Develop

admin/AJAX_lookup_handler.php

@@ -34,7 +34,11 @@
 require SB . 'admin/default/session_check.inc.php';
 
 // receive json data if $_POST data empty
-if (empty($_POST)) $_POST = json_decode(file_get_contents('php://input'), true);
+$rawInput = false;
+if (empty($_POST)) {
+	$rawInput = true;
+	$_POST = json_decode(file_get_contents('php://input'), true);
+}
 
 // list limit
 $limit = 20;
@@ -45,7 +49,8 @@
 if (isset($_POST['keywords']) and !empty($_POST['keywords'])) {
 	$keywords = $dbs->escape_string(urldecode(ltrim($_POST['keywords'])));
 } else {
-	$keywords = '';
+	if ($rawInput == false) exit('<option value="0">' . __('Keyword can\'t be empty') . '</option>');
+	else exit(json_encode(array('id' => 0, 'text' => __('Keyword can\'t be empty'))));
 }
 
 // explode table fields data

admin/AJAX_vocabolary_control.php

@@ -43,7 +43,7 @@
 if (isset($_POST['keywords']) and !empty($_POST['keywords'])) {
 	$keywords = $dbs->escape_string(urldecode(ltrim($_POST['keywords'])));
 } else {
-	$keywords = '';
+	exit('<option value="0">' . __('Keyword can\'t be empty') . '</option>');
 }
 
 // explode table fields data

admin/logout.php

@@ -30,7 +30,11 @@
 // start the session
 require SB.'admin/default/session.inc.php';
 
-if(!isset($_SESSION['uid'])) header('location: ../index.php');
+
+if(!isset($_SESSION['uid'])) {
+    header('location: ../index.php');
+    exit;
+}
 
 // write log
 utility::writeLogs($dbs, 'staff', $_SESSION['uid'], 'system', $_SESSION['realname'].' Log Out from application from address '.ip());

admin/modules/bibliography/index.php

@@ -244,6 +244,9 @@ function getimagesizefromstring($string_data)
                 // destroy it if failed
                 if (!empty($images->getError())) $images->destroyIfFailed();
 
+                // remove exif data
+                if (empty($images->getError())) $images->cleanExifInfo();
+
             })->as('docs/' . strtolower('cover_'. preg_replace("/[^a-zA-Z0-9]+/", "-", $img_title)));
 
 

admin/modules/bibliography/p2p.php

@@ -391,7 +391,7 @@ class="s-btn btn btn-default"/>
 
       $server = urlencode($p2pserver);
 
-      $detail = '<a class="s-btn btn btn-default btn-sm notAJAX openPopUp" href="modules/bibliography/pop_p2p.php?uri='.$server.'&biblioID='.$record['id'].'" title="detail">'.__('Detail').'</a>';
+      $detail = '<a class="s-btn btn btn-default btn-sm notAJAX openPopUp" href="modules/bibliography/pop_p2p.php?uri='.$serverid.'&biblioID='.$record['id'].'" title="detail">'.__('Detail').'</a>';
       $title_content = '<div class="media">
                     <img class="mr-3 rounded" src="'.$image_uri.'" alt="'.$image_uri.'" loading="lazy" style="height:70px;">
                     <div class="media-body">

admin/modules/bibliography/pop_p2p.php

@@ -5,7 +5,7 @@
  * @File name           : pop_chart.php
  */
 
-
+use SLiMS\Url;
 /* Detail P2P result Pop Windows */
 
 // key to authenticate
@@ -32,7 +32,30 @@
   die('<div class="errorBox">'.__('You are not authorized to view this section').'</div>');
 }
 
-$detail_uri = $_GET['uri'] . "/index.php?p=show_detail&inXML=true&id=" . $_GET['biblioID'];
+function cleanUrl($url)
+{
+  $Url = Url::parse($url);
+
+  return $Url->getScheme() . '://' . // http or https
+         // localhost, ip, or domain       
+         $Url->getDomain() .
+         // http standart port (80 & 443) or non http standart port
+         (!is_null($Url->getPort()) ? ':' . $Url->getPort() : '') .
+         // path
+         (substr($Url->getPath(), -1) == '/' ? $Url->getPath() . '' : $Url->getPath() . '/');
+}
+
+// get servers
+$server_q = $dbs->query('SELECT name, uri FROM mst_servers WHERE server_type = 1 ORDER BY name ASC');
+while ($server = $server_q->fetch_assoc()) {
+  if (Url::isValid($server['uri'])) $sysconf['p2pserver'][] = array('uri' => $server['uri'], 'name' => $server['name']);
+}
+
+$serverId = (int)$_GET['uri'];
+if (!isset($sysconf['p2pserver'][$serverId])) die('<div id="alert alert-danger">' . __('P2P Server URL is not exists!') . '</div>');
+$url = cleanUrl($sysconf['p2pserver'][$serverId]['uri']);
+
+$detail_uri = $url . "/index.php?p=show_detail&inXML=true&id=" . ((int)$_GET['biblioID']);
 // parse XML
 $data = modsXMLsenayan($detail_uri, 'uri');
 
@@ -69,7 +92,7 @@
 	}
 	echo '<tr><td width="20%">'.__('Topics').'</td><td>'.substr($topic_str,0,-4).'</td></tr>';
 	echo '</table>';
-	echo '<a class="btn btn-sm btn-info" target="_BLANK" href="'.$_GET['uri'].'/index.php?p=show_detail&id='.$_GET['biblioID'].'">Original URi</a></div>'."<br/>";
+	echo '<a class="btn btn-sm btn-info" target="_BLANK" href="'.$detail_uri.'/index.php?p=show_detail&id='.((int)$_GET['biblioID']).'">Original URi</a></div>'."<br/>";
 
 /* main content end */
 $content = ob_get_clean();

admin/modules/circulation/loan_rules.php

@@ -53,14 +53,14 @@
 
 /* RECORD OPERATION */
 if (isset($_POST['saveData'])) {
-    $data['member_type_id'] = $_POST['memberTypeID'];
-    $data['coll_type_id'] = $_POST['collTypeID'];
-    $data['gmd_id'] = $_POST['gmdID'];
-    $data['loan_limit'] = trim($_POST['loanLimit']);
-    $data['loan_periode'] = trim($_POST['loanPeriode']);
-    $data['reborrow_limit'] = trim($_POST['reborrowLimit']);
-    $data['fine_each_day'] = trim($_POST['fineEachDay']);
-    $data['grace_periode'] = trim($_POST['gracePeriode']);
+    $data['member_type_id'] = $dbs->escape_string($_POST['memberTypeID']);
+    $data['coll_type_id'] = $dbs->escape_string($_POST['collTypeID']);
+    $data['gmd_id'] = $dbs->escape_string($_POST['gmdID']);
+    $data['loan_limit'] = $dbs->escape_string(trim($_POST['loanLimit']));
+    $data['loan_periode'] = $dbs->escape_string(trim($_POST['loanPeriode']));
+    $data['reborrow_limit'] = $dbs->escape_string(trim($_POST['reborrowLimit']));
+    $data['fine_each_day'] = $dbs->escape_string(trim($_POST['fineEachDay']));
+    $data['grace_periode'] = $dbs->escape_string(trim($_POST['gracePeriode']));
     $data['input_date'] = date('Y-m-d');
     $data['last_update'] = date('Y-m-d');
     // create sql op object

admin/modules/membership/index.php

@@ -199,6 +199,9 @@ function getimagesizefromstring($string_data)
             // destroy it if failed
             if (!empty($image->getError())) $image->destroyIfFailed();
 
+            // remove exif from image
+            if (empty($image->getError())) $image->cleanExifInfo();
+
           })->as('persons/' . 'member_'.$data['member_id']);
 
           if ($upload->getUploadStatus()) {

admin/modules/system/biblio_indexer.inc.php

@@ -174,7 +174,7 @@ public function makeIndex($int_biblio_id)
 		$au_all = '';
 		$au_sql = 'SELECT ba.biblio_id, ba.level, au.author_name AS `name`, au.authority_type AS `type`
           	FROM biblio_author AS ba LEFT JOIN mst_author AS au ON ba.author_id = au.author_id
-          	WHERE ba.biblio_id =' . $int_biblio_id;
+          	WHERE ba.biblio_id =' . $int_biblio_id . ' ORDER BY ba.level ASC';
 		$au_id = $this->obj_db->query($au_sql);
 		while ($rs_au = $au_id->fetch_assoc()) {
 			$au_all .= $rs_au['name'] . ' - ';

admin/modules/system/module_priv_form_adv.inc.php

@@ -16,9 +16,10 @@
 ?>
     <div class="accordion" id="accordionExample">
         <?php $n = 0; while ($module_data = $module_query->fetch_assoc()): ?>
+         <?php $bs4AriaComponentName = strtolower(str_replace(' ', '-', $module_data['module_name'])); ?>
         <div class="card">
             <div class="card-header d-flex justify-content-between align-items-center" id="headingOne">
-                <button class="btn btn-link btn-block text-left" type="button" data-toggle="collapse" data-target="#<?= $module_data['module_path'] ?>" aria-expanded="true" aria-controls="<?= $module_data['module_path'] ?>">
+                <button class="btn btn-link btn-block text-left" type="button" data-toggle="collapse" data-target="#<?= $bs4AriaComponentName ?>" aria-expanded="true" aria-controls="<?= $bs4AriaComponentName ?>">
                     <?= __(ucwords(str_replace('_', ' ', $module_data['module_name']))) ?>
                 </button>
 
@@ -40,24 +41,24 @@
 
                 <div class="d-flex">
                     <div class="custom-control custom-switch mr-4">
-                        <input name="read[]" value="<?= $module_data['module_id'] ?>" <?= $read_checked ?> type="checkbox" class="custom-control-input" id="read-<?= $module_data['module_path'] ?>">
-                        <label class="custom-control-label" for="read-<?= $module_data['module_path'] ?>"><?= __('Read') ?></label>
+                        <input name="read[]" value="<?= $module_data['module_id'] ?>" <?= $read_checked ?> type="checkbox" class="custom-control-input" id="read-<?= $bs4AriaComponentName ?>">
+                        <label class="custom-control-label" for="read-<?= $bs4AriaComponentName ?>"><?= __('Read') ?></label>
                     </div>
                     <div class="custom-control custom-switch">
-                        <input name="write[]" value="<?= $module_data['module_id'] ?>" <?= $write_checked ?> type="checkbox" class="custom-control-input" id="write-<?= $module_data['module_path'] ?>">
-                        <label class="custom-control-label" for="write-<?= $module_data['module_path'] ?>"><?= __('Write') ?></label>
+                        <input name="write[]" value="<?= $module_data['module_id'] ?>" <?= $write_checked ?> type="checkbox" class="custom-control-input" id="write-<?= $bs4AriaComponentName ?>">
+                        <label class="custom-control-label" for="write-<?= $bs4AriaComponentName ?>"><?= __('Write') ?></label>
                     </div>
                 </div>
             </div>
 
-            <div id="<?= $module_data['module_path'] ?>" class="collapse <?= $n < 1 ? 'show' : '' ?>" aria-labelledby="headingOne" data-parent="#accordionExample">
+            <div id="<?= $bs4AriaComponentName ?>" class="collapse <?= $n < 1 ? 'show' : '' ?>" aria-labelledby="headingOne" data-parent="#accordionExample">
                     <?php
                     $menu = [];
                     $_ = '__';
                     $submenu_path = MDLBS . $module_data['module_path'] . '/submenu.php';
                     $for_select_privileges = true;
                     if (file_exists($submenu_path)) include $submenu_path;
-                    $menuID = 'prev-'.$module_data['module_path'];
+                    $menuID = 'prev-'.$bs4AriaComponentName;
                     $submenu = '<ul class="list-group list-group-flush" id="'.$menuID.'">';
                     $submenu .= '<li class="list-group-item text-bold d-flex justify-content-between">';
                     $submenu .= '<span>'.__('Enable or disable submenu').'</span>';
@@ -71,7 +72,7 @@
                     $submenu .= '</li>';
 
                     // load submenu from plugins
-                    $plugin_menus = \SLiMS\Plugins::getInstance()->getMenus($module_data['module_path']);
+                    $plugin_menus = \SLiMS\Plugins::getInstance()->getMenus(str_replace(' ', '_', $module_data['module_name']));
                     $menu = array_merge($menu, $plugin_menus);
 
                     foreach ($menu as $item) {

admin/modules/system/plugin_action.php

@@ -12,6 +12,7 @@
 use SLiMS\Plugins;
 use SLiMS\Parcel\Package;
 use SLiMS\Migration\Runner;
+use SLiMS\Migration\Action;
 use SLiMS\Filesystems\Storage;
 
 define('INDEX_AUTH', 1);
@@ -78,6 +79,8 @@
         })[$id] ?? die(isset($_POST['format']) ? json_encode(['status' => false, 'message' => __('Plugin not found')]) : toastr(__('Plugin not found'))->error());
 
     try {
+        if ($plugin->action->is_exist) Action::setDirectory($plugin->action->directory);
+
         if ($_POST['enable']) {
             $options = ['version' => $plugin->version];
 
@@ -93,14 +96,21 @@
                 $query->bindValue(':options', null);
             }
 
+            if ($plugin->action->is_exist) $action = Action::preEnable();
+
             $query->bindValue(':id', $id);
             $query->bindValue(':path', $plugin->path);
             $query->bindValue(':created_at', date('Y-m-d H:i:s'));
             $query->bindValue(':deleted_at', null);
             $query->bindValue(':uid', $_SESSION['uid']);
             $message = sprintf(__('Plugin %s enabled'), $plugin->name);
+            $run = $query->execute();
+
+            if ($plugin->action->is_exist) Action::postEnable();
 
         } else {
+            if ($plugin->action->is_exist) $action = Action::preDisable();
+
             if ($plugin->migration->is_exist && !$_POST['runDown']) {
                 $query = DB::getInstance()->prepare("UPDATE plugins SET deleted_at = :deleted_at WHERE id = :id");
                 $query->bindValue('deleted_at', date('Y-m-d H:i:s'));
@@ -112,9 +122,10 @@
             }
             $query->bindValue(':id', $id);
             $message = sprintf(__('Plugin %s disabled'), $plugin->name);
-        }
+            $run = $query->execute();
 
-        $run = $query->execute();
+            if ($plugin->action->is_exist) Action::postDisable();
+        }
 
         if (!$run) $message = __('Something error : turn on development mode to get more information');
 

admin/modules/system/plugins.php

@@ -187,6 +187,9 @@ function enablePlugin(e, m = false) {
 
             fetch('<?= MWB ?>system/plugin_action.php', {
                 method: 'POST',
+                headers: {
+                    "Content-Type": "application/json"
+                },
                 body: JSON.stringify({
                     format: 'json',
                     enable: e.target.checked,

files/.htaccess

@@ -6,3 +6,6 @@
         Header set Expires 0
     </FilesMatch>
 </IfModule>
+
+DirectoryIndex index.html
+php_flag engine off

images/.htaccess

@@ -0,0 +1,2 @@
+DirectoryIndex index.html
+php_flag engine off

install/SLiMS.inc.php

@@ -424,12 +424,20 @@ function createEnvFile()
     if ($writeEnv === false) throw new Exception("Cannot write env file. Create it manually in config directory based on env.sample.php", 403);
   }
 
-  function query($array, $types = [])
+  function query($array, $types = [], $role_number = 0)
   {
     $_return = [];
+    $stop = false;
     foreach ($types as $type) {
       if (array_key_exists($type, $array)) {
-        foreach ($array[$type] as $item) {
+        foreach ($array[$type] as $order => $item) {
+          // Continue iteration if query is successed previously
+          if (!isset($_SESSION['success_quries']['regular'][$role_number])) {
+            $_SESSION['success_quries']['regular'][$role_number] = [];
+          }
+
+          if (in_array($type . ' ' . $order, $_SESSION['success_quries']['regular'][$role_number])) continue;
+
           try {
             if (isset($_POST['engine']) && $_POST['engine'] !== 'MyISAM') 
             {
@@ -439,8 +447,9 @@ function query($array, $types = [])
             if (!$stmt) throw new Exception($this->db->error . '. Your syntax: ' . $item);
             $stmt->execute();
             $stmt->close();
+            $_SESSION['success_quries']['regular'][$role_number][] = $type . ' ' . $order;
           } catch (Exception $exception) {
-            $_return[] = $exception->getMessage();
+            $_return[] = $this->showErrorIfNeeded($exception, $role_number, $type . '-' . $order);
           }
         }
       }
@@ -449,20 +458,38 @@ function query($array, $types = [])
   }
 
 
-  function queryTrigger($array)
+  function queryTrigger($array, $role_number = 0)
   {
     $_return = [];
     foreach ($array as $key => $item) {
+      if (!isset($_SESSION['success_quries']['trigger'][$role_number])) {
+        $_SESSION['success_quries']['trigger'][$role_number] = [];
+      }
+      if (in_array($key, $_SESSION['success_quries']['trigger'][$role_number])) continue;
       try{
         $sql = $this->db->query($item);
         if(!$sql) throw new Exception($this->db->error . '. Your syntax: ' . $item);
+        $_SESSION['success_quries']['trigger'][$role_number][] = $key;
       } catch (Exception $exception) {
-        $_return[] = $exception->getMessage();
+        $_return[] = $this->showErrorIfNeeded($exception, $role_number, $key, 'trigger');
       }
     }
     return $_return;
   }
 
+  function showErrorIfNeeded($exception, $role_number, $order, $type = 'regular')
+  {
+    $excludeCodes = [1050, 1359,1060,1061,1091,1072];
+
+    $_is_exclude = in_array($exception->getCode(), $excludeCodes);
+
+    $message = 'Error ' . $role_number . '-' . $order . '-' . $exception->getCode() . ' > ' . $exception->getMessage();
+    return [
+      'priority_error' => ($_is_exclude === false ?  $message : null),
+      'optional_error' => ($_is_exclude === true ? $message : null)
+    ];
+  }
+
   function updateAdmin($username, $password)
   {
     $username = $this->db->escape_string($username);