Issues (4069)

Security Analysis    not enabled

This project does not seem to handle request data directly as such no vulnerable execution paths were found.

  Cross-Site Scripting
Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.
  File Exposure
File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.
  File Manipulation
File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.
  Object Injection
Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.
  Code Injection
Code Injection enables an attacker to execute arbitrary code on the server.
  Response Splitting
Response Splitting can be used to send arbitrary responses.
  File Inclusion
File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.
  Command Injection
Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.
  SQL Injection
SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.
  XPath Injection
XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.
  LDAP Injection
LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.
  Header Injection
  Other Vulnerability
This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.
  Regex Injection
Regex Injection enables an attacker to execute arbitrary code in your PHP process.
  XML Injection
XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.
  Variable Injection
Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.
Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

modules/Administration/QuickRepairAndRebuild.php (2 issues)

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

1
<?php
2
if(!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point');
3
/*********************************************************************************
4
 * SugarCRM Community Edition is a customer relationship management program developed by
5
 * SugarCRM, Inc. Copyright (C) 2004-2013 SugarCRM Inc.
6
7
 * SuiteCRM is an extension to SugarCRM Community Edition developed by Salesagility Ltd.
8
 * Copyright (C) 2011 - 2014 Salesagility Ltd.
9
 *
10
 * This program is free software; you can redistribute it and/or modify it under
11
 * the terms of the GNU Affero General Public License version 3 as published by the
12
 * Free Software Foundation with the addition of the following permission added
13
 * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
14
 * IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
15
 * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
16
 *
17
 * This program is distributed in the hope that it will be useful, but WITHOUT
18
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
19
 * FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more
20
 * details.
21
 *
22
 * You should have received a copy of the GNU Affero General Public License along with
23
 * this program; if not, see http://www.gnu.org/licenses or write to the Free
24
 * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
25
 * 02110-1301 USA.
26
 *
27
 * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
28
 * SW2-130, Cupertino, CA 95014, USA. or at email address [email protected].
29
 *
30
 * The interactive user interfaces in modified source and object code versions
31
 * of this program must display Appropriate Legal Notices, as required under
32
 * Section 5 of the GNU Affero General Public License version 3.
33
 *
34
 * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
35
 * these Appropriate Legal Notices must retain the display of the "Powered by
36
 * SugarCRM" logo and "Supercharged by SuiteCRM" logo. If the display of the logos is not
37
 * reasonably feasible for  technical reasons, the Appropriate Legal Notices must
38
 * display the words  "Powered by SugarCRM" and "Supercharged by SuiteCRM".
39
 ********************************************************************************/
40
41
42
class RepairAndClear
43
{
44
    public $module_list;
45
    public $show_output;
46
    protected $actions;
47
    public $execute;
48
    protected $module_list_from_cache;
49
50
    public function repairAndClearAll($selected_actions, $modules, $autoexecute=false, $show_output=true)
51
    {
52
        global $mod_strings;
53
        $this->module_list= $modules;
54
        $this->show_output = $show_output;
55
        $this->actions = $selected_actions;
56
        $this->actions[] = 'repairDatabase';
57
        $this->execute=$autoexecute;
58
59
        //clear vardefs always..
60
        $this->clearVardefs();
61
        //first  clear the language cache.
62
        $this->clearLanguageCache();
63
        foreach ($this->actions as $current_action)
64
        switch($current_action)
65
        {
66
            case 'repairDatabase':
67
                if(isset($mod_strings['LBL_ALL_MODULES']) && in_array($mod_strings['LBL_ALL_MODULES'], $this->module_list)) {
68
                    $this->repairDatabase();
69
                } else {
70
                    $this->repairDatabaseSelectModules();
71
                }
72
                break;
73
            case 'rebuildExtensions':
74
                $this->rebuildExtensions();
75
                break;
76
            case 'clearTpls':
77
                $this->clearTpls();
78
                break;
79
            case 'clearJsFiles':
80
                $this->clearJsFiles();
81
                break;
82
            case 'clearDashlets':
83
                $this->clearDashlets();
84
                break;
85
            case 'clearSugarFeedCache':
86
                $this->clearSugarFeedCache();
87
                break;
88
            case 'clearThemeCache':
89
                $this->clearThemeCache();
90
                break;
91
            case 'clearVardefs':
92
                $this->clearVardefs();
93
                break;
94
            case 'clearJsLangFiles':
95
                $this->clearJsLangFiles();
96
                break;
97
            case 'rebuildAuditTables':
98
                $this->rebuildAuditTables();
99
                break;
100
            case 'clearSearchCache':
101
                $this->clearSearchCache();
102
                break;
103
            case 'clearAll':
104
                $this->clearTpls();
105
                $this->clearJsFiles();
106
                $this->clearVardefs();
107
                $this->clearJsLangFiles();
108
                $this->clearLanguageCache();
109
                $this->clearDashlets();
110
                $this->clearSugarFeedCache();
111
                $this->clearSmarty();
112
                $this->clearThemeCache();
113
                $this->clearXMLfiles();
114
                $this->clearSearchCache();
115
                $this->clearExternalAPICache();
116
                $this->rebuildExtensions();
117
                $this->rebuildAuditTables();
118
                $this->repairDatabase();
119
                break;
120
        }
121
    }
122
123
	/////////////OLD
124
125
126
	public function repairDatabase()
127
	{
128
		global $dictionary, $mod_strings;
129
		if(false == $this->show_output)
0 ignored issues
show
Coding Style Best Practice introduced by
It seems like you are loosely comparing two booleans. Considering using the strict comparison === instead.

When comparing two booleans, it is generally considered safer to use the strict comparison operator.

Loading history...
130
			$_REQUEST['repair_silent']='1';
131
		$_REQUEST['execute']=$this->execute;
132
        $GLOBALS['reload_vardefs'] = true;
133
        $hideModuleMenu = true;
134
		include_once('modules/Administration/repairDatabase.php');
135
	}
136
137
	public function repairDatabaseSelectModules()
138
	{
139
		global $current_user, $mod_strings, $dictionary;
140
		set_time_limit(3600);
141
142
		include('include/modules.php'); //bug 15661
143
		$db = DBManagerFactory::getInstance();
144
145
		if (is_admin($current_user) || is_admin_for_any_module($current_user))
146
		{
147
			$export = false;
148
    		if($this->show_output) echo getClassicModuleTitle($mod_strings['LBL_REPAIR_DATABASE'], array($mod_strings['LBL_REPAIR_DATABASE']), false);
149
            if($this->show_output) {
150
                echo "<h1 id=\"rdloading\">{$mod_strings['LBL_REPAIR_DATABASE_PROCESSING']}</h1>";
151
                ob_flush();
152
            }
153
	    	$sql = '';
154
			if(!isset($mod_strings['LBL_ALL_MODULES']) || ($this->module_list && !in_array($mod_strings['LBL_ALL_MODULES'],$this->module_list)))
0 ignored issues
show
Bug Best Practice introduced by
The expression $this->module_list of type array is implicitly converted to a boolean; are you sure this is intended? If so, consider using ! empty($expr) instead to make it clear that you intend to check for an array without elements.

This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent.

Consider making the comparison explicit by using empty(..) or ! empty(...) instead.

Loading history...
155
			{
156
				$repair_related_modules = array_keys($dictionary);
157
				//repair DB
158
				$dm = inDeveloperMode();
159
				$GLOBALS['sugar_config']['developerMode'] = true;
160
				foreach($this->module_list as $bean_name)
161
				{
162
163
					if (isset($beanFiles[$bean_name]) && file_exists($beanFiles[$bean_name]))
164
					{
165
						require_once($beanFiles[$bean_name]);
166
						$GLOBALS['reload_vardefs'] = true;
167
						$focus = new $bean_name ();
168
						#30273
169
						if($focus->disable_vardefs == false) {
170
							include('modules/' . $focus->module_dir . '/vardefs.php');
171
172
173
							if($this->show_output)
174
								print_r("<p>" .$mod_strings['LBL_REPAIR_DB_FOR'].' '. $bean_name . "</p>");
175
							$sql .= $db->repairTable($focus, $this->execute);
176
						}
177
					}
178
				}
179
180
				$GLOBALS['sugar_config']['developerMode'] = $dm;
181
182
		        if ($this->show_output) echo "<script type=\"text/javascript\">document.getElementById('rdloading').style.display = \"none\";</script>";
183
	    		if (isset ($sql) && !empty ($sql))
184
	    		{
185
					$qry_str = "";
186
					foreach (explode("\n", $sql) as $line) {
187
						if (!empty ($line) && substr($line, -2) != "*/") {
188
							$line .= ";";
189
						}
190
191
						$qry_str .= $line . "\n";
192
					}
193
					if ($this->show_output){
194
						echo "<h3>{$mod_strings['LBL_REPAIR_DATABASE_DIFFERENCES']}</h3>";
195
						echo "<p>{$mod_strings['LBL_REPAIR_DATABASE_TEXT']}</p>";
196
197
						echo "<form method=\"post\" action=\"index.php?module=Administration&amp;action=repairDatabase\">";
198
						echo "<textarea name=\"sql\" rows=\"24\" cols=\"150\" id=\"repairsql\">$qry_str</textarea>";
199
						echo "<br /><input type=\"submit\" value=\"".$mod_strings['LBL_REPAIR_DATABASE_EXECUTE']."\" name=\"raction\" /> <input type=\"submit\" name=\"raction\" value=\"".$mod_strings['LBL_REPAIR_DATABASE_EXPORT']."\" />";
200
					}
201
				}
202
				else
203
					if ($this->show_output) echo "<h3>{$mod_strings['LBL_REPAIR_DATABASE_SYNCED']}</h3>";
204
			}
205
206
		}
207
		else {
208
			sugar_die($GLOBALS['app_strings']['ERR_NOT_ADMIN']);
209
		}
210
	}
211
212
	public function rebuildExtensions()
213
	{
214
		global $mod_strings;
215
		if($this->show_output) echo $mod_strings['LBL_QR_REBUILDEXT'];
216
		global $current_user;
217
		require_once('ModuleInstall/ModuleInstaller.php');
218
		$mi = new ModuleInstaller();
219
		$mi->rebuild_all(!$this->show_output);
220
221
		// Remove the "Rebuild Extensions" red text message on admin logins
222
223
        if($this->show_output) echo $mod_strings['LBL_REBUILD_REL_UPD_WARNING'];
224
225
        // unset the session variable so it is not picked up in DisplayWarnings.php
226
        if(isset($_SESSION['rebuild_extensions'])) {
227
            unset($_SESSION['rebuild_extensions']);
228
        }
229
	}
230
231
	//Cache Clear Methods
232
	public function clearSmarty()
233
	{
234
		global $mod_strings;
235
		if($this->show_output) echo "<h3>{$mod_strings['LBL_QR_CLEARSMARTY']}</h3>";
236
		$this->_clearCache(sugar_cached('smarty/templates_c'), '.tpl.php');
237
	}
238
	public function clearXMLfiles()
239
	{
240
		global $mod_strings;
241
		if($this->show_output) echo "<h3>{$mod_strings['LBL_QR_XMLFILES']}</h3>";
242
		$this->_clearCache(sugar_cached("xml"), '.xml');
243
		
244
	}
245
	public function clearDashlets()
246
	{
247
		global $mod_strings;
248
		if($this->show_output) echo "<h3>{$mod_strings['LBL_QR_CLEARDASHLET']}</h3>";
249
		$this->_clearCache(sugar_cached('dashlets'), '.php');
250
	}
251
    public function clearThemeCache()
252
    {
253
		global $mod_strings;
254
		if($this->show_output) echo "<h3>{$mod_strings['LBL_QR_CLEARTHEMECACHE']}</h3>";
255
		SugarThemeRegistry::clearAllCaches();
256
	}
257
	public function clearSugarFeedCache()
258
	{
259
		global $mod_strings;
260
		if($this->show_output) echo "<h3>{$mod_strings['LBL_QR_CLEARSUGARFEEDCACHE']}</h3>";
261
262
        SugarFeed::flushBackendCache();
263
	}
264
	public function clearTpls()
265
	{
266
		global $mod_strings;
267
		if($this->show_output) echo "<h3>{$mod_strings['LBL_QR_CLEARTEMPLATE']}</h3>";
268
		if(!in_array( translate('LBL_ALL_MODULES'),$this->module_list) && !empty($this->module_list))
269
		{
270
			foreach($this->module_list as $module_name_singular )
271
				$this->_clearCache(sugar_cached('modules/').$this->_getModuleNamePlural($module_name_singular), '.tpl');
272
		}
273
		else
274
			$this->_clearCache(sugar_cached('modules/'), '.tpl');
275
	}
276
	public function clearVardefs()
277
	{
278
		global $mod_strings;
279
		if($this->show_output) echo "<h3>{$mod_strings['LBL_QR_CLEARVADEFS']}</h3>";
280
		if(!empty($this->module_list) && is_array($this->module_list) && !in_array( translate('LBL_ALL_MODULES'),$this->module_list))
281
		{
282
			foreach($this->module_list as $module_name_singular )
283
				$this->_clearCache(sugar_cached('modules/').$this->_getModuleNamePlural($module_name_singular), 'vardefs.php');
284
		}
285
		else
286
			$this->_clearCache(sugar_cached('modules/'), 'vardefs.php');
287
	}
288
	public function clearJsFiles()
289
	{
290
		global $mod_strings;
291
		if($this->show_output) echo "<h3>{$mod_strings['LBL_QR_CLEARJS']}</h3>";
292
293
		if(!in_array( translate('LBL_ALL_MODULES'),$this->module_list) && !empty($this->module_list))
294
		{
295
			foreach($this->module_list as $module_name_singular )
296
				$this->_clearCache(sugar_cached('modules/').$this->_getModuleNamePlural($module_name_singular), '.js');
297
		}
298
299
		else
300
			$this->_clearCache(sugar_cached('modules/'), '.js');
301
302
	}
303
	public function clearJsLangFiles()
304
	{
305
		global $mod_strings;
306
		if($this->show_output) echo "<h3>{$mod_strings['LBL_QR_CLEARJSLANG']}</h3>";
307
		if(!in_array(translate('LBL_ALL_MODULES'),$this->module_list ) && !empty($this->module_list))
308
		{
309
			foreach($this->module_list as $module_name_singular )
310
				$this->_clearCache(sugar_cached('jsLanguage/').$this->_getModuleNamePlural($module_name_singular), '.js');
311
		}
312
		else
313
			$this->_clearCache(sugar_cached('jsLanguage'), '.js');
314
	}
315
	/**
316
	 * Remove the language cache files from cache/modules/<module>/language
317
	 */
318
	public function clearLanguageCache()
319
	{
320
		global $mod_strings;
321
322
		if($this->show_output) echo "<h3>{$mod_strings['LBL_QR_CLEARLANG']}</h3>";
323
		//clear cache using the list $module_list_from_cache
324
		if ( !empty($this->module_list) && is_array($this->module_list) ) {
325
            if( in_array(translate('LBL_ALL_MODULES'), $this->module_list))
326
            {
327
                LanguageManager::clearLanguageCache();
328
            }
329
            else { //use the modules selected thrut the select list.
330
                foreach($this->module_list as $module_name)
331
                    LanguageManager::clearLanguageCache($module_name);
332
            }
333
        }
334
        // Clear app* cache values too
335
        if(!empty($GLOBALS['sugar_config']['languages'])) {
336
            $languages = $GLOBALS['sugar_config']['languages'];
337
        } else {
338
            $languages = array($GLOBALS['current_language'] => $GLOBALS['current_language']);
339
        }
340
        foreach(array_keys($languages) as $language) {
341
        	sugar_cache_clear('app_strings.'.$language);
342
        	sugar_cache_clear('app_list_strings.'.$language);
343
        }
344
345
	}
346
347
	/**
348
	 * Remove the cached unified_search_modules.php file
349
	 */
350
    public function clearSearchCache() {
351
        global $mod_strings, $sugar_config;
352
        if($this->show_output) echo "<h3>{$mod_strings['LBL_QR_CLEARSEARCH']}</h3>";
353
        $search_dir=sugar_cached('');
354
        $src_file = $search_dir . 'modules/unified_search_modules.php';
355
        if(file_exists($src_file)) {
356
            unlink( "$src_file" );
357
        }
358
    }
359
    public function clearExternalAPICache()
360
	{
361
        global $mod_strings, $sugar_config;
362
        if($this->show_output) echo "<h3>{$mod_strings['LBL_QR_CLEAR_EXT_API']}</h3>";
363
        require_once('include/externalAPI/ExternalAPIFactory.php');
364
        ExternalAPIFactory::clearCache();
365
    }
366
367
	//////////////////////////////////////////////////////////////
368
	/////REPAIR AUDIT TABLES
369
	public function rebuildAuditTables()
370
	{
371
		global $mod_strings;
372
		include('include/modules.php');	//bug 15661
373
		if($this->show_output) echo "<h3> {$mod_strings['LBL_QR_REBUILDAUDIT']}</h3>";
374
375
		if(!in_array( translate('LBL_ALL_MODULES'), $this->module_list) && !empty($this->module_list))
376
		{
377
			foreach ($this->module_list as $bean_name){
378
				if( isset($beanFiles[$bean_name]) && file_exists($beanFiles[$bean_name])) {
379
					require_once($beanFiles[$bean_name]);
380
				    $this->_rebuildAuditTablesHelper(new $bean_name());
381
				}
382
			}
383
		} else if(in_array(translate('LBL_ALL_MODULES'), $this->module_list)) {
384
			foreach ($beanFiles as $bean => $file){
385
				if( file_exists($file)) {
386
					require_once($file);
387
				    $this->_rebuildAuditTablesHelper(new $bean());
388
				}
389
			}
390
		}
391
		if($this->show_output) echo $mod_strings['LBL_DONE'];
392
	}
393
394
	private function _rebuildAuditTablesHelper($focus)
395
	{
396
		global $mod_strings;
397
398
		// skip if not a SugarBean object
399
		if ( !($focus instanceOf SugarBean) )
400
		    return;
401
402
		if ($focus->is_AuditEnabled()) {
403
			if (!$focus->db->tableExists($focus->get_audit_table_name())) {
404
				if($this->show_output) echo $mod_strings['LBL_QR_CREATING_TABLE']." ".$focus->get_audit_table_name().' '.$mod_strings['LBL_FOR'].' '. $focus->object_name.'.<br/>';
405
				$focus->create_audit_table();
406
			} else {
407
				if($this->show_output){
408
					$echo=str_replace('%1$',$focus->object_name,$mod_strings['LBL_REBUILD_AUDIT_SKIP']);
409
					echo $echo;
410
				}
411
			}
412
		}else
413
			if($this->show_output) echo $focus->object_name.$mod_strings['LBL_QR_NOT_AUDIT_ENABLED'];
414
	}
415
416
	///////////////////////////////////////////////////////////////
417
	////END REPAIR AUDIT TABLES
418
419
420
	///////////////////////////////////////////////////////////////
421
	//// Recursively unlink all files of the given $extension in the given $thedir.
422
	//
423
	private function _clearCache($thedir, $extension)
424
	{
425
        if ($current = @opendir($thedir)) {
426
            while (false !== ($children = readdir($current))) {
427
                if ($children != "." && $children != "..") {
428
                    if (is_dir($thedir . "/" . $children)) {
429
                        $this->_clearCache($thedir . "/" . $children, $extension);
430
                    }
431
                    elseif (is_file($thedir . "/" . $children) && (substr_count($children, $extension))) {
432
                        unlink($thedir . "/" . $children);
433
                    }
434
                }
435
            }
436
        }
437
	}
438
	/////////////////////////////////////////////////////////////
439
	////////
440
	private function _getModuleNamePlural($module_name_singular)
441
	{
442
		global $beanList;
443
		while ($curr_module = current($beanList))
444
		{
445
			if ($curr_module == $module_name_singular)
446
				return key($beanList); //name of the module, plural.
447
			next($beanList);
448
		}
449
	}
450
}