Merge branch 'master' into File_security

modules/Settings/Vtiger/models/Module.php

@@ -150,19 +150,26 @@ class Settings_Vtiger_Module_Model extends Vtiger_Base_Model {
 		$moduleName = $request->getModule();
 		$qualifiedModuleName = $request->getModule(false);
 
-		$whereCondition .= "linkto LIKE '%$moduleName%' AND (linkto LIKE '%parent=Settings%' OR linkto LIKE '%parenttab=Settings%')";
+		$arrayParams = array();
+		$whereCondition .= "linkto LIKE ?  ";
+        $arrayParams[] = "%$moduleName%";
+ 		if ($moduleName != 'LanguageEditor') {
+ 			$whereCondition .= "AND (linkto LIKE '%parent=Settings%' OR linkto LIKE '%parenttab=Settings%')";
+ 		}
 
 		$db = PearDatabase::getInstance();
 		$query = "SELECT vtiger_settings_blocks.label AS blockname, vtiger_settings_field.name AS menu FROM vtiger_settings_blocks
 					INNER JOIN vtiger_settings_field ON vtiger_settings_field.blockid=vtiger_settings_blocks.blockid
 					WHERE $whereCondition";
-		$result = $db->pquery($query, array());
+		$result = $db->pquery($query, $arrayParams);
 		$numOfRows = $db->num_rows($result);
 		if ($numOfRows == 1) {
 			$finalResult = array(	'block' => $db->query_result($result, 0, 'blockname'),
 									'menu'	=> $db->query_result($result, 0, 'menu'));
 		} elseif ($numOfRows > 1) {
-			$result = $db->pquery("$query AND linkto LIKE '%view=$view%'", array());
+            $query = "$query AND linkto LIKE ? ";
+            $arrayParams[] = "%view=$view%";
+			$result = $db->pquery($query, $arrayParams);
 			$numOfRows = $db->num_rows($result);
 			if ($numOfRows == 1) {
 				$finalResult = array(	'block' => $db->query_result($result, 0, 'blockname'),

modules/Vtiger/views/Detail.php

@@ -44,7 +44,7 @@ class Vtiger_Detail_View extends Vtiger_Index_View {
 					break;
 				case 'showRelatedList':
 				case 'showRelatedRecords':
-					$permissions[] = array('module_parameter' => 'relatedModule', 'action' => 'DetailView', 'record_parameter' => 'record');
+					$permissions[] = array('module_parameter' => 'relatedModule', 'action' => 'DetailView');
 					break;
 				case 'getActivities':
 					$permissions[] = array('module_parameter' => 'custom_module', 'action' => 'DetailView');

modules/Vtiger/views/ModCommentsDetailAjax.php

@@ -14,6 +14,13 @@ class Vtiger_ModCommentsDetailAjax_View extends Vtiger_IndexAjax_View {
 		$this->exposeMethod('saveRollupSettings');
 		$this->exposeMethod('getNextGroupOfRollupComments');
 	}
+    
+    function requiresPermission(Vtiger_Request $request) {
+        $permissions[] = array('module_parameter' => 'custom_module', 'action' => 'DetailView');
+        $request->set('custom_module', 'ModComments');
+		
+		return $permissions;
+    }
 
 	public function process(Vtiger_Request $request) {
 		$mode = $request->getMode();