diff --git a/README.md b/README.md index 31994a030b9..ac3af1111f5 100755 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ -# SuiteCRM 7.14.3 +# SuiteCRM 7.14.4 [![Build Status](https://travis-ci.org/salesagility/SuiteCRM.svg?branch=hotfix)](https://travis-ci.org/salesagility/SuiteCRM) [![codecov](https://codecov.io/gh/salesagility/SuiteCRM/branch/hotfix/graph/badge.svg)](https://codecov.io/gh/salesagility/SuiteCRM/branch/hotfix) diff --git a/composer.lock b/composer.lock index 8c48537ec52..a1cdd761453 100644 --- a/composer.lock +++ b/composer.lock @@ -2746,16 +2746,16 @@ }, { "name": "phpseclib/phpseclib", - "version": "3.0.19", + "version": "3.0.37", "source": { "type": "git", "url": "https://github.com/phpseclib/phpseclib.git", - "reference": "cc181005cf548bfd8a4896383bb825d859259f95" + "reference": "cfa2013d0f68c062055180dd4328cc8b9d1f30b8" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/phpseclib/phpseclib/zipball/cc181005cf548bfd8a4896383bb825d859259f95", - "reference": "cc181005cf548bfd8a4896383bb825d859259f95", + "url": "https://api.github.com/repos/phpseclib/phpseclib/zipball/cfa2013d0f68c062055180dd4328cc8b9d1f30b8", + "reference": "cfa2013d0f68c062055180dd4328cc8b9d1f30b8", "shasum": "" }, "require": { @@ -2834,6 +2834,10 @@ "x.509", "x509" ], + "support": { + "issues": "https://github.com/phpseclib/phpseclib/issues", + "source": "https://github.com/phpseclib/phpseclib/tree/3.0.37" + }, "funding": [ { "url": "https://github.com/terrafrost", @@ -2848,7 +2852,7 @@ "type": "tidelift" } ], - "time": "2023-03-05T17:13:09+00:00" + "time": "2024-03-03T02:14:58+00:00" }, { "name": "pimple/pimple", @@ -5266,20 +5270,20 @@ }, { "name": "tecnickcom/tcpdf", - "version": "6.6.1", + "version": "6.7.5", "source": { "type": "git", "url": "https://github.com/tecnickcom/TCPDF.git", - "reference": "a336b531f6f6b5487fca0caf034a671d4e60df5c" + "reference": "951eabf0338ec2522bd0d5d9c79b08a3a3d36b36" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/tecnickcom/TCPDF/zipball/a336b531f6f6b5487fca0caf034a671d4e60df5c", - "reference": "a336b531f6f6b5487fca0caf034a671d4e60df5c", + "url": "https://api.github.com/repos/tecnickcom/TCPDF/zipball/951eabf0338ec2522bd0d5d9c79b08a3a3d36b36", + "reference": "951eabf0338ec2522bd0d5d9c79b08a3a3d36b36", "shasum": "" }, "require": { - "php": ">=5.3.0" + "php": ">=5.5.0" }, "type": "library", "autoload": { @@ -5304,7 +5308,7 @@ }, "notification-url": "https://packagist.org/downloads/", "license": [ - "LGPL-3.0-only" + "LGPL-3.0-or-later" ], "authors": [ { @@ -5324,13 +5328,17 @@ "pdf417", "qrcode" ], + "support": { + "issues": "https://github.com/tecnickcom/TCPDF/issues", + "source": "https://github.com/tecnickcom/TCPDF/tree/6.7.5" + }, "funding": [ { "url": "https://www.paypal.com/cgi-bin/webscr?cmd=_donations¤cy_code=GBP&business=paypal@tecnick.com&item_name=donation%20for%20tcpdf%20project", "type": "custom" } ], - "time": "2022-12-12T14:42:28+00:00" + "time": "2024-04-20T17:25:10+00:00" }, { "name": "tedivm/jshrink", @@ -5386,16 +5394,16 @@ }, { "name": "tinymce/tinymce", - "version": "5.10.8", + "version": "5.10.9", "source": { "type": "git", "url": "https://github.com/tinymce/tinymce-dist.git", - "reference": "b9c50833d455adcf5ae89a6da7648ae5d65468df" + "reference": "e5650a256f8941a0593ec0b9d3c435f20f1d4245" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/tinymce/tinymce-dist/zipball/b9c50833d455adcf5ae89a6da7648ae5d65468df", - "reference": "b9c50833d455adcf5ae89a6da7648ae5d65468df", + "url": "https://api.github.com/repos/tinymce/tinymce-dist/zipball/e5650a256f8941a0593ec0b9d3c435f20f1d4245", + "reference": "e5650a256f8941a0593ec0b9d3c435f20f1d4245", "shasum": "" }, "type": "component", @@ -5437,9 +5445,9 @@ "wysiwyg" ], "support": { - "source": "https://github.com/tinymce/tinymce-dist/tree/5.10.8" + "source": "https://github.com/tinymce/tinymce-dist/tree/5.10.9" }, - "time": "2023-10-19T03:02:47+00:00" + "time": "2023-11-15T00:42:08+00:00" }, { "name": "vlucas/phpdotenv", diff --git a/data/SugarBean.php b/data/SugarBean.php index 08f33492a57..4041689a56e 100755 --- a/data/SugarBean.php +++ b/data/SugarBean.php @@ -2521,12 +2521,12 @@ public function cleanBean() } if (isset($def['type']) && ($def['type'] == 'html' || $def['type'] == 'longhtml')) { - $this->$key = purify_html($this->$key); + $this->$key = purify_html($this->$key, ['HTML.ForbiddenElements' => ['iframe' => true]]); } elseif ( (strpos((string) $type, 'char') !== false || strpos((string) $type, 'text') !== false || $type == 'enum') && !empty($this->$key) ) { - $this->$key = purify_html($this->$key); + $this->$key = purify_html($this->$key, ['HTML.ForbiddenElements' => ['iframe' => true]]); } } } diff --git a/files.md5 b/files.md5 index 53ba3973ab1..320107b5c49 100755 --- a/files.md5 +++ b/files.md5 @@ -1,5 +1,5 @@ '7c960715776e20734ce8839f7d75f277', './Api/Core/Config/slim.php' => 'b134e68765e6a1403577e2a5a06322b8', @@ -116,7 +116,7 @@ $md5_string = array ( './ModuleInstall/PackageManager/tpls/PackageManagerLicense.tpl' => 'df5e267d1df5ce08fb9406e42d5b4816', './ModuleInstall/PackageManager/tpls/PackageManagerScripts.tpl' => '98e396c0aa57329731fda19c790fffb2', './ModuleInstall/extensions.php' => 'de30837895f67175b7fbc04274a837a6', - './README.md' => 'e3256a369014114bbfac69e396a5bb9f', + './README.md' => '754403416fc19e701ae215b04b19dcbc', './RoboFile.php' => '1b4201de0ee50e259424ce2f408e5e87', './SugarSecurity.php' => '84975dd9146d968458af123842c6c370', './TreeData.php' => '32873e20cb5fd33f9d1cdaf18c3cac5c', @@ -508,7 +508,7 @@ $md5_string = array ( './build/travis-ci-apache' => 'e1e212c4eaf679b6ec620cd0b12f4571', './campaign_tracker.php' => '6ee1a89fc24a8db14faba32f6ae8ca15', './composer.json' => '1f1f485a488eb64c21478bba117346a2', - './composer.lock' => 'd8724ddb7df665698ed6eeb9d348a225', + './composer.lock' => 'f1cad98b6629b228dcfb03807f5b0340', './cron.php' => '9d3563bad78e2349325c8b0f268ecb96', './crossdomain.xml' => '24b7711640c652b21aa89c9d83d6ec13', './data/BeanFactory.php' => 'acc415aa759a183c2fda2ad51b5f4665', @@ -522,7 +522,7 @@ $md5_string = array ( './data/Relationships/One2OneRelationship.php' => '2e0002d357795538f2ad52ec78e5bacc', './data/Relationships/RelationshipFactory.php' => '57384ba8fbb1d18ef73b095ba017ae91', './data/Relationships/SugarRelationship.php' => 'bcd79dc9426b8fd5d5fac63648e66e04', - './data/SugarBean.php' => 'a7222551521b2279d37970eaa3b814a6', + './data/SugarBean.php' => 'c4efa213b23c288f589b25183c52ee49', './deprecated.php' => '0f0158d19fc6e4796545e82c2f118767', './dictionary.php' => 'b7c1370fb75a2940c04db74627c4462c', './download.php' => 'b20fb1e15f0cc7f40c7755be54edd81e', @@ -978,7 +978,7 @@ $md5_string = array ( './include/SugarFields/Fields/Image/EditView.tpl' => 'a4f1fc14c44d15d0196367879b07224b', './include/SugarFields/Fields/Image/ListView.tpl' => '3993a726a90eb1a05eacafddb354092d', './include/SugarFields/Fields/Image/SugarFieldFile.js' => '2e02a82f47af6ac916e7b2f69244ef25', - './include/SugarFields/Fields/Image/SugarFieldImage.php' => 'cc9a7391c76da895120680981a56fb4e', + './include/SugarFields/Fields/Image/SugarFieldImage.php' => 'af2152eba85f0571863ba53c46e8af69', './include/SugarFields/Fields/Image/deleteAttachment.php' => '235038e65ebc51d3dc50890954289543', './include/SugarFields/Fields/Image/no_image.png' => '8b0676ace24537622fd6006f025164a9', './include/SugarFields/Fields/Int/DetailView.tpl' => 'f1f267db8b84418a4306c6fa64a5740c', @@ -1337,7 +1337,7 @@ $md5_string = array ( './include/TestCaseAbstract.php' => '3f4e942f49fb1be07310da5386888ae7', './include/TimeDate.php' => '09543100cc9684a1341d4ac28932ca01', './include/URIFilter.php' => '4a13f787314dd7bf3b9c838df7db1bdc', - './include/UploadFile.php' => 'ced6155e6e684c050f4c9be912ff78df', + './include/UploadFile.php' => 'a1793dcd6dfc8d4e0ff6b113dbcf1f6f', './include/UploadMultipleFiles.php' => 'f39e746f70f0a58c051c970e009c0434', './include/UploadStream.php' => '0a9cbe4d8bc4971a9ce49cc712ad0afb', './include/VarDefHandler/VarDefHandler.php' => '0921ced0a5d274317ffbc26a5e84136a', @@ -1345,7 +1345,7 @@ $md5_string = array ( './include/VarDefHandler/vardef_meta_arrays.php' => '5f92a2ba9c649196677f5a32e3ec3ec4', './include/Zend_Oauth_Provider.php' => '3607cbdfe5d21beb6d1ec62d28820902', './include/clean.php' => '705415778ed291fcd11828c7871f225b', - './include/connectors/ConnectorFactory.php' => 'aa2e57daf0e5c5bdde27188891a34063', + './include/connectors/ConnectorFactory.php' => '4eba080d569986357952d2b8da51f4e3', './include/connectors/component.php' => 'ce9cde89a4abbbd77df3ccfa6a6d2fb2', './include/connectors/filters/FilterFactory.php' => '73ac52fe630976f9eb4af76659c5a338', './include/connectors/filters/default/filter.php' => '6df12fc3d07c439ad0811590fd787aa7', @@ -1354,7 +1354,7 @@ $md5_string = array ( './include/connectors/formatters/default/formatter.php' => '321b9dd77cdbdf42a8f29ad591ff8955', './include/connectors/formatters/ext/rest/tpls/default.tpl' => 'a4fbf1ff0e743ccd95d576d8f0ffaacf', './include/connectors/formatters/ext/soap/tpls/default.tpl' => 'c684151e5cedef694d242d9290adde99', - './include/connectors/sources/SourceFactory.php' => '9f9594dda7459afdafa50cc49a1eedf2', + './include/connectors/sources/SourceFactory.php' => '56a5086ff313834988a30a8197e612e2', './include/connectors/sources/default/source.php' => '6520905b1c04ff679b8e78c846569295', './include/connectors/sources/ext/eapm/eapm.php' => '793867a58e2e833b34047b44eb667026', './include/connectors/sources/ext/rest/rest.php' => '0d8580455feba3dd398f62b442602c09', @@ -1376,7 +1376,7 @@ $md5_string = array ( './include/database/MysqliManager.php' => '6720947fa46f439f43e6487fc6a20629', './include/database/SqlsrvManager.php' => 'ab781d4c8d9fd4741ca2dcd288bec7a8', './include/dir_inc.php' => 'f24209f8a6f27b6a682eef481f6d7da2', - './include/entryPoint.php' => '043443a0e03ee1b0738ab3628c4f8fdc', + './include/entryPoint.php' => 'daff0b69c7dbe8be4ca61ab0c31eb4c6', './include/entryPointConfirmOptInConnector.php' => '66fed04564c4f4182f3b277d5b6dfafc', './include/export_utils.php' => 'ea8ba49b99d3f37fddb1c616f8947f24', './include/externalAPI/Base/ExternalAPIBase.php' => 'f99d921268941ca85a1433fd89345769', @@ -2428,7 +2428,7 @@ $md5_string = array ( './include/utils/recaptcha_utils.php' => '73f5eddf707788c1dff4b7d07dc82656', './include/utils/security_utils.php' => 'e953d0b673df3df313ecf1ac975e8f57', './include/utils/sugar_file_utils.php' => 'b455044cfb5f8371884a1bc713dcfd7d', - './include/utils.php' => 'dcc22fc64260606d9e9f053aafd21837', + './include/utils.php' => '418cd52378741dbc9d5e261bdd81b8cf', './include/vCard.php' => '5bbc76ef3b778e5587cd1883e636ea41', './include/ytree/ExtNode.php' => 'e13e1d0a4be0b76118a256a7562661f7', './include/ytree/JQueryTree.php' => '765d0ce7a2ef6c1cd2b5fa1aff84e872', @@ -2802,16 +2802,16 @@ $md5_string = array ( './lib/Log/SugarLoggerHandler.php' => '91118b3405fa19c93a9aa1bfa538b867', './lib/PDF/Exceptions/PDFEngineNotFoundException.php' => 'f5edb1f6e290583445979391b2e12d0f', './lib/PDF/Exceptions/PDFException.php' => '7a67c2ee912df3316966c21c3bc1b75f', - './lib/PDF/LegacyMPDF/LegacyMPDFEngine.php' => '21d836e0cb730707f3dceed8fe2f63b1', + './lib/PDF/LegacyMPDF/LegacyMPDFEngine.php' => 'c8d5112956b3eb8a9691b1768251e78a', './lib/PDF/LegacyMPDF/configMapping.php' => '549b4db398ad512b0bc7b8206251d355', './lib/PDF/PDFConfigurator.php' => 'b15240a387039e321b78298fae6d0e5a', './lib/PDF/PDFEngine.php' => 'c188edebd135a3a4ac9728e300b48a9d', './lib/PDF/PDFWrapper.php' => 'fc3f6860af60f137202dfc95a240761f', './lib/PDF/TCPDF/SuiteTCPDF.php' => '6d19a94a0ba3ee8858706e1d98830941', - './lib/PDF/TCPDF/TCPDFEngine.php' => '13999f3178d519bf7cf5f8c2664ad930', + './lib/PDF/TCPDF/TCPDFEngine.php' => '534f1f4da549db876724435d18ccd7b6', './lib/PDF/TCPDF/configMapping.php' => '6e468e9ac1e913980cb52f2465151459', './lib/PDF/TCPDF/default.css' => '01b379775cbce935e9b542b7f9010a90', - './lib/Robo/Plugin/Commands/ApiCommands.php' => 'c6439e19f202d01e0f1a32aba8e2b846', + './lib/Robo/Plugin/Commands/ApiCommands.php' => 'dcd7316754bdefc1947658666d731043', './lib/Robo/Plugin/Commands/BuildCommands.php' => '744aa62643fb86d6e31b76fc8071d71a', './lib/Robo/Plugin/Commands/CleanCacheCommands.php' => '6152ebe53c1de155f836cf22911946e5', './lib/Robo/Plugin/Commands/CodeCoverageCommands.php' => '2b82826deaa2fa770f1ebddaaf30f5f0', @@ -2854,7 +2854,7 @@ $md5_string = array ( './lib/Search/UI/MVC/Controller.php' => '90d15301f3d75810f5a008fb56fff276', './lib/Search/UI/MVC/View.php' => '46d5080f5dcc1b94e887ef72e079f5b2', './lib/Search/UI/SearchFormController.php' => '2cf159703562da6348ece57ef68313b4', - './lib/Search/UI/SearchFormView.php' => '7afc23d5f61e555671f0b6c05a95b7af', + './lib/Search/UI/SearchFormView.php' => '0551f6627b385e636d9dd3337180e0f0', './lib/Search/UI/SearchResultsController.php' => '7e8f0aefad2e946dc7c19655ae5cb5ac', './lib/Search/UI/SearchResultsView.php' => 'ce2615a6390cfe62924d44fdfc7a18fa', './lib/Search/UI/SearchThrowableHandler.php' => '0980e624319204173708e0c6c0886e5e', @@ -3277,7 +3277,7 @@ $md5_string = array ( './modules/AOP_Case_Updates/AOPAssignManager.php' => 'd961cad483aa543eac02762d6e08232e', './modules/AOP_Case_Updates/AOP_Case_Updates.php' => 'a944c0b24aac024dacb26bf6af66c287', './modules/AOP_Case_Updates/CaseUpdatesHook.php' => '62a2cf21947aa53f458a5baa8be2d024', - './modules/AOP_Case_Updates/Case_Updates.php' => 'e8c99bf94519d9f565f2820c4ef1fa48', + './modules/AOP_Case_Updates/Case_Updates.php' => 'ade7f332d65ef8ffb3d0f9d73c26304f', './modules/AOP_Case_Updates/language/en_us.lang.php' => '1de0ca09e21d68bdde37e3e9676109e8', './modules/AOP_Case_Updates/metadata/SearchFields.php' => '1c8b860ef1fb5e03c01858d167dc5b0f', './modules/AOP_Case_Updates/metadata/dashletviewdefs.php' => '8843f4ea1dcf8335ad7999efcbc3082f', @@ -3347,7 +3347,7 @@ $md5_string = array ( './modules/AOR_Reports/AOR_Report_Before.js' => 'ab5397e1ca56871cb28514092029fd90', './modules/AOR_Reports/Dashlets/AORReportsDashlet/AORReportsDashlet.js' => '95fb8234d31774e011b0984229dca16a', './modules/AOR_Reports/Dashlets/AORReportsDashlet/AORReportsDashlet.meta.php' => '97bce3c1ec1f7bca50dfef9819fcfbbd', - './modules/AOR_Reports/Dashlets/AORReportsDashlet/AORReportsDashlet.php' => 'f6535072a82e064512d035a88fc018e7', + './modules/AOR_Reports/Dashlets/AORReportsDashlet/AORReportsDashlet.php' => '2831269b5c18518b8afcf483c3d311ae', './modules/AOR_Reports/Dashlets/AORReportsDashlet/dashlet.tpl' => 'f988fd02f7700fbb9c3d3dae265c6f77', './modules/AOR_Reports/Dashlets/AORReportsDashlet/dashletConfigure.tpl' => '78ca8ef4909602f45d9a5455682502f6', './modules/AOR_Reports/Menu.php' => '91f8cfce443d92348c4c50de8d19a499', @@ -3485,7 +3485,7 @@ $md5_string = array ( './modules/AOS_PDF_Templates/samples/smpl_Quote_Group_Sample.php' => '56295ceac9c33d891122c13ef94c119c', './modules/AOS_PDF_Templates/samples/smpl_Quote_Sample.php' => '2c3097b5ddc49a58c3753beb93c14f2b', './modules/AOS_PDF_Templates/sendEmail.php' => 'ad8d8ce6f78f93dec805cf73bd5f7572', - './modules/AOS_PDF_Templates/templateParser.php' => 'c3cd1f4f63847f5889e6a33ca15eacbc', + './modules/AOS_PDF_Templates/templateParser.php' => 'e7594ab34c630356c33a501d57d1f429', './modules/AOS_PDF_Templates/vardefs.php' => 'c2222325b41dca6b38ceec42dc1d622a', './modules/AOS_PDF_Templates/views/view.detail.php' => '226618d1d2cc62700ac0c7e53d166455', './modules/AOS_PDF_Templates/views/view.edit.php' => 'cf04ae20b0b07e64ec8569d0da459379', @@ -3533,7 +3533,7 @@ $md5_string = array ( './modules/AOS_Products/metadata/subpanels/ForCustomersPurchasedProducts.php' => '758c25d97c18216f0795d9aa52e75312', './modules/AOS_Products/metadata/subpanels/default.php' => '1dd8f61fde8d4b4ce3ba0dbaf632d91d', './modules/AOS_Products/tpls/EditViewHeader.tpl' => '07c10b404deee77ef7dd70a352ebc741', - './modules/AOS_Products/vardefs.php' => 'f326e3cf836d6f902b5b9ad9e9ad70fb', + './modules/AOS_Products/vardefs.php' => 'fbdc21ae3ff9b99dd052b8d472e70323', './modules/AOS_Products/views/view.edit.php' => 'b657ec42f16d2e72bc1125e59ccd560a', './modules/AOS_Products_Quotes/AOS_Products_Quotes.php' => '04c4318cdc4cee5a37666b53b21f5805', './modules/AOS_Products_Quotes/AOS_Products_Quotes_sugar.php' => 'd3dd864934285ae10321699f85d748fd', @@ -3588,7 +3588,7 @@ $md5_string = array ( './modules/AOW_Actions/actions/actionBase.php' => '6714b312224fd75d7be513a637f8d355', './modules/AOW_Actions/actions/actionComputeField.css' => '4f63069fbf5aee464d8b0f24e7049276', './modules/AOW_Actions/actions/actionComputeField.js' => '2f39d2288a3dbe7dc85b3b185ce1fdc5', - './modules/AOW_Actions/actions/actionComputeField.php' => '962bf93d7f41cf6e93d9700f8eedc35e', + './modules/AOW_Actions/actions/actionComputeField.php' => '68fb03836513c4b464c32e93d3f59bf7', './modules/AOW_Actions/actions/actionCreateRecord.js' => 'd74993b3fd078cbd54a445c6b3470eda', './modules/AOW_Actions/actions/actionCreateRecord.php' => '00707767820b2dabcc7833557a8dfdbd', './modules/AOW_Actions/actions/actionModifyRecord.php' => 'bc62f7e9bcd0a7d014e85b50a9cb0c01', @@ -3616,7 +3616,7 @@ $md5_string = array ( './modules/AOW_Processed/metadata/metafiles.php' => '64d9a3d9a3d3bc36076598fd90dfee76', './modules/AOW_Processed/metadata/popupdefs.php' => '293b24de406ebd6cd1c857b4c0a6546a', './modules/AOW_Processed/metadata/quickcreatedefs.php' => 'd2d9bb8c5f5b227a4a0b71780b0e73be', - './modules/AOW_Processed/metadata/searchdefs.php' => '7e605bc7f5f7f78f0f312a705bd85521', + './modules/AOW_Processed/metadata/searchdefs.php' => '02c343180b74951750618a59c0c083ef', './modules/AOW_Processed/metadata/subpanels/default.php' => 'a854bad4c87fee3ae01b971e88041b66', './modules/AOW_Processed/vardefs.php' => '3a269d4cf87754b3ad7045eb36418061', './modules/AOW_Processed/views/view.list.php' => '9a07d93780d4f8535a1757963197b3ca', @@ -3773,7 +3773,7 @@ $md5_string = array ( './modules/Administration/Upgrade.php' => '1f35c09fda6d02f1104597aba673ac40', './modules/Administration/UpgradeAccess.php' => '518f0ddc85cb427d55161878f2432761', './modules/Administration/UpgradeFields.php' => 'e4a6be7724ace77f75cc7b08810c67d7', - './modules/Administration/UpgradeHistory.php' => '64d9f0d5a0c9599c6f3b205881fa094f', + './modules/Administration/UpgradeHistory.php' => 'c59a55f4c8a63ba3db9c4adb79978686', './modules/Administration/UpgradeIISAccess.php' => 'e5b6fce25e81a6a0d3e807c6fea6350e', './modules/Administration/UpgradeWizard.php' => '5cd86555c078a432869c6c3c842cfdce', './modules/Administration/UpgradeWizardCommon.php' => '8d32cead750141f8b9cbd5705272d9ff', @@ -3826,7 +3826,7 @@ $md5_string = array ( './modules/Administration/views/view.themeconfigsettings.php' => 'cc435e5bf3d072ba01d3c4c3cc24e439', './modules/Administration/views/view.themesettings.php' => '3ac1dc225082bee8f310b6a7e3c99102', './modules/Alerts/Alert.php' => '3dd1fb3c491b4a90009e4b0f1804af19', - './modules/Alerts/controller.php' => '5e228a1f6afabf54b97d8bc7fea0f3e2', + './modules/Alerts/controller.php' => '214b839ef3aa4df3e1939493a0a1628a', './modules/Alerts/language/en_us.lang.php' => '5141533348d92bf61347a0f316924eeb', './modules/Alerts/metadata/defaultviewdefs.php' => '2b3f89adc0e079304ab394937e3c3a91', './modules/Alerts/metadata/metafiles.php' => '20bb9212e573ac2c30b51c2a0ef5f34d', @@ -3984,7 +3984,7 @@ $md5_string = array ( './modules/Calendar/views/view.json.php' => '5936fb9d44f5a67972fe2f3b0b07df9d', './modules/Calendar/views/view.quickedit.php' => 'ecb0288c5de66f155aeba4e125e59f92', './modules/Calendar/views/view.savesettings.php' => '722fcd0865848edb2f54407676de9e05', - './modules/Calls/Call.php' => 'dfa1bd9d47c5c9aa81f3e1e73e74a3aa', + './modules/Calls/Call.php' => '3807ebe67aabc3f11fac87568bd1cba6', './modules/Calls/CallFormBase.php' => 'e22233b8adb948ad4223f3d919763aa0', './modules/Calls/CallHelper.php' => '756fc9131c4758c72f67e3efd6ace617', './modules/Calls/CallsQuickCreate.php' => '8b0b842f02465a68af63bf596097e494', @@ -4098,7 +4098,7 @@ $md5_string = array ( './modules/Campaigns/TrackDetailView.tpl' => 'ea5eea88d6c3f1527c4d7731e993b265', './modules/Campaigns/Tracker.php' => '525435370cc7ebf2f5df2503f082de8c', './modules/Campaigns/WebToLead.js' => 'd458eb754999f84e423093eb9530b223', - './modules/Campaigns/WebToLeadCapture.php' => 'd1f197931703b4b8f680c3160fcda39a', + './modules/Campaigns/WebToLeadCapture.php' => '1289eed7e8cfbc2c5d6e08f0dee183a7', './modules/Campaigns/WebToLeadCreation.html' => 'e998977d47fda363a2e82f188ce9198d', './modules/Campaigns/WebToLeadCreation.php' => '3e8e7fa359eb834a9f492be8bf3853e0', './modules/Campaigns/WebToLeadDownloadForm.html' => 'c10ad27c435a9b45b8f4c7d116e2f356', @@ -4106,7 +4106,7 @@ $md5_string = array ( './modules/Campaigns/WebToLeadFormBuilder.php' => 'ceb6d08684a0a438d991959846610fd7', './modules/Campaigns/WebToLeadFormBuilderOptInCheckbox.tpl' => '9fd68c7d266560b82eb7667f96792779', './modules/Campaigns/WebToLeadFormSave.php' => '42be714ae8abd35a2b68d297d9a85dd1', - './modules/Campaigns/WebToPersonCapture.php' => '9fb95def26a4710483aa7ff0d8661e80', + './modules/Campaigns/WebToPersonCapture.php' => 'ec596b3b49383607f38aab446340395b', './modules/Campaigns/WizardCampaignSave.php' => 'f7a73bc932dcf289d4d5d94eee3ad138', './modules/Campaigns/WizardEmailSetup.html' => 'bdf9ae5e62512fba93fc6660ecc9bf64', './modules/Campaigns/WizardEmailSetup.php' => '8327640096c1b8a324af27cb255ac662', @@ -4275,7 +4275,7 @@ $md5_string = array ( './modules/Connectors/connectors/sources/ext/rest/twitter/mapping.php' => 'd61907e40cd45b0acfb873ebb7771352', './modules/Connectors/connectors/sources/ext/rest/twitter/twitter.php' => '332871d36a7a0818baa23528ee9f6e4e', './modules/Connectors/connectors/sources/ext/rest/twitter/vardefs.php' => '29920b167acc3e209e55bb12406953dc', - './modules/Connectors/controller.php' => '90fbfb7a656931fdaa26761dcb8fc540', + './modules/Connectors/controller.php' => '9c54ddc41e7f7b472bb976ea269d1ba9', './modules/Connectors/language/en_us.lang.php' => '5d75c197f593a7b753b9f3e7c2a2c774', './modules/Connectors/metadata/searchdefs.php' => '605949799922b4b2d2148c6733eb03af', './modules/Connectors/tpls/administration.tpl' => '4cfc4e5b2ce9d6627878128087edd3cb', @@ -4399,7 +4399,7 @@ $md5_string = array ( './modules/Documents/DocumentSoap.php' => 'dd79e2faf4b690bfbee1ea6caffffa05', './modules/Documents/GetLatestRevision.php' => '4a692b4234c99465c43d5bac41fbcf61', './modules/Documents/Menu.php' => '0cd06daeebb9b12d88e327448e394842', - './modules/Documents/TreeData.php' => '471754fb91413f75d41b21ae4664097f', + './modules/Documents/TreeData.php' => '7675f4de2a9a93e77652387c7fe95162', './modules/Documents/action_view_map.php' => '7aead0f8ea871167a31c01c5a5386d0a', './modules/Documents/controller.php' => 'e861dba9c116c5d3c4f4da29a6164219', './modules/Documents/documents.js' => '0c764e58da2641a3fc8db86cfa41bc40', @@ -4851,7 +4851,7 @@ $md5_string = array ( './modules/FP_events/metadata/studio.php' => 'd1a4aee4586f29bc1d22f2719b156bd1', './modules/FP_events/metadata/subpaneldefs.php' => '3fd564e485b4ad892c8508e1b03ad34d', './modules/FP_events/metadata/subpanels/default.php' => '74b85077dfad12df6e01d9fe7260a908', - './modules/FP_events/responseEntryPoint.php' => 'a16f2f7b38962327335592b828906fba', + './modules/FP_events/responseEntryPoint.php' => '9c5e8a5ee0032cd40a0fee8b4afb7d5a', './modules/FP_events/tpls/additionalDetails.body.tpl' => '07dcde986a7f26e94b0bb5734d2972cb', './modules/FP_events/tpls/additionalDetails.caption.tpl' => '8667e905a7554e60cbec8a405b57ceea', './modules/FP_events/vardefs.php' => 'c1d987b16272a3f60ca6f1384d72d29f', @@ -5001,7 +5001,7 @@ $md5_string = array ( './modules/Import/views/ImportView.php' => '2194cc1846006fe7a350aee1bf8ae314', './modules/Import/views/view.confirm.php' => 'a8dc5ac8c3b048f0f312079b05713d9e', './modules/Import/views/view.dupcheck.php' => '462153aeb379682c5245e29a482d9f52', - './modules/Import/views/view.error.php' => '6a0756ddd513949a2ff410116ec1f25b', + './modules/Import/views/view.error.php' => '1b8158d8f38d5b30d63da7c9ad2f9b8d', './modules/Import/views/view.extdupcheck.php' => '173a00a695b4898eda2834cdb7250d0b', './modules/Import/views/view.last.php' => 'cc437039dc350285a5e54e4d0323c67c', './modules/Import/views/view.step1.php' => '8780d0dcaee57eb380c8d9a6bab9bc7a', @@ -5013,7 +5013,7 @@ $md5_string = array ( './modules/InboundEmail/Delete.php' => '2dec384b7a0c8bc29bf2dcfdfc26506c', './modules/InboundEmail/EditGroupFolder.php' => 'd7c41e935f01bfe5b6ce52c2f0385c9b', './modules/InboundEmail/InboundEmail.js' => '08ecbd5c0a7f5bda5bb293a772ed73a4', - './modules/InboundEmail/InboundEmail.php' => '44e262fe699ea7d39c6cd3e5bb2f81f7', + './modules/InboundEmail/InboundEmail.php' => '48080d6e766fc2506c36684cbd99ffa3', './modules/InboundEmail/Menu.php' => 'bfb4c000e482ae7206a9c0dea76acafe', './modules/InboundEmail/Overview.php' => '9766054c2ea0d89d795c223ba06f781e', './modules/InboundEmail/Popup.php' => '44ccaa41943049ab78db97a8772fb029', @@ -5333,11 +5333,11 @@ $md5_string = array ( './modules/Notes/Dashlets/MyNotesDashlet/MyNotesDashlet.php' => '6c005c8665a7ecf6564772bcc46ad01d', './modules/Notes/Menu.php' => '468f1628f287b61790f25a9b695803a7', './modules/Notes/Note.php' => '7b9234592d667b95cdc1834d3b85b701', - './modules/Notes/NoteSoap.php' => 'bce9cfaf33ce3f6f50277f8a94728723', + './modules/Notes/NoteSoap.php' => '17fc34dca2b3af26f0f3b1819c73d36b', './modules/Notes/NotesQuickCreate.php' => '1045bdbd681a158fd4b44b42f48a6d0c', './modules/Notes/SubPanelView.html' => '3cab3bb7ad448a6009b19a0b9c095434', './modules/Notes/SubPanelView.php' => 'be5338fae3fcab941fc89027d89d32a5', - './modules/Notes/controller.php' => '0d4fa16ea6a2a53b6a02d3d246466712', + './modules/Notes/controller.php' => '4e2d8c819344a4de4a073d6901e37b5e', './modules/Notes/field_arrays.php' => '90c231d11ed7e72984123689724129b4', './modules/Notes/language/en_us.lang.php' => '098c05bf806f489dce71c76f882a32ed', './modules/Notes/metadata/SearchFields.php' => '38864c4e9fbb487b0d3551884ba4241d', @@ -5494,7 +5494,7 @@ $md5_string = array ( './modules/Project/Delete.php' => '7687b00a8b3cfab3ffd944af2708b330', './modules/Project/Menu.php' => 'b24a59da3c3b7309ee72e7e8fc8e38ff', './modules/Project/Project.js' => 'ac7e01162d191c256b09143df0f3eb66', - './modules/Project/Project.php' => '6f9cb1d3856158cdd287036347db0848', + './modules/Project/Project.php' => '23ec4254ce4e8ebb84b6603c3dd79ace', './modules/Project/ProjectJjwg_MapsLogicHook.php' => '125b6ca69770a408d81e180d6ec09e72', './modules/Project/ProjectListViewData.php' => 'a3ae3c0e7b3ae86721add28e60cd5dc3', './modules/Project/ProjectListViewSmarty.php' => '9c1b95472c65a90624094a00c5f4e77b', @@ -5814,7 +5814,7 @@ $md5_string = array ( './modules/Studio/studio.js' => '4fb625bbde873e47be7230e1fd1bb067', './modules/Studio/studiodd.js' => '88e575cd322889b4d300152eb11bc3ee', './modules/Studio/studiotabgroups.js' => '612e25ce77d7bb265511698814e7f03c', - './modules/Studio/wizard.php' => '6b65a4ab3c4bea9b981d46cea203ecbf', + './modules/Studio/wizard.php' => '26ea30c9b79e3bb36fcde709204c431a', './modules/Studio/wizards/EditDropDownWizard.php' => '4c725f7caca7df773b97645857112237', './modules/Studio/wizards/RenameModules.php' => '6f49972949659cc22872efcd0259a963', './modules/Studio/wizards/RenameModules.tpl' => '9c2a4a726f39081a0b574990bb63a5da', @@ -5825,17 +5825,14 @@ $md5_string = array ( './modules/SugarFeed/Dashlets/SugarFeedDashlet/SugarFeedDashlet.meta.php' => '7ca48940fc2dd45145d996038bdeb3a6', './modules/SugarFeed/Dashlets/SugarFeedDashlet/SugarFeedDashlet.php' => 'fd58b6fc2b8d403472d05da6682ac465', './modules/SugarFeed/Dashlets/SugarFeedDashlet/SugarFeedScript.tpl' => '5d53270e314fa287f12ce72528911ef0', - './modules/SugarFeed/Dashlets/SugarFeedDashlet/UserPostForm.tpl' => 'ef42d6abc5fd5f672d6540224aa3730e', + './modules/SugarFeed/Dashlets/SugarFeedDashlet/UserPostForm.tpl' => 'a984d93cd18be223a2223006dc6abf6d', './modules/SugarFeed/Forms.php' => 'd41d8cd98f00b204e9800998ecf8427e', './modules/SugarFeed/Menu.php' => '22842b6d2806ee33c75378a3ce284121', - './modules/SugarFeed/SugarFeed.php' => '73435f64dcc872738ca06ceff414f485', + './modules/SugarFeed/SugarFeed.php' => '91143001e9b2461c0cdd23f704251e2b', './modules/SugarFeed/SugarFeedFlush.php' => '19d533f7780bcf19274b746176d7e717', './modules/SugarFeed/action_view_map.php' => 'ef827ccc71707c55e2f4aeee52a3ea38', './modules/SugarFeed/feedLogicBase.php' => '006ccf62b16d30f731920a751b6ac52c', './modules/SugarFeed/language/en_us.lang.php' => '0ccdb1ef6048bfa72521438c72fdfae3', - './modules/SugarFeed/linkHandlers/Image.php' => 'd57dc812fe590a41fcba8b3fed536820', - './modules/SugarFeed/linkHandlers/Link.php' => '2c19bbbdbd0b8bc14b6720a94495e0d2', - './modules/SugarFeed/linkHandlers/YouTube.php' => '5b7cb65dc6d83589c96e83f083dcc392', './modules/SugarFeed/metadata/SearchFields.php' => '6e2f9a1024ef2d2ecee33a0fbf67ce4a', './modules/SugarFeed/metadata/dashletviewdefs.php' => '0d3a8e2c81bddd69a166e8d16d466140', './modules/SugarFeed/metadata/detailviewdefs.php' => '8c5395a0225d8db193d258c288a6c0b5', @@ -5922,7 +5919,7 @@ $md5_string = array ( './modules/Surveys/Dashlets/SurveysDashlet/SurveysDashlet.meta.php' => '8a0be697554c54281b29bd9bc8facfd8', './modules/Surveys/Dashlets/SurveysDashlet/SurveysDashlet.php' => '3c40c6aa260f53c255bd9783e09ba9c2', './modules/Surveys/Entry/Survey.php' => 'ba083723d42d231b4738b0010e67db70', - './modules/Surveys/Entry/SurveySubmit.php' => '973c1a318b9a9d95d72d56037b68c04f', + './modules/Surveys/Entry/SurveySubmit.php' => 'f6bdcb1147af8fc643cb1713cf934cd0', './modules/Surveys/Entry/Thanks.php' => '6eff234e04438f049e4e4b9d8758f633', './modules/Surveys/Lines/Lines.php' => '2df004a5b2f0fa804a0faaaecfa56fc5', './modules/Surveys/Menu.php' => 'ba18e736af4a1d2a261fbf67d3f174b2', @@ -6037,7 +6034,7 @@ $md5_string = array ( './modules/UpgradeWizard/commitJson.php' => 'ee4ba0d32434641623d0a5640b2c5092', './modules/UpgradeWizard/deleteCache.php' => '470b767cd3878224be42bb061718f9f3', './modules/UpgradeWizard/end.php' => '5283c394237b7f2212465b4715f88cb3', - './modules/UpgradeWizard/index.php' => '16763c13518d7e13a90ad9b73dea6af0', + './modules/UpgradeWizard/index.php' => '97da651f7784229ec46af42cd8861864', './modules/UpgradeWizard/language/en_us.lang.php' => 'a4166110c4847d966f1869700ffa83d5', './modules/UpgradeWizard/layouts.php' => '9d94fbad1c47d095019f76ef9995129f', './modules/UpgradeWizard/preflight.php' => 'bbd17ef283f37ff21bf8cfe804cec8c2', @@ -6094,7 +6091,7 @@ $md5_string = array ( './modules/Users/SetTimezone.tpl' => 'f0fb5ed64fae81a5657ebc8f167967c9', './modules/Users/UpdateTourStatus.php' => 'cc111e28e6df1d96b98678661dd42490', './modules/Users/User.js' => '351f8d8e74bd1bd0a56dcc2bae31b147', - './modules/Users/User.php' => '14922b88f5ef97d914744fdb3a228483', + './modules/Users/User.php' => '9418d32e68a7ec29f36f5ad46cedc4ab', './modules/Users/UserEditView.js' => '421e1c38f1ee78933134b987b7c3c251', './modules/Users/UserEmailOptions.tpl' => '96b848efbf7f6d4fee7b6bf13a1a1aee', './modules/Users/UserEmailSettings.tpl' => '5d9ff3379f63dcf7c5efbbcc3e88d8ed', @@ -6331,9 +6328,6 @@ $md5_string = array ( './service/core/SugarWebServiceImpl.php' => 'a3479536061b0d87e30bf6169b858bb0', './service/core/WSDL.tpl' => 'd41d8cd98f00b204e9800998ecf8427e', './service/core/webservice.php' => 'f09f078f3eaed4b536fecc3187e93407', - './service/example/Rest_Proxy.php' => '06f3f52abd5bdf40dd3ba4a64eeb3347', - './service/example/example.html' => '7a1ddca56d7151846a27ad9d1a1b9fb5', - './service/example/test.html' => '0554fae9997d43a1c4a4c3036bd34174', './service/utils/SugarRest.js' => '44b3318644d785dcc452d673b9eb6638', './service/v2/SugarSoapService2.php' => '90b62149431cac066c2c82e7ec9a2b23', './service/v2/registry.php' => '4c99bba28203f08544bba82504bf393b', @@ -6377,7 +6371,7 @@ $md5_string = array ( './soap.php' => 'e28988c2e0b8e2c484587b537a710525', './sugar_version.json' => 'bdfbcefae2f9af559bef6a36367df7bb', './sugar_version.php' => 'db7b6c8d51f87879fce1e6172eedfbed', - './suitecrm_version.php' => '3139a6aa782bf4282261d6c631721396', + './suitecrm_version.php' => '1e6a424aa4518ef6ea1889f528bb1615', './themes/SuiteP/css/Dawn/color-palette.scss' => 'e64677d79e1d68c069bdc2dc661c4f99', './themes/SuiteP/css/Dawn/icons.scss' => 'd59f8c5855e7a8df09542a663835a196', './themes/SuiteP/css/Dawn/select.ico' => '22393ad23f16c3f1462455bae8f20279', diff --git a/include/SugarFields/Fields/Image/SugarFieldImage.php b/include/SugarFields/Fields/Image/SugarFieldImage.php index 5ecee1e8a10..8a7fd726cb4 100644 --- a/include/SugarFields/Fields/Image/SugarFieldImage.php +++ b/include/SugarFields/Fields/Image/SugarFieldImage.php @@ -130,15 +130,11 @@ public function save(&$bean, $params, $field, $vardef, $prefix = '') public function verify_image($upload_file) { - global $sugar_config; - - $valid_ext = isset($sugar_config['image_ext']) ? $sugar_config['image_ext'] : array("image/jpeg","image/png"); - - $img_size = getimagesize($upload_file->temp_file_location); - $filetype = $img_size['mime']; - if (in_array($filetype, array_values($valid_ext))) { + if (verify_uploaded_image($upload_file->temp_file_location)) { return true; } + + return false; } private function fillInOptions(&$vardef, &$displayParams) { diff --git a/include/UploadFile.php b/include/UploadFile.php index 90dc36ffb3f..c92df611833 100644 --- a/include/UploadFile.php +++ b/include/UploadFile.php @@ -316,6 +316,11 @@ public function confirm_upload() $this->temp_file_location = $_FILES[$this->field_name]['tmp_name']; $this->uploaded_file_name = $_FILES[$this->field_name]['name']; + if (has_valid_image_mime_type($this->mime_type) && !verify_uploaded_image($this->temp_file_location)) { + LoggerManager::getLogger()->security("Image Malware found, unable to save file: {$_FILES[$this->field_name]['name']}"); + return false; + } + return true; } diff --git a/include/connectors/ConnectorFactory.php b/include/connectors/ConnectorFactory.php index 1fc47eb900d..9a063624e7a 100755 --- a/include/connectors/ConnectorFactory.php +++ b/include/connectors/ConnectorFactory.php @@ -56,6 +56,11 @@ public static function getInstance($source_name) require_once('include/connectors/sources/SourceFactory.php'); require_once('include/connectors/component.php'); $source = SourceFactory::getSource($source_name); + + if ($source === null){ + return null; + } + $component = new component(); $component->setSource($source); $component->init(); @@ -81,6 +86,11 @@ public static function load($class, $type) public static function loadClass($class, $type) { $dir = str_replace('_', '/', $class); + + if (strpos($dir, '..') !== false) { + return; + } + $parts = explode("/", $dir); $file = $parts[count($parts)-1] . '.php'; if (file_exists("custom/modules/Connectors/connectors/{$type}/{$dir}/$file")) { diff --git a/include/connectors/sources/SourceFactory.php b/include/connectors/sources/SourceFactory.php index af0e079a170..b8d34d062b4 100755 --- a/include/connectors/sources/SourceFactory.php +++ b/include/connectors/sources/SourceFactory.php @@ -59,6 +59,11 @@ class SourceFactory public static function getSource($class, $call_init = true) { $dir = str_replace('_', '/', (string) $class); + + if (strpos($dir, '..') !== false) { + return null; + } + $parts = explode("/", $dir); $file = $parts[count($parts)-1]; $pos = strrpos($file, '/'); diff --git a/include/entryPoint.php b/include/entryPoint.php index 5ca2b38121e..346823f6d38 100755 --- a/include/entryPoint.php +++ b/include/entryPoint.php @@ -206,3 +206,6 @@ //// END SETTING DEFAULT VAR VALUES /////////////////////////////////////////////////////////////////////////////// + +//It does a check to see if the host is valid +check_trusted_hosts(); diff --git a/include/utils.php b/include/utils.php index a1259e33ffa..d6c8362008e 100755 --- a/include/utils.php +++ b/include/utils.php @@ -282,7 +282,9 @@ function make_sugar_config(&$sugar_config) 'legacy_email_behaviour' => false, 'valid_imap_ports' => [ '110', '143', '993', '995' - ] + ], + 'web_to_lead_allowed_redirect_hosts' => [], + 'trusted_hosts' => [] ); } @@ -575,7 +577,9 @@ function get_sugar_config_defaults(): array 'legacy_email_behaviour' => false, 'valid_imap_ports' => [ '110', '143', '993', '995' - ] + ], + 'web_to_lead_allowed_redirect_hosts' => [], + 'trusted_hosts' => [] ]; if (!is_object($locale)) { @@ -5390,6 +5394,23 @@ function getUrls($string) */ function verify_image_file($path, $jpeg = false) { + // check image manually + $fp = fopen($path, 'rb'); + if (!$fp) { + return false; + } + $data = ''; + // read the whole file in chunks + while (!feof($fp)) { + $data .= fread($fp, 8192); + } + fclose($fp); + if (preg_match("/<(\?php|html|!doctype|script|body|head|plaintext|table|img |pre(>| )|frameset|iframe|object|link|base|style|font|applet|meta|center|form|isindex)/i", $data, $m)) { + $GLOBALS['log']->fatal("Found {$m[0]} in $path, not allowing upload"); + + return false; + } + if (function_exists('imagepng') && function_exists('imagejpeg') && function_exists('imagecreatefromstring')) { $img = imagecreatefromstring(file_get_contents($path)); if (!$img) { @@ -5420,27 +5441,10 @@ function verify_image_file($path, $jpeg = false) return false; } } else { - // check image manually - $fp = fopen($path, 'rb'); - if (!$fp) { - return false; - } - $data = ''; - // read the whole file in chunks - while (!feof($fp)) { - $data .= fread($fp, 8192); - } - - fclose($fp); - if (preg_match("/<(\?php|html|!doctype|script|body|head|plaintext|table|img |pre(>| )|frameset|iframe|object|link|base|style|font|applet|meta|center|form|isindex)/i", $data, $m)) { - $GLOBALS['log']->fatal("Found {$m[0]} in $path, not allowing upload"); - - return false; - } - return true; } + return false; } @@ -5453,7 +5457,9 @@ function verify_image_file($path, $jpeg = false) */ function verify_uploaded_image($path, $jpeg_only = false) { - $supportedExtensions = array('jpg' => 'image/jpeg', 'jpeg' => 'image/jpeg', 'tmp' => 'tmp'); + global $sugar_config; + $supportedExtensions = $sugar_config['image_ext'] ?? ['image/jpeg', 'image/png', 'image/gif' , 'tmp' => 'tmp']; + if (!$jpeg_only) { $supportedExtensions['png'] = 'image/png'; } @@ -5463,9 +5469,14 @@ function verify_uploaded_image($path, $jpeg_only = false) } $img_size = getimagesize($path); - $filetype = $img_size['mime']; + $filetype = $img_size['mime'] ?? ''; $tmpArray = explode('.', $path); $ext = end($tmpArray); + + if (!has_valid_image_mime_type($filetype)) { + return false; + } + if (substr_count('..', $path) > 0 || ($ext !== $path && !isset($supportedExtensions[strtolower($ext)])) || !in_array($filetype, array_values($supportedExtensions)) ) { @@ -6006,6 +6017,52 @@ function has_valid_image_extension($fieldName, $name) return has_valid_extension($fieldName, $name, $validExtensions); } +/** + * Check if has valid image mime type + * @param string $mimeType + * @return bool + */ +function has_valid_image_mime_type(string $mimeType): bool +{ + global $sugar_config; + + if (empty($mimeType) || !is_string($mimeType)) { + return false; + } + + $validExtensions = [ + 'gif', + 'png', + 'jpg', + 'jpeg', + 'svg' + ]; + + if (isset($sugar_config['valid_image_ext']) && is_array($sugar_config['valid_image_ext'])){ + $validExtensions = $sugar_config['valid_image_ext']; + } + + $parts = explode('/', $mimeType) ?? []; + $mimeMap = [ + 'svg+xml' => 'svg' + ]; + + $type = ''; + if (!empty($parts) && count($parts) > 1) { + $type = $parts[1]; + + if (isset($mimeMap[$type])) { + $type = $mimeMap[$type]; + } + } + + if (empty($type)) { + return false; + } + + return in_array($type, array_values($validExtensions), true); +} + /** * Check if has valid extension * @param string $fieldName @@ -6156,6 +6213,62 @@ function isSelfRequest($endpoint) : bool { return stripos((string) $endpoint, (string) $domain) !== false || stripos((string) $endpoint, (string) $siteUrl) !== false; } +/** + * Get currently configured trusted hosts, if none configured uses site_url + * @return array + */ +function get_trusted_hosts(): array { + + $trustedHosts = SugarConfig::getInstance()->get('trusted_hosts', []); + + if (!empty($trustedHosts) && is_array($trustedHosts)){ + return $trustedHosts; + } + + return []; +} + +/** + * Check currently set trusted hosts + */ +function check_trusted_hosts(): void { + + $trustedHostPatterns = get_trusted_hosts(); + if (empty($trustedHostPatterns)) { + return; + } + + $host = ''; + if (!empty($_SERVER["HTTP_HOST"])) { + $host = $_SERVER["HTTP_HOST"]; + } + + if (empty($host)) { + $host = $_SERVER['SERVER_NAME'] ?? ''; + } + + if (empty($host)) { + $host = $_SERVER['SERVER_ADDR'] ?? ''; + } + + $host = strtolower(preg_replace('/:\d+$/', '', trim($host))); + + if ($host && '' !== preg_replace('/(?:^\[)?[a-zA-Z0-9-:\]_]+\.?/', '', $host)) { + throw new BadMethodCallException(sprintf('Invalid Host "%s".', $host)); + } + + if (\count($trustedHostPatterns) > 0) { + + foreach ($trustedHostPatterns as $pattern) { + if (preg_match("/".$pattern."/", $host)) { + return; + } + } + + throw new BadMethodCallException(sprintf('Untrusted Host "%s".', $host)); + } +} + /** * Get currency ID directly from the record, if property is empty -> use default currency ID * @param $module @@ -6167,3 +6280,62 @@ function getCurrencyId($module, $id) global $locale; return BeanFactory::getBean($module, $id)->currency_id ?? $locale->getPrecedentPreference('currency'); } + +/** + * Get host from url + * @param string $url + * @return string + */ +function getHostFromUrl(string $url): string { + + if (empty($url)) { + return ''; + } + + $reDirectHost = ''; + + $urlParts = parse_url($url); + if (isset($urlParts['host'])) { + $reDirectHost = $urlParts['host']; + } + + return $reDirectHost; +} + + +/** + * Check if is string is an allowed redirect host + * @param string $url + * @return bool + */ +function isWebToLeadAllowedRedirectHost(string $url): bool { + + global $sugar_config; + + $redirectHost = getHostFromUrl($url); + + $allowedRedirectHosts = $sugar_config['web_to_lead_allowed_redirect_hosts'] ?? []; + + if (empty($allowedRedirectHosts)) { + return true; + } + + foreach ($allowedRedirectHosts as $allowedRedirectHost) { + + if ($allowedRedirectHost === ''){ + continue; + } + + if (substr($allowedRedirectHost, 0, 7 ) !== 'http://' && substr($allowedRedirectHost, 0, 8 ) !== 'https://') { + $allowedRedirectHost = 'http://' . $allowedRedirectHost; + } + + $allowedHost = getHostFromUrl($allowedRedirectHost); + + if ($redirectHost === $allowedHost) { + return true; + } + } + + return false; +} diff --git a/lib/Robo/Plugin/Commands/ApiCommands.php b/lib/Robo/Plugin/Commands/ApiCommands.php index d6a580932f4..928e8e8a3bc 100644 --- a/lib/Robo/Plugin/Commands/ApiCommands.php +++ b/lib/Robo/Plugin/Commands/ApiCommands.php @@ -174,13 +174,8 @@ public function apiRebuildHtaccessFile() public function apiCreateClient($name) { $count = $this->getNameCount($name, 'oauth2clients', 'name'); - $dateTime = new DateTime(); - $clientSecret = base_convert( - $dateTime->getTimestamp() * 4096, - 10, - 16 - ); + $clientSecret = bin2hex(random_bytes(50)); $clientBean = $this->beanManager->newBeanSafe( OAuth2Clients::class diff --git a/modules/AOP_Case_Updates/Case_Updates.php b/modules/AOP_Case_Updates/Case_Updates.php index 2d9e3339545..a6fd13a0f8b 100755 --- a/modules/AOP_Case_Updates/Case_Updates.php +++ b/modules/AOP_Case_Updates/Case_Updates.php @@ -266,14 +266,14 @@ function display_single_update(AOP_Case_Updates $update) if ($update->internal) { $html = "
" . getUpdateDisplayHead($update); $html .= "
"; - $html .= nl2br(html_entity_decode((string) $update->description)); + $html .= nl2br(html_entity_decode(purify_html((string) $update->description, ['HTML.ForbiddenElements' => ['iframe' => true]]))); $html .= '
'; return $html; } /*if standard update*/ else { $html = "
" . getUpdateDisplayHead($update); $html .= "
"; - $html .= nl2br(html_entity_decode((string) $update->description)); + $html .= nl2br(html_entity_decode(purify_html((string) $update->description, ['HTML.ForbiddenElements' => ['iframe' => true]]))); $html .= '
'; return $html; @@ -283,7 +283,7 @@ function display_single_update(AOP_Case_Updates $update) /*if contact user*/ $html = "
" . getUpdateDisplayHead($update); $html .= "
"; - $html .= html_entity_decode((string) $update->description); + $html .= html_entity_decode(purify_html((string) $update->description, ['HTML.ForbiddenElements' => ['iframe' => true]])); $html .= '
'; return $html; diff --git a/modules/AOS_PDF_Templates/templateParser.php b/modules/AOS_PDF_Templates/templateParser.php index eb99e95e7f9..025beeb2ba0 100755 --- a/modules/AOS_PDF_Templates/templateParser.php +++ b/modules/AOS_PDF_Templates/templateParser.php @@ -126,7 +126,7 @@ public static function parse_template_bean($string, $key, &$focus) reset($repl_arr); foreach ($repl_arr as $name => $value) { - if (strpos($name, 'product_discount') !== false && strpos($name, '_amount') === false) { + if ((strpos($name, 'product_discount') !== false || strpos($name, 'quotes_discount') !== false) && strpos($name, '_amount') === false) { if ($value !== '' && isset($repl_arr['aos_products_quotes_discount'])) { if ($isValidator->isPercentageField($repl_arr['aos_products_quotes_discount'])) { $sep = get_number_separators(); diff --git a/modules/AOS_Products/vardefs.php b/modules/AOS_Products/vardefs.php index 93ba9a5f389..ed846fa6a2d 100755 --- a/modules/AOS_Products/vardefs.php +++ b/modules/AOS_Products/vardefs.php @@ -281,6 +281,7 @@ 'type' => 'varchar', 'len' => '255', 'reportable' => true, + 'inline_edit' => false, 'comment' => 'File name associated with the note (attachment)' ), 'file_url' => diff --git a/modules/Alerts/controller.php b/modules/Alerts/controller.php index cd1341969db..6c8bc4881c0 100644 --- a/modules/Alerts/controller.php +++ b/modules/Alerts/controller.php @@ -103,7 +103,7 @@ public function action_add() $bean = BeanFactory::getBean('Alerts'); $result = $bean->get_full_list( "", - "alerts.assigned_user_id = '" . $current_user->id . "' AND reminder_id = '" . $reminder_id . "'" + "alerts.assigned_user_id = '" . $current_user->id . "' AND reminder_id = '" . $bean->db->quote($reminder_id) . "'" ); if (empty($result)) { $bean = BeanFactory::newBean('Alerts'); diff --git a/modules/Campaigns/WebToLeadCapture.php b/modules/Campaigns/WebToLeadCapture.php index 987577254cf..7be18b38cc1 100755 --- a/modules/Campaigns/WebToLeadCapture.php +++ b/modules/Campaigns/WebToLeadCapture.php @@ -178,7 +178,7 @@ $sea->AddUpdateEmailAddress($lead->email2, 0, 1); } } - if (isset($_POST['redirect_url']) && !empty($_POST['redirect_url'])) { + if (isset($_POST['redirect_url']) && !empty($_POST['redirect_url']) && isWebToLeadAllowedRedirectHost($_POST['redirect_url'] ?? '')) { // Get the redirect url, and make sure the query string is not too long $redirect_url = $_POST['redirect_url']; $query_string = ''; @@ -247,7 +247,7 @@ } } -if (!empty($_POST['redirect'])) { +if (!empty($_POST['redirect']) && isWebToLeadAllowedRedirectHost($_POST['redirect'] ?? '')) { if (headers_sent()) { echo 'SugarCRM'; echo '
'; diff --git a/modules/Campaigns/WebToPersonCapture.php b/modules/Campaigns/WebToPersonCapture.php index 4f5a65af239..1324f6aae3b 100644 --- a/modules/Campaigns/WebToPersonCapture.php +++ b/modules/Campaigns/WebToPersonCapture.php @@ -282,7 +282,7 @@ } - if (isset($_POST['redirect_url']) && !empty($_POST['redirect_url'])) { + if (isset($_POST['redirect_url']) && !empty($_POST['redirect_url']) && isWebToLeadAllowedRedirectHost($_POST['redirect_url'] ?? '')) { // Get the redirect url, and make sure the query string is not too long $redirect_url = $_POST['redirect_url']; $query_string = ''; @@ -361,7 +361,7 @@ } } -if (!empty($_POST['redirect'])) { +if (!empty($_POST['redirect']) && isWebToLeadAllowedRedirectHost($_POST['redirect'] ?? '')) { if (headers_sent()) { echo 'SugarCRM'; echo ''; diff --git a/modules/Connectors/controller.php b/modules/Connectors/controller.php index 1beef32e69e..97f5204e719 100755 --- a/modules/Connectors/controller.php +++ b/modules/Connectors/controller.php @@ -86,6 +86,10 @@ public function action_SetSearch() $search_source = $_REQUEST['source_id']; $source_instance = ConnectorFactory::getInstance($search_source); + + if ($source_instance === null) { + return; + } $source_map = $source_instance->getModuleMapping($merge_module); $module_fields = array(); foreach ($_REQUEST as $search_term => $val) { @@ -269,32 +273,6 @@ private function remoteFileExists($url) public function action_CallRest() { $this->view = 'ajax'; - - $url = $_REQUEST['url']; - - if (!preg_match('/^http[s]{0,1}\:\/\//', (string) $url)) { - throw new RuntimeException('Illegal request'); - } - - if (!$this->remoteFileExists($url)) { - throw new RuntimeException('Requested URL is not exists.'); - } - - - if (false === ($result = @file_get_contents($_REQUEST['url']))) { - echo ''; - } else { - if (!empty($_REQUEST['xml'])) { - $values = array(); - $p = xml_parser_create(); - xml_parse_into_struct($p, $result, $values); - xml_parser_free($p); - $json = getJSONobj(); - echo $json->encode($values); - } else { - echo $result; - } - } } public function action_CallSoap() diff --git a/modules/Documents/TreeData.php b/modules/Documents/TreeData.php index 64196254761..cca26548f4a 100755 --- a/modules/Documents/TreeData.php +++ b/modules/Documents/TreeData.php @@ -125,13 +125,13 @@ function get_documents($cat_id, $subcat_id, $href=true) $href_string = "javascript:select_document('doctree')"; $query="select * from documents where deleted=0"; if ($cat_id != 'null') { - $query.=" and category_id='$cat_id'"; + $query.=" and category_id='" . DBManagerFactory::getInstance()->quote($cat_id) . "'"; } else { $query.=" and category_id is null"; } if ($subcat_id != 'null') { - $query.=" and subcategory_id='$subcat_id'"; + $query.=" and subcategory_id='" . DBManagerFactory::getInstance()->quote($subcat_id) . "'"; } else { $query.=" and subcategory_id is null"; } diff --git a/modules/FP_events/responseEntryPoint.php b/modules/FP_events/responseEntryPoint.php index b0dd81ac305..ace1e6b4970 100755 --- a/modules/FP_events/responseEntryPoint.php +++ b/modules/FP_events/responseEntryPoint.php @@ -5,10 +5,10 @@ $db = DBManagerFactory::getInstance(); - $even_id = $_GET['event']; - $delegate_id = $_GET['delegate']; - $type = $_GET['type']; - $response = $_GET['response']; + $even_id = $db->quote($_GET['event'] ?? ''); + $delegate_id =$db->quote( $_GET['delegate'] ?? ''); + $type = $db->quote($_GET['type'] ?? ''); + $response = $db->quote($_GET['response'] ?? ''); //get event $event = BeanFactory::newBean('FP_events'); diff --git a/modules/Import/views/view.error.php b/modules/Import/views/view.error.php index 009482e15b2..d0cbc12baee 100755 --- a/modules/Import/views/view.error.php +++ b/modules/Import/views/view.error.php @@ -99,14 +99,25 @@ protected function _getModuleTab() */ public function display() { - $this->ss->assign("IMPORT_MODULE", $_REQUEST['import_module']); + $module = $_REQUEST['import_module'] ?? ''; + if (!empty($module) && !isAllowedModuleName($module)) { + throw new InvalidArgumentException('Invalid target_module'); + } + + $source = $_REQUEST['source'] ?? ''; + $result = preg_match("/^[\w\-\_\.\:]+$/", $source); + if (!empty($source) && empty($result)) { + throw new InvalidArgumentException('Invalid source'); + } + + $this->ss->assign("IMPORT_MODULE", $module); $this->ss->assign("ACTION", 'Step1'); - $this->ss->assign("MESSAGE", $_REQUEST['message']); + $this->ss->assign("MESSAGE", $_REQUEST['message'] ?? ''); $this->ss->assign("SOURCE", ""); if (isset($_REQUEST['source'])) { - $this->ss->assign("SOURCE", $_REQUEST['source']); + $this->ss->assign("SOURCE", $source); } - + $this->ss->display('modules/Import/tpls/error.tpl'); } } diff --git a/modules/InboundEmail/InboundEmail.php b/modules/InboundEmail/InboundEmail.php index 16ea910f3f9..ece6b0fb70d 100755 --- a/modules/InboundEmail/InboundEmail.php +++ b/modules/InboundEmail/InboundEmail.php @@ -758,7 +758,7 @@ public function getFormattedRawSource($uid) global $app_strings; if (empty($this->id)) { - $q = "SELECT raw_source FROM emails_text WHERE email_id = '{$uid}'"; + $q = "SELECT raw_source FROM emails_text WHERE email_id = '" . $this->db->quote($uid) . "'"; $r = $this->db->query($q); $a = $this->db->fetchByAssoc($r); $ret = array(); @@ -938,7 +938,7 @@ public function setCacheTimestamp($mbox) */ public function getCacheUnreadCount($mbox) { - $q = "SELECT count(*) c FROM email_cache WHERE mbox = '{$mbox}' AND seen = 0 AND ie_id = '{$this->id}'"; + $q = "SELECT count(*) c FROM email_cache WHERE mbox = '" . $this->db->quote($mbox) . "' AND seen = 0 AND ie_id = '" . $this->db->quote($this->id) . "'"; $r = $this->db->query($q); $a = $this->db->fetchByAssoc($r); @@ -952,7 +952,7 @@ public function getCacheUnreadCount($mbox) */ public function getCacheCount($mbox) { - $q = "SELECT count(*) c FROM email_cache WHERE mbox = '{$mbox}' AND ie_id = '{$this->id}'"; + $q = "SELECT count(*) c FROM email_cache WHERE mbox = '" . $this->db->quote($mbox) . "' AND ie_id = '" . $this->db->quote($this->id) . "'"; $r = $this->db->query($q); $a = $this->db->fetchByAssoc($r); @@ -961,7 +961,7 @@ public function getCacheCount($mbox) public function getCacheUnread($mbox) { - $q = "SELECT count(*) c FROM email_cache WHERE mbox = '{$mbox}' AND ie_id = '{$this->id}' AND seen = '0'"; + $q = "SELECT count(*) c FROM email_cache WHERE mbox = '" . $this->db->quote($mbox) . "' AND ie_id = '" . $this->db->quote($this->id) . "' AND seen = '0'"; $r = $this->db->query($q); $a = $this->db->fetchByAssoc($r); @@ -974,7 +974,7 @@ public function getCacheUnread($mbox) */ public function deleteCache() { - $q = "DELETE FROM email_cache WHERE ie_id = '{$this->id}'"; + $q = "DELETE FROM email_cache WHERE ie_id = '" . $this->db->quote($this->id) . "'"; $GLOBALS['log']->info("INBOUNDEMAIL: deleting cache using query [ {$q} ]"); diff --git a/modules/Notes/NoteSoap.php b/modules/Notes/NoteSoap.php index bbb600814cf..4b273cd2bea 100755 --- a/modules/Notes/NoteSoap.php +++ b/modules/Notes/NoteSoap.php @@ -1,4 +1,7 @@ isValidId($note['id'])) { + return '-1'; + } + $focus->retrieve($note['id']); if (empty($focus->id)) { return '-1'; diff --git a/modules/Notes/controller.php b/modules/Notes/controller.php index 3bfabeefe59..bd4d5e7843d 100755 --- a/modules/Notes/controller.php +++ b/modules/Notes/controller.php @@ -45,15 +45,15 @@ * Window - Preferences - PHPeclipse - PHP - Code Templates */ require_once('include/MVC/Controller/SugarController.php'); - - + + #[\AllowDynamicProperties] class NotesController extends SugarController { public function action_save() { require_once('include/upload_file.php'); - + // CCL - Bugs 41103 and 43751. 41103 address the issue where the parent_id is set, but // the relate_id field overrides the relationship. 43751 fixes the problem where the relate_id and // parent_id are the same value (in which case it should just use relate_id) by adding the != check @@ -68,7 +68,7 @@ public function action_save() $this->bean->contact_id = $_REQUEST['parent_id']; $this->bean->contact_name = $_REQUEST['parent_name']; } - + $GLOBALS['log']->debug('PERFORMING NOTES SAVE'); $upload_file = new UploadFile('uploadfile'); $do_final_move = 0; @@ -86,7 +86,7 @@ public function action_save() $this->bean->filename = $_REQUEST['old_filename']; } } - + $check_notify = false; if (!empty($_POST['assigned_user_id']) && (empty($this->bean->fetched_row) || $this->bean->fetched_row['assigned_user_id'] != $_POST['assigned_user_id']) && @@ -94,16 +94,17 @@ public function action_save() $check_notify = true; } $this->bean->save($check_notify); - + + $isValidator = new \SuiteCRM\Utility\SuiteValidator(); if ($do_final_move) { $upload_file->final_move($this->bean->id); } else { - if (! empty($_REQUEST['old_id'])) { - $upload_file->duplicate_file($_REQUEST['old_id'], $this->bean->id, $this->bean->filename); + if (! empty($_REQUEST['old_id'] ?? '') && $isValidator->isValidId($_REQUEST['old_id'] ?? '')) { + UploadFile::duplicate_file($_REQUEST['old_id'], $this->bean->id, $this->bean->filename); } } } - + public function action_editview() { $this->view = 'edit'; diff --git a/modules/Studio/wizard.php b/modules/Studio/wizard.php index 2ca51a67522..c79ba5fb443 100755 --- a/modules/Studio/wizard.php +++ b/modules/Studio/wizard.php @@ -49,6 +49,12 @@ $wizard = !empty($_REQUEST['wizard'])? $_REQUEST['wizard']: 'StudioWizard'; +$validWizards = ['EditDropDownWizard', 'RenameModules', 'StudioWizard']; + +if (!in_array($wizard, $validWizards,true)) { + throw new InvalidArgumentException('Invalid wizard'); +} + if (file_exists('modules/Studio/wizards/'. $wizard . '.php')) { require_once('modules/Studio/wizards/'. $wizard . '.php'); $thewiz = new $wizard(); diff --git a/modules/SugarFeed/Dashlets/SugarFeedDashlet/UserPostForm.tpl b/modules/SugarFeed/Dashlets/SugarFeedDashlet/UserPostForm.tpl index 7970c047973..6b35c82841c 100755 --- a/modules/SugarFeed/Dashlets/SugarFeedDashlet/UserPostForm.tpl +++ b/modules/SugarFeed/Dashlets/SugarFeedDashlet/UserPostForm.tpl @@ -46,7 +46,7 @@
- + @@ -55,11 +55,13 @@
{$more_img} {$user_name} {if !empty($link_types)}{$more_img}{/if} {$user_name} 
diff --git a/modules/SugarFeed/SugarFeed.php b/modules/SugarFeed/SugarFeed.php index ccf287a38ff..9ea2c6063a4 100644 --- a/modules/SugarFeed/SugarFeed.php +++ b/modules/SugarFeed/SugarFeed.php @@ -361,6 +361,8 @@ public static function getLinkClass($linkName) if (file_exists('custom/modules/SugarFeed/linkHandlers/'.$linkName.'.php')) { require_once('custom/modules/SugarFeed/linkHandlers/'.$linkName.'.php'); + } elseif(!file_exists('modules/SugarFeed/linkHandlers/'.$linkName.'.php')) { + return false; } else { require_once('modules/SugarFeed/linkHandlers/'.$linkName.'.php'); } @@ -488,7 +490,7 @@ public static function getTimeLapse($startDate) else{ $first=$first->getTimestamp(); } - + $second=date_create_from_format($user_format,$startDate); if(empty($second)){ LoggerManager::getLogger()->warn('SugarFeed getTimeLapse: Could not fetch startDate '); diff --git a/modules/SugarFeed/linkHandlers/Image.php b/modules/SugarFeed/linkHandlers/Image.php deleted file mode 100755 index ba1f5d6d3d6..00000000000 --- a/modules/SugarFeed/linkHandlers/Image.php +++ /dev/null @@ -1,86 +0,0 @@ - 425 ? \'425px\':\'auto\'); max-width: 425px;'; - } - return '
'; - } - - public function handleInput($feed, $link_type, $link_url) - { - parent::handleInput($feed, $link_type, $link_url); - - // The FeedLinkHandlerLink class will help sort this url out for us - $link_url = $feed->link_url; - - $imageData = @getimagesize($link_url); - - if (! isset($imageData)) { - // The image didn't pull down properly, could be a link and allow_url_fopen could be disabled - $imageData[0] = 0; - $imageData[1] = 0; - } else { - if (max($imageData[0], $imageData[1]) > 425) { - // This is a large image, we need to set some specific width/height properties so that the browser can scale it. - $scale = 425 / max($imageData[0], $imageData[1]); - $imageData[0] = floor($imageData[0]*$scale); - $imageData[1] = floor($imageData[1]*$scale); - } - } - - $feed->link_url = base64_encode(serialize(array('url'=>$link_url,'width'=>$imageData[0],'height'=>$imageData[1]))); - } -} diff --git a/modules/SugarFeed/linkHandlers/Link.php b/modules/SugarFeed/linkHandlers/Link.php deleted file mode 100755 index ede00682928..00000000000 --- a/modules/SugarFeed/linkHandlers/Link.php +++ /dev/null @@ -1,69 +0,0 @@ -' .$data['LINK_URL'] .''; - } - - public function handleInput($feed, $link_type, $link_url) - { - $feed->link_type = $link_type; - - // - if ($link_url[0] != '.' || $link_url[0] != '/') { - // Automatically add http:// in front of the link_url if it doesn't already have it - if (strncmp($link_url, 'http://', 7) != 0 && strncmp($link_url, 'https://', 8) != 0) { - $link_url = 'http://'.$link_url; - } - } - // Make sure they aren't trying to do something nasty like break out of a quote or something - $link_url = str_replace(array('<','>','"',"'"), array('<','>','"','''), (string) $link_url); - - $feed->link_url = $link_url; - } -} diff --git a/modules/SugarFeed/linkHandlers/YouTube.php b/modules/SugarFeed/linkHandlers/YouTube.php deleted file mode 100755 index 9619b0919c4..00000000000 --- a/modules/SugarFeed/linkHandlers/YouTube.php +++ /dev/null @@ -1,64 +0,0 @@ -'; - } - - public function handleInput($feed, $link_type, $link_url) - { - $match = array(); - preg_match('/v=([^\&]+)/', (string) $link_url, $match); - - if (!empty($match[1])) { - $feed->link_type = $link_type; - $feed->link_url = $match[1]; - } - } -} diff --git a/modules/Users/User.php b/modules/Users/User.php index 95feed418ca..a49d36d649c 100755 --- a/modules/Users/User.php +++ b/modules/Users/User.php @@ -2418,7 +2418,7 @@ public function afterImportSave() */ public function isPrimaryEmail($email) { - if (!empty($this->email1) && !empty($email) && strcasecmp($this->email1, $email) == 0) { + if (!empty($this->email1) && !empty($email) && strcasecmp($this->email1, $email) === 0) { return true; } return false; diff --git a/service/example/Rest_Proxy.php b/service/example/Rest_Proxy.php deleted file mode 100755 index 645f98960ca..00000000000 --- a/service/example/Rest_Proxy.php +++ /dev/null @@ -1,118 +0,0 @@ -$v) { - $_headers[strtolower($k)] = $v; -} -$url = parse_url(PROXY_SERVER); -if (!empty($_headers['referer'])) { - $curl_headers['referer'] = 'Referer: ' . $_headers['referer']; -} -if (!empty($_headers['user-agent'])) { - $curl_headers['user-agent'] = 'User-Agent: ' . $_headers['user-agent']; -} -if (!empty($_headers['accept'])) { - $curl_headers['accept'] = 'Accept: ' . $_headers['accept']; -} -if (!empty($_headers['accept-language'])) { - $curl_headers['accept-Language'] = 'Accept-Language: ' . $_headers['accept-language']; -} -if (!empty($_headers['accept-encoding'])) { - $curl_headers['accept-encoding:'] = 'Accept-Encoding: ' .$_headers['accept-encoding']; -} -if (!empty($_headers['accept-charset'])) { - $curl_headers['accept-charset:'] = 'Accept-Charset: ' .$_headers['accept-charset']; -} - -// create a new cURL resource -$ch = curl_init(); -// set URL and other appropriate options -curl_setopt($ch, CURLOPT_URL, PROXY_SERVER); -curl_setopt($ch, CURLOPT_POST, 1); -curl_setopt($ch, CURLOPT_HTTPHEADER, $curl_headers); -curl_setopt($ch, CURLOPT_HEADER, 1); -curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); -curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); -curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0); -curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); -$post_data = ''; -if (!empty($_POST)) { - foreach ($_POST as $k=>$v) { - if (!empty($post_data)) { - $post_data .= '&'; - } - $post_data .= "$k=" . $v; - } -} -curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data); -// grab URL and pass it to the browser -fwrite($fp, 'client headers:' . var_export($headers, true) . "\n"); -fwrite($fp, 'starting curl request' . "\n"); -fwrite($fp, $post_data . "\n"); -$result = curl_exec($ch); -curl_close($ch); -fwrite($fp, 'finished curl request' . "\n"); -fwrite($fp, 'response:' . var_export($result, true) . "\n"); -//we only handle 1 response no redirects -$result = explode("\r\n\r\n", $result, 2); -//we neeed to split up the ehaders -$result_headers = explode("\r\n", $result[0]); -//now echo out the same headers the server passed to us -fwrite($fp, "setting headers\n"); -foreach ($result_headers as &$header) { - if (substr_count($header, 'Set-Cookie:') ==0) { - header($header); - } -} -header('Content-Length: ' . strlen($result[1])); -header('Connection: close'); -// now echo out the body -fwrite($fp, "sending body\n"); -echo $result[1]; -ob_end_flush(); -fwrite($fp, "done\n"); -die(); -// close cURL resource, and free up system resources diff --git a/service/example/example.html b/service/example/example.html deleted file mode 100755 index 8be6c37b4b8..00000000000 --- a/service/example/example.html +++ /dev/null @@ -1,342 +0,0 @@ - - - - - - Sugar Rest Example - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
Please Login
-
- - - -
- - -
- - diff --git a/service/example/test.html b/service/example/test.html deleted file mode 100755 index 88f90779b99..00000000000 --- a/service/example/test.html +++ /dev/null @@ -1,328 +0,0 @@ -/** - * - * SugarCRM Community Edition is a customer relationship management program developed by - * SugarCRM, Inc. Copyright (C) 2004-2013 SugarCRM Inc. - * - * SuiteCRM is an extension to SugarCRM Community Edition developed by SalesAgility Ltd. - * Copyright (C) 2011 - 2018 SalesAgility Ltd. - * - * This program is free software; you can redistribute it and/or modify it under - * the terms of the GNU Affero General Public License version 3 as published by the - * Free Software Foundation with the addition of the following permission added - * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK - * IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY - * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS. - * - * This program is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS - * FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more - * details. - * - * You should have received a copy of the GNU Affero General Public License along with - * this program; if not, see http://www.gnu.org/licenses or write to the Free - * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301 USA. - * - * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road, - * SW2-130, Cupertino, CA 95014, USA. or at email address contact@sugarcrm.com. - * - * The interactive user interfaces in modified source and object code versions - * of this program must display Appropriate Legal Notices, as required under - * Section 5 of the GNU Affero General Public License version 3. - * - * In accordance with Section 7(b) of the GNU Affero General Public License version 3, - * these Appropriate Legal Notices must retain the display of the "Powered by - * SugarCRM" logo and "Supercharged by SuiteCRM" logo. If the display of the logos is not - * reasonably feasible for technical reasons, the Appropriate Legal Notices must - * display the words "Powered by SugarCRM" and "Supercharged by SuiteCRM". - */ - - - - - - - - - - - diff --git a/suitecrm_version.php b/suitecrm_version.php index c0947baa383..775b6c3f5b5 100755 --- a/suitecrm_version.php +++ b/suitecrm_version.php @@ -3,5 +3,5 @@ die('Not A Valid Entry Point'); } -$suitecrm_version = '7.14.3'; -$suitecrm_timestamp = '2024-02-05 12:00:00'; +$suitecrm_version = '7.14.4'; +$suitecrm_timestamp = '2024-06-10 12:00:00';