Example #1
0
 function InstallDB($arParams = array())
 {
     global $DB, $DBType, $APPLICATION;
     $this->errors = false;
     // Database tables creation
     if (!$DB->Query("SELECT 'x' FROM b_sec_iprule WHERE 1=0", true)) {
         $this->errors = $DB->RunSQLBatch($_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/security/install/db/" . strtolower($DB->type) . "/install.sql");
     }
     if ($this->errors !== false) {
         $APPLICATION->ThrowException(implode("<br>", $this->errors));
         return false;
     } else {
         $this->InstallTasks();
         RegisterModule("security");
         RegisterModuleDependences("main", "OnUserDelete", "security", "CSecurityUser", "OnUserDelete");
         RegisterModuleDependences("main", "OnEventLogGetAuditTypes", "security", "CSecurityFilter", "GetAuditTypes");
         RegisterModuleDependences("main", "OnEventLogGetAuditTypes", "security", "CSecurityAntiVirus", "GetAuditTypes");
         RegisterModuleDependences("main", "OnAdminInformerInsertItems", "security", "CSecurityFilter", "OnAdminInformerInsertItems");
         RegisterModuleDependences("main", "OnAdminInformerInsertItems", "security", "CSecuritySiteChecker", "OnAdminInformerInsertItems");
         CModule::IncludeModule("security");
         //agents
         CAgent::RemoveAgent("CSecuritySession::CleanUpAgent();", "security");
         CAgent::Add(array("NAME" => "CSecuritySession::CleanUpAgent();", "MODULE_ID" => "security", "ACTIVE" => "Y", "AGENT_INTERVAL" => 1800, "IS_PERIOD" => "N"));
         CAgent::RemoveAgent("CSecurityIPRule::CleanUpAgent();", "security");
         CAgent::Add(array("NAME" => "CSecurityIPRule::CleanUpAgent();", "MODULE_ID" => "security", "ACTIVE" => "Y", "AGENT_INTERVAL" => 3600, "IS_PERIOD" => "N"));
         if (!COption::GetOptionString("security", "ipcheck_disable_file")) {
             COption::SetOptionString("security", "ipcheck_disable_file", "/bitrix/modules/ipcheck_disable_" . md5(mt_rand()));
         }
         CAgent::RemoveAgent("CSecurityFilter::ClearTmpFiles();", "security");
         CSecurityFilter::SetActive(true);
         CSecurityAntiVirus::SetActive(true);
         return true;
     }
 }
Example #2
0
 protected function checkSecurityLevel()
 {
     if (!CSecurityFilter::IsActive()) {
         $this->addUnformattedDetailError("SECURITY_SITE_CHECKER_WAF_OFF", CSecurityCriticalLevel::HIGHT);
     }
     if (self::AdminPolicyLevel() != "high") {
         $this->addUnformattedDetailError("SECURITY_SITE_CHECKER_ADMIN_SECURITY_LEVEL", CSecurityCriticalLevel::HIGHT);
     }
 }
Example #3
0
 /**
  * @param bool $bActive
  */
 public static function SetActive($bActive = false)
 {
     if ($bActive) {
         if (!CSecurityFilter::IsActive()) {
             registerModuleDependences("main", "OnBeforeProlog", "security", "CSecurityFilter", "OnBeforeProlog", "5");
             registerModuleDependences("main", "OnEndBufferContent", "security", "CSecurityXSSDetect", "OnEndBufferContent", 9999);
         }
     } else {
         if (CSecurityFilter::IsActive()) {
             unregisterModuleDependences("main", "OnBeforeProlog", "security", "CSecurityFilter", "OnBeforeProlog");
             unregisterModuleDependences("main", "OnEndBufferContent", "security", "CSecurityXSSDetect", "OnEndBufferContent");
         }
     }
 }
 protected function checkSecurityLevel()
 {
     /** @global CDataBase $DB */
     global $DB;
     if (!CSecurityFilter::IsActive()) {
         $this->addUnformattedDetailError("SECURITY_SITE_CHECKER_WAF_OFF", CSecurityCriticalLevel::HIGHT);
     }
     if (self::AdminPolicyLevel() != "high") {
         $this->addUnformattedDetailError("SECURITY_SITE_CHECKER_ADMIN_SECURITY_LEVEL", CSecurityCriticalLevel::HIGHT);
     }
     $validErrorReporting = E_COMPILE_ERROR | E_ERROR | E_CORE_ERROR | E_PARSE;
     if (COption::GetOptionInt("main", "error_reporting", $validErrorReporting) != $validErrorReporting && COption::GetOptionString("main", "error_reporting", "") != "") {
         $this->addUnformattedDetailError("SECURITY_SITE_CHECKER_ERROR_REPORTING", CSecurityCriticalLevel::MIDDLE);
     }
     if ($DB->debug) {
         $this->addUnformattedDetailError("SECURITY_SITE_CHECKER_DB_DEBUG", CSecurityCriticalLevel::HIGHT);
     }
 }
Example #5
0
 protected function checkSecurityLevel()
 {
     $isFailed = false;
     if (!CSecurityFilter::IsActive()) {
         $this->addUnformattedDetailError("SECURITY_SITE_CHECKER_WAF_OFF", CSecurityCriticalLevel::HIGHT);
         $isFailed = true;
     }
     if (!CSecurityRedirect::IsActive()) {
         $this->addUnformattedDetailError("SECURITY_SITE_CHECKER_REDIRECT_OFF", CSecurityCriticalLevel::MIDDLE);
         $isFailed = true;
     }
     if (self::AdminPolicyLevel() != "high") {
         $this->addUnformattedDetailError("SECURITY_SITE_CHECKER_ADMIN_SECURITY_LEVEL", CSecurityCriticalLevel::HIGHT);
         $isFailed = true;
     }
     if ($isFailed) {
         return self::STATUS_FAILED;
     } else {
         return self::STATUS_PASSED;
     }
 }
Example #6
0
" enctype="multipart/form-data" name="editform">
<?php 
echo bitrix_sessid_post();
?>
<input type="hidden" name="lang" value="<?php 
echo LANG;
?>
">
<?php 
$tabControl->Begin();
$tabControl->BeginNextTab();
?>
<tr>
	<td colspan="2" align="left">
<?php 
if (CSecurityFilter::IsActive()) {
    ?>
		<input type="hidden" name="filter_active" value="N">
		<input type="submit" name="filter_siteb" value="<?php 
    echo GetMessage("SEC_FILTER_BUTTON_OFF");
    ?>
"<?php 
    if (!$canWrite) {
        echo " disabled";
    }
    ?>
>
<?php 
} else {
    ?>
		<input type="hidden" name="filter_active" value="Y">
Example #7
0
    $criticalResultsCount = CSecuritySiteChecker::calculateCriticalResults($lastResults);
} else {
    $criticalResultsCount = 0;
}
if (isset($lastTestingInfo["test_date"])) {
    $lastDate = $lastTestingInfo["test_date"];
} else {
    $lastDate = GetMessage("SEC_PANEL_SCANNER_NEVER_START");
}
$data['scanner']['ITEMS'][] = array("KPI_NAME" => GetMessage("SEC_PANEL_SCANNER_LAST_SCAN"), "KPI_VALUE" => $lastDate, "KPI_RECOMMENDATION" => !CSecuritySiteChecker::isNewTestNeeded() ? '&nbsp;' : ($USER->isAdmin() ? '<a href="security_scanner.php?lang=' . LANGUAGE_ID . '&amp;return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '">' . GetMessage("SEC_PANEL_SCANNER_RUN") . '</a>' : GetMessage("SEC_PANEL_SCANNER_RUN")));
$data['scanner']['ITEMS'][] = array("KPI_NAME" => GetMessage("SEC_PANEL_SCANNER_PROBLEM_COUNT"), "KPI_VALUE" => count($lastResults), "KPI_RECOMMENDATION" => count($lastResults) <= 0 ? '&nbsp;' : ($USER->isAdmin() ? '<a href="security_scanner.php?lang=' . LANGUAGE_ID . '&amp;return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '">' . GetMessage("SEC_PANEL_SCANNER_FIX_IT") . '</a>' : GetMessage("SEC_PANEL_SCANNER_FIX_IT")));
$data['scanner']['ITEMS'][] = array("KPI_NAME" => GetMessage("SEC_PANEL_SCANNER_CRITICAL_PROBLEM_COUNT"), "KPI_VALUE" => $criticalResultsCount, "KPI_RECOMMENDATION" => $criticalResultsCount <= 0 ? '&nbsp;' : ($USER->isAdmin() ? '<a href="security_scanner.php?lang=' . LANGUAGE_ID . '&amp;return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '">' . GetMessage("SEC_PANEL_SCANNER_FIX_IT") . '</a>' : GetMessage("SEC_PANEL_SCANNER_FIX_IT")));
unset($lastTestingInfo);
unset($lastResults);
unset($criticalResultsCount);
$bSecurityFilter = CSecurityFilter::IsActive();
$data['std']['ITEMS'][] = array("IS_OK" => $bSecurityFilter, "KPI_NAME" => GetMessage("SEC_PANEL_FILTER_NAME"), "KPI_VALUE" => $bSecurityFilter ? GetMessage("SEC_PANEL_FILTER_VALUE_ON") : GetMessage("SEC_PANEL_FILTER_VALUE_OFF"), "KPI_RECOMMENDATION" => $bSecurityFilter ? '&nbsp;' : ($USER->CanDoOperation('security_filter_settings_write') ? '<a href="security_filter.php?lang=' . LANGUAGE_ID . '&amp;return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '">' . GetMessage("SEC_PANEL_FILTER_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_FILTER_RECOMMENDATION")));
$rsSecurityFilterExclMask = CSecurityFilterMask::GetList();
if ($rsSecurityFilterExclMask->Fetch()) {
    $bSecurityFilterExcl = true;
} else {
    $bSecurityFilterExcl = false;
}
$data['std']['ITEMS'][] = array("IS_OK" => !$bSecurityFilterExcl, "KPI_NAME" => GetMessage("SEC_PANEL_FILTER_EXCL_NAME"), "KPI_VALUE" => $bSecurityFilterExcl ? GetMessage("SEC_PANEL_FILTER_EXCL_VALUE_ON") : GetMessage("SEC_PANEL_FILTER_EXCL_VALUE_OFF"), "KPI_RECOMMENDATION" => !$bSecurityFilterExcl ? '&nbsp;' : ($USER->CanDoOperation('security_filter_settings_write') ? '<a href="security_filter.php?lang=' . LANGUAGE_ID . '&amp;return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '&amp;tabControl_active_tab=exceptions">' . GetMessage("SEC_PANEL_FILTER_EXCL_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_FILTER_EXCL_RECOMMENDATION")));
$days = COption::GetOptionInt("main", "event_log_cleanup_days", 7);
if ($days > 7) {
    $days = 7;
}
$cntLog = 0;
$rsLog = CEventLog::GetList(array(), array("TIMESTAMP_X_1" => ConvertTimeStamp(time() - $days * 24 * 3600 + CTimeZone::GetOffset(), "FULL"), "AUDIT_TYPE_ID" => "SECURITY_FILTER_SQL|SECURITY_FILTER_XSS|SECURITY_FILTER_XSS2|SECURITY_FILTER_PHP|SECURITY_REDIRECT"));
while ($rsLog->Fetch()) {
Example #8
0
    function SaveEvent($arParams)
    {
        global $DB;
        $iblockId = $arParams['iblockId'];
        $ownerType = $arParams['ownerType'];
        $ownerId = $arParams['ownerId'];
        $bCheckPermissions = $arParams["bCheckPermissions"] !== false;
        $calendarId = intVal($arParams['calendarId']);
        $sectionId = $arParams['sectionId'];
        $fullUrl = $arParams['fullUrl'];
        $userId = $arParams['userId'];
        $bIsInvitingEvent = $arParams['isMeeting'] && intval($arParams['prop']['PARENT']) > 0;
        $bExchange = CEventCalendar::IsExchangeEnabled() && $ownerType == 'USER';
        $bCalDav = CEventCalendar::IsCalDAVEnabled() && $ownerType == 'USER';
        if (!$bIsInvitingEvent) {
            // *** ADD MEETING ROOM ***
            $loc_old = CEventCalendar::ParseLocation($arParams['location']['old']);
            $loc_new = CEventCalendar::ParseLocation($arParams['location']['new']);
            if ($loc_old['mrid'] !== false && $loc_old['mrevid'] !== false && ($loc_old['mrid'] !== $loc_new['mrid'] || $arParams['location'])) {
                if ($loc_old['mrid'] == $arParams['VMiblockId']) {
                    CEventCalendar::ReleaseVR(array('mrevid' => $loc_old['mrevid'], 'mrid' => $loc_old['mrid'], 'VMiblockId' => $arParams['VMiblockId'], 'allowVideoMeeting' => $arParams['allowVideoMeeting']));
                } else {
                    CEventCalendar::ReleaseMR(array('mrevid' => $loc_old['mrevid'], 'mrid' => $loc_old['mrid'], 'RMiblockId' => $arParams['RMiblockId'], 'allowResMeeting' => $arParams['allowResMeeting']));
                }
            }
            if ($loc_new['mrid'] !== false) {
                if ($loc_new['mrid'] == $arParams['VMiblockId']) {
                    $mrevid = CEventCalendar::ReserveVR(array('mrid' => $loc_new['mrid'], 'dateFrom' => $arParams['dateFrom'], 'dateTo' => $arParams['dateTo'], 'name' => $arParams['name'], 'description' => GetMessage('EC_RESERVE_FOR_EVENT') . ': ' . $arParams['name'], 'persons' => count($arParams['guests']), 'members' => $arParams['guests'], 'regularity' => $arParams['prop']['PERIOD_TYPE'], 'regularity_count' => $arParams['prop']['PERIOD_COUNT'], 'regularity_length' => $arParams['prop']['EVENT_LENGTH'], 'regularity_additional' => $arParams['prop']['PERIOD_ADDITIONAL'], 'VMiblockId' => $arParams['VMiblockId'], 'allowVideoMeeting' => $arParams['allowVideoMeeting']));
                } else {
                    $mrevid = CEventCalendar::ReserveMR(array('mrid' => $loc_new['mrid'], 'dateFrom' => $arParams['dateFrom'], 'dateTo' => $arParams['dateTo'], 'name' => $arParams['name'], 'description' => GetMessage('EC_RESERVE_FOR_EVENT') . ': ' . $arParams['name'], 'persons' => $arParams['isMeeting'] && count($arParams['guests']) > 0 ? count($arParams['guests']) : 1, 'regularity' => $arParams['prop']['PERIOD_TYPE'], 'regularity_count' => $arParams['prop']['PERIOD_COUNT'], 'regularity_length' => $arParams['prop']['EVENT_LENGTH'], 'regularity_additional' => $arParams['prop']['PERIOD_ADDITIONAL'], 'RMiblockId' => $arParams['RMiblockId'], 'allowResMeeting' => $arParams['allowResMeeting']));
                }
                if ($mrevid && $mrevid != 'reserved' && $mrevid != 'expire' && $mrevid > 0) {
                    $loc_new = 'ECMR_' . $loc_new['mrid'] . '_' . $mrevid;
                    $arParams["prop"]['LOCATION'] = $loc_new;
                } else {
                    $arParams["prop"]['LOCATION'] = '';
                    if ($mrevid == 'reserved') {
                        $loc_new = 'bxec_error_reserved';
                    } elseif ($mrevid == 'expire') {
                        $loc_new = 'bxec_error_expire';
                    } else {
                        $loc_new = 'bxec_error';
                    }
                }
            } else {
                $loc_new = $loc_new['str'];
                $arParams["prop"]['LOCATION'] = $loc_new;
            }
        }
        //$bSocNetLog = (!isset($arParams['bSocNetLog']) || $arParams['bSocNetLog'] != false) && !$arParams["prop"]["PRIVATE"];
        //if(cmodule::includemodule('security'))
        if (CModule::IncludeModule("security")) {
            $filter = new CSecurityFilter();
            $arParams['desc'] = $filter->TestXSS($arParams['desc'], 'replace');
        } else {
            $arParams['desc'] = htmlspecialcharsex($arParams['desc']);
        }
        if ($calendarId > 0) {
            //cheking permissions and correct nesting
            //if (!CEventCalendar::CheckCalendar(array('iblockId' => $iblockId, 'ownerId' => $ownerId, 'ownerType' => $ownerType, 'calendarId' => $calendarId, 'sectionId' => $sectionId)))
            //	return CEventCalendar::ThrowError(GetMessage('EC_CALENDAR_CREATE_ERROR').' '.GetMessage('EC_CAL_INCORRECT_ERROR'));
        } else {
            // Creating default calendar section for owner
            $bDisplayCalendar = !$arParams["notDisplayCalendar"];
            // Output js with calendar description
            $newSectionId = 'none';
            // by reference
            $calendarId = CECCalendar::CreateDefault(array('ownerType' => $ownerType, 'ownerId' => $ownerId, 'iblockId' => $iblockId, 'sectionId' => $sectionId), $bDisplayCalendar, $newSectionId);
            if (!$calendarId) {
                return CEventCalendar::ThrowError('2' . GetMessage('EC_CALENDAR_CREATE_ERROR'));
            }
            if ($newSectionId != 'none') {
                $arParams['sectionId'] = $newSectionId;
            }
        }
        $arParams['calendarId'] = $calendarId;
        if ($bIsInvitingEvent && !isset($arParams["CONFIRMED"]) && isset($arParams["status"])) {
            $arParams["prop"]["CONFIRMED"] = CEventCalendar::GetConfirmedID($iblockId, $arParams["status"]);
        } else {
            if ($arParams["CONFIRMED"] == "Q") {
                $arParams["prop"]["CONFIRMED"] = CEventCalendar::GetConfirmedID($iblockId, "Q");
            } elseif ($arParams["CONFIRMED"] == "Y") {
                $arParams["prop"]["CONFIRMED"] = CEventCalendar::GetConfirmedID($iblockId, "Y");
            } else {
                unset($arParams["prop"]["CONFIRMED"]);
            }
        }
        if (isset($arParams["remind"])) {
            if ($arParams["remind"] !== false) {
                $arParams["prop"]["REMIND_SETTINGS"] = $arParams["remind"]['count'] . '_' . $arParams["remind"]['type'];
            } else {
                if (!$arParams['bNew']) {
                    $arParams["prop"]["REMIND_SETTINGS"] = '';
                }
            }
        }
        if (!isset($arParams['prop']['VERSION'])) {
            if (!$arParams['bNew']) {
                $dbProp = CIBlockElement::GetProperty($iblockId, $arParams['id'], 'sort', 'asc', array('CODE' => 'VERSION'));
                if ($arProp = $dbProp->Fetch()) {
                    $arParams['prop']['VERSION'] = intval($arProp['VALUE']);
                }
            }
            if ($arParams['prop']['VERSION'] <= 0) {
                $arParams['prop']['VERSION'] = 1;
            }
            $arParams['prop']['VERSION']++;
        }
        if ($arParams['isMeeting']) {
            $arParams['prop']['IS_MEETING'] = 'Y';
        }
        if (!$bIsInvitingEvent) {
            $arParams['prop']['HOST_IS_ABSENT'] = $arParams['isMeeting'] && !in_array($userId, $arParams['guests']) ? 'Y' : 'N';
            if ($arParams['isMeeting'] && strlen($arParams['meetingText'])) {
                $arParams['prop']['MEETING_TEXT'] = array('VALUE' => array("TYPE" => 'text', "TEXT" => $arParams['meetingText']));
            }
        }
        $arFields = array("ACTIVE" => "Y", "IBLOCK_SECTION" => $calendarId, "IBLOCK_ID" => $iblockId, "NAME" => $arParams['name'], "ACTIVE_FROM" => $arParams['dateFrom'], "ACTIVE_TO" => $arParams['dateTo'], "DETAIL_TEXT" => $arParams['desc'], "DETAIL_TEXT_TYPE" => 'html', "MODIFIED_BY" => $GLOBALS['USER']->GetID(), "PROPERTY_VALUES" => $arParams['prop']);
        if ($ownerType == 'GROUP' && $ownerId > 0) {
            $arFields['SOCNET_GROUP_ID'] = $ownerId;
        }
        if ($bExchange || $bCalDav) {
            foreach ($arFields["PROPERTY_VALUES"] as $prKey => $prVal) {
                $arFields["PROPERTY_" . $prKey] = $prVal;
            }
        }
        // If it's EXCHANGE - we try to save event to exchange
        if ($bExchange) {
            $calendarXmlId = CECCalendar::GetExchangeXmlId($iblockId, $calendarId);
            if (strlen($calendarXmlId) > 0 && $calendarXmlId !== 0) {
                if ($arParams['bNew']) {
                    $exchRes = CDavExchangeCalendar::DoAddItem($ownerId, $calendarXmlId, $arFields);
                } else {
                    $eventModLabel = CECEvent::GetExchModLabel($iblockId, $arParams['id']);
                    $eventXmlId = CECEvent::GetExchangeXmlId($iblockId, $arParams['id']);
                    $exchRes = CDavExchangeCalendar::DoUpdateItem($ownerId, $eventXmlId, $eventModLabel, $arFields);
                }
                if (!is_array($exchRes) || !array_key_exists("XML_ID", $exchRes)) {
                    return CEventCalendar::ThrowError(CEventCalendar::CollectExchangeErros($exchRes));
                }
                // It's ok, we successfuly save event to exchange calendar - and save it to DB
                $arFields['XML_ID'] = $exchRes['XML_ID'];
                $arFields['PROPERTY_VALUES']['BXDAVEX_LABEL'] = $exchRes['MODIFICATION_LABEL'];
            }
        }
        if ($bCalDav) {
            $connectionId = CECCalendar::GetCalDAVConnectionId($iblockId, $calendarId);
            if ($connectionId > 0) {
                $calendarCalDAVXmlId = CECCalendar::GetCalDAVXmlId($iblockId, $calendarId);
                if ($arParams['bNew']) {
                    $DAVRes = CDavGroupdavClientCalendar::DoAddItem($connectionId, $calendarCalDAVXmlId, $arFields);
                } else {
                    $eventCalDAVModLabel = CECEvent::GetCalDAVModLabel($iblockId, $arParams['id']);
                    $eventXmlId = CECEvent::GetExchangeXmlId($iblockId, $arParams['id']);
                    $DAVRes = CDavGroupdavClientCalendar::DoUpdateItem($connectionId, $calendarCalDAVXmlId, $eventXmlId, $eventCalDAVModLabel, $arFields);
                }
                if (!is_array($DAVRes) || !array_key_exists("XML_ID", $DAVRes)) {
                    return CEventCalendar::ThrowError(CEventCalendar::CollectCalDAVErros($DAVRes));
                }
                // // It's ok, we successfuly save event to caldav calendar - and save it to DB
                $arFields['XML_ID'] = $DAVRes['XML_ID'];
                $arFields['PROPERTY_VALUES']['BXDAVCD_LABEL'] = $DAVRes['MODIFICATION_LABEL'];
            }
        }
        $bs = new CIBlockElement();
        $res = false;
        if (!$arParams['bNew']) {
            $ID = $arParams['id'];
            if ($ID > 0) {
                $res = $bs->Update($ID, $arFields, false);
            }
        } else {
            //This sets appropriate owner if event created by owner of the meeting and this calendar belongs to guest which is not current user
            if ($ownerType == 'USER' && $ownerId > 0 && $userId != $ownerId) {
                $arFields['CREATED_BY'] = $ownerId;
            }
            $ID = $bs->Add($arFields, false);
            $res = $ID > 0;
        }
        if ($arParams['isMeeting'] && !$bIsInvitingEvent) {
            $this->CheckParentProperty($arParams['userIblockId'], $iblockId);
            $arGuestConfirm = $this->InviteGuests($ID, $arFields, $arParams['guests'], $arParams);
        }
        if (!$res) {
            return CEventCalendar::ThrowError('4' . $bs->LAST_ERROR);
        } else {
            CIBlockElement::RecalcSections($ID);
        }
        if (!$bPeriodic && !$arParams["notDisplayCalendar"]) {
            if ($arParams['bNew']) {
                ?>
<script>window._bx_new_event = {ID: <?php 
                echo $ID;
                ?>
, IBLOCK_ID: '<?php 
                echo $iblockId;
                ?>
', LOC: '<?php 
                echo CUtil::JSEscape($loc_new);
                ?>
', arGuestConfirm: <?php 
                echo CUtil::PhpToJSObject($arGuestConfirm);
                ?>
};</script><?php 
            } else {
                ?>
<script>window._bx_existent_event = {ID: <?php 
                echo intVal($ID);
                ?>
, NAME : '<?php 
                echo CUtil::JSEscape($arParams['name']);
                ?>
', DETAIL_TEXT: '<?php 
                echo CUtil::JSEscape($arParams['desc']);
                ?>
', DATE_FROM : '<?php 
                echo $arParams['dateFrom'];
                ?>
', DATE_TO : '<?php 
                echo $arParams['dateTo'];
                ?>
', LOC: '<?php 
                echo CUtil::JSEscape($loc_new);
                ?>
', arGuestConfirm: <?php 
                echo CUtil::PhpToJSObject($arGuestConfirm);
                ?>
};</script>
<?php 
            }
        }
        $this->ClearCache($this->cachePath . 'events/' . $iblockId . '/');
        if ($bSocNetLog && $ownerType) {
            CEventCalendar::SocNetLog(array('iblockId' => $iblockId, 'ownerType' => $ownerType, 'ownerId' => $ownerId, 'target' => $arParams['bNew'] ? 'add_event' : 'edit_event', 'id' => $ID, 'name' => $arParams['name'], 'desc' => $arParams['desc'], 'from' => $arParams['dateFrom'], 'to' => $arParams['dateTo'], 'calendarId' => $calendarId, 'accessibility' => $arParams["prop"]["ACCESSIBILITY"], 'importance' => $arParams["prop"]["IMPORTANCE"], 'pathToGroupCalendar' => $arParams["pathToGroupCalendar"], 'pathToUserCalendar' => $arParams["pathToUserCalendar"]));
        }
        if (array_key_exists("remind", $arParams)) {
            CECEvent::AddReminder(array('iblockId' => $iblockId, 'ownerType' => $ownerType, 'ownerId' => $ownerId, 'userId' => $userId, 'fullUrl' => $fullUrl, 'id' => $ID, 'dateFrom' => $arParams['dateFrom'], 'remind' => $arParams["remind"], 'bNew' => $arParams['bNew']));
        }
        return $ID;
    }
Example #9
0
global $APPLICATION;
/** @global CUser $USER */
global $USER;
$APPLICATION->SetAdditionalCSS('/bitrix/gadgets/bitrix/admin_security/styles.css');
$aGlobalOpt = CUserOptions::GetOption("global", "settings", array());
$bShowSecurity = file_exists($_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/security/install/index.php") && $aGlobalOpt['messages']['security'] != 'N';
if (!$bShowSecurity) {
    return false;
}
$bSecModuleInstalled = CModule::IncludeModule("security");
if ($bSecModuleInstalled) {
    $bSecurityFilter = CSecurityFilter::IsActive();
    if ($bSecurityFilter) {
        $lamp_class = " bx-gadgets-info";
        $text2_class = "green";
        $securityEventsCount = CSecurityFilter::GetEventsCount();
        if ($securityEventsCount > 0) {
            $text2 = GetMessage("GD_SECURITY_EVENT_COUNT");
        } else {
            $text2 = GetMessage("GD_SECURITY_EVENT_COUNT_EMPTY");
        }
        if ($securityEventsCount > 999) {
            $securityEventsCount = round($securityEventsCount / 1000, 1) . 'K';
        }
    } else {
        $lamp_class = " bx-gadgets-note";
        $text2_class = "red";
        $text2 = GetMessage("GD_SECURITY_FILTER_OFF_DESC");
        $securityEventsCount = 0;
    }
    $minSecurityVersionForScan = "12.5.0";
Example #10
0
	function CheckSecurity($arParams)
	{
		global $DB;
		$err = 1;
		$arResult['STATUS'] = false;
		switch ($arParams["ACTION"])
		{
			case "SECURITY_LEVEL":
				if (IsModuleInstalled("security"))
				{
						if ($arMask = CSecurityFilterMask::GetList()->Fetch())
							$arMessage.= $err++.". ".GetMessage("CL_FILTER_EXEPTION_FOUND")."\n";
						if(!CSecurityFilter::IsActive())
							$arMessage.=$err++.". ".GetMessage("CL_FILTER_NON_ACTIVE")."\n";
						if(COption::GetOptionString("main", "captcha_registration", "N") == "N")
							$arMessage.=$err++.". ".GetMessage("CL_CAPTCHA_NOT_USE")."\n";

					if (CCheckListTools::AdminPolicyLevel() != "high")
						$arMessage.=$err++.". ".GetMessage("CL_ADMIN_SECURITY_LEVEL")."\n";
					if (COption::GetOptionInt("main", "error_reporting", E_COMPILE_ERROR|E_ERROR|E_CORE_ERROR|E_PARSE) != (E_COMPILE_ERROR|E_ERROR|E_CORE_ERROR|E_PARSE) && COption::GetOptionString("main","error_reporting","") != 0)
						$arMessage.=$err++.". ".GetMessage("CL_ERROR_REPORTING_LEVEL")."\n";
					if($DB->debug)
						$arMessage.=$err++.". ".GetMessage("CL_DBDEBUG_TURN_ON")."\n";
					if ($arMessage)
					{
						$arResult["STATUS"] = false;
						$arResult["MESSAGE"]=Array(
								"PREVIEW"=>GetMessage("CL_MIN_LEVEL_SECURITY"),
								"DETAIL"=>GetMessage("CL_ERROR_FOUND")."\n".$arMessage
						);
					}
					else
					{
						$arResult["STATUS"] = true;
						$arResult["MESSAGE"]=Array(
								"PREVIEW"=>GetMessage("CL_LEVEL_SECURITY")."\n"
						);
					}
				}
				else
					$arResult = Array(
						"STATUS" => false,
						"MESSAGE"=>Array(
							"PREVIEW"=>GetMessage("CL_SECURITY_MODULE_NOT_INSTALLED")."\n"
						)
					);
			break;
			case "ADMIN_POLICY":
				if (CCheckListTools::AdminPolicyLevel() != "high")
					$arResult["MESSAGE"]["PREVIEW"] = GetMessage("CL_ADMIN_SECURITY_LEVEL")."\n";
				else
					$arResult = Array(
						"STATUS" => true,
						"MESSAGE"=>Array(
							"PREVIEW"=>GetMessage("CL_ADMIN_SECURITY_LEVEL_IS_HIGH")."\n"
						)
					);
			break;
		}

		return $arResult;
	}
function GetTasksList($iblockId, $arOrder = array("SORT" => "ASC"), $arFilter = array(), $arGroupBy = false, $arNavStartParams = false, $arSelectFields = array())
{
    global $USER;
    $iblockId = IntVal($iblockId);
    $arFilter["IBLOCK_ID"] = $iblockId;
    $arFilter["SHOW_NEW"] = "Y";
    if (count($arSelectFields) > 0) {
        if (!in_array("IBLOCK_SECTION_ID", $arSelectFields)) {
            $arSelectFields[] = "IBLOCK_SECTION_ID";
        }
        if (!in_array("ID", $arSelectFields)) {
            $arSelectFields[] = "ID";
        }
        if (!in_array("IBLOCK_ID", $arSelectFields)) {
            $arSelectFields[] = "IBLOCK_ID";
        }
        if (!in_array("CREATED_BY", $arSelectFields)) {
            $arSelectFields[] = "CREATED_BY";
        }
    }
    $arResultList = array();
    $arCache = array();
    $isInSecurity = CModule::IncludeModule("security");
    $dbTasksList = CIBlockElement::GetList($arOrder, $arFilter, $arGroupBy, $arNavStartParams, $arSelectFields);
    while ($obTask = $dbTasksList->GetNextElement()) {
        $arResult = array();
        $arFields = $obTask->GetFields();
        foreach ($arFields as $fieldKey => $fieldValue) {
            if (substr($fieldKey, 0, 1) == "~") {
                continue;
            }
            $arResult[$fieldKey] = $fieldValue;
            if (in_array($fieldKey, array("MODIFIED_BY", "CREATED_BY"))) {
                $arResult[$fieldKey . "_PRINTABLE"] = CIntranetTasks::PrepareUserForPrint($fieldValue);
            } elseif ($fieldKey == "DETAIL_TEXT") {
                if ($isInSecurity) {
                    $filter = new CSecurityFilter();
                    $arResult["DETAIL_TEXT_PRINTABLE"] = $filter->TestXSS($arFields["~DETAIL_TEXT"]);
                    $arResult["DETAIL_TEXT"] = $arResult["DETAIL_TEXT_PRINTABLE"];
                } else {
                    $arResult["DETAIL_TEXT_PRINTABLE"] = nl2br($arFields["DETAIL_TEXT"]);
                    $arResult["DETAIL_TEXT"] = $arFields["DETAIL_TEXT"];
                }
            } else {
                $arResult[$fieldKey . "_PRINTABLE"] = $fieldValue;
            }
        }
        $arProperties = $obTask->GetProperties();
        foreach ($arProperties as $propertyKey => $propertyValue) {
            $arResult["PROPERTY_" . $propertyKey] = $propertyValue["VALUE"];
            if (strtoupper($propertyKey) == "TASKCOMPLETE") {
                $ps = intval($propertyValue["VALUE"]);
                if ($ps > 100) {
                    $ps = 100;
                } elseif ($ps < 0) {
                    $ps = 0;
                }
                $arResult["PROPERTY_" . $propertyKey . "_PRINTABLE"] = '<div class="task-complete-bar-out" title="' . GetMessage("INTASK_L_TASKCOMPLETE", array("#PRC#" => IntVal($propertyValue["VALUE"]))) . '">';
                if ($ps > 0) {
                    $arResult["PROPERTY_" . $propertyKey . "_PRINTABLE"] .= '<div class="task-complete-bar-in" style="width:' . $ps . '%;"><div class="empty"></div></div>';
                }
                $arResult["PROPERTY_" . $propertyKey . "_PRINTABLE"] .= '</div>';
            } elseif (strlen($propertyValue["USER_TYPE"]) > 0) {
                if ($propertyValue["USER_TYPE"] == "UserID") {
                    $arResult["PROPERTY_" . $propertyKey . "_PRINTABLE"] = CIntranetTasks::PrepareUserForPrint($propertyValue["VALUE"]);
                } else {
                    $arResult["PROPERTY_" . $propertyKey . "_PRINTABLE"] = $propertyValue["VALUE"];
                }
            } elseif ($propertyValue["PROPERTY_TYPE"] == "G") {
                $arResult["PROPERTY_" . $propertyKey . "_PRINTABLE"] = array();
                $vx = CIntranetTasks::PrepareSectionForPrint($propertyValue["VALUE"], $propertyValue["LINK_IBLOCK_ID"]);
                foreach ($vx as $vx1 => $vx2) {
                    $arResult["PROPERTY_" . $propertyKey . "_PRINTABLE"][$vx1] = $vx2["NAME"];
                }
            } elseif ($propertyValue["PROPERTY_TYPE"] == "L") {
                $arResult["PROPERTY_" . $propertyKey] = array();
                $arPropertyValue = $propertyValue["VALUE"];
                $arPropertyKey = $propertyValue["VALUE_ENUM_ID"];
                if (!is_array($arPropertyValue)) {
                    $arPropertyValue = array($arPropertyValue);
                    $arPropertyKey = array($arPropertyKey);
                }
                for ($i = 0, $cnt = count($arPropertyValue); $i < $cnt; $i++) {
                    $arResult["PROPERTY_" . $propertyKey][$arPropertyKey[$i]] = $arPropertyValue[$i];
                }
                $arResult["PROPERTY_" . $propertyKey . "_PRINTABLE"] = $arResult["PROPERTY_" . $propertyKey];
            } elseif ($propertyValue["PROPERTY_TYPE"] == "S" && $propertyValue["ROW_COUNT"] > 1) {
                if (is_array($propertyValue["VALUE"])) {
                    $arResult["PROPERTY_" . $propertyKey] = array();
                    $arResult["PROPERTY_" . $propertyKey . "_PRINTABLE"] = array();
                    if ($isInSecurity) {
                        foreach ($propertyValue["~VALUE"] as $k => $v) {
                            $filter = new CSecurityFilter();
                            $arResult["PROPERTY_" . $propertyKey . "_PRINTABLE"][$k] = $filter->TestXSS($v);
                            $arResult["PROPERTY_" . $propertyKey][$k] = $arResult["PROPERTY_" . $propertyKey . "_PRINTABLE"][$k];
                        }
                    } else {
                        foreach ($propertyValue["VALUE"] as $k => $v) {
                            $arResult["PROPERTY_" . $propertyKey . "_PRINTABLE"][$k] = nl2br($v);
                            $arResult["PROPERTY_" . $propertyKey][$k] = $v;
                        }
                    }
                } else {
                    if ($isInSecurity) {
                        $filter = new CSecurityFilter();
                        $arResult["PROPERTY_" . $propertyKey . "_PRINTABLE"] = $filter->TestXSS($propertyValue["~VALUE"]);
                        $arResult["PROPERTY_" . $propertyKey] = $arResult["PROPERTY_" . $propertyKey . "_PRINTABLE"];
                    } else {
                        $arResult["PROPERTY_" . $propertyKey . "_PRINTABLE"] = nl2br($propertyValue["VALUE"]);
                        $arResult["PROPERTY_" . $propertyKey] = $propertyValue["VALUE"];
                    }
                }
            }
        }
        $arResult["ROOT_SECTION_ID"] = 0;
        $arResult["IBLOCK_SECTION_ID_PRINTABLE"] = array();
        $v = CIntranetTasks::PrepareSectionForPrint($arResult["IBLOCK_SECTION_ID"], $iblockId);
        if (is_array($v)) {
            foreach ($v as $k1 => $v1) {
                if ($arResult["ROOT_SECTION_ID"] == 0) {
                    $arResult["ROOT_SECTION_ID"] = $k1;
                    $taskType = $v1["XML_ID"] == "users_tasks" ? "user" : "group";
                    $ownerId = $taskType == "user" ? $arResult["PROPERTY_TaskAssignedTo"] : $v1["XML_ID"];
                } else {
                    $arResult["IBLOCK_SECTION_ID_PRINTABLE"][$k1] = $v1["NAME"];
                }
            }
        }
        if (!array_key_exists($taskType . "_" . $ownerId, $arCache)) {
            $arCurrentUserGroups = array();
            if ($taskType == "group") {
                $arCurrentUserGroups[] = SONET_ROLES_ALL;
                if ($GLOBALS["USER"]->IsAuthorized()) {
                    $arCurrentUserGroups[] = SONET_ROLES_AUTHORIZED;
                }
                $r = CSocNetUserToGroup::GetUserRole($USER->GetID(), $ownerId);
                if (strlen($r) > 0) {
                    $arCurrentUserGroups[] = $r;
                }
            } else {
                $arCurrentUserGroups[] = SONET_RELATIONS_TYPE_ALL;
                if ($GLOBALS["USER"]->IsAuthorized()) {
                    $arCurrentUserGroups[] = SONET_RELATIONS_TYPE_AUTHORIZED;
                }
                if (CSocNetUserRelations::IsFriends($USER->GetID(), $ownerId)) {
                    $arCurrentUserGroups[] = SONET_RELATIONS_TYPE_FRIENDS;
                }
            }
            $arCache[$taskType . "_" . $ownerId] = $arCurrentUserGroups;
        }
        $arCurrentUserGroups = $arCache[$taskType . "_" . $ownerId];
        if ($USER->GetID() == $arResult["CREATED_BY"]) {
            $arCurrentUserGroups[] = "author";
        }
        if ($USER->GetID() == $arResult["PROPERTY_TaskAssignedTo"]) {
            $arCurrentUserGroups[] = "responsible";
        }
        if (is_array($arResult["PROPERTY_TaskTrackers"]) && in_array($USER->GetID(), $arResult["PROPERTY_TaskTrackers"])) {
            $arCurrentUserGroups[] = "trackers";
        }
        $arResult["DocumentState"] = array();
        $arDocumentStates = CBPDocument::GetDocumentStates(array("intranet", "CIntranetTasksDocument", "x" . $iblockId), array("intranet", "CIntranetTasksDocument", $arResult["ID"]));
        $kk = array_keys($arDocumentStates);
        foreach ($kk as $k) {
            $arResult["DocumentState"] = $arDocumentStates[$k];
            $arResult["DocumentState"]["AllowableEvents"] = CBPDocument::GetAllowableEvents($GLOBALS["USER"]->GetID(), $arCurrentUserGroups, $arDocumentStates[$k]);
        }
        $arResult["TaskType"] = $taskType;
        $arResult["OwnerId"] = $ownerId;
        $arResult["CurrentUserCanViewTask"] = CIntranetTasksDocument::CanUserOperateDocument(INTASK_DOCUMENT_OPERATION_READ_DOCUMENT, $GLOBALS["USER"]->GetID(), $arResult["ID"], array("TaskType" => $taskType, "OwnerId" => $ownerId, "AllUserGroups" => $arCurrentUserGroups, "DocumentStates" => $arDocumentStates));
        $arResult["CurrentUserCanCommentTask"] = CIntranetTasksDocument::CanUserOperateDocument(INTASK_DOCUMENT_OPERATION_COMMENT_DOCUMENT, $GLOBALS["USER"]->GetID(), $arResult["ID"], array("TaskType" => $taskType, "OwnerId" => $ownerId, "AllUserGroups" => $arCurrentUserGroups, "DocumentStates" => $arDocumentStates));
        $arResult["CurrentUserCanDeleteTask"] = CIntranetTasksDocument::CanUserOperateDocument(INTASK_DOCUMENT_OPERATION_DELETE_DOCUMENT, $GLOBALS["USER"]->GetID(), $arResult["ID"], array("TaskType" => $taskType, "OwnerId" => $ownerId, "AllUserGroups" => $arCurrentUserGroups, "DocumentStates" => $arDocumentStates));
        $arResult["CurrentUserCanWriteTask"] = CIntranetTasksDocument::CanUserOperateDocument(INTASK_DOCUMENT_OPERATION_WRITE_DOCUMENT, $GLOBALS["USER"]->GetID(), $arResult["ID"], array("TaskType" => $taskType, "OwnerId" => $ownerId, "AllUserGroups" => $arCurrentUserGroups, "DocumentStates" => $arDocumentStates));
        $arResultList[] = $arResult;
    }
    $dbTasksList = new CDBResult();
    $dbTasksList->InitFromArray($arResultList);
    return $dbTasksList;
}
Example #12
0
 /**
  * @param bool $bActive
  */
 public static function SetActive($bActive = false)
 {
     if ($bActive) {
         if (!CSecurityFilter::IsActive()) {
             RegisterModuleDependences("main", "OnBeforeProlog", "security", "CSecurityFilter", "OnBeforeProlog", "5");
             RegisterModuleDependences("main", "OnEndBufferContent", "security", "CSecurityXSSDetect", "OnEndBufferContent", 9999);
             // CAgent::AddAgent("CSecurityFilter::ClearTmpFiles();", "security", "N");
         }
     } else {
         if (CSecurityFilter::IsActive()) {
             UnRegisterModuleDependences("main", "OnBeforeProlog", "security", "CSecurityFilter", "OnBeforeProlog");
             UnRegisterModuleDependences("main", "OnEndBufferContent", "security", "CSecurityXSSDetect", "OnEndBufferContent");
             // CAgent::RemoveAgent("CSecurityFilter::ClearTmpFiles();", "security");
         }
     }
 }
Example #13
0
 /**
  * @param string $pAction
  */
 protected function setAction($pAction)
 {
     if (CSecurityFilter::isActionValid($pAction)) {
         $this->action = $pAction;
     }
 }
Example #14
0
 public function GetDocument($documentId, $nameTemplate = false, $bShowLogin = true, $bShowTooltip = false, $arTooltipParams = false)
 {
     $iblockId = COption::GetOptionInt("intranet", "iblock_tasks", 0);
     if ($iblockId <= 0) {
         return false;
     }
     $isInSecurity = CModule::IncludeModule("security");
     $arResult = false;
     $dbResult = CIBlockElement::GetList(array(), array("ID" => $documentId, "SHOW_NEW" => "Y", "IBLOCK_ID" => $iblockId));
     if ($objResult = $dbResult->GetNextElement()) {
         $arResult = array();
         $arFields = $objResult->GetFields();
         foreach ($arFields as $fieldKey => $fieldValue) {
             if (substr($fieldKey, 0, 1) == "~") {
                 continue;
             }
             $arResult[$fieldKey] = $fieldValue;
             if (in_array($fieldKey, array("MODIFIED_BY", "CREATED_BY"))) {
                 $arResult[$fieldKey . "_PRINTABLE"] = CIntranetTasks::PrepareUserForPrint($fieldValue, $nameTemplate, $bShowLogin, $bShowTooltip, $arTooltipParams);
             } elseif ($fieldKey == "DETAIL_TEXT") {
                 if ($isInSecurity) {
                     $filter = new CSecurityFilter();
                     $arResult["DETAIL_TEXT_PRINTABLE"] = $filter->TestXSS($arFields["~DETAIL_TEXT_TYPE"] == "text" ? $arFields["DETAIL_TEXT"] : $arFields["~DETAIL_TEXT"], 'replace');
                     $arResult["DETAIL_TEXT"] = $arFields["~DETAIL_TEXT_TYPE"] == "text" ? nl2br($arFields["~DETAIL_TEXT"]) : $arFields["~DETAIL_TEXT"];
                 } else {
                     $arResult["DETAIL_TEXT_PRINTABLE"] = nl2br($arFields["DETAIL_TEXT"]);
                     $arResult["DETAIL_TEXT"] = $arFields["DETAIL_TEXT"];
                 }
             } else {
                 $arResult[$fieldKey . "_PRINTABLE"] = $fieldValue;
             }
         }
         $arProperties = $objResult->GetProperties();
         foreach ($arProperties as $propertyKey => $propertyValue) {
             if (is_array($propertyValue["VALUE"])) {
                 $arResult["PROPERTY_" . $propertyKey] = array();
                 foreach ($propertyValue["VALUE"] as $k => $v) {
                     $arResult["PROPERTY_" . $propertyKey][$propertyValue["PROPERTY_VALUE_ID"][$k]] = $v;
                 }
             } else {
                 $arResult["PROPERTY_" . $propertyKey] = $propertyValue["VALUE"];
             }
             $arResult["PROPERTY_" . $propertyKey . "_PRINTABLE"] = $propertyValue["VALUE"];
             if (strlen($propertyValue["USER_TYPE"]) > 0) {
                 if ($propertyValue["USER_TYPE"] == "UserID") {
                     $arResult["PROPERTY_" . $propertyKey . "_PRINTABLE"] = CIntranetTasks::PrepareUserForPrint($propertyValue["VALUE"], $nameTemplate, $bShowLogin, $bShowTooltip, $arTooltipParams);
                 } else {
                     $arResult["PROPERTY_" . $propertyKey . "_PRINTABLE"] = $propertyValue["VALUE"];
                 }
             } elseif ($arField["PROPERTY_TYPE"] == "G") {
                 $arResult["PROPERTY_" . $propertyKey . "_PRINTABLE"] = array();
                 $vx = CIntranetTasks::PrepareSectionForPrint($propertyValue["VALUE"], $propertyValue["LINK_IBLOCK_ID"]);
                 foreach ($vx as $vx1 => $vx2) {
                     $arResult["PROPERTY_" . $propertyKey . "_PRINTABLE"][$vx1] = $vx2["NAME"];
                 }
             } elseif ($propertyValue["PROPERTY_TYPE"] == "L") {
                 $arResult["PROPERTY_" . $propertyKey] = array();
                 $arPropertyValue = $propertyValue["VALUE"];
                 $arPropertyKey = $propertyValue["VALUE_ENUM_ID"];
                 if (!is_array($arPropertyValue)) {
                     $arPropertyValue = array($arPropertyValue);
                     $arPropertyKey = array($arPropertyKey);
                 }
                 for ($i = 0, $cnt = count($arPropertyValue); $i < $cnt; $i++) {
                     $arResult["PROPERTY_" . $propertyKey][$arPropertyKey[$i]] = $arPropertyValue[$i];
                 }
                 $arResult["PROPERTY_" . $propertyKey . "_PRINTABLE"] = $arResult["PROPERTY_" . $propertyKey];
             } elseif ($propertyValue["PROPERTY_TYPE"] == "S" && $propertyValue["ROW_COUNT"] > 1) {
                 if (is_array($propertyValue["VALUE"])) {
                     $arResult["PROPERTY_" . $propertyKey] = array();
                     $arResult["PROPERTY_" . $propertyKey . "_PRINTABLE"] = array();
                     if ($isInSecurity) {
                         foreach ($propertyValue["~VALUE"] as $k => $v) {
                             $filter = new CSecurityFilter();
                             $arResult["PROPERTY_" . $propertyKey . "_PRINTABLE"][$k] = $filter->TestXSS($v, 'replace');
                             $arResult["PROPERTY_" . $propertyKey][$k] = $arResult["PROPERTY_" . $propertyKey . "_PRINTABLE"][$k];
                         }
                     } else {
                         foreach ($propertyValue["VALUE"] as $k => $v) {
                             $arResult["PROPERTY_" . $propertyKey . "_PRINTABLE"][$k] = nl2br($v);
                             $arResult["PROPERTY_" . $propertyKey][$k] = $v;
                         }
                     }
                 } else {
                     if ($isInSecurity) {
                         $filter = new CSecurityFilter();
                         $arResult["PROPERTY_" . $propertyKey . "_PRINTABLE"] = $filter->TestXSS($propertyValue["~VALUE"], 'replace');
                         $arResult["PROPERTY_" . $propertyKey] = $arResult["PROPERTY_" . $propertyKey . "_PRINTABLE"];
                     } else {
                         $arResult["PROPERTY_" . $propertyKey . "_PRINTABLE"] = nl2br($propertyValue["VALUE"]);
                         $arResult["PROPERTY_" . $propertyKey] = $propertyValue["VALUE"];
                     }
                 }
             }
         }
         $arResult["ROOT_SECTION_ID"] = 0;
         $arResult["IBLOCK_SECTION_ID_PRINTABLE"] = array();
         $v = CIntranetTasks::PrepareSectionForPrint($arResult["IBLOCK_SECTION_ID"]);
         foreach ($v as $k1 => $v1) {
             if ($arResult["ROOT_SECTION_ID"] == 0) {
                 $arResult["ROOT_SECTION_ID"] = $k1;
                 $arResult["TaskType"] = $v1["XML_ID"] == "users_tasks" ? "user" : "group";
                 $arResult["OwnerId"] = $arResult["TaskType"] == "user" ? $arResult["PROPERTY_TaskAssignedTo"] : $v1["XML_ID"];
             } else {
                 $arResult["IBLOCK_SECTION_ID_PRINTABLE"][$k1] = $v1["NAME"];
             }
         }
     }
     return $arResult;
 }
Example #15
0
     $arResult["Task"][$fieldKey] = array();
     if (is_array($arFields[$fieldKey])) {
         foreach ($arFields[$fieldKey] as $v) {
             if (array_key_exists($v, $arField["Options"])) {
                 $arResult["Task"][$fieldKey][$v] = $arField["Options"][$v];
             }
         }
     } else {
         if (array_key_exists($arFields[$fieldKey], $arField["Options"])) {
             $arResult["Task"][$fieldKey][$arFields[$fieldKey]] = $arField["Options"][$arFields[$fieldKey]];
         }
     }
     $arResult["Task"][$fieldKey . "_PRINTABLE"] = $arResult["Task"][$fieldKey];
 } elseif ($arField["Type"] == "text") {
     if ($isInSecurity) {
         $filter = new CSecurityFilter();
         if (is_array($arFields[$fieldKey])) {
             foreach ($arFields[$fieldKey] as $k => $v) {
                 $arResult["Task"][$fieldKey][$k] = $filter->TestXSS($v);
             }
         } else {
             $arResult["Task"][$fieldKey] = $filter->TestXSS($arFields[$fieldKey]);
         }
     } else {
         if (is_array($arFields[$fieldKey])) {
             foreach ($arFields[$fieldKey] as $k => $v) {
                 $arResult["Task"][$fieldKey][$k] = htmlspecialcharsbx($v);
             }
         } else {
             $arResult["Task"][$fieldKey] = htmlspecialcharsbx($arFields[$fieldKey]);
         }