Compare revisions

0bc2b971 · 2da03ffe · 536aa044 · 2879fcdb · 3f1a4055 · c96a02d6
--- a/composer.json
+++ b/composer.json
@@ -14,13 +14,14 @@
    },
    "minimum-stability": "stable",
    "require": {
-	"php": ">=7.2.0",
+	"php": ">=8.1",
 	"ext-mysqli": "*",
 	"ext-imap": "*",
 	"ext-curl": "*",
        "smarty/smarty": "^4.3",
        "dg/rss-php": "^1.5",
        "ezyang/htmlpurifier": "^4.16",
-        "tecnickcom/tcpdf": "^6.6"
+        "tecnickcom/tcpdf": "^6.6",
+	"monolog/monolog": "^3.5"
    }
 }
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
        "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
        "This file is @generated automatically"
    ],
-    "content-hash": "74af97ed9d563a7f2dd29a31b422cbe4",
+    "content-hash": "563a46ac454caaa7dd7892948d7538b7",
    "packages": [
        {
            "name": "dg/rss-php",
@@ -113,18 +113,169 @@
            },
            "time": "2022-09-18T07:06:19+00:00"
        },
+        {
+            "name": "monolog/monolog",
+            "version": "3.5.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/Seldaek/monolog.git",
+                "reference": "c915e2634718dbc8a4a15c61b0e62e7a44e14448"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/Seldaek/monolog/zipball/c915e2634718dbc8a4a15c61b0e62e7a44e14448",
+                "reference": "c915e2634718dbc8a4a15c61b0e62e7a44e14448",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=8.1",
+                "psr/log": "^2.0 || ^3.0"
+            },
+            "provide": {
+                "psr/log-implementation": "3.0.0"
+            },
+            "require-dev": {
+                "aws/aws-sdk-php": "^3.0",
+                "doctrine/couchdb": "~1.0@dev",
+                "elasticsearch/elasticsearch": "^7 || ^8",
+                "ext-json": "*",
+                "graylog2/gelf-php": "^1.4.2 || ^2.0",
+                "guzzlehttp/guzzle": "^7.4.5",
+                "guzzlehttp/psr7": "^2.2",
+                "mongodb/mongodb": "^1.8",
+                "php-amqplib/php-amqplib": "~2.4 || ^3",
+                "phpstan/phpstan": "^1.9",
+                "phpstan/phpstan-deprecation-rules": "^1.0",
+                "phpstan/phpstan-strict-rules": "^1.4",
+                "phpunit/phpunit": "^10.1",
+                "predis/predis": "^1.1 || ^2",
+                "ruflin/elastica": "^7",
+                "symfony/mailer": "^5.4 || ^6",
+                "symfony/mime": "^5.4 || ^6"
+            },
+            "suggest": {
+                "aws/aws-sdk-php": "Allow sending log messages to AWS services like DynamoDB",
+                "doctrine/couchdb": "Allow sending log messages to a CouchDB server",
+                "elasticsearch/elasticsearch": "Allow sending log messages to an Elasticsearch server via official client",
+                "ext-amqp": "Allow sending log messages to an AMQP server (1.0+ required)",
+                "ext-curl": "Required to send log messages using the IFTTTHandler, the LogglyHandler, the SendGridHandler, the SlackWebhookHandler or the TelegramBotHandler",
+                "ext-mbstring": "Allow to work properly with unicode symbols",
+                "ext-mongodb": "Allow sending log messages to a MongoDB server (via driver)",
+                "ext-openssl": "Required to send log messages using SSL",
+                "ext-sockets": "Allow sending log messages to a Syslog server (via UDP driver)",
+                "graylog2/gelf-php": "Allow sending log messages to a GrayLog2 server",
+                "mongodb/mongodb": "Allow sending log messages to a MongoDB server (via library)",
+                "php-amqplib/php-amqplib": "Allow sending log messages to an AMQP server using php-amqplib",
+                "rollbar/rollbar": "Allow sending log messages to Rollbar",
+                "ruflin/elastica": "Allow sending log messages to an Elastic Search server"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-main": "3.x-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "Monolog\\": "src/Monolog"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Jordi Boggiano",
+                    "email": "j.boggiano@seld.be",
+                    "homepage": "https://seld.be"
+                }
+            ],
+            "description": "Sends your logs to files, sockets, inboxes, databases and various web services",
+            "homepage": "https://github.com/Seldaek/monolog",
+            "keywords": [
+                "log",
+                "logging",
+                "psr-3"
+            ],
+            "support": {
+                "issues": "https://github.com/Seldaek/monolog/issues",
+                "source": "https://github.com/Seldaek/monolog/tree/3.5.0"
+            },
+            "funding": [
+                {
+                    "url": "https://github.com/Seldaek",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/monolog/monolog",
+                    "type": "tidelift"
+                }
+            ],
+            "time": "2023-10-27T15:32:31+00:00"
+        },
+        {
+            "name": "psr/log",
+            "version": "3.0.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/php-fig/log.git",
+                "reference": "fe5ea303b0887d5caefd3d431c3e61ad47037001"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/php-fig/log/zipball/fe5ea303b0887d5caefd3d431c3e61ad47037001",
+                "reference": "fe5ea303b0887d5caefd3d431c3e61ad47037001",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=8.0.0"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "3.x-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "Psr\\Log\\": "src"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "PHP-FIG",
+                    "homepage": "https://www.php-fig.org/"
+                }
+            ],
+            "description": "Common interface for logging libraries",
+            "homepage": "https://github.com/php-fig/log",
+            "keywords": [
+                "log",
+                "psr",
+                "psr-3"
+            ],
+            "support": {
+                "source": "https://github.com/php-fig/log/tree/3.0.0"
+            },
+            "time": "2021-07-14T16:46:02+00:00"
+        },
        {
            "name": "smarty/smarty",
-            "version": "v4.3.2",
+            "version": "v4.3.4",
            "source": {
                "type": "git",
                "url": "https://github.com/smarty-php/smarty.git",
-                "reference": "1d9cda2be34fd6edb74924684260636fd0b89288"
+                "reference": "3931d8f54b8f7a4ffab538582d34d4397ba8daa5"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/smarty-php/smarty/zipball/1d9cda2be34fd6edb74924684260636fd0b89288",
+                "url": "https://api.github.com/repos/smarty-php/smarty/zipball/3931d8f54b8f7a4ffab538582d34d4397ba8daa5",
-                "reference": "1d9cda2be34fd6edb74924684260636fd0b89288",
+                "reference": "3931d8f54b8f7a4ffab538582d34d4397ba8daa5",
                "shasum": ""
            },
            "require": {
@@ -175,22 +326,22 @@
            "support": {
                "forum": "https://github.com/smarty-php/smarty/discussions",
                "issues": "https://github.com/smarty-php/smarty/issues",
-                "source": "https://github.com/smarty-php/smarty/tree/v4.3.2"
+                "source": "https://github.com/smarty-php/smarty/tree/v4.3.4"
            },
-            "time": "2023-07-19T10:27:36+00:00"
+            "time": "2023-09-14T10:59:08+00:00"
        },
        {
            "name": "tecnickcom/tcpdf",
-            "version": "6.6.2",
+            "version": "6.6.5",
            "source": {
                "type": "git",
                "url": "https://github.com/tecnickcom/TCPDF.git",
-                "reference": "e3cffc9bcbc76e89e167e9eb0bbda0cab7518459"
+                "reference": "5fce932fcee4371865314ab7f6c0d85423c5c7ce"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/tecnickcom/TCPDF/zipball/e3cffc9bcbc76e89e167e9eb0bbda0cab7518459",
+                "url": "https://api.github.com/repos/tecnickcom/TCPDF/zipball/5fce932fcee4371865314ab7f6c0d85423c5c7ce",
-                "reference": "e3cffc9bcbc76e89e167e9eb0bbda0cab7518459",
+                "reference": "5fce932fcee4371865314ab7f6c0d85423c5c7ce",
                "shasum": ""
            },
            "require": {
@@ -219,7 +370,7 @@
            },
            "notification-url": "https://packagist.org/downloads/",
            "license": [
-                "LGPL-3.0-only"
+                "LGPL-3.0-or-later"
            ],
            "authors": [
                {
@@ -241,7 +392,7 @@
            ],
            "support": {
                "issues": "https://github.com/tecnickcom/TCPDF/issues",
-                "source": "https://github.com/tecnickcom/TCPDF/tree/6.6.2"
+                "source": "https://github.com/tecnickcom/TCPDF/tree/6.6.5"
            },
            "funding": [
                {
@@ -249,7 +400,7 @@
                    "type": "custom"
                }
            ],
-            "time": "2022-12-17T10:28:59+00:00"
+            "time": "2023-09-06T15:09:26+00:00"
        }
    ],
    "packages-dev": [],
@@ -265,5 +416,5 @@
        "ext-curl": "*"
    },
    "platform-dev": [],
-    "plugin-api-version": "2.2.0"
+    "plugin-api-version": "2.3.0"
 }
--- a/config.performance.php
+++ b/config.performance.php
@@ -9,8 +9,8 @@
 ************************************************************************************/
 /* Performance paramters can be configured to fine tune vtiger CRM runtime */
 $PERFORMANCE_CONFIG = Array(
-	// Enable log4php debugging only if requried 
+	// Enable Vtiger Log Level for debugging only if requried 
-	'LOG4PHP_DEBUG' => false,
+	'LOGLEVEl_DEBUG' => false,
 	// Should the caller information be captured in SQL Logging?
 	// It adds little overhead for performance but will be useful to debug

--- a/data/CRMEntity.php
+++ b/data/CRMEntity.php
@@ -177,7 +177,7 @@ class CRMEntity {
 		}
 		// Check 1
-		$save_file = 'true';
+		$save_file = true;
 		//only images are allowed for Image Attachmenttype
 		$mimeType = vtlib_mime_content_type($file_details['tmp_name']);
 		$mimeTypeContents = explode('/', $mimeType);
@@ -186,12 +186,12 @@ class CRMEntity {
 			$save_file = validateImageFile($file_details);
 		}
                $log->debug("File Validation status in Check1 save_file => $save_file");
-		if ($save_file == 'false') {
+		if (!$save_file) {
 			return false;
 		}
 		// Check 2
-		$save_file = 'true';
+		$save_file = true;
 		//only images are allowed for these modules
 		if ($module == 'Contacts' || $module == 'Products') {
 			$save_file = validateImageFile($file_details);
@@ -213,7 +213,7 @@ class CRMEntity {
 		$upload_status = copy($filetmp_name, $upload_file_path . $current_id . "_" . $encryptFileName);
 		// temporary file will be deleted at the end of request
                $log->debug("Upload status of file => $upload_status");
-		if ($save_file == 'true' && $upload_status == 'true') {
+		if ($save_file && $upload_status == 'true') {
 			if($attachmentType != 'Image' && $this->mode == 'edit') {
 				//Only one Attachment per entity delete previous attachments
 				$res = $adb->pquery('SELECT vtiger_seattachmentsrel.attachmentsid FROM vtiger_seattachmentsrel 
@@ -3125,6 +3125,7 @@ class TrackableObject implements ArrayAccess, IteratorAggregate {
 	}
 	function offsetSet($key, $value) {
+            if(is_array($value)) $value = empty($value) ? "" : $value[0];
 		if($this->tracking && $this->trackingEnabled) {
 			$olderValue = $this->offsetGet($key);
 			// decode_html only expects string

--- a/include/ChartUtils.php
+++ b/include/ChartUtils.php
@@ -370,7 +370,7 @@ Class ChartUtils {
 		if ($fieldDetails != '') {
 			list($tablename, $colname, $module_field, $fieldname, $single) = explode(":", $fieldDetails);
-			list($module, $field) = split("_", $module_field);
+			list($module, $field) = explode('_', $module_field);
 			$dateField = false;
 			if ($single == 'D') {
 				$dateField = true;

--- a/include/ListView/ListViewController.php
+++ b/include/ListView/ListViewController.php
@@ -228,6 +228,7 @@ class ListViewController {
 		}
 		$moduleInstance = Vtiger_Module_Model::getInstance("PBXManager");
+                $outgoingCallPermission = false;
 		if($moduleInstance && $moduleInstance->isActive()) {
 			$outgoingCallPermission = PBXManager_Server_Model::checkPermissionForOutgoingCall();
 			$clickToCallLabel = vtranslate("LBL_CLICK_TO_CALL");
@@ -300,7 +301,6 @@ class ListViewController {
 					} else{
 						$value = textlength_check($value);
 					}
-					$value = $fileicon.$value;
 				} elseif($module == 'Documents' && $fieldName == 'filesize') {
 					$downloadType = $db->query_result($result,$i,'filelocationtype');
 					if($downloadType == 'I') {

--- a/include/QueryGenerator/QueryGenerator.php
+++ b/include/QueryGenerator/QueryGenerator.php
@@ -1029,30 +1029,55 @@ class QueryGenerator {
 			if(!$this->isStringType($field->getFieldDataType())) {
 				$value = trim($value);
 			}
-			if ($operator == 'empty' || $operator == 'y') {
+			// If value is empty and comparator is equals then we have to check IS NULL (same as "is empty" condition)
-				$sql[] = sprintf("IS NULL OR %s = ''", $this->getSQLColumn($field->getFieldName(), $field));
+                        if ($operator == 'empty' || $operator == 'y') {
-				continue;
+                            $sqlFieldDataType = $field->getFieldDataType();
-			}
+                            if($sqlFieldDataType == 'date' || $sqlFieldDataType == 'birthday'){
-			if($operator == 'ny'){
+                                    $sqlFormat = sprintf("IS NULL OR %s = '0000-00-00'", $this->getSQLColumn($field->getFieldName(), $field));
-				$sql[] = sprintf("IS NOT NULL AND %s != ''", $this->getSQLColumn($field->getFieldName(), $field));
+                            } else if($sqlFieldDataType == 'datetime'){
-				continue;
+                                    $sqlFormat = sprintf("IS NULL OR %s = '0000-00-00 00:00:00'", $this->getSQLColumn($field->getFieldName(), $field));
-			}
+                            } else {
-			if ($operator == 'k') {
+                                    $sqlFormat = sprintf("IS NULL OR %s = ''", $this->getSQLColumn($field->getFieldName(), $field));
+                            }
+                            $sql[] = $sqlFormat;
+                            continue;
+                        }
+			if ($operator == 'ny') {
+                            $sqlFieldDataType = $field->getFieldDataType();
+                            if ($sqlFieldDataType == 'date' || $sqlFieldDataType == 'birthday') {
+                                $sqlFormat = sprintf("IS NOT NULL AND %s != '0000-00-00'", $this->getSQLColumn($field->getFieldName(), $field));
+                            } else if ($sqlFieldDataType == 'datetime') {
+                                $sqlFormat = sprintf("IS NOT NULL AND %s != '0000-00-00 00:00:00'", $this->getSQLColumn($field->getFieldName(), $field));
+                            } else {
+                                $sqlFormat = sprintf("IS NOT NULL AND %s != ''", $this->getSQLColumn($field->getFieldName(), $field));
+                            }
+                            $sql[] = $sqlFormat;
+                            continue;
+                        }
+                        if ($operator == 'k') {
 				$sql[] = sprintf("IS NULL OR %s NOT LIKE '%%%s%%'", $this->getSQLColumn($field->getFieldName(), $field), $value);
 				continue;
 			}
-			if((strtolower(trim($value)) == 'null') ||
+			$trimmedValue = is_array($value) ? NULL : trim($value);
-					(trim($value) == '' && !$this->isStringType($field->getFieldDataType())) &&
+                        if((strtolower($trimmedValue) == 'null') ||
-							($operator == 'e' || $operator == 'n')) {
+                                ($trimmedValue == '' && !$this->isStringType($field->getFieldDataType())) &&
-				if($operator == 'e'){
+                                ($operator == 'e' || $operator == 'n')) {
-					$sql[] = "IS NULL";
+                            if($operator == 'e'){
-					$sql[] = "= ''";
+                                $sql[] = "IS NULL";
-					continue;
+                                $sqlFieldDataType = $field->getFieldDataType();
-				} else {
+                                if($sqlFieldDataType == 'date' || $sqlFieldDataType == 'birthday'){
-					$sql[] = "IS NOT NULL";
+                                        $sql[] = "= '0000-00-00'";
-					$sql[] = "!= ''";
+                                } else if($sqlFieldDataType == 'datetime'){
-					continue;
+                                        $sql[] = "= '0000-00-00 00:00:00'";
-				}
+                                } else {
+                                        $sql[] = "= ''";
+                                }
+                                continue;
+                            } else {
+                                $sql[] = "IS NOT NULL";
+                                $sql[] = "!= ''";
+                                continue;
+                            }
 			} elseif($field->getFieldDataType() == 'boolean') {
 				$value = strtolower($value);
 				if ($value == 'yes') {
@@ -1096,11 +1121,11 @@ class QueryGenerator {
 			}
 			if($field->getFieldName() == 'birthday' && !$this->isRelativeSearchOperators(
-					$operator)) {
+                                $operator)) {
-				$value = "DATE_FORMAT(".$db->quote($value).", '%m%d')";
+                            $value = "DATE_FORMAT(".$db->quote($value).", '%m%d')";
-			} else {
+                        } else {
-				$value = $db->sql_escape_string($value);
+                            $value = is_array($value) ? NULL : $db->sql_escape_string($value);
-			}
+                        }
 			if(trim($value) == '' && ($operator == 's' || $operator == 'ew' || $operator == 'c')
 					&& ($this->isStringType($field->getFieldDataType()) ||
@@ -1150,14 +1175,32 @@ class QueryGenerator {
 				$sql[] = "IS NULL";
 			}
-			if( ($field->getFieldName() != 'birthday' || ($field->getFieldName() == 'birthday'
+                        /**
-							&& $this->isRelativeSearchOperators($operator)))){
+                         * While searching in decimal type columns, then value will be stored like 100.1234 (as float value).
-				$value = "'$value'";
+                         * When user search for 100 then also it should show up 100.1234 for which we are altering comparator and 
-			}
+                         * value here. If we search 'equal' or 'not equal' we will change to 'like' or 'not like'
+                         * NOTE : Same thing handled in ReportRun->generateAdvFilterSql() api
-			if(($this->isNumericType($field->getFieldDataType())) && empty($value)) {				
+                         */
-				$value = '0';
+                        if($this->isFloatType($field->getFieldDataType()) && !empty($value)
-			}
+                                && in_array($operator, array('e', 'n') )){
+                            $sqlOperator = ($operator == 'e') ? ' LIKE ' : ' NOT LIKE ';
+                                if ((float) $value == round((float)$value)) {
+                                // if given value is witn out any decimals (Ex:- 1234), then we search with '1234.%'
+                                $value = $value.'.';
+                            }
+                            $value = $value."%";
+                        }
+                        if( ($field->getFieldDataType() != 'birthday' || ($field->getFieldDataType() == 'birthday'
+                                        && $this->isRelativeSearchOperators($operator)))){
+                            if($field->getFieldDataType() !== 'integer'){
+                                $value = "'$value'";
+                            }
+                        }
+                        if($this->isNumericType($field->getFieldDataType()) && empty($value)) {
+                            $value = '0';
+                        }
 			$sql[] = "$sqlOperator $value";
 		}
 		return $sql;
@@ -1185,6 +1228,14 @@ class QueryGenerator {
 	protected function isNumericType($type) {
 		return ($type == 'integer' || $type == 'double' || $type == 'currency');
 	}
+        /**
+        * Function to identify given type is a floating(decimal) type or not. Column types like decimal will store 
+        * information as floating values. All those column related field types comes under this
+        */
+        protected function isFloatType($type) {
+           return ($type == 'double' || $type == 'currency' || $type == 'multicurrency');
+        }
 	protected function isStringType($type) {
 		return ($type == 'string' || $type == 'text' || $type == 'email' || $type == 'reference');

--- a/include/Webservices/ConvertLead.php
+++ b/include/Webservices/ConvertLead.php
@@ -8,11 +8,11 @@
 * All Rights Reserved.
 ******************************************************************************** */
+require_once 'vendor/autoload.php';
 require_once 'include/Webservices/Retrieve.php';
 require_once 'include/Webservices/Create.php';
 require_once 'include/Webservices/Delete.php';
 require_once 'include/Webservices/DescribeObject.php';
-require_once 'includes/Loader.php';
 vimport ('includes.runtime.Globals');
 vimport ('includes.runtime.BaseModel');

--- a/include/Webservices/ConvertPotential.php
+++ b/include/Webservices/ConvertPotential.php
@@ -12,7 +12,7 @@ require_once 'include/Webservices/Retrieve.php';
 require_once 'include/Webservices/Create.php';
 require_once 'include/Webservices/Delete.php';
 require_once 'include/Webservices/DescribeObject.php';
-require_once 'includes/Loader.php';
+require_once 'vendor/autoload.php';
 vimport('includes.runtime.Globals');
 vimport('includes.runtime.BaseModel');

--- a/include/Webservices/Utils.php
+++ b/include/Webservices/Utils.php
@@ -476,29 +476,28 @@ function vtws_getModuleHandlerFromId($id,$user){
 }
 function vtws_CreateCompanyLogoFile($fieldname) {
-	global $root_directory;
+    $fileSize = $_FILES[$fieldname]['size'];
-	$uploaddir = $root_directory ."/test/logo/";
+    if($fileSize != 0) {
-	$allowedFileTypes = array("jpeg", "png", "jpg", "pjpeg" ,"x-png");
+        global $root_directory;
-	$binFile = $_FILES[$fieldname]['name'];
+        //Support formats allowed to upload as per CRM UI.
-	$fileType = $_FILES[$fieldname]['type'];
+        $logoSupportedFormats = array('jpeg', 'jpg', 'png', 'gif', 'pjpeg', 'x-png');
-	$fileSize = $_FILES[$fieldname]['size'];
-	$fileTypeArray = explode("/",$fileType);
+        $file_type_details = explode("/", $_FILES[$fieldname]['type']);
-	$fileTypeValue = strtolower($fileTypeArray[1]);
+        $filetype = $file_type_details['1'];
-	if($fileTypeValue == '') {
+        if(in_array($filetype, $logoSupportedFormats)) {
-		$fileTypeValue = substr($binFile,strrpos($binFile, '.')+1);
+            $uploaddir = $root_directory ."/test/logo/";
-	}
+            $binFile = $_FILES[$fieldname]['name'];
-	if($fileSize != 0) {
+            $saveLogo = validateImageFile($_FILES[$fieldname]);
-		if(in_array($fileTypeValue, $allowedFileTypes)) {
+            if($saveLogo) {
-			move_uploaded_file($_FILES[$fieldname]["tmp_name"],
+                move_uploaded_file($_FILES[$fieldname]["tmp_name"], $uploaddir.$binFile);
-					$uploaddir.$_FILES[$fieldname]["name"]);
+                copy($uploaddir.$binFile, $uploaddir.'application.ico');
-			copy($uploaddir.$_FILES[$fieldname]["name"], $uploaddir.'application.ico');
+                return $binFile;
-			return $binFile;
+            }
-		}
+        }
-		throw new WebServiceException(WebServiceErrorCode::$INVALIDTOKEN,
+        throw new WebServiceException(WebServiceErrorCode::$FAILED_TO_UPDATE,
-			"$fieldname wrong file type given for upload");
+            "$fieldname wrong file type given for upload");
-	}
+    }
-	throw new WebServiceException(WebServiceErrorCode::$INVALIDTOKEN,
+    throw new WebServiceException(WebServiceErrorCode::$FAILED_TO_UPDATE, "$fieldname file upload failed");
-			"$fieldname file upload failed");
 }
 function vtws_getActorEntityName ($name, $idList) {

--- a/include/Webservices/WebServiceErrorCode.php
+++ b/include/Webservices/WebServiceErrorCode.php
@@ -43,6 +43,7 @@
        public static $FAILED_TO_CREATE = "FAILED_TO_CREATE";
 		public static $INACTIVECURRENCY = "CURRENCY_INACTIVE";
                public static $PASSWORDNOTSTRONG = "PASSWORD_NOT_STRONG";
+                public static $FAILED_TO_UPDATE = "FAILED_TO_UPDATE";
 	}
 ?>
--- a/include/database/PearDatabase.php
+++ b/include/database/PearDatabase.php
@@ -113,7 +113,6 @@ class PearDatabase{
    function println($msg)
    {
-		require_once('include/logging.php');
 		$log1 = Logger::getLogger('VT');
 		if(is_array($msg)) {
 		    $log1->info("PearDatabse ->".print_r($msg,true));

--- a/include/fields/DateTimeField.php
+++ b/include/fields/DateTimeField.php
@@ -109,8 +109,11 @@ class DateTimeField {
     */
    public static function __convertToDBFormat($date, $format)
    {
-        $dbDate = '';
+	$dbDate = '';
-        if (empty($format)) {
+	if (4 === strpos($date, '-')) {
+	    // adjust format based on date value (could happen during edit-save)
+	    $format = "yyyy-mm-dd";
+	} else if (empty($format)) {
            if (false === strpos($date, '-')) {
                if(false === strpos($date, '.')){
                    $format = 'dd/mm/yyyy';
@@ -119,8 +122,8 @@ class DateTimeField {
                }
            } else {
                $format = 'dd-mm-yyyy';
-            }
+	    }
-        }
+	}
        switch ($format) {
            case 'dd.mm.yyyy':
                list($d, $m, $y) = explode('.', $date);

--- a/include/logging.php
+++ b/include/logging.php
@@ -21,16 +21,5 @@ require_once('config.php');
 // Performance Optimization: Configure the log folder
 @include_once('config.performance.php');
-global $PERFORMANCE_CONFIG;
+require_once 'modules/Vtiger/helpers/Logger.php';
-if(isset($PERFORMANCE_CONFIG) && isset($PERFORMANCE_CONFIG['LOG4PHP_DEBUG']) && $PERFORMANCE_CONFIG['LOG4PHP_DEBUG']) {
-        define('LOG4PHP_DIR', 'libraries/log4php');
-} else {
-        define('LOG4PHP_DIR', 'libraries/log4php');
-}
-// END
-define('LOG4PHP_DEFAULT_INIT_OVERRIDE', true);
-require_once(LOG4PHP_DIR.'/Logger.php');
-Logger::configure('log4php.properties');
 ?>
--- a/include/utils/InventoryUtils.php
+++ b/include/utils/InventoryUtils.php
@@ -686,7 +686,7 @@ function saveInventoryProductDetails(&$focus, $module, $update_prod_stock='false
 		$sub_prod_str = vtlib_purify($_REQUEST['subproduct_ids'.$i]);
 		if (!empty($sub_prod_str)) {
-			 $sub_prod = split(',', rtrim($sub_prod_str, ','));
+			 $sub_prod = explode(',', rtrim($sub_prod_str, ','));
 			 foreach ($sub_prod as $subProductInfo) {
 				 list($subProductId, $subProductQty) = explode(':', $subProductInfo);
 				 $query = 'INSERT INTO vtiger_inventorysubproductrel VALUES(?, ?, ?, ?)';

--- a/include/utils/VtlibUtils.php
+++ b/include/utils/VtlibUtils.php
@@ -665,11 +665,10 @@ function vtlib_purify($input, $ignore = false) {
    static $purified_cache = array();
    $value = $input;
-	$encryptInput = null;
    if (!is_array($input)) {
-        $encryptInput = hash('sha256',$input);
+        $md5OfInput = md5($input);
-        if (array_key_exists($encryptInput, $purified_cache)) {
+        if (array_key_exists($md5OfInput, $purified_cache)) {
-            $value = $purified_cache[$encryptInput];
+            $value = $purified_cache[$md5OfInput];
            //to escape cleaning up again
            $ignore = true;
        }
@@ -677,7 +676,6 @@ function vtlib_purify($input, $ignore = false) {
    $use_charset = $default_charset;
    $use_root_directory = $root_directory;
    if (!$ignore) {
        // Initialize the instance if it has not yet done
        if ($__htmlpurifier_instance == false) {
@@ -702,6 +700,7 @@ function vtlib_purify($input, $ignore = false) {
            $config->set('CSS.AllowTricky', true);
            $config->set('URI.AllowedSchemes', $allowedSchemes);
            $config->set('Attr.EnableID', true);
+            $config->set('HTML.TargetBlank', true);
            $__htmlpurifier_instance = new HTMLPurifier($config);
        }
@@ -717,17 +716,28 @@ function vtlib_purify($input, $ignore = false) {
                $value = purifyHtmlEventAttributes($value, true);
            }
        }
-        if ($encryptInput != null) {
+        $purified_cache[$md5OfInput] = $value;
-			$purified_cache[$encryptInput] = $value;
+    }
-    	}
-	}
+    if(is_array($value)) {
+        $value = str_replace_json('&amp;', '&', $value);
-	if ($value && !is_array($value)) {
+    } else {
-		$value = str_replace('&amp;', '&', $value);
+        $value = str_replace('&amp;', '&', $value);
-	}
+    }
    return $value;
 }
+/**
+ * Function to replace values in multi dimentional array (str_replace will support only one level of array)
+ * @param type $search
+ * @param type $replace
+ * @param type $subject
+ * @return <array>
+ */
+function str_replace_json($search, $replace, $subject){
+    return json_decode(str_replace($search, $replace,  json_encode($subject)), true);
+}
 /**
 * To purify malicious html event attributes
 * @param <String> $value
@@ -764,7 +774,7 @@ $htmlEventAttributes = "onerror|onblur|onchange|oncontextmenu|onfocus|oninput|on
        //remove script tag with contents
        $value = purifyScript($value);
        //purify javascript alert from the tag contents
-        $value = purifyJavascriptAlert($value); 
+        $value = purifyJavascriptAlert($value);
    } else {
        if (preg_match("/\s*(" . $htmlEventAttributes . ")\s*=/i", $value)) {
@@ -807,10 +817,10 @@ function purifyJavascriptAlert($value){
        // skip javascript: contents check if tag is not available,as javascript: regex will cause performace issue if the contents will be large 
        if (preg_match_all('/(&.*?lt;|<)'.$tag.'[^>]*?(>|&.*?gt;)/i', $value,$matches)) {
-            $javaScriptRegex = '/(&.*?lt;|<).?'.$tag.' [^>]*(j[\s]?a[\s]?v[\s]?a[\s]?s[\s]?c[\s]?r[\s]?i[\s]?p[\s]?t[\s]*[=&%#:])[^>]*?(>|&.*?gt;)/i';
+            $javaScriptRegex = '/(&.*?lt;|<).?'.$tag.'[^>]*(j[\s]?a[\s]?v[\s]?a[\s]?s[\s]?c[\s]?r[\s]?i[\s]?p[\s]?t[\s]*[=&%#:])[^>]*?(>|&.*?gt;)/i';
            foreach($matches[0] as $matchedValue){
                //strict check addded - if &tab;/&newLine added in the above tags we are replacing it to spaces.
-                $purifyContent = preg_replace('/&NewLine;|&amp;NewLine;|&Tab;|&amp;Tab;|\t/i',' ',$matchedValue);
+                $purifyContent = preg_replace('/&NewLine;|&amp;NewLine;|&Tab;|&amp;Tab;|\t/i',' ',decode_html($matchedValue));
                $purifyContent = preg_replace($javaScriptRegex,"<$tag>",$purifyContent);
                $value = str_replace($matchedValue, $purifyContent, $value);

--- a/include/utils/export.php
+++ b/include/utils/export.php
@@ -135,7 +135,7 @@ function export($type){
 	}
 	$params = array();
-	list($idstring, $export_data) = split("#@@#",getExportRecordIds($type, $viewid, $_REQUEST));
+	list($idstring, $export_data) = explode('#@@#', getExportRecordIds($type, $viewid, $_REQUEST));
 	if(($search_type == 'withoutsearch' || $search_type == 'includesearch') && $export_data == 'selecteddata'){
 		$idstring = getSelectedRecords($_REQUEST, $type, $idstring, vtlib_purify($_REQUEST['excludedRecords']));

--- a/include/utils/utils.php
+++ b/include/utils/utils.php
@@ -1872,29 +1872,33 @@ function _phpset_memorylimit_MB($newvalue) {
 * @return String - Sanitized file name
 */
 function sanitizeUploadFileName($fileName, $badFileExtensions) {
+    if (!$badFileExtensions) {
+        $badFileExtensions = vglobal('upload_badext');
+    }
+    $fileName = preg_replace('/[\s#%&?]+/', '_', $fileName); //replace space,#,%,&,? with _ in filename
+    $fileName = rtrim($fileName, '\\/<>?*:"<>|');
+    $fileNameParts = explode(".", $fileName);
+    $countOfFileNameParts = php7_count($fileNameParts);
+    $badExtensionFound = false;
+    for ($i = 0; $i < $countOfFileNameParts; $i++) {
+        $partOfFileName = $fileNameParts[$i];
+        if (in_array(strtolower($partOfFileName), $badFileExtensions)) {
+            $badExtensionFound = true;
+            $fileNameParts[$i] = $partOfFileName . 'file';
+        }
+    }
-	$fileName = preg_replace('/\s+/', '_', $fileName);//replace space with _ in filename
+    $newFileName = implode('.', $fileNameParts);
-	$fileName = rtrim($fileName, '\\/<>?*:"<>|');
+    if ($badExtensionFound) {
+        $newFileName .= ".txt";
-	$fileNameParts = explode(".", $fileName);
+    }
-	$countOfFileNameParts = php7_count($fileNameParts);
-	$badExtensionFound = false;
+    $newFileName = ltrim(basename(' ' . $newFileName)); //allowed filename like UTF-8 characters
-	for ($i=0;$i<$countOfFileNameParts;++$i) {
-		$partOfFileName = $fileNameParts[$i];
-		if(in_array(strtolower($partOfFileName), $badFileExtensions)) {
-			$badExtensionFound = true;
-			$fileNameParts[$i] = $partOfFileName . 'file';
-	}
-	}
-	$newFileName = implode(".", $fileNameParts);
-	if ($badExtensionFound) {
+    return $newFileName;
-		$newFileName .= ".txt";
+}
-		}
-	return $newFileName;
-		}
 /** Function to get the tab meta information for a given id
  * @param $tabId -- tab id :: Type integer
@@ -2174,7 +2178,7 @@ function getSelectAllQuery($input,$module) {
 		$query = $oCustomView->getModifiedCvListQuery($viewid,$listquery,$module);
 		$where = '';
 		if($input['query'] == 'true') {
-			list($where, $ustring) = split("#@@#",getWhereCondition($module, $input));
+			list($where, $ustring) = explode('#@@#', getWhereCondition($module, $input));
 			if(isset($where) && $where != '') {
 				$query .= " AND " .$where;
 			}

--- a/includes/http/Request.php
+++ b/includes/http/Request.php
@@ -8,28 +8,13 @@
 * All Rights Reserved.
 ************************************************************************************/
-class Vtiger_Request implements ArrayAccess {
+class Vtiger_Request {
 	// Datastore
 	private $valuemap;
 	private $rawvaluemap;
 	private $defaultmap = array();
-	// ArrayAccess Start
-	public function offsetExists($key) {
-		return $this->has($key);
-	}
-	public function offsetSet($key, $value) {
-		$this->set($key, $value);
-	}
-	public function offsetGet($key) {
-		return $this->get($key);
-	}
-	public function offsetUnset($key) {
-		// Ignore
-	}
-	// ArrayAccess End
 	/**
 	 * Default constructor
 	 */
@@ -72,13 +57,19 @@ class Vtiger_Request implements ArrayAccess {
 			}
 		}
 		if($isJSON) {
-			$value = json_decode($value, true);
+                    $oldValue = Zend_Json::$useBuiltinEncoderDecoder;
+                    Zend_Json::$useBuiltinEncoderDecoder = false;
+                    $decodeValue = Zend_Json::decode($value);
+                    if(isset($decodeValue)) {
+                            $value = $decodeValue;
+                    }
+                    Zend_Json::$useBuiltinEncoderDecoder  = $oldValue;
 		}
-        //Handled for null because vtlib_purify returns empty string
+                //Handled for null because vtlib_purify returns empty string
-        if(!empty($value)){
+                if(!empty($value)){
-            $value = vtlib_purify($value);
+                    $value = vtlib_purify($value);
-        }
+                }
 		return $value;
 	}

--- a/includes/main/WebUI.php
+++ b/includes/main/WebUI.php
@@ -8,10 +8,10 @@
 * All Rights Reserved.
 ************************************************************************************/
+require_once 'vendor/autoload.php';
 require_once 'include/utils/utils.php';
 require_once 'include/utils/CommonUtils.php';
-require_once 'includes/Loader.php';
 vimport ('includes.runtime.EntryPoint');
 class Vtiger_WebUI extends Vtiger_EntryPoint {
No results found