diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml new file mode 100644 index 000000000..fe461b424 --- /dev/null +++ b/.github/workflows/dependency-review.yml @@ -0,0 +1,20 @@ +# Dependency Review Action +# +# This Action will scan dependency manifest files that change as part of a Pull Request, surfacing known-vulnerable versions of the packages declared or updated in the PR. Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable packages will be blocked from merging. +# +# Source repository: https://github.com/actions/dependency-review-action +# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement +name: 'Dependency Review' +on: [pull_request] + +permissions: + contents: read + +jobs: + dependency-review: + runs-on: ubuntu-latest + steps: + - name: 'Checkout Repository' + uses: actions/checkout@v3 + - name: 'Dependency Review' + uses: actions/dependency-review-action@v2 diff --git a/application/config/form_validation.php b/application/config/form_validation.php new file mode 100644 index 000000000..1adbb27e3 --- /dev/null +++ b/application/config/form_validation.php @@ -0,0 +1,11 @@ +'; +$config['error_suffix'] = ''; diff --git a/application/controllers/admin/Catalog.php b/application/controllers/admin/Catalog.php index fad23ffdc..f86f50548 100644 --- a/application/controllers/admin/Catalog.php +++ b/application/controllers/admin/Catalog.php @@ -64,9 +64,14 @@ public function __construct() */ function index() { + // @TODO: Confirm Cleaning of Erros and Messages from previous Forms + $this->session->unset_userdata('error'); + $this->session->unset_userdata('message'); + $this->template->set_template('admin5'); //css files $inline_styles=$this->load->view('catalog/catalog_style',NULL, TRUE); + $this->template->add_css($inline_styles,'embed'); //js files @@ -299,30 +304,83 @@ private function get_temp_upload_folder() function upload() - { - $this->add_study(); - } - - /** - * Upload form for DDI (xml) file - * - * @return void - **/ - function add_study() { //user has permissions on the repo //$this->acl->user_has_repository_access($this->active_repo->id); $this->acl_manager->has_access_or_die('study', 'create',null,$this->active_repo->repositoryid); - $this->template->set_template('admin'); + // @TODO: File Validation Rules + // Files XML or RDF should be allowed in one field, they are exclusive + $this->form_validation->set_rules('userfile',t('msg_select_ddi'),'callback_upload_file_check'); + // RRE - One call back check both + //$this->form_validation->set_rules('rdf-file',t('msg_select_ddi'),'callback_upload_file_check'); + +// $this->form_validation->set_rules('userfile',t('msg_select_ddi'),'uploaded[userfile]|ext_in[userfile.xml]]'); +// $this->form_validation->set_rules('rdf-file',t('msg_select_ddi'),'uploaded[rdf-file]|mime_in[rdf-file.xml]|ext_in[rdf-file.xml]'); + + if ($this->form_validation->run() == FALSE) { - //show upload form when no DDI is uploaded - if(!$this->input->post("submit")){ + $this->template->set_template('admin'); $content=$this->load->view('catalog/ddi_upload_form', array('active_repo'=>$this->active_repo),true); $this->template->write('content', $content,true); $this->template->render(); return; + } else { + + $new_survey=$this->add_study(); + + if (!empty($new_survey)){ + // RRE Clear Errors + // @TODO: Review if messages should be unset too + $this->session->unset_userdata('error'); + //redirect('admin/catalog/edit/'.$result['sid'],'refresh'); + redirect('admin/catalog/edit/'.$new_survey,'refresh'); + return; + } + } + return redirect('admin/catalog/upload'); + } + + /** + * Upload Form Validation file + * + * @return TRUE | FALSE + * RRE - Validation runs for xml and rdf files + * Rules: $_FILES Array() + * fields: xml - userfile,rdf - rdf-file + * rdf files requires xml + * matching file names + **/ + function upload_file_check() + { + if (empty($_FILES['userfile']['name'])) { + $this->form_validation->set_message('upload_file_check','{field} '.t('msg_select_ddi')); + return FALSE; + } + + if (!empty($_FILES['rdf-file']['name'])) { + if (strtolower(basename($_FILES['rdf-file']['name'],'.rdf')) <> strtolower(basename($_FILES['userfile']['name'],'.xml'))) { + $this->form_validation->set_message('upload_file_check','{field} '.t('Files need to have the same Name')); + return FALSE; + } + } + return TRUE; + } + + /** + * Upload form for DDI (xml) file + * + * @return void + * @return Survey ID | NULL + * @TODO: Due a possible Duplicated Record Error or Parse Error + * Message should be returned to the form + **/ + function add_study() + { + // @TODO: Move the Form one level up, add_study calls the model + + //process form $overwrite=$this->input->post("overwrite"); $repositoryid=$this->input->post("repositoryid"); @@ -334,8 +392,8 @@ function add_study() $overwrite=FALSE; } - //process form - + // Uploads the xml File + // @TODO: review if the file should reamin in the directory after the process is executed $temp_upload_folder=$this->get_temp_upload_folder(); //upload class configurations for DDI @@ -346,8 +404,8 @@ function add_study() $this->load->library('upload', $config); - //process uploaded ddi file - $ddi_upload_result=$this->upload->do_upload(); + // @TODO: Review ONLY XML file is in this reference, RDF files ? or XML RDF pair? + $ddi_upload_result=$this->upload->do_upload('userfile'); $uploaded_ddi_path=NULL; @@ -356,7 +414,8 @@ function add_study() $error = $this->upload->display_errors(); $this->db_logger->write_log('ddi-upload',$error,'catalog'); $this->session->set_flashdata('error', $error); - redirect('admin/catalog/add_study','refresh'); + return NULL; + //redirect('admin/catalog/add_study','refresh'); } else //successful upload { @@ -380,7 +439,7 @@ function add_study() 'overwrite'=>$overwrite ); - try{ + try { //import ddi $result=$this->ddi2_import->import($params); @@ -389,22 +448,42 @@ function add_study() $this->events->emit('db.after.update', 'surveys', $result['sid'],'refresh'); $this->session->set_flashdata('success', $result); - redirect('admin/catalog/edit/'.$result['sid'],'refresh');return; + + //redirect('admin/catalog/edit/'.$result['sid'],'refresh');return; + return $result['sid']; } - catch(ValidationException $e){ + // @TODO: Find how to replicate this error + catch (ValidationException $e){ $error_output=array( 'status'=>'failed', 'message'=>$e->getMessage(), 'errors'=>$e->GetValidationErrors() ); - $error_str='Validation Error
'.print_r($e->GetValidationErrors(),true).'
'; +// RRE @TODO: Multiple errors in the xml validation + // $error_str='Validation Error
'.print_r($e->GetValidationErrors(),true).'
'; + $arr_errors=$e->GetValidationErrors(); + $error_str='Validation Error
';
+			foreach ($arr_errors as $key_error) {
+				$error_str.=$key_error['message'].'
';
+			}
+			$error_str.='
'; $this->session->set_flashdata('error', $error_str); - redirect('admin/catalog/add_study','refresh');return; + //redirect('admin/catalog/add_study','refresh');return; + //redirect('admin/catalog/upload','refresh'); + + return NULL; } - catch(Exception $e){ + catch (Exception $e){ $this->session->set_flashdata('error', $e->getMessage()); - redirect('admin/catalog/add_study','refresh');return; + //redirect('admin/catalog/add_study','refresh');return; + //redirect('admin/catalog/upload','refresh'); + return NULL; + } + finally { + // @TODO: Review if this is OK. + unlink($ddi_path); + } } @@ -422,7 +501,8 @@ private function upload_rdf_file($sid) $this->upload->initialize($config); //process uploaded rdf file - $rdf_upload_result=$this->upload->do_upload('rdf'); + //$rdf_upload_result=$this->upload->do_upload('rdf'); + $rdf_upload_result=$this->upload->do_upload('rdf-file'); $uploaded_rdf_path=''; @@ -480,9 +560,9 @@ private function __replace_ddi($sid,$new_ddi_file) 'file_type'=>'survey', 'file_path'=>$new_ddi_file ); - + $this->load->library('Metadata_parser', $parser_params); - + //parser to read metadata $parser=$this->metadata_parser->get_reader(); @@ -492,7 +572,7 @@ private function __replace_ddi($sid,$new_ddi_file) if ($new_idno!==$this->sanitize_filename($new_idno)){ throw new Exception(t('IDNO_INVALID_FORMAT').': '.$new_idno); } - + //check if the study already exists, find the sid $new_ddi_sid=$this->dataset_manager->find_by_idno($new_idno); @@ -637,14 +717,14 @@ function refresh($id=NULL) } } - + /** * * Clear files from the imports folder **/ function clear_import_folder() - { + { $this->load->helper('file'); $import_folder=$this->config->item('ddi_import_folder'); @@ -679,17 +759,16 @@ function process_batch_uploads() { //import folder path $import_folder=$this->config->item('ddi_import_folder'); - if (!file_exists($import_folder)){ show_error('FOLDER-NOT-SET'); } $config = array( - 'max_tmp_file_age' => 900, - 'max_execution_time' => 300, - 'target_dir' => $import_folder, + 'max_tmp_file_age' => 900, + 'max_execution_time' => 300, + 'target_dir' => $import_folder, 'allowed_extensions' =>'xml|rdf', - 'overwrite_file' =>TRUE + 'overwrite_file' =>TRUE ); $this->load->library('Chunked_uploader', $config, 'uploader'); @@ -719,7 +798,6 @@ function process_batch_uploads() } - /** * Imports multiple ddi files from the server folder * @@ -738,20 +816,27 @@ function batch_import() $import_folder=$this->config->item('ddi_import_folder'); if (!file_exists($import_folder) ){ - $import_folder="/datasets"; + // @TODO: Review datasets directory does not exist either + // @TODO: Review if this default should set config->item('ddi_import_folder') + // The next calls to config->item('ddi_import_folder') will fail if this is not set. + // $import_folder="/datasets"; + $import_folder="/datafiles/tmp"; } //read files $files['files']=get_dir_file_info($import_folder); if ( $files['files']){ - foreach($files['files'] as $key=>$value){ - if (substr($value['name'],-4)!='.xml'){ + foreach($files['files'] as $key=>$value){ + //if (substr($value['name'],-4)!='.xml'){ + //if (! in_array(pathinfo($value['name'], PATHINFO_EXTENSION), array('xml','rdf'))) { + if (! in_array(pathinfo($value['name'], PATHINFO_EXTENSION), array('xml'))) { + // @TODO: Check if rdf files should be processed unset($files['files'][$key]); } } } - + $options=array( 'repositories'=>$this->Repository_model->select_all(), 'files'=>$files['files'], @@ -791,10 +876,10 @@ function do_batch_import() echo json_encode(array('error'=>t('REPO_ACCESS_DENIED')) ); exit; } - + $this->load->model("Data_file_model"); $this->load->library('DDI2_import'); - + $user=$this->ion_auth->current_user(); $ddi_path=$ddi_file; @@ -826,7 +911,7 @@ function do_batch_import() 'message'=>$e->getMessage(), 'errors'=>$e->GetValidationErrors() ); - + $error=print_r($e->GetValidationErrors(),true); echo json_encode(array('error'=>$error) ); die(); @@ -838,7 +923,7 @@ function do_batch_import() } } - + /** * diff --git a/application/libraries/Chunked_uploader.php b/application/libraries/Chunked_uploader.php index 2bf4e6a38..a5d658bd1 100644 --- a/application/libraries/Chunked_uploader.php +++ b/application/libraries/Chunked_uploader.php @@ -329,7 +329,7 @@ class Chunked_upload_request { private $_file_type; // mime-type of file /** - * Initialises new object with values from the $_REQUEST and + * Initialises new object with values from the $_REQUEST and * $_SERVER arrays */ @@ -344,12 +344,18 @@ public function __construct() $this->_file_type = isset($_SERVER['HTTP_X_FILE_TYPE']) ? $_SERVER['HTTP_X_FILE_TYPE'] : ''; + + // @TODO: Fatal error: Unparenthesized 'a ? b : c ? d : e' is not supported. + // Use either '(a ? b : c) ? d : e' or 'a ? b : (c ? d : e) // attempt to get file name from $_REQUEST, otherwise look for X_FILE_NAME header $name = isset($_REQUEST["name"]) ? $_REQUEST["name"] - : (isset($_SERVER['HTTP_X_FILE_NAME']) + : ( + (isset($_SERVER['HTTP_X_FILE_NAME']) ? $_SERVER['HTTP_X_FILE_NAME'] - : 'file'); + : 'file') + ); + // clean the filename for security $this->_name = preg_replace('/[^\w\._]+/', '_', $name); // attempt to get the content-type from $_SERVER array @@ -362,7 +368,7 @@ public function __construct() /** * Returns the original filename (from client machine) - * @return string file name + * @return string file name */ public function get_name() { @@ -426,4 +432,4 @@ public function is_multipart() } /* End of file Chunked_uploader.php */ -/* Location: /sparks/chunked_uploader/0.0.1/libraries/Chunked_uploader.php */ \ No newline at end of file +/* Location: /sparks/chunked_uploader/0.0.1/libraries/Chunked_uploader.php */ diff --git a/application/views/catalog/batch_file_upload.php b/application/views/catalog/batch_file_upload.php index fe37534f5..24b9bbb49 100644 --- a/application/views/catalog/batch_file_upload.php +++ b/application/views/catalog/batch_file_upload.php @@ -6,8 +6,7 @@ // Convert divs to queue widgets when the DOM is ready $(function() { - function log() - { + function log() { } $("#uploader").pluploadQueue({ @@ -21,9 +20,11 @@ function log() multipart_params: { 'upload_folder': 'default', 'overwrite':0}, // Specify what files to browse for - filters : [ + filters : { + mime_types: [ {title : "External Resources", extensions : ""} - ], + ] + }, // Flash settings flash_swf_url : 'javascript/plupload/js/Moxie.swf', @@ -79,12 +80,12 @@ function log() FileUploaded: function(up, file, info) { // Called when a file has finished uploading - //console.log('[FileUploaded] File:', file, "Info:", info); + console.log('[FileUploaded] File:', file, "Info:", info); }, ChunkUploaded: function(up, file, info) { // Called when a file chunk has finished uploading - //log('[ChunkUploaded] File:', file, "Info:", info); + log('[ChunkUploaded] File:', file, "Info:", info); }, UploadComplete: function (up, file) { diff --git a/application/views/catalog/ddi_batch_import.php b/application/views/catalog/ddi_batch_import.php index 442b09f51..1b830d015 100644 --- a/application/views/catalog/ddi_batch_import.php +++ b/application/views/catalog/ddi_batch_import.php @@ -15,49 +15,68 @@ } ?> -'xml,rdf', - 'destination_url' =>'admin/catalog/batch_import', - 'upload_url' =>'admin/catalog/process_batch_uploads' + 'destination_url' =>'admin/catalog/batch_import', + 'upload_url' =>'admin/catalog/process_batch_uploads' ); $batch_uploader=$this->load->view('catalog/batch_file_upload',$batch_upload_options,TRUE); ?>
-session->flashdata('error');?> -'.$error.'
' : '';?> +session->flashdata('error'); ?> + +
+ +
+ + +session->flashdata('message');?> + +
+ +
+

-
- config->item('ddi_import_folder'));?> +
+ + config->item('ddi_import_folder'));?>
-
- +
- +
-
- +
+
@@ -66,13 +85,13 @@
- | + |
- +
@@ -93,7 +112,7 @@ diff --git a/application/views/catalog/ddi_upload_form.php b/application/views/catalog/ddi_upload_form.php index a4c8bc0e2..a71d2c386 100644 --- a/application/views/catalog/ddi_upload_form.php +++ b/application/views/catalog/ddi_upload_form.php @@ -24,39 +24,52 @@
-session->flashdata('error');?> -'.$error.'
' : '';?> +session->flashdata('error'); ?> + +
+ +
+session->flashdata('message');?> -'.$message.'' : '';?> + +
+ +
+ +
-

- +

+

- 'form') );?> - + 'form') );?> -
- - - (MB) -
+ +
+ + + (MB) +
-
- - -
+
+ + + (MB) +
-
- -
+
+ " /> + +
@@ -66,9 +79,9 @@

- -
+ +
@@ -80,7 +93,7 @@ - +
@@ -88,4 +101,4 @@
-
\ No newline at end of file + diff --git a/application/views/catalog/edit_study.php b/application/views/catalog/edit_study.php index 6ae35a347..d144d6bb1 100644 --- a/application/views/catalog/edit_study.php +++ b/application/views/catalog/edit_study.php @@ -52,8 +52,8 @@ function toggle(element){ //study publish/unpublish $(document.body).on("click","#survey .publish, .survey-publish .publish", function(){ var studyid=$(this).attr("data-sid"); - if ($(this).attr("data-value")==0){ - $this=this; + if ($(this).attr("data-value")==0){ + $this=this; $.post(CI.base_url+'/admin/catalog/publish/'+studyid+'/1?ajax=1', {submit:"submit"}, function( data ) { $($this).attr("data-value",1); $($this).html(""); @@ -65,7 +65,7 @@ function toggle(element){ }); } else{ - $this=this; + $this=this; $.post(CI.base_url+'/admin/catalog/publish/'+studyid+'/0?ajax=1', {submit:"submit"}, function( data ) { $($this).html(""); $($this).attr("data-value",0); @@ -617,13 +617,16 @@ function set_data_access_display(el)
- -session->flashdata('error');?> -'.$error.'
' : '';?> + +
+ + +
+session->flashdata('message');?> -
+
@@ -637,7 +640,7 @@ function set_data_access_display(el)
- +

diff --git a/application/views/catalog/index.php b/application/views/catalog/index.php index a7291ac52..36997effb 100644 --- a/application/views/catalog/index.php +++ b/application/views/catalog/index.php @@ -11,11 +11,23 @@
load->view('catalog/catalog_page_links');?> -session->flashdata('error');?> -'.$error.'
' : '';?> +session->flashdata('error'); ?> + +
+ +
+ session->flashdata('message');?> -'.$message.'
' : '';?> + +
+ +
+