PEAR.php

@@ -99,6 +99,7 @@ $GLOBALS['_PEAR_error_handler_stack']    = array();
  * @since      Class available since PHP 4.0.2
  * @link        http://pear.php.net/manual/en/core.pear.php#core.pear.pear
  */
+#[\AllowDynamicProperties]
 class PEAR
 {
     // {{{ properties
@@ -814,6 +815,7 @@ function _PEAR_call_destructors()
  * @see        PEAR::raiseError(), PEAR::throwError()
  * @since      Class available since PHP 4.0.2
  */
+#[\AllowDynamicProperties]
 class PEAR_Error
 {
     // {{{ properties

composer.json

@@ -22,6 +22,9 @@
         "dg/rss-php": "^1.5",
         "ezyang/htmlpurifier": "^4.16",
         "tecnickcom/tcpdf": "^6.6",
-	"monolog/monolog": "^3.5"
+	"monolog/monolog": "^3.5",
+        "league/oauth2-client": "^2.7",
+        "phpmailer/phpmailer": "^6.9",
+        "league/oauth2-google": "^4.0"
     }
 }

config.template.php

@@ -111,7 +111,7 @@ $allow_exports = 'all';
 
 // files with one of these extensions will have '.txt' appended to their filename on upload
 // upload_badext default value = php, php3, php4, php5, pl, cgi, py, asp, cfm, js, vbs, html, htm
-$upload_badext = array('php', 'php3', 'php4', 'php5', 'pl', 'cgi', 'py', 'asp', 'cfm', 'js', 'vbs', 'html', 'htm', 'exe', 'bin', 'bat', 'sh', 'dll', 'phps', 'phtml', 'xhtml', 'rb', 'msi', 'jsp', 'shtml', 'sth', 'shtm', 'htaccess');
+$upload_badext = array('php', 'php3', 'php4', 'php5', 'pl', 'cgi', 'py', 'asp', 'cfm', 'js', 'vbs', 'html', 'htm', 'exe', 'bin', 'bat', 'sh', 'dll', 'phps', 'phtml', 'xhtml', 'rb', 'msi', 'jsp', 'shtml', 'sth', 'shtm', 'htaccess', 'phar');
 
 // list_max_entries_per_page default value = 20
 $list_max_entries_per_page = '20';

config_override.dev.php

+<?php
+
+/** Logging configuration for Strict Development */
+require_once "vtlib/Vtiger/Utils/PhpLogHandler.php";
+Vtiger_PhpLogHandler::enableStrictLogging(__DIR__, "logs/phperr.log");

cron/SendReminder.service

@@ -22,8 +22,8 @@
 //file modified by richie
 
 require_once('include/utils/utils.php');
-require_once("modules/Emails/class.smtp.php");
-require_once("modules/Emails/class.phpmailer.php");
+//require_once("modules/Emails/class.smtp.php");
+//require_once("modules/Emails/class.phpmailer.php");
 require_once("modules/Emails/mail.php");
 require_once('include/logging.php');
 require_once("config.php");
@@ -232,7 +232,7 @@ function send_email($to,$from,$subject,$contents,$mail_server,$mail_server_usern
 	$log->info("This is send_mail function in SendReminder.php(vtiger home).");
 	global $root_directory;
 
-	$mail = new PHPMailer();
+	$mail = new PHPMailer\PHPMailer\PHPMailer();
 
 
 	$mail->Subject	= $subject;

cron/modules/Oauth2/TokenRefresher.service

+<?php
+/*+***********************************************************************************
+ * The contents of this file are subject to the vtiger CRM Public License Version 1.0
+ * ("License"); You may not use this file except in compliance with the License
+ * The Original Code is:  vtiger CRM Open Source
+ * The Initial Developer of the Original Code is vtiger.
+ * Portions created by vtiger are Copyright (C) vtiger.
+ * All Rights Reserved.
+ *************************************************************************************/
+
+require_once 'modules/Oauth2/handlers/TokenRefresher.php';
+
+$tokenRefresher = new Oauth2_TokenRefresher_Handler();
+$tokenRefresher->refreshAll();
\ No newline at end of file

cron/send_mail.php

@@ -22,13 +22,13 @@
 //file modified by richie
 
 
-require_once("modules/Emails/class.smtp.php");
-require_once("modules/Emails/class.phpmailer.php");
+// require_once("modules/Emails/class.smtp.php");
+// require_once("modules/Emails/class.phpmailer.php");
 require_once 'include/utils/CommonUtils.php';
 
 function sendmail($to,$from,$subject,$contents,$mail_server,$mail_server_username,$mail_server_password,$filename,$smtp_auth='')
 {
-  $mail = new PHPMailer();
+  $mail = new PHPMailer\PHPMailer\PHPMailer();
   $mail->Subject = $subject;
 	$mail->Body    = $contents;//"This is the HTML message body <b>in bold!</b>";
 

data/CRMEntity.php

@@ -28,12 +28,14 @@ require_once('include/utils/UserInfoUtil.php');
 require_once("include/Zend/Json.php");
 require_once 'include/RelatedListView.php';
 
+#[\AllowDynamicProperties]
 class CRMEntity {
 
 	var $ownedby;
 	var $recordSource = 'CRM';
 	var $mode;
 
+	public $moduleName;
 	/**
 	 * Detect if we are in bulk save mode, where some features can be turned-off
 	 * to improve performance.
@@ -158,7 +160,7 @@ class CRMEntity {
 	 */
 	function uploadAndSaveFile($id, $module, $file_details, $attachmentType='Attachment') {
 		global $log;
-		$log->debug("Entering into uploadAndSaveFile($id,$module,$file_details) method.");
+		$log->debug("Entering into uploadAndSaveFile($id,$module) method.");
 
 		global $adb, $current_user;
 		global $upload_badext;
@@ -268,6 +270,7 @@ class CRMEntity {
 
 		$ownerid = $this->column_fields['assigned_user_id'];
 		$groupid = $this->column_fields['group_id'];
+		$insertion_mode = $this->mode;
 
 		if (empty($groupid))
 			$groupid = 0;
@@ -408,6 +411,7 @@ class CRMEntity {
 		global $current_user, $app_strings;
 		$log->info("function insertIntoEntityTable " . $module . ' vtiger_table name ' . $table_name);
 		global $adb;
+		global $_FILES;
 		$insertion_mode = $this->mode;
         $table_name = Vtiger_Util_Helper::validateStringForSql($table_name);
 		$tablekey = $this->tab_name_index[$table_name];
@@ -570,7 +574,7 @@ class CRMEntity {
 					} else {
 						$fldvalue = $this->column_fields[$fieldname];
 					}
-				} elseif ($uitype == 7) {
+				} elseif ($uitype == 7 || $uitype == 9) {
 					//strip out the spaces and commas in numbers if given ie., in amounts there may be ,
 					$fldvalue = str_replace(",", "", $this->column_fields[$fieldname]); //trim($this->column_fields[$fieldname],",");
 					if (in_array($datatype, array('N', 'NN'))) {
@@ -598,7 +602,7 @@ class CRMEntity {
 						$fldvalue = decode_html($this->column_fields[$fieldname]);
 					}
 				} elseif ($uitype == 8) {
-					$this->column_fields[$fieldname] = rtrim($this->column_fields[$fieldname], ',');
+					$this->column_fields[$fieldname] = isset($this->column_fields[$fieldname]) ? rtrim($this->column_fields[$fieldname], ',') : '';
 					$ids = explode(',', $this->column_fields[$fieldname]);
 					$json = new Zend_Json();
 					$fldvalue = $json->encode($ids);
@@ -646,9 +650,9 @@ class CRMEntity {
 						if(php7_count($IMG_FILES)){
 							foreach($IMG_FILES as $fileIndex => $file) {
 								if($file['error'] == 0 && $file['name'] != '' && $file['size'] > 0) {
-									if($_REQUEST[$fileIndex.'_hidden'] != '')
-										$file['original_name'] = vtlib_purify($_REQUEST[$fileindex.'_hidden']);
-									else {
+									if(isset($_REQUEST[$fileIndex.'_hidden']) && $_REQUEST[$fileIndex.'_hidden'] != '') {
+										$file['original_name'] = vtlib_purify($_REQUEST[$fileIndex.'_hidden']);
+									} else {
 										$file['original_name'] = stripslashes($file['name']);
 									}
 									$file['original_name'] = str_replace('"','',$file['original_name']);
@@ -665,7 +669,7 @@ class CRMEntity {
 							$skipUpdateForField = true;
 						}
 					}
-					if (($insertion_mode == 'edit' && $skipUpdateForField == false) || $_REQUEST['imgDeleted']) {
+					if (($insertion_mode == 'edit' && $skipUpdateForField == false) || (isset($_REQUEST['imgDeleted']) && $_REQUEST['imgDeleted'])) {
 						$skipUpdateForField = false;
 						$uploadedFileNames = array();
 						$getImageNamesSql = 'SELECT name FROM vtiger_seattachmentsrel INNER JOIN vtiger_attachments ON
@@ -685,8 +689,8 @@ class CRMEntity {
 						$uploadedFileNames = array();
 						foreach($UPLOADED_FILES as $fileIndex => $file) {
 							if($file['error'] == 0 && $file['name'] != '' && $file['size'] > 0) {
-								if($_REQUEST[$fileindex.'_hidden'] != '') {
-									$file['original_name'] = vtlib_purify($_REQUEST[$fileindex.'_hidden']);
+								if(isset($_REQUEST[$fileIndex.'_hidden']) && $_REQUEST[$fileIndex.'_hidden'] != '') {
+									$file['original_name'] = vtlib_purify($_REQUEST[$fileIndex.'_hidden']);
 								} else {
 									$file['original_name'] = stripslashes($file['name']);
 								}
@@ -744,8 +748,12 @@ class CRMEntity {
 				$update = array();
 				$update_params = array();
 				foreach($changedFields as $field) {
+					if (!array_key_exists($field, $updateFieldNameColumnNameMap)) {
+						continue;
+					}
+
 					$fieldColumn = $updateFieldNameColumnNameMap[$field];
-					if(@array_key_exists($fieldColumn, $updateFieldValues)) {
+					if(array_key_exists($fieldColumn, $updateFieldValues)) {
 						array_push($update, $fieldColumn.'=?');
 						array_push($update_params, $updateFieldValues[$fieldColumn]);
 					}
@@ -951,6 +959,13 @@ class CRMEntity {
 					if (isset($resultrow[$fieldkey])) {
 						$fieldvalue = $resultrow[$fieldkey];
 					}
+
+					// load picklist value with umlatus with explict decoding
+					// required for field-value strict check during save.
+					if ($fieldinfo["uitype"] == 15 || $fieldinfo["uitype"] == 16) {
+						$fieldvalue = decode_html($fieldvalue);
+					}
+
 					$this->column_fields[$fieldinfo['fieldname']] = $fieldvalue;
 				}
 			}
@@ -979,7 +994,7 @@ class CRMEntity {
 
 		//Event triggering code
 		require_once("include/events/include.inc");
-
+		$em = null;
 		//In Bulk mode stop triggering events
 		if(!self::isBulkSaveMode()) {
 			$em = new VTEventsManager($adb);
@@ -2033,7 +2048,7 @@ class CRMEntity {
 	 */
 	function transferRelatedRecords($module, $transferEntityIds, $entityId) {
 		global $adb, $log;
-		$log->debug("Entering function transferRelatedRecords ($module, $transferEntityIds, $entityId)");
+		$log->debug("Entering function transferRelatedRecords ($module, ".implode(',',$transferEntityIds).", $entityId)");
 		foreach ($transferEntityIds as $transferId) {
 
 			// Pick the records related to the entity to be transfered, but do not pick the once which are already related to the current entity.
@@ -2422,7 +2437,7 @@ class CRMEntity {
 			$fields[] = $value;
 		}
 		$pritablename = $tables[0];
-		$sectablename = $tables[1];
+		$sectablename = isset($tables[1]) ? $tables[1] : '';
 		$prifieldname = $fields[0][0];
 		$secfieldname = $fields[0][1];
 		$tmpname = $pritablename . 'tmp' . $secmodule;
@@ -2462,7 +2477,7 @@ class CRMEntity {
 
 		$secQuery = 'SELECT '.$selectColumns.' '.$secQueryFrom;
 
-		$secQueryTempTableQuery = $queryPlanner->registerTempTable($secQuery, array($column_name, $fields[1], $prifieldname),$secmodule);
+		$secQueryTempTableQuery = $queryPlanner->registerTempTable($secQuery, array($column_name, isset($fields[1]) ? $fields[1] : '', $prifieldname),$secmodule);
 
 		$query = '';
 		if ($pritablename == 'vtiger_crmentityrel') {
@@ -2779,7 +2794,7 @@ class CRMEntity {
 	 * @param <type> $userGroups
 	 */
 	function getNonAdminUserGroupAccessQuery($userGroups) {
-		$query .= " UNION (SELECT groupid FROM vtiger_groups WHERE groupid IN (".implode(",", $userGroups)."))";
+		$query = " UNION (SELECT groupid FROM vtiger_groups WHERE groupid IN (".implode(",", $userGroups)."))";
 		return $query;
 	}
 
@@ -2792,7 +2807,7 @@ class CRMEntity {
 		require('user_privileges/sharing_privileges_' . $user->id . '.php');
 		$tabId = getTabid($module);
 		$sharingRuleInfoVariable = $module . '_share_read_permission';
-		$sharingRuleInfo = $$sharingRuleInfoVariable;
+		$sharingRuleInfo = isset($$sharingRuleInfoVariable) ? $$sharingRuleInfoVariable : array();
 		$sharedTabId = null;
 		$query = '';
 		if (!empty($sharingRuleInfo) && (php7_count($sharingRuleInfo['ROLE']) > 0 ||
@@ -2998,9 +3013,11 @@ class CRMEntity {
 	 * @param <String> $selectedColumns
 	 * @param <Boolean> $ignoreEmpty
 	 * @param <Array> $requiredTables
+	 * @param <Array> $columnTypes
 	 * @return string
 	 */
-	function getQueryForDuplicates($module, $tableColumns, $selectedColumns = '', $ignoreEmpty = false,$requiredTables = array()) {
+	function getQueryForDuplicates($module, $tableColumns, $selectedColumns = '', $ignoreEmpty = false,$requiredTables = array(),$columnTypes = null) {
+		$query='';
 		if(is_array($tableColumns)) {
 			$tableColumnsString = implode(',', $tableColumns);
 		}
@@ -3030,7 +3047,11 @@ class CRMEntity {
 
 		if($ignoreEmpty) {
 			foreach($tableColumns as $tableColumn){
-				$whereClause .= " AND ($tableColumn IS NOT NULL AND $tableColumn != '') ";
+				if ($columnTypes && ($columnTypes[$tableColumn] == "date" || $columnTypes[$tableColumn] == "datetime")) {
+					$whereClause .= " AND ($tableColumn IS NOT NULL) ";	
+				} else {
+					$whereClause .= " AND ($tableColumn IS NOT NULL AND $tableColumn != '') ";
+				}
 			}
 		}
 
@@ -3047,6 +3068,7 @@ class CRMEntity {
 		}
 
 		$i = 1;
+		$duplicateCheckClause='';
 		foreach($tableColumns as $tableColumn){
 			$tableInfo = explode('.', $tableColumn);
 			$duplicateCheckClause .= " ifnull($tableColumn,'null') = ifnull(temp.$tableInfo[1],'null')";
@@ -3111,6 +3133,7 @@ class CRMEntity {
 	}
 }
 
+#[\AllowDynamicProperties]
 class TrackableObject implements ArrayAccess, IteratorAggregate {
 	private $storage;
 	private $trackingEnabled = true;
@@ -3120,12 +3143,14 @@ class TrackableObject implements ArrayAccess, IteratorAggregate {
 		$this->storage = $value;
 	}
 
+	#[\ReturnTypeWillChange]
 	function offsetExists($key) {
 		return isset($this->storage[$key]) || array_key_exists($key, $this->storage);
 	}
 
+	#[\ReturnTypeWillChange]
 	function offsetSet($key, $value) {
-            if(is_array($value)) $value = empty($value) ? "" : $value[0];
+		if(is_array($value)) $value = empty($value) ? "" : (array_key_exists(0, $value) ? $value[0] : ""); //it is an associative (if array without a key 0) modified to prevent warning of Undefined array key 0 .
 		if($this->tracking && $this->trackingEnabled) {
 			$olderValue = $this->offsetGet($key);
 			// decode_html only expects string
@@ -3138,14 +3163,17 @@ class TrackableObject implements ArrayAccess, IteratorAggregate {
 		$this->storage[$key] = $value;
 	}
 
+	#[\ReturnTypeWillChange]
 	public function offsetUnset($key) {
 		unset($this->storage[$key]);
 	}
 
+	#[\ReturnTypeWillChange]
 	public function offsetGet($key) {
 		return isset($this->storage[$key]) || array_key_exists($key, $this->storage) ? $this->storage[$key] : null;
 	}
 
+	#[\ReturnTypeWillChange]
 	public function getIterator() {
 		$iterator = new ArrayObject($this->storage);
 		return $iterator->getIterator();

data/VTEntityDelta.php

@@ -92,12 +92,12 @@ class VTEntityDelta extends VTEventHandler {
 
 	function getOldValue($moduleName, $recordId, $fieldName) {
 		$entityDelta = self::$entityDelta[$moduleName][$recordId];
-		return $entityDelta[$fieldName]['oldValue'];
+		return isset($entityDelta[$fieldName]['oldValue']) ? $entityDelta[$fieldName]['oldValue'] : "";
 	}
 
 	function getCurrentValue($moduleName, $recordId, $fieldName) {
 		$entityDelta = self::$entityDelta[$moduleName][$recordId];
-		return $entityDelta[$fieldName]['currentValue'];
+		return isset($entityDelta[$fieldName]['currentValue']) ? $entityDelta[$fieldName]['currentValue'] : "";
 	}
 
 	function getOldEntity($moduleName, $recordId) {
@@ -109,19 +109,25 @@ class VTEntityDelta extends VTEventHandler {
 	}
 	
 	function hasChanged($moduleName, $recordId, $fieldName, $fieldValue = NULL) {
+		$result = false;
 		if(empty(self::$oldEntity[$moduleName][$recordId])) {
 			return false;
 		}
+		if (!array_key_exists($fieldName, self::$entityDelta[$moduleName][$recordId])) {
+			return false;
+		}
 		$fieldDelta = self::$entityDelta[$moduleName][$recordId][$fieldName];
 		if(is_array($fieldDelta)) {
 			$fieldDelta = array_map('decode_html', $fieldDelta);
 		}
-		$result = $fieldDelta['oldValue'] != $fieldDelta['currentValue'];
+		if(isset($fieldDelta['oldValue']) && isset($fieldDelta['currentValue'])) {
+			$result = $fieldDelta['oldValue'] != $fieldDelta['currentValue'];
+		}
 		if ($fieldValue !== NULL) {
 			$result = $result && ($fieldDelta['currentValue'] === $fieldValue);
 		}
 		return $result;
+		}
+	
 	}
-
-}
-?>
+?>
\ No newline at end of file

include/ComboStrings.php

@@ -355,8 +355,7 @@ $combo_strings = Array(
 );
 
 require_once('modules/Users/UserTimeZonesArray.php');
-$usertimezonesClass = new UserTimeZones();
-$arrayOfSupportedTimeZones = $usertimezonesClass->userTimeZones();
+$arrayOfSupportedTimeZones = UserTimeZones::getAll();
 $combo_strings['time_zone_dom'] = array_combine($arrayOfSupportedTimeZones,$arrayOfSupportedTimeZones);
 
 ?>

include/InventoryPDFController.php

@@ -17,7 +17,7 @@ include_once 'vtlib/Vtiger/PDF/inventory/ContentViewer2.php';
 include_once 'vtlib/Vtiger/PDF/viewers/PagerViewer.php';
 include_once 'vtlib/Vtiger/PDF/PDFGenerator.php';
 include_once 'data/CRMEntity.php';
-
+#[\AllowDynamicProperties]
 class Vtiger_InventoryPDFController {
 
 	protected $module;
@@ -114,7 +114,7 @@ class Vtiger_InventoryPDFController {
 			$taxable_total = number_format($taxable_total, $no_of_decimal_places,'.','');
 			$producttotal = $taxable_total;
 			if($this->focus->column_fields["hdnTaxType"] == "individual") {
-				for($tax_count=0;$tax_count<php7_count($productLineItem['taxes']);$tax_count++) {
+				foreach($productLineItem['taxes'] as $tax_count => $productLinetItemTaxInfo) {
 					$tax_percent = $productLineItem['taxes'][$tax_count]['percentage'];
 					$total_tax_percent += $tax_percent;
 					$tax_amount = (($taxable_total*$tax_percent)/100);
@@ -131,7 +131,7 @@ class Vtiger_InventoryPDFController {
 			$discountPercentage = $productLineItem["discount_percent{$productLineItemIndex}"];
 			$productName = decode_html($productLineItem["productName{$productLineItemIndex}"]);
 			//get the sub product
-			$subProducts = $productLineItem["subProductArray{$productLineItemIndex}"];
+			$subProducts = isset($productLineItem["subProductArray{$productLineItemIndex}"]) ? $productLineItem["subProductArray{$productLineItemIndex}"] : "";
 			if($subProducts != '') {
 				foreach($subProducts as $subProduct) {
 					$productName .="\n"." - ".decode_html($subProduct);
@@ -201,14 +201,14 @@ class Vtiger_InventoryPDFController {
 		//To calculate the group tax amount
 		if($final_details['taxtype'] == 'group') {
 			$group_tax_details = $final_details['taxes'];
-			for($i=0;$i<php7_count($group_tax_details);$i++) {
-				$group_total_tax_percent += $group_tax_details[$i]['percentage'];
+			foreach($group_tax_details as $i => $group_tax_info) {
+				$group_total_tax_percent += isset($group_tax_details[$i]['percentage']) ? $group_tax_details[$i]['percentage'] : 0.00;
 			}
 			$summaryModel->set(getTranslatedString("Tax:", $this->moduleName)."($group_total_tax_percent%)", $this->formatPrice($final_details['tax_totalamount']));
 		}
 		//Shipping & Handling taxes
 		$sh_tax_details = $final_details['sh_taxes'];
-		for($i=0;$i<php7_count($sh_tax_details);$i++) {
+		foreach($sh_tax_details as $i => $sh_tax_info) {
 			$sh_tax_percent = $sh_tax_percent + $sh_tax_details[$i]['percentage'];
 		}
 		//obtain the Currency Symbol
@@ -429,4 +429,4 @@ class Vtiger_InventoryPDFController {
 	}
 
 }
-?>
+?>
\ No newline at end of file

include/ListView/ListViewController.php

@@ -273,7 +273,7 @@ class ListViewController {
 				}
 
 				if(in_array($uitype,array(15,33,16))){
-					$value = html_entity_decode($rawValue,ENT_QUOTES,$default_charset); 
+					$value = isset($rawValue) ? html_entity_decode($rawValue,ENT_QUOTES,$default_charset) : ''; 
 				} else { 
 					$value = $rawValue; 
 				}
@@ -464,7 +464,7 @@ class ListViewController {
 					if(php7_count($moduleList) == 1) {
 						$parentModule = $moduleList[0];
 					} else {
-						$parentModule = $this->typeList[$value];
+						$parentModule = isset($this->typeList[$value]) ? $this->typeList[$value] : '';
 					}
 					if(!empty($value) && !empty($this->nameList[$fieldName]) && !empty($parentModule)) {
 						$parentMeta = $this->queryGenerator->getMeta($parentModule);

include/ListView/ListViewSession.php

@@ -75,6 +75,8 @@ class ListViewSession {
 		}
 		$cv = new CustomView();
 		$viewId = $cv->getViewId($currentModule);
+		$recordNavigationInfo = array();
+		$searchKey = array();
 		if(!empty($_SESSION[$currentModule.'_DetailView_Navigation'.$viewId])){
 			$recordNavigationInfo = Zend_Json::decode($_SESSION[$currentModule.'_DetailView_Navigation'.$viewId]);
 			$pageNumber =0;
@@ -103,7 +105,7 @@ class ListViewSession {
 			}
 		}
 
-		$list_query = $_SESSION[$currentModule.'_listquery'];
+		$list_query = isset($_SESSION[$currentModule.'_listquery'])?$_SESSION[$currentModule.'_listquery']:'';
 
 		if($reUseData === false && !empty($list_query)){
 			$recordNavigationInfo = array();
@@ -166,7 +168,7 @@ class ListViewSession {
 			$recordNavigationInfo = array();
 			if($searchKey !== false){
 				foreach ($navigationRecordList as $index => $recordId) {
-					if(!is_array($recordNavigationInfo[$current])){
+					if(!isset($recordNavigationInfo[$current])){
 						$recordNavigationInfo[$current] = array();
 					}
 					if($index == $firstPageRecordCount  || $index == ($firstPageRecordCount+$pageCount * $list_max_entries_per_page)){
@@ -248,4 +250,4 @@ class ListViewSession {
 		}
 	}
 }
-?>
+?>
\ No newline at end of file

include/QueryGenerator/EnhancedQueryGenerator.php

@@ -90,6 +90,7 @@ class EnhancedQueryGenerator extends QueryGenerator {
 		$dateSpecificConditions = $customView->getStdFilterConditions();
 		$specialDateTimeConditions = Vtiger_Functions::getSpecialDateTimeCondtions();
 		foreach ($advFilterList as $groupindex => $groupcolumns) {
+			if(! $groupcolumns)continue;
 			$filtercolumns = $groupcolumns['columns'];
 			if (php7_count($filtercolumns) > 0) {
 				$this->startGroup('');
@@ -196,7 +197,7 @@ class EnhancedQueryGenerator extends QueryGenerator {
 					}
 				}
 				$this->endGroup();
-				$groupConditionGlue = $groupcolumns['condition'];
+				$groupConditionGlue = isset($groupcolumns['condition']) ? $groupcolumns['condition'] : "";
 				if ($groupConditionGlue) {
 					$this->addConditionGlue($groupConditionGlue);
 				}
@@ -578,7 +579,7 @@ class EnhancedQueryGenerator extends QueryGenerator {
 
 		foreach ($tableJoinCondition as $fieldName => $conditionInfo) {
 			foreach ($conditionInfo as $tableName => $condition) {
-				if ($tableList[$tableName]) {
+				if (isset($tableList[$tableName])) {
 					$tableNameAlias = $tableName.'2';
 					$condition = str_replace($tableName, $tableNameAlias, $condition);
 				} else {

include/QueryGenerator/QueryGenerator.php

@@ -19,6 +19,7 @@ require_once 'include/Webservices/RelatedModuleMeta.php';
  *
  * @author MAK
  */
+#[\AllowDynamicProperties]
 class QueryGenerator {
 	protected $module;
 	protected $customViewColumnList;
@@ -52,6 +53,7 @@ class QueryGenerator {
 	public static $AND = 'AND';
 	public static $OR = 'OR';
 	protected $customViewFields;
+	protected $referenceModuleField;
 	/**
 	 * Import Feature
 	 */
@@ -762,7 +764,13 @@ class QueryGenerator {
 								$columnList[] = "$referenceTable.$column";
 							}
 							if(php7_count($columnList) > 1) {
-								$columnSql = getSqlForNameInDisplayFormat(array('first_name'=>$columnList[0],'last_name'=>$columnList[1]),'Users');
+								if ($module == "Users") {
+									// Special case
+									$columnSql = getSqlForNameInDisplayFormat(array('first_name'=>$columnList[0],'last_name'=>$columnList[1]),'Users');
+								} else {
+									// Leads or contacts
+									$columnSql = getSqlForNameInDisplayFormat(array('firstname'=>$columnList[0],'lastname'=>$columnList[1]), $module);
+								}
 							} else {
 								$columnSql = implode('', $columnList);
 							}
@@ -1332,7 +1340,7 @@ class QueryGenerator {
 
 	public function addUserSearchConditions($input) {
 		global $log,$default_charset;
-		if($input['searchtype']=='advance') {
+		if(isset($input['searchtype']) && $input['searchtype']=='advance') {
 
 			$json = new Zend_Json();
 			$advft_criteria = $_REQUEST['advft_criteria'];
@@ -1379,7 +1387,7 @@ class QueryGenerator {
 				}
 			}
 			$this->endGroup();
-		} elseif($input['type']=='dbrd') {
+		} elseif(isset($input['type']) && $input['type']=='dbrd') {
 			if($this->conditionInstanceCount > 0) {
 				$this->startGroup(self::$AND);
 			} else {

include/Webservices/ConvertLead.php

@@ -145,18 +145,25 @@ function vtws_convertlead($entityvalues, $user) {
 
 
 	try {
-		$accountIdComponents = vtws_getIdComponents($entityIds['Accounts']);
-		$accountId = $accountIdComponents[1];
-
-		$contactIdComponents = vtws_getIdComponents($entityIds['Contacts']);
-		$contactId = $contactIdComponents[1];
-
-		if(!empty($entityIds['Potentials'])){
+		$accountId = null;
+		if (isset($entityIds['Accounts']) && $entityIds['Accounts']) {
+			$accountIdComponents = vtws_getIdComponents($entityIds['Accounts']);
+			$accountId = $accountIdComponents[1];
+		}
+		
+		$contactId = null;		
+		if (isset($entityIds['Contacts']) && $entityIds['Contacts']) {
+			$contactIdComponents = vtws_getIdComponents($entityIds['Contacts']);
+			$contactId = $contactIdComponents[1];
+		}
+		
+		$potentialId = null;
+		if(isset($entityIds['Potentials']) && $entityIds['Potentials']){
 			$potentialIdComponents = vtws_getIdComponents($entityIds['Potentials']);
 			$potentialId = $potentialIdComponents[1];
 		}
 
-		if (!empty($accountId) && !empty($contactId) && !empty($potentialId)) {
+		if (!empty($contactId) && !empty($potentialId)) {
 			$sql = "insert into vtiger_contpotentialrel values(?,?)";
 			$result = $adb->pquery($sql, array($contactId, $potentialId));
 			if ($result === false) {

include/Webservices/Create.php

@@ -64,7 +64,7 @@ function vtws_create($elementType, $element, $user) {
 				throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED,
 						"Permission to access reference type is denied" . $referenceObject->getEntityName());
 			}
-		} else if ($element[$fieldName] !== NULL) {
+		} else if (array_key_exists($fieldName, $element) && $element[$fieldName] !== NULL) {
 			unset($element[$fieldName]);
 		}
 	}
@@ -88,4 +88,4 @@ function vtws_create($elementType, $element, $user) {
 		return null;
 	}
 }
-?>
+?>
\ No newline at end of file

include/Webservices/DataTransform.php

@@ -39,7 +39,7 @@
 		}
 
 		static function filterAndSanitize($row,$meta){
-			$recordLabel = $row['label'];
+			$recordLabel = isset($row['label']) ? $row['label'] :"";
 			$row = DataTransform::filterAllColumns($row,$meta);
 			$row = DataTransform::sanitizeData($row,$meta);
 			if(!empty($recordLabel)){
@@ -103,7 +103,7 @@
 			}
 			$references = $meta->getReferenceFieldDetails();
 			foreach($references as $field=>$typeList){
-				if(strpos($row[$field],'x')!==false){
+				if(isset($row[$field]) && strpos($row[$field],'x')!==false){
 					$row[$field] = vtws_getIdComponents($row[$field]);
 					$row[$field] = $row[$field][1];
 				}
@@ -130,7 +130,7 @@
 					}
 				}
 			}
-			if($row["id"]){
+			if(isset($row["id"]) && $row["id"]){
 				unset($row["id"]);
 			}
 			if(isset($row[$meta->getObectIndexColumn()])){
@@ -139,6 +139,7 @@
 
 			$row = DataTransform::sanitizeDateFieldsForInsert($row,$meta);
 			$row = DataTransform::sanitizeCurrencyFieldsForInsert($row,$meta);
+			$row = DataTransform::sanitizeStringFields($row,$meta);
 
 			// New field added to store Source of Created Record
 			if (!isset($row['source'])) {
@@ -156,7 +157,7 @@
 			$allFields = $meta->getFieldColumnMapping();
 			$newRow = array();
 			foreach($allFields as $field=>$col){
-				$newRow[$field] = $row[$field];
+				$newRow[$field] = isset($row[$field]) ? $row[$field] : null;
 			}
 			if(isset($row[$recordString])){
 				$newRow[$recordString] = $row[$recordString];
@@ -187,7 +188,7 @@
 			}
 
 			if(!isset($row['id'])){
-				if($row[$meta->getObectIndexColumn()] ){
+				if(isset($row[$meta->getObectIndexColumn()] )){
 					$row['id'] = vtws_getId($meta->getEntityId(),$row[$meta->getObectIndexColumn()]);
 				}else{
 					//TODO Handle this.
@@ -198,7 +199,7 @@
 			}
 
 			foreach ($row as $field => $value) {
-				$row[$field] = html_entity_decode($value, ENT_QUOTES, $default_charset);
+				$row[$field] = $value ? html_entity_decode($value, ENT_QUOTES, $default_charset) : $value;
 			}
 			return $row;
 		}
@@ -211,11 +212,11 @@
 					continue;
 				}
 				if(strtolower($meta->getEntityName()) == "emails"){
-					if(isset($row['parent_id'])){
+					if (isset($row['parent_id']) && $row['parent_id'] !== null && strpos($row['parent_id'], '@') !== false) {					
 						list($row['parent_id'], $fieldId) = explode('@', $row['parent_id']);
 					}
 				}
-				if($row[$field]){
+				if(isset($row[$field]) && $row[$field]){
 					$found = false;
 					foreach ($typeList as $entity) {
 						$webserviceObject = VtigerWebserviceObject::fromName($adb,$entity);
@@ -273,7 +274,7 @@
             foreach ($moduleFields as $fieldName => $fieldObj) {
                 if (in_array($fieldObj->getUIType(), $supportedUITypes)) {
                     //while doing retrieve operation we have record_id and on query operation we have id.
-                    $id = $row['record_id'] ? $row['record_id'] : $row['id'];
+                    $id = isset($row['record_id']) ? $row['record_id'] : (isset($row['id']) ? $row['id'] : null);
                     $ids = Vtiger_Functions::getAttachmentIds($id, $meta->getEntityId());
                 if($ids) {
                         foreach($ids as $id){
@@ -315,7 +316,7 @@
 							$row[$fieldName."_raw"] = $row[$fieldName];
 							$row[$fieldName] = CurrencyField::convertToUserFormat($row[$fieldName],$current_user);
 						} else if($fieldObj->getUIType() == '72') {
-							$currencyConversionRate = $row['conversion_rate'];
+							$currencyConversionRate = isset($row['conversion_rate']) ? $row['conversion_rate'] : 0;
 							if (!empty($currencyConversionRate)) {
 								$rawBaseCurrencyValue = CurrencyField::convertToDollar($row[$fieldName], $currencyConversionRate);
 								$row[$fieldName."_raw"] = $rawBaseCurrencyValue;
@@ -332,5 +333,16 @@
 			}
 			return $row;
 		}
+
+		static function sanitizeStringFields($row,$meta){
+			if(in_array($meta->getEntityName(),array('Groups', 'Currency', 'Tax', 'ProductTaxes'))){
+				foreach ($row as $field => $value) {
+					if(is_string($value)){
+						$row[$field] = vtlib_purify($value);
+					}
+				}
+			}
+			return $row;
+		}
 	}	
 ?>

include/Webservices/EntityMeta.php

@@ -8,6 +8,7 @@
  * All Rights Reserved.
  *************************************************************************************/
 
+#[\AllowDynamicProperties]
 abstract class EntityMeta{
 	
 	public static $RETRIEVE = "DetailView";
@@ -276,4 +277,4 @@ abstract class EntityMeta{
 	abstract public function getName($webserviceId);
 	abstract public function isModuleEntity();
 }
-?>
+?>
\ No newline at end of file