// Intertactive WorkFlow action - Execute CallBack Function $function_handler = COM_applyFilter($_POST['function_handler']); $prj_id = COM_applyFilter($_POST['projectid']); $taskid = COM_applyFilter($_POST['taskid']); $processid = COM_applyFilter($_POST['processid']); if (function_exists($function_handler)) { $errmsg = $function_handler($processid, $taskid, $usermodeUID, $prj_id); } echo taskconsoleShowNavbar('My Tasks'); echo display_mytasks(); break; case 'newRequest': $workFlowTemplate = COM_applyFilter($_REQUEST['wflow']); $workFlowOffset = COM_applyFilter($_REQUEST['offset']); $nfclass = new nexflow(); $newprocid = $nfclass->newprocess($workFlowTemplate, $workFlowOffset); $nfclass->set_processVariable('INITIATOR', $usermodeUID); echo COM_refresh($CONF_FE['post_url'] . '/index.php?op=edit&id=58&processid=' . $newprocid . '&taskid=0&usermodeuid=' . $usermodeUID); break; case 'reassignments': echo taskconsoleShowNavbar('My Tasks'); echo display_reassignedTasks(); break; case 'reclaimtask': $id = COM_applyFilter($_REQUEST['id'], true); //added assignBack_uid check in sql statement only to ensure authenticated user is requesting task back $sql = "SELECT a.task_id, a.uid, a.security_hash, b.fullname, b.email\r\n FROM {$_TABLES['nf_productionassignments']} a\r\n LEFT JOIN {$_TABLES['users']} b ON a.uid=b.uid\r\n WHERE id={$id} AND assignBack_uid={$_USER['uid']};"; $res = DB_query($sql); //should have 1 row return. Otherwise, user is either a) not the user //that is the assignback_uid or b) user has tampered with the url $A = DB_fetchArray($res);
$username = COM_getDisplayName($usermodeUID); echo COM_startBlock("Workflow Task Console for: {$username}", '', 'blockheader.thtml'); echo taskconsoleShowNavbar('Start Process'); $p = new Template($_CONF['path_layout'] . 'nexflow/admin'); $p->set_file(array('page' => 'startprocesses.thtml', 'record' => 'process_record.thtml')); $p->set_var('site_url', $_CONF['site_url']); $p->set_var('optional_parms', $optLinkVars); $tquery = DB_query("SELECT id,templateName FROM {$_TABLES["nf_template"]} ORDER BY id"); $i = 1; while (list($templateId, $templateName) = DB_fetchArray($tquery)) { $p->set_var('template_id', $templateId); $p->set_var('template_name', $templateName); $p->set_var('csscode', $i % 2 + 1); $p->parse('template_records', 'record', true); $i++; } if ($_GET['start'] != NULL) { $newProcess = $nfclass->newprocess($_GET['start']); if ($newProcess != NULL) { $nfclass->set_ProcessVariable('INITIATOR', $usermodeUID); $p->set_var('message', 'Process Started'); } else { $p->set_var('message', 'Error Starting Process'); } } else { $p->set_var('showmsg', 'none'); } $p->parse('output', 'page'); echo $p->finish($p->get_var('output')); echo COM_endBlock(); echo COM_siteFooter();