include/Webservices/LineItem/VtigerLineItemOperation.php

@@ -156,7 +156,7 @@ class VtigerLineItemOperation extends VtigerActorOperation {
 			list($typeId,$recordId) = vtws_getIdComponents($element['productid']);
 			$productTaxInfo = $this->getProductTaxList($recordId);
 		}
-		if(count($productTaxInfo) == 0 && strcasecmp($parent['hdnTaxType'], $this->Individual) !==0) {
+		if(php7_count($productTaxInfo) == 0 && strcasecmp($parent['hdnTaxType'], $this->Individual) !==0) {
 			$meta = $this->getMeta();
 			$moduleFields = $meta->getModuleFields();
 			foreach ($moduleFields as $fieldName=>$field) {
@@ -169,9 +169,9 @@ class VtigerLineItemOperation extends VtigerActorOperation {
 	}
 
 	private function updateTaxes($createdElement){
-		if (count($this->taxList) > 0 || (is_array($this->inActiveTaxList) && count($this->inActiveTaxList) > 0)) {
+		if (php7_count($this->taxList) > 0 || (is_array($this->inActiveTaxList) && php7_count($this->inActiveTaxList) > 0)) {
 			$taxList = $this->taxList;
-			if (is_array($this->inActiveTaxList) && count($this->inActiveTaxList) > 0) {
+			if (is_array($this->inActiveTaxList) && php7_count($this->inActiveTaxList) > 0) {
 				$taxList = array_merge($taxList, $this->inActiveTaxList);
 			}
 			$id = vtws_getIdComponents($createdElement['id']);
@@ -206,7 +206,7 @@ class VtigerLineItemOperation extends VtigerActorOperation {
 			$meta = $this->getMeta();
 			$moduleFields = $meta->getModuleFields();
 			$productTaxList = $this->getProductTaxList($productId);
-			if (count($productTaxList) > 0) {
+			if (php7_count($productTaxList) > 0) {
 				$this->providedTaxList = array();
 				foreach ($moduleFields as $fieldName => $field) {
 					if (preg_match('/tax\d+/', $fieldName) != 0) {
@@ -383,7 +383,7 @@ class VtigerLineItemOperation extends VtigerActorOperation {
 			$this->newId = $id[1];
 			$updatedLineItemList[] = $this->_create($elementType, $lineItem);
 			if($element == $lineItem){
-				$createdElement = $updatedLineItemList[count($updatedLineItemList) - 1];
+				$createdElement = $updatedLineItemList[php7_count($updatedLineItemList) - 1];
 			}
 		}
 		$this->setCache($parentId, $updatedLineItemList);

include/Webservices/OperationManager.php

@@ -9,7 +9,7 @@
  *************************************************************************************/
 	
 	function setBuiltIn($json){
-		$json->useBuiltinEncoderDecoder = true;
+		Zend_Json::$useBuiltinEncoderDecoder = true;
 	}
 	
 	class OperationManager{
@@ -132,10 +132,10 @@
 		}
 		
 		function handleType($type,$value){
-			$result;
-			$value = stripslashes($value);
+			$result = null;
+			$value = $value ? stripslashes($value) : "";
 			$type = strtolower($type);
-			if($this->inParamProcess[$type]){
+			if(isset($this->inParamProcess[$type]) && $this->inParamProcess[$type]){
 				$result = call_user_func($this->inParamProcess[$type],$value);
 			}else{
 				$result = $value;
@@ -148,9 +148,18 @@
 			try{
 				$operation = strtolower($this->operationName);
 				if(!$this->preLogin){
-					$params[] = $user;
+					$params["user"] = $user;
 					return call_user_func_array($this->handlerMethod,$params);
 				}else{
+
+					/* PHP 8.x fix to match target handler arguments (named parameter) */
+					if ($this->handlerMethod == "vtws_login") {
+						if (isset($params["accessKey"])) {
+							$params["pwd"] = $params["accessKey"];
+							unset($params["accessKey"]);
+						}
+					}
+
 					$userDetails = call_user_func_array($this->handlerMethod,$params);
 					if(is_array($userDetails)){
 						return $userDetails;
@@ -201,4 +210,4 @@
 		
 	}
 	
-?>
\ No newline at end of file
+?>

include/Webservices/PreserveGlobal.php

@@ -18,7 +18,8 @@ class VTWS_PreserveGlobal{
 		//To not push null value . Ideally we should not push null value for any name
 		//But current user null is dangerous so we are checking for only current user
         if(!empty(${$name}) || $name != 'current_user') {
-			if(!is_array(VTWS_PreserveGlobal::$globalData[$name])){
+			if(!isset(VTWS_PreserveGlobal::$globalData[$name]) ||
+				!is_array(VTWS_PreserveGlobal::$globalData[$name])){
 				VTWS_PreserveGlobal::$globalData[$name] = array();		
 			}
 			
@@ -33,7 +34,7 @@ class VTWS_PreserveGlobal{
 		//$name store the name of the global.
 		global ${$name};
 		
-		if(is_array(VTWS_PreserveGlobal::$globalData[$name]) && count(VTWS_PreserveGlobal::$globalData[$name]) > 0){
+		if(is_array(VTWS_PreserveGlobal::$globalData[$name]) && php7_count(VTWS_PreserveGlobal::$globalData[$name]) > 0){
 			${$name} = array_pop(VTWS_PreserveGlobal::$globalData[$name]);
 		}
 		${$name};
@@ -48,7 +49,7 @@ class VTWS_PreserveGlobal{
 		foreach (VTWS_PreserveGlobal::$globalData as $name => $detail) {
 			//$name store the name of the global.
 			global ${$name};
-			if(is_array(VTWS_PreserveGlobal::$globalData[$name]) && count(VTWS_PreserveGlobal::$globalData[$name]) > 0) {
+			if(is_array(VTWS_PreserveGlobal::$globalData[$name]) && php7_count(VTWS_PreserveGlobal::$globalData[$name]) > 0) {
 				${$name} = array_pop(VTWS_PreserveGlobal::$globalData[$name]);
 			}
 		}

include/Webservices/Query.php

@@ -10,7 +10,7 @@
 
 	require_once("include/Webservices/QueryParser.php");
 	
-	function vtws_query($q,$user){
+	function vtws_query($query,$user){
 		
 		static $vtws_query_cache = array();	
 		
@@ -19,10 +19,10 @@
 		// Cache the instance for re-use		
 		$moduleRegex = "/[fF][rR][Oo][Mm]\s+([^\s;]+)/";
 		$moduleName = '';
-		if(preg_match($moduleRegex, $q, $m)) $moduleName = trim($m[1]);
+		if(preg_match($moduleRegex, $query, $m)) $moduleName = trim($m[1]);
 		
 		if(!isset($vtws_create_cache[$moduleName]['webserviceobject'])) {
-			$webserviceObject = VtigerWebserviceObject::fromQuery($adb,$q);
+			$webserviceObject = VtigerWebserviceObject::fromQuery($adb,$query);
 			$vtws_query_cache[$moduleName]['webserviceobject'] = $webserviceObject;
 		} else {
 			$webserviceObject = $vtws_query_cache[$moduleName]['webserviceobject'];
@@ -61,9 +61,9 @@
 			throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED,"Permission to read is denied");
 		}
 		
-		$result = $handler->query($q);
+		$result = $handler->query($query);
 		VTWS_PreserveGlobal::flush();
 		return $result;
 	}
 	
-?>
\ No newline at end of file
+?>

include/Webservices/Revise.php

@@ -78,7 +78,7 @@
 		$meta->isUpdateMandatoryFields($element);
 
 		$ownerFields = $meta->getOwnerFields();
-		if(is_array($ownerFields) && sizeof($ownerFields) >0){
+		if(is_array($ownerFields) && php7_sizeof($ownerFields) >0){
 			foreach($ownerFields as $ownerField){
 				if(isset($element[$ownerField]) && $element[$ownerField]!==null && 
 					!$meta->hasAssignPrivilege($element[$ownerField])){

include/Webservices/Update.php

@@ -71,7 +71,7 @@
 					throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED,
 						"Permission to access reference type is denied ".$referenceObject->getEntityName());
 				}
-			}else if($element[$fieldName] !== NULL){
+			}else if(array_key_exists($fieldName, $element) && $element[$fieldName] !== NULL){
 				unset($element[$fieldName]);
 			}
 		}
@@ -79,7 +79,7 @@
 		$meta->hasMandatoryFields($element);
 		
 		$ownerFields = $meta->getOwnerFields();
-		if(is_array($ownerFields) && sizeof($ownerFields) >0){
+		if(is_array($ownerFields) && php7_sizeof($ownerFields) >0){
 			foreach($ownerFields as $ownerField){
 				if(isset($element[$ownerField]) && $element[$ownerField]!==null && 
 					!$meta->hasAssignPrivilege($element[$ownerField])){
@@ -93,4 +93,4 @@
 		return $entity;
 	}
 	
-?>
\ No newline at end of file
+?>

include/Webservices/Utils.php

@@ -57,7 +57,7 @@ function vtws_generateRandomAccessKey($length=10){
 	$accesskey = "";
 	$maxIndex = strlen($source);
 	for($i=0;$i<$length;++$i){
-		$accesskey = $accesskey.substr($source,rand(null,$maxIndex),1);
+		$accesskey = $accesskey.substr($source,rand(0,$maxIndex),1);
 	}
 	return $accesskey;
 }
@@ -117,10 +117,19 @@ function vtws_getUserWebservicesGroups($tabId,$user){
 }
 
 function vtws_getIdComponents($elementid){
+	$elementid = (string)$elementid;
+	if ($elementid && is_numeric($elementid)) return array($elementid); // during (UserId permission check)
+	if (!$elementid || !preg_match("/[0-9]+x[0-9]+/", $elementid)) {
+		throw new WebServiceException(WebServiceErrorCode::$INVALIDID,"Id specified is incorrect");
+	}
 	return explode("x",$elementid);
 }
 
 function vtws_getId($objId, $elemId){
+	if(is_array($elemId)){$elemId=implode(' ',$elemId);}
+	if(!is_numeric($objId) || !is_numeric($elemId)) {
+		throw new WebServiceException(WebServiceErrorCode::$INVALIDID,"Id specified is incorrect");
+	}
 	return $objId."x".$elemId;
 }
 
@@ -139,9 +148,10 @@ function getEmailFieldId($meta, $entityId){
 function vtws_getParameter($parameterArray, $paramName,$default=null){
 
 	if (!get_magic_quotes_gpc()) {
-		if(is_array($parameterArray[$paramName])) {
+		$param = null;
+		if(isset($parameterArray[$paramName]) && is_array($parameterArray[$paramName])) {
 			$param = array_map('addslashes', $parameterArray[$paramName]);
-		} else {
+		} else if (isset($parameterArray[$paramName]) && $parameterArray[$paramName]) {
 			$param = addslashes($parameterArray[$paramName]);
 		}
 	} else {
@@ -476,34 +486,33 @@ function vtws_getModuleHandlerFromId($id,$user){
 }
 
 function vtws_CreateCompanyLogoFile($fieldname) {
-	global $root_directory;
-	$uploaddir = $root_directory ."/test/logo/";
-	$allowedFileTypes = array("jpeg", "png", "jpg", "pjpeg" ,"x-png");
-	$binFile = $_FILES[$fieldname]['name'];
-	$fileType = $_FILES[$fieldname]['type'];
-	$fileSize = $_FILES[$fieldname]['size'];
-	$fileTypeArray = explode("/",$fileType);
-	$fileTypeValue = strtolower($fileTypeArray[1]);
-	if($fileTypeValue == '') {
-		$fileTypeValue = substr($binFile,strrpos($binFile, '.')+1);
-	}
-	if($fileSize != 0) {
-		if(in_array($fileTypeValue, $allowedFileTypes)) {
-			move_uploaded_file($_FILES[$fieldname]["tmp_name"],
-					$uploaddir.$_FILES[$fieldname]["name"]);
-			copy($uploaddir.$_FILES[$fieldname]["name"], $uploaddir.'application.ico');
-			return $binFile;
-		}
-		throw new WebServiceException(WebServiceErrorCode::$INVALIDTOKEN,
-			"$fieldname wrong file type given for upload");
-	}
-	throw new WebServiceException(WebServiceErrorCode::$INVALIDTOKEN,
-			"$fieldname file upload failed");
+    $fileSize = $_FILES[$fieldname]['size'];
+    if($fileSize != 0) {
+        global $root_directory;
+        //Support formats allowed to upload as per CRM UI.
+        $logoSupportedFormats = array('jpeg', 'jpg', 'png', 'gif', 'pjpeg', 'x-png');
+        
+        $file_type_details = explode("/", $_FILES[$fieldname]['type']);
+        $filetype = $file_type_details['1'];
+        if(in_array($filetype, $logoSupportedFormats)) {
+            $uploaddir = $root_directory ."/test/logo/";
+            $binFile = $_FILES[$fieldname]['name'];
+            $saveLogo = validateImageFile($_FILES[$fieldname]);
+            if($saveLogo) {
+                move_uploaded_file($_FILES[$fieldname]["tmp_name"], $uploaddir.$binFile);
+                copy($uploaddir.$binFile, $uploaddir.'application.ico');
+                return $binFile;
+            }
+        }
+        throw new WebServiceException(WebServiceErrorCode::$FAILED_TO_UPDATE,
+            "$fieldname wrong file type given for upload");
+    }
+    throw new WebServiceException(WebServiceErrorCode::$FAILED_TO_UPDATE, "$fieldname file upload failed");
 }
 
 function vtws_getActorEntityName ($name, $idList) {
 	$db = PearDatabase::getInstance();
-	if (!is_array($idList) && count($idList) == 0) {
+	if (!is_array($idList) && php7_count($idList) == 0) {
 		return array();
 	}
 	$entity = VtigerWebserviceObject::fromName($db, $name);
@@ -512,7 +521,7 @@ function vtws_getActorEntityName ($name, $idList) {
 
 function vtws_getActorEntityNameById ($entityId, $idList) {
 	$db = PearDatabase::getInstance();
-	if (!is_array($idList) && count($idList) == 0) {
+	if (!is_array($idList) && php7_count($idList) == 0) {
 		return array();
 	}
 	$nameList = array();
@@ -694,7 +703,7 @@ function vtws_getFieldfromFieldId($fieldId, $fieldObjectList){
  */
 function vtws_getRelatedActivities($leadId,$accountId,$contactId,$relatedId) {
 
-	if(empty($leadId) || empty($relatedId) || (empty($accountId) && empty($contactId))){
+	if(empty($leadId) || empty($relatedId) || empty($contactId)){
 		throw new WebServiceException(WebServiceErrorCode::$LEAD_RELATED_UPDATE_FAILED,
 			"Failed to move related Activities/Emails");
 	}
@@ -918,7 +927,7 @@ function vtws_updateWebformsRoundrobinUsersLists($ownerId, $newOwnerId) {
 					}
 					$usersList = $revisedUsersList;
 				}
-				if (count($usersList) == 0) {
+				if (php7_count($usersList) == 0) {
 					$db->pquery('UPDATE vtiger_webforms SET roundrobin_userid = ?,roundrobin = ? where id =?', array("--None--", 0, $webformId));
 				} else {
 					$usersList = json_encode($usersList);
@@ -962,7 +971,7 @@ function vtws_transferOwnershipForWorkflowTasks($ownerModel, $newOwnerModel) {
 		require_once("modules/com_vtiger_workflow/VTTaskManager.inc");
 		require_once 'modules/com_vtiger_workflow/tasks/'.$className.'.inc';
 		$unserializeTask = unserialize($task);
-		if(array_key_exists("field_value_mapping",$unserializeTask)) {
+		if(property_exists($unserializeTask, "field_value_mapping")) {
 			$fieldMapping = Zend_Json::decode($unserializeTask->field_value_mapping);
 			if (!empty($fieldMapping)) {
 				foreach ($fieldMapping as $key => $condition) {
@@ -985,7 +994,7 @@ function vtws_transferOwnershipForWorkflowTasks($ownerModel, $newOwnerModel) {
 			}
 		} else {
 			//For VTCreateTodoTask and VTCreateEventTask
-			if(array_key_exists('assigned_user_id', $unserializeTask)){
+			if(property_exists($unserializeTask, 'assigned_user_id')){
 				$value = $unserializeTask->assigned_user_id;
 				if($value == $ownerId) {
 					$unserializeTask->assigned_user_id = $newOwnerId;
@@ -1271,7 +1280,7 @@ function vtws_getCompanyId() {
 
 function vtws_recordExists($recordId) {
 	$ids = vtws_getIdComponents($recordId);
-	return !Vtiger_Util_Helper::CheckRecordExistance($ids[1]);
+	return isset($ids[1]) ? !Vtiger_Util_Helper::CheckRecordExistance($ids[1]) : null;
 }
 
 function vtws_isDuplicatesAllowed($webserviceObject){
@@ -1317,4 +1326,4 @@ function vtws_getAttachmentRecordId($attachmentId) {
     }
     return $crmid;
 }
-?>
\ No newline at end of file
+?>

include/Webservices/VTQL_Lexer.php

@@ -12,7 +12,7 @@ incState($lexer);
 }
 function incState($lexer){
 $lexer->current_state++;
-if($lexer->current_state === sizeof($lexer->mandatory_states)){
+if($lexer->current_state === php7_sizeof($lexer->mandatory_states)){
 $lexer->mandatory = false;
 }
 }
@@ -208,7 +208,7 @@ return $this->token."";
             if (preg_match($yy_global_pattern, substr($this->data, $this->index), $yymatches)) {
                 $yysubmatches = $yymatches;
                 $yymatches = array_filter($yymatches, 'strlen'); // remove empty sub-patterns
-                if (!count($yymatches)) {
+                if (!php7_count($yymatches)) {
                     throw new Exception('Error: lexing failed because a rule matched' .
                         'an empty string.  Input "' . substr($this->data,
                         $this->index, 5) . '... state INITR');

include/Webservices/VTQL_Parser.php

@@ -33,16 +33,19 @@ class VTQL_ParseryyToken implements ArrayAccess
         return $this->_string;
     }
 
+    #[\ReturnTypeWillChange]
     function offsetExists($offset)
     {
         return isset($this->metadata[$offset]);
     }
 
+    #[\ReturnTypeWillChange]
     function offsetGet($offset)
     {
         return $this->metadata[$offset];
     }
 
+    #[\ReturnTypeWillChange]
     function offsetSet($offset, $value)
     {
         if ($offset === null) {
@@ -52,7 +55,7 @@ class VTQL_ParseryyToken implements ArrayAccess
                 $this->metadata = array_merge($this->metadata, $x);
                 return;
             }
-            $offset = count($this->metadata);
+            $offset = php7_count($this->metadata);
         }
         if ($value === null) {
             return;
@@ -66,6 +69,7 @@ class VTQL_ParseryyToken implements ArrayAccess
         }
     }
 
+    #[\ReturnTypeWillChange]
     function offsetUnset($offset)
     {
         unset($this->metadata[$offset]);
@@ -204,15 +208,18 @@ function buildSelectStmt($sqlDump){
 	$deletedQuery = $meta->getEntityDeletedQuery();
 	$accessControlQuery = $meta->getEntityAccessControlQuery();
 	$this->query = $this->query.' '.$accessControlQuery;
-	if($sqlDump['where_condition']){
-		if((sizeof($sqlDump['where_condition']['column_names']) == 
-		sizeof($sqlDump['where_condition']['column_values'])) && 
-		(sizeof($sqlDump['where_condition']['column_operators']) == sizeof($sqlDump['where_condition']['operators'])+1)){
+	if(isset($sqlDump['where_condition'])){
+		// ensure init before use
+		if(!isset($sqlDump['where_condition']['operators'])) $sqlDump['where_condition']['operators'] = array();
+
+		if((php7_sizeof($sqlDump['where_condition']['column_names']) == 
+		php7_sizeof($sqlDump['where_condition']['column_values'])) && 
+		(php7_sizeof($sqlDump['where_condition']['column_operators']) == php7_sizeof($sqlDump['where_condition']['operators'])+1)){
 			$this->query = $this->query.' WHERE (';
 			$i=0;
 			$referenceFields = $meta->getReferenceFieldDetails();
 			$ownerFields = $meta->getOwnerFields();
-			for(;$i<sizeof($sqlDump['where_condition']['column_values']);++$i){
+			for(;$i<php7_sizeof($sqlDump['where_condition']['column_values']);++$i){
 				if(!$fieldcol[$sqlDump['where_condition']['column_names'][$i]]){
 					throw new WebServiceException(WebServiceErrorCode::$ACCESSDENIED, "Permission to access ".$sqlDump['where_condition']['column_names'][$i]." attribute denied.");
 				}
@@ -253,7 +260,7 @@ function buildSelectStmt($sqlDump){
 				}
 				$this->query = $this->query.$columnTable[$fieldcol[$whereField]].'.'.
 									$fieldcol[$whereField]." ".$whereOperator." ".$whereValue;
-				if($i <sizeof($sqlDump['where_condition']['column_values'])-1){
+				if($i <php7_sizeof($sqlDump['where_condition']['column_values'])-1){
 					$this->query = $this->query.' ';
 					$this->query = $this->query.$sqlDump['where_condition']['operators'][$i].' ';
 				}
@@ -280,7 +287,7 @@ function buildSelectStmt($sqlDump){
 	
 	$this->query = $this->query.' '.$deletedQuery;
 	
-	if($sqlDump['orderby']){
+	if(isset($sqlDump['orderby'])){
 		$i=0;
 		$this->query = $this->query.' ORDER BY ';
 		foreach($sqlDump['orderby'] as $ind=>$field){
@@ -291,14 +298,14 @@ function buildSelectStmt($sqlDump){
 				$this->query = $this->query.','.$columnTable[$fieldcol[$field]].".".$fieldcol[$field];
 			}
 		}
-		if($sqlDump['sortOrder']) {
+		if(isset($sqlDump['sortOrder'])) {
 			$this->query .= ' '.$sqlDump['sortOrder'];
 		}
 	}
-	if($sqlDump['limit']){
+	if(isset($sqlDump['limit'])){
 		$i=0;
 		$offset =false;
-		if(sizeof($sqlDump['limit'])>1){
+		if(php7_sizeof($sqlDump['limit'])>1){
 			$offset = true;
 		}
 		$this->query = $this->query.' LIMIT ';
@@ -718,7 +725,7 @@ static public $yy_action = array(
         if ($tokenType === 0) {
             return 'End of Input';
         }
-        if ($tokenType > 0 && $tokenType < count(self::$yyTokenName)) {
+        if ($tokenType > 0 && $tokenType < php7_count(self::$yyTokenName)) {
             return self::$yyTokenName[$tokenType];
         } else {
             return "Unknown";
@@ -760,7 +767,7 @@ static public $yy_action = array(
      */
     function yy_pop_parser_stack()
     {
-        if (!count($this->yystack)) {
+        if (!php7_count($this->yystack)) {
             return;
         }
         $yytos = array_pop($this->yystack);
@@ -967,7 +974,7 @@ static public $yy_action = array(
         $i += $iLookAhead;
         if ($i < 0 || $i >= self::YY_SZ_ACTTAB ||
               self::$yy_lookahead[$i] != $iLookAhead) {
-            if (count(self::$yyFallback) && $iLookAhead < count(self::$yyFallback)
+            if (php7_count(self::$yyFallback) && $iLookAhead < php7_count(self::$yyFallback)
                    && ($iFallback = self::$yyFallback[$iLookAhead]) != 0) {
                 if (self::$yyTraceFILE) {
                     fwrite(self::$yyTraceFILE, self::$yyTracePrompt . "FALLBACK " .
@@ -1212,7 +1219,7 @@ $this->out['where_condition']['operators'][] = $this->yystack[$this->yyidx + 0]-
 $this->out['columnDone']=true;
 $this->out['where_condition']['column_names'][] = $this->yystack[$this->yyidx + -2]->minor;
 if(strcmp($this->yystack[$this->yyidx + -2]->minor, 'id')===0){
-$prev = $this->out['where_condition']['column_values'][sizeof($this->out['where_condition']['column_values'])-1];
+$prev = $this->out['where_condition']['column_values'][php7_sizeof($this->out['where_condition']['column_values'])-1];
 if(is_array($prev)){
 $new = array();
 foreach($prev as $ind=>$val){
@@ -1220,21 +1227,22 @@ $val = trim($val,'\'"');
 $value = vtws_getIdComponents($val);
 $new[] = $value[1];
 }
-$this->out['where_condition']['column_values'][sizeof($this->out['where_condition']['column_values'])-1] = $new;
+$this->out['where_condition']['column_values'][php7_sizeof($this->out['where_condition']['column_values'])-1] = $new;
 }else{
 $prev = trim($prev,'\'"');
 $value = vtws_getIdComponents($prev);
-if(strcasecmp($this->out['where_condition']['column_operators'][sizeof($this->out['where_condition']['column_operators'])-1],'like')===0){
+if(strcasecmp($this->out['where_condition']['column_operators'][php7_sizeof($this->out['where_condition']['column_operators'])-1],'like')===0){
 $value[1] = "'".$value[1]."'";
 }
-$this->out['where_condition']['column_values'][sizeof($this->out['where_condition']['column_values'])-1] = $value[1];
+$this->out['where_condition']['column_values'][php7_sizeof($this->out['where_condition']['column_values'])-1] = $value[1];
 }
 }
     }
 #line 1240 "e:\workspace\nonadmin\pkg\vtiger\extensions\Webservices\VTQL_parser.php"
 #line 82 "e:\workspace\nonadmin\pkg\vtiger\extensions\Webservices\VTQL_parser.y"
     function yy_r17(){
-$length = ($this->out['where_condition']['column_values'])? sizeof($this->out['where_condition']['column_values']):0;
+        $this->out['where_condition']['column_values'] = isset($this->out['where_condition']['column_values']) ? $this->out['where_condition']['column_values'] : array();
+$length = ($this->out['where_condition']['column_values'])? php7_sizeof($this->out['where_condition']['column_values']):0;
 $pos = $length - 1;
 if($pos < 0){
 $pos = 0;
@@ -1322,7 +1330,7 @@ $this->out['limit'][] = $this->yystack[$this->yyidx + 0]->minor;
 #line 151 "e:\workspace\nonadmin\pkg\vtiger\extensions\Webservices\VTQL_parser.y"
     function yy_r41(){
 global $adb;
-if(!$this->out['meta']){
+if(!isset($this->out['meta'])){
 $module = $this->out['moduleName'];
 $handler = vtws_getModuleHandlerFromName($module,$this->user);
 $objectMeta = $handler->getMeta();
@@ -1337,7 +1345,7 @@ foreach($this->out['column_list'] as $ind=>$field){
 $columns[] = $fieldcol[$field];
 }
 }
-if($this->out['where_condition']){
+if(isset($this->out['where_condition']) && isset($this->out['where_condition']['column_names'])){
 foreach($this->out['where_condition']['column_names'] as $ind=>$field){
 $columns[] = $fieldcol[$field];
 }
@@ -1355,6 +1363,7 @@ array_push($tables,$tableName);
 $firstTable = $objectMeta->getEntityBaseTable();
 $tabNameIndex = $objectMeta->getEntityTableIndexList();
 $firstIndex = $tabNameIndex[$firstTable];
+if (!isset($this->out['defaultJoinConditons'])) $this->out['defaultJoinConditions'] = '';
 foreach($tables as $ind=>$table){
 if($firstTable!=$table){
 	if(!isset($tabNameIndex[$table]) && $table == "vtiger_crmentity"){
@@ -1416,7 +1425,7 @@ if($firstTable!=$table){
         //int $yysize;                     /* Amount to pop the stack */
         $yymsp = $this->yystack[$this->yyidx];
         if (self::$yyTraceFILE && $yyruleno >= 0 
-              && $yyruleno < count(self::$yyRuleName)) {
+              && $yyruleno < php7_count(self::$yyRuleName)) {
             fprintf(self::$yyTraceFILE, "%sReduce (%d) [%s].\n",
                 self::$yyTracePrompt, $yyruleno,
                 self::$yyRuleName[$yyruleno]);

include/Webservices/VtigerActorOperation.php

@@ -263,7 +263,7 @@ class VtigerActorOperation extends WebserviceEntityOperation {
 			foreach ($moduleFields as $fieldName=>$webserviceField) {
 				array_push($fields,$this->getDescribeFieldArray($webserviceField));
 			}
-			$label = ($app_strings[$this->meta->getObectIndexColumn()])? $app_strings[$this->meta->getObectIndexColumn()]:
+			$label = isset($app_strings[$this->meta->getObectIndexColumn()])? $app_strings[$this->meta->getObectIndexColumn()]:
 				$this->meta->getObectIndexColumn();
 			$this->moduleFields = $fields;
 		}
@@ -276,7 +276,9 @@ class VtigerActorOperation extends WebserviceEntityOperation {
 		if(isset($app_strings[$fieldLabel])){
 			$fieldLabel = $app_strings[$fieldLabel];
 		}
-		if(strcasecmp($webserviceField->getFieldName(),$this->meta->getObectIndexColumn()) === 0){
+		$fieldName = $webserviceField->getFieldName();
+		$fieldColumn = $this->meta->getObectIndexColumn();
+		if($fieldColumn && strcasecmp($fieldName, $fieldColumn) === 0){
 			return $this->getIdField($fieldLabel);
 		}
 		
@@ -334,4 +336,4 @@ class VtigerActorOperation extends WebserviceEntityOperation {
 	}
 
 }
-?>
\ No newline at end of file
+?>

include/Webservices/VtigerCRMActorMeta.php

@@ -105,7 +105,7 @@ class VtigerCRMActorMeta extends EntityMeta {
 			$fieldType = $this->getTypeOfDataForType($dbField->type);
 		}
 		$typeOfData = null;
-		if(($dbField->not_null && !$dbField->primary_key) || $dbField->unique_key == 1){
+		if(($dbField->not_null && !$dbField->primary_key) || (isset($dbField->unique_key) && $dbField->unique_key == 1)) {
 			$typeOfData = $fieldType.'~M';
 		}else{
 			$typeOfData = $fieldType.'~O';

include/Webservices/VtigerCRMObject.php

@@ -185,7 +185,7 @@ class VtigerCRMObject{
 		global $adb;
 		$error = false;
 		$adb->startTransaction();
-		DeleteEntity($this->getTabName(), $this->getTabName(), $this->instance, $id,$returnid);
+		DeleteEntity($this->getTabName(), $this->getTabName(), $this->instance, $id,"");
 		$error = $adb->hasFailedTransaction();
 		$adb->completeTransaction();
 		return !$error;
@@ -199,7 +199,7 @@ class VtigerCRMObject{
 		global $adb;
 		
 		$exists = false;
-		$sql = "select * from vtiger_crmentity where crmid=? and deleted=0";
+		$sql = "select 1 from vtiger_crmentity where crmid=? and deleted=0";
 		$result = $adb->pquery($sql , array($id));
 		if($result != null && isset($result)){
 			if($adb->num_rows($result)>0){
@@ -213,7 +213,7 @@ class VtigerCRMObject{
 		global $adb;
 		
 		$seType = null;
-		$sql = "select * from vtiger_crmentity where crmid=? and deleted=0";
+		$sql = "select setype from vtiger_crmentity where crmid=? and deleted=0";
 		$result = $adb->pquery($sql , array($id));
 		if($result != null && isset($result)){
 			if($adb->num_rows($result)>0){

include/Webservices/VtigerCRMObjectMeta.php

@@ -20,6 +20,7 @@ class VtigerCRMObjectMeta extends EntityMeta {
 	private $hasWriteAccess;//Edit Access
 	private $hasDeleteAccess;
 	private $assignUsers;
+	private $allowDuplicates;
 	
 	function __construct($webserviceObject,$user)
 	{
@@ -39,6 +40,7 @@ class VtigerCRMObjectMeta extends EntityMeta {
 		$this->hasCreateAccess = false;
 		$this->hasWriteAccess = false;
 		$this->hasDeleteAccess = false;
+		$this->allowDuplicates = null;
 		$instance = vtws_getModuleInstance($this->webserviceObject);
 		$this->idColumn = $instance->tab_name_index[$instance->table_name];
 		$this->baseTable = $instance->table_name;
@@ -223,11 +225,12 @@ class VtigerCRMObjectMeta extends EntityMeta {
 	function hasPermission($operation,$webserviceId){
 		
 		$idComponents = vtws_getIdComponents($webserviceId);
-		$id=$idComponents[1];
-		
-		$permitted = isPermitted($this->getTabName(),$operation,$id);
-		if(strcmp($permitted,"yes")===0){
-			return true;
+		$id=$idComponents ? array_pop($idComponents):null;
+		if ($id) {
+			$permitted = isPermitted($this->getTabName(),$operation,$id);
+			if(strcmp($permitted,"yes")===0){
+				return true;
+			}
 		}
 		return false;
 	}
@@ -305,6 +308,11 @@ class VtigerCRMObjectMeta extends EntityMeta {
 					if (strcasecmp($webserviceField->getFieldDataType(), 'file') !== 0) {
 						$this->fieldColumnMapping[$fieldName] = $webserviceField->getColumnName();
 					}
+				} else if($this->getEntityName() == "Users") {
+					$restrictedFields = array('user_password', 'confirm_password', 'accesskey');
+					if(!in_array($fieldName, $restrictedFields)) {
+						$this->fieldColumnMapping[$fieldName] = $webserviceField->getColumnName();
+					}	
 				} else {
 					$this->fieldColumnMapping[$fieldName] = $webserviceField->getColumnName();
 				}
@@ -366,7 +374,7 @@ class VtigerCRMObjectMeta extends EntityMeta {
 		
 		require_once('modules/CustomView/CustomView.php');
 		$current_user = vtws_preserveGlobal('current_user',$this->user);
-		$theme = vtws_preserveGlobal('theme',$this->user->theme);
+		$theme = vtws_preserveGlobal('theme', isset($this->user->theme) ? $this->user->theme : "");
 		$default_language = VTWS_PreserveGlobal::getGlobal('default_language');
 		global $current_language;
 		if(empty($current_language)) $current_language = $default_language;
@@ -390,7 +398,7 @@ class VtigerCRMObjectMeta extends EntityMeta {
 		
 		$heirarchyUsers = get_user_array(false,"ACTIVE",$this->user->id);
 		$groupUsers = vtws_getUsersInTheSameGroup($this->user->id);
-		$this->assignUsers = $heirarchyUsers+$groupUsers;
+		$this->assignUsers = $heirarchyUsers + $groupUsers;
 		$this->assign = true;
 	}
 	
@@ -406,7 +414,7 @@ class VtigerCRMObjectMeta extends EntityMeta {
 		}else{
 			$profileList = getCurrentUserProfileList();
 			
-			if (count($profileList) > 0) {
+			if (php7_count($profileList) > 0) {
 				$sql = "SELECT vtiger_field.*, vtiger_profile2field.readonly
 						FROM vtiger_field
 						INNER JOIN vtiger_profile2field
@@ -561,11 +569,11 @@ class VtigerCRMObjectMeta extends EntityMeta {
 	}
 
 	public function isDuplicatesAllowed() {
-		if (!isset($this->allowDuplicates)) {
+		if (is_null($this->allowDuplicates) || $this->allowDuplicates === null) {
 			$this->allowDuplicates = vtws_isDuplicatesAllowed($this->webserviceObject);
 		}
 		return $this->allowDuplicates;
 	}
 
 }
-?>
\ No newline at end of file
+?>

include/Webservices/VtigerModuleOperation.php

@@ -16,6 +16,7 @@ class VtigerModuleOperation extends WebserviceEntityOperation {
 	public function __construct($webserviceObject,$user,$adb,$log)
 	{
 		parent::__construct($webserviceObject,$user,$adb,$log);
+		
 		$this->meta = $this->getMetaInstance();
 		$this->tabId = $this->meta->getTabId();
 	}
@@ -80,6 +81,7 @@ class VtigerModuleOperation extends WebserviceEntityOperation {
 	}
 	
     public function relatedIds($id, $relatedModule, $relatedLabel, $relatedHandler=null) {
+		global $adb;
 		$ids = vtws_getIdComponents($id);
         $sourceModule = $this->webserviceObject->getEntityName();		
         global $currentModule;
@@ -195,14 +197,14 @@ class VtigerModuleOperation extends WebserviceEntityOperation {
 		$output = array();
 		for($i=0; $i<$noofrows; $i++){
 			$row = $this->pearDB->fetchByAssoc($result,$i);
-			if(!$meta->hasPermission(EntityMeta::$RETRIEVE,$row[$tableIdColumn])){
+			if(!isset($row[$tableIdColumn]) || !$meta->hasPermission(EntityMeta::$RETRIEVE,$row[$tableIdColumn])){
 				continue;
 			}
 			$output[$row[$tableIdColumn]] = DataTransform::sanitizeDataWithColumn($row,$meta);
 		}
 		
 		$newOutput = array();
-        if(count($output)) {
+        if(php7_count($output)) {
             //Added check if tags was requested or not
             if(stripos($mysql_query, $meta->getEntityBaseTable().'.tags') !== false) $tags = Vtiger_Tag_Model::getAllAccessibleTags(array_keys($output));
             foreach($output as $id => $row1) {

include/Webservices/VtigerProductOperation.php

@@ -119,7 +119,7 @@ class VtigerProductOperation extends VtigerModuleOperation {
 			$ids = vtws_getIdComponents($element['currency_id']);
 			//Import will be sending currency id not in webservice format .	
 			//So we are taking 0th index as value
-			if (count($ids) == 1) {
+			if (php7_count($ids) == 1) {
 				$curId = $ids[0];
 			} else {
 				$curId = $ids[1];

include/Webservices/VtigerWebserviceObject.php

@@ -45,7 +45,7 @@ class VtigerWebserviceObject{
 		
 		// If the information not available in cache?
 		if(!isset(self::$_fromNameCache[$entityName])) {
-			$cacheLength = count(self::$_fromNameCache);
+			$cacheLength = php7_count(self::$_fromNameCache);
 			
 			$result = null;
 			if ($cacheLength == 0) {
@@ -92,7 +92,7 @@ class VtigerWebserviceObject{
 			}
 		}
 		
-		$rowData = self::$_fromIdCache[$entityId];
+		$rowData = isset(self::$_fromIdCache[$entityId]) ? self::$_fromIdCache[$entityId] : '';
 		
 		if($rowData) {
 			return new VtigerWebserviceObject($rowData['id'],$rowData['name'],
@@ -129,4 +129,4 @@ class VtigerWebserviceObject{
 	}
 	
 }
-?>
\ No newline at end of file
+?>

include/Webservices/WebServiceErrorCode.php

@@ -43,6 +43,7 @@
         public static $FAILED_TO_CREATE = "FAILED_TO_CREATE";
 		public static $INACTIVECURRENCY = "CURRENCY_INACTIVE";
                 public static $PASSWORDNOTSTRONG = "PASSWORD_NOT_STRONG";
+                public static $FAILED_TO_UPDATE = "FAILED_TO_UPDATE";
 	}
 	
 ?>

include/Webservices/WebserviceEntityOperation.php

@@ -83,7 +83,7 @@ abstract class WebserviceEntityOperation{
 				break;
 			case 'multipicklist':
 			case 'picklist': $typeDetails["picklistValues"] = $webserviceField->getPicklistDetails($webserviceField);
-				$typeDetails['defaultValue'] = $typeDetails["picklistValues"][0]['value'];
+				$typeDetails['defaultValue'] = !empty($typeDetails["picklistValues"]) ? $typeDetails["picklistValues"][0]['value'] : null;
 				break;
 			case 'file': $maxUploadSize = 0;
 				$maxUploadSize = ini_get('upload_max_filesize');
@@ -131,4 +131,4 @@ abstract class WebserviceEntityOperation{
 	
 }
 
-?>
\ No newline at end of file
+?>

include/Webservices/WebserviceField.php

@@ -11,6 +11,7 @@
 require_once 'includes/runtime/Cache.php';
 require_once 'vtlib/Vtiger/Runtime.php';
 
+#[\AllowDynamicProperties]
 class WebserviceField{
 	private $fieldId;
 	private $uitype;
@@ -48,28 +49,30 @@ class WebserviceField{
 	private $readOnly = 0;
 	private $isunique = 0;
 
+	public $parentReferenceField; //To avoid undefined property warning.
+
 	private function __construct($adb,$row){
-		$this->uitype = $row['uitype'];
-		$this->blockId = $row['block'];
+		$this->uitype = isset($row['uitype'])? $row['uitype'] : 0;
+		$this->blockId = isset($row['block'])? $row['block'] : 0;
 		$this->blockName = null;
-		$this->tableName = $row['tablename'];
-		$this->columnName = $row['columnname'];
-		$this->fieldName = $row['fieldname'];
-		$this->fieldLabel = $row['fieldlabel'];
-		$this->displayType = $row['displaytype'];
-		$this->massEditable = ($row['masseditable'] === '1')? true: false;
-		$this->presence = $row['presence'];
-		$this->isunique = ($row['isunique']) ? true : false;
-		$typeOfData = $row['typeofdata'];
+		$this->tableName = isset($row['tablename'])? $row['tablename'] : null;
+		$this->columnName = isset($row['columnname'])? $row['columnname'] : null;
+		$this->fieldName = isset($row['fieldname'])? $row['fieldname'] : null;
+		$this->fieldLabel = isset($row['fieldlabel'])? $row['fieldlabel'] : null;
+		$this->displayType = isset($row['displaytype'])? $row['displaytype'] : null;
+		$this->massEditable = (isset($row['masseditable']) && $row['masseditable'] === '1')? true: false;
+		$this->presence = isset($row['presence'])? $row['presence'] : null;
+		$this->isunique = isset($row['isunique']) && $row['isunique'] ? true : false;
+		$typeOfData = isset($row['typeofdata'])? $row['typeofdata'] : null;
 		$this->typeOfData = $typeOfData;
-		$typeOfData = explode("~",$typeOfData);
-		$this->mandatory = ($typeOfData[1] == 'M')? true: false;
+		$typeOfData = explode("~",$typeOfData ? $typeOfData : "");
+		$this->mandatory = (php7_count($typeOfData) > 1 && $typeOfData[1] == 'M')? true: false;
 		if($this->uitype == 4){
 			$this->mandatory = false;
 		}
 		$this->fieldType = $typeOfData[0];
-		$this->tabid = $row['tabid'];
-		$this->fieldId = $row['fieldid'];
+		$this->tabid = isset($row['tabid'])? $row['tabid']: 0;
+		$this->fieldId = isset($row['fieldid'])? $row['fieldid'] : 0;
 		$this->pearDB = $adb;
 		$this->fieldDataType = null;
 		$this->dataFromMeta = false;
@@ -258,7 +261,7 @@ class WebserviceField{
 			$referenceTypes = array();
 			if($this->getUIType() != $this->genericUIType){
 				$sql = "select type from vtiger_ws_referencetype where fieldtypeid=?";
-				$params = array($fieldTypeData['fieldtypeid']);
+				$params = array(isset($fieldTypeData['fieldtypeid'])? $fieldTypeData['fieldtypeid'] : 0);
 			}else{
 				$sql = 'SELECT relmodule AS type FROM vtiger_fieldmodulerel WHERE fieldid=? ORDER BY sequence ASC';
 				$params = array($this->getFieldId());
@@ -412,7 +415,7 @@ class WebserviceField{
 		}else{
 			$user = VTWS_PreserveGlobal::getGlobal('current_user');
 			$details = getPickListValues($fieldName,$user->roleid);
-			for($i=0;$i<sizeof($details);++$i){
+			for($i=0;$i<php7_sizeof($details);++$i){
 				$elem = array();
 				$picklistValue = decode_html($details[$i]);
 				$elem["label"] = getTranslatedString($picklistValue, $moduleName, $language);
@@ -429,4 +432,4 @@ class WebserviceField{
 
 }
 
-?>
\ No newline at end of file
+?>

include/Zend/Crypt.php

-<?php
-/**
- * Zend Framework
- *
- * LICENSE
- *
- * This source file is subject to the new BSD license that is bundled
- * with this package in the file LICENSE.txt.
- * It is also available through the world-wide-web at this URL:
- * http://framework.zend.com/license/new-bsd
- * If you did not receive a copy of the license and are unable to
- * obtain it through the world-wide-web, please send an email
- * to license@zend.com so we can send you a copy immediately.
- *
- * @category   Zend
- * @package    Zend_Crypt
- * @copyright  Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com)
- * @license    http://framework.zend.com/license/new-bsd     New BSD License
- * @version    $Id: Crypt.php 25024 2012-07-30 15:08:15Z rob $
- */
-
-/**
- * @category   Zend
- * @package    Zend_Crypt
- * @copyright  Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com)
- * @license    http://framework.zend.com/license/new-bsd     New BSD License
- */
-class Zend_Crypt
-{
-
-    const TYPE_OPENSSL = 'openssl';
-    const TYPE_HASH = 'hash';
-    const TYPE_MHASH = 'mhash';
-
-    protected static $_type = null;
-
-    /**
-     * @var array
-     */
-    protected static $_supportedAlgosOpenssl = array(
-        'md2',
-        'md4',
-        'mdc2',
-        'rmd160',
-        'sha',
-        'sha1',
-        'sha224',
-        'sha256',
-        'sha384',
-        'sha512'
-    );
-
-    /**
-     * @var array
-     */
-    protected static $_supportedAlgosMhash = array(
-        'adler32',
-        'crc32',
-        'crc32b',
-        'gost',
-        'haval128',
-        'haval160',
-        'haval192',
-        'haval256',
-        'md4',
-        'md5',
-        'ripemd160',
-        'sha1',
-        'sha256',
-        'tiger',
-        'tiger128',
-        'tiger160'
-    );
-
-    /**
-     * @param string $algorithm
-     * @param string $data
-     * @param bool $binaryOutput
-     * @return unknown
-     */
-    public static function hash($algorithm, $data, $binaryOutput = false)
-    {
-        $algorithm = strtolower($algorithm);
-        if (function_exists($algorithm)) {
-            return $algorithm($data, $binaryOutput);
-        }
-        self::_detectHashSupport($algorithm);
-        $supportedMethod = '_digest' . ucfirst(self::$_type);
-        $result = self::$supportedMethod($algorithm, $data, $binaryOutput);
-        return $result;
-    }
-
-    /**
-     * @param string $algorithm
-     * @throws Zend_Crypt_Exception
-     */
-    protected static function _detectHashSupport($algorithm)
-    {
-        if (function_exists('hash')) {
-            self::$_type = self::TYPE_HASH;
-            if (in_array($algorithm, hash_algos())) {
-               return;
-            }
-        }
-        if (function_exists('mhash')) {
-            self::$_type = self::TYPE_MHASH;
-            if (in_array($algorithm, self::$_supportedAlgosMhash)) {
-               return;
-            }
-        }
-        if (function_exists('openssl_digest')) {
-            if ($algorithm == 'ripemd160') {
-                $algorithm = 'rmd160';
-            }
-            self::$_type = self::TYPE_OPENSSL;
-            if (in_array($algorithm, self::$_supportedAlgosOpenssl)) {
-               return;
-            }
-        }
-        /**
-         * @see Zend_Crypt_Exception
-         */
-        require_once 'Zend/Crypt/Exception.php';
-        throw new Zend_Crypt_Exception('\'' . $algorithm . '\' is not supported by any available extension or native function');
-    }
-
-    /**
-     * @param string $algorithm
-     * @param string $data
-     * @param bool $binaryOutput
-     * @return string
-     */
-    protected static function _digestHash($algorithm, $data, $binaryOutput)
-    {
-        return hash($algorithm, $data, $binaryOutput);
-    }
-
-    /**
-     * @param string $algorithm
-     * @param string $data
-     * @param bool $binaryOutput
-     * @return string
-     */
-    protected static function _digestMhash($algorithm, $data, $binaryOutput)
-    {
-        $constant = constant('MHASH_' . strtoupper($algorithm));
-        $binary = mhash($constant, $data);
-        if ($binaryOutput) {
-            return $binary;
-        }
-        return bin2hex($binary);
-    }
-
-    /**
-     * @param string $algorithm
-     * @param string $data
-     * @param bool $binaryOutput
-     * @return string
-     */
-    protected static function _digestOpenssl($algorithm, $data, $binaryOutput)
-    {
-        if ($algorithm == 'ripemd160') {
-            $algorithm = 'rmd160';
-        }
-        return openssl_digest($data, $algorithm, $binaryOutput);
-    }
-
-}