHost) && strlen($settings->_ldapHost)>0) {
// and http://stackoverflow.com/questions/6222641/how-to-php-ldap-search-to-get-user-ou-if-i-dont-know-the-ou-for-base-dn // and http://stackoverflow.com/questions/6222641/how-to-php-ldap-search-to-get-user-ou-if-i-dont-know-the-ou-for-base-dn
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0); ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
} }
} }
// Ensure that the LDAP connection is set to use version 3 protocol. // Ensure that the LDAP connection is set to use version 3 protocol.
// Required for most authentication methods, including SASL. // Required for most authentication methods, including SASL.
@ -129,15 +129,19 @@ if (isset($settings->_ldapHost) && strlen($settings->_ldapHost)>0) {
} }
$dn = false; $dn = false;
/* If bind succeed, then get the dn of for the user */ /* If bind succeed, then get the dn of for the user */
if ($bind) { if ($bind) {
$search = ldap_search($ds, $settings->_ldapBaseDN, $ldapSearchAttribut.$login); if (isset($settings->_ldapFilter) && strlen($settings->_ldapFilter) > 0) {
$search = ldap_search($ds, $settings->_ldapBaseDN, "(&(".$ldapSearchAttribut.$login.")".$settings->_ldapFilter.")");
} else {
$search = ldap_search($ds, $settings->_ldapBaseDN, $ldapSearchAttribut.$login);
}
if (!is_bool($search)) { if (!is_bool($search)) {
$info = ldap_get_entries($ds, $search); $info = ldap_get_entries($ds, $search);
if (!is_bool($info) && $info["count"]>0) { if (!is_bool($info) && $info["count"]>0) {
$dn = $info[0]['dn']; $dn = $info[0]['dn'];
} }
} }
} }
/* If the previous bind failed, try it with the users creditionals /* If the previous bind failed, try it with the users creditionals
* by simply setting $dn to a default string * by simply setting $dn to a default string
@ -155,7 +159,11 @@ if (isset($settings->_ldapHost) && strlen($settings->_ldapHost)>0) {
$user = $dms->getUserByLogin($login); $user = $dms->getUserByLogin($login);
if (is_bool($user) && !$settings->_restricted) { if (is_bool($user) && !$settings->_restricted) {
// Retrieve the user's LDAP information. // Retrieve the user's LDAP information.
$search = ldap_search($ds, $settings->_ldapBaseDN, $ldapSearchAttribut . $login); if (isset($settings->_ldapFilter) && strlen($settings->_ldapFilter) > 0) {
$search = ldap_search($ds, $settings->_ldapBaseDN, "(&(".$ldapSearchAttribut.$login.")".$settings->_ldapFilter.")");
} else {
$search = ldap_search($ds, $settings->_ldapBaseDN, $ldapSearchAttribut . $login);
}
} }
$bind = @ldap_bind($ds, $dn, $pwd); $bind = @ldap_bind($ds, $dn, $pwd);
if ($bind) { if ($bind) {
@ -227,14 +235,14 @@ if (is_bool($user)) {
_printMessage(getMLText("login_disabled_title"), getMLText("login_disabled_text")); _printMessage(getMLText("login_disabled_title"), getMLText("login_disabled_text"));
exit; exit;
} }
// control admin IP address if required // control admin IP address if required
// TODO: extend control to LDAP autentication // TODO: extend control to LDAP autentication
if ($user->isAdmin() && ($_SERVER['REMOTE_ADDR'] != $settings->_adminIP ) && ( $settings->_adminIP != "") ){ if ($user->isAdmin() && ($_SERVER['REMOTE_ADDR'] != $settings->_adminIP ) && ( $settings->_adminIP != "") ){
_printMessage(getMLText("login_error_title"), getMLText("invalid_user_id")); _printMessage(getMLText("login_error_title"), getMLText("invalid_user_id"));
exit; exit;
} }
/* Clear login failures if login was successful */ /* Clear login failures if login was successful */
$user->clearLoginFailures(); $user->clearLoginFailures();
@ -311,7 +319,7 @@ if (isset($_COOKIE["mydms_session"])) {
setcookie("mydms_session", $id, $lifetime, $settings->_httpRoot, null, null, !$settings->_enableLargeFileUpload); setcookie("mydms_session", $id, $lifetime, $settings->_httpRoot, null, null, !$settings->_enableLargeFileUpload);
} }
// TODO: by the PHP manual: The superglobals $_GET and $_REQUEST are already decoded. // TODO: by the PHP manual: The superglobals $_GET and $_REQUEST are already decoded.
// Using urldecode() on an element in $_GET or $_REQUEST could have unexpected and dangerous results. // Using urldecode() on an element in $_GET or $_REQUEST could have unexpected and dangerous results.
if (isset($_POST["referuri"]) && strlen($_POST["referuri"])>0) { if (isset($_POST["referuri"]) && strlen($_POST["referuri"])>0) {

6
utils/seeddms-adddoc
View File

@ -1,2 +1,6 @@
#!/bin/sh #!/bin/sh
/usr/bin/php -f /usr/share/seeddms/utils/adddoc.php -- $* if [ -z ${SEEDDMS_HOME+x} ]; then
echo "Please set SEEDDMS_HOME before running this script";
exit 1;
fi
php -f ${SEEDDMS_HOME}/utils/adddoc.php -- $*

6
utils/seeddms-createfolder
View File

@ -1,2 +1,6 @@
#!/bin/sh #!/bin/sh
/usr/bin/php -f /usr/share/seeddms/utils/createfolder.php -- $* if [ -z ${SEEDDMS_HOME+x} ]; then
echo "Please set SEEDDMS_HOME before running this script";
exit 1;
fi
php -f ${SEEDDMS_HOME}/utils/createfolder.php -- $*

6
utils/seeddms-indexer
View File

@ -1,2 +1,6 @@
#!/bin/sh #!/bin/sh
/usr/bin/php -f /usr/share/seeddms/utils/indexer.php -- $* if [ -z ${SEEDDMS_HOME+x} ]; then
echo "Please set SEEDDMS_HOME before running this script";
exit 1;
fi
php -f ${SEEDDMS_HOME}/utils/indexer.php -- $*

6
utils/seeddms-xmldump
View File

@ -1,2 +1,6 @@
#!/bin/sh #!/bin/sh
/usr/bin/php -f /usr/share/seeddms/utils/xmldump -- $* if [ -z ${SEEDDMS_HOME+x} ]; then
echo "Please set SEEDDMS_HOME before running this script";
exit 1;
fi
php -f ${SEEDDMS_HOME}/utils/xmldump -- $*