Issues in formbase.php (scrutinizer-code-quality) - Issues in scrutinizer-code-quality - adamjakab/SuiteCRM - Measure and Improve Code Quality continuously with Scrutinizer

Issues (4069)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

include/formbase.php (1 issue)

Labels

Bug 1

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
if(!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point');
/*********************************************************************************
 * SugarCRM Community Edition is a customer relationship management program developed by
 * SugarCRM, Inc. Copyright (C) 2004-2013 SugarCRM Inc.

 * SuiteCRM is an extension to SugarCRM Community Edition developed by Salesagility Ltd.
 * Copyright (C) 2011 - 2014 Salesagility Ltd.
 *
 * This program is free software; you can redistribute it and/or modify it under
 * the terms of the GNU Affero General Public License version 3 as published by the
 * Free Software Foundation with the addition of the following permission added
 * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
 * IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
 * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
 *
 * This program is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 * FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more
 * details.
 *
 * You should have received a copy of the GNU Affero General Public License along with
 * this program; if not, see http://www.gnu.org/licenses or write to the Free
 * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 * 02110-1301 USA.
 *
 * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
 * SW2-130, Cupertino, CA 95014, USA. or at email address [email protected].
 *
 * The interactive user interfaces in modified source and object code versions
 * of this program must display Appropriate Legal Notices, as required under
 * Section 5 of the GNU Affero General Public License version 3.
 *
 * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
 * these Appropriate Legal Notices must retain the display of the "Powered by
 * SugarCRM" logo and "Supercharged by SuiteCRM" logo. If the display of the logos is not
 * reasonably feasible for  technical reasons, the Appropriate Legal Notices must
 * display the words  "Powered by SugarCRM" and "Supercharged by SuiteCRM".
 ********************************************************************************/

/*********************************************************************************

 * Description:  is a form helper
 * Portions created by SugarCRM are Copyright (C) SugarCRM, Inc.
 * All Rights Reserved.
 * Contributor(s): ______________________________________..
 ********************************************************************************/

/**
 * Check for null or zero for list of values
 * @param $prefix the prefix of value to be checked
 * @param $required array of value to be checked
 * @return boolean true if all values are set in the array
 */
function checkRequired($prefix, $required)
{
	foreach($required as $key)
	{
		if(!isset($_POST[$prefix.$key]) || number_empty($_POST[$prefix.$key]))
		{
			return false;
		}
	}
	return true;
}

/**
 * Populating bean from $_POST
 *
 * @param string $prefix of name of fields
 * @param SugarBean $focus bean
 * @param bool $skipRetrieve do not retrieve data of bean
 * @param bool $checkACL do not update fields if they are forbidden for current user
 * @return SugarBean
 */
function populateFromPost($prefix, &$focus, $skipRetrieve = false, $checkACL = false)
{
	global $current_user;

	if(!empty($_REQUEST[$prefix.'record']) && !$skipRetrieve)
		$focus->retrieve($_REQUEST[$prefix.'record']);

	if(!empty($_POST['assigned_user_id']) && 
	    ($focus->assigned_user_id != $_POST['assigned_user_id']) && 
	    ($_POST['assigned_user_id'] != $current_user->id)) {
		$GLOBALS['check_notify'] = true;
	}
    if(isset($_POST['dup_checked']) && $_POST['dup_checked'] && isset($_POST['id']) && $_POST['id'] != '' ){
        $focus->new_with_id = true;
    }
    require_once('include/SugarFields/SugarFieldHandler.php');
    $sfh = new SugarFieldHandler();
   
    $isOwner = $focus->isOwner($current_user->id);
    $relatedFields = array();
    foreach ($focus->field_defs as $field => $def) {
        if (empty($def['type']) || $def['type'] != 'relate') {
            continue;
        }
        if (empty($def['source']) || $def['source'] != 'non-db') {
            continue;
        }
        if (empty($def['id_name']) || $def['id_name'] == $field) {
            continue;
        }
        $relatedFields[$def['id_name']] = $field;
    }

	foreach($focus->field_defs as $field=>$def) {
        if ( $field == 'id' && !empty($focus->id) ) {
            // Don't try and overwrite the ID
            continue;
        }


	    $type = !empty($def['custom_type']) ? $def['custom_type'] : $def['type'];
		$sf = $sfh->getSugarField($type);
        if($sf != null){
            $sf->save($focus, $_POST, $field, $def, $prefix);
        } else {
            $GLOBALS['log']->fatal("Field '$field' does not have a SugarField handler");
        }

/*
        if(isset($_POST[$prefix.$field])) {
			if(is_array($_POST[$prefix.$field]) && !empty($focus->field_defs[$field]['isMultiSelect'])) {
				if($_POST[$prefix.$field][0] === '' && !empty($_POST[$prefix.$field][1]) ) {
					unset($_POST[$prefix.$field][0]);
				}
				$_POST[$prefix.$field] = encodeMultienumValue($_POST[$prefix.$field]);	
			}

			$focus->$field = $_POST[$prefix.$field];
			/* 
			 * overrides the passed value for booleans.
			 * this will be fully deprecated when the change to binary booleans is complete.
			 /
			if(isset($focus->field_defs[$prefix.$field]) && $focus->field_defs[$prefix.$field]['type'] == 'bool' && isset($focus->field_defs[$prefix.$field]['options'])) {
				$opts = explode("|", $focus->field_defs[$prefix.$field]['options']);
				$bool = $_POST[$prefix.$field];

				if(is_int($bool) || ($bool === "0" || $bool === "1" || $bool === "2")) {
					// 1=on, 2=off
					$selection = ($_POST[$prefix.$field] == "0") ? 1 : 0;
				} elseif(is_bool($_POST[$prefix.$field])) {
					// true=on, false=off
					$selection = ($_POST[$prefix.$field]) ? 0 : 1;
				}
				$focus->$field = $opts[$selection];
			}
		} else if(!empty($focus->field_defs[$field]['isMultiSelect']) && !isset($_POST[$prefix.$field]) && isset($_POST[$prefix.$field . '_multiselect'])) {
			$focus->$field = '';
		}
*/
	}

	foreach($focus->additional_column_fields as $field) {
		if(isset($_POST[$prefix.$field])) {
			$value = $_POST[$prefix.$field];
			$focus->$field = $value;
		}
	}
	return $focus;
}

function add_hidden_elements($key, $value) {

    $elements = '';

    // if it's an array, we need to loop into the array and use square brackets []
    if (is_array($value)) {
        foreach ($value as $k=>$v) {
            $elements .= "<input type='hidden' name='$key"."[$k]' value='$v'>\n";
        }
    } else {
        $elements = "<input type='hidden' name='$key' value='$value'>\n";
    }

    return $elements;
}


function getPostToForm($ignore='', $isRegularExpression=false)
{
	$fields = '';
	if(!empty($ignore) && $isRegularExpression) {
		foreach ($_POST as $key=>$value){
			if(!preg_match($ignore, $key)) {
                                $fields .= add_hidden_elements($key, $value);
			}
		}	
	} else {
		foreach ($_POST as $key=>$value){
			if($key != $ignore) {
                                $fields .= add_hidden_elements($key, $value);
			}
		}
	}
	return $fields;
}

function getGetToForm($ignore='', $usePostAsAuthority = false)
{
	$fields = '';
	foreach ($_GET as $key=>$value)
	{
		if($key != $ignore){
			if(!$usePostAsAuthority || !isset($_POST[$key])){
				$fields.= "<input type='hidden' name='$key' value='$value'>";
			}
		}
	}
	return $fields;

}
function getAnyToForm($ignore='', $usePostAsAuthority = false)
{
	$fields = getPostToForm($ignore);
	$fields .= getGetToForm($ignore, $usePostAsAuthority);
	return $fields;

}

function handleRedirect($return_id='', $return_module='', $additionalFlags = false)
{
	if(isset($_REQUEST['return_url']) && $_REQUEST['return_url'] != "")
	{
		header("Location: ". $_REQUEST['return_url']);
		exit;
	}

	$url = buildRedirectURL($return_id, $return_module);
	header($url);
	exit;	
}

//eggsurplus: abstract to simplify unit testing
function buildRedirectURL($return_id='', $return_module='') 
{
    if(isset($_REQUEST['return_module']) && $_REQUEST['return_module'] != "")
	{
		$return_module = $_REQUEST['return_module'];
	}
	else
	{
		$return_module = $return_module;

	}
	if(isset($_REQUEST['return_action']) && $_REQUEST['return_action'] != "")
	{
	    
	   //if we are doing a "Close and Create New"
        if(isCloseAndCreateNewPressed())
        {
            $return_action = "EditView";    
            $isDuplicate = "true";        
            $status = "";
            
            // Meeting Integration
            if(isset($_REQUEST['meetingIntegrationFlag']) && $_REQUEST['meetingIntegrationFlag'] == 1) {
            	$additionalFlags = array('meetingIntegrationShowForm' => '1');
            }
            // END Meeting Integration
        } 
		// if we create a new record "Save", we want to redirect to the DetailView
		else if(isset($_REQUEST['action']) && $_REQUEST['action'] == "Save" 
			&& $_REQUEST['return_module'] != 'Activities'
			&& $_REQUEST['return_module'] != 'Home' 
			&& $_REQUEST['return_module'] != 'Forecasts' 
			&& $_REQUEST['return_module'] != 'Calendar'
			&& $_REQUEST['return_module'] != 'MailMerge'
			) 
			{
			    $return_action = 'DetailView';
			} elseif($_REQUEST['return_module'] == 'Activities' || $_REQUEST['return_module'] == 'Calendar') {
			$return_module = $_REQUEST['module'];
			$return_action = $_REQUEST['return_action']; 
			// wp: return action needs to be set for one-click close in task list
		} 
		else 
		{
			// if we "Cancel", we go back to the list view.
			$return_action = $_REQUEST['return_action'];
		}
	}
	else
	{
		$return_action = "DetailView";
	}
	
	if(isset($_REQUEST['return_id']) && $_REQUEST['return_id'] != "")
	{
		$return_id = $_REQUEST['return_id'];
	}

    $add = "";
    if(isset($additionalFlags) && !empty($additionalFlags)) {
        foreach($additionalFlags as $k => $v) {
            $add .= "&{$k}={$v}";
        }
    }
    
    if (!isset($isDuplicate) || !$isDuplicate)
    {
        $url="index.php?action=$return_action&module=$return_module&record=$return_id&return_module=$return_module&return_action=$return_action{$add}";
        if(isset($_REQUEST['offset']) && empty($_REQUEST['duplicateSave'])) {
            $url .= "&offset=".$_REQUEST['offset'];
        }
        if(!empty($_REQUEST['ajax_load']))
        {
            $ajax_ret = array(
                'content' => "<script>SUGAR.ajaxUI.loadContent('$url');</script>\n",
                'menu' => array(
                    'module' => $return_module,
                    'label' => translate($return_module),
                ),
            );
            $json = getJSONobj();
            echo $json->encode($ajax_ret);
        } else {
            return "Location: $url";
        }
    } else {
    	$standard = "action=$return_action&module=$return_module&record=$return_id&isDuplicate=true&return_module=$return_module&return_action=$return_action&status=$status";
        $url="index.php?{$standard}{$add}";
        if(!empty($_REQUEST['ajax_load']))
        {
            $ajax_ret = array(
                 'content' => "<script>SUGAR.ajaxUI.loadContent('$url');</script>\n",
                 'menu' => array(
                     'module' => $return_module,
                     'label' => translate($return_module),
                 ),
            );
            $json = getJSONobj();
            echo $json->encode($ajax_ret);
        } else {
            return "Location: $url";
        }
    }
}

function getLikeForEachWord($fieldname, $value, $minsize=4)
{
	$value = trim($value);
	$values = explode(' ',$value);
	$ret = '';
	foreach($values as $val)
	{
		if(strlen($val) >= $minsize)
		{
			if(!empty($ret))
			{
				$ret .= ' or';
			}
			$ret .= ' '. $fieldname . ' LIKE %'.$val.'%';
		}

	}


}

function isCloseAndCreateNewPressed() {
    return isset($_REQUEST['action']) && 
           $_REQUEST['action'] == "Save" &&
           isset($_REQUEST['isSaveAndNew']) && 
           $_REQUEST['isSaveAndNew'] == 'true';	
}


/**
 * Functions from Save2.php
 * @see include/generic/Save2.php
 */

function add_prospects_to_prospect_list($parent_id,$child_id)
{
    $focus=BeanFactory::getBean('Prospects');
    if(is_array($child_id)){
        $uids = $child_id;
    }
    else{
        $uids = array($child_id);
    }

    $relationship = '';
    foreach($focus->get_linked_fields() as $field => $def) {
        if ($focus->load_relationship($field)) {
            if ( $focus->$field->getRelatedModuleName() == 'ProspectLists' ) {
                $relationship = $field;
                break;
            }
        }
    }

    if ( $relationship != '' ) {
        foreach ( $uids as $id) {
            $focus->retrieve($id);
            $focus->load_relationship($relationship);
            $focus->prospect_lists->add( $parent_id );
        }
    }
}

function add_to_prospect_list($query_panel,$parent_module,$parent_type,$parent_id,$child_id,$link_attribute,$link_type,$parent)
{
    $GLOBALS['log']->debug('add_prospects_to_prospect_list:parameters:'.$query_panel);
    $GLOBALS['log']->debug('add_prospects_to_prospect_list:parameters:'.$parent_module);
    $GLOBALS['log']->debug('add_prospects_to_prospect_list:parameters:'.$parent_type);
    $GLOBALS['log']->debug('add_prospects_to_prospect_list:parameters:'.$parent_id);
    $GLOBALS['log']->debug('add_prospects_to_prospect_list:parameters:'.$child_id);
    $GLOBALS['log']->debug('add_prospects_to_prospect_list:parameters:'.$link_attribute);
    $GLOBALS['log']->debug('add_prospects_to_prospect_list:parameters:'.$link_type);
    require_once('include/SubPanel/SubPanelTiles.php');


    if (!class_exists($parent_type)) {
        require_once('modules/'.cleanDirName($parent_module).'/'.cleanDirName($parent_type).'.php');
    }
    $focus = new $parent_type();
    $focus->retrieve($parent_id);
    if(empty($focus->id)) {
        return false;
    }
    if(empty($parent)) {
        return false;
    }

    //if link_type is default then load relationship once and add all the child ids.
    $relationship_attribute=$link_attribute;

    //find all prospects based on the query

    $subpanel = new SubPanelTiles($parent, $parent->module_dir);
    $thisPanel=$subpanel->subpanel_definitions->load_subpanel($query_panel);
    if(empty($thisPanel)) {
        return false;
    }

    // bugfix #57850  filter prospect list based on marketing_id (if it's present)
    if (isset($_REQUEST['marketing_id']) && $_REQUEST['marketing_id'] != 'all')
    {
        $thisPanel->_instance_properties['function_parameters']['EMAIL_MARKETING_ID_VALUE'] = $_REQUEST['marketing_id'];
    }

    $result = SugarBean::get_union_related_list($parent, '', '', '', 0, -99,-99,'', $thisPanel);

    if(!empty($result['list'])) {
        foreach($result['list'] as $object) {
            if ($link_type != 'default') {
                $relationship_attribute=strtolower($object->$link_attribute);
            }
            $GLOBALS['log']->debug('add_prospects_to_prospect_list:relationship_attribute:'.$relationship_attribute);
            // load relationship for the first time or on change of relationship atribute.
            if (empty($focus->$relationship_attribute)) {
                $focus->load_relationship($relationship_attribute);
            }
            //add
            $focus->$relationship_attribute->add($object->$child_id);
        }
    }
}

//Link rows returned by a report to parent record.
function save_from_report($report_id,$parent_id, $module_name, $relationship_attr_name) {
    global $beanFiles;
    global $beanList;

    $GLOBALS['log']->debug("Save2: Linking with report output");
    $GLOBALS['log']->debug("Save2:Report ID=".$report_id);
    $GLOBALS['log']->debug("Save2:Parent ID=".$parent_id);
    $GLOBALS['log']->debug("Save2:Module Name=".$module_name);
    $GLOBALS['log']->debug("Save2:Relationship Attribute Name=".$relationship_attr_name);

    $GLOBALS['log']->debug("Save2:Bean Name=" . $module_name);
    $focus = BeanFactory::newBean($module_name);

    $focus->retrieve($parent_id);
    $focus->load_relationship($relationship_attr_name);

    //fetch report definition.
    global $current_language, $report_modules, $modules_report;

    $mod_strings = return_module_language($current_language,"Reports");


    $saved = new SavedReport();
    $saved->disable_row_level_security = true;
    $saved->retrieve($report_id, false);

    //initiailize reports engine with the report definition.
    require_once('modules/Reports/SubpanelFromReports.php');
    $report = new SubpanelFromReports($saved);
    $report->run_query();

    $sql = $report->query_list[0];
    $GLOBALS['log']->debug("Save2:Report Query=".$sql);
    $result = $report->db->query($sql);

    $reportBean = BeanFactory::newBean($saved->module);
    while($row = $report->db->fetchByAssoc($result))
    {
        $reportBean->id = $row['primaryid'];
        $focus->$relationship_attr_name->add($reportBean);
    }
}

?>


1		<?php
2	1	if(!defined('sugarEntry') \|\| !sugarEntry) die('Not A Valid Entry Point');
3		/*********************************************************************************
4		* SugarCRM Community Edition is a customer relationship management program developed by
5		* SugarCRM, Inc. Copyright (C) 2004-2013 SugarCRM Inc.
6
7		* SuiteCRM is an extension to SugarCRM Community Edition developed by Salesagility Ltd.
8		* Copyright (C) 2011 - 2014 Salesagility Ltd.
9		*
10		* This program is free software; you can redistribute it and/or modify it under
11		* the terms of the GNU Affero General Public License version 3 as published by the
12		* Free Software Foundation with the addition of the following permission added
13		* to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
14		* IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
15		* OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
16		*
17		* This program is distributed in the hope that it will be useful, but WITHOUT
18		* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
19		* FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
20		* details.
21		*
22		* You should have received a copy of the GNU Affero General Public License along with
23		* this program; if not, see http://www.gnu.org/licenses or write to the Free
24		* Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
25		* 02110-1301 USA.
26		*
27		* You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
28		* SW2-130, Cupertino, CA 95014, USA. or at email address [email protected].
29		*
30		* The interactive user interfaces in modified source and object code versions
31		* of this program must display Appropriate Legal Notices, as required under
32		* Section 5 of the GNU Affero General Public License version 3.
33		*
34		* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
35		* these Appropriate Legal Notices must retain the display of the "Powered by
36		* SugarCRM" logo and "Supercharged by SuiteCRM" logo. If the display of the logos is not
37		* reasonably feasible for technical reasons, the Appropriate Legal Notices must
38		* display the words "Powered by SugarCRM" and "Supercharged by SuiteCRM".
39		********************************************************************************/
40
41		/*********************************************************************************
42
43		* Description: is a form helper
44		* Portions created by SugarCRM are Copyright (C) SugarCRM, Inc.
45		* All Rights Reserved.
46		* Contributor(s): ______________________________________..
47		********************************************************************************/
48
49		/**
50		* Check for null or zero for list of values
51		* @param $prefix the prefix of value to be checked
52		* @param $required array of value to be checked
53		* @return boolean true if all values are set in the array
54		*/
55	1	function checkRequired($prefix, $required)
56		{
57		foreach($required as $key)
58		{
59		if(!isset($_POST[$prefix.$key]) \|\| number_empty($_POST[$prefix.$key]))
60		{
61		return false;
62		}
63		}
64		return true;
65		}
66
67		/**
68		* Populating bean from $_POST
69		*
70		* @param string $prefix of name of fields
71		* @param SugarBean $focus bean
72		* @param bool $skipRetrieve do not retrieve data of bean
73		* @param bool $checkACL do not update fields if they are forbidden for current user
74		* @return SugarBean
75		*/
76	1	function populateFromPost($prefix, &$focus, $skipRetrieve = false, $checkACL = false)
77		{
78		global $current_user;
79
80		if(!empty($_REQUEST[$prefix.'record']) && !$skipRetrieve)
81		$focus->retrieve($_REQUEST[$prefix.'record']);
82
83		if(!empty($_POST['assigned_user_id']) &&
84		($focus->assigned_user_id != $_POST['assigned_user_id']) &&
85		($_POST['assigned_user_id'] != $current_user->id)) {
86		$GLOBALS['check_notify'] = true;
87		}
88		if(isset($_POST['dup_checked']) && $_POST['dup_checked'] && isset($_POST['id']) && $_POST['id'] != '' ){
89		$focus->new_with_id = true;
90		}
91		require_once('include/SugarFields/SugarFieldHandler.php');
92		$sfh = new SugarFieldHandler();
93
94		$isOwner = $focus->isOwner($current_user->id);
95		$relatedFields = array();
96		foreach ($focus->field_defs as $field => $def) {
97		if (empty($def['type']) \|\| $def['type'] != 'relate') {
98		continue;
99		}
100		if (empty($def['source']) \|\| $def['source'] != 'non-db') {
101		continue;
102		}
103		if (empty($def['id_name']) \|\| $def['id_name'] == $field) {
104		continue;
105		}
106		$relatedFields[$def['id_name']] = $field;
107		}
108
109		foreach($focus->field_defs as $field=>$def) {
110		if ( $field == 'id' && !empty($focus->id) ) {
111		// Don't try and overwrite the ID
112		continue;
113		}
114
115
116		$type = !empty($def['custom_type']) ? $def['custom_type'] : $def['type'];
117		$sf = $sfh->getSugarField($type);
118		if($sf != null){
119		$sf->save($focus, $_POST, $field, $def, $prefix);
120		} else {
121		$GLOBALS['log']->fatal("Field '$field' does not have a SugarField handler");
122		}
123
124		/*
125		if(isset($_POST[$prefix.$field])) {
126		if(is_array($_POST[$prefix.$field]) && !empty($focus->field_defs[$field]['isMultiSelect'])) {
127		if($_POST[$prefix.$field][0] === '' && !empty($_POST[$prefix.$field][1]) ) {
128		unset($_POST[$prefix.$field][0]);
129		}
130		$_POST[$prefix.$field] = encodeMultienumValue($_POST[$prefix.$field]);
131		}
132
133		$focus->$field = $_POST[$prefix.$field];
134		/*
135		* overrides the passed value for booleans.
136		* this will be fully deprecated when the change to binary booleans is complete.
137		/
138		if(isset($focus->field_defs[$prefix.$field]) && $focus->field_defs[$prefix.$field]['type'] == 'bool' && isset($focus->field_defs[$prefix.$field]['options'])) {
139		$opts = explode("\|", $focus->field_defs[$prefix.$field]['options']);
140		$bool = $_POST[$prefix.$field];
141
142		if(is_int($bool) \|\| ($bool === "0" \|\| $bool === "1" \|\| $bool === "2")) {
143		// 1=on, 2=off
144		$selection = ($_POST[$prefix.$field] == "0") ? 1 : 0;
145		} elseif(is_bool($_POST[$prefix.$field])) {
146		// true=on, false=off
147		$selection = ($_POST[$prefix.$field]) ? 0 : 1;
148		}
149		$focus->$field = $opts[$selection];
150		}
151		} else if(!empty($focus->field_defs[$field]['isMultiSelect']) && !isset($_POST[$prefix.$field]) && isset($_POST[$prefix.$field . '_multiselect'])) {
152		$focus->$field = '';
153		}
154		*/
155		}
156
157		foreach($focus->additional_column_fields as $field) {
158		if(isset($_POST[$prefix.$field])) {
159		$value = $_POST[$prefix.$field];
160		$focus->$field = $value;
161		}
162		}
163		return $focus;
164		}
165
166	1	function add_hidden_elements($key, $value) {
167
168		$elements = '';
169
170		// if it's an array, we need to loop into the array and use square brackets []
171		if (is_array($value)) {
172		foreach ($value as $k=>$v) {
173		$elements .= "<input type='hidden' name='$key"."[$k]' value='$v'>\n";
174		}
175		} else {
176		$elements = "<input type='hidden' name='$key' value='$value'>\n";
177		}
178
179		return $elements;
180		}
181
182
183	1	function getPostToForm($ignore='', $isRegularExpression=false)
184		{
185	1	$fields = '';
186	1	if(!empty($ignore) && $isRegularExpression) {
187		foreach ($_POST as $key=>$value){
188		if(!preg_match($ignore, $key)) {
189		$fields .= add_hidden_elements($key, $value);
190		}
191		}
192		} else {
193	1	foreach ($_POST as $key=>$value){
194		if($key != $ignore) {
195		$fields .= add_hidden_elements($key, $value);
196		}
197		}
198		}
199	1	return $fields;
200		}
201
202	1	function getGetToForm($ignore='', $usePostAsAuthority = false)
203		{
204	1	$fields = '';
205	1	foreach ($_GET as $key=>$value)
206		{
207		if($key != $ignore){
208		if(!$usePostAsAuthority \|\| !isset($_POST[$key])){
209		$fields.= "<input type='hidden' name='$key' value='$value'>";
210		}
211		}
212		}
213	1	return $fields;
214
215		}
216	1	function getAnyToForm($ignore='', $usePostAsAuthority = false)
217		{
218	1	$fields = getPostToForm($ignore);
219	1	$fields .= getGetToForm($ignore, $usePostAsAuthority);
220	1	return $fields;
221
222		}
223
224	1	function handleRedirect($return_id='', $return_module='', $additionalFlags = false)
225		{
226		if(isset($_REQUEST['return_url']) && $_REQUEST['return_url'] != "")
227		{
228		header("Location: ". $_REQUEST['return_url']);
229		exit;
230		}
231
232		$url = buildRedirectURL($return_id, $return_module);
233		header($url);
234		exit;
235		}
236
237		//eggsurplus: abstract to simplify unit testing
238	1	function buildRedirectURL($return_id='', $return_module='')
239		{
240		if(isset($_REQUEST['return_module']) && $_REQUEST['return_module'] != "")
241		{
242		$return_module = $_REQUEST['return_module'];
243		}
244		else
245		{
246		$return_module = $return_module;
		0 ignored issues – show Bug introduced 2016-03-07 15:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this Why assign `$return_module` to itself? This checks looks for cases where a variable has been assigned to itself. This assignement can be removed without consequences. Loading history...
247		}
248		if(isset($_REQUEST['return_action']) && $_REQUEST['return_action'] != "")
249		{
250
251		//if we are doing a "Close and Create New"
252		if(isCloseAndCreateNewPressed())
253		{
254		$return_action = "EditView";
255		$isDuplicate = "true";
256		$status = "";
257
258		// Meeting Integration
259		if(isset($_REQUEST['meetingIntegrationFlag']) && $_REQUEST['meetingIntegrationFlag'] == 1) {
260		$additionalFlags = array('meetingIntegrationShowForm' => '1');
261		}
262		// END Meeting Integration
263		}
264		// if we create a new record "Save", we want to redirect to the DetailView
265		else if(isset($_REQUEST['action']) && $_REQUEST['action'] == "Save"
266		&& $_REQUEST['return_module'] != 'Activities'
267		&& $_REQUEST['return_module'] != 'Home'
268		&& $_REQUEST['return_module'] != 'Forecasts'
269		&& $_REQUEST['return_module'] != 'Calendar'
270		&& $_REQUEST['return_module'] != 'MailMerge'
271		)
272		{
273		$return_action = 'DetailView';
274		} elseif($_REQUEST['return_module'] == 'Activities' \|\| $_REQUEST['return_module'] == 'Calendar') {
275		$return_module = $_REQUEST['module'];
276		$return_action = $_REQUEST['return_action'];
277		// wp: return action needs to be set for one-click close in task list
278		}
279		else
280		{
281		// if we "Cancel", we go back to the list view.
282		$return_action = $_REQUEST['return_action'];
283		}
284		}
285		else
286		{
287		$return_action = "DetailView";
288		}
289
290		if(isset($_REQUEST['return_id']) && $_REQUEST['return_id'] != "")
291		{
292		$return_id = $_REQUEST['return_id'];
293		}
294
295		$add = "";
296		if(isset($additionalFlags) && !empty($additionalFlags)) {
297		foreach($additionalFlags as $k => $v) {
298		$add .= "&{$k}={$v}";
299		}
300		}
301
302		if (!isset($isDuplicate) \|\| !$isDuplicate)
303		{
304		$url="index.php?action=$return_action&module=$return_module&record=$return_id&return_module=$return_module&return_action=$return_action{$add}";
305		if(isset($_REQUEST['offset']) && empty($_REQUEST['duplicateSave'])) {
306		$url .= "&offset=".$_REQUEST['offset'];
307		}
308		if(!empty($_REQUEST['ajax_load']))
309		{
310		$ajax_ret = array(
311		'content' => "<script>SUGAR.ajaxUI.loadContent('$url');</script>\n",
312		'menu' => array(
313		'module' => $return_module,
314		'label' => translate($return_module),
315		),
316		);
317		$json = getJSONobj();
318		echo $json->encode($ajax_ret);
319		} else {
320		return "Location: $url";
321		}
322		} else {
323		$standard = "action=$return_action&module=$return_module&record=$return_id&isDuplicate=true&return_module=$return_module&return_action=$return_action&status=$status";
324		$url="index.php?{$standard}{$add}";
325		if(!empty($_REQUEST['ajax_load']))
326		{
327		$ajax_ret = array(
328		'content' => "<script>SUGAR.ajaxUI.loadContent('$url');</script>\n",
329		'menu' => array(
330		'module' => $return_module,
331		'label' => translate($return_module),
332		),
333		);
334		$json = getJSONobj();
335		echo $json->encode($ajax_ret);
336		} else {
337		return "Location: $url";
338		}
339		}
340		}
341
342	1	function getLikeForEachWord($fieldname, $value, $minsize=4)
343		{
344		$value = trim($value);
345		$values = explode(' ',$value);
346		$ret = '';
347		foreach($values as $val)
348		{
349		if(strlen($val) >= $minsize)
350		{
351		if(!empty($ret))
352		{
353		$ret .= ' or';
354		}
355		$ret .= ' '. $fieldname . ' LIKE %'.$val.'%';
356		}
357
358		}
359
360
361		}
362
363	1	function isCloseAndCreateNewPressed() {
364		return isset($_REQUEST['action']) &&
365		$_REQUEST['action'] == "Save" &&
366		isset($_REQUEST['isSaveAndNew']) &&
367		$_REQUEST['isSaveAndNew'] == 'true';
368		}
369
370
371		/**
372		* Functions from Save2.php
373		* @see include/generic/Save2.php
374		*/
375
376	1	function add_prospects_to_prospect_list($parent_id,$child_id)
377		{
378		$focus=BeanFactory::getBean('Prospects');
379		if(is_array($child_id)){
380		$uids = $child_id;
381		}
382		else{
383		$uids = array($child_id);
384		}
385
386		$relationship = '';
387		foreach($focus->get_linked_fields() as $field => $def) {
388		if ($focus->load_relationship($field)) {
389		if ( $focus->$field->getRelatedModuleName() == 'ProspectLists' ) {
390		$relationship = $field;
391		break;
392		}
393		}
394		}
395
396		if ( $relationship != '' ) {
397		foreach ( $uids as $id) {
398		$focus->retrieve($id);
399		$focus->load_relationship($relationship);
400		$focus->prospect_lists->add( $parent_id );
401		}
402		}
403		}
404
405	1	function add_to_prospect_list($query_panel,$parent_module,$parent_type,$parent_id,$child_id,$link_attribute,$link_type,$parent)
406		{
407		$GLOBALS['log']->debug('add_prospects_to_prospect_list:parameters:'.$query_panel);
408		$GLOBALS['log']->debug('add_prospects_to_prospect_list:parameters:'.$parent_module);
409		$GLOBALS['log']->debug('add_prospects_to_prospect_list:parameters:'.$parent_type);
410		$GLOBALS['log']->debug('add_prospects_to_prospect_list:parameters:'.$parent_id);
411		$GLOBALS['log']->debug('add_prospects_to_prospect_list:parameters:'.$child_id);
412		$GLOBALS['log']->debug('add_prospects_to_prospect_list:parameters:'.$link_attribute);
413		$GLOBALS['log']->debug('add_prospects_to_prospect_list:parameters:'.$link_type);
414		require_once('include/SubPanel/SubPanelTiles.php');
415
416
417		if (!class_exists($parent_type)) {
418		require_once('modules/'.cleanDirName($parent_module).'/'.cleanDirName($parent_type).'.php');
419		}
420		$focus = new $parent_type();
421		$focus->retrieve($parent_id);
422		if(empty($focus->id)) {
423		return false;
424		}
425		if(empty($parent)) {
426		return false;
427		}
428
429		//if link_type is default then load relationship once and add all the child ids.
430		$relationship_attribute=$link_attribute;
431
432		//find all prospects based on the query
433
434		$subpanel = new SubPanelTiles($parent, $parent->module_dir);
435		$thisPanel=$subpanel->subpanel_definitions->load_subpanel($query_panel);
436		if(empty($thisPanel)) {
437		return false;
438		}
439
440		// bugfix #57850 filter prospect list based on marketing_id (if it's present)
441		if (isset($_REQUEST['marketing_id']) && $_REQUEST['marketing_id'] != 'all')
442		{
443		$thisPanel->_instance_properties['function_parameters']['EMAIL_MARKETING_ID_VALUE'] = $_REQUEST['marketing_id'];
444		}
445
446		$result = SugarBean::get_union_related_list($parent, '', '', '', 0, -99,-99,'', $thisPanel);
447
448		if(!empty($result['list'])) {
449		foreach($result['list'] as $object) {
450		if ($link_type != 'default') {
451		$relationship_attribute=strtolower($object->$link_attribute);
452		}
453		$GLOBALS['log']->debug('add_prospects_to_prospect_list:relationship_attribute:'.$relationship_attribute);
454		// load relationship for the first time or on change of relationship atribute.
455		if (empty($focus->$relationship_attribute)) {
456		$focus->load_relationship($relationship_attribute);
457		}
458		//add
459		$focus->$relationship_attribute->add($object->$child_id);
460		}
461		}
462		}
463
464		//Link rows returned by a report to parent record.
465	1	function save_from_report($report_id,$parent_id, $module_name, $relationship_attr_name) {
466		global $beanFiles;
467		global $beanList;
468
469		$GLOBALS['log']->debug("Save2: Linking with report output");
470		$GLOBALS['log']->debug("Save2:Report ID=".$report_id);
471		$GLOBALS['log']->debug("Save2:Parent ID=".$parent_id);
472		$GLOBALS['log']->debug("Save2:Module Name=".$module_name);
473		$GLOBALS['log']->debug("Save2:Relationship Attribute Name=".$relationship_attr_name);
474
475		$GLOBALS['log']->debug("Save2:Bean Name=" . $module_name);
476		$focus = BeanFactory::newBean($module_name);
477
478		$focus->retrieve($parent_id);
479		$focus->load_relationship($relationship_attr_name);
480
481		//fetch report definition.
482		global $current_language, $report_modules, $modules_report;
483
484		$mod_strings = return_module_language($current_language,"Reports");
485
486
487		$saved = new SavedReport();
488		$saved->disable_row_level_security = true;
489		$saved->retrieve($report_id, false);
490
491		//initiailize reports engine with the report definition.
492		require_once('modules/Reports/SubpanelFromReports.php');
493		$report = new SubpanelFromReports($saved);
494		$report->run_query();
495
496		$sql = $report->query_list[0];
497		$GLOBALS['log']->debug("Save2:Report Query=".$sql);
498		$result = $report->db->query($sql);
499
500		$reportBean = BeanFactory::newBean($saved->module);
501		while($row = $report->db->fetchByAssoc($result))
502		{
503		$reportBean->id = $row['primaryid'];
504		$focus->$relationship_attr_name->add($reportBean);
505		}
506	1	}
507
508		?>
509

adamjakab / SuiteCRM

Issues (4069)

Security Analysis not enabled

include/formbase.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like