Merge pull request #1 from Coral-erm/master

Sync with master

licensing/install/UPGRADE_README

@@ -1,4 +1,20 @@
-The following file contains notes on specific upgrades.  For full instructions on how to run an upgrade, refer to the technical documentation available at http://erm.library.nd.edu.
+The following file contains notes on specific upgrades.  For full instructions on how to run an upgrade, refer to the technical documentation available at http://coral-erm.org
+
+**************************************************************************************************
+****
+****
+****  UPGRADING FROM CORAL LICENSING VERSION 1.3 TO 1.4
+****
+****
+**************************************************************************************************
+
+This upgrade contains coding and no database structure changes.
+The 1.4 version includes:
+    * Licensing module can now be translated. The French translation is provided (but still need some polishing)
+    * some forms are now checked to prevent validating empty forms
+
+This version is the last one released as a single module. Next versions will be able from https://github.com/Coral-erm/Coral, the ndlibersa is deprecated.
+
 
 **************************************************************************************************
 ****

licensing/install/protected/update_NEXT.sql

@@ -0,0 +1,2 @@
+ALTER TABLE `SFXProvider` CHANGE `SFXProvider` `sfxProvider` INT(10) UNSIGNED NOT NULL AUTO_INCREMENT;
+ALTER TABLE `Expression` CONVERT TO CHARACTER SET utf8 COLLATE utf8_general_ci;

licensing/templates/footer.php

@@ -1,7 +1,7 @@
 <?php
 /*
 **************************************************************************************************************************
-** CORAL Licensing Module v. 1.0
+** CORAL Licensing Module v. 1.4
 **
 ** Copyright (c) 2010 University of Notre Dame
 **
@@ -18,7 +18,7 @@
 ?>
 
 <br />
-<div class="footer">Copyright &copy; 2015. Licensing Module version 1.3<br/><a href="http://coral-erm.org/">CORAL Project Website</a> | <a href="https://github.com/ndlibersa/licensing">GitHub Site</a></div>
+<div class="footer">Copyright &copy; 2015. Licensing Module version 1.4<br/><a href="http://coral-erm.org/">CORAL Project Website</a> | <a href="https://github.com/ndlibersa/licensing">GitHub Site</a></div>
 </div>
 
 </td>

management/install/SECURITY-Enforce-redirect-to-login-page.patch

@@ -0,0 +1,20 @@
+diff --git a/user.php b/user.php
+index eb895d0..76963cf 100644
+--- a/user.php
++++ b/user.php
+@@ -56,6 +56,7 @@ $sessionID = $util->getSessionCookie();
+ 		$authURL = $util->getCORALURL() . "auth/" . $addURL . htmlentities($_SERVER['REQUEST_URI']);
+ 		header('Location: ' . $authURL, true);
+
++		exit; //PREVENT SECURITY HOLE
+ 	}
+
+
+@@ -105,6 +106,7 @@ if ($loginID){
+ 	//if the user doesn't exist in database we need to redirect them to a page to give instructions on how to be added
+ 	if ($user->privilegeID == ""){
+ 		header('Location: not_available.php');
++		exit; //PREVENT SECURITY HOLE
+ 	}
+ }
+

management/install/UPGRADE_README

@@ -0,0 +1,18 @@
+The following file contains notes on specific upgrades.  For full instructions on how to run an upgrade, refer to the technical documentation available at http://coral-erm.org
+
+**************************************************************************************************
+****
+****
+****  UPGRADING FROM CORAL MANAGEMENT VERSION 1.0 TO 1.1
+****
+****
+**************************************************************************************************
+
+This upgrade contains coding and database structure changes.
+
+To install this upgrade, simply run the file install/upgrade_1.1.sql into MySQL located in the install directory. The database changes will be run immediatly.
+
+This release includes translatability of the module. French translation is provided
+
+This version is the last one released as a single module. Next versions will be able from https://github.com/Coral-erm/Coral, the ndlibersa repository is deprecated.
+

management/user.php

@@ -55,7 +55,8 @@
 
 		$authURL = $util->getCORALURL() . "auth/" . $addURL . htmlentities($_SERVER['REQUEST_URI']);
 		header('Location: ' . $authURL, true);
-		exit("Redirecting to ". $authURL);
+
+		exit; //PREVENT SECURITY HOLE
 	}
 
 
@@ -105,6 +106,7 @@
 	//if the user doesn't exist in database we need to redirect them to a page to give instructions on how to be added
 	if ($user->privilegeID == ""){
 		header('Location: not_available.php');
+		exit; //PREVENT SECURITY HOLE
 	}
 }
 

organizations/install/SECURITY-Enforce-redirect-to-login-page.patch

@@ -0,0 +1,12 @@
+diff --git a/user.php b/user.php
+index 3d612e4..edba9d9 100644
+--- a/user.php
++++ b/user.php
+@@ -58,6 +58,7 @@ if ($config->settings->authModule == 'Y'){
+ 		$authURL = $util->getCORALURL() . "auth/" . $addURL . htmlentities($_SERVER['REQUEST_URI']);
+ 		header('Location: ' . $authURL, true);
+
++		exit; //PREVENT SECURITY HOLE
+ 	}
+
+

organizations/install/UPGRADE_README

@@ -5,18 +5,22 @@ The following file contains notes on specific upgrades.  For full instructions
 on how to run an upgrade, refer to the technical documentation available at
 http://coral-erm.org/documentation.
 
-UPGRADING FROM CORAL ORGANIZATIONS VERSION 1.2 TO 1.4
+UPGRADING FROM CORAL ORGANIZATIONS VERSION 1.2 TO 1.3
 -----------------------------------------------------
 
-No database changes are required for this upgrade.  The Organization module was verstioned to 1.4 to 
-compliment the Issues feature added to the Resources module.  In order to to use the
-Resource module Issues feature.  You need to update both your Resources and Organization module to 1.4.
-After upgrading your resources module to at least 1.4 and you will need to set the following value 
-in your configuration.ini file. Any other value for this variable will cause the 
-Organizations module to continue to use the Issue Log native to the Organizations module:
+This version of the Organization module includes database changes that
+compliment the Issues feature added to the Resources module version 1.4.  In
+order to to use the Resource module Issues feature, you need to update the
+Resources module to 1.4 and set the following value in the Organizations
+configuration.ini file. Any other value for this variable will cause the
+Organizations module to use the Issue Log native to the Organizations module:
 
     * resourcesIssues=Y 
 
+To install this upgrade, simply run the file 'upgrade.php' located in the
+install directory and enter the database information. The database changes
+will be installed automatically.
+
 UPGRADING FROM CORAL ORGANIZATIONS VERSION 1.1 TO 1.2
 -----------------------------------------------------
 
@@ -39,7 +43,7 @@ Database changes include:
     * Add view account tab indicator to User (for a future code-only upgrade)
 
 
-To install this upgrade, simple run the file 'upgrade.php' located in the
+To install this upgrade, simply run the file 'upgrade.php' located in the
 install directory and enter the database information. The database changes
 will be installed automatically.
 

organizations/install/update_NEXT.sql

@@ -0,0 +1,4 @@
+DROP TABLE IF EXISTS 'Country';
+DROP TABLE IF EXISTS 'State';
+
+UPDATE 'ContactRoleProfile' SET default_storage_engine = MyISAM AUTO_INCREMENT = 1;

organizations/install/upgrade.php

@@ -2,7 +2,7 @@
 //this script runs the upgrade process in 3 steps
 //for the next upgrade the file to be run will need to be detected.
 
-$sql_file = "upgrade_1_1.sql";
+$sql_file = "upgrade_1.3.sql";
 
 //take "step" variable to determine which step the current is
 $step = $_POST['step'];
@@ -124,12 +124,15 @@
 
 <?php if(!$step){ ?>
 
-	<h3>Welcome to the CORAL Organizations upgrade for Version 1.1!</h3>
-	This upgrade will connect to MySQL and run the CORAL Organizations structure changes. No changes to the configuration file are required.  Database structure changes include:
+	<h3>Welcome to the CORAL Organizations upgrade for Version 1.3!</h3>
+	This upgrade will connect to MySQL and run the CORAL Organizations structure changes. If you want to use the new Issues features in Resources module version 1.4, then you need to add the following line to the Organizations configuration file:
+    <ul>
+        <li>resourcesIssues=Y</li>
+    </ul>
+    Database changes for this version include:
 	<ul>
-		<li>Adding address field to contact and removing state and country fields</li>
-		<li>Update the address field to contain the previously used state and country data</li>
-		<li>Add view account tab indicator to User (for a future code-only upgrade)</li>
+		<li>Altering the IssueLog table to match the new IssueLog table in Resources v. 1.4</li>
+		<li>Adding the IssueLogType table</li>
 	</ul>
 
 	<br />
@@ -138,7 +141,7 @@
 	<br /><br />
 	To get started you should have:
 	<ul>
-		<li>Your MySQL Schema created for CORAL Organizations Module</li>
+		<li>Your CORAL Organizations Module upgraded to version 1.1 or higher</li>
 		<li>Host, username and password for MySQL with permissions to alter tables</li>
 	</ul>
 

organizations/install/upgrade_1.3.sql

@@ -0,0 +1,29 @@
+ALTER TABLE  `IssueLog` ADD  `issueLogTypeID` INT NULL AFTER  `organizationID` ;
+ALTER TABLE  `IssueLog` CHANGE  `issueDate`  `issueStartDate` DATE NULL DEFAULT NULL ;
+ALTER TABLE  `IssueLog` ADD  `issueEndDate` DATE NULL AFTER  `issueStartDate` ;
+CREATE INDEX `issueLogTypeId` ON `IssueLog` (`issueLogTypeID` ) ;
+
+CREATE TABLE IF NOT EXISTS  `IssueLogType` (
+  `issueLogTypeID` int(11) NOT NULL auto_increment,
+  `shortName` varchar(50) default NULL,
+  PRIMARY KEY  (`issueLogTypeID`),
+  UNIQUE KEY `issueLogTypeID` (`issueLogTypeID`)
+) ENGINE=MyISAM AUTO_INCREMENT=1 DEFAULT CHARSET=utf8;
+
+
+--ALTER DATABASE `_DATABASE_NAME_` CHARACTER SET utf8 COLLATE utf8_general_ci;
+ALTER TABLE `Alias` CONVERT TO CHARACTER SET utf8 COLLATE utf8_general_ci;
+ALTER TABLE `AliasType` CONVERT TO CHARACTER SET utf8 COLLATE utf8_general_ci;
+ALTER TABLE `Contact` CONVERT TO CHARACTER SET utf8 COLLATE utf8_general_ci;
+ALTER TABLE `ContactRole` CONVERT TO CHARACTER SET utf8 COLLATE utf8_general_ci;
+ALTER TABLE `ContactRoleProfile` CONVERT TO CHARACTER SET utf8 COLLATE utf8_general_ci;
+ALTER TABLE `ExternalLogin` CONVERT TO CHARACTER SET utf8 COLLATE utf8_general_ci;
+ALTER TABLE `ExternalLoginType` CONVERT TO CHARACTER SET utf8 COLLATE utf8_general_ci;
+ALTER TABLE `IssueLog` CONVERT TO CHARACTER SET utf8 COLLATE utf8_general_ci;
+ALTER TABLE `IssueLogType` CONVERT TO CHARACTER SET utf8 COLLATE utf8_general_ci;
+ALTER TABLE `Organization` CONVERT TO CHARACTER SET utf8 COLLATE utf8_general_ci;
+ALTER TABLE `OrganizationHierarchy` CONVERT TO CHARACTER SET utf8 COLLATE utf8_general_ci;
+ALTER TABLE `OrganizationRole` CONVERT TO CHARACTER SET utf8 COLLATE utf8_general_ci;
+ALTER TABLE `OrganizationRoleProfile` CONVERT TO CHARACTER SET utf8 COLLATE utf8_general_ci;
+ALTER TABLE `Privilege` CONVERT TO CHARACTER SET utf8 COLLATE utf8_general_ci;
+ALTER TABLE `User` CONVERT TO CHARACTER SET utf8 COLLATE utf8_general_ci;

organizations/templates/footer.php

@@ -28,6 +28,6 @@
 <div class="push">&nbsp;</div>
 </div>
 
-<div class="footer">Copyright &copy; 2015. Organizations Module version 1.4<br/><a href="http://coral-erm.org/">CORAL Project Website</a> | <a href="https://github.com/ndlibersa/organizations">GitHub Site</a></div>
+<div class="footer">Copyright &copy; 2015. Organizations Module version 1.3<br/><a href="http://coral-erm.org/">CORAL Project Website</a> | <a href="https://github.com/ndlibersa/organizations">GitHub Site</a></div>
 </body>
 </html>

organizations/user.php

@@ -57,7 +57,8 @@
 
 		$authURL = $util->getCORALURL() . "auth/" . $addURL . htmlentities($_SERVER['REQUEST_URI']);
 		header('Location: ' . $authURL, true);
-		exit("Redirecting to ". $authURL);
+
+		exit; //PREVENT SECURITY HOLE
 	}
 
 

resources/install/SECURITY-Enforce-redirect-to-login-page.patch

@@ -0,0 +1,12 @@
+diff --git a/user.php b/user.php
+index 3bbbad6..1a4111c 100644
+--- a/user.php
++++ b/user.php
+@@ -53,6 +53,7 @@ if ($config->settings->authModule == 'Y'){
+ 		$authURL = $util->getCORALURL() . "auth/" . $addURL . htmlentities($_SERVER['REQUEST_URI']);
+ 		header('Location: ' . $authURL, true);
+
++		exit; //PREVENT SECURITY HOLE
+ 	}
+
+

resources/install/protected/install.sql

@@ -591,6 +591,83 @@ CREATE TABLE `CostDetails` (
 ) ENGINE=MyISAM AUTO_INCREMENT=1 DEFAULT CHARSET=utf8;
 
 
+DROP TABLE IF EXISTS `Issue`;
+CREATE TABLE `Issue` (
+  `issueID` int(11) NOT NULL AUTO_INCREMENT,
+  `creatorID` varchar(20) NOT NULL,
+  `subjectText` varchar(80) NOT NULL,
+  `bodyText` text NOT NULL,
+  `reminderInterval` int(11) DEFAULT NULL,
+  `dateCreated` datetime NOT NULL,
+  `dateClosed` datetime DEFAULT NULL,
+  `resolutionText` text,
+  PRIMARY KEY (`issueID`),
+  KEY `creatorID` (`creatorID`)
+) ENGINE=MyISAM DEFAULT CHARACTER SET = utf8 COLLATE = utf8_general_ci AUTO_INCREMENT=1;
+
+DROP TABLE IF EXISTS `IssueRelationship`;
+CREATE TABLE `IssueRelationship` (
+  `issueRelationshipID` int(11) NOT NULL AUTO_INCREMENT,
+  `issueID` int(11) NOT NULL,
+  `entityID` int(11) NOT NULL,
+  `entityTypeID` int(11) NOT NULL,
+  PRIMARY KEY (`issueRelationshipID`),
+  KEY `issueID` (`issueID`,`entityID`,`entityTypeID`)
+) ENGINE=MyISAM DEFAULT CHARACTER SET = utf8 COLLATE = utf8_general_ci AUTO_INCREMENT=1;
+
+
+DROP TABLE IF EXISTS `IssueEntityType`;
+CREATE TABLE `IssueEntityType` (
+  `entityTypeID` int(11) NOT NULL AUTO_INCREMENT,
+  `entityName` varchar(80) NOT NULL,
+  PRIMARY KEY (`entityTypeID`)
+) ENGINE=MyISAM DEFAULT CHARACTER SET = utf8 COLLATE = utf8_general_ci AUTO_INCREMENT=1;
+
+
+DROP TABLE IF EXISTS `IssueContact`;
+CREATE TABLE `IssueContact` (
+  `issueContactID` int(11) NOT NULL AUTO_INCREMENT,
+  `issueID` int(11) NOT NULL,
+  `contactID` int(11) NOT NULL,
+  PRIMARY KEY (`issueContactID`)
+) ENGINE=MyISAM DEFAULT CHARACTER SET = utf8 COLLATE = utf8_general_ci AUTO_INCREMENT=1;
+
+
+DROP TABLE IF EXISTS `IssueEmail`;
+CREATE TABLE `IssueEmail` (
+  `issueEmailID` int(11) NOT NULL AUTO_INCREMENT,
+  `issueID` int(11) NOT NULL,
+  `email` varchar(120) NOT NULL,
+  PRIMARY KEY (`IssueEmailID`),
+  KEY `IssueID` (`IssueID`)
+) ENGINE=MyISAM DEFAULT CHARACTER SET = utf8 COLLATE = utf8_general_ci AUTO_INCREMENT=1 ;
+
+DROP TABLE IF EXISTS `Downtime`;
+CREATE TABLE IF NOT EXISTS `Downtime` (
+  `downtimeID` int(11) NOT NULL AUTO_INCREMENT,
+  `issueID` int(11) DEFAULT NULL,
+  `entityID` int(11) NOT NULL,
+  `entityTypeID` int(11) NOT NULL DEFAULT '2',
+  `creatorID` varchar(80) NOT NULL,
+  `dateCreated` datetime NOT NULL,
+  `startDate` datetime NOT NULL,
+  `endDate` datetime NOT NULL,
+  `downtimeTypeID` int(11) NOT NULL,
+  `note` TEXT DEFAULT NULL,
+   PRIMARY KEY (`downtimeID`),
+   KEY `IssueID` (`IssueID`)
+) ENGINE=MyISAM DEFAULT CHARACTER SET = utf8 COLLATE = utf8_general_ci AUTO_INCREMENT=1;
+
+DROP TABLE IF EXISTS `DowntimeType`;
+CREATE TABLE IF NOT EXISTS `DowntimeType` (
+  `downtimeTypeID` int(11) NOT NULL AUTO_INCREMENT,
+  `shortName` varchar(80) NOT NULL,
+  PRIMARY KEY (`downtimeTypeID`)
+) ENGINE=MyISAM DEFAULT CHARACTER SET = utf8 COLLATE = utf8_general_ci AUTO_INCREMENT=1;
+
+
+
+
 ALTER TABLE `Alias` ADD INDEX `Index_resourceID`(`resourceID`),
  ADD INDEX `Index_aliasTypeID`(`aliasTypeID`),
  ADD INDEX `shortName` ( `shortName` ),