data/Tracker.php

@@ -44,14 +44,21 @@ class Tracker {
         "item_id",
         "item_summary"
     );
-
-    function Tracker()
+	function __construct()
     {
-        $this->log = LoggerManager::getLogger('Tracker');
-	// $this->db = PearDatabase::getInstance();
-	global $adb;
+        $this->log = Logger::getLogger('Tracker');
+		// $this->db = PearDatabase::getInstance();
+		global $adb;
         $this->db = $adb;
     }
+    function Tracker()
+    {
+		
+		// PHP4-style constructor.
+        // This will NOT be invoked, unless a sub-class that extends `foo` calls it.
+        // In that case, call the new-style constructor to keep compatibility.
+        self::__construct();
+    }
 
     /**
      * Add this new item to the vtiger_tracker vtiger_table.  If there are too many items (global config for now)
@@ -84,7 +91,7 @@ $log->info("in  track view method ".$current_module);
 			 $fl = array();
 			 foreach($fieldlists as $w => $c)
 			 {
-				 if (count($fl))
+				 if (php7_count($fl))
 				 	$fl[] = "' '";
 				 $fl[] = $c;
 			 }
@@ -137,7 +144,7 @@ $log->info("in  track view method ".$current_module);
 
 
             // If the module was not specified or the module matches the module of the row, add the row to the list
-            if($module_name == "" || $row[module_name] == $module_name)
+            if($module_name == "" || $row["module_name"] == $module_name)
             {
 		//Adding Security check
 		require_once('include/utils/utils.php');

data/VTEntityDelta.php

@@ -75,8 +75,8 @@ class VTEntityDelta extends VTEventHandler {
 				$isModified = true;
 			}
 			if($isModified) {
-				$delta[$fieldName] = array('oldValue' => $oldData[$fieldName],
-										'currentValue' => $newData[$fieldName]);
+				$delta[$fieldName] = array('oldValue' => isset($oldData[$fieldName])? $oldData[$fieldName] : null,
+										'currentValue' => $newData[$fieldName] );
 			}
 		}
 		self::$entityDelta[$moduleName][$recordId] = $delta;
@@ -92,12 +92,12 @@ class VTEntityDelta extends VTEventHandler {
 
 	function getOldValue($moduleName, $recordId, $fieldName) {
 		$entityDelta = self::$entityDelta[$moduleName][$recordId];
-		return $entityDelta[$fieldName]['oldValue'];
+		return isset($entityDelta[$fieldName]['oldValue']) ? $entityDelta[$fieldName]['oldValue'] : "";
 	}
 
 	function getCurrentValue($moduleName, $recordId, $fieldName) {
 		$entityDelta = self::$entityDelta[$moduleName][$recordId];
-		return $entityDelta[$fieldName]['currentValue'];
+		return isset($entityDelta[$fieldName]['currentValue']) ? $entityDelta[$fieldName]['currentValue'] : "";
 	}
 
 	function getOldEntity($moduleName, $recordId) {
@@ -109,19 +109,25 @@ class VTEntityDelta extends VTEventHandler {
 	}
 	
 	function hasChanged($moduleName, $recordId, $fieldName, $fieldValue = NULL) {
+		$result = false;
 		if(empty(self::$oldEntity[$moduleName][$recordId])) {
 			return false;
 		}
+		if (!array_key_exists($fieldName, self::$entityDelta[$moduleName][$recordId])) {
+			return false;
+		}
 		$fieldDelta = self::$entityDelta[$moduleName][$recordId][$fieldName];
 		if(is_array($fieldDelta)) {
 			$fieldDelta = array_map('decode_html', $fieldDelta);
 		}
-		$result = $fieldDelta['oldValue'] != $fieldDelta['currentValue'];
+		if(isset($fieldDelta['oldValue']) && isset($fieldDelta['currentValue'])) {
+			$result = $fieldDelta['oldValue'] != $fieldDelta['currentValue'];
+		}
 		if ($fieldValue !== NULL) {
 			$result = $result && ($fieldDelta['currentValue'] === $fieldValue);
 		}
 		return $result;
+		}
+	
 	}
-
-}
-?>
\ No newline at end of file
+?>

forgotPassword.php

@@ -34,7 +34,7 @@ if (isset($_REQUEST['username']) && isset($_REQUEST['emailId'])) {
 				'username' => $username,
 				'email' => $email,
 				'time' => $time,
-				'hash' => md5($username.$time)
+				'hash' => hash('sha256',$username.$time)
 			)
 		);
 		$trackURL = Vtiger_ShortURL_Helper::generateURL($options);
@@ -42,7 +42,7 @@ if (isset($_REQUEST['username']) && isset($_REQUEST['emailId'])) {
 						You recently requested a password reset for your VtigerCRM Open source Account.<br> 
 						To create a new password, click on the link <a target="_blank" href='.$trackURL.'>here</a>. 
 						<br><br> 
-						This request was made on '.date("Y-m-d H:i:s").' and will expire in next 24 hours.<br><br> 
+						This request was made on '.date("Y-m-d H:i:s").' and will expire in next 1 hour.<br><br> 
 						Regards,<br> 
 						VtigerCRM Open source Support Team.<br>';
 
@@ -54,6 +54,15 @@ if (isset($_REQUEST['username']) && isset($_REQUEST['emailId'])) {
 		$mail->Subject = $subject;
 		$mail->AddAddress($email);
 
+		// ensure default sender if not coming from outgoing server
+		if (!$mail->From) {
+			global $HELPDESK_SUPPORT_EMAIL_ID;
+			// use only when config val is valid
+			if (strpos($HELPDESK_SUPPORT_EMAIL_ID, "@") !== false) {
+				$mail->From = $HELPDESK_SUPPORT_EMAIL_ID;
+			}
+		}
+
 		$status = $mail->Send(true);
 		if ($status === 1 || $status === true) {
 			header('Location:  index.php?modules=Users&view=Login&mailStatus=success');

include/ChartUtils.php

@@ -40,7 +40,7 @@ Class ChartUtils {
 
 		$alts = array();
 		$temp = array();
-		for ($i = 0; $i < count($xaxisData); $i++) {
+		for ($i = 0; $i < php7_count($xaxisData); $i++) {
 			$name = html_entity_decode($xaxisData[$i], ENT_QUOTES, $default_charset);
 			$pos = substr_count($name, " ");
 			$alts[] = $name;
@@ -49,9 +49,9 @@ Class ChartUtils {
 				$name = substr($name, 0, 44);
 			if ($pos >= 2) {
 				$val = explode(" ", $name);
-				$n = count($val) - 1;
+				$n = php7_count($val) - 1;
 				$x = "";
-				for ($j = 0; $j < count($val); $j++) {
+				for ($j = 0; $j < php7_count($val); $j++) {
 					if ($j != $n) {
 						$x .=" " . $val[$j];
 					} else {
@@ -97,7 +97,7 @@ Class ChartUtils {
 			$fill = & Image_Graph::factory('gradient', array(IMAGE_GRAPH_GRAD_HORIZONTAL_MIRRORED, $color, 'white'));
 		}
 
-		for ($i = 0; $i < count($yaxisData); $i++) {
+		for ($i = 0; $i < php7_count($yaxisData); $i++) {
 			$x = 1 + $i;
 			if ($yaxisData[$i] >= $max)
 				$max = $yaxisData[$i];
@@ -125,7 +125,7 @@ Class ChartUtils {
 
 		//You can change the width of the bars if you like
 		if (!empty($xaxisData))
-			$bplot->setBarWidth($barwidth / count($xaxisData), "%");
+			$bplot->setBarWidth($barwidth / php7_count($xaxisData), "%");
 		//$bplot->setPadding(array('top'=>10));
 		$bplot->setBackground(Image_Graph::factory('gradient', array(IMAGE_GRAPH_GRAD_HORIZONTAL, 'white', 'white')));
 		$xaxis = & $plotarea->getAxis(IMAGE_GRAPH_AXIS_X);
@@ -165,7 +165,7 @@ Class ChartUtils {
 		// The fix the tick marks
 		$xaxis->setDataPreprocessor($array_data);
 		$xaxis->forceMinimum(0.5);
-		$xaxis->forceMaximum(0.5 + count($yaxisData));
+		$xaxis->forceMaximum(0.5 + php7_count($yaxisData));
 		if ($charttype == 'vertical')
 			$xaxis->setFontAngle('vertical');
 		$xaxis->setLabelInterval(1);
@@ -226,7 +226,7 @@ Class ChartUtils {
 
 		$alts = array();
 		$temp = array();
-		for ($i = 0; $i < count($xaxisData); $i++) {
+		for ($i = 0; $i < php7_count($xaxisData); $i++) {
 			$name = html_entity_decode($xaxisData[$i], ENT_QUOTES, $default_charset);
 			$pos = substr_count($name, " ");
 			$alts[] = $name;
@@ -235,9 +235,9 @@ Class ChartUtils {
 				$name = substr($name, 0, 34);
 			if ($pos >= 2) {
 				$val = explode(" ", $name);
-				$n = count($val) - 1;
+				$n = php7_count($val) - 1;
 				$x = "";
-				for ($j = 0; $j < count($val); $j++) {
+				for ($j = 0; $j < php7_count($val); $j++) {
 					if ($j != $n) {
 						$x .=" " . $val[$j];
 					} else {
@@ -269,15 +269,15 @@ Class ChartUtils {
 		// To create unique lables we need to keep track of lable name and its count
 		$uniquex = array();
 		// Generate colours
-		$colors = color_generator(count($yaxisData), '#33DDFF', '#3322FF');
+		$colors = color_generator(php7_count($yaxisData), '#33DDFF', '#3322FF');
 		$dataset = & Image_Graph::factory('dataset');
 		$fills = & Image_Graph::factory('Image_Graph_Fill_Array');
 		$sum = 0;
 		$pcvalues = array();
-		for ($i = 0; $i < count($yaxisData); $i++) {
+		for ($i = 0; $i < php7_count($yaxisData); $i++) {
 			$sum += $yaxisData[$i];
 		}
-		for ($i = 0; $i < count($yaxisData); $i++) {
+		for ($i = 0; $i < php7_count($yaxisData); $i++) {
 			// To have unique names even in case of duplicates let us add the id
 			$datalabel = $xaxisData[$i];
 			$xaxisData_appearance = $uniquex[$xaxisData[$i]];
@@ -363,14 +363,14 @@ Class ChartUtils {
 			}
 		}
 
-		if(is_array($restrictedModules) && count($restrictedModules) > 0) {
+		if(is_array($restrictedModules) && php7_count($restrictedModules) > 0) {
 			$ChartDataArray['error'] = "<h4>".getTranslatedString('LBL_NO_ACCESS', 'Reports').' - '.implode(',', $restrictedModules)."</h4>";
 			return $ChartDataArray;
 		}
 
 		if ($fieldDetails != '') {
 			list($tablename, $colname, $module_field, $fieldname, $single) = explode(":", $fieldDetails);
-			list($module, $field) = split("_", $module_field);
+			list($module, $field) = explode('_', $module_field);
 			$dateField = false;
 			if ($single == 'D') {
 				$dateField = true;
@@ -411,7 +411,7 @@ Class ChartUtils {
 						$groupByFields[] = "Null";
 				}
 				else if (in_array($fieldname, array_keys($referenceFields))) {
-					if (count($referenceFields[$fieldname]) > 1) {
+					if (php7_count($referenceFields[$fieldname]) > 1) {
 						$refenceModule = CustomReportUtils::getEntityTypeFromName($decodedGroupFieldValue, $referenceFields[$fieldname]);
 					}
 					else {
@@ -471,7 +471,7 @@ Class ChartUtils {
 				}
 			}
 		}
-		if(count($groupByFields) == 0) {
+		if(php7_count($groupByFields) == 0) {
 			$ChartDataArray['error'] = "<div class='componentName'>".getTranslatedString('LBL_NO_DATA', 'Reports')."</div";
 		}
 		$ChartDataArray['xaxisData'] = $groupByFields;

include/ComboStrings.php

@@ -355,8 +355,7 @@ $combo_strings = Array(
 );
 
 require_once('modules/Users/UserTimeZonesArray.php');
-$usertimezonesClass = new UserTimeZones();
-$arrayOfSupportedTimeZones = $usertimezonesClass->userTimeZones();
+$arrayOfSupportedTimeZones = UserTimeZones::getAll();
 $combo_strings['time_zone_dom'] = array_combine($arrayOfSupportedTimeZones,$arrayOfSupportedTimeZones);
 
 ?>

include/ComboUtil.php

@@ -31,7 +31,7 @@ function getComboArray($combofieldNames)
 		if(!is_admin($current_user))
 		{
 			$subrole = getRoleSubordinates($roleid);
-			if(count($subrole)> 0)
+			if(php7_count($subrole)> 0)
 			{
 				$roleids = $subrole;
 				array_push($roleids, $roleid);

include/InventoryPDFController.php

@@ -17,7 +17,7 @@ include_once 'vtlib/Vtiger/PDF/inventory/ContentViewer2.php';
 include_once 'vtlib/Vtiger/PDF/viewers/PagerViewer.php';
 include_once 'vtlib/Vtiger/PDF/PDFGenerator.php';
 include_once 'data/CRMEntity.php';
-
+#[\AllowDynamicProperties]
 class Vtiger_InventoryPDFController {
 
 	protected $module;
@@ -114,7 +114,7 @@ class Vtiger_InventoryPDFController {
 			$taxable_total = number_format($taxable_total, $no_of_decimal_places,'.','');
 			$producttotal = $taxable_total;
 			if($this->focus->column_fields["hdnTaxType"] == "individual") {
-				for($tax_count=0;$tax_count<count($productLineItem['taxes']);$tax_count++) {
+				foreach($productLineItem['taxes'] as $tax_count => $productLinetItemTaxInfo) {
 					$tax_percent = $productLineItem['taxes'][$tax_count]['percentage'];
 					$total_tax_percent += $tax_percent;
 					$tax_amount = (($taxable_total*$tax_percent)/100);
@@ -131,7 +131,7 @@ class Vtiger_InventoryPDFController {
 			$discountPercentage = $productLineItem["discount_percent{$productLineItemIndex}"];
 			$productName = decode_html($productLineItem["productName{$productLineItemIndex}"]);
 			//get the sub product
-			$subProducts = $productLineItem["subProductArray{$productLineItemIndex}"];
+			$subProducts = isset($productLineItem["subProductArray{$productLineItemIndex}"]) ? $productLineItem["subProductArray{$productLineItemIndex}"] : "";
 			if($subProducts != '') {
 				foreach($subProducts as $subProduct) {
 					$productName .="\n"." - ".decode_html($subProduct);
@@ -201,14 +201,14 @@ class Vtiger_InventoryPDFController {
 		//To calculate the group tax amount
 		if($final_details['taxtype'] == 'group') {
 			$group_tax_details = $final_details['taxes'];
-			for($i=0;$i<count($group_tax_details);$i++) {
-				$group_total_tax_percent += $group_tax_details[$i]['percentage'];
+			foreach($group_tax_details as $i => $group_tax_info) {
+				$group_total_tax_percent += isset($group_tax_details[$i]['percentage']) ? $group_tax_details[$i]['percentage'] : 0.00;
 			}
 			$summaryModel->set(getTranslatedString("Tax:", $this->moduleName)."($group_total_tax_percent%)", $this->formatPrice($final_details['tax_totalamount']));
 		}
 		//Shipping & Handling taxes
 		$sh_tax_details = $final_details['sh_taxes'];
-		for($i=0;$i<count($sh_tax_details);$i++) {
+		foreach($sh_tax_details as $i => $sh_tax_info) {
 			$sh_tax_percent = $sh_tax_percent + $sh_tax_details[$i]['percentage'];
 		}
 		//obtain the Currency Symbol
@@ -429,4 +429,4 @@ class Vtiger_InventoryPDFController {
 	}
 
 }
-?>
\ No newline at end of file
+?>

include/ListView/ListViewController.php

@@ -57,7 +57,7 @@ class ListViewController {
 		$isRoleBased = vtws_isRoleBasedPicklist($name);
 		$this->picklistRoleMap[$name] = $isRoleBased;
 		if ($this->picklistRoleMap[$name]) {
-			$this->picklistValueMap[$name] = getAssignedPicklistValues($name,$this->user->roleid, $this->db);
+			$this->picklistValueMap[$name] = getAllPickListValues($name,$this->user->roleid, $this->db);
 		}
 	}
 
@@ -67,9 +67,9 @@ class ListViewController {
 		$rowCount = $this->db->num_rows($result);
 
 		$columnName = $field->getColumnName();
-		if($field->referenceFieldName) {
+		if(isset($field->referenceFieldName) && $field->referenceFieldName) {
 			preg_match('/(\w+) ; \((\w+)\) (\w+)/', $field->referenceFieldName, $matches);
-			if (count($matches) != 0) {
+			if (php7_count($matches) != 0) {
 				list($full, $parentReferenceFieldName, $referenceModule, $referenceFieldName) = $matches;
 			}
 			$columnName = $parentReferenceFieldName.$referenceFieldName;
@@ -84,10 +84,10 @@ class ListViewController {
 		}
 
 		$idList = array_keys($idList);
-		if(count($idList) == 0) {
+		if(php7_count($idList) == 0) {
 			return;
 		}
-		if($parentReferenceFieldName) {
+		if(isset($parentReferenceFieldName) && $parentReferenceFieldName) {
 			$moduleList = $referenceFieldInfoList[$field->referenceFieldName];
 		} else {
 			$moduleList = $referenceFieldInfoList[$fieldName];
@@ -127,7 +127,7 @@ class ListViewController {
 		$fields = $this->queryGenerator->getFields(); 
 		$headerFields = array();
 		foreach($fields as $fieldName) {
-			if(array_key_exists($fieldName, $moduleFields)) {
+			if(is_array($moduleFields) && array_key_exists($fieldName, $moduleFields)) {
 				$headerFields[$fieldName] = $moduleFields[$fieldName];
 			}
 		}
@@ -142,7 +142,7 @@ class ListViewController {
 		$meta = $this->queryGenerator->getMeta($this->queryGenerator->getModule());
 		$baseModule = $module;
 		$moduleFields = $this->queryGenerator->getModuleFields();
-		$accessibleFieldList = array_keys($moduleFields);
+		$accessibleFieldList = is_array($moduleFields) ? array_keys($moduleFields) : array();
 		$listViewFields = array_intersect($fields, $accessibleFieldList);
 
 		$referenceFieldList = $this->queryGenerator->getReferenceFieldList();
@@ -166,7 +166,7 @@ class ListViewController {
 
 				//if the assigned to is related to the reference field
 				preg_match('/(\w+) ; \((\w+)\) (\w+)/', $fieldName, $matches);
-				if(count($matches) > 0) {
+				if(php7_count($matches) > 0) {
 					list($full, $referenceParentField, $module, $fieldName) = $matches;
 					$columnName = strtolower($referenceParentField.$fieldName);
 				} else {
@@ -179,8 +179,8 @@ class ListViewController {
 						$idList[] = $id;
 					}
 				}
-				if(count($idList) > 0) {
-					if(!is_array($this->ownerNameList[$fieldName])) {
+				if(php7_count($idList) > 0) {
+					if(isset($this->onwerNameList[$fieldName]) && !is_array($this->ownerNameList[$fieldName])) {
 						$this->ownerNameList[$fieldName] = getOwnerNameList($idList);
 					} else {
 						//array_merge API loses key information so need to merge the arrays
@@ -208,7 +208,7 @@ class ListViewController {
 		//performance optimization for uitype 61
 		$attachmentsCache = array();
 		$attachmentIds = array();
-		if(count($fileTypeFields)) {
+		if(php7_count($fileTypeFields)) {
 			foreach($fileTypeFields as $fileTypeField) {
 				for ($i = 0; $i < $rowCount; ++$i) {
 					$attachmentId = $db->query_result($result,$i,$fileTypeField);
@@ -216,7 +216,7 @@ class ListViewController {
 				}
 			}
 		}
-		if(count($attachmentIds)) {
+		if(php7_count($attachmentIds)) {
 			$getAttachmentsNamesSql = 'SELECT attachmentsid,name FROM vtiger_attachments WHERE attachmentsid IN (' . generateQuestionMarks($attachmentIds) . ')';
 			$attachmentNamesRes = $db->pquery($getAttachmentsNamesSql,$attachmentIds);
 			$attachmentNamesRowCount = $db->num_rows($attachmentNamesRes);
@@ -228,11 +228,16 @@ class ListViewController {
 		}
 
 		$moduleInstance = Vtiger_Module_Model::getInstance("PBXManager");
+                $outgoingCallPermission = false;
 		if($moduleInstance && $moduleInstance->isActive()) {
 			$outgoingCallPermission = PBXManager_Server_Model::checkPermissionForOutgoingCall();
 			$clickToCallLabel = vtranslate("LBL_CLICK_TO_CALL");
 		}
 
+		$emailModuleInstance = Vtiger_Module_Model::getInstance("Emails");
+		//checking the email module is active.
+		$isEmailModuleActive = $emailModuleInstance ? $emailModuleInstance->isActive() : false;
+
 		$data = array();
 		for ($i = 0; $i < $rowCount; ++$i) {
 			//Getting the recordId
@@ -255,7 +260,7 @@ class ListViewController {
 				$fieldDataType = $field->getFieldDataType();
 				// for reference fields read the value differently
 				preg_match('/(\w+) ; \((\w+)\) (\w+)/', $fieldName, $matches);
-				if(count($matches) > 0) {
+				if(php7_count($matches) > 0) {
 					list($full, $referenceParentField, $module, $fieldName) = $matches;
 					$matches = null;
 					$rawValue = $this->db->query_result($result, $i, strtolower($referenceParentField.$fieldName));
@@ -268,7 +273,7 @@ class ListViewController {
 				}
 
 				if(in_array($uitype,array(15,33,16))){
-					$value = html_entity_decode($rawValue,ENT_QUOTES,$default_charset); 
+					$value = isset($rawValue) ? html_entity_decode($rawValue,ENT_QUOTES,$default_charset) : ''; 
 				} else { 
 					$value = $rawValue; 
 				}
@@ -283,7 +288,7 @@ class ListViewController {
 					$fileIdRes = $db->pquery($fileIdQuery,array($recordId));
 					$fileId = $db->query_result($fileIdRes,0,'attachmentsid');
 					if($fileName != '' && $status == 1) {
-						if($downloadType == 'I' ) {
+						if($downloadType == 'I' && $fileId) {
 							$value = '<a href="index.php?module=Documents&action=DownloadFile&record='.$recordId.'&fileid='.$fileId.'"'.
 									' title="'.	getTranslatedString('LBL_DOWNLOAD_FILE',$module).
 									'" >'.textlength_check($value).
@@ -291,7 +296,7 @@ class ListViewController {
 						} elseif($downloadType == 'E') {
 							$value = '<a onclick="event.stopPropagation()"'.
 									' href="'.$fileName.'" target="_blank"'.
-									' title="'.	getTranslatedString('LBL_DOWNLOAD_FILE',$module).
+									' title="'.	getTranslatedString('LBL_DOWNLOAD_FILE',$module).	
 									'" >'.textlength_check($value).
 									'</a>';
 						} else {
@@ -300,7 +305,6 @@ class ListViewController {
 					} else{
 						$value = textlength_check($value);
 					}
-					$value = $fileicon.$value;
 				} elseif($module == 'Documents' && $fieldName == 'filesize') {
 					$downloadType = $db->query_result($result,$i,'filelocationtype');
 					if($downloadType == 'I') {
@@ -339,11 +343,6 @@ class ListViewController {
 					if($module == 'Calendar' && ($fieldName == 'taskstatus' || $fieldName == 'eventstatus' || $fieldName == 'activitytype')) {
 						$value = Vtiger_Language_Handler::getTranslatedString($value,$module);
 						$value = textlength_check($value);
-					}
-					else if ($value != '' && !$is_admin && $this->picklistRoleMap[$fieldName] &&
-							!in_array($value, $this->picklistValueMap[$fieldName]) && strtolower($value) != '--none--' && strtolower($value) != 'none' ) {
-						$value = "<font color='red'>". Vtiger_Language_Handler::getTranslatedString('LBL_NOT_ACCESSIBLE',
-								$module)."</font>";
 					} else {
 						$value =  Vtiger_Language_Handler::getTranslatedString($value,$module);
 						$value = textlength_check($value);
@@ -417,7 +416,8 @@ class ListViewController {
 					}
 				} elseif ($fieldDataType == 'email') {
 					global $current_user;
-					if($current_user->internal_mailer == 1){
+					// checking email module is active and internal mail composer is on
+					if($isEmailModuleActive && $current_user->internal_mailer == 1){
 						//check added for email link in user detailview
 						$value = "<a class='emailField' data-rawvalue=\"$rawValue\" onclick=\"Vtiger_Helper_Js.getInternalMailer($recordId,".
 						"'$fieldName','$module');\">".textlength_check($value)."</a>";
@@ -440,33 +440,7 @@ class ListViewController {
 				} elseif($field->getUIType() == 98) {
 					$value = '<a href="index.php?module=Roles&parent=Settings&view=Edit&record='.$value.'">'.textlength_check(getRoleName($value)).'</a>';
 				} elseif($fieldDataType == 'multipicklist') {
-					if(!$is_admin && $value != '') {
-						$valueArray = ($rawValue != "") ? explode(' |##| ',$rawValue) : array();
-						$notaccess = '<font color="red">'.getTranslatedString('LBL_NOT_ACCESSIBLE',
-								$module)."</font>";
-						$tmp = '';
-						$tmpArray = array();
-						foreach($valueArray as $index => $val) {
-							$val = decode_html($val);
-							if(!$listview_max_textlength ||
-									!(strlen(preg_replace("/(<\/?)(\w+)([^>]*>)/i","",$tmp)) >
-											$listview_max_textlength)) {
-								if (!$is_admin && $this->picklistRoleMap[$fieldName] &&
-										!in_array(trim($val), $this->picklistValueMap[$fieldName])) {
-									$tmpArray[] = $notaccess;
-									$tmp .= ', '.$notaccess;
-								} else {
-									$tmpArray[] = $val;
-									$tmp .= ', '.$val;
-								}
-							} else {
-								$tmpArray[] = '...';
-								$tmp .= '...';
-							}
-						}
-						$value = implode(', ', $tmpArray);
-						$value = textlength_check($value);
-					} else if ($value != '') {
+					if ($value != '') {
 						$moduleName = getTabModuleName($field->getTabId());
 						$value = explode(' |##| ', $value);
 						foreach ($value as $key => $val) {
@@ -487,10 +461,10 @@ class ListViewController {
 				} elseif($field->getFieldDataType() == 'reference') {
 					$referenceFieldInfoList = $this->queryGenerator->getReferenceFieldInfoList();
 					$moduleList = $referenceFieldInfoList[$fieldName];
-					if(count($moduleList) == 1) {
+					if(php7_count($moduleList) == 1) {
 						$parentModule = $moduleList[0];
 					} else {
-						$parentModule = $this->typeList[$value];
+						$parentModule = isset($this->typeList[$value]) ? $this->typeList[$value] : '';
 					}
 					if(!empty($value) && !empty($this->nameList[$fieldName]) && !empty($parentModule)) {
 						$parentMeta = $this->queryGenerator->getMeta($parentModule);
@@ -522,7 +496,7 @@ class ListViewController {
 					}
 				} elseif ( in_array($uitype,array(7,9,90)) ) {
 					$value = "<span align='right'>".textlength_check($value)."</span>";
-				} elseif($field && $field->isNameField) {
+				} elseif($field && isset($field->isNameField) && $field->isNameField) {
 					$value = "<a href='?module=$field->moduleName&view=Detail&".
 								"record=$recordId' title='".vtranslate($field->moduleName, $field->moduleName)."'>$value</a>";
 				} elseif($field->getUIType() == 61) {

include/ListView/ListViewSession.php

@@ -25,25 +25,31 @@ class ListViewSession {
  * Portions created by vtigerCRM are Copyright (C) vtigerCRM.
  * All Rights Reserved.
 */
-
-	function ListViewSession()
-	{
-		global $log,$currentModule;
+	function __construct()
+    {
+        global $log,$currentModule;
 		$log->debug("Entering ListViewSession() method ...");
 
 		$this->module = $currentModule;
 		$this->sortby = 'ASC';
 		$this->start =1;
+    }
+	function ListViewSession()
+	{
+		// PHP4-style constructor.
+        // This will NOT be invoked, unless a sub-class that extends `foo` calls it.
+        // In that case, call the new-style constructor to keep compatibility.
+        self::__construct();
 	}
 
-	function getCurrentPage($currentModule,$viewId){
+	public static function getCurrentPage($currentModule,$viewId){
 		if(!empty($_SESSION['lvs'][$currentModule][$viewId]['start'])){
 			return $_SESSION['lvs'][$currentModule][$viewId]['start'];
 		}
 		return 1;
 	}
 
-	function getRequestStartPage(){
+	public static function getRequestStartPage(){
 		$start = $_REQUEST['start'];
 		if(!is_numeric($start)){
 			$start = 1;
@@ -55,7 +61,7 @@ class ListViewSession {
 		return $start;
 	}
 
-	function getListViewNavigation($currentRecordId){
+	public static function getListViewNavigation($currentRecordId){
 		global $currentModule,$current_user,$adb,$log,$list_max_entries_per_page;
 		Zend_Json::$useBuiltinEncoderDecoder = true;
 		$reUseData = false;
@@ -69,10 +75,12 @@ class ListViewSession {
 		}
 		$cv = new CustomView();
 		$viewId = $cv->getViewId($currentModule);
+		$recordNavigationInfo = array();
+		$searchKey = array();
 		if(!empty($_SESSION[$currentModule.'_DetailView_Navigation'.$viewId])){
 			$recordNavigationInfo = Zend_Json::decode($_SESSION[$currentModule.'_DetailView_Navigation'.$viewId]);
 			$pageNumber =0;
-			if(count($recordNavigationInfo) == 1){
+			if(php7_count($recordNavigationInfo) == 1){
 				foreach ($recordNavigationInfo as $recordIdList) {
 					if(in_array($currentRecordId,$recordIdList)){
 						$reUseData = true;
@@ -86,18 +94,18 @@ class ListViewSession {
 						$recordList[] = $recordId;
 						$recordPageMapping[$recordId] = $start;
 						if($recordId == $currentRecordId){
-							$searchKey = count($recordList)-1;
+							$searchKey = php7_count($recordList)-1;
 							$_REQUEST['start'] = $start;
 						}
 					}
 				}
-				if($searchKey > $displayBufferRecordCount -1 && $searchKey < count($recordList)-$displayBufferRecordCount){
+				if($searchKey > $displayBufferRecordCount -1 && $searchKey < php7_count($recordList)-$displayBufferRecordCount){
 					$reUseData= true;
 				}
 			}
 		}
 
-		$list_query = $_SESSION[$currentModule.'_listquery'];
+		$list_query = isset($_SESSION[$currentModule.'_listquery'])?$_SESSION[$currentModule.'_listquery']:'';
 
 		if($reUseData === false && !empty($list_query)){
 			$recordNavigationInfo = array();
@@ -160,7 +168,7 @@ class ListViewSession {
 			$recordNavigationInfo = array();
 			if($searchKey !== false){
 				foreach ($navigationRecordList as $index => $recordId) {
-					if(!is_array($recordNavigationInfo[$current])){
+					if(!isset($recordNavigationInfo[$current])){
 						$recordNavigationInfo[$current] = array();
 					}
 					if($index == $firstPageRecordCount  || $index == ($firstPageRecordCount+$pageCount * $list_max_entries_per_page)){
@@ -176,7 +184,7 @@ class ListViewSession {
 		return $recordNavigationInfo;
 	}
 
-	function getRequestCurrentPage($currentModule, $query, $viewid, $queryMode = false) {
+	static function getRequestCurrentPage($currentModule, $query, $viewid, $queryMode = false) {
 		global $list_max_entries_per_page, $adb;
 		$start = 1;
 		if(isset($_REQUEST['query']) && $_REQUEST['query'] == 'true'&& $_REQUEST['start']!="last"){
@@ -206,7 +214,7 @@ class ListViewSession {
 		return $start;
 	}
 
-	function setSessionQuery($currentModule,$query,$viewid){
+	public static function setSessionQuery($currentModule,$query,$viewid){
 		if(isset($_SESSION[$currentModule.'_listquery'])){
 			if($_SESSION[$currentModule.'_listquery'] != $query){
 				unset($_SESSION[$currentModule.'_DetailView_Navigation'.$viewid]);
@@ -215,7 +223,7 @@ class ListViewSession {
 		$_SESSION[$currentModule.'_listquery'] = $query;
 	}
 
-	function hasViewChanged($currentModule) {
+	static function hasViewChanged($currentModule) {
 		if(empty($_SESSION['lvs'][$currentModule]['viewname'])) return true;
 		if(empty($_REQUEST['viewname'])) return false;
 		if($_REQUEST['viewname'] != $_SESSION['lvs'][$currentModule]['viewname']) return true;
@@ -242,4 +250,4 @@ class ListViewSession {
 		}
 	}
 }
-?>
\ No newline at end of file
+?>

include/ListView/RelatedListViewSession.php

@@ -23,13 +23,20 @@ class RelatedListViewSession {
 	var $sorder = null;
 	var $sortby = null;
 	var $page_view = null;
-
-	function RelatedListViewSession() {
-		global $log,$currentModule;
+	
+	function __construct()
+    {
+        global $log,$currentModule;
 		$log->debug("Entering RelatedListViewSession() method ...");
 
 		$this->module = $currentModule;
 		$this->start =1;
+    }
+	function RelatedListViewSession() {
+		// PHP4-style constructor.
+        // This will NOT be invoked, unless a sub-class that extends `foo` calls it.
+        // In that case, call the new-style constructor to keep compatibility.
+        self::__construct();
 	}
 
 	public static function addRelatedModuleToSession($relationId, $header) {

include/PopulateComboValues.php

@@ -31,7 +31,7 @@ class PopulateComboValues
 	function insertComboValues($values, $tableName,$picklistid)
 	{
 		global $log;
-		$log->debug("Entering insertComboValues(".$values.", ".$tableName.") method ...");
+        $tableName = Vtiger_Util_Helper::validateStringForSql($tableName);
 		global $adb;
 		//inserting the value in the vtiger_picklistvalues_seq for the getting uniqueID for each picklist values...
 		$i=0;
@@ -81,7 +81,7 @@ class PopulateComboValues
 				
 		global $app_list_strings,$adb;
 		global $combo_strings;
-		$comboRes = $adb->query("SELECT distinct fieldname FROM vtiger_field WHERE uitype IN ('15') OR fieldname = 'salutationtype' and vtiger_field.presence in (0,2)");
+		$comboRes = $adb->pquery("SELECT distinct fieldname FROM vtiger_field WHERE uitype IN ('15') OR fieldname = 'salutationtype' and vtiger_field.presence in (0,2)", array());
 		$noOfCombos = $adb->num_rows($comboRes);
 		for($i=0; $i<$noOfCombos; $i++)
 		{
@@ -124,7 +124,7 @@ class PopulateComboValues
 		global $app_list_strings,$adb;
 		global $combo_strings;
 		// uitype -> 16 - Non standard picklist, 115 - User status, 83 - Tax Class
-		$comboRes = $adb->query("SELECT distinct fieldname FROM vtiger_field WHERE uitype IN ('16','115','83') AND fieldname NOT IN ('hdnTaxType','email_flag') and vtiger_field.presence in (0,2)");
+		$comboRes = $adb->pquery("SELECT distinct fieldname FROM vtiger_field WHERE uitype IN ('16','115','83') AND fieldname NOT IN ('hdnTaxType','email_flag') and vtiger_field.presence in (0,2)", array());
 		$noOfCombos = $adb->num_rows($comboRes);
 		for($i=0; $i<$noOfCombos; $i++)
 		{
@@ -136,7 +136,6 @@ class PopulateComboValues
 	function insertNonPicklistValues($values, $tableName)
 	{
 		global $log;
-		$log->debug("Entering insertNonPicklistValues(".$values.", ".$tableName.") method ...");
 		global $adb;
 		$i=0;
 		foreach ($values as $val => $cal)

include/QueryGenerator/EnhancedQueryGenerator.php

@@ -32,7 +32,7 @@ class EnhancedQueryGenerator extends QueryGenerator {
 	}
 
 	public function getModuleFields() {
-		if ($this->moduleFields == null) {
+		if (!isset($this->moduleFields) || $this->moduleFields == null) {
 			$moduleFields = parent::getModuleFields();
 
 			//add reference fields also in the list
@@ -79,7 +79,7 @@ class EnhancedQueryGenerator extends QueryGenerator {
 			}
 			$this->moduleFields = $moduleFields;
 		}
-		return $this->moduleFields;
+		return isset($this->moduleFields) ? $this->moduleFields : null;
 	}
 
 	public function parseAdvFilterList($advFilterList, $glue = '') {
@@ -90,8 +90,9 @@ class EnhancedQueryGenerator extends QueryGenerator {
 		$dateSpecificConditions = $customView->getStdFilterConditions();
 		$specialDateTimeConditions = Vtiger_Functions::getSpecialDateTimeCondtions();
 		foreach ($advFilterList as $groupindex => $groupcolumns) {
+			if(! $groupcolumns)continue;
 			$filtercolumns = $groupcolumns['columns'];
-			if (count($filtercolumns) > 0) {
+			if (php7_count($filtercolumns) > 0) {
 				$this->startGroup('');
 				foreach ($filtercolumns as $index => $filter) {
 					//If comparator is "e" or "n" then do not escapeSqlString.
@@ -172,7 +173,7 @@ class EnhancedQueryGenerator extends QueryGenerator {
 						$value = array();
 						$value[] = $this->fixDateTimeValue($name, $date, true);
 						// Still fixDateTimeValue returns only date value, we need to append time because it is DT type
-						for ($i = 0; $i < count($value); $i++) {
+						for ($i = 0; $i < php7_count($value); $i++) {
 							$values = explode(' ', $value[$i]);
 							if ($values[1] == '') {
 								$values[1] = '00:00:00';
@@ -196,7 +197,7 @@ class EnhancedQueryGenerator extends QueryGenerator {
 					}
 				}
 				$this->endGroup();
-				$groupConditionGlue = $groupcolumns['condition'];
+				$groupConditionGlue = isset($groupcolumns['condition']) ? $groupcolumns['condition'] : "";
 				if ($groupConditionGlue) {
 					$this->addConditionGlue($groupConditionGlue);
 				}
@@ -219,7 +220,7 @@ class EnhancedQueryGenerator extends QueryGenerator {
 		if ($fieldObject && isset($fieldObject->referenceFieldName)) {
 			// if its a reference field then we need to add the fieldname to table name
 			preg_match('/(\w+) ; \((\w+)\) (\w+)/', $fieldObject->referenceFieldName, $matches);
-			if (count($matches) != 0) {
+			if (php7_count($matches) != 0) {
 				list($full, $referenceField, $referenceModule, $fieldname) = $matches;
 			}
 			$field = $fieldObject;
@@ -232,7 +233,7 @@ class EnhancedQueryGenerator extends QueryGenerator {
 	public function getSelectClauseColumnSQL() {
 		$columns = array();
 		$moduleFields = $this->getModuleFields();
-		$accessibleFieldList = array_keys($moduleFields);
+		$accessibleFieldList = is_array($moduleFields) ? array_keys($moduleFields) : array();
 
 		$moduleFields = $this->getModuleFields();
 
@@ -241,7 +242,7 @@ class EnhancedQueryGenerator extends QueryGenerator {
 		foreach ($this->fields as $field) {
 			// handle for reference field
 			preg_match('/(\w+) ; \((\w+)\) (\w+)/', $field, $matches);
-			if (count($matches) != 0) {
+			if (php7_count($matches) != 0) {
 				list($full, $referenceField, $referenceModule, $fieldname) = $matches;
 				$parentReferenceFieldModel = null;
 				$parentReferenceFieldModel = $moduleFields[$field];
@@ -311,7 +312,7 @@ class EnhancedQueryGenerator extends QueryGenerator {
 			$referenceParentFieldName = '';
 			// for reference field do not add the table names to the list
 			preg_match('/(\w+) ; \((\w+)\) (\w+)/', $fieldName, $matches);
-			if (count($matches) != 0) {
+			if (php7_count($matches) != 0) {
 				list($full, $referenceParentFieldName, $referenceModuleName, $fieldName) = $matches;
 			}
 
@@ -394,7 +395,7 @@ class EnhancedQueryGenerator extends QueryGenerator {
 			if (empty($fieldName))
 				continue;
 
-			$field = $moduleFields[$fieldName];
+			$field = isset($moduleFields) ? $moduleFields[$fieldName] : null;
 			if (empty($field))
 				continue; // not accessible field.
 
@@ -402,7 +403,7 @@ class EnhancedQueryGenerator extends QueryGenerator {
 			$referenceParentFieldName = '';
 			// for reference field do not add the table names to the list
 			preg_match('/(\w+) ; \((\w+)\) (\w+)/', $fieldName, $matches);
-			if (count($matches) != 0) {
+			if (php7_count($matches) != 0) {
 				list($full, $referenceParentFieldName, $referenceModuleName, $fieldName) = $matches;
 			}
 
@@ -531,7 +532,7 @@ class EnhancedQueryGenerator extends QueryGenerator {
 			$tableJoinMapping[$table] = 'INNER JOIN';
 		}
 		$ownerFields = $this->meta->getOwnerFields();
-		if (count($ownerFields) > 0) {
+		if (php7_count($ownerFields) > 0) {
 			$ownerField = $ownerFields[0];
 		}
 
@@ -578,7 +579,7 @@ class EnhancedQueryGenerator extends QueryGenerator {
 
 		foreach ($tableJoinCondition as $fieldName => $conditionInfo) {
 			foreach ($conditionInfo as $tableName => $condition) {
-				if ($tableList[$tableName]) {
+				if (isset($tableList[$tableName])) {
 					$tableNameAlias = $tableName.'2';
 					$condition = str_replace($tableName, $tableNameAlias, $condition);
 				} else {
@@ -623,11 +624,12 @@ class EnhancedQueryGenerator extends QueryGenerator {
 		foreach ($this->conditionals as $index => $conditionInfo) {
 			$parentReferenceField = '';
 			$baseFieldName = $fieldName = $conditionInfo['name'];
-			$field = $moduleFieldList[$fieldName];
+			$parentReferenceField = $referenceModule = '';
+			$field = isset($moduleFieldList) ? $moduleFieldList[$fieldName] : null;
 
 			// if its a reference field then we need to add the fieldname to table name
 			preg_match('/(\w+) ; \((\w+)\) (\w+)/', $baseFieldName, $matches);
-			if (count($matches) != 0) {
+			if (php7_count($matches) != 0) {
 				list($full, $parentReferenceField, $referenceModule, $fieldName) = $matches;
 			}
 
@@ -642,12 +644,12 @@ class EnhancedQueryGenerator extends QueryGenerator {
 			$operator = strtolower($conditionInfo['operator']);
 			if ($operator == 'between' && $this->isDateType($field->getFieldDataType())) {
 				$start = explode(' ', $conditionInfo['value'][0]);
-				if (count($start) == 2)
+				if (php7_count($start) == 2)
 					$conditionInfo['value'][0] = getValidDBInsertDateTimeValue($start[0].' '.$start[1]);
 
-				$end = explode(' ', $conditionInfo['values'][1]);
+				$end = explode(' ', $conditionInfo['value'][1]);
 				// Dates will be equal for Today, Tomorrow, Yesterday.
-				if (count($end) == 2) {
+				if (php7_count($end) == 2) {
 					if ($start[0] == $end[0]) {
 						$dateTime = new DateTime($conditionInfo['value'][0]);
 						$nextDay = $dateTime->modify('+1 days');
@@ -666,27 +668,36 @@ class EnhancedQueryGenerator extends QueryGenerator {
 			}
 			foreach ($valueSqlList as $valueSql) {
 				if (in_array($baseFieldName, $this->referenceFieldList)) {
-					if ($conditionInfo['operator'] == 'y') {
+                    			$trim = 'TRIM';
+					$moduleList = $this->referenceFieldInfoList[$baseFieldName];
+					if(in_array('Users', $moduleList)) {
+						$columnSqlTable = 'vtiger_users'.$parentReferenceField.$fieldName;
+						$columnSql = getSqlForNameInDisplayFormat(array('first_name'=>$columnSqlTable.'.first_name',
+																		'last_name'=>$columnSqlTable.'.last_name'),'Users');
+					} else if(in_array('DocumentFolders', $moduleList)) {
+						$columnSql = "vtiger_attachmentsfolder".$fieldName.".foldername";
+					} else if(in_array('Currency', $moduleList)) {
+						$columnSql = "vtiger_currency_info$parentReferenceField$fieldName.currency_name";
+						if($fieldName == 'currency_id' && is_numeric($conditionInfo['value'])){
+							$columnSql = "vtiger_currency_info$parentReferenceField$fieldName.id";
+						}
+					} else if ($baseFieldName == 'roleid'){
+						$columnSql = 'vtiger_role.rolename';
+					}else {
+                        			$trim = '';
+						$columnSql = 'vtiger_crmentity'.$parentReferenceField.$fieldName.'.label';
+					}
+					if($conditionInfo['operator'] == 'y' || ($conditionInfo['operator'] == 'e' && $valueSql == "= ''")) {
 						$columnName = $field->getColumnName();
 						// We are checking for zero since many reference fields will be set to 0 if it doest not have any value
-						$fieldSql .= "$fieldGlue $tableName.$columnName $valueSql OR $tableName.$columnName = '0'";
+						// We are checking for NULL as well since for custom relationships if the record is deleted the value will be retained and will not become 0
+						$fieldSql .= "$fieldGlue $trim($columnSql) IS NULL OR $tableName.$columnName $valueSql OR $tableName.$columnName = '0'";
 						$fieldGlue = ' OR';
-					} else {
-						$moduleList = $this->referenceFieldInfoList[$baseFieldName];
-						if (in_array('Users', $moduleList)) {
-							$columnSqlTable = 'vtiger_users'.$parentReferenceField.$fieldName;
-							$columnSql = getSqlForNameInDisplayFormat(array('first_name' => $columnSqlTable.'.first_name',
-								'last_name' => $columnSqlTable.'.last_name'), 'Users');
-						} else if (in_array('DocumentFolders', $moduleList)) {
-							$columnSql = "vtiger_attachmentsfolder".$fieldName.".foldername";
-						} else if (in_array('Currency', $moduleList)) {
-							$columnSql = "vtiger_currency_info$parentReferenceField$fieldName.currency_name";
-						} else if ($baseFieldName == 'roleid') {
-							$columnSql = 'vtiger_role.rolename';
-						} else {
-							$columnSql = 'vtiger_crmentity'.$parentReferenceField.$fieldName.'.label';
-						}
-						$fieldSql .= "$fieldGlue trim($columnSql) $valueSql";
+					} else if ($conditionInfo['operator'] == 'k' || $conditionInfo['operator'] == 'n') {
+						$fieldSql .= " $fieldGlue ( $trim($columnSql) $valueSql OR $trim($columnSql) IS NULL )";
+						$fieldGlue = 'OR';
+					} else{
+						$fieldSql .= "$fieldGlue $trim($columnSql) $valueSql";
 						$fieldGlue = ' OR';
 					}
 				} elseif (in_array($baseFieldName, $this->ownerFields)) {
@@ -715,8 +726,8 @@ class EnhancedQueryGenerator extends QueryGenerator {
 						$values = explode(',', $value);
 						$startDateValue = explode(' ', $values[0]);
 						$endDateValue = explode(' ', $values[1]);
-						if (count($startDateValue) == 2 && count($endDateValue) == 2) {
-							$fieldSql .= " CAST(CONCAT($dateFieldColumnName,' ',$timeFieldColumnName) AS DATETIME) $valueSql";
+						if (php7_count($startDateValue) == 2 && php7_count($endDateValue) == 2) {
+							$fieldSql .= " CONCAT($dateFieldColumnName,' ',$timeFieldColumnName) $valueSql";
 						} else {
 							$fieldSql .= "$dateFieldColumnName $valueSql";
 						}
@@ -725,8 +736,8 @@ class EnhancedQueryGenerator extends QueryGenerator {
 							$value = $value[0];
 						}
 						$values = explode(' ', $value);
-						if (count($values) == 2) {
-							$fieldSql .= "$fieldGlue CAST(CONCAT($dateFieldColumnName,' ',$timeFieldColumnName) AS DATETIME) $valueSql ";
+						if (php7_count($values) == 2) {
+							$fieldSql .= "$fieldGlue CONCAT($dateFieldColumnName,' ',$timeFieldColumnName) $valueSql ";
 						} else {
 							$fieldSql .= "$fieldGlue $dateFieldColumnName $valueSql";
 						}
@@ -867,7 +878,7 @@ class EnhancedQueryGenerator extends QueryGenerator {
 
 		$parentReferenceField = '';
 		preg_match('/(\w+) ; \((\w+)\) (\w+)/', $fieldName, $matches);
-		if (count($matches) != 0) {
+		if (php7_count($matches) != 0) {
 			list($full, $parentReferenceField, $referenceModule, $fieldName) = $matches;
 		}
 		if ($orderByFieldModel && $orderByFieldModel->getFieldDataType() == 'reference') {

include/QueryGenerator/QueryGenerator.php

@@ -19,6 +19,7 @@ require_once 'include/Webservices/RelatedModuleMeta.php';
  *
  * @author MAK
  */
+#[\AllowDynamicProperties]
 class QueryGenerator {
 	protected $module;
 	protected $customViewColumnList;
@@ -52,6 +53,7 @@ class QueryGenerator {
 	public static $AND = 'AND';
 	public static $OR = 'OR';
 	protected $customViewFields;
+	protected $referenceModuleField;
 	/**
 	 * Import Feature
 	 */
@@ -222,12 +224,12 @@ class QueryGenerator {
 				$this->addCondition($name, $value, 'BETWEEN');
 			}
 		}
-		if($this->conditionInstanceCount <= 0 && is_array($this->advFilterList) && count($this->advFilterList) > 0) {
+		if($this->conditionInstanceCount <= 0 && is_array($this->advFilterList) && php7_count($this->advFilterList) > 0) {
 			$this->startGroup('');
-		} elseif($this->conditionInstanceCount > 0 && is_array($this->advFilterList) && count($this->advFilterList) > 0) {
+		} elseif($this->conditionInstanceCount > 0 && is_array($this->advFilterList) && php7_count($this->advFilterList) > 0) {
 			$this->addConditionGlue(self::$AND);
 		}
-		if(is_array($this->advFilterList) && count($this->advFilterList) > 0) {
+		if(is_array($this->advFilterList) && php7_count($this->advFilterList) > 0) {
 			$this->parseAdvFilterList($this->advFilterList);
 		}
 		if($this->conditionInstanceCount > 0) {
@@ -242,7 +244,7 @@ class QueryGenerator {
 		$dateSpecificConditions = $customView->getStdFilterConditions();
 		foreach ($advFilterList as $groupindex=>$groupcolumns) {
 			$filtercolumns = $groupcolumns['columns'];
-			if(count($filtercolumns) > 0) {
+			if(php7_count($filtercolumns) > 0) {
 				$this->startGroup('');
 				foreach ($filtercolumns as $index=>$filter) {
 					$nameComponents = explode(':',$filter['columnname']);
@@ -316,7 +318,7 @@ class QueryGenerator {
 						$value = array();
 						$value[] = $this->fixDateTimeValue($name, $date, false);
 						// Still fixDateTimeValue returns only date value, we need to append time because it is DT type
-						for($i=0;$i<count($value);$i++){
+						for($i=0;$i<php7_count($value);$i++){
 							$values = explode(' ', $value[$i]);
 							if($values[1] == ''){
 								$values[1] = '00:00:00';
@@ -569,7 +571,7 @@ class QueryGenerator {
 			}
 		}
 		$ownerFields = $this->meta->getOwnerFields();
-		if (count($ownerFields) > 0) {
+		if (php7_count($ownerFields) > 0) {
 			$ownerField = $ownerFields[0];
 		}
 		$baseTable = $this->meta->getEntityBaseTable();
@@ -705,12 +707,12 @@ class QueryGenerator {
 			$operator = strtolower($conditionInfo['operator']);
 			if($operator == 'between' && $this->isDateType($field->getFieldDataType())){
 				$start = explode(' ', $conditionInfo['value'][0]);
-				if(count($start) == 2)
+				if(php7_count($start) == 2)
 					$conditionInfo['value'][0] = getValidDBInsertDateTimeValue($start[0].' '.$start[1]);
 
 				$end = explode(' ', $conditionInfo['values'][1]);
 				// Dates will be equal for Today, Tomorrow, Yesterday.
-				if(count($end) == 2){
+				if(php7_count($end) == 2){
 					if($start[0] == $end[0]){
 						$dateTime = new DateTime($conditionInfo['value'][0]);
 						$nextDay = $dateTime->modify('+1 days');
@@ -748,7 +750,7 @@ class QueryGenerator {
 									$instance = CRMEntity::getInstance($module);
 									$referenceTable = $instance->table_name;
 									// PriceBook don't have any owner fields
-									if(count($this->ownerFields) > 0 ||
+									if(php7_count($this->ownerFields) > 0 ||
 											$this->getModule() == 'Quotes' || $this->getModule() == 'PriceBooks') {
 										$referenceTable .= $fieldName;
 									}
@@ -761,8 +763,14 @@ class QueryGenerator {
 								}
 								$columnList[] = "$referenceTable.$column";
 							}
-							if(count($columnList) > 1) {
-								$columnSql = getSqlForNameInDisplayFormat(array('first_name'=>$columnList[0],'last_name'=>$columnList[1]),'Users');
+							if(php7_count($columnList) > 1) {
+								if ($module == "Users") {
+									// Special case
+									$columnSql = getSqlForNameInDisplayFormat(array('first_name'=>$columnList[0],'last_name'=>$columnList[1]),'Users');
+								} else {
+									// Leads or contacts
+									$columnSql = getSqlForNameInDisplayFormat(array('firstname'=>$columnList[0],'lastname'=>$columnList[1]), $module);
+								}
 							} else {
 								$columnSql = implode('', $columnList);
 							}
@@ -798,8 +806,8 @@ class QueryGenerator {
 						$values = explode(',', $value);
 						$startDateValue = explode(' ', $values[0]);
 						$endDateValue = explode(' ', $values[1]);
-						if(count($startDateValue) == 2 && count($endDateValue) == 2) {
-							$fieldSql .= " CAST(CONCAT($dateFieldColumnName,' ',$timeFieldColumnName) AS DATETIME) $valueSql";
+						if(php7_count($startDateValue) == 2 && php7_count($endDateValue) == 2) {
+							$fieldSql .= " CONCAT($dateFieldColumnName,' ',$timeFieldColumnName) $valueSql";
 						} else {
 							$fieldSql .= "$dateFieldColumnName $valueSql";
 						}
@@ -808,8 +816,8 @@ class QueryGenerator {
 							$value = $value[0];
 						}
 						$values = explode(' ', $value);
-						if(count($values) == 2) {
-								$fieldSql .= "$fieldGlue CAST(CONCAT($dateFieldColumnName,' ',$timeFieldColumnName) AS DATETIME) $valueSql ";
+						if(php7_count($values) == 2) {
+								$fieldSql .= "$fieldGlue CONCAT($dateFieldColumnName,' ',$timeFieldColumnName) $valueSql ";
 						} else {
 								$fieldSql .= "$fieldGlue $dateFieldColumnName $valueSql";
 						}
@@ -986,7 +994,7 @@ class QueryGenerator {
 				if($this->isDateType($field->getFieldDataType())) {
 					$start = explode(' ', $valueArray[0]);
 					$end = explode(' ',$valueArray[1]);
-					if($operator == 'between' && count($start) == 2 && count($end) == 2){
+					if($operator == 'between' && php7_count($start) == 2 && php7_count($end) == 2){
 							$valueArray[0] = getValidDBInsertDateTimeValue($start[0].' '.$start[1]);
 
 							if($start[0] == $end[0]){
@@ -1004,12 +1012,12 @@ class QueryGenerator {
 					}else{
 						$valueArray[0] = getValidDBInsertDateTimeValue($valueArray[0]);
 						$dateTimeStart = explode(' ',$valueArray[0]);
-						if($dateTimeStart[1] == '00:00:00' && $operator != 'between' && $field->getFieldDataType()=='date') {
+						if(isset($dateTimeStart[1]) && $dateTimeStart[1] == '00:00:00' && $operator != 'between' && $field->getFieldDataType()=='date') {
 							$valueArray[0] = $dateTimeStart[0];
 						}
 						$valueArray[1] = getValidDBInsertDateTimeValue($valueArray[1]);
 						$dateTimeEnd = explode(' ', $valueArray[1]);
-						if(($dateTimeEnd[1] == '00:00:00' || $dateTimeEnd[1] == '23:59:59') && $field->getFieldDataType()=='date' ) {
+						if(isset($dateTimeEnd[1]) && ($dateTimeEnd[1] == '00:00:00' || $dateTimeEnd[1] == '23:59:59') && $field->getFieldDataType()=='date' ) {
 							$valueArray[1] = $dateTimeEnd[0];
 						}
 					}
@@ -1026,29 +1034,60 @@ class QueryGenerator {
 			return $sql;
 		}
 		foreach ($valueArray as $value) {
+			$isvaluefn = false; /* flag to use when value becomes a sql function */
+
 			if(!$this->isStringType($field->getFieldDataType())) {
 				$value = trim($value);
 			}
-			if ($operator == 'empty' || $operator == 'y') {
-				$sql[] = sprintf("IS NULL OR %s = ''", $this->getSQLColumn($field->getFieldName(), $field));
-				continue;
-			}
-			if($operator == 'ny'){
-				$sql[] = sprintf("IS NOT NULL AND %s != ''", $this->getSQLColumn($field->getFieldName(), $field));
+			// If value is empty and comparator is equals then we have to check IS NULL (same as "is empty" condition)
+                        if ($operator == 'empty' || $operator == 'y') {
+                            $sqlFieldDataType = $field->getFieldDataType();
+                            if($sqlFieldDataType == 'date' || $sqlFieldDataType == 'birthday'){
+                                    $sqlFormat = sprintf("IS NULL OR %s = '0000-00-00'", $this->getSQLColumn($field->getFieldName(), $field));
+                            } else if($sqlFieldDataType == 'datetime'){
+                                    $sqlFormat = sprintf("IS NULL OR %s = '0000-00-00 00:00:00'", $this->getSQLColumn($field->getFieldName(), $field));
+                            } else {
+                                    $sqlFormat = sprintf("IS NULL OR %s = ''", $this->getSQLColumn($field->getFieldName(), $field));
+                            }
+                            $sql[] = $sqlFormat;
+                            continue;
+                        }
+			if ($operator == 'ny') {
+                            $sqlFieldDataType = $field->getFieldDataType();
+                            if ($sqlFieldDataType == 'date' || $sqlFieldDataType == 'birthday') {
+                                $sqlFormat = sprintf("IS NOT NULL AND %s != '0000-00-00'", $this->getSQLColumn($field->getFieldName(), $field));
+                            } else if ($sqlFieldDataType == 'datetime') {
+                                $sqlFormat = sprintf("IS NOT NULL AND %s != '0000-00-00 00:00:00'", $this->getSQLColumn($field->getFieldName(), $field));
+                            } else {
+                                $sqlFormat = sprintf("IS NOT NULL AND %s != ''", $this->getSQLColumn($field->getFieldName(), $field));
+                            }
+                            $sql[] = $sqlFormat;
+                            continue;
+                        }
+                        if ($operator == 'k') {
+				$sql[] = sprintf("IS NULL OR %s NOT LIKE '%%%s%%'", $this->getSQLColumn($field->getFieldName(), $field), $value);
 				continue;
 			}
-			if((strtolower(trim($value)) == 'null') ||
-					(trim($value) == '' && !$this->isStringType($field->getFieldDataType())) &&
-							($operator == 'e' || $operator == 'n')) {
-				if($operator == 'e'){
-					$sql[] = "IS NULL";
-					$sql[] = "= ''";
-					continue;
-				} else {
-					$sql[] = "IS NOT NULL";
-					$sql[] = "!= ''";
-					continue;
-				}
+			$trimmedValue = is_array($value) ? NULL : trim($value);
+                        if((strtolower($trimmedValue) == 'null') ||
+                                ($trimmedValue == '' && !$this->isStringType($field->getFieldDataType())) &&
+                                ($operator == 'e' || $operator == 'n')) {
+                            if($operator == 'e'){
+                                $sql[] = "IS NULL";
+                                $sqlFieldDataType = $field->getFieldDataType();
+                                if($sqlFieldDataType == 'date' || $sqlFieldDataType == 'birthday'){
+                                        $sql[] = "= '0000-00-00'";
+                                } else if($sqlFieldDataType == 'datetime'){
+                                        $sql[] = "= '0000-00-00 00:00:00'";
+                                } else {
+                                        $sql[] = "= ''";
+                                }
+                                continue;
+                            } else {
+                                $sql[] = "IS NOT NULL";
+                                $sql[] = "!= ''";
+                                continue;
+                            }
 			} elseif($field->getFieldDataType() == 'boolean') {
 				$value = strtolower($value);
 				if ($value == 'yes') {
@@ -1059,7 +1098,7 @@ class QueryGenerator {
 			} elseif($this->isDateType($field->getFieldDataType())) {
 				// For "after" and "before" conditions
 				$values = explode(' ',$value);
-				if(($operator == 'a' || $operator == 'b') && count($values) == 2){
+				if(($operator == 'a' || $operator == 'b') && php7_count($values) == 2){
 					if($operator == 'a'){
 						// for after comparator we should check the date after the given
 						$dateTime = new DateTime($value);
@@ -1092,11 +1131,12 @@ class QueryGenerator {
 			}
 
 			if($field->getFieldName() == 'birthday' && !$this->isRelativeSearchOperators(
-					$operator)) {
-				$value = "DATE_FORMAT(".$db->quote($value).", '%m%d')";
-			} else {
-				$value = $db->sql_escape_string($value);
-			}
+                                $operator)) {
+                            $value = "DATE_FORMAT(".$db->quote($value).", '%m%d')";
+							$isvaluefn = true;
+                        } else {
+                            $value = is_array($value) ? NULL : $db->sql_escape_string($value);
+                        }
 
 			if(trim($value) == '' && ($operator == 's' || $operator == 'ew' || $operator == 'c')
 					&& ($this->isStringType($field->getFieldDataType()) ||
@@ -1126,9 +1166,6 @@ class QueryGenerator {
 				case 'c': $sqlOperator = "LIKE";
 					$value = "%$value%";
 					break;
-				case 'k': $sqlOperator = "NOT LIKE";
-					$value = "%$value%";
-					break;
 				case 'l': $sqlOperator = "<";
 					break;
 				case 'g': $sqlOperator = ">";
@@ -1149,14 +1186,32 @@ class QueryGenerator {
 				$sql[] = "IS NULL";
 			}
 
-			if( ($field->getFieldName() != 'birthday' || ($field->getFieldName() == 'birthday'
-							&& $this->isRelativeSearchOperators($operator)))){
-				$value = "'$value'";
-			}
-
-			if($this->isNumericType($field->getFieldDataType()) && empty($value)) {
-				$value = '0';
-			}
+                        /**
+                         * While searching in decimal type columns, then value will be stored like 100.1234 (as float value).
+                         * When user search for 100 then also it should show up 100.1234 for which we are altering comparator and 
+                         * value here. If we search 'equal' or 'not equal' we will change to 'like' or 'not like'
+                         * NOTE : Same thing handled in ReportRun->generateAdvFilterSql() api
+                         */
+                        if($this->isFloatType($field->getFieldDataType()) && !empty($value)
+                                && in_array($operator, array('e', 'n') )){
+                            $sqlOperator = ($operator == 'e') ? ' LIKE ' : ' NOT LIKE ';
+                                if ((float) $value == round((float)$value)) {
+                                // if given value is witn out any decimals (Ex:- 1234), then we search with '1234.%'
+                                $value = $value.'.';
+                            }
+                            $value = $value."%";
+                        }
+
+                        if( ($field->getFieldName() != 'birthday' || ($field->getFieldName() == 'birthday'
+                                        && $this->isRelativeSearchOperators($operator)))){
+                            if($field->getFieldDataType() !== 'integer'){
+                                $value = "'$value'";
+                            }
+                        }
+
+                        if($this->isNumericType($field->getFieldDataType()) && empty($value)) {
+                            $value = '0';
+                        }
 			$sql[] = "$sqlOperator $value";
 		}
 		return $sql;
@@ -1184,6 +1239,14 @@ class QueryGenerator {
 	protected function isNumericType($type) {
 		return ($type == 'integer' || $type == 'double' || $type == 'currency');
 	}
+        
+        /**
+        * Function to identify given type is a floating(decimal) type or not. Column types like decimal will store 
+        * information as floating values. All those column related field types comes under this
+        */
+        protected function isFloatType($type) {
+           return ($type == 'double' || $type == 'currency' || $type == 'multicurrency');
+        }
 
 	protected function isStringType($type) {
 		return ($type == 'string' || $type == 'text' || $type == 'email' || $type == 'reference');
@@ -1195,7 +1258,7 @@ class QueryGenerator {
 
 	public function fixDateTimeValue($name, $value, $first = true) {
 		$moduleFields = $this->getModuleFields();
-		$field = $moduleFields[$name];
+		$field = isset($moduleFieldList) ? $moduleFields[$name] : null;
 		$type = $field ? $field->getFieldDataType() : false;
 		if($type == 'datetime') {
 			if(strrpos($value, ' ') === false) {
@@ -1231,7 +1294,7 @@ class QueryGenerator {
 	}
 
 	public function hasConditionals() {
-		if(count($this->conditionals) > 0) {
+		if(php7_count($this->conditionals) > 0) {
 			return true;
 		}
 		return false;
@@ -1258,7 +1321,7 @@ class QueryGenerator {
 		if(is_string($value)) {
 			$value = trim($value);
 		} elseif(is_array($value)) {
-			$value = array_map(trim, $value);
+			$value = array_map('trim', $value);
 		}
 		return array('name'=>$fieldname,'value'=>$value,'operator'=>$operator);
 	}
@@ -1277,7 +1340,7 @@ class QueryGenerator {
 
 	public function addUserSearchConditions($input) {
 		global $log,$default_charset;
-		if($input['searchtype']=='advance') {
+		if(isset($input['searchtype']) && $input['searchtype']=='advance') {
 
 			$json = new Zend_Json();
 			$advft_criteria = $_REQUEST['advft_criteria'];
@@ -1285,13 +1348,13 @@ class QueryGenerator {
 			$advft_criteria_groups = $_REQUEST['advft_criteria_groups'];
 			if(!empty($advft_criteria_groups))	$advft_criteria_groups = $json->decode($advft_criteria_groups);
 
-			if(empty($advft_criteria) || count($advft_criteria) <= 0) {
+			if(empty($advft_criteria) || php7_count($advft_criteria) <= 0) {
 				return ;
 			}
 
 			$advfilterlist = getAdvancedSearchCriteriaList($advft_criteria, $advft_criteria_groups, $this->getModule());
 
-			if(empty($advfilterlist) || count($advfilterlist) <= 0) {
+			if(empty($advfilterlist) || php7_count($advfilterlist) <= 0) {
 				return ;
 			}
 
@@ -1302,7 +1365,7 @@ class QueryGenerator {
 			}
 			foreach ($advfilterlist as $groupindex=>$groupcolumns) {
 				$filtercolumns = $groupcolumns['columns'];
-				if(count($filtercolumns) > 0) {
+				if(php7_count($filtercolumns) > 0) {
 					$this->startGroup('');
 					foreach ($filtercolumns as $index=>$filter) {
 						$name = explode(':',$filter['columnname']);
@@ -1324,7 +1387,7 @@ class QueryGenerator {
 				}
 			}
 			$this->endGroup();
-		} elseif($input['type']=='dbrd') {
+		} elseif(isset($input['type']) && $input['type']=='dbrd') {
 			if($this->conditionInstanceCount > 0) {
 				$this->startGroup(self::$AND);
 			} else {
@@ -1333,8 +1396,8 @@ class QueryGenerator {
 			$allConditionsList = $this->getDashBoardConditionList();
 			$conditionList = $allConditionsList['conditions'];
 			$relatedConditionList = $allConditionsList['relatedConditions'];
-			$noOfConditions = count($conditionList);
-			$noOfRelatedConditions = count($relatedConditionList);
+			$noOfConditions = php7_count($conditionList);
+			$noOfRelatedConditions = php7_count($relatedConditionList);
 			foreach ($conditionList as $index=>$conditionInfo) {
 				$this->addCondition($conditionInfo['fieldname'], $conditionInfo['value'],
 						$conditionInfo['operator']);
@@ -1368,7 +1431,7 @@ class QueryGenerator {
 			if(isset($input['search_text']) && $input['search_text']!="") {
 				// search other characters like "|, ?, ?" by jagi
 				$value = $input['search_text'];
-				$stringConvert = function_exists(iconv) ? @iconv("UTF-8",$default_charset,$value)
+				$stringConvert = function_exists("iconv") ? @iconv("UTF-8",$default_charset,$value)
 						: $value;
 				if(!$this->isStringType($type)) {
 					$value=trim($stringConvert);
@@ -1378,7 +1441,7 @@ class QueryGenerator {
 					global $mod_strings;
 					// Get all the keys for the for the Picklist value
 					$mod_keys = array_keys($mod_strings, $value);
-					if(sizeof($mod_keys) >= 1) {
+					if(php7_sizeof($mod_keys) >= 1) {
 						// Iterate on the keys, to get the first key which doesn't start with LBL_      (assuming it is not used in PickList)
 						foreach($mod_keys as $mod_idx=>$mod_key) {
 							$stridx = strpos($mod_key, 'LBL_');
@@ -1418,19 +1481,19 @@ class QueryGenerator {
 
 	public function getDashBoardConditionList() {
 		if(isset($_REQUEST['leadsource'])) {
-			$leadSource = $_REQUEST['leadsource'];
+			$leadSource = vtlib_purify($_REQUEST['leadsource']);
 		}
 		if(isset($_REQUEST['date_closed'])) {
-			$dateClosed = $_REQUEST['date_closed'];
+			$dateClosed = vtlib_purify($_REQUEST['date_closed']);
 		}
 		if(isset($_REQUEST['sales_stage'])) {
-			$salesStage = $_REQUEST['sales_stage'];
+			$salesStage = vtlib_purify($_REQUEST['sales_stage']);
 		}
 		if(isset($_REQUEST['closingdate_start'])) {
-			$dateClosedStart = $_REQUEST['closingdate_start'];
+			$dateClosedStart = vtlib_purify($_REQUEST['closingdate_start']);
 		}
 		if(isset($_REQUEST['closingdate_end'])) {
-			$dateClosedEnd = $_REQUEST['closingdate_end'];
+			$dateClosedEnd = vtlib_purify($_REQUEST['closingdate_end']);
 		}
 		if(isset($_REQUEST['owner'])) {
 			$owner = vtlib_purify($_REQUEST['owner']);
@@ -1526,4 +1589,4 @@ class QueryGenerator {
 	}
 
 }
-?>
\ No newline at end of file
+?>

include/Webservices/ConvertLead.php

@@ -8,11 +8,11 @@
  * All Rights Reserved.
  ******************************************************************************** */
 
+require_once 'vendor/autoload.php';
 require_once 'include/Webservices/Retrieve.php';
 require_once 'include/Webservices/Create.php';
 require_once 'include/Webservices/Delete.php';
 require_once 'include/Webservices/DescribeObject.php';
-require_once 'includes/Loader.php';
 vimport ('includes.runtime.Globals');
 vimport ('includes.runtime.BaseModel');
 
@@ -145,18 +145,25 @@ function vtws_convertlead($entityvalues, $user) {
 
 
 	try {
-		$accountIdComponents = vtws_getIdComponents($entityIds['Accounts']);
-		$accountId = $accountIdComponents[1];
-
-		$contactIdComponents = vtws_getIdComponents($entityIds['Contacts']);
-		$contactId = $contactIdComponents[1];
-
-		if(!empty($entityIds['Potentials'])){
+		$accountId = null;
+		if (isset($entityIds['Accounts']) && $entityIds['Accounts']) {
+			$accountIdComponents = vtws_getIdComponents($entityIds['Accounts']);
+			$accountId = $accountIdComponents[1];
+		}
+		
+		$contactId = null;		
+		if (isset($entityIds['Contacts']) && $entityIds['Contacts']) {
+			$contactIdComponents = vtws_getIdComponents($entityIds['Contacts']);
+			$contactId = $contactIdComponents[1];
+		}
+		
+		$potentialId = null;
+		if(isset($entityIds['Potentials']) && $entityIds['Potentials']){
 			$potentialIdComponents = vtws_getIdComponents($entityIds['Potentials']);
 			$potentialId = $potentialIdComponents[1];
 		}
 
-		if (!empty($accountId) && !empty($contactId) && !empty($potentialId)) {
+		if (!empty($contactId) && !empty($potentialId)) {
 			$sql = "insert into vtiger_contpotentialrel values(?,?)";
 			$result = $adb->pquery($sql, array($contactId, $potentialId));
 			if ($result === false) {

include/Webservices/ConvertPotential.php

@@ -12,7 +12,7 @@ require_once 'include/Webservices/Retrieve.php';
 require_once 'include/Webservices/Create.php';
 require_once 'include/Webservices/Delete.php';
 require_once 'include/Webservices/DescribeObject.php';
-require_once 'includes/Loader.php';
+require_once 'vendor/autoload.php';
 vimport('includes.runtime.Globals');
 vimport('includes.runtime.BaseModel');
 

include/Webservices/Create.php

@@ -64,7 +64,7 @@ function vtws_create($elementType, $element, $user) {
 				throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED,
 						"Permission to access reference type is denied" . $referenceObject->getEntityName());
 			}
-		} else if ($element[$fieldName] !== NULL) {
+		} else if (array_key_exists($fieldName, $element) && $element[$fieldName] !== NULL) {
 			unset($element[$fieldName]);
 		}
 	}
@@ -72,7 +72,7 @@ function vtws_create($elementType, $element, $user) {
 	if ($meta->hasMandatoryFields($element)) {
 
 		$ownerFields = $meta->getOwnerFields();
-		if (is_array($ownerFields) && sizeof($ownerFields) > 0) {
+		if (is_array($ownerFields) && php7_sizeof($ownerFields) > 0) {
 			foreach ($ownerFields as $ownerField) {
 				if (isset($element[$ownerField]) && $element[$ownerField] !== null &&
 						!$meta->hasAssignPrivilege($element[$ownerField])) {
@@ -88,4 +88,4 @@ function vtws_create($elementType, $element, $user) {
 		return null;
 	}
 }
-?>
\ No newline at end of file
+?>

include/Webservices/Custom/ChangePassword.php

@@ -41,30 +41,45 @@ function vtws_changePassword($id, $oldPassword, $newPassword, $confirmPassword,
 							WebServiceErrorCode::$INVALIDOLDPASSWORD));
 			}
 		}
-		if(strcmp($newPassword, $confirmPassword) === 0) {
-			$db = PearDatabase::getInstance();
-			$db->dieOnError = true;
-			$db->startTransaction();
-			$success = $newUser->change_password($oldPassword, $newPassword, false);
-			$error = $db->hasFailedTransaction();
-			$db->completeTransaction();
-			if($error) {
-				throw new WebServiceException(WebServiceErrorCode::$DATABASEQUERYERROR, 
-					vtws_getWebserviceTranslatedString('LBL_'.
-							WebServiceErrorCode::$DATABASEQUERYERROR));
-			}
-			if(!$success) {
-				throw new WebServiceException(WebServiceErrorCode::$CHANGEPASSWORDFAILURE, 
-					vtws_getWebserviceTranslatedString('LBL_'.
-							WebServiceErrorCode::$CHANGEPASSWORDFAILURE));
-			}
-		} else {
-			throw new WebServiceException(WebServiceErrorCode::$CHANGEPASSWORDFAILURE, 
-					vtws_getWebserviceTranslatedString('LBL_'.
-							WebServiceErrorCode::$CHANGEPASSWORDFAILURE));
-		}
+                if(isPasswordStrong($newPassword)) {
+                    if(strcmp($newPassword, $confirmPassword) === 0) {
+                            $db = PearDatabase::getInstance();
+                            $db->dieOnError = true;
+                            $db->startTransaction();
+                            $success = $newUser->change_password($oldPassword, $newPassword, false);
+                            $error = $db->hasFailedTransaction();
+                            $db->completeTransaction();
+                            if($error) {
+                                    throw new WebServiceException(WebServiceErrorCode::$DATABASEQUERYERROR, 
+                                            vtws_getWebserviceTranslatedString('LBL_'.
+                                                            WebServiceErrorCode::$DATABASEQUERYERROR));
+                            }
+                            if(!$success) {
+                                    throw new WebServiceException(WebServiceErrorCode::$CHANGEPASSWORDFAILURE, 
+                                            vtws_getWebserviceTranslatedString('LBL_'.
+                                                            WebServiceErrorCode::$CHANGEPASSWORDFAILURE));
+                            }
+                    } else {
+                            throw new WebServiceException(WebServiceErrorCode::$CHANGEPASSWORDFAILURE, 
+                                            vtws_getWebserviceTranslatedString('LBL_'.
+                                                            WebServiceErrorCode::$CHANGEPASSWORDFAILURE));
+                    }
+                } else {
+                    throw new WebServiceException(WebServiceErrorCode::$CHANGEPASSWORDFAILURE, 
+                                            vtws_getWebserviceTranslatedString('LBL_'.
+                                                            WebServiceErrorCode::$PASSWORDNOTSTRONG));
+                }
 		VTWS_PreserveGlobal::flush();
 		return array('message' => 'Changed password successfully');
 	}
 }
+
+function isPasswordStrong($new_password){
+    $runtime_configs = Vtiger_Runtime_Configs::getInstance();
+    $password_regex = $runtime_configs->getValidationRegex('password_regex');
+    if (preg_match('/'.$password_regex.'/i', $new_password) == 1) {
+            return true;
+    }
+    return false;
+}
 ?>
\ No newline at end of file

include/Webservices/Custom/VtigerCompanyDetails.php

@@ -17,6 +17,7 @@ require_once 'include/Webservices/VtigerActorOperation.php';
 class VtigerCompanyDetails extends VtigerActorOperation {
 	public function create($elementType, $element) {
 		$db = PearDatabase::getInstance();
+        $params = array();
 		$sql = 'select * from vtiger_organizationdetails';
 		$result = $db->pquery($sql,$params);
 		$rowCount = $db->num_rows($result);

include/Webservices/DataTransform.php

@@ -14,7 +14,7 @@
 		public static $recordModuleString = 'record_module';
 		public static $recordSource = 'WEBSERVICE';
 
-		function sanitizeDataWithColumn($row,$meta){
+		static function sanitizeDataWithColumn($row,$meta){
 
 			$newRow = array();
 			if(isset($row['count(*)'])){
@@ -30,7 +30,7 @@
 			return $newRow;
 		}
 
-		function sanitizeDataWithCountColumn($row,$meta){
+		static function sanitizeDataWithCountColumn($row,$meta){
 			$newRow = array();
 			foreach($row as $col=>$val){
 				$newRow['count'] = $val;
@@ -38,8 +38,8 @@
 			return $newRow;
 		}
 
-		function filterAndSanitize($row,$meta){
-			$recordLabel = $row['label'];
+		static function filterAndSanitize($row,$meta){
+			$recordLabel = isset($row['label']) ? $row['label'] :"";
 			$row = DataTransform::filterAllColumns($row,$meta);
 			$row = DataTransform::sanitizeData($row,$meta);
 			if(!empty($recordLabel)){
@@ -48,15 +48,16 @@
 			return $row;
 		}
 
-		function sanitizeData($newRow,$meta,$t=null){
+		static function sanitizeData($newRow,$meta,$t=null){
 
 			$newRow = DataTransform::sanitizeReferences($newRow,$meta);
 			$newRow = DataTransform::sanitizeOwnerFields($newRow,$meta,$t);
+            $newRow = DataTransform::sanitizeFileFieldsForIds($newRow, $meta);
 			$newRow = DataTransform::sanitizeFields($newRow,$meta);
 			return $newRow;
 		}
 
-		function sanitizeForInsert($row,$meta){
+		static function sanitizeForInsert($row,$meta){
 			global $adb;
 			$associatedToUser = false;
 			$parentTypeId = null;
@@ -102,7 +103,7 @@
 			}
 			$references = $meta->getReferenceFieldDetails();
 			foreach($references as $field=>$typeList){
-				if(strpos($row[$field],'x')!==false){
+				if(isset($row[$field]) && strpos($row[$field],'x')!==false){
 					$row[$field] = vtws_getIdComponents($row[$field]);
 					$row[$field] = $row[$field][1];
 				}
@@ -129,7 +130,7 @@
 					}
 				}
 			}
-			if($row["id"]){
+			if(isset($row["id"]) && $row["id"]){
 				unset($row["id"]);
 			}
 			if(isset($row[$meta->getObectIndexColumn()])){
@@ -138,6 +139,7 @@
 
 			$row = DataTransform::sanitizeDateFieldsForInsert($row,$meta);
 			$row = DataTransform::sanitizeCurrencyFieldsForInsert($row,$meta);
+			$row = DataTransform::sanitizeStringFields($row,$meta);
 
 			// New field added to store Source of Created Record
 			if (!isset($row['source'])) {
@@ -148,14 +150,14 @@
 
 		}
 
-		function filterAllColumns($row,$meta){
+		static function filterAllColumns($row,$meta){
 
 			$recordString = DataTransform::$recordString;
 
 			$allFields = $meta->getFieldColumnMapping();
 			$newRow = array();
 			foreach($allFields as $field=>$col){
-				$newRow[$field] = $row[$field];
+				$newRow[$field] = isset($row[$field]) ? $row[$field] : null;
 			}
 			if(isset($row[$recordString])){
 				$newRow[$recordString] = $row[$recordString];
@@ -164,7 +166,7 @@
 
 		}
 
-		function sanitizeFields($row,$meta){
+		static function sanitizeFields($row,$meta){
 			$default_charset = VTWS_PreserveGlobal::getGlobal('default_charset');
 			$recordString = DataTransform::$recordString;
 
@@ -186,7 +188,7 @@
 			}
 
 			if(!isset($row['id'])){
-				if($row[$meta->getObectIndexColumn()] ){
+				if(isset($row[$meta->getObectIndexColumn()] )){
 					$row['id'] = vtws_getId($meta->getEntityId(),$row[$meta->getObectIndexColumn()]);
 				}else{
 					//TODO Handle this.
@@ -197,21 +199,24 @@
 			}
 
 			foreach ($row as $field => $value) {
-				$row[$field] = html_entity_decode($value, ENT_QUOTES, $default_charset);
+				$row[$field] = $value ? html_entity_decode($value, ENT_QUOTES, $default_charset) : $value;
 			}
 			return $row;
 		}
 
-		function sanitizeReferences($row,$meta){
+		static function sanitizeReferences($row,$meta){
 			global $adb,$log;
 			$references = $meta->getReferenceFieldDetails();
 			foreach($references as $field=>$typeList){
+				if($meta->getEntityName() == 'Users' && $field == 'roleid'){
+					continue;
+				}
 				if(strtolower($meta->getEntityName()) == "emails"){
-					if(isset($row['parent_id'])){
+					if (isset($row['parent_id']) && $row['parent_id'] !== null && strpos($row['parent_id'], '@') !== false) {					
 						list($row['parent_id'], $fieldId) = explode('@', $row['parent_id']);
 					}
 				}
-				if($row[$field]){
+				if(isset($row[$field]) && $row[$field]){
 					$found = false;
 					foreach ($typeList as $entity) {
 						$webserviceObject = VtigerWebserviceObject::fromName($adb,$entity);
@@ -241,7 +246,7 @@
 			return $row;
 		}
 
-		function sanitizeOwnerFields($row,$meta,$t=null){
+		static function sanitizeOwnerFields($row,$meta,$t=null){
 			global $adb;
 			$ownerFields = $meta->getOwnerFields();
 			foreach($ownerFields as $index=>$field){
@@ -255,8 +260,39 @@
 			}
 			return $row;
 		}
-
-		function sanitizeDateFieldsForInsert($row,$meta){
+        
+        /**
+         * Function to attach the image/file ids in retrieve/query operations
+         * @param type $row
+         * @param type $meta
+         * @return <array>
+         */
+        static function sanitizeFileFieldsForIds($row, $meta) {
+            $moduleFields = $meta->getModuleFields();
+            $supportedUITypes = array(61, 69, 28); //file and image uitypes
+            $attachmentIds = array();
+            foreach ($moduleFields as $fieldName => $fieldObj) {
+                if (in_array($fieldObj->getUIType(), $supportedUITypes)) {
+                    //while doing retrieve operation we have record_id and on query operation we have id.
+                    $id = isset($row['record_id']) ? $row['record_id'] : (isset($row['id']) ? $row['id'] : null);
+                    $ids = Vtiger_Functions::getAttachmentIds($id, $meta->getEntityId());
+                if($ids) {
+                        foreach($ids as $id){
+                            array_push($attachmentIds, $id);
+                        }
+                    }
+                    break;
+                }
+            }
+
+            if (!empty($attachmentIds)){
+                $row['imageattachmentids'] = implode(',', $attachmentIds);
+            }
+
+            return $row;
+        }
+
+		static function sanitizeDateFieldsForInsert($row,$meta){
 			global $current_user;
 			$moduleFields = $meta->getModuleFields();
 			foreach($moduleFields as $fieldName=>$fieldObj){
@@ -270,7 +306,7 @@
 			return $row;
 		}
 
-		function sanitizeCurrencyFieldsForInsert($row,$meta){
+		static function sanitizeCurrencyFieldsForInsert($row,$meta){
 			global $current_user;
 			$moduleFields = $meta->getModuleFields();
 			foreach($moduleFields as $fieldName=>$fieldObj){
@@ -280,7 +316,7 @@
 							$row[$fieldName."_raw"] = $row[$fieldName];
 							$row[$fieldName] = CurrencyField::convertToUserFormat($row[$fieldName],$current_user);
 						} else if($fieldObj->getUIType() == '72') {
-							$currencyConversionRate = $row['conversion_rate'];
+							$currencyConversionRate = isset($row['conversion_rate']) ? $row['conversion_rate'] : 0;
 							if (!empty($currencyConversionRate)) {
 								$rawBaseCurrencyValue = CurrencyField::convertToDollar($row[$fieldName], $currencyConversionRate);
 								$row[$fieldName."_raw"] = $rawBaseCurrencyValue;
@@ -297,5 +333,16 @@
 			}
 			return $row;
 		}
+
+		static function sanitizeStringFields($row,$meta){
+			if(in_array($meta->getEntityName(),array('Groups', 'Currency', 'Tax', 'ProductTaxes'))){
+				foreach ($row as $field => $value) {
+					if(is_string($value)){
+						$row[$field] = vtlib_purify($value);
+					}
+				}
+			}
+			return $row;
+		}
 	}	
 ?>

include/Webservices/EntityMeta.php

@@ -8,6 +8,7 @@
  * All Rights Reserved.
  *************************************************************************************/
 
+#[\AllowDynamicProperties]
 abstract class EntityMeta{
 	
 	public static $RETRIEVE = "DetailView";
@@ -34,12 +35,19 @@ abstract class EntityMeta{
 	protected $ownerFields;
 	protected $moduleFields = null;
 	
-	protected function EntityMeta($webserviceObject,$user){
-		$this->webserviceObject = $webserviceObject;
+	protected function __construct($webserviceObject,$user)
+    {
+        $this->webserviceObject = $webserviceObject;
 		$this->objectName = $this->webserviceObject->getEntityName();
 		$this->objectId = $this->webserviceObject->getEntityId();
 		
 		$this->user = $user;
+    }
+	protected function EntityMeta($webserviceObject,$user){
+		// PHP4-style constructor.
+        // This will NOT be invoked, unless a sub-class that extends `foo` calls it.
+        // In that case, call the new-style constructor to keep compatibility.
+        self::__construct($webserviceObject,$user);
 	}
 	
 	public function getEmailFields(){
@@ -269,4 +277,4 @@ abstract class EntityMeta{
 	abstract public function getName($webserviceId);
 	abstract public function isModuleEntity();
 }
-?>
\ No newline at end of file
+?>