Issues in SugarSpot.php (scrutinizer-code-quality) - Issues in scrutinizer-code-quality - adamjakab/SuiteCRM - Measure and Improve Code Quality continuously with Scrutinizer

Issues (4069)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

include/SearchForm/SugarSpot.php (4 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
//if(!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point');
/*********************************************************************************
 * SugarCRM Community Edition is a customer relationship management program developed by
 * SugarCRM, Inc. Copyright (C) 2004-2013 SugarCRM Inc.

 * SuiteCRM is an extension to SugarCRM Community Edition developed by Salesagility Ltd.
 * Copyright (C) 2011 - 2014 Salesagility Ltd.
 *
 * This program is free software; you can redistribute it and/or modify it under
 * the terms of the GNU Affero General Public License version 3 as published by the
 * Free Software Foundation with the addition of the following permission added
 * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
 * IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
 * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
 *
 * This program is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 * FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more
 * details.
 *
 * You should have received a copy of the GNU Affero General Public License along with
 * this program; if not, see http://www.gnu.org/licenses or write to the Free
 * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 * 02110-1301 USA.
 *
 * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
 * SW2-130, Cupertino, CA 95014, USA. or at email address [email protected].
 *
 * The interactive user interfaces in modified source and object code versions
 * of this program must display Appropriate Legal Notices, as required under
 * Section 5 of the GNU Affero General Public License version 3.
 *
 * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
 * these Appropriate Legal Notices must retain the display of the "Powered by
 * SugarCRM" logo and "Supercharged by SuiteCRM" logo. If the display of the logos is not
 * reasonably feasible for  technical reasons, the Appropriate Legal Notices must
 * display the words  "Powered by SugarCRM" and "Supercharged by SuiteCRM".
 ********************************************************************************/


/**
 * Global search
 * @api
 */
class SugarSpot
{
    protected $module = "";

    /**
     * @param string $current_module
     */
    public function __construct($current_module = "")
    {
        $this->module = $current_module;
    }
	/**
     * searchAndDisplay
     *
	 * Performs the search and returns the HTML widget containing the results
	 *
	 * @param  $query string what we are searching for
	 * @param  $modules array modules we are searching in
	 * @param  $offset int search result offset
	 * @return string HTML code containing results
     *
     * @deprecated deprecated since 6.5
	 */
	public function searchAndDisplay($query, $modules, $offset=-1)
	{
        $query_encoded = urlencode($query);
        $formattedResults = $this->formatSearchResultsToDisplay($query, $modules, $offset);
        $displayMoreForModule = $formattedResults['displayMoreForModule'];
        $displayResults = $formattedResults['displayResults'];

        $ss = new Sugar_Smarty();
        $ss->assign('displayResults', $displayResults);
        $ss->assign('displayMoreForModule', $displayMoreForModule);
        $ss->assign('appStrings', $GLOBALS['app_strings']);
        $ss->assign('appListStrings', $GLOBALS['app_list_strings']);
        $ss->assign('queryEncoded', $query_encoded);
        $template = 'include/SearchForm/tpls/SugarSpot.tpl';
        if(file_exists('custom/include/SearchForm/tpls/SugarSpot.tpl'))
        {
            $template = 'custom/include/SearchForm/tpls/SugarSpot.tpl';
        }
        return $ss->fetch($template);
	}


    protected function formatSearchResultsToDisplay($query, $modules, $offset=-1)
    {
        $results = $this->_performSearch($query, $modules, $offset);
        $displayResults = array();
        $displayMoreForModule = array();
        //$actions=0;
        foreach($results as $m=>$data)
        {
            if(empty($data['data']))
            {
                continue;
            }

            $countRemaining = $data['pageData']['offsets']['total'] - count($data['data']);
            if($offset > 0)
            {
                $countRemaining -= $offset;
            }

            if($countRemaining > 0)
            {
                $displayMoreForModule[$m] = array('query'=>$query,
                    'offset'=>$data['pageData']['offsets']['next']++,
                    'countRemaining'=>$countRemaining);
            }

            foreach($data['data'] as $row)
            {
                $name = '';

                //Determine a name to use
                if(!empty($row['NAME']))
                {
                    $name = $row['NAME'];
                }
                else if(!empty($row['DOCUMENT_NAME']))
                {
                    $name = $row['DOCUMENT_NAME'];
                }
                else
                {
                    $foundName = '';
                    foreach($row as $k=>$v)
                    {
                        if(strpos($k, 'NAME') !== false)
                        {
                            if(!empty($row[$k]))
                            {
                                $name = $v;
                                break;
                            }
                            else if(empty($foundName))
                            {
                                $foundName = $v;
                            }
                        }
                    }

                    if(empty($name))
                    {
                        $name = $foundName;
                    }
                }

                $displayResults[$m][$row['ID']] = $name;
            }
        }

        return array('displayResults' => $displayResults, 'displayMoreForModule' => $displayMoreForModule);
    }
	/**
	 * Returns the array containing the $searchFields for a module.  This function
	 * first checks the default installation directories for the SearchFields.php file and then
	 * loads any custom definition (if found)
	 *
	 * @param  $moduleName String name of module to retrieve SearchFields entries for
	 * @return array of SearchFields
	 */
	protected static function getSearchFields( $moduleName )
	{
		$searchFields = array();

		if(file_exists("modules/{$moduleName}/metadata/SearchFields.php"))
		{
		    require("modules/{$moduleName}/metadata/SearchFields.php");
		}

		if(file_exists("custom/modules/{$moduleName}/metadata/SearchFields.php"))
		{
		    require("custom/modules/{$moduleName}/metadata/SearchFields.php");
		}

		return $searchFields;
	}


	/**
	 * Get count from query
	 * @param SugarBean $seed
	 * @param string $main_query
	 */
	protected function _getCount($seed, $main_query)
	{
		$result = $seed->db->query("SELECT COUNT(*) as c FROM ($main_query) main");
		$row = $seed->db->fetchByAssoc($result);
		return isset($row['c'])?$row['c']:0;
	}

    /**
     * Determine which modules should be searched against.
     *
     * @return array
     */
    protected function getSearchModules()
    {
        $usa = new UnifiedSearchAdvanced();
        $unified_search_modules_display = $usa->getUnifiedSearchModulesDisplay();

        // load the list of unified search enabled modules
        $modules = array();

        //check to see if the user has  customized the list of modules available to search
        $users_modules = $GLOBALS['current_user']->getPreference('globalSearch', 'search');

        if(!empty($users_modules))
        {
            // use user's previous selections
            foreach ($users_modules as $key => $value )
            {
                if (isset($unified_search_modules_display[$key]) && !empty($unified_search_modules_display[$key]['visible']))
                {
                    $modules[$key] = $key;
                }
            }
        }
        else
        {
            foreach($unified_search_modules_display as $key=>$data)
            {
                if (!empty($data['visible']))
                {
                    $modules[$key] = $key;
                }
            }
        }
        // make sure the current module appears first in the list
        if(isset($modules[$this->module]))
        {
            unset($modules[$this->module]);
            $modules = array_merge(array($this->module=>$this->module),$modules);
        }

        return $modules;
    }

    /**
     * Perform a search
     *
     * @param $query string what we are searching for
     * @param $offset int search result offset
     * @return array
     */
    public function search($query, $offset = -1, $limit = 20, $options = array())
    {
        if( isset($options['modules']) && !empty($options['modules']) )
            $modules = $options['modules'];
        else
            $modules = $this->getSearchModules();

        return $this->_performSearch($query, $modules, $offset, $limit);

    }
	/**
     * _performSearch
     *
	 * Performs the search from the global search field.
	 *
	 * @param  $query   string what we are searching for
	 * @param  $modules array  modules we are searching in
	 * @param  $offset  int   search result offset
     * @param  $limit  int    search limit
	 * @return array
	 */
    protected function _performSearch($query, $modules, $offset = -1, $limit = 20)
    {
        if(empty($query)) return array();
        $primary_module='';
        $results = array();
        require_once 'include/SearchForm/SearchForm2.php' ;
        $where = '';
        $searchEmail = preg_match('/^([^%]|%)*@([^%]|%)*$/', $query);

        // bug49650 - strip out asterisks from query in case
        // user thinks asterisk is a wildcard value
        $query = str_replace( '*' , '' , $query );
        
        $limit = !empty($GLOBALS['sugar_config']['max_spotresults_initial']) ? $GLOBALS['sugar_config']['max_spotresults_initial'] : 5;
		if($offset !== -1){
			$limit = !empty($GLOBALS['sugar_config']['max_spotresults_more']) ? $GLOBALS['sugar_config']['max_spotresults_more'] : 20;
		}
    	$totalCounted = empty($GLOBALS['sugar_config']['disable_count_query']);


        foreach($modules as $moduleName)
        {
            if (empty($primary_module))
            {
                $primary_module=$moduleName;
            }

            $searchFields = SugarSpot::getSearchFields($moduleName);

            if (empty($searchFields[$moduleName]))
            {
                continue;
            }

            $class = $GLOBALS['beanList'][$moduleName];
            $return_fields = array();
            $seed = new $class();
            if(!$seed->ACLAccess('ListView')) continue;

            if ($class == 'aCase')
            {
                $class = 'Case';
            }

            foreach($searchFields[$moduleName] as $k=>$v)
            {
                $keep = false;
                $searchFields[$moduleName][$k]['value'] = $query;
                if(!empty($searchFields[$moduleName][$k]['force_unifiedsearch']))
                {
                    continue;
                }

				if(!empty($GLOBALS['dictionary'][$class]['unified_search'])){

					if(empty($GLOBALS['dictionary'][$class]['fields'][$k]['unified_search'])){

                        if(isset($searchFields[$moduleName][$k]['db_field']))
                        {
                            foreach($searchFields[$moduleName][$k]['db_field'] as $field)
                            {
                                if(!empty($GLOBALS['dictionary'][$class]['fields'][$field]['unified_search']))
                                {
                                    if(isset($GLOBALS['dictionary'][$class]['fields'][$field]['type']))
                                    {
                                        if(!$this->filterSearchType($GLOBALS['dictionary'][$class]['fields'][$field]['type'], $query))
                                        {
                                            unset($searchFields[$moduleName][$k]);
                                            continue;
                                        }
                                    }

                                    $keep = true;
								}
							} //foreach
						}
                        # Bug 42961 Spot search for custom fields
                        if (!$keep && (isset($v['force_unifiedsearch']) == false || $v['force_unifiedsearch'] != true))

                        {
							if(strpos($k,'email') === false || !$searchEmail) {
								unset($searchFields[$moduleName][$k]);
							}
						}
					}else{
					    if($GLOBALS['dictionary'][$class]['fields'][$k]['type'] == 'int' && !is_numeric($query)) {
					        unset($searchFields[$moduleName][$k]);
					    }
					}
				}else if(empty($GLOBALS['dictionary'][$class]['fields'][$k]) ){
					//If module did not have unified_search defined, then check the exception for an email search before we unset
					if(strpos($k,'email') === false || !$searchEmail)
					{
					   unset($searchFields[$moduleName][$k]);
					}
				}else if(!$this->filterSearchType($GLOBALS['dictionary'][$class]['fields'][$k]['type'], $query)){
                    unset($searchFields[$moduleName][$k]);
				}
			} //foreach

            //If no search field criteria matched then continue to next module
			if (empty($searchFields[$moduleName]))
            {
                continue;
            }

            if (empty($searchFields[$moduleName])) continue;

            if(isset($seed->field_defs['name']))
            {
                $return_fields['name'] = $seed->field_defs['name'];
            }

            foreach($seed->field_defs as $k => $v)
            {
                if(isset($seed->field_defs[$k]['type']) && ($seed->field_defs[$k]['type'] == 'name') && !isset($return_fields[$k]))
                {
                    $return_fields[$k] = $seed->field_defs[$k];
                }
            }

            if(!isset($return_fields['name']))
            {
                // if we couldn't find any name fields, try search fields that have name in it
                foreach($searchFields[$moduleName] as $k => $v)
                {
                    if(strpos($k, 'name') != -1 && isset($seed->field_defs[$k]) && !isset($seed->field_defs[$k]['source']))
                    {
                        $return_fields[$k] = $seed->field_defs[$k];
                        break;
                    }
                }
            }

            if(!isset($return_fields['name']))
            {
                // last resort - any fields that have 'name' in their name
                foreach($seed->field_defs as $k => $v)
                {
                    if(strpos($k, 'name') != -1 && isset($seed->field_defs[$k])
                        && !isset($seed->field_defs[$k]['source'])) {
                        $return_fields[$k] = $seed->field_defs[$k];
                        break;
                    }
                }
            }

            if(!isset($return_fields['name']))
            {
                // FAIL: couldn't find id & name for the module
                $GLOBALS['log']->error("Unable to find name for module $moduleName");
                continue;
            }

            if(isset($return_fields['name']['fields']))
            {
                // some names are composite
                foreach($return_fields['name']['fields'] as $field)
                {
                    $return_fields[$field] = $seed->field_defs[$field];
                }
            }


            $searchForm = new SearchForm ( $seed, $moduleName ) ;
            $searchForm->setup (array ( $moduleName => array() ) , $searchFields , '' , 'saved_views' /* hack to avoid setup doing further unwanted processing */ ) ;

            $where_clauses = $searchForm->generateSearchWhere() ;

            if(empty($where_clauses))
            {
                continue;
            }
            if(count($where_clauses) > 1)
            {
                $query_parts =  array();

                $ret_array_start = $seed->create_new_list_query('', '', $return_fields, array(), 0, '', true, $seed, true);
                $search_keys = array_keys($searchFields[$moduleName]);

                foreach($where_clauses as $n => $clause)
                {
                    $allfields = $return_fields;
                    $skey = $search_keys[$n];
                    if(isset($seed->field_defs[$skey]))
                    {
                        // Joins for foreign fields aren't produced unless the field is in result, hence the merge
                        $allfields[$skey] = $seed->field_defs[$skey];
                    }
                    $ret_array = $seed->create_new_list_query('', $clause, $allfields, array(), 0, '', true, $seed, true);
                    $query_parts[] = $ret_array_start['select'] . $ret_array['from'] . $ret_array['where'] . $ret_array['order_by'];
                }
                $main_query = "(".join(") UNION (", $query_parts).")";
            }
            else
            {
                foreach($searchFields[$moduleName] as $k=>$v)
                {
                    if(isset($seed->field_defs[$k]))
                    {
                        $return_fields[$k] = $seed->field_defs[$k];
                    }
                }
                $ret_array = $seed->create_new_list_query('', $where_clauses[0], $return_fields, array(), 0, '', true, $seed, true);
                $main_query = $ret_array['select'] . $ret_array['from'] . $ret_array['where'] . $ret_array['order_by'];
            }

            $totalCount = null;
            if($limit < -1)
            {
                $result = $seed->db->query($main_query);
            }
            else
            {
                if($limit == -1)
                {
                    $limit = $GLOBALS['sugar_config']['list_max_entries_per_page'];
                }

                if($offset == 'end')
                {
                    $totalCount = $this->_getCount($seed, $main_query);
                    if($totalCount)
                    {
                        $offset = (floor(($totalCount -1) / $limit)) * $limit;
                    } else
                    {
                        $offset = 0;
                    }
                }
                $result = $seed->db->limitQuery($main_query, $offset, $limit + 1);
            }

            $data = array();
            $count = 0;
            while($count < $limit && ($row = $seed->db->fetchByAssoc($result)))
            {
                $temp = clone $seed;
                $temp->setupCustomFields($temp->module_dir);
                $temp->loadFromRow($row);
                $data[] = $temp->get_list_view_data($return_fields);
                $count++;
            }

            $nextOffset = -1;
            $prevOffset = -1;
            $endOffset = -1;

            if($count >= $limit)
            {
                $nextOffset = $offset + $limit;
            }

            if($offset > 0)
            {
                $prevOffset = $offset - $limit;
                if($prevOffset < 0) $prevOffset = 0;
            }

            if( $count >= $limit && $totalCounted)
            {
                if(!isset($totalCount))
                {
                    $totalCount  = $this->_getCount($seed, $main_query);
                }
            } else
            {
                $totalCount = $count + $offset;
            }

            $pageData['offsets'] = array( 'current'=>$offset, 'next'=>$nextOffset, 'prev'=>$prevOffset, 'end'=>$endOffset, 'total'=>$totalCount, 'totalCounted'=>$totalCounted);
            $pageData['bean'] = array('objectName' => $seed->object_name, 'moduleDir' => $seed->module_dir);

            $results[$moduleName] = array("data" => $data, "pageData" => $pageData);
        }
        return $results;
    }


	/**
     * Function used to walk the array and find keys that map the queried string.
     * if both the pattern and module name is found the promote the string to thet top.
     */
    protected function _searchKeys($item1, $key, $patterns)
    {
        //make the module name singular....
        if ($patterns[1][strlen($patterns[1])-1] == 's')
        {
            $patterns[1]=substr($patterns[1],0,(strlen($patterns[1])-1));
        }

        $module_exists = stripos($key,$patterns[1]); //primary module name.
        $pattern_exists = stripos($key,$patterns[0]); //pattern provided by the user.
        if ($module_exists !== false and $pattern_exists !== false)
        {
            $GLOBALS['matching_keys']= array_merge(array(array('NAME'=>$key, 'ID'=>$key, 'VALUE'=>$item1)),$GLOBALS['matching_keys']);
        }
        else
        {
            if ($pattern_exists !== false)
            {
                $GLOBALS['matching_keys'][]=array('NAME'=>$key, 'ID'=>$key, 'VALUE'=>$item1);
            }
        }
    }


    /**
     * filterSearchType
     *
     * This is a private function to determine if the search type field should be filtered out based on the query string value
     * 
     * @param String $type The string value of the field type (e.g. phone, date, datetime, int, etc.)
     * @param String $query The search string value sent from the global search
     * @return boolean True if the search type fits the query string value; false otherwise
     */
    protected function filterSearchType($type, $query)
    {
        switch($type)
        {
            case 'id':
            case 'date':
            case 'datetime':
            case 'bool':
                return false;
                break;
switch ($x) {
    case 1:
        return 'foo';
        break; // This break is not necessary and can be left off.
}
            case 'int':
                if(!is_numeric($query)) {
                   return false;
                }
                break;
            case 'phone':

                //For a phone search we require at least three digits
                if(!preg_match('/[0-9]{3,}/', $query))
                {
                    return false;
                }
            case 'decimal':
            case 'float':
                if(!preg_match('/[0-9]/', $query))
                {
                   return false;
                }
                break;
        }
        return true;
    }

}

1			<?php
2			//if(!defined('sugarEntry') \|\| !sugarEntry) die('Not A Valid Entry Point');
3			/*********************************************************************************
4			* SugarCRM Community Edition is a customer relationship management program developed by
5			* SugarCRM, Inc. Copyright (C) 2004-2013 SugarCRM Inc.
6
7			* SuiteCRM is an extension to SugarCRM Community Edition developed by Salesagility Ltd.
8			* Copyright (C) 2011 - 2014 Salesagility Ltd.
9			*
10			* This program is free software; you can redistribute it and/or modify it under
11			* the terms of the GNU Affero General Public License version 3 as published by the
12			* Free Software Foundation with the addition of the following permission added
13			* to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
14			* IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
15			* OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
16			*
17			* This program is distributed in the hope that it will be useful, but WITHOUT
18			* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
19			* FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
20			* details.
21			*
22			* You should have received a copy of the GNU Affero General Public License along with
23			* this program; if not, see http://www.gnu.org/licenses or write to the Free
24			* Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
25			* 02110-1301 USA.
26			*
27			* You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
28			* SW2-130, Cupertino, CA 95014, USA. or at email address [email protected].
29			*
30			* The interactive user interfaces in modified source and object code versions
31			* of this program must display Appropriate Legal Notices, as required under
32			* Section 5 of the GNU Affero General Public License version 3.
33			*
34			* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
35			* these Appropriate Legal Notices must retain the display of the "Powered by
36			* SugarCRM" logo and "Supercharged by SuiteCRM" logo. If the display of the logos is not
37			* reasonably feasible for technical reasons, the Appropriate Legal Notices must
38			* display the words "Powered by SugarCRM" and "Supercharged by SuiteCRM".
39			********************************************************************************/
40
41
42			/**
43			* Global search
44			* @api
45			*/
46			class SugarSpot
47			{
48			protected $module = "";
49
50			/**
51			* @param string $current_module
52			*/
53			public function __construct($current_module = "")
54			{
55			$this->module = $current_module;
56			}
57			/**
58			* searchAndDisplay
59			*
60			* Performs the search and returns the HTML widget containing the results
61			*
62			* @param $query string what we are searching for
63			* @param $modules array modules we are searching in
64			* @param $offset int search result offset
65			* @return string HTML code containing results
66			*
67			* @deprecated deprecated since 6.5
68			*/
69			public function searchAndDisplay($query, $modules, $offset=-1)
70			{
71			$query_encoded = urlencode($query);
72			$formattedResults = $this->formatSearchResultsToDisplay($query, $modules, $offset);
73			$displayMoreForModule = $formattedResults['displayMoreForModule'];
74			$displayResults = $formattedResults['displayResults'];
75
76			$ss = new Sugar_Smarty();
77			$ss->assign('displayResults', $displayResults);
78			$ss->assign('displayMoreForModule', $displayMoreForModule);
79			$ss->assign('appStrings', $GLOBALS['app_strings']);
80			$ss->assign('appListStrings', $GLOBALS['app_list_strings']);
81			$ss->assign('queryEncoded', $query_encoded);
82			$template = 'include/SearchForm/tpls/SugarSpot.tpl';
83			if(file_exists('custom/include/SearchForm/tpls/SugarSpot.tpl'))
84			{
85			$template = 'custom/include/SearchForm/tpls/SugarSpot.tpl';
86			}
87			return $ss->fetch($template);
88			}
89
90
91			protected function formatSearchResultsToDisplay($query, $modules, $offset=-1)
92			{
93			$results = $this->_performSearch($query, $modules, $offset);
94			$displayResults = array();
95			$displayMoreForModule = array();
96			//$actions=0;
97			foreach($results as $m=>$data)
98			{
99			if(empty($data['data']))
100			{
101			continue;
102			}
103
104			$countRemaining = $data['pageData']['offsets']['total'] - count($data['data']);
105			if($offset > 0)
106			{
107			$countRemaining -= $offset;
108			}
109
110			if($countRemaining > 0)
111			{
112			$displayMoreForModule[$m] = array('query'=>$query,
113			'offset'=>$data['pageData']['offsets']['next']++,
114			'countRemaining'=>$countRemaining);
115			}
116
117			foreach($data['data'] as $row)
118			{
119			$name = '';
120
121			//Determine a name to use
122			if(!empty($row['NAME']))
123			{
124			$name = $row['NAME'];
125			}
126			else if(!empty($row['DOCUMENT_NAME']))
127			{
128			$name = $row['DOCUMENT_NAME'];
129			}
130			else
131			{
132			$foundName = '';
133			foreach($row as $k=>$v)
134			{
135			if(strpos($k, 'NAME') !== false)
136			{
137			if(!empty($row[$k]))
138			{
139			$name = $v;
140			break;
141			}
142			else if(empty($foundName))
143			{
144			$foundName = $v;
145			}
146			}
147			}
148
149			if(empty($name))
150			{
151			$name = $foundName;
152			}
153			}
154
155			$displayResults[$m][$row['ID']] = $name;
156			}
157			}
158
159			return array('displayResults' => $displayResults, 'displayMoreForModule' => $displayMoreForModule);
160			}
161			/**
162			* Returns the array containing the $searchFields for a module. This function
163			* first checks the default installation directories for the SearchFields.php file and then
164			* loads any custom definition (if found)
165			*
166			* @param $moduleName String name of module to retrieve SearchFields entries for
167			* @return array of SearchFields
168			*/
169			protected static function getSearchFields( $moduleName )
170			{
171			$searchFields = array();
172
173			if(file_exists("modules/{$moduleName}/metadata/SearchFields.php"))
174			{
175			require("modules/{$moduleName}/metadata/SearchFields.php");
176			}
177
178			if(file_exists("custom/modules/{$moduleName}/metadata/SearchFields.php"))
179			{
180			require("custom/modules/{$moduleName}/metadata/SearchFields.php");
181			}
182
183			return $searchFields;
184			}
185
186
187			/**
188			* Get count from query
189			* @param SugarBean $seed
190			* @param string $main_query
191			*/
192			protected function _getCount($seed, $main_query)
193			{
194			$result = $seed->db->query("SELECT COUNT(*) as c FROM ($main_query) main");
195			$row = $seed->db->fetchByAssoc($result);
196			return isset($row['c'])?$row['c']:0;
197			}
198
199			/**
200			* Determine which modules should be searched against.
201			*
202			* @return array
203			*/
204			protected function getSearchModules()
205			{
206			$usa = new UnifiedSearchAdvanced();
207			$unified_search_modules_display = $usa->getUnifiedSearchModulesDisplay();
208
209			// load the list of unified search enabled modules
210			$modules = array();
211
212			//check to see if the user has customized the list of modules available to search
213			$users_modules = $GLOBALS['current_user']->getPreference('globalSearch', 'search');
214
215			if(!empty($users_modules))
216			{
217			// use user's previous selections
218			foreach ($users_modules as $key => $value )
219			{
220			if (isset($unified_search_modules_display[$key]) && !empty($unified_search_modules_display[$key]['visible']))
221			{
222			$modules[$key] = $key;
223			}
224			}
225			}
226			else
227			{
228			foreach($unified_search_modules_display as $key=>$data)
229			{
230			if (!empty($data['visible']))
231			{
232			$modules[$key] = $key;
233			}
234			}
235			}
236			// make sure the current module appears first in the list
237			if(isset($modules[$this->module]))
238			{
239			unset($modules[$this->module]);
240			$modules = array_merge(array($this->module=>$this->module),$modules);
241			}
242
243			return $modules;
244			}
245
246			/**
247			* Perform a search
248			*
249			* @param $query string what we are searching for
250			* @param $offset int search result offset
251			* @return array
252			*/
253			public function search($query, $offset = -1, $limit = 20, $options = array())
254			{
255			if( isset($options['modules']) && !empty($options['modules']) )
256			$modules = $options['modules'];
257			else
258			$modules = $this->getSearchModules();
259
260			return $this->_performSearch($query, $modules, $offset, $limit);
261
262			}
263			/**
264			* _performSearch
265			*
266			* Performs the search from the global search field.
267			*
268			* @param $query string what we are searching for
269			* @param $modules array modules we are searching in
270			* @param $offset int search result offset
271			* @param $limit int search limit
272			* @return array
273			*/
274			protected function _performSearch($query, $modules, $offset = -1, $limit = 20)
275			{
276			if(empty($query)) return array();
277			$primary_module='';
278			$results = array();
279			require_once 'include/SearchForm/SearchForm2.php' ;
280			$where = '';
281			$searchEmail = preg_match('/^([^%]\|%)@([^%]\|%)$/', $query);
282
283			// bug49650 - strip out asterisks from query in case
284			// user thinks asterisk is a wildcard value
285			$query = str_replace( '*' , '' , $query );
286
287			$limit = !empty($GLOBALS['sugar_config']['max_spotresults_initial']) ? $GLOBALS['sugar_config']['max_spotresults_initial'] : 5;
288			if($offset !== -1){
289			$limit = !empty($GLOBALS['sugar_config']['max_spotresults_more']) ? $GLOBALS['sugar_config']['max_spotresults_more'] : 20;
290			}
291			$totalCounted = empty($GLOBALS['sugar_config']['disable_count_query']);
292
293
294			foreach($modules as $moduleName)
295			{
296			if (empty($primary_module))
297			{
298			$primary_module=$moduleName;
299			}
300
301			$searchFields = SugarSpot::getSearchFields($moduleName);
302
303			if (empty($searchFields[$moduleName]))
304			{
305			continue;
306			}
307
308			$class = $GLOBALS['beanList'][$moduleName];
309			$return_fields = array();
310			$seed = new $class();
311			if(!$seed->ACLAccess('ListView')) continue;
312
313			if ($class == 'aCase')
314			{
315			$class = 'Case';
316			}
317
318			foreach($searchFields[$moduleName] as $k=>$v)
319			{
320			$keep = false;
321			$searchFields[$moduleName][$k]['value'] = $query;
322			if(!empty($searchFields[$moduleName][$k]['force_unifiedsearch']))
323			{
324			continue;
325			}
326
327			if(!empty($GLOBALS['dictionary'][$class]['unified_search'])){
328
329			if(empty($GLOBALS['dictionary'][$class]['fields'][$k]['unified_search'])){
330
331			if(isset($searchFields[$moduleName][$k]['db_field']))
332			{
333			foreach($searchFields[$moduleName][$k]['db_field'] as $field)
334			{
335			if(!empty($GLOBALS['dictionary'][$class]['fields'][$field]['unified_search']))
336			{
337			if(isset($GLOBALS['dictionary'][$class]['fields'][$field]['type']))
338			{
339			if(!$this->filterSearchType($GLOBALS['dictionary'][$class]['fields'][$field]['type'], $query))
340			{
341			unset($searchFields[$moduleName][$k]);
342			continue;
343			}
344			}
345
346			$keep = true;
347			}
348			} //foreach
349			}
350			# Bug 42961 Spot search for custom fields
351			if (!$keep && (isset($v['force_unifiedsearch']) == false \|\| $v['force_unifiedsearch'] != true))
			0 ignored issues – show Coding Style Best Practice introduced 2016-03-07 17:58 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you are loosely comparing two booleans. Considering using the strict comparison `===` instead. When comparing two booleans, it is generally considered safer to use the strict comparison operator. Loading history...
352			{
353			if(strpos($k,'email') === false \|\| !$searchEmail) {
354			unset($searchFields[$moduleName][$k]);
355			}
356			}
357			}else{
358			if($GLOBALS['dictionary'][$class]['fields'][$k]['type'] == 'int' && !is_numeric($query)) {
359			unset($searchFields[$moduleName][$k]);
360			}
361			}
362			}else if(empty($GLOBALS['dictionary'][$class]['fields'][$k]) ){
363			//If module did not have unified_search defined, then check the exception for an email search before we unset
364			if(strpos($k,'email') === false \|\| !$searchEmail)
365			{
366			unset($searchFields[$moduleName][$k]);
367			}
368			}else if(!$this->filterSearchType($GLOBALS['dictionary'][$class]['fields'][$k]['type'], $query)){
369			unset($searchFields[$moduleName][$k]);
370			}
371			} //foreach
372
373			//If no search field criteria matched then continue to next module
374			if (empty($searchFields[$moduleName]))
375			{
376			continue;
377			}
378
379			if (empty($searchFields[$moduleName])) continue;
380
381			if(isset($seed->field_defs['name']))
382			{
383			$return_fields['name'] = $seed->field_defs['name'];
384			}
385
386			foreach($seed->field_defs as $k => $v)
387			{
388			if(isset($seed->field_defs[$k]['type']) && ($seed->field_defs[$k]['type'] == 'name') && !isset($return_fields[$k]))
389			{
390			$return_fields[$k] = $seed->field_defs[$k];
391			}
392			}
393
394			if(!isset($return_fields['name']))
395			{
396			// if we couldn't find any name fields, try search fields that have name in it
397			foreach($searchFields[$moduleName] as $k => $v)
398			{
399			if(strpos($k, 'name') != -1 && isset($seed->field_defs[$k]) && !isset($seed->field_defs[$k]['source']))
400			{
401			$return_fields[$k] = $seed->field_defs[$k];
402			break;
403			}
404			}
405			}
406
407			if(!isset($return_fields['name']))
408			{
409			// last resort - any fields that have 'name' in their name
410			foreach($seed->field_defs as $k => $v)
411			{
412			if(strpos($k, 'name') != -1 && isset($seed->field_defs[$k])
413			&& !isset($seed->field_defs[$k]['source'])) {
414			$return_fields[$k] = $seed->field_defs[$k];
415			break;
416			}
417			}
418			}
419
420			if(!isset($return_fields['name']))
421			{
422			// FAIL: couldn't find id & name for the module
423			$GLOBALS['log']->error("Unable to find name for module $moduleName");
424			continue;
425			}
426
427			if(isset($return_fields['name']['fields']))
428			{
429			// some names are composite
430			foreach($return_fields['name']['fields'] as $field)
431			{
432			$return_fields[$field] = $seed->field_defs[$field];
433			}
434			}
435
436
437			$searchForm = new SearchForm ( $seed, $moduleName ) ;
438			$searchForm->setup (array ( $moduleName => array() ) , $searchFields , '' , 'saved_views' /* hack to avoid setup doing further unwanted processing */ ) ;
			0 ignored issues – show Unused Code introduced 2016-03-07 17:58 UTC by Report Bug Copy Issue Report Show Similar Issues like this The call to `SearchForm::setup()` has too many arguments starting with `array($moduleName => array())`. This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue. If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress. In this case you can add the `@ignore` PhpDoc annotation to the duplicate definition and it will be ignored. Loading history...
439			$where_clauses = $searchForm->generateSearchWhere() ;
440
441			if(empty($where_clauses))
442			{
443			continue;
444			}
445			if(count($where_clauses) > 1)
446			{
447			$query_parts = array();
448
449			$ret_array_start = $seed->create_new_list_query('', '', $return_fields, array(), 0, '', true, $seed, true);
450			$search_keys = array_keys($searchFields[$moduleName]);
451
452			foreach($where_clauses as $n => $clause)
453			{
454			$allfields = $return_fields;
455			$skey = $search_keys[$n];
456			if(isset($seed->field_defs[$skey]))
457			{
458			// Joins for foreign fields aren't produced unless the field is in result, hence the merge
459			$allfields[$skey] = $seed->field_defs[$skey];
460			}
461			$ret_array = $seed->create_new_list_query('', $clause, $allfields, array(), 0, '', true, $seed, true);
462			$query_parts[] = $ret_array_start['select'] . $ret_array['from'] . $ret_array['where'] . $ret_array['order_by'];
463			}
464			$main_query = "(".join(") UNION (", $query_parts).")";
465			}
466			else
467			{
468			foreach($searchFields[$moduleName] as $k=>$v)
469			{
470			if(isset($seed->field_defs[$k]))
471			{
472			$return_fields[$k] = $seed->field_defs[$k];
473			}
474			}
475			$ret_array = $seed->create_new_list_query('', $where_clauses[0], $return_fields, array(), 0, '', true, $seed, true);
476			$main_query = $ret_array['select'] . $ret_array['from'] . $ret_array['where'] . $ret_array['order_by'];
477			}
478
479			$totalCount = null;
480			if($limit < -1)
481			{
482			$result = $seed->db->query($main_query);
483			}
484			else
485			{
486			if($limit == -1)
487			{
488			$limit = $GLOBALS['sugar_config']['list_max_entries_per_page'];
489			}
490
491			if($offset == 'end')
492			{
493			$totalCount = $this->_getCount($seed, $main_query);
494			if($totalCount)
495			{
496			$offset = (floor(($totalCount -1) / $limit)) * $limit;
497			} else
498			{
499			$offset = 0;
500			}
501			}
502			$result = $seed->db->limitQuery($main_query, $offset, $limit + 1);
503			}
504
505			$data = array();
506			$count = 0;
507			while($count < $limit && ($row = $seed->db->fetchByAssoc($result)))
508			{
509			$temp = clone $seed;
510			$temp->setupCustomFields($temp->module_dir);
511			$temp->loadFromRow($row);
512			$data[] = $temp->get_list_view_data($return_fields);
513			$count++;
514			}
515
516			$nextOffset = -1;
517			$prevOffset = -1;
518			$endOffset = -1;
519
520			if($count >= $limit)
521			{
522			$nextOffset = $offset + $limit;
523			}
524
525			if($offset > 0)
526			{
527			$prevOffset = $offset - $limit;
528			if($prevOffset < 0) $prevOffset = 0;
529			}
530
531			if( $count >= $limit && $totalCounted)
532			{
533			if(!isset($totalCount))
534			{
535			$totalCount = $this->_getCount($seed, $main_query);
536			}
537			} else
538			{
539			$totalCount = $count + $offset;
540			}
541
542			$pageData['offsets'] = array( 'current'=>$offset, 'next'=>$nextOffset, 'prev'=>$prevOffset, 'end'=>$endOffset, 'total'=>$totalCount, 'totalCounted'=>$totalCounted);
543			$pageData['bean'] = array('objectName' => $seed->object_name, 'moduleDir' => $seed->module_dir);
544
545			$results[$moduleName] = array("data" => $data, "pageData" => $pageData);
546			}
547			return $results;
548			}
549
550
551			/**
552			* Function used to walk the array and find keys that map the queried string.
553			* if both the pattern and module name is found the promote the string to thet top.
554			*/
555			protected function _searchKeys($item1, $key, $patterns)
556			{
557			//make the module name singular....
558			if ($patterns[1][strlen($patterns[1])-1] == 's')
559			{
560			$patterns[1]=substr($patterns[1],0,(strlen($patterns[1])-1));
561			}
562
563			$module_exists = stripos($key,$patterns[1]); //primary module name.
564			$pattern_exists = stripos($key,$patterns[0]); //pattern provided by the user.
565			if ($module_exists !== false and $pattern_exists !== false)
566			{
567			$GLOBALS['matching_keys']= array_merge(array(array('NAME'=>$key, 'ID'=>$key, 'VALUE'=>$item1)),$GLOBALS['matching_keys']);
568			}
569			else
570			{
571			if ($pattern_exists !== false)
572			{
573			$GLOBALS['matching_keys'][]=array('NAME'=>$key, 'ID'=>$key, 'VALUE'=>$item1);
574			}
575			}
576			}
577
578
579			/**
580			* filterSearchType
581			*
582			* This is a private function to determine if the search type field should be filtered out based on the query string value
583			*
584			* @param String $type The string value of the field type (e.g. phone, date, datetime, int, etc.)
585			* @param String $query The search string value sent from the global search
586			* @return boolean True if the search type fits the query string value; false otherwise
587			*/
588			protected function filterSearchType($type, $query)
589			{
590			switch($type)
591			{
592			case 'id':
593			case 'date':
594			case 'datetime':
595			case 'bool':
596			return false;
597			break;
			0 ignored issues – show Unused Code introduced 2016-03-07 17:58 UTC by Report Bug Copy Issue Report Show Similar Issues like this `break` is not strictly necessary here and could be removed. The `break` statement is not necessary if it is preceded for example by a `return` statement: switch ($x) { case 1: return 'foo'; break; // This break is not necessary and can be left off. } If you would like to keep this construct to be consistent with other `case` statements, you can safely mark this issue as a false-positive. Loading history...
598			case 'int':
599			if(!is_numeric($query)) {
600			return false;
601			}
602			break;
603			case 'phone':
			0 ignored issues – show Coding Style introduced 2016-03-07 18:01 UTC by Report Bug Copy Issue Report Show Similar Issues like this There must be a comment when fall-through is intentional in a non-empty case body Loading history...
604			//For a phone search we require at least three digits
605			if(!preg_match('/[0-9]{3,}/', $query))
606			{
607			return false;
608			}
609			case 'decimal':
610			case 'float':
611			if(!preg_match('/[0-9]/', $query))
612			{
613			return false;
614			}
615			break;
616			}
617			return true;
618			}
619
620			}

adamjakab / SuiteCRM

Issues (4069)

Security Analysis not enabled

include/SearchForm/SugarSpot.php (4 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like