Issues (4069)

Security Analysis    not enabled

This project does not seem to handle request data directly as such no vulnerable execution paths were found.

  Cross-Site Scripting
Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.
  File Exposure
File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.
  File Manipulation
File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.
  Object Injection
Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.
  Code Injection
Code Injection enables an attacker to execute arbitrary code on the server.
  Response Splitting
Response Splitting can be used to send arbitrary responses.
  File Inclusion
File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.
  Command Injection
Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.
  SQL Injection
SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.
  XPath Injection
XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.
  LDAP Injection
LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.
  Header Injection
  Other Vulnerability
This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.
  Regex Injection
Regex Injection enables an attacker to execute arbitrary code in your PHP process.
  XML Injection
XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.
  Variable Injection
Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.
Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

PackageManager/PackageManagerDisplay.php (4 issues)

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

1
<?php
2
/*********************************************************************************
3
 * SugarCRM Community Edition is a customer relationship management program developed by
4
 * SugarCRM, Inc. Copyright (C) 2004-2013 SugarCRM Inc.
5
6
 * SuiteCRM is an extension to SugarCRM Community Edition developed by Salesagility Ltd.
7
 * Copyright (C) 2011 - 2014 Salesagility Ltd.
8
 *
9
 * This program is free software; you can redistribute it and/or modify it under
10
 * the terms of the GNU Affero General Public License version 3 as published by the
11
 * Free Software Foundation with the addition of the following permission added
12
 * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
13
 * IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
14
 * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
15
 *
16
 * This program is distributed in the hope that it will be useful, but WITHOUT
17
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
18
 * FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more
19
 * details.
20
 *
21
 * You should have received a copy of the GNU Affero General Public License along with
22
 * this program; if not, see http://www.gnu.org/licenses or write to the Free
23
 * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
24
 * 02110-1301 USA.
25
 *
26
 * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
27
 * SW2-130, Cupertino, CA 95014, USA. or at email address [email protected].
28
 *
29
 * The interactive user interfaces in modified source and object code versions
30
 * of this program must display Appropriate Legal Notices, as required under
31
 * Section 5 of the GNU Affero General Public License version 3.
32
 *
33
 * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
34
 * these Appropriate Legal Notices must retain the display of the "Powered by
35
 * SugarCRM" logo and "Supercharged by SuiteCRM" logo. If the display of the logos is not
36
 * reasonably feasible for  technical reasons, the Appropriate Legal Notices must
37
 * display the words  "Powered by SugarCRM" and "Supercharged by SuiteCRM".
38
 ********************************************************************************/
39
40
41
42
require_once('ModuleInstall/PackageManager/PackageManager.php');
43
44
require_once('include/ytree/Tree.php');
45
require_once('include/ytree/Node.php');
46
require_once('ModuleInstall/PackageManager/ListViewPackages.php');
47
48
class PackageManagerDisplay{
49
50
   /**
51
     * A Static method to Build the display for the package manager
52
     *
53
     * @param String form1 - the form to display for manual downloading
54
     * @param String hidden_fields - the hidden fields related to downloading a package
55
     * @param String form_action - the form_action to be used when downloading from the server
56
     * @param String types - the types of objects we will request from the server
57
     * @param String active_form - the form to display first
58
     * @return String - a string of html which will be used to display the forms
59
     */
60
    static function buildPackageDisplay($form1, $hidden_fields, $form_action, $types = array('module'), $active_form = 'form1', $install = false){
61
		global $current_language;
62
63
        $mod_strings = return_module_language($current_language, "Administration");
64
        global $app_strings;
65
        global $sugar_version, $sugar_config;
66
        $app_strings = return_application_language($current_language);
67
        $ss = new Sugar_Smarty();
68
        $ss->assign('APP_STRINGS', $app_strings);
69
        $ss->assign('FORM_1_PLACE_HOLDER', $form1);
70
        $ss->assign('form_action', $form_action);
71
        $ss->assign('hidden_fields', $hidden_fields);
72
73
        $result = PackageManagerDisplay::getHeader();
74
        $header_text = $result['text'];
75
        $isAlive = $result['isAlive'];
76
        $show_login = $result['show_login'];
77
        $mi_errors = ModuleInstaller::getErrors();
78
        $error_html = "";
79
		if(!empty($mi_errors)){
80
			$error_html = "<tr><td><span>";
81
			foreach($mi_errors as $error){
82
				$error_html .= "<font color='red'>".$error."</font><br>";
83
			}
84
			$error_html .= "</span></td></tr>";
85
		}
86
87
        $form2 = "<table  class='tabForm' width='100%'  cellpadding='0' cellspacing='0' width='100%' border='0'>";
88
        $form2 .= $error_html;
89
        if(!$isAlive)
90
        	$form2 .= "<tr><td><span id='span_display_html'>".$header_text."</span></td></tr>";
91
        $form2 .= "</table>";
92
93
        $tree = null;
94
        //if($isAlive){
95
            $tree = PackageManagerDisplay::buildTreeView('treeview', $isAlive);
96
            $tree->tree_style= 'include/ytree/TreeView/css/check/tree.css';
97
            $ss->assign('TREEHEADER',$tree->generate_header());
98
        //}
99
        //$form2 .= PackageManagerDisplay::buildLoginPanel($mod_strings);
100
        $form2 .= "<table  class='tabForm' cellpadding='0' cellspacing='0' width='100%' border='0'>";
101
        $form2 .= "<tr><td></td><td align='left'>";
102
        if($isAlive){
103
        	$form2 .= "<input type='button' id='modifCredentialsBtn' class='button' onClick='PackageManager.showLoginDialog(true);' value='".$mod_strings['LBL_MODIFY_CREDENTIALS']."'>";
104
        }else{
105
            $form2 .= "<input type='button' id='modifCredentialsBtn' class='button' onClick='PackageManager.showLoginDialog(true);' value='".$mod_strings['LBL_MODIFY_CREDENTIALS']."'style='display:none;'>";
106
        }
107
        $form2 .= "</td><td align='left'><div id='workingStatusDiv' style='display:none;'>".SugarThemeRegistry::current()->getImage("sqsWait","border='0' align='bottom'",null,null,'.gif',"Loading")."</div></td><td align='right'>";
108
109
        if($isAlive){
110
            $form2 .= "<slot><a class=\"listViewTdToolsS1\" id='href_animate' onClick=\"PackageManager.toggleDiv('span_animate_server_div', 'catview');\"><span id='span_animate_server_div'><img src='".SugarThemeRegistry::current()->getImageURL('basic_search.gif')."' width='8' height='8' border='0'>&nbsp;Collapse</span></a></slot>";
111
        }else{
112
            $form2 .= "<slot><a class=\"listViewTdToolsS1\" id='href_animate' onClick=\"PackageManager.toggleDiv('span_animate_server_div', 'catview');\"><span id='span_animate_server_div' style='display:none;'><img src='".SugarThemeRegistry::current()->getImageURL('basic_search.gif')."' width='8' height='8' border='0'>&nbsp;Collapse</span></a></slot>";
113
        }
114
        $form2 .= "</td></tr></table>";
115
		$form2 = '';   //Commenting out the form as part of sugar depot hiding.
116
        $ss->assign('installation', ($install ? 'true' : 'false'));
117
118
119
       $mod_strings = return_module_language($current_language, "Administration");
120
121
        $ss->assign('MOD', $mod_strings);
122
		$ss->assign('module_load', 'true');
123
        if (UploadStream::getSuhosinStatus() == false)
0 ignored issues
show
Coding Style Best Practice introduced by
It seems like you are loosely comparing two booleans. Considering using the strict comparison === instead.

When comparing two booleans, it is generally considered safer to use the strict comparison operator.

Loading history...
124
        {
125
            $ss->assign('ERR_SUHOSIN', true);
126
        }
127
        else
128
        {
129
            $ss->assign('scripts', PackageManagerDisplay::getDisplayScript($install));
130
        }
131
        $show_login = false; //hiding install from sugar
132
		$ss->assign('MODULE_SELECTOR', PackageManagerDisplay::buildGridOutput($tree, $mod_strings, $isAlive, $show_login));
133
       $ss->assign('FORM_2_PLACE_HOLDER', $form2);
134
        $ss->assign('MOD', $mod_strings);
135
        $descItemsInstalled = $mod_strings['LBL_UW_DESC_MODULES_INSTALLED'];
136
        $ss->assign('INSTALLED_PACKAGES_HOLDER', PackageManagerDisplay::buildInstalledGrid($mod_strings, $types));
137
138
   $str = $ss->fetch('ModuleInstall/PackageManager/tpls/PackageForm.tpl');
139
      return $str;
140
    }
141
142
    /**
143
     * A Static method to Build the display for the package manager
144
     *
145
     * @param String form1 - the form to display for manual downloading
146
     * @param String hidden_fields - the hidden fields related to downloading a package
147
     * @param String form_action - the form_action to be used when downloading from the server
148
     * @param String types - the types of objects we will request from the server
149
     * @param String active_form - the form to display first
150
     * @return String - a string of html which will be used to display the forms
151
     */
152
    function buildPatchDisplay($form1, $hidden_fields, $form_action, $types = array('module'), $active_form = 'form1'){
153
    	global $current_language;
154
        $mod_strings = return_module_language($current_language, "Administration");
155
        $ss = new Sugar_Smarty();
156
        $ss->assign('FORM_1_PLACE_HOLDER', $form1);
157
        $ss->assign('form_action', $form_action);
158
        $ss->assign('hidden_fields', $hidden_fields);
159
        $mod_strings = return_module_language($current_language, "Administration");
160
161
        $ss->assign('MOD', $mod_strings);
162
        $result = PackageManagerDisplay::getHeader();
163
        $header_text = $result['text'];
164
        $isAlive = $result['isAlive'];
165
        $show_login = $result['show_login'];
166
        $display = 'none';
167
        //if($isAlive){
168
            $display = 'block';
169
        //}
170
        $form2 = "<table  class='tabForm' width='100%'  cellpadding='0' cellspacing='0' width='100%' border='0'>";
171
        if(!$isAlive)
172
        	$form2 .= "<tr><td><span id='span_display_html'>".$header_text."</span></td></tr>";
173
        $form2 .= "</table>";
174
        $form2 .= "<table width='100%'><tr><td align='left'>";
175
        if($show_login){
176
        	$form2 .= "<input type='button' class='button' onClick='PackageManager.showLoginDialog(true);' value='".$mod_strings['LBL_MODIFY_CREDENTIALS']."'>";
177
        }
178
        $form2 .= "</td><td align='right'><div id='workingStatusDiv' style='display:none;'>".SugarThemeRegistry::current()->getImage("sqsWait","border='0' align='bottom'",null,null,'.gif',"Loading")."</div></td></tr><tr><td colspan='2'>";
179
180
        $loginViewStyle = ($isAlive ? 'none' : 'block');
181
		$selectViewStyle = ($isAlive ? 'block' : 'none');
182
		$form2 .= "<div id='selectView' style='display:".$selectViewStyle."'>";
183
		$form2 .= "  <div id='patch_downloads' class='ygrid-mso' style='height:205px; display: ".$display.";'></div>";
184
		 $form2 .= "</div>";
185
		 if(!$show_login)
186
         	$loginViewStyle = 'none';
187
         //$form2 .= "<div id='loginView' style='display:".$loginViewStyle."'>";
188
    	 //$form2 .= PackageManagerDisplay::buildLoginPanel($mod_strings, $isAlive);
189
    	 //$form2 .= "</div>";
190
191
        $form2 .= "</td></tr></table>";
192
        $form2 = '';
193
        $packages = array();
194
        $releases = array();
195
        if($isAlive){
196
          	$filter = array();
197
          	$count = count($types);
198
          	$index = 1;
199
          	$type_str = '"';
200
          	foreach($types as $type){
201
          		$type_str .= "'".$type."'";
202
          		if($index < $count)
203
          			$type_str .= ",";
204
          		$index++;
205
          	}
206
          	$type_str .= '"';
207
          	$filter = array('type' => $type_str);
208
          	$filter = PackageManager::toNameValueList($filter);
209
            $pm = new PackageManager();
210
            /*if(in_array('patch', $types)){
211
            	$releases = $pm->getReleases('3', '3', $filter);
212
            }else{
213
            	$releases = $pm->getReleases('', '', $filter);
214
            }*/
215
        }
216
        if($form_action == 'install.php' && (empty($releases) || count($releases['packages']) == 0)){
0 ignored issues
show
This if statement is empty and can be removed.

This check looks for the bodies of if statements that have no statements or where all statements have been commented out. This may be the result of changes for debugging or the code may simply be obsolete.

These if bodies can be removed. If you have an empty if but statements in the else branch, consider inverting the condition.

if (rand(1, 6) > 3) {
//print "Check failed";
} else {
    print "Check succeeded";
}

could be turned into

if (rand(1, 6) <= 3) {
    print "Check succeeded";
}

This is much more concise to read.

Loading history...
217
        	//return false;
218
        }
219
        $tree = PackageManagerDisplay::buildTreeView('treeview', $isAlive);
220
        $tree->tree_style= 'include/ytree/TreeView/css/check/tree.css';
221
        $ss->assign('TREEHEADER',$tree->generate_header());
222
		$ss->assign('module_load', 'false');
223
		$ss->assign('MODULE_SELECTOR', PackageManagerDisplay::buildGridOutput($tree, $mod_strings, $isAlive, $show_login));
224
        $ss->assign('FORM_2_PLACE_HOLDER', $form2);
225
        $ss->assign('scripts', PackageManagerDisplay::getDisplayScript(false, 'patch', $releases, $types, $isAlive));
226
        $str = $ss->fetch('ModuleInstall/PackageManager/tpls/PackageForm.tpl');
227
        return $str;
228
    }
229
230
    static function buildInstalledGrid($mod_strings, $types = array('modules')){
231
    	  $descItemsInstalled = $mod_strings['LBL_UW_DESC_MODULES_INSTALLED'];
232
    	  $output = '<table width="100%" border="0" cellspacing="0" cellpadding="0" ><tr><td align="left">'.$descItemsInstalled.'</td>';
233
          $output .= '</td></tr></table>';
234
          $output .= "<table width='100%'><tr><td ><div id='installed_grid' class='ygrid-mso' style='height:205px;'></div></td></tr></table>";
235
          return $output;
236
    }
237
238
    function buildLoginPanel($mod_strings, $display_cancel){
239
        $credentials = PackageManager::getCredentials();
240
    	$output = "<div id='login_panel'><div class='hd'><b>".$mod_strings['HDR_LOGIN_PANEL']."</b></div>";
241
        $output .= "<div class='bd'><form><table><tr><td>".$mod_strings['LBL_USERNAME']."</td><td><input type='text' name='login_panel_username' id='login_panel_username' value='".$credentials['username']."'></td><td><a href='http://www.sugarcrm.com/crm/index.php?option=com_registration&task=register' target='blank'>".$mod_strings['LNK_NEW_ACCOUNT']."</a></td>";
242
243
        $output .= "</tr><tr><td>".$mod_strings['LBL_PASSWORD']."</td><td><input type='password' name='login_panel_password' id='login_panel_password'></td><td><a href='http://www.sugarcrm.com/crm/component/option,com_registration/Itemid,0/task,lostPassword/' target='blank'>".$mod_strings['LNK_FORGOT_PASS']."</a></td>";
244
245
		$terms = PackageManager::getTermsAndConditions();
246
		$output .= "</tr><tr><td colspan='6' valign='top'><b>".$mod_strings['LBL_TERMS_AND_CONDITIONS']."</b><br><textarea readonly cols=80 rows=8>" . $terms['terms'] . '</textarea></td>';
247
       	$_SESSION['SugarDepot_TermsVersion'] = (!empty($terms['version']) ? $terms['version'] : '');
248
249
		$output .= "</td></tr><tr><td colspan='6'><input class='checkbox' type='checkbox' name='cb_terms' id='cb_terms' onclick='if(this.checked){this.form.panel_login_button.disabled=false;}else{this.form.panel_login_button.disabled=true;}'>".$mod_strings['LBL_ACCEPT_TERMS']."</td></tr><tr>";
250
        $output .= "<td align='left'>";
251
        $output .= "<input type='button' id='panel_login_button' name='panel_login_button' value='Login' class='button' onClick='PackageManager.authenticate(this.form.login_panel_username.value, this.form.login_panel_password.value, \"\",\"" . $terms['version'] . "\");' disabled>";
252
253
        if($display_cancel){
254
        	$output .= "&nbsp;<input type='button' id='panel_cancel_button' value='Cancel' class='button' onClick='PackageManager.showLoginDialog(false);'>";
255
        }
256
        $output .= "</td><td></td></tr>";
257
		$output .= "<tr></td><td></td></tr>";
258
		$output .= "</table></div>";
259
        $output .= "<div class='ft'></div></form></div>";
260
        return $output;
261
    }
262
263
    /**
264
     *  Build html in order to display the grids relevant for module loader
265
     *
266
     *  @param Tree tree - the tree which we are using to display the categories
267
     *  @param Array mod_strings - the local mod strings to display
268
     *  @return String - a string of html
269
     */
270
	static function buildGridOutput($tree, $mod_strings, $display = true, $show_login = true){
271
		 $output = "<div id='catview'>";
272
		$loginViewStyle = ($display ? 'none' : 'block');
273
		$selectViewStyle = ($display ? 'block' : 'none');
274
		$output .= "<div id='selectView' style='display:".$selectViewStyle."'>";
275
         //if($display){
276
    		$output .= "<table border=0 width='100%' class='moduleTitle'><tr><td width='100%' valign='top'>";
277
    		$output .= "<div id='treeview'>";
278
    		$output .= $tree->generate_nodes_array();
279
    		$output .= "</div>";
280
    		$output .= "</td></tr>";
281
            $output .= "<tr><td width='100%'>";
282
			$output .= "<div id='tabs1'></div>";
283
            $output .= "</td></tr>";
284
            $output .= "<tr><td width='100%' align='left'>";
285
            $output .= "<input type='button' class='button' value='Download Selected' onClick='PackageManager.download();'>";
286
            $output .= "</td></tr></table>";
287
        // }
288
         $output .= "</div>";
289
         if(!$show_login)
290
         	$loginViewStyle = 'none';
291
        // $output .= "<div id='loginView' style='display:".$loginViewStyle."'>";
292
         // jchi ,#24296 :commented code because we are currently not using depot, in the future this may change so you can put this code back in.
293
    	 //$output .= PackageManagerDisplay::buildLoginPanel($mod_strings, $display);
294
    	 //$output .= "</div>";
295
    	 //$output .= "<table width='100%' class='moduleTitle' border=1><tr><td><div id='patch_downloads' class='ygrid-mso' style='height:205px;'></div></td></tr></table>";
296
		$output .= "</div>";
297
298
		return $output;
299
	}
300
301
     /**
302
     * A Static method used to build the initial treeview when the page is first displayed
303
     *
304
     * @param String div_id - this div in which to display the tree
305
     * @return Tree - the tree that is built
306
     */
307
    static function buildTreeView($div_id, $isAlive = true){
308
        $tree = new Tree($div_id);
309
        $nodes = array();
310
        if($isAlive)
311
        	$nodes = PackageManager::getCategories('');
312
313
        foreach($nodes as $arr_node){
314
            $node = new Node($arr_node['id'], $arr_node['label']);
315
            $node->dynamicloadfunction = 'PackageManager.loadDataForNodeForPackage';
316
            $node->expanded = false;
317
            $node->dynamic_load = true;
318
            $node->set_property('href',"javascript:PackageManager.catClick('treeview');");
319
            $tree->add_node($node);
320
            $node->set_property('description', $arr_node['description']);
321
        }
322
        return $tree;
323
    }
324
325
    /**
326
     * A Static method used to obtain the div for the license
327
     *
328
     * @param String license_file - the path to the license file
329
     * @param String form_action - the form action when accepting the license file
330
     * @param String next_step - the value for the next step in the installation process
331
     * @param String zipFile - a string representing the path to the zip file
332
     * @param String type - module/patch....
333
     * @param String manifest - the path to the manifest file
334
     * @param String modify_field - the field to update when the radio button is changed
335
     * @return String - a form used to display the license
336
     */
337
    function getLicenseDisplay($license_file, $form_action, $next_step, $zipFile, $type, $manifest, $modify_field){
338
    	global $current_language;
339
        $mod_strings = return_module_language($current_language, "Administration");
340
        $contents = sugar_file_get_contents($license_file);
341
        $div_id = urlencode($zipFile);
342
        $display = "<form name='delete{$zipFile}' action='{$form_action}' method='POST'>";
343
        $display .= "<input type='hidden' name='current_step' value='{$next_step}'>";
344
        $display .= "<input type='hidden' name='languagePackAction' value='{$type}'>";
345
        $display .= "<input type='hidden' name='manifest' value='\".urlencode($manifest).\"'>";
346
        $display .= "<input type='hidden' name='zipFile' value='\".urlencode($zipFile).\"'>";
347
        $display .= "<table><tr>";
348
        $display .= "<td align=\"left\" valign=\"top\" colspan=2>";
349
        $display .= "<b><font color='red' >{$mod_strings['LBL_MODULE_LICENSE']}</font></b>";
350
        $display .= "</td>";
351
        $display .= "<td>";
352
        $display .= "<slot><a class=\"listViewTdToolsS1\" id='href_animate' onClick=\"PackageManager.toggleLowerDiv('span_animate_div_$div_id', 'span_license_div_$div_id', 350, 0);\"><span id='span_animate_div_$div_id'<img src='".SugarThemeRegistry::current()->getImageURL('advanced_search.gif')."' width='8' height='8' alt='Advanced' border='0'>&nbsp;Expand</span></a></slot></td>";
353
        $display .= "</td>";
354
        $display .= "</tr>";
355
        $display .= "</table>";
356
        $display .= "<div id='span_license_div_$div_id' style=\"display: none;\">";
357
        $display .= "<table>";
358
        $display .= "<tr>";
359
        $display .= "<td align=\"left\" valign=\"top\" colspan=2>";
360
        $display .= "<textarea cols=\"100\" rows=\"8\">{$contents}</textarea>";
361
        $display .= "</td>";
362
        $display .= "</tr>";
363
        $display .= "<tr>";
364
        $display .= "<td align=\"left\" valign=\"top\" colspan=2>";
365
        $display .= "<input type='radio' id='radio_license_agreement_accept' name='radio_license_agreement' value='accept' onClick=\"document.getElementById('$modify_field').value = 'yes';\">{$mod_strings['LBL_ACCEPT']}&nbsp;";
366
        $display .= "<input type='radio' id='radio_license_agreement_reject' name='radio_license_agreement' value='reject' checked onClick=\"document.getElementById('$modify_field').value = 'no';\">{$mod_strings['LBL_DENY']}";
367
        $display .= "</td>";
368
        $display .= "</tr>";
369
        $display .= "</table>";
370
        $display .= "</div>";
371
        $display .= "</form>";
372
        return $display;
373
    }
374
375
     /**
376
     * A Static method used to generate the javascript for the page
377
     *
378
     * @return String - the javascript required for the page
379
     */
380
    static function getDisplayScript($install = false, $type = 'module', $releases = null, $types = array(), $isAlive = true){
381
        global $sugar_version, $sugar_config;
382
        global $current_language;
383
384
        $mod_strings = return_module_language($current_language, "Administration");
385
        $ss = new Sugar_Smarty();
386
        $ss->assign('MOD', $mod_strings);
387
        if(!$install){
388
            $install = 0;
389
        }
390
		$ss->assign('INSTALLATION', $install);
391
        $ss->assign('WAIT_IMAGE', SugarThemeRegistry::current()->getImage("loading","border='0' align='bottom'",null,null,'.gif',"Loading"));
392
393
        $ss->assign('sugar_version', $sugar_version);
394
        $ss->assign('js_custom_version', $sugar_config['js_custom_version']);
395
         $ss->assign('IS_ALIVE', $isAlive);
396
        //if($type == 'patch' && $releases != null){
397
        if($type == 'patch'){
398
            $ss->assign('module_load', 'false');
399
            $patches = PackageManagerDisplay::createJavascriptPackageArray($releases);
400
            $ss->assign('PATCHES', $patches);
401
             $ss->assign('GRID_TYPE', implode(',', $types));
402
        }else{
403
           	$pm = new PackageManager();
404
           	$releases = $pm->getPackagesInStaging();
405
           	$patches = PackageManagerDisplay::createJavascriptModuleArray($releases);
406
            $ss->assign('PATCHES', $patches);
407
            $installeds = $pm->getinstalledPackages();
408
           	$patches = PackageManagerDisplay::createJavascriptModuleArray($installeds, 'mti_installed_data');
409
            $ss->assign('INSTALLED_MODULES', $patches);
410
			 $ss->assign('UPGARDE_WIZARD_URL', 'index.php?module=UpgradeWizard&action=index');
411
            $ss->assign('module_load', 'true');
412
        }
413
        if(!empty($GLOBALS['ML_STATUS_MESSAGE']))
414
        	$ss->assign('ML_STATUS_MESSAGE',$GLOBALS['ML_STATUS_MESSAGE']);
415
416
        //Bug 24064. Checking and Defining labels since these might not be cached during Upgrade
417
        if(!isset($mod_strings['LBL_ML_INSTALL']) || empty($mod_strings['LBL_ML_INSTALL'])){
418
			$mod_strings['LBL_ML_INSTALL'] = 'Install';
419
    	}
420
		if(!isset($mod_strings['LBL_ML_ENABLE_OR_DISABLE']) || empty($mod_strings['LBL_ML_ENABLE_OR_DISABLE'])) {
421
			$mod_strings['LBL_ML_ENABLE_OR_DISABLE'] = 'Enable/Disable';
422
		}
423
		if(!isset($mod_strings['LBL_ML_DELETE'])|| empty($mod_strings['LBL_ML_DELETE'])){
424
			$mod_strings['LBL_ML_DELETE'] = 'Delete';
425
		}
426
        //Add by jchi 6/23/2008 to fix the bug 21667
427
		$filegrid_column_ary = array(
428
			'Name' => $mod_strings['LBL_ML_NAME'],
429
			'Install' => $mod_strings['LBL_ML_INSTALL'],
430
			'Delete' => $mod_strings['LBL_ML_DELETE'],
431
			'Type' => $mod_strings['LBL_ML_TYPE'],
432
			'Version' => $mod_strings['LBL_ML_VERSION'],
433
			'Published' => $mod_strings['LBL_ML_PUBLISHED'],
434
			'Uninstallable' => $mod_strings['LBL_ML_UNINSTALLABLE'],
435
			'Description' => $mod_strings['LBL_ML_DESCRIPTION']
436
		);
437
438
		$filegridinstalled_column_ary = array(
439
			'Name' => $mod_strings['LBL_ML_NAME'],
440
			'Install' => $mod_strings['LBL_ML_INSTALL'],
441
			'Action' => $mod_strings['LBL_ML_ACTION'],
442
			'Enable_Or_Disable' => $mod_strings['LBL_ML_ENABLE_OR_DISABLE'],
443
			'Type' => $mod_strings['LBL_ML_TYPE'],
444
			'Version' => $mod_strings['LBL_ML_VERSION'],
445
			'Date_Installed' => $mod_strings['LBL_ML_INSTALLED'],
446
			'Uninstallable' => $mod_strings['LBL_ML_UNINSTALLABLE'],
447
			'Description' => $mod_strings['LBL_ML_DESCRIPTION']
448
		);
449
450
		$ss->assign('ML_FILEGRID_COLUMN',$filegrid_column_ary);
451
		$ss->assign('ML_FILEGRIDINSTALLED_COLUMN',$filegridinstalled_column_ary);
452
		//end
453
454
		$ss->assign('SHOW_IMG', SugarThemeRegistry::current()->getImage('advanced_search', 'border="0"', 8, 8, '.gif', 'Show'));
455
		$ss->assign('HIDE_IMG', SugarThemeRegistry::current()->getImage('basic_search', 'border="0"', 8, 8, '.gif', 'Hide'));
456
        $str = $ss->fetch('ModuleInstall/PackageManager/tpls/PackageManagerScripts.tpl');
457
        return $str;
458
    }
459
460
    function createJavascriptPackageArray($releases){
461
        $output = "var mti_data = [";
462
        $count = count($releases);
463
        $index = 1;
464
        if(!empty($releases['packages'])){
465
	        foreach($releases['packages'] as $release){
466
	            $release = PackageManager::fromNameValueList($release);
467
	            $output .= "[";
468
	            $output .= "'".$release['description']."', '".$release['version']."', '".$release['build_number']."', '".$release['id']."'";
469
	            $output .= "]";
470
	            if($index < $count)
471
	                $output .= ",";
472
	            $index++;
473
	        }
474
        }
475
        $output .= "]\n;";
476
        return $output;
477
    }
478
479
    static function createJavascriptModuleArray($modules, $variable_name = 'mti_data'){
480
        $output = "var ".$variable_name." = [";
481
        $count = count($modules);
482
        $index = 1;
483
        if(!empty($modules)){
484
	        foreach($modules as $module){
485
	            $output .= "[";
486
	            $output .= "'".$module['name']."', '".$module['file_install']."', '".$module['file']."', '";
487
	            if(!empty($module['enabled']))
488
	            	$output .= $module['enabled'].'_'.$module['file']."', '";
489
490
 				$description = js_escape($module['description']);
491
	            $output .= $module['type']."', '".$module['version']."', '".$module['published_date']."', '".$module['uninstallable']."', '".$description."'".(isset($module['upload_file'])?" , '".$module['upload_file']."']":"]");
492
	            if($index < $count)
493
	                $output .= ",";
494
	            $index++;
495
	        }
496
497
        }
498
        $output .= "]\n;";
499
        return $output;
500
    }
501
502
   /**
503
    *  This method is meant to be used to display the license agreement inline on the page
504
    *  if the system would like to perform the installation on the same page via an Ajax call
505
    */
506
    function buildLicenseOutput($file){
507
    	global $current_language;
508
509
        $mod_strings = return_module_language($current_language, "Administration");
510
        $contents = '';
511
        $pm = new PackageManager();
512
        $contents = $pm->getLicenseFromFile($file);
513
        $ss = new Sugar_Smarty();
514
        $ss->assign('MOD', $mod_strings);
515
        $ss->assign('LICENSE_CONTENTS', $contents);
516
        $ss->assign('FILE', $file);
517
        $str = $ss->fetch('ModuleInstall/PackageManagerLicense.tpl');
518
        $GLOBALS['log']->debug('LICENSE OUTPUT: '.$str);
519
        return $str;
520
    }
521
522
    static function getHeader(){
523
    	global $current_language;
524
525
        $mod_strings = return_module_language($current_language, "Administration");
526
        $header_text = '';
527
        $isAlive = false;
528
        $show_login = false;
529
        if(!function_exists('curl_init') && $show_login){
530
        	$header_text = "<font color='red'><b>".$mod_strings['ERR_ENABLE_CURL']."</b></font>";
531
        	$show_login = false;
532
        }else{
533
            $credentials = PackageManager::getCredentials();
534
            if(empty($credentials['username']) || empty($credentials['password'])){
0 ignored issues
show
This if statement is empty and can be removed.

This check looks for the bodies of if statements that have no statements or where all statements have been commented out. This may be the result of changes for debugging or the code may simply be obsolete.

These if bodies can be removed. If you have an empty if but statements in the else branch, consider inverting the condition.

if (rand(1, 6) > 3) {
//print "Check failed";
} else {
    print "Check succeeded";
}

could be turned into

if (rand(1, 6) <= 3) {
    print "Check succeeded";
}

This is much more concise to read.

Loading history...
535
            	//$header_text = "<font color='red'><b>".$mod_strings['ERR_CREDENTIALS_MISSING']."</b></font>";
536
            }
537
            else{
538
            	$result = PackageManagerComm::login();
539
            	if((is_array($result) && !empty($result['faultcode'])) || $result == false){
540
            		$header_text = "<font color='red'><b>".$result['faultstring']."</b></font>";
541
            	}else{
542
            		$header_text = PackageManager::getPromotion();
543
            		$isAlive = true;
544
            	}
545
            }
546
        }
547
        return array('text' => $header_text, 'isAlive' => $isAlive, 'show_login' => $show_login);
548
    }
549
550
    function buildInstallGrid($view){
551
    	$uh = new UpgradeHistory();
552
    	$installeds = $uh->getAll();
553
		$upgrades_installed = 0;
554
		$installed_objects = array();
555
		foreach($installeds as $installed)
556
		{
557
			$filename = from_html($installed->filename);
558
			$date_entered = $installed->date_entered;
559
			$type = $installed->type;
560
			$version = $installed->version;
561
			$upgrades_installed++;
562
			$link = "";
563
564
			switch($type)
565
			{
566
				case "theme":
567
				case "langpack":
568
				case "module":
569
				case "patch":
570
				$manifest_file = extractManifest($filename);
0 ignored issues
show
The call to extractManifest() misses a required argument $base_tmp_upgrade_dir.

This check looks for function calls that miss required arguments.

Loading history...
571
				require_once($manifest_file);
572
573
				$name = empty($manifest['name']) ? $filename : $manifest['name'];
574
				$description = empty($manifest['description']) ? $mod_strings['LBL_UW_NONE'] : $manifest['description'];
575
				if(($upgrades_installed==0 || $uh->UninstallAvailable($installeds, $installed))
576
					&& is_file($filename) && !empty($manifest['is_uninstallable']))
577
				{
578
					$link = urlencode( $filename );
579
				}
580
				else
581
				{
582
					$link = 'false';
583
				}
584
585
				break;
586
				default:
587
					break;
588
			}
589
590
			if($view == 'default' && $type != 'patch')
591
			{
592
				continue;
593
			}
594
595
			if($view == 'module'
596
				&& $type != 'module' && $type != 'theme' && $type != 'langpack')
597
			{
598
				continue;
599
			}
600
601
			$target_manifest = remove_file_extension( $filename ) . "-manifest.php";
602
			require_once( "$target_manifest" );
603
604
			if(isset($manifest['icon']) && $manifest['icon'] != "")
605
			{
606
				$manifest_copy_files_to_dir = isset($manifest['copy_files']['to_dir']) ? clean_path($manifest['copy_files']['to_dir']) : "";
607
				$manifest_copy_files_from_dir = isset($manifest['copy_files']['from_dir']) ? clean_path($manifest['copy_files']['from_dir']) : "";
608
				$manifest_icon = clean_path($manifest['icon']);
609
				$icon = "<img src=\"" . $manifest_copy_files_to_dir . ($manifest_copy_files_from_dir != "" ? substr($manifest_icon, strlen($manifest_copy_files_from_dir)+1) : $manifest_icon ) . "\">";
610
			}
611
			else
612
			{
613
				$icon = getImageForType( $manifest['type'] );
614
			}
615
			$installed_objects[] = array('icon' => $icon, 'name' => $name, 'type' => $type, 'version' => $version, 'date_entered' => $date_entered, 'description' => $description, 'file' => $link);
616
			//print( "<form action=\"" . $form_action . "_prepare\" method=\"post\">\n" );
617
			//print( "<tr><td>$icon</td><td>$name</td><td>$type</td><td>$version</td><td>$date_entered</td><td>$description</td><td>$link</td></tr>\n" );
618
			//print( "</form>\n" );
619
		}
620
    }
621
 }
622