Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • vtiger/vtigercrm
  • varma/vtigercrm
  • alanbell/vtigercrm
  • mariusz.krzaczkowski/vtigercrm
  • manu.k/vtigercrm
  • adrgranado/vtigercrm
  • uma.s/vtigercrm
  • sardoj/vtigercrm
  • preexo/vtigercrm
  • david.valminos/vtigercrm
  • luca.saba/vtigercrm
  • dubwise/vtigercrm
  • valmir.ttcasolucoes/vtigercrm
  • lord_alan/vtigercrm
  • adrien.futschik/vtigercrm
  • edonit.rexhepi/vtigercrm
  • robert.heinze/vtigercrm
  • nrdimatteo/vtigercrm
  • sebastianzahan/vtigercrm
  • Miky/vtigercrm
  • germanf/vtigercrm
  • bernhardkau1/vtigercrm
  • olegtsoy/vtigercrm
  • grandel/vtigercrm
  • mario.thummler/vtigercrm
  • sutharsan/vtigercrm
  • james.douglas/vtigercrm
  • vikas/vtigercrm
  • jeffmchristensen/vtigercrm
  • lukasz.g/vtigercrm
  • nicolas.gasnier/vtigercrm
  • hamish.theitcompany/vtigercrm
  • engrbm87/vtigercrm
  • Quoc/vtigercrm
  • peter.maria.engeli/vtigercrm
  • kiranraju.j/vtigercrm
  • manuel.lozano/vtigercrm
  • dhaupin/vtigercrm
  • Ragupathyranesh/vtigercrm
  • Stefanbauer/vtigercrm
  • ruben.estrada/vtigercrm
  • sg_mwi1/vtigercrm
  • khaluk/vtigercrm
  • franzfroemel/vtigercrm
  • milan9615/vtigercrm
  • carlos.martin/vtigercrm
  • cmaggi/vtigercrm
  • Soltoon.theLeader/vtigercrm
  • alex.kaplun/vtigercrm
  • navid.hosseini/vtigercrm
  • maie/vtigercrm
  • simonetravaglini/vtigercrm
  • bertrand.wattel/vtigercrm
  • balaji.m/vtigercrm
  • mclarke4/vtigercrm
  • lajeeshk/vtigercrm
  • liam/vtigercrm
  • novikov.sergey/vtigercrm
  • johnwayne.williamson/vtigercrm
  • florian.strahberger-schramm/vtigercrm
  • daniel.schaefer/vtigercrm
  • christopher.gunther/vtigercrm
  • adrien.faveraux/vtigercrm
  • carsten.brandt/vtigercrm
  • stephane.molano/vtigercrm
  • krastan.petrov/vtigercrm
  • alfredo.bravo/vtigercrm
  • flipflop.Joe/vtigercrm
  • mirko.stagni/vtigercrm
  • remigio.ruberto/vtigercrm
  • gautam.dhudashiya/vtigercrm
  • manish.devitechnosolutions1/vtigercrm
  • matinbeigi/vtigercrm
  • devs/vtigercrm
  • happy.dev/vtigercrm
  • m.gigon/vtigercrm
  • manuelmigone/vtigercrm
  • eduardo.gqf/vtigercrm
  • elsayedEl-araby/vtigercrm
  • mirza.mehran/vtigercrm
  • maurice.courtois/vtigercrm
  • zuhri.utama/vtigercrm
  • shilpa.k/vtigercrm
  • Ignazio/vtigercrm
  • code80team/vtigercrm
  • code80/vtigercrm
  • nilay.automatesmb/cache
  • greeshma.kk/vtigercrm
  • vijay.tilak/vtigercrm
  • Paolo.Palamini/vtigercrm
  • estevan/vtigercrm
  • mobilcmcdk/vtigercrm
  • massimiliano.vessi/vtigercrm
  • daniel.voelskow/vtigercrm
  • james1/vtigercrm
  • lokesh.s/vtigercrm
  • rdb/vtigercrm
  • neftaliyagua/vtigercrm
  • angelo.paglialonga/vtigercrm
  • webmarka/vtigercrm
  • javanile/vtigercrm
  • akshath/vtigercrm
  • Hemanth/vtigercrm
  • opencrmitalia/vtigercrm
  • direzione/vtigercrm
  • umadas306/vtigercrm
  • jd-wraptec/vtigercrm
  • felipe.camacho/vtigercrm
  • Martin.allen/vtigercrm
  • amit.r/vtigercrm
  • vicus/vtigercrm
  • dev.osmi/vtigercrm
  • laurent.guillout/vtigercrm
  • christian.blaeul/vtigercrm
  • ap.js100/vtigercrm
  • yoann.mourot/vtigercrm-temp
  • christian.cruz/vtigercrm
  • zyli/vtigercrm
  • kaushik.p/vtigercrm
  • Madhuk/vtigercrm
  • cinakzm/vtigercrm
  • raquel.martinez/vtigercrm
  • tosajibadhi/vtigercrm
  • melvin.i/vtigercrm-melvin
  • ashashingadia/vtigercrm
  • stefanwarnat/vtigercrm
  • saran.s/vtigercrm
  • eduardomozart/vtigercrm
  • Daniel.Lennartz1/vtigercrm
  • juergen.fassmann/vtigercrm
  • Michel.Ram/vtigercrm
  • vincenzo.bruno/vtigercrm
132 results
Show changes
Commits on Source (270)
170 additional commits have been omitted to prevent performance issues.
Hide whitespace changes
Inline Side-by-side
Showing
with 363 additions and 163 deletions
composer.json
View file @ 6b82307b
......@@ -14,13 +14,14 @@
},
"minimum-stability": "stable",
"require": {
"php": ">=7.2.0",
"php": ">=8.1",
"ext-mysqli": "*",
"ext-imap": "*",
"ext-curl": "*",
"smarty/smarty": "^4.3",
"dg/rss-php": "^1.5",
"ezyang/htmlpurifier": "^4.16",
"tecnickcom/tcpdf": "^6.6"
"tecnickcom/tcpdf": "^6.6",
"monolog/monolog": "^3.5"
}
}
composer.lock
View file @ 6b82307b
......@@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
"content-hash": "74af97ed9d563a7f2dd29a31b422cbe4",
"content-hash": "563a46ac454caaa7dd7892948d7538b7",
"packages": [
{
"name": "dg/rss-php",
......@@ -113,18 +113,169 @@
},
"time": "2022-09-18T07:06:19+00:00"
},
{
"name": "monolog/monolog",
"version": "3.5.0",
"source": {
"type": "git",
"url": "https://github.com/Seldaek/monolog.git",
"reference": "c915e2634718dbc8a4a15c61b0e62e7a44e14448"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/Seldaek/monolog/zipball/c915e2634718dbc8a4a15c61b0e62e7a44e14448",
"reference": "c915e2634718dbc8a4a15c61b0e62e7a44e14448",
"shasum": ""
},
"require": {
"php": ">=8.1",
"psr/log": "^2.0 || ^3.0"
},
"provide": {
"psr/log-implementation": "3.0.0"
},
"require-dev": {
"aws/aws-sdk-php": "^3.0",
"doctrine/couchdb": "~1.0@dev",
"elasticsearch/elasticsearch": "^7 || ^8",
"ext-json": "*",
"graylog2/gelf-php": "^1.4.2 || ^2.0",
"guzzlehttp/guzzle": "^7.4.5",
"guzzlehttp/psr7": "^2.2",
"mongodb/mongodb": "^1.8",
"php-amqplib/php-amqplib": "~2.4 || ^3",
"phpstan/phpstan": "^1.9",
"phpstan/phpstan-deprecation-rules": "^1.0",
"phpstan/phpstan-strict-rules": "^1.4",
"phpunit/phpunit": "^10.1",
"predis/predis": "^1.1 || ^2",
"ruflin/elastica": "^7",
"symfony/mailer": "^5.4 || ^6",
"symfony/mime": "^5.4 || ^6"
},
"suggest": {
"aws/aws-sdk-php": "Allow sending log messages to AWS services like DynamoDB",
"doctrine/couchdb": "Allow sending log messages to a CouchDB server",
"elasticsearch/elasticsearch": "Allow sending log messages to an Elasticsearch server via official client",
"ext-amqp": "Allow sending log messages to an AMQP server (1.0+ required)",
"ext-curl": "Required to send log messages using the IFTTTHandler, the LogglyHandler, the SendGridHandler, the SlackWebhookHandler or the TelegramBotHandler",
"ext-mbstring": "Allow to work properly with unicode symbols",
"ext-mongodb": "Allow sending log messages to a MongoDB server (via driver)",
"ext-openssl": "Required to send log messages using SSL",
"ext-sockets": "Allow sending log messages to a Syslog server (via UDP driver)",
"graylog2/gelf-php": "Allow sending log messages to a GrayLog2 server",
"mongodb/mongodb": "Allow sending log messages to a MongoDB server (via library)",
"php-amqplib/php-amqplib": "Allow sending log messages to an AMQP server using php-amqplib",
"rollbar/rollbar": "Allow sending log messages to Rollbar",
"ruflin/elastica": "Allow sending log messages to an Elastic Search server"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-main": "3.x-dev"
}
},
"autoload": {
"psr-4": {
"Monolog\\": "src/Monolog"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Jordi Boggiano",
"email": "j.boggiano@seld.be",
"homepage": "https://seld.be"
}
],
"description": "Sends your logs to files, sockets, inboxes, databases and various web services",
"homepage": "https://github.com/Seldaek/monolog",
"keywords": [
"log",
"logging",
"psr-3"
],
"support": {
"issues": "https://github.com/Seldaek/monolog/issues",
"source": "https://github.com/Seldaek/monolog/tree/3.5.0"
},
"funding": [
{
"url": "https://github.com/Seldaek",
"type": "github"
},
{
"url": "https://tidelift.com/funding/github/packagist/monolog/monolog",
"type": "tidelift"
}
],
"time": "2023-10-27T15:32:31+00:00"
},
{
"name": "psr/log",
"version": "3.0.0",
"source": {
"type": "git",
"url": "https://github.com/php-fig/log.git",
"reference": "fe5ea303b0887d5caefd3d431c3e61ad47037001"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/php-fig/log/zipball/fe5ea303b0887d5caefd3d431c3e61ad47037001",
"reference": "fe5ea303b0887d5caefd3d431c3e61ad47037001",
"shasum": ""
},
"require": {
"php": ">=8.0.0"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "3.x-dev"
}
},
"autoload": {
"psr-4": {
"Psr\\Log\\": "src"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "PHP-FIG",
"homepage": "https://www.php-fig.org/"
}
],
"description": "Common interface for logging libraries",
"homepage": "https://github.com/php-fig/log",
"keywords": [
"log",
"psr",
"psr-3"
],
"support": {
"source": "https://github.com/php-fig/log/tree/3.0.0"
},
"time": "2021-07-14T16:46:02+00:00"
},
{
"name": "smarty/smarty",
"version": "v4.3.2",
"version": "v4.3.4",
"source": {
"type": "git",
"url": "https://github.com/smarty-php/smarty.git",
"reference": "1d9cda2be34fd6edb74924684260636fd0b89288"
"reference": "3931d8f54b8f7a4ffab538582d34d4397ba8daa5"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/smarty-php/smarty/zipball/1d9cda2be34fd6edb74924684260636fd0b89288",
"reference": "1d9cda2be34fd6edb74924684260636fd0b89288",
"url": "https://api.github.com/repos/smarty-php/smarty/zipball/3931d8f54b8f7a4ffab538582d34d4397ba8daa5",
"reference": "3931d8f54b8f7a4ffab538582d34d4397ba8daa5",
"shasum": ""
},
"require": {
......@@ -175,22 +326,22 @@
"support": {
"forum": "https://github.com/smarty-php/smarty/discussions",
"issues": "https://github.com/smarty-php/smarty/issues",
"source": "https://github.com/smarty-php/smarty/tree/v4.3.2"
"source": "https://github.com/smarty-php/smarty/tree/v4.3.4"
},
"time": "2023-07-19T10:27:36+00:00"
"time": "2023-09-14T10:59:08+00:00"
},
{
"name": "tecnickcom/tcpdf",
"version": "6.6.2",
"version": "6.6.5",
"source": {
"type": "git",
"url": "https://github.com/tecnickcom/TCPDF.git",
"reference": "e3cffc9bcbc76e89e167e9eb0bbda0cab7518459"
"reference": "5fce932fcee4371865314ab7f6c0d85423c5c7ce"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/tecnickcom/TCPDF/zipball/e3cffc9bcbc76e89e167e9eb0bbda0cab7518459",
"reference": "e3cffc9bcbc76e89e167e9eb0bbda0cab7518459",
"url": "https://api.github.com/repos/tecnickcom/TCPDF/zipball/5fce932fcee4371865314ab7f6c0d85423c5c7ce",
"reference": "5fce932fcee4371865314ab7f6c0d85423c5c7ce",
"shasum": ""
},
"require": {
......@@ -219,7 +370,7 @@
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"LGPL-3.0-only"
"LGPL-3.0-or-later"
],
"authors": [
{
......@@ -241,7 +392,7 @@
],
"support": {
"issues": "https://github.com/tecnickcom/TCPDF/issues",
"source": "https://github.com/tecnickcom/TCPDF/tree/6.6.2"
"source": "https://github.com/tecnickcom/TCPDF/tree/6.6.5"
},
"funding": [
{
......@@ -249,7 +400,7 @@
"type": "custom"
}
],
"time": "2022-12-17T10:28:59+00:00"
"time": "2023-09-06T15:09:26+00:00"
}
],
"packages-dev": [],
......@@ -265,5 +416,5 @@
"ext-curl": "*"
},
"platform-dev": [],
"plugin-api-version": "2.2.0"
"plugin-api-version": "2.3.0"
}
config.performance.php
View file @ 6b82307b
......@@ -9,8 +9,8 @@
************************************************************************************/
/* Performance paramters can be configured to fine tune vtiger CRM runtime */
$PERFORMANCE_CONFIG = Array(
// Enable log4php debugging only if requried
'LOG4PHP_DEBUG' => false,
// Enable Vtiger Log Level for debugging only if requried
'LOGLEVEl_DEBUG' => false,
// Should the caller information be captured in SQL Logging?
// It adds little overhead for performance but will be useful to debug
......
data/CRMEntity.php
View file @ 6b82307b
......@@ -177,7 +177,7 @@ class CRMEntity {
}
// Check 1
$save_file = 'true';
$save_file = true;
//only images are allowed for Image Attachmenttype
$mimeType = vtlib_mime_content_type($file_details['tmp_name']);
$mimeTypeContents = explode('/', $mimeType);
......@@ -186,12 +186,12 @@ class CRMEntity {
$save_file = validateImageFile($file_details);
}
$log->debug("File Validation status in Check1 save_file => $save_file");
if ($save_file == 'false') {
if (!$save_file) {
return false;
}
// Check 2
$save_file = 'true';
$save_file = true;
//only images are allowed for these modules
if ($module == 'Contacts' || $module == 'Products') {
$save_file = validateImageFile($file_details);
......@@ -213,7 +213,7 @@ class CRMEntity {
$upload_status = copy($filetmp_name, $upload_file_path . $current_id . "_" . $encryptFileName);
// temporary file will be deleted at the end of request
$log->debug("Upload status of file => $upload_status");
if ($save_file == 'true' && $upload_status == 'true') {
if ($save_file && $upload_status == 'true') {
if($attachmentType != 'Image' && $this->mode == 'edit') {
//Only one Attachment per entity delete previous attachments
$res = $adb->pquery('SELECT vtiger_seattachmentsrel.attachmentsid FROM vtiger_seattachmentsrel
......@@ -3125,6 +3125,7 @@ class TrackableObject implements ArrayAccess, IteratorAggregate {
}
function offsetSet($key, $value) {
if(is_array($value)) $value = empty($value) ? "" : $value[0];
if($this->tracking && $this->trackingEnabled) {
$olderValue = $this->offsetGet($key);
// decode_html only expects string
......
include/ChartUtils.php
View file @ 6b82307b
......@@ -370,7 +370,7 @@ Class ChartUtils {
if ($fieldDetails != '') {
list($tablename, $colname, $module_field, $fieldname, $single) = explode(":", $fieldDetails);
list($module, $field) = split("_", $module_field);
list($module, $field) = explode('_', $module_field);
$dateField = false;
if ($single == 'D') {
$dateField = true;
......
include/ListView/ListViewController.php
View file @ 6b82307b
......@@ -228,6 +228,7 @@ class ListViewController {
}
$moduleInstance = Vtiger_Module_Model::getInstance("PBXManager");
$outgoingCallPermission = false;
if($moduleInstance && $moduleInstance->isActive()) {
$outgoingCallPermission = PBXManager_Server_Model::checkPermissionForOutgoingCall();
$clickToCallLabel = vtranslate("LBL_CLICK_TO_CALL");
......@@ -300,7 +301,6 @@ class ListViewController {
} else{
$value = textlength_check($value);
}
$value = $fileicon.$value;
} elseif($module == 'Documents' && $fieldName == 'filesize') {
$downloadType = $db->query_result($result,$i,'filelocationtype');
if($downloadType == 'I') {
......
include/QueryGenerator/QueryGenerator.php
View file @ 6b82307b
......@@ -1029,30 +1029,55 @@ class QueryGenerator {
if(!$this->isStringType($field->getFieldDataType())) {
$value = trim($value);
}
if ($operator == 'empty' || $operator == 'y') {
$sql[] = sprintf("IS NULL OR %s = ''", $this->getSQLColumn($field->getFieldName(), $field));
continue;
}
if($operator == 'ny'){
$sql[] = sprintf("IS NOT NULL AND %s != ''", $this->getSQLColumn($field->getFieldName(), $field));
continue;
}
if ($operator == 'k') {
// If value is empty and comparator is equals then we have to check IS NULL (same as "is empty" condition)
if ($operator == 'empty' || $operator == 'y') {
$sqlFieldDataType = $field->getFieldDataType();
if($sqlFieldDataType == 'date' || $sqlFieldDataType == 'birthday'){
$sqlFormat = sprintf("IS NULL OR %s = '0000-00-00'", $this->getSQLColumn($field->getFieldName(), $field));
} else if($sqlFieldDataType == 'datetime'){
$sqlFormat = sprintf("IS NULL OR %s = '0000-00-00 00:00:00'", $this->getSQLColumn($field->getFieldName(), $field));
} else {
$sqlFormat = sprintf("IS NULL OR %s = ''", $this->getSQLColumn($field->getFieldName(), $field));
}
$sql[] = $sqlFormat;
continue;
}
if ($operator == 'ny') {
$sqlFieldDataType = $field->getFieldDataType();
if ($sqlFieldDataType == 'date' || $sqlFieldDataType == 'birthday') {
$sqlFormat = sprintf("IS NOT NULL AND %s != '0000-00-00'", $this->getSQLColumn($field->getFieldName(), $field));
} else if ($sqlFieldDataType == 'datetime') {
$sqlFormat = sprintf("IS NOT NULL AND %s != '0000-00-00 00:00:00'", $this->getSQLColumn($field->getFieldName(), $field));
} else {
$sqlFormat = sprintf("IS NOT NULL AND %s != ''", $this->getSQLColumn($field->getFieldName(), $field));
}
$sql[] = $sqlFormat;
continue;
}
if ($operator == 'k') {
$sql[] = sprintf("IS NULL OR %s NOT LIKE '%%%s%%'", $this->getSQLColumn($field->getFieldName(), $field), $value);
continue;
}
if((strtolower(trim($value)) == 'null') ||
(trim($value) == '' && !$this->isStringType($field->getFieldDataType())) &&
($operator == 'e' || $operator == 'n')) {
if($operator == 'e'){
$sql[] = "IS NULL";
$sql[] = "= ''";
continue;
} else {
$sql[] = "IS NOT NULL";
$sql[] = "!= ''";
continue;
}
$trimmedValue = is_array($value) ? NULL : trim($value);
if((strtolower($trimmedValue) == 'null') ||
($trimmedValue == '' && !$this->isStringType($field->getFieldDataType())) &&
($operator == 'e' || $operator == 'n')) {
if($operator == 'e'){
$sql[] = "IS NULL";
$sqlFieldDataType = $field->getFieldDataType();
if($sqlFieldDataType == 'date' || $sqlFieldDataType == 'birthday'){
$sql[] = "= '0000-00-00'";
} else if($sqlFieldDataType == 'datetime'){
$sql[] = "= '0000-00-00 00:00:00'";
} else {
$sql[] = "= ''";
}
continue;
} else {
$sql[] = "IS NOT NULL";
$sql[] = "!= ''";
continue;
}
} elseif($field->getFieldDataType() == 'boolean') {
$value = strtolower($value);
if ($value == 'yes') {
......@@ -1096,11 +1121,11 @@ class QueryGenerator {
}
if($field->getFieldName() == 'birthday' && !$this->isRelativeSearchOperators(
$operator)) {
$value = "DATE_FORMAT(".$db->quote($value).", '%m%d')";
} else {
$value = $db->sql_escape_string($value);
}
$operator)) {
$value = "DATE_FORMAT(".$db->quote($value).", '%m%d')";
} else {
$value = is_array($value) ? NULL : $db->sql_escape_string($value);
}
if(trim($value) == '' && ($operator == 's' || $operator == 'ew' || $operator == 'c')
&& ($this->isStringType($field->getFieldDataType()) ||
......@@ -1150,14 +1175,32 @@ class QueryGenerator {
$sql[] = "IS NULL";
}
if( ($field->getFieldName() != 'birthday' || ($field->getFieldName() == 'birthday'
&& $this->isRelativeSearchOperators($operator)))){
$value = "'$value'";
}
if(($this->isNumericType($field->getFieldDataType())) && empty($value)) {
$value = '0';
}
/**
* While searching in decimal type columns, then value will be stored like 100.1234 (as float value).
* When user search for 100 then also it should show up 100.1234 for which we are altering comparator and
* value here. If we search 'equal' or 'not equal' we will change to 'like' or 'not like'
* NOTE : Same thing handled in ReportRun->generateAdvFilterSql() api
*/
if($this->isFloatType($field->getFieldDataType()) && !empty($value)
&& in_array($operator, array('e', 'n') )){
$sqlOperator = ($operator == 'e') ? ' LIKE ' : ' NOT LIKE ';
if ((float) $value == round((float)$value)) {
// if given value is witn out any decimals (Ex:- 1234), then we search with '1234.%'
$value = $value.'.';
}
$value = $value."%";
}
if( ($field->getFieldDataType() != 'birthday' || ($field->getFieldDataType() == 'birthday'
&& $this->isRelativeSearchOperators($operator)))){
if($field->getFieldDataType() !== 'integer'){
$value = "'$value'";
}
}
if($this->isNumericType($field->getFieldDataType()) && empty($value)) {
$value = '0';
}
$sql[] = "$sqlOperator $value";
}
return $sql;
......@@ -1185,6 +1228,14 @@ class QueryGenerator {
protected function isNumericType($type) {
return ($type == 'integer' || $type == 'double' || $type == 'currency');
}
/**
* Function to identify given type is a floating(decimal) type or not. Column types like decimal will store
* information as floating values. All those column related field types comes under this
*/
protected function isFloatType($type) {
return ($type == 'double' || $type == 'currency' || $type == 'multicurrency');
}
protected function isStringType($type) {
return ($type == 'string' || $type == 'text' || $type == 'email' || $type == 'reference');
......
include/Webservices/ConvertLead.php
View file @ 6b82307b
......@@ -8,11 +8,11 @@
* All Rights Reserved.
******************************************************************************** */
require_once 'vendor/autoload.php';
require_once 'include/Webservices/Retrieve.php';
require_once 'include/Webservices/Create.php';
require_once 'include/Webservices/Delete.php';
require_once 'include/Webservices/DescribeObject.php';
require_once 'includes/Loader.php';
vimport ('includes.runtime.Globals');
vimport ('includes.runtime.BaseModel');
......
include/Webservices/ConvertPotential.php
View file @ 6b82307b
......@@ -12,7 +12,7 @@ require_once 'include/Webservices/Retrieve.php';
require_once 'include/Webservices/Create.php';
require_once 'include/Webservices/Delete.php';
require_once 'include/Webservices/DescribeObject.php';
require_once 'includes/Loader.php';
require_once 'vendor/autoload.php';
vimport('includes.runtime.Globals');
vimport('includes.runtime.BaseModel');
......
include/Webservices/Utils.php
View file @ 6b82307b
......@@ -476,29 +476,28 @@ function vtws_getModuleHandlerFromId($id,$user){
}
function vtws_CreateCompanyLogoFile($fieldname) {
global $root_directory;
$uploaddir = $root_directory ."/test/logo/";
$allowedFileTypes = array("jpeg", "png", "jpg", "pjpeg" ,"x-png");
$binFile = $_FILES[$fieldname]['name'];
$fileType = $_FILES[$fieldname]['type'];
$fileSize = $_FILES[$fieldname]['size'];
$fileTypeArray = explode("/",$fileType);
$fileTypeValue = strtolower($fileTypeArray[1]);
if($fileTypeValue == '') {
$fileTypeValue = substr($binFile,strrpos($binFile, '.')+1);
}
if($fileSize != 0) {
if(in_array($fileTypeValue, $allowedFileTypes)) {
move_uploaded_file($_FILES[$fieldname]["tmp_name"],
$uploaddir.$_FILES[$fieldname]["name"]);
copy($uploaddir.$_FILES[$fieldname]["name"], $uploaddir.'application.ico');
return $binFile;
}
throw new WebServiceException(WebServiceErrorCode::$INVALIDTOKEN,
"$fieldname wrong file type given for upload");
}
throw new WebServiceException(WebServiceErrorCode::$INVALIDTOKEN,
"$fieldname file upload failed");
$fileSize = $_FILES[$fieldname]['size'];
if($fileSize != 0) {
global $root_directory;
//Support formats allowed to upload as per CRM UI.
$logoSupportedFormats = array('jpeg', 'jpg', 'png', 'gif', 'pjpeg', 'x-png');
$file_type_details = explode("/", $_FILES[$fieldname]['type']);
$filetype = $file_type_details['1'];
if(in_array($filetype, $logoSupportedFormats)) {
$uploaddir = $root_directory ."/test/logo/";
$binFile = $_FILES[$fieldname]['name'];
$saveLogo = validateImageFile($_FILES[$fieldname]);
if($saveLogo) {
move_uploaded_file($_FILES[$fieldname]["tmp_name"], $uploaddir.$binFile);
copy($uploaddir.$binFile, $uploaddir.'application.ico');
return $binFile;
}
}
throw new WebServiceException(WebServiceErrorCode::$FAILED_TO_UPDATE,
"$fieldname wrong file type given for upload");
}
throw new WebServiceException(WebServiceErrorCode::$FAILED_TO_UPDATE, "$fieldname file upload failed");
}
function vtws_getActorEntityName ($name, $idList) {
......
include/Webservices/WebServiceErrorCode.php
View file @ 6b82307b
......@@ -43,6 +43,7 @@
public static $FAILED_TO_CREATE = "FAILED_TO_CREATE";
public static $INACTIVECURRENCY = "CURRENCY_INACTIVE";
public static $PASSWORDNOTSTRONG = "PASSWORD_NOT_STRONG";
public static $FAILED_TO_UPDATE = "FAILED_TO_UPDATE";
}
?>
include/database/PearDatabase.php
View file @ 6b82307b
......@@ -113,7 +113,6 @@ class PearDatabase{
function println($msg)
{
require_once('include/logging.php');
$log1 = Logger::getLogger('VT');
if(is_array($msg)) {
$log1->info("PearDatabse ->".print_r($msg,true));
......
include/fields/DateTimeField.php
View file @ 6b82307b
......@@ -109,8 +109,11 @@ class DateTimeField {
*/
public static function __convertToDBFormat($date, $format)
{
$dbDate = '';
if (empty($format)) {
$dbDate = '';
if (4 === strpos($date, '-')) {
// adjust format based on date value (could happen during edit-save)
$format = "yyyy-mm-dd";
} else if (empty($format)) {
if (false === strpos($date, '-')) {
if(false === strpos($date, '.')){
$format = 'dd/mm/yyyy';
......@@ -119,8 +122,8 @@ class DateTimeField {
}
} else {
$format = 'dd-mm-yyyy';
}
}
}
}
switch ($format) {
case 'dd.mm.yyyy':
list($d, $m, $y) = explode('.', $date);
......
include/logging.php
View file @ 6b82307b
......@@ -21,16 +21,5 @@ require_once('config.php');
// Performance Optimization: Configure the log folder
@include_once('config.performance.php');
global $PERFORMANCE_CONFIG;
if(isset($PERFORMANCE_CONFIG) && isset($PERFORMANCE_CONFIG['LOG4PHP_DEBUG']) && $PERFORMANCE_CONFIG['LOG4PHP_DEBUG']) {
define('LOG4PHP_DIR', 'libraries/log4php');
} else {
define('LOG4PHP_DIR', 'libraries/log4php');
}
// END
define('LOG4PHP_DEFAULT_INIT_OVERRIDE', true);
require_once(LOG4PHP_DIR.'/Logger.php');
Logger::configure('log4php.properties');
require_once 'modules/Vtiger/helpers/Logger.php';
?>
include/utils/InventoryUtils.php
View file @ 6b82307b
......@@ -686,7 +686,7 @@ function saveInventoryProductDetails(&$focus, $module, $update_prod_stock='false
$sub_prod_str = vtlib_purify($_REQUEST['subproduct_ids'.$i]);
if (!empty($sub_prod_str)) {
$sub_prod = split(',', rtrim($sub_prod_str, ','));
$sub_prod = explode(',', rtrim($sub_prod_str, ','));
foreach ($sub_prod as $subProductInfo) {
list($subProductId, $subProductQty) = explode(':', $subProductInfo);
$query = 'INSERT INTO vtiger_inventorysubproductrel VALUES(?, ?, ?, ?)';
......
include/utils/VtlibUtils.php
View file @ 6b82307b
......@@ -665,11 +665,10 @@ function vtlib_purify($input, $ignore = false) {
static $purified_cache = array();
$value = $input;
$encryptInput = null;
if (!is_array($input)) {
$encryptInput = hash('sha256',$input);
if (array_key_exists($encryptInput, $purified_cache)) {
$value = $purified_cache[$encryptInput];
$md5OfInput = md5($input);
if (array_key_exists($md5OfInput, $purified_cache)) {
$value = $purified_cache[$md5OfInput];
//to escape cleaning up again
$ignore = true;
}
......@@ -677,7 +676,6 @@ function vtlib_purify($input, $ignore = false) {
$use_charset = $default_charset;
$use_root_directory = $root_directory;
if (!$ignore) {
// Initialize the instance if it has not yet done
if ($__htmlpurifier_instance == false) {
......@@ -702,6 +700,7 @@ function vtlib_purify($input, $ignore = false) {
$config->set('CSS.AllowTricky', true);
$config->set('URI.AllowedSchemes', $allowedSchemes);
$config->set('Attr.EnableID', true);
$config->set('HTML.TargetBlank', true);
$__htmlpurifier_instance = new HTMLPurifier($config);
}
......@@ -717,17 +716,28 @@ function vtlib_purify($input, $ignore = false) {
$value = purifyHtmlEventAttributes($value, true);
}
}
if ($encryptInput != null) {
$purified_cache[$encryptInput] = $value;
}
}
if ($value && !is_array($value)) {
$value = str_replace('&', '&', $value);
}
$purified_cache[$md5OfInput] = $value;
}
if(is_array($value)) {
$value = str_replace_json('&', '&', $value);
} else {
$value = str_replace('&', '&', $value);
}
return $value;
}
/**
* Function to replace values in multi dimentional array (str_replace will support only one level of array)
* @param type $search
* @param type $replace
* @param type $subject
* @return <array>
*/
function str_replace_json($search, $replace, $subject){
return json_decode(str_replace($search, $replace, json_encode($subject)), true);
}
/**
* To purify malicious html event attributes
* @param <String> $value
......@@ -764,7 +774,7 @@ $htmlEventAttributes = "onerror|onblur|onchange|oncontextmenu|onfocus|oninput|on
//remove script tag with contents
$value = purifyScript($value);
//purify javascript alert from the tag contents
$value = purifyJavascriptAlert($value);
$value = purifyJavascriptAlert($value);
} else {
if (preg_match("/\s*(" . $htmlEventAttributes . ")\s*=/i", $value)) {
......@@ -807,10 +817,10 @@ function purifyJavascriptAlert($value){
// skip javascript: contents check if tag is not available,as javascript: regex will cause performace issue if the contents will be large
if (preg_match_all('/(&.*?lt;|<)'.$tag.'[^>]*?(>|&.*?gt;)/i', $value,$matches)) {
$javaScriptRegex = '/(&.*?lt;|<).?'.$tag.' [^>]*(j[\s]?a[\s]?v[\s]?a[\s]?s[\s]?c[\s]?r[\s]?i[\s]?p[\s]?t[\s]*[=&%#:])[^>]*?(>|&.*?gt;)/i';
$javaScriptRegex = '/(&.*?lt;|<).?'.$tag.'[^>]*(j[\s]?a[\s]?v[\s]?a[\s]?s[\s]?c[\s]?r[\s]?i[\s]?p[\s]?t[\s]*[=&%#:])[^>]*?(>|&.*?gt;)/i';
foreach($matches[0] as $matchedValue){
//strict check addded - if &tab;/&newLine added in the above tags we are replacing it to spaces.
$purifyContent = preg_replace('/&NewLine;|&amp;NewLine;|&Tab;|&amp;Tab;|\t/i',' ',$matchedValue);
$purifyContent = preg_replace('/&NewLine;|&amp;NewLine;|&Tab;|&amp;Tab;|\t/i',' ',decode_html($matchedValue));
$purifyContent = preg_replace($javaScriptRegex,"<$tag>",$purifyContent);
$value = str_replace($matchedValue, $purifyContent, $value);
......
include/utils/export.php
View file @ 6b82307b
......@@ -135,7 +135,7 @@ function export($type){
}
$params = array();
list($idstring, $export_data) = split("#@@#",getExportRecordIds($type, $viewid, $_REQUEST));
list($idstring, $export_data) = explode('#@@#', getExportRecordIds($type, $viewid, $_REQUEST));
if(($search_type == 'withoutsearch' || $search_type == 'includesearch') && $export_data == 'selecteddata'){
$idstring = getSelectedRecords($_REQUEST, $type, $idstring, vtlib_purify($_REQUEST['excludedRecords']));
......
include/utils/utils.php
View file @ 6b82307b
......@@ -1872,29 +1872,33 @@ function _phpset_memorylimit_MB($newvalue) {
* @return String - Sanitized file name
*/
function sanitizeUploadFileName($fileName, $badFileExtensions) {
if (!$badFileExtensions) {
$badFileExtensions = vglobal('upload_badext');
}
$fileName = preg_replace('/[\s#%&?]+/', '_', $fileName); //replace space,#,%,&,? with _ in filename
$fileName = rtrim($fileName, '\\/<>?*:"<>|');
$fileNameParts = explode(".", $fileName);
$countOfFileNameParts = php7_count($fileNameParts);
$badExtensionFound = false;
for ($i = 0; $i < $countOfFileNameParts; $i++) {
$partOfFileName = $fileNameParts[$i];
if (in_array(strtolower($partOfFileName), $badFileExtensions)) {
$badExtensionFound = true;
$fileNameParts[$i] = $partOfFileName . 'file';
}
}
$fileName = preg_replace('/\s+/', '_', $fileName);//replace space with _ in filename
$fileName = rtrim($fileName, '\\/<>?*:"<>|');
$fileNameParts = explode(".", $fileName);
$countOfFileNameParts = php7_count($fileNameParts);
$badExtensionFound = false;
for ($i=0;$i<$countOfFileNameParts;++$i) {
$partOfFileName = $fileNameParts[$i];
if(in_array(strtolower($partOfFileName), $badFileExtensions)) {
$badExtensionFound = true;
$fileNameParts[$i] = $partOfFileName . 'file';
}
}
$newFileName = implode(".", $fileNameParts);
$newFileName = implode('.', $fileNameParts);
if ($badExtensionFound) {
$newFileName .= ".txt";
}
$newFileName = ltrim(basename(' ' . $newFileName)); //allowed filename like UTF-8 characters
if ($badExtensionFound) {
$newFileName .= ".txt";
}
return $newFileName;
}
return $newFileName;
}
/** Function to get the tab meta information for a given id
* @param $tabId -- tab id :: Type integer
......@@ -2174,7 +2178,7 @@ function getSelectAllQuery($input,$module) {
$query = $oCustomView->getModifiedCvListQuery($viewid,$listquery,$module);
$where = '';
if($input['query'] == 'true') {
list($where, $ustring) = split("#@@#",getWhereCondition($module, $input));
list($where, $ustring) = explode('#@@#', getWhereCondition($module, $input));
if(isset($where) && $where != '') {
$query .= " AND " .$where;
}
......
includes/http/Request.php
View file @ 6b82307b
......@@ -8,28 +8,13 @@
* All Rights Reserved.
************************************************************************************/
class Vtiger_Request implements ArrayAccess {
class Vtiger_Request {
// Datastore
private $valuemap;
private $rawvaluemap;
private $defaultmap = array();
// ArrayAccess Start
public function offsetExists($key) {
return $this->has($key);
}
public function offsetSet($key, $value) {
$this->set($key, $value);
}
public function offsetGet($key) {
return $this->get($key);
}
public function offsetUnset($key) {
// Ignore
}
// ArrayAccess End
/**
* Default constructor
*/
......@@ -72,13 +57,19 @@ class Vtiger_Request implements ArrayAccess {
}
}
if($isJSON) {
$value = json_decode($value, true);
$oldValue = Zend_Json::$useBuiltinEncoderDecoder;
Zend_Json::$useBuiltinEncoderDecoder = false;
$decodeValue = Zend_Json::decode($value);
if(isset($decodeValue)) {
$value = $decodeValue;
}
Zend_Json::$useBuiltinEncoderDecoder = $oldValue;
}
//Handled for null because vtlib_purify returns empty string
if(!empty($value)){
$value = vtlib_purify($value);
}
//Handled for null because vtlib_purify returns empty string
if(!empty($value)){
$value = vtlib_purify($value);
}
return $value;
}
......
includes/main/WebUI.php
View file @ 6b82307b
......@@ -8,10 +8,10 @@
* All Rights Reserved.
************************************************************************************/
require_once 'vendor/autoload.php';
require_once 'include/utils/utils.php';
require_once 'include/utils/CommonUtils.php';
require_once 'includes/Loader.php';
vimport ('includes.runtime.EntryPoint');
class Vtiger_WebUI extends Vtiger_EntryPoint {
......

Copyright 2023 Vtiger. All rights reserved.