function nf_testsuite_setvar1_posthandler($processid, $taskid, $userid, $projectid) { if ($processid > 0 and $taskid > 0) { $nfclass = new nexflow($processid, $userid); $nfclass->set_currentTaskid($taskid); $msg = $nfclass->get_taskOptionalParm(); $var1 = COM_applyFilter($_POST['var1'], true); $nfclass->set_processVariable('VAR1', $var1); $nfclass->complete_task($taskid); nf_changeLog("You set VAR1 to {$var1}. Verify the following messages line up!"); } }
$function_handler = COM_applyFilter($_POST['function_handler']); $prj_id = COM_applyFilter($_POST['projectid']); $taskid = COM_applyFilter($_POST['taskid']); $processid = COM_applyFilter($_POST['processid']); if (function_exists($function_handler)) { $errmsg = $function_handler($processid, $taskid, $usermodeUID, $prj_id); } echo taskconsoleShowNavbar('My Tasks'); echo display_mytasks(); break; case 'newRequest': $workFlowTemplate = COM_applyFilter($_REQUEST['wflow']); $workFlowOffset = COM_applyFilter($_REQUEST['offset']); $nfclass = new nexflow(); $newprocid = $nfclass->newprocess($workFlowTemplate, $workFlowOffset); $nfclass->set_processVariable('INITIATOR', $usermodeUID); echo COM_refresh($CONF_FE['post_url'] . '/index.php?op=edit&id=58&processid=' . $newprocid . '&taskid=0&usermodeuid=' . $usermodeUID); break; case 'reassignments': echo taskconsoleShowNavbar('My Tasks'); echo display_reassignedTasks(); break; case 'reclaimtask': $id = COM_applyFilter($_REQUEST['id'], true); //added assignBack_uid check in sql statement only to ensure authenticated user is requesting task back $sql = "SELECT a.task_id, a.uid, a.security_hash, b.fullname, b.email\r\n FROM {$_TABLES['nf_productionassignments']} a\r\n LEFT JOIN {$_TABLES['users']} b ON a.uid=b.uid\r\n WHERE id={$id} AND assignBack_uid={$_USER['uid']};"; $res = DB_query($sql); //should have 1 row return. Otherwise, user is either a) not the user //that is the assignback_uid or b) user has tampered with the url $A = DB_fetchArray($res); if ($A != FALSE) {