Merge branch 'seeddms-5.1.x' into seeddms-6.0.x

2025-05-11 20:21:16 +00:00 · 2021-06-21 18:10:50 +02:00 · 2021-06-21 18:10:50 +02:00 · bfcad700af
commit bfcad700af
parent e91a66af21 369497ee3a
6 changed files with 11 additions and 3 deletions
--- a/1
+++ b/1
@ -219,6 +219,7 @@
  expired
 - much better form validation based on jquery validation
 - secure unlocking/locking of a documents with form token to prevent CSRF attacks
+- append referuri to base url to prevent redirects to arbitraty sites in op.Login.php

 --------------------------------------------------------------------------------
                     Changes in version 5.1.22
--- a/SeedDMS_Core/Core/inc.ClassAttribute.php
+++ b/SeedDMS_Core/Core/inc.ClassAttribute.php
@ -1238,7 +1238,8 @@ class SeedDMS_Core_AttributeDefinition { /* {{{ */
 			break;
 		case self::type_email:
 			foreach($values as $value) {
-				$success &= preg_match('/^[a-z0-9._-]+@+[a-z0-9._-]+\.+[a-z]{2,4}$/i', $value);
+				$success &= filter_var($value, FILTER_VALIDATE_EMAIL);
+				//preg_match('/^[a-z0-9._-]+@+[a-z0-9._-]+\.+[a-z]{2,63}$/i', $value);
 			}
 			if(!$success)
 				$this->_validation_error = 5;
--- a/SeedDMS_Core/package.xml
+++ b/SeedDMS_Core/package.xml
@ -1905,6 +1905,7 @@ add method SeedDMS_Core_DatabaseAccess::setLogFp()
 - add methods SeedDMS_Core_DocumentContent::getReviewers() and SeedDMS_Core_DocumentContent::getApprovers()	
 - add methods SeedDMS_Core_DocumentContent::getApproveLog() and SeedDMS_Core_DocumentContent::getReviewLog()
 - better handling of document with an empty workflow state
+- fix checking of email addresses by using filter_var instead of regex
   </notes>
  </release>
  <release>
--- a/op/op.Login.php
+++ b/op/op.Login.php
@ -97,8 +97,7 @@ if(!$controller->run()) {
 $user = $controller->getUser();

 if (isset($referuri) && strlen($referuri)>0) {
-//	header("Location: http".((isset($_SERVER['HTTPS']) && (strcmp($_SERVER['HTTPS'],'off')!=0)) ? "s" : "")."://".$_SERVER['HTTP_HOST'] . $referuri);
-	header("Location: " . $referuri);
+	header("Location: " . getBaseUrl() . "/" . $referuri);
 }
 else {
 	header("Location: ".$settings->_httpRoot.(isset($settings->_siteDefaultPage) && strlen($settings->_siteDefaultPage)>0 ? $settings->_siteDefaultPage : "out/out.ViewFolder.php?folderid=".($user->getHomeFolder() ? $user->getHomeFolder() : $settings->_rootFolderID)));
--- a/views/bootstrap/class.Bootstrap.php
+++ b/views/bootstrap/class.Bootstrap.php
@ -1417,6 +1417,9 @@ background-image: linear-gradient(to bottom, #882222, #111111);;
 	 * @param array $config contains elements
 	 *   id: id of modal box (must match target of getModalBoxLink())
 	 *   title: title of modal box
+	 *   content: content to be shown in the body of the box. Can be left
+	 *   empty if the body is loaded from the remote link passed to the button
+	 *   to open this box.
 	 *   buttons: array of buttons, each having a title and an optional id
 	 * @return string
 	 */
--- a/views/bootstrap4/class.Bootstrap4.php
+++ b/views/bootstrap4/class.Bootstrap4.php
@ -1340,6 +1340,9 @@ background-image: linear-gradient(to bottom, #882222, #111111);;
 	 * @param array $config contains elements
 	 *   id: id of modal box (must match target of getModalBoxLink())
 	 *   title: title of modal box
+	 *   content: content to be shown in the body of the box. Can be left
+	 *   empty if the body is loaded from the remote link passed to the button
+	 *   to open this box.
 	 *   buttons: array of buttons, each having a title and an optional id
 	 * @return string
 	 */