From fa1c5739d06f870973b943013768f349ae66de40 Mon Sep 17 00:00:00 2001
From: bcchr dev team <devteam@bcchr.ca>
Date: Wed, 5 Jun 2024 15:09:29 -0700
Subject: [PATCH] v4.1.3 release

---
 .gitignore               |  2 ++
 CustomTemplateEngine.php | 35 ++++++++++++++++++++++++-----------
 README.md                |  8 ++++++--
 Template.php             | 16 +++++++++++++++-
 composer.json            |  4 ++--
 composer.lock            | 14 +++++++-------
 6 files changed, 56 insertions(+), 23 deletions(-)

diff --git a/.gitignore b/.gitignore
index 2af4bcc..379bb1a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,5 @@
 vendor/
 *.zip
+error_log
+*.xml
 
diff --git a/CustomTemplateEngine.php b/CustomTemplateEngine.php
index 0491eba..c512948 100644
--- a/CustomTemplateEngine.php
+++ b/CustomTemplateEngine.php
@@ -55,7 +55,21 @@ public function setPaths() {
         $this->temp_dir = $this->getSystemSetting("temp-folder");
         $this->img_dir = $this->getSystemSetting("img-folder");
         $this->pid = $this->getProjectId();
-        $this->redcap_data_table = \REDCap::getDataTable($this->pid);
+        /*
+        ** check REDCap version of the server; versions before v14 only have a single data table and no
+        ** getDataTable() function, which returns -1 if first < second, 0 if equal, 1 otherwise
+        */
+
+        if ( \REDCap::versionCompare(REDCAP_VERSION, '14.0.0') == -1) {  // pre v14, so only a single table an no function to call
+
+            $this->redcap_data_table = 'redcap_data';
+
+        } else {  // use REDCap::getDataTable() function to check if there may be other redcap_data tables
+
+            $this->redcap_data_table = \REDCap::getDataTable($this->pid);
+            // REDCap::logEvent('version is ' . REDCAP_VERSION . ' compare check is ' . \REDCap::versionCompare(REDCAP_VERSION, '14.0.0'));
+
+        }  // end if
 
         if (!empty($this->pid)) {
 
@@ -970,8 +984,9 @@ public function saveTemplate()
         else
         {
             // Validate Template
-            $template = new Template($this->templates_dir, $this->compiled_dir);
-
+            // $template = new Template($this->templates_dir, $this->compiled_dir);
+            $template = new Template();
+            $template->setPaths($this->templates_dir, $this->compiled_dir);
             $template_errors = $template->validateTemplate($data);
             $header_errors = $template->validateTemplate($header);
             $footer_errors = $template->validateTemplate($footer);
@@ -1200,7 +1215,9 @@ public function batchFillReports()
         // $records = htmlspecialchars($_POST["participantID"], ENT_QUOTES);
         $records = array_map('htmlspecialchars', $_POST["participantID"], array(ENT_QUOTES));
         $template_filename = htmlspecialchars($_POST['template'], ENT_QUOTES);
-        $template = new Template($this->templates_dir, $this->compiled_dir);
+        // $template = new Template($this->templates_dir, $this->compiled_dir);
+        $template = new Template();
+        $template->setPaths($this->templates_dir, $this->compiled_dir);
 
         $zip_name = "{$this->temp_dir}reports.zip";
         $z = new ZipArchive();
@@ -1306,12 +1323,6 @@ public function batchFillReports()
             header('Content-Type: application/zip;\n');
             header("Content-Transfer-Encoding: Binary");
             header("Content-Disposition: attachment; filename=\"".basename($zip_name)."\"");
-/*
-            header('Content-Description: File Transfer');
-            header('Content-Type: application/zip');
-            header('Content-Disposition: attachment; filename="'.basename($zip_name).'"');
-            header('Content-length: '.filesize($zip_name));
-*/
             readfile($zip_name);
             REDCap::logEvent("Custom Template Engine - Downloaded Reports ", $template_filename , "" , implode(", ", $records));
         }
@@ -1369,7 +1380,9 @@ public function generateFillTemplatePage()
         }
 
         $template_filename = $_POST['template'];
-        $template = new Template($this->templates_dir, $this->compiled_dir);
+        //$template = new Template($this->templates_dir, $this->compiled_dir);
+        $template = new Template();
+        $template->setPaths($this->templates_dir, $this->compiled_dir);
 
         try
         {
diff --git a/README.md b/README.md
index 67bcdba..511306a 100644
--- a/README.md
+++ b/README.md
@@ -46,7 +46,12 @@ The module users the PHP template engine, Smarty, to fill in the templates with
 WARNING:  This module is not currently able to support REDCap instances using load balancers due to the requirement to save templates to the file system.
 
 ##  Changelog
-* v4.1.1
+* v4.1.3
+  * upgraded packages to address security isues:
+    * smarty/smarty (v5.1.0 => v5.3.0)
+  * backward compatibility fix for pre v14 versions of REDCap (without access to getDataTables() function)
+  * bug fix for Smarty "class not found" during template creation; implemented lazy loading.
+* v4.1.2
   * Basic date formatting through Smarty; can format with dd-mm-yyyy formatting by passing formatting information through the template as ```{$redcap['visit_date']|date_format:'%d-%m-%Y'}``` This will format the visit_date into two digit day, two digit month, four digit year. **Please note**: this is currently the only other format allowed outside the default REDCap display.
   * Added code to process the new format returned by REDCap::getUserRightsdata()
   * Fixed bug found when downloading a zip file of batched reports (modified headers set before download)
@@ -60,7 +65,6 @@ WARNING:  This module is not currently able to support REDCap instances using lo
     * smarty/smarty (v4.3.4 => v5.1.0)
   * New packages installed per upgrades above:
     * polyfill-mbstring (v1.29.0)
-
 * v4.0.0
   * Minimal REDCap version is v12.4
   * Implemented support for the RC v12.4+ instrument-level data export permissions.
diff --git a/Template.php b/Template.php
index 72ef850..3e0e780 100644
--- a/Template.php
+++ b/Template.php
@@ -8,7 +8,7 @@
 require_once "vendor/autoload.php";
 
 use REDCap;
-use Smarty;
+use Smarty\Smarty;
 use DOMDocument;
 require_once "./ExportRights.php";  // class to manage instrument-level rights
 
@@ -43,6 +43,7 @@ class Template
      * @param String $templates_dir     Directory where templates are stored.
      * @param String $compiled_dir      Directory where templates compiled by Smarty are stored.
      */
+/*
     function __construct($templates_dir, $compiled_dir) 
     {
         $this->dictionary = REDCap::getDataDictionary('array', false);
@@ -52,7 +53,20 @@ function __construct($templates_dir, $compiled_dir)
         $this->smarty->setCompileDir($compiled_dir);
         $this->smarty->assign("showLabelAndRow", $this->show_label_and_row);
     }
+*/
+    public function setPaths($templates_dir, $compiled_dir) {
+    /*
+    **lazy loading to avoid the constructor, for the EM framework recommendations
+    */
+        $this->dictionary = REDCap::getDataDictionary('array', false);
+        $this->instruments = REDCap::getInstrumentNames();
+        $this->smarty = new Smarty();
+        $this->smarty->setTemplateDir($templates_dir);
+        $this->smarty->setCompileDir($compiled_dir);
+        $this->smarty->assign("showLabelAndRow", $this->show_label_and_row);
 
+    }  // end setPaths()
+ 
     /**
      * Checks whether all the siblings that come before or after an html element are empty
      *
diff --git a/composer.json b/composer.json
index 2575f36..110baa6 100644
--- a/composer.json
+++ b/composer.json
@@ -1,8 +1,8 @@
 {
     "require": {
         "ckeditor/ckeditor": "dev-full/4.21.x",
-        "dompdf/dompdf": ">=2.0.5",
-        "smarty/smarty": ">=4.5.2"
+        "dompdf/dompdf": ">=3",
+        "smarty/smarty": ">=5.3.0"
     },
     "config": {
         "platform": {
diff --git a/composer.lock b/composer.lock
index 451157b..de69c44 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "2b87e68ed0d6b5f61fe3a71cb72c105d",
+    "content-hash": "cf487262e8f9a748381af57a3c3cb9d6",
     "packages": [
         {
             "name": "ckeditor/ckeditor",
@@ -343,16 +343,16 @@
         },
         {
             "name": "smarty/smarty",
-            "version": "v5.1.0",
+            "version": "v5.3.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/smarty-php/smarty.git",
-                "reference": "8d53d3cbf2a986f392d680349be0fc22661bf16c"
+                "reference": "353ca06d076da46964b0c709d8e4dd87677195b8"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/smarty-php/smarty/zipball/8d53d3cbf2a986f392d680349be0fc22661bf16c",
-                "reference": "8d53d3cbf2a986f392d680349be0fc22661bf16c",
+                "url": "https://api.github.com/repos/smarty-php/smarty/zipball/353ca06d076da46964b0c709d8e4dd87677195b8",
+                "reference": "353ca06d076da46964b0c709d8e4dd87677195b8",
                 "shasum": ""
             },
             "require": {
@@ -407,9 +407,9 @@
             "support": {
                 "forum": "https://github.com/smarty-php/smarty/discussions",
                 "issues": "https://github.com/smarty-php/smarty/issues",
-                "source": "https://github.com/smarty-php/smarty/tree/v5.1.0"
+                "source": "https://github.com/smarty-php/smarty/tree/v5.3.0"
             },
-            "time": "2024-04-22T22:22:15+00:00"
+            "time": "2024-05-30T11:14:56+00:00"
         },
         {
             "name": "symfony/polyfill-mbstring",