reportico-web / reportico Goto Github PK
View Code? Open in Web Editor NEWReportico Open Source PHP report Designer
License: MIT License
Reportico Open Source PHP report Designer
License: MIT License
I would like to use reportico as a dependency and not commit it to my project. However, I would like to commit my project files to my project.
Particularly if we use reportico via composer it will be in the vendor directory which we typically want to have in the .gitignore file.
Is there a way to set it up with the projects folder outside of the reportico root?
http://reportico.org/yii2/web/index.php/quickstart link is broken on the site.
I am just testing right now but my validator gave me a lot of issues. Figured Id give back a bit if its helpful. A few on the pages I was looking at. I hope you dont mind and If you want me to send you the rest, I would be happy to? Thank You for the wonderful work!
Possible bugs
createproject.xml
Line 26
Line 38
Line 111
Lines 38 and 111 can be fixed by this above
use Reportico\Engine\ReporticoApp;
Line 26 I think you should call? $test = new \Reportico\Engine\reporticoDatasource();
Reportico.php
Line 405 should be ChartJpgraph not ChrtJpgraph
DatabaseEngine.php
Line 100 Cannont resolve to a type use Reportico\Engine\ReporticoUtility;
There are a few dozen more and you may already know but I didnt want to ignore it.
Ensure we pick up the correct path ending in .exe when running PhantomJS under Windows servers
Also pecularities exist which cause warnings under windows, these need to be fixed
I am hoping that you can help me out. I have install the latest version of Reportico. I am trying to get the following link to work properly.
localhost/reportico-7.0/index.php?r=reportico/mode/execute&project=PMTTS&target_format=PDF&new_reportico_window=1&report=ContactList.xml'
Currently it opens a screen with a list of all available reports within the PMTTS Project. I want to bypass this screen and any other screens, and show the screen display the report.
Any help with this would be greatly appreciated.
Thank you.
Lloyd
Can anyone help me with how should I install the Reporticon.
step by step installation and configuration Video
This issue was reported 6 years ago in the forum and still exists today in 6.0.10 for example with the name O'Brien and others similar.
http://www.reportico.org/forum/d/39004-escaping-single-quotes-in-report-criteria
I wanted to embed Reportico into my existing project and went into problems with Smarty.
I use Smarty 3 in my project and Reportico has Smarty 2 included. This produces conflicts when embedding Reportico.
It would be great if you could upgrade to Smarty 3, ideally by pulling it in via composer.
Also, Reportico should check if Smarty is already available and only include it, if not.
Smarty is fed with $smarty->compile_dir = find_best_location_in_include_path( "templates_c" );
This has no knowledge of $compiled_templates_folder
parameter.
Means that the compile dir can't be set outside the reportico file structure or be anything but templates_c
.
I am trying to use the Reportico as API in Laravel 5
I have successfully done every thing only issue i had is if i try to access the Report in below format
the response is downloading as JSON, instead of downloading the response i need to send the JSON as response to API
This is the code i am using
`$project = (isset($_REQUEST["project"]) && !empty($_REQUEST["project"])) ? $_REQUEST["project"] : "";
$report = isset($_REQUEST["report"]) && !empty($_REQUEST["report"]) ? $_REQUEST["report"] : "";
$mode = isset($_REQUEST["mode"]) && !empty($_REQUEST["mode"]) ? $_REQUEST["mode"] : "EXECUTE";
$format = isset($_REQUEST["format"]) && !empty($_REQUEST["format"]) ? strtoupper($_REQUEST["format"]) : "JSON";
$engine = \App::make("getReporticoEngine");
$engine->initial_execute_mode = $mode;
$engine->initial_output_format = $format;
$engine->initial_report = $report;
$engine->initial_project = $project;
$engine->clear_reportico_session = true;
$engine->execute();`
I have updated the core file ( laravel/vendor/reportico/laravel-reportico/src/Reportico/Reportico/reportico_report_json.php ) to make it work, but as its not a recommended solution,
Please advice me for any other possibilities
Thanks in advance
Using version 7.1.36-beta. Was having problems with a Date criteria input. Fortunately I was able to debug it and find solutions.
Tracked this down to ReporticoLocale.php
, line 195, function parseDate()
. It's with the default:
return for the first switch()
statement. If you have an $in_keyword
that's simply a date (e.g., "2021-02-12"), it will fail the initial preg_match()
and make its way to this switch()
statement. Since the value is a date and not any of the keywords, it gets the default:
action, which is to simply return the input parameter unchanged:
default:
return $in_keyword;
It's pretty obvious from the calling code that the intention is for it to be converted to the prep_dateformat
configuration format. This is not happening.
Solution: Replace the default code with the following:
default:
try {
$datetime = new \DateTime($in_keyword);
} catch (Exception $e) {
return $in_keyword;
}
return $datetime->format($in_mask);
There are several predefined dates ("Today", "Yesterday", etc.). I created a few of my own and found they didn't work. Didn't necessarily get an error, the report just didn't happen.
Tracked this down to widget/DatePicker.php
. The code appears to have been copied from DateRangePicker.php
and wasn't fully modified to work with a single date.
In function deriveValue()
, line 237, we have this logic:
if ( isset($this->options[$this->range_name])) {
$this->range_raw = $this->range_name;
$dateRange = $this->options[$this->range_name]["phpEvaluate"];
$this->range_start = (new \DateTime($dateRange[0]))->format("Y-m-d");
$this->range_end = (new \DateTime($dateRange[1]))->format("Y-m-d");
} else {
The problem is that $dateRange
isn't an array. For single dates, it's a string. So the array references break the code.
Here's a simple solution:
if ( isset($this->options[$this->range_name])) {
$this->range_raw = $this->range_name;
$tmp= $this->options[$this->range_name]["phpEvaluate"]; // modified to use $tmp
$dateRange = (is_scalar($tmp) ? [$tmp, null] : $tmp); // new code
$this->range_start = (new \DateTime($dateRange[0]))->format("Y-m-d");
$this->range_end = (new \DateTime($dateRange[1]))->format("Y-m-d");
} else {
This sets $this->range_end
to be the current date. Alternatively it could be the same as $this->range_start
. Don't know how you want to do that.
For some reason the font size of the date inside the input field was too large, and the last digit of the year was always truncated. I fixed this by modifying the CSS in themes/bootstrap4/css/reportico.css
to include a different font size:
Original:
.reportico-date-field { width: 100px !important; z-index: 1040; font-weight: normal; }
New:
.reportico-date-field { width: 100px !important; z-index: 1040; font-weight: normal; font-size: inherit; }
Hi Peter,
The license I see on the following URL is GPL2.0. It is not allowed to modify source code.
http://www.reportico.org/site/index.php/reportico-license
But you replied earlier that it was MIT license. Which one is correct, please?
Checking the current code layout in master I have the following questions:
Name of the Affected Product:
Reportico
Affected Version:
Till 8.1.0
Vulnerability Scenario: Failure to Invalidate Cookie
Affected URL:
http://localhost/reportico-8.1.0/*
http://localhost/reportico-8.1.0/run.php?execute_mode=PREPARE&xmlin=qqqq.xml&reportico_session_name=joaacmh13taksmr7rg9to1cr3a_reportico&reportico_template=&reportico_ajax_called=1
Description:
This vulnerability arises from the failure of the web application to properly invalidate session cookies upon logout. When a user logs out of the application, the session cookie should be invalidated to prevent unauthorized access. However, due to the oversight in the application's implementation, the session cookie remains active even after logout. Consequently, if an attacker obtains the session cookie, they can exploit it to access the user's session and perform unauthorized actions.
Business Impact:
The failure to invalidate session cookies poses significant risks to the security and integrity of the application and its users' data. Attackers could exploit this vulnerability to impersonate legitimate users, access sensitive information, manipulate data, and compromise the overall security posture of the system. The potential consequences include financial loss, reputational damage, regulatory penalties, and legal liabilities for the affected organization.
Solution:
To mitigate the risk of failure to invalidate cookies, the application should implement proper session management practices. Upon logout, ensure that all session cookies are invalidated and cannot be reused.
Hello,
Didn't know where to put this, sorry if it's not the right place.
Page: http://www.reportico.org/yii2/web/index.php/site/embedding-reports
Link: Creating links to reports >> -> http://www.reportico.org/yii2/web/index.php/site/embed-links
Should be: http://www.reportico.org/yii2/web/index.php/site/embedding-links
Regards!.
Embedding reportico page http://www.reportico.org/documentation/4.5/doku.php?id=embedding_reportico should be updated. For new versions there is no file like reportico.php.
But the sample codes at the documentation page refer to this file like
require_once('{FULL
PATH TO REPORTICO DIRECTORY}/reportico.php');
I get the following error trying to go to "Documentation" from Quickstart
Fatal error: Array and string offset access syntax with curly braces is no longer supported in /customers/7/a/f/reportico.org/httpd.www/dokuwiki/inc/init.php on line 557
Just some minor things my IDE caught:
prepare.tpl
Line 210: missing "display:" <div style="inline-block; margin-top:
Line 145: extra characters: data-target="#reportico-bootstrap-collapse"-->
Line 196: extra characters: name="debug_mode">';
menu.tpl
:
Line 188: missing "display:" <div style="inline-block; margin-top: 6px">
Line 138: extra characters: data-target="#reportico-bootstrap-collapse"-->
testing running i note that the only working driver connection are the mysql, the other does not work.. specially the PDO sybase (same as mocosoft SQL driver).. the postgres either work...
revised in internet, noted the pdo are not most usefully and trusted and there's no good support for...
odbc it be more switable! and we need it!
Tired Chrome\Edge and even IE, cant seem to setup a password. I have tried Private mode the password I have typed in muitples different password still no luck running Version [7.1.41-beta]
I am aware I am using beta software
Name of the Affected Product:
Reportico
Affected Version:
Till 8.1.0
Description:
This vulnerability occurs when a low privilege user is able to access and view configuration details that are intended to be restricted to admin users. These configuration details may include sensitive information related to SQL queries and other critical system settings. This unauthorized access allows the low privilege user to gain insights into the inner workings of the application or system, potentially leading to unintended exposure of sensitive data or exploitation of system weaknesses.
Impact:
This vulnerability poses serious risks to the security and integrity of the application and its underlying systems. By gaining access to sensitive configuration details, low-privileged users can exploit system weaknesses, potentially leading to data breaches, unauthorized data manipulation, or even system compromise.
URL:
http://localhost/reportico-8.1.0/run.php?execute_mode=PREPARE&xmlin=qqqq.xml&reportico_session_name=b137719u9cqjt0sqog9aorvcks_reportico
http://localhost/reportico-8.1.0/run.php?execute_mode=MAINTAIN&xmlin=qqqq.xml&reportico_session_name=b137719u9cqjt0sqog9aorvcks_reportico
Steps:
By changing the execute_mode parameter in URL from PREPARE TO MAINTAIN the low privilege user can view the config page which is restricted to the low privilege user.
Hi,
How can I report a security issue?
I wrote an email to the info@ from the web page but I've got no answer.
Please reply.
Looks like this project may no longer be supported. I am looking for a report generator for PHP and MySQL. But on PHP 8.0 (best version ever!) and see that this package has not been updated (bad ordering of default parameters is the first issue I see) for PHP 8.0.
I would be happy to help move the project forward if I decide to use it, but not sure what the long term prospects are. As I am still in the looking mode, I don't want to commit to something that may be abandoned, but also might be willing to take it over, depending on what else is out there.
I do like the general architecture and I see that there a lot of potential in this code base, so it would be shame to lose it.
Your thoughts?
I decided that Reportico wasn't what I needed. And would like to uninstall it.
I installed it by creating /composer folder and ran the install from there. Is it as simple as removing the /composer and all it's sub-folders. Or is there something else I need to do?
reportico.org is down
Existing and working code :
/*
** Reportico Javascript functions
*/
function setupDynamicGrids()
{
if (typeof reportico_dynamic_grids === 'undefined') {
return;
}
if ( reportico_jquery.type(reportico_dynamic_grids) != 'undefined' )
if ( reportico_dynamic_grids )
{
reportico_jquery(".swRepPage").each(function(){
reportico_jquery(this).dataTable(
{
"retrieve" : true,
"searching" : reportico_dynamic_grids_searchable,
"ordering" : reportico_dynamic_grids_sortable,
"paging" : reportico_dynamic_grids_paging,
"iDisplayLength": reportico_dynamic_grids_page_size
}
);
});
}
}
but if i try to add extra option in datatable like following code then it throws error :
/*
** Reportico Javascript functions
*/
function setupDynamicGrids()
{
if (typeof reportico_dynamic_grids === 'undefined') {
return;
}
if ( reportico_jquery.type(reportico_dynamic_grids) != 'undefined' )
if ( reportico_dynamic_grids )
{
reportico_jquery(".swRepPage").each(function(){
reportico_jquery(this).dataTable(
{
"scrollCollapse": true,
"autoWidth": false,
"scrollX": true,
"retrieve" : true,
"searching" : reportico_dynamic_grids_searchable,
"ordering" : reportico_dynamic_grids_sortable,
"paging" : reportico_dynamic_grids_paging,
"iDisplayLength": reportico_dynamic_grids_page_size
}
);
});
}
}
So please guide me that how can we pass extra options to reportico datatable ?
Hi,
I get an error while generating HTML report in Laravel-Reportico module.
Error: "Notice: ...\vendor\reportico\laravel-reportico\src\Reportico\Reportico\reportico_report_html.php Line 148 - A non well formed numeric value encountered"
Laravel version: 5.4.28
PHP version: 7.1.0
Laravel-Reportico version: 4.6
Hi,
I'm using version 7.1.42-beta with the laravel module and the file JQuery in widgets folder should be named Jquery to complain psr-4 (note the q is lowercase ).
If the file doesn't complain the psr-4 standard composer autoload will skip the class.
Let me know if i should make a pull request.
Thanks
Reportico 7.1.36 adds an equal sign to the front of every cell in the CSV-formatted report. This causes a spreadsheet import error when the cell value includes a comma.
The Problem
To recreate the error, put the following code in a *.csv file (attached as test.csv.txt) and open it with a spreadsheet program:
"Column 1","Column 2","Column 3"
="Value,1",="Value 2",="Value 3"
Here is what happens when I import this into LibreOffice:
As you can see, the comma inside "Value,1" is not ignored and causes the start of a new field.
I believe the base problem is that the CSV format requires the entire cell to be inside the double quotes in order for commas to be ignored. The equal sign is not a double quote, so the cell is not actually escaped.
The Solution
File src/ReportCsv.php
Change line 110 from:
$this->text .= "=\"" . $output . "\",";
to this:
$this->text .= "\"" . $output . "\",";
Dear Peter,
the very nice application we like to use more.
can you help me connect this application to MSsql?
Currently, we care using collation: SQL_Latin1_General_CP1_CI_AS
how I can connect with MSsql db.
hi,
can you guid me through supporting farsi/persian language in pdf files?
which config should I change? basically, where should i start ?
Name of the Affected Product:
Reportico
Affected Version:
Till 8.1.0
Description:
This vulnerability occurs when a low privilege user is able to get internal system path, file path and DB related information by manipulating the parameter from project=admin to project=admin' in the URL. This error message allows the low privilege user to gain insights into the inner workings of the application or system, potentially leading to unintended exposure of sensitive data or exploitation of system weaknesses.
Impact:
This vulnerability can have several detrimental consequences. Firstly, the exposure of internal paths provides attackers with insights into the directory structure of the application, facilitating further exploitation. Secondly, disclosing error messages can aid attackers in refining their attack strategies and identifying potential weaknesses within the application.
Updating Joomla Site (3.9.14 current) to php 7.3.11 causes this response in Reportico on all reports:
Notice: /nfs/c10/h05/mnt/144724/domains/test.airheads.org/html/components/com_reportico/reportico_report_html.php Line 151 - A non well formed numeric value encountered
Main Report Query - Error: Query Failed
SELECT s.state, v3.field_value as region, s.membership_id, s.first_name, s.last_name, s.city, s.zip, s.country, s.phone, s.email, v1.field_value, v2.field_value FROM j17_osmembership_subscribers=s LEFT JOIN j17_osmembership_field_value as v1 on (s.id=v1.subscriber_id and v1.field_id=21) LEFT JOIN j17_osmembership_field_value as v2 on (s.id=v2.subscriber_id and v2.field_id=30) LEFT JOIN j17_osmembership_field_value as v3 on (s.id=v3.subscriber_id and v3.field_id=31) WHERE 1=1 -- AND s.plan_id=5 AND v1.field_value="airmarshal" AND is_profile=1 -- AND plan_main_record=1 -- AND s.published=1 ORDER BY s.country DESC, s.state ASC
Status 0 -
Hi,
is there a chance to make this project available via composer, like the Laravel or Yii version?
This would be great!
Cross-site scripting (XSS) is a web application vulnerability that permits an attacker to inject code, (typically HTML or JavaScript), into the contents of an outside website. When a victim views an infected page on the website, the injected code executes in the victim’s browser. Consequently, the attacker has bypassed the browser’s same origin policy and is able to steal private information from a victim associated with the website.
Steps:
the reportico ofers various date but all have separators.. could be a format that no have separators, specifically a YYYYMMDD such 20170401 this due its easy to compare as normal integers, by this way also easy to backported to other db's vendors
If use criteria with values containing backslash and Multiple Selection List Box (Expand Display) user couldn't set such criteria
f.e.
Criteria Type: Custom List
Criteria Display: No Entry
Expand Display: Multiple Selection List Box
List Values: abc=test/abc, def=test//def, klm=test\klm, nop=test\\nop
values 'test\klm' and 'test\\nop' could never be selected
Upgrading to PHP7.4 reports the following error.
Fatal Error: /opt/tk/core/web/temp_php_script/reportico2/src/XmlReader.php Line 1487 - Function get_magic_quotes_gpc() is deprecated
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.