Issues in UpgradeWizard_commit.php (scrutinizer-code-quality) - Issues in scrutinizer-code-quality - adamjakab/SuiteCRM - Measure and Improve Code Quality continuously with Scrutinizer

Issues (4069)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

modules/Administration/UpgradeWizard_commit.php (1 issue)

Labels

Bug 1

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
if(!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point');
/*********************************************************************************
 * SugarCRM Community Edition is a customer relationship management program developed by
 * SugarCRM, Inc. Copyright (C) 2004-2013 SugarCRM Inc.

 * SuiteCRM is an extension to SugarCRM Community Edition developed by Salesagility Ltd.
 * Copyright (C) 2011 - 2014 Salesagility Ltd.
 *
 * This program is free software; you can redistribute it and/or modify it under
 * the terms of the GNU Affero General Public License version 3 as published by the
 * Free Software Foundation with the addition of the following permission added
 * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
 * IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
 * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
 *
 * This program is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 * FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more
 * details.
 *
 * You should have received a copy of the GNU Affero General Public License along with
 * this program; if not, see http://www.gnu.org/licenses or write to the Free
 * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 * 02110-1301 USA.
 *
 * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
 * SW2-130, Cupertino, CA 95014, USA. or at email address [email protected].
 *
 * The interactive user interfaces in modified source and object code versions
 * of this program must display Appropriate Legal Notices, as required under
 * Section 5 of the GNU Affero General Public License version 3.
 *
 * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
 * these Appropriate Legal Notices must retain the display of the "Powered by
 * SugarCRM" logo and "Supercharged by SuiteCRM" logo. If the display of the logos is not
 * reasonably feasible for  technical reasons, the Appropriate Legal Notices must
 * display the words  "Powered by SugarCRM" and "Supercharged by SuiteCRM".
 ********************************************************************************/



require_once('modules/Administration/UpgradeWizardCommon.php');
require_once('modules/Configurator/Configurator.php');
function UWrebuild() {
	global $log;
	global $db;
	$log->info('Deleting Relationship Cache. Relationships will automatically refresh.');

	echo "
	<div id='rrresult'></div>
	<script>
		var xmlhttp=false;
		/*@cc_on @*/
		/*@if (@_jscript_version >= 5)
		// JScript gives us Conditional compilation, we can cope with old IE versions.
		// and security blocked creation of the objects.
		 try {
		  xmlhttp = new ActiveXObject(\"Msxml2.XMLHTTP\");
		 } catch (e) {
		  try {
		   xmlhttp = new ActiveXObject(\"Microsoft.XMLHTTP\");
		  } catch (E) {
		   xmlhttp = false;
		  }
		 }
		@end @*/
		if (!xmlhttp && typeof XMLHttpRequest!='undefined') {
			try {
				xmlhttp = new XMLHttpRequest();
			} catch (e) {
				xmlhttp = false;
			}
		}
		if (!xmlhttp && window.createRequest) {
			try {
				xmlhttp = window.createRequest();
			} catch (e) {
				xmlhttp = false;
			}
		}
		xmlhttp.onreadystatechange = function() {
		            if(xmlhttp.readyState == 4) {
		              document.getElementById('rrresult').innerHTML = xmlhttp.responseText;
		            }
		          }
		xmlhttp.open('GET', 'index.php?module=Administration&action=RebuildRelationship&to_pdf=true', true);
		xmlhttp.send(null);
		</script>";

	$log->info('Rebuilding everything.');
	require_once('ModuleInstall/ModuleInstaller.php');
	$mi = new ModuleInstaller();
	$mi->rebuild_all();
}

unset($_SESSION['rebuild_relationships']);
unset($_SESSION['rebuild_extensions']);

global $log, $db;

// process commands
if( !isset($_REQUEST['mode']) || ($_REQUEST['mode'] == "") ){
    die($mod_strings['ERR_UW_NO_MODE']);
}
$mode = $_REQUEST['mode'];


if( !isset($_REQUEST['version']) ){
    die($mod_strings['ERR_UW_NO_MODE']);
}
$version = $_REQUEST['version'];

if( !isset($_REQUEST['copy_count']) || ($_REQUEST['copy_count'] == "") ){
    die($mod_strings['ERR_UW_NO_FILES']);
}

if( empty($_REQUEST['unzip_dir']) || $_REQUEST['unzip_dir'] == "." || $_REQUEST['unzip_dir'] == ".."){
    die($mod_strings['ERR_UW_NO_TEMP_DIR']);
}
$unzip_dir = $base_tmp_upgrade_dir. "/". basename($_REQUEST['unzip_dir']);

if(empty($_REQUEST['install_file'])){
    die($mod_strings['ERR_UW_NO_INSTALL_FILE']);
}

$install_file   = hashToFile($_REQUEST['install_file'] );
$install_type   = getInstallType( $install_file );

//from here on out, the install_file is used as the file path to copy or rename the physical file, so let's remove the stream wrapper if it's set
//and replace it with the proper upload location
if(strpos($install_file,'upload://') === 0){
    //get the upload location if it's set, or default to 'upload'
    $upload_dir = empty($GLOBALS['sugar_config']['upload_dir']) ? 'upload' : rtrim($GLOBALS['sugar_config']['upload_dir'], '/\\');

    //replace the wrapper in the file name with the directory
    $install_file = str_replace('upload:/',$upload_dir,$install_file);
    $_REQUEST['install_file'] = $install_file;
}

$id_name = '';
if(isset($_REQUEST['id_name'])){
 $id_name = $_REQUEST['id_name'];
}
$s_manifest = '';
if(isset($_REQUEST['s_manifest'])){
 $s_manifest = $_REQUEST['s_manifest'];
}
$previous_version = '';
if(isset($_REQUEST['previous_version'])){
	$previous_version = $_REQUEST['previous_version'];
}
$previous_id = '';
if(isset($_REQUEST['previous_id'])){
	$previous_id = $_REQUEST['previous_id'];
}
if( $install_type != "module" ){
    if( !isset($_REQUEST['zip_from_dir']) || ($_REQUEST['zip_from_dir'] == "") ){
        $zip_from_dir     = ".";
    }
    else{
        $zip_from_dir   = $_REQUEST['zip_from_dir'];
    }
    if( !isset($_REQUEST['zip_to_dir']) || ($_REQUEST['zip_to_dir'] == "") ){
        $zip_to_dir     = ".";
    }
    else{
        $zip_to_dir     = $_REQUEST['zip_to_dir'];
    }
}
$remove_tables = 'true';
if(isset($_REQUEST['remove_tables'])){
	$remove_tables = $_REQUEST['remove_tables'];
}
$overwrite_files = true;
if(isset($_REQUEST['radio_overwrite'])){
 $overwrite_files = (($_REQUEST['radio_overwrite'] == 'do_not_overwrite') ? false : true);
}

//rrs
$author = '';
$is_uninstallable = true;
$name = '';
$description = '';

if($install_type == 'module'){
    $is_uninstallable = $_REQUEST['is_uninstallable'];
    $name = $_REQUEST['name'];
    $description = $_REQUEST['description'];
}


$file_action    = "";
$uh_status      = "";

$rest_dir = remove_file_extension($install_file)."-restore";

$files_to_handle  = array();
register_shutdown_function("rmdir_recursive", $unzip_dir);

if (((defined('MODULE_INSTALLER_PACKAGE_SCAN') && MODULE_INSTALLER_PACKAGE_SCAN)
    || !empty($GLOBALS['sugar_config']['moduleInstaller']['packageScan'])) && $install_type != 'patch') {
	require_once('ModuleInstall/ModuleScanner.php');
	$ms = new ModuleScanner();
	$ms->scanPackage($unzip_dir);
	if($ms->hasIssues()){
		$ms->displayIssues();
		sugar_cleanup(true);
	}
}

//
// execute the PRE scripts
//
if($install_type == 'patch' || $install_type == 'module')
{
	switch($mode)
 	{
 		case 'Install':
 			$file = "$unzip_dir/" . constant('SUGARCRM_PRE_INSTALL_FILE');
			if(is_file($file))
			{
				print("{$mod_strings['LBL_UW_INCLUDING']}: $file <br>\n");
				include($file);
				pre_install();
   		}
 			break;
 		case 'Uninstall':
 			$file = "$unzip_dir/" . constant('SUGARCRM_PRE_UNINSTALL_FILE');
			if(is_file($file))
			{
				print("{$mod_strings['LBL_UW_INCLUDING']}: $file <br>\n");
				include($file);
				pre_uninstall();
   		}
 			break;
 		default:
 			break;
 		}
}

//
// perform the action
//

for( $iii = 0; $iii < $_REQUEST['copy_count']; $iii++ ){
    if( isset($_REQUEST["copy_" . $iii]) && ($_REQUEST["copy_" . $iii] != "") ){
        $file_to_copy = $_REQUEST["copy_" . $iii];
        $src_file   = clean_path( "$unzip_dir/$zip_from_dir/$file_to_copy" );

        $sugar_home_dir = getCwd();
        $dest_file  = clean_path( "$sugar_home_dir/$zip_to_dir/$file_to_copy" );
        if($zip_to_dir != '.')
        	$rest_file  = clean_path("$rest_dir/$zip_to_dir/$file_to_copy");
        else
        	$rest_file  = clean_path("$rest_dir/$file_to_copy");

        switch( $mode ){
            case "Install":
                mkdir_recursive( dirname( $dest_file ) );

                if($install_type=="patch" && is_file($dest_file))
                {
	                if(!is_dir(dirname( $rest_file )))
                		mkdir_recursive( dirname( $rest_file ) );

	                copy( $dest_file, $rest_file);
	                sugar_touch( $rest_file, filemtime($dest_file) );
                }

                if( !copy( $src_file, $dest_file ) ){
                    die( $mod_strings['ERR_UW_COPY_FAILED'].$src_file.$mod_strings['LBL_TO'].$dest_file);
                }
                $uh_status = "installed";
                break;
            case "Uninstall":
                if($install_type=="patch" && is_file($rest_file))
                {
	                copy( $rest_file, $dest_file);
	                sugar_touch( $dest_file, filemtime($rest_file) );
                }
                elseif(file_exists($dest_file) && !unlink($dest_file))
                {
                    die($mod_strings['ERR_UW_REMOVE_FAILED'].$dest_file);
                }
                $uh_status = "uninstalled";
                break;
            default:
                die("{$mod_strings['LBL_UW_OP_MODE']} '$mode' {$mod_strings['ERR_UW_NOT_RECOGNIZED']}." );
        }
        $files_to_handle[] = clean_path( "$zip_to_dir/$file_to_copy" );
    }
}

switch( $install_type ){
    case "langpack":
        if( !isset($_REQUEST['new_lang_name']) || ($_REQUEST['new_lang_name'] == "") ){
            die($mod_strings['ERR_UW_NO_LANG']);
        }
        if( !isset($_REQUEST['new_lang_desc']) || ($_REQUEST['new_lang_desc'] == "") ){
            die($mod_strings['ERR_UW_NO_LANG_DESC']);
        }

        if( $mode == "Install" || $mode=="Enable" ){
            $sugar_config['languages'] = $sugar_config['languages'] + array( $_REQUEST['new_lang_name'] => $_REQUEST['new_lang_desc'] );
        }
        else if( $mode == "Uninstall" || $mode=="Disable" ){
            $new_langs = array();
            $old_langs = $sugar_config['languages'];
            foreach( $old_langs as $key => $value ){
                if( $key != $_REQUEST['new_lang_name'] ){
                    $new_langs += array( $key => $value );
                }
            }
			$sugar_config['languages'] = $new_langs;

	        $default_sugar_instance_lang = 'en_us';
	        if($current_language == $_REQUEST['new_lang_name']){
	        	$_SESSION['authenticated_user_language'] =$default_sugar_instance_lang;
	        	$lang_changed_string = $mod_strings['LBL_CURRENT_LANGUAGE_CHANGE'].$sugar_config['languages'][$default_sugar_instance_lang].'<br/>';
	        }

	        if($sugar_config['default_language'] == $_REQUEST['new_lang_name']){
	        	$cfg = new Configurator();
             	$cfg->config['languages'] = $new_langs;
				$cfg->config['default_language'] = $default_sugar_instance_lang;
				$cfg->handleOverride();
	        	$lang_changed_string .= $mod_strings['LBL_DEFAULT_LANGUAGE_CHANGE'].$sugar_config['languages'][$default_sugar_instance_lang].'<br/>';
	        }
        }
        ksort( $sugar_config );
        if( !write_array_to_file( "sugar_config", $sugar_config, "config.php" ) ){
            die($mod_strings['ERR_UW_CONFIG_FAILED']);
        }
        break;
    case "module":
        require_once( "ModuleInstall/ModuleInstaller.php" );
        $mi = new ModuleInstaller();
        switch( $mode ){
            case "Install":
            //here we can determine if this is an upgrade or a new version
            	if(!empty($previous_version)){
            		$mi->install( "$unzip_dir", true, $previous_version);
            	}else{
                	$mi->install( "$unzip_dir" );
            	}

				$file = "$unzip_dir/" . constant('SUGARCRM_POST_INSTALL_FILE');
				if(is_file($file))
				{
					print("{$mod_strings['LBL_UW_INCLUDING']}: $file <br>\n");
					include($file);
					post_install();
				}
            	break;
            case "Uninstall":
                if($remove_tables == 'false')
                	$GLOBALS['mi_remove_tables'] = false;
                else
                	$GLOBALS['mi_remove_tables'] = true;
                $mi->uninstall( "$unzip_dir" );
                break;
             case "Disable":
                if(!$overwrite_files)
                	$GLOBALS['mi_overwrite_files'] = false;
                else
                	$GLOBALS['mi_overwrite_files'] = true;
                $mi->disable( "$unzip_dir" );
                break;
             case "Enable":
                if(!$overwrite_files)
                	$GLOBALS['mi_overwrite_files'] = false;
                else
                	$GLOBALS['mi_overwrite_files'] = true;
                $mi->enable( "$unzip_dir" );
                break;
            default:
                break;
        }
        $current_user->incrementETag("mainMenuETag");
        break;
    case "full":
        // purposely flow into "case: patch"
    case "patch":
 		switch($mode)
 		{
 			case 'Install':
 				$file = "$unzip_dir/" . constant('SUGARCRM_POST_INSTALL_FILE');
				if(is_file($file))
				{
					print("{$mod_strings['LBL_UW_INCLUDING']}: $file <br>\n");
					include($file);
					post_install();
				}

				UWrebuild();
 				break;
 			case 'Uninstall':
 				$file = "$unzip_dir/" . constant('SUGARCRM_POST_UNINSTALL_FILE');
 				if(is_file($file)) {
					print("{$mod_strings['LBL_UW_INCLUDING']}: $file <br>\n");
					include($file);
					post_uninstall();
				}

				if(is_dir($rest_dir))
				{
					rmdir_recursive($rest_dir);
				}

				UWrebuild();
 				break;
 			default:
 				break;
 		}

		require( "sugar_version.php" );
		$sugar_config['sugar_version'] = $sugar_version;
		ksort( $sugar_config );

		if( !write_array_to_file( "sugar_config", $sugar_config, "config.php" ) )
		{
			die($mod_strings['ERR_UW_UPDATE_CONFIG']);
		}
        break;
    default:
        break;
}

switch( $mode ){
    case "Install":
        $file_action = "copied";
        // if error was encountered, script should have died before now
        $new_upgrade = new UpgradeHistory();
        //determine if this module has already been installed given the unique_key to
        //identify the module
       // $new_upgrade->checkForExisting($unique_key);
       	if(!empty($previous_id)){
       		$new_upgrade->id = $previous_id;
       		$uh = new UpgradeHistory();
       		$uh->retrieve($previous_id);
       		if(is_file($uh->filename)) {
       		unlink($uh->filename);
       		}
       	}
        $new_upgrade->filename      = $install_file;
        $new_upgrade->md5sum        = md5_file( $install_file );
        $new_upgrade->type          = $install_type;
        $new_upgrade->version       = $version;
        $new_upgrade->status        = "installed";
        $new_upgrade->name          = $name;
        $new_upgrade->description   = $description;
        $new_upgrade->id_name		= $id_name;
        $new_upgrade->manifest		= $s_manifest;
        $new_upgrade->save();

        //Check if we need to show a page for the user to finalize their install with.
        if (is_file("$unzip_dir/manifest.php"))
        {
        	include("$unzip_dir/manifest.php");
        	if (!empty($manifest['post_install_url']))
        	{
        		$url_conf = $manifest['post_install_url'];
        		if (is_string($url_conf))
        			$url_conf = array('url' => $url_conf);
        		if (isset($url_conf['type']) && $url_conf['type'] == 'popup')
        		{
        			echo '<script type="text/javascript">window.open("' . $url_conf['url']
        			   . '","' . (empty($url_conf['name']) ? 'sugar_popup' : $url_conf['name']) . '","'
        			   . 'height=' . (empty($url_conf['height']) ? '500' : $url_conf['height']) . ','
        			   . 'width=' . (empty($url_conf['width']) ? '800' : $url_conf['width']) . '");</script>';
        		} else
        		{
        			echo '<iframe src="' . $url_conf['url'] . '" '
        			   . 'width="' . (empty($url_conf['width']) ? '100%' : $url_conf['width']) . '" '
        			   . 'height="' . (empty($url_conf['height']) ? '500px' : $url_conf['height']) . '"></iframe>';
        		}
        	}
        }
    break;
    case "Uninstall":
        $file_action = "removed";
        $uh = new UpgradeHistory();
        $the_md5 = md5_file( $install_file );
        $md5_matches = $uh->findByMd5( $the_md5 );
        if( sizeof( $md5_matches ) == 0 ){
            die( "{$mod_strings['ERR_UW_NO_UPDATE_RECORD']} $install_file." );
        }
        foreach( $md5_matches as $md5_match ){
            $md5_match->delete();
        }
        break;
    case "Disable":
        $file_action = "disabled";
        $uh = new UpgradeHistory();
        $the_md5 = md5_file( $install_file );
        $md5_matches = $uh->findByMd5( $the_md5 );
        if( sizeof( $md5_matches ) == 0 ){
            die( "{$mod_strings['ERR_UW_NO_UPDATE_RECORD']} $install_file." );
        }
        foreach( $md5_matches as $md5_match ){
             $md5_match->enabled = 0;
            $md5_match->save();
        }
        break;
    case "Enable":
        $file_action = "enabled";
        $uh = new UpgradeHistory();
        $the_md5 = md5_file( $install_file );
        $md5_matches = $uh->findByMd5( $the_md5 );
        if( sizeof( $md5_matches ) == 0 ){
            die( "{$mod_strings['ERR_UW_NO_UPDATE_RECORD']} $install_file." );
        }
        foreach( $md5_matches as $md5_match ){
            $md5_match->enabled = 1;
            $md5_match->save();
        }
        break;
}

// present list to user
?>
<form action="<?php print( $form_action ); ?>" method="post">


<?php
echo "<div>";
print( getUITextForType($install_type) . " ". getUITextForMode($mode) . " ". $mod_strings['LBL_UW_SUCCESSFULLY']);
echo "<br>";
echo "<br>";
print( "<input type=submit value=\"{$mod_strings['LBL_UW_BTN_BACK_TO_MOD_LOADER']}\" /><br>" );
echo "</div>";
echo "<br>";
if(isset($lang_changed_string))
	print($lang_changed_string);
if ($install_type != "module" && $install_type != "langpack"){
    if( sizeof( $files_to_handle ) > 0 ){
        echo '<div style="text-align: left; cursor: hand; cursor: pointer; text-decoration: underline;" onclick=\'this.style.display="none"; toggleDisplay("more");\' id="all_text">' . SugarThemeRegistry::current()->getImage('advanced_search', '', null, null, ".gif", $mod_strings['LBL_ADVANCED_SEARCH']) . ' Show Details</div><div id=\'more\' style=\'display: none\'>
            <div style="text-align: left; cursor: hand; cursor: pointer; text-decoration: underline;" onclick=\'document.getElementById("all_text").style.display=""; toggleDisplay("more");\'>' . SugarThemeRegistry::current()->getImage('basic_search', '', null, null, ".gif", $mod_strings['LBL_BASIC_SEARCH']) . ' Hide Details</div><br>';
        print( "{$mod_strings['LBL_UW_FOLLOWING_FILES']} $file_action:<br>\n" );
        print( "<ul id=\"subMenu\">\n" );
        foreach( $files_to_handle as $file_to_copy ){
            print( "<li>$file_to_copy<br>\n" );
        }
        print( "</ul>\n" );
        echo '</div>';
    }
    else if( $mode != 'Disable' && $mode !='Enable' ){
        print( "{$mod_strings['LBL_UW_NO_FILES_SELECTED']} $file_action.<br>\n" );
    }

        print($mod_strings['LBL_UW_UPGRADE_SUCCESSFUL']);
        print( "<input class='button' type=submit value=\"{$mod_strings['LBL_UW_BTN_BACK_TO_UW']}\" />\n" );
}
?>
</form>

<?php
    $GLOBALS['log']->info( "Upgrade Wizard patches" );

?>


1			<?php
2			if(!defined('sugarEntry') \|\| !sugarEntry) die('Not A Valid Entry Point');
3			/*********************************************************************************
4			* SugarCRM Community Edition is a customer relationship management program developed by
5			* SugarCRM, Inc. Copyright (C) 2004-2013 SugarCRM Inc.
6
7			* SuiteCRM is an extension to SugarCRM Community Edition developed by Salesagility Ltd.
8			* Copyright (C) 2011 - 2014 Salesagility Ltd.
9			*
10			* This program is free software; you can redistribute it and/or modify it under
11			* the terms of the GNU Affero General Public License version 3 as published by the
12			* Free Software Foundation with the addition of the following permission added
13			* to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
14			* IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
15			* OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
16			*
17			* This program is distributed in the hope that it will be useful, but WITHOUT
18			* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
19			* FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
20			* details.
21			*
22			* You should have received a copy of the GNU Affero General Public License along with
23			* this program; if not, see http://www.gnu.org/licenses or write to the Free
24			* Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
25			* 02110-1301 USA.
26			*
27			* You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
28			* SW2-130, Cupertino, CA 95014, USA. or at email address [email protected].
29			*
30			* The interactive user interfaces in modified source and object code versions
31			* of this program must display Appropriate Legal Notices, as required under
32			* Section 5 of the GNU Affero General Public License version 3.
33			*
34			* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
35			* these Appropriate Legal Notices must retain the display of the "Powered by
36			* SugarCRM" logo and "Supercharged by SuiteCRM" logo. If the display of the logos is not
37			* reasonably feasible for technical reasons, the Appropriate Legal Notices must
38			* display the words "Powered by SugarCRM" and "Supercharged by SuiteCRM".
39			********************************************************************************/
40
41
42
43			require_once('modules/Administration/UpgradeWizardCommon.php');
44			require_once('modules/Configurator/Configurator.php');
45			function UWrebuild() {
46			global $log;
47			global $db;
48			$log->info('Deleting Relationship Cache. Relationships will automatically refresh.');
49
50			echo "
51			<div id='rrresult'></div>
52			<script>
53			var xmlhttp=false;
54			/@cc_on @/
55			/*@if (@_jscript_version >= 5)
56			// JScript gives us Conditional compilation, we can cope with old IE versions.
57			// and security blocked creation of the objects.
58			try {
59			xmlhttp = new ActiveXObject(\"Msxml2.XMLHTTP\");
60			} catch (e) {
61			try {
62			xmlhttp = new ActiveXObject(\"Microsoft.XMLHTTP\");
63			} catch (E) {
64			xmlhttp = false;
65			}
66			}
67			@end @*/
68			if (!xmlhttp && typeof XMLHttpRequest!='undefined') {
69			try {
70			xmlhttp = new XMLHttpRequest();
71			} catch (e) {
72			xmlhttp = false;
73			}
74			}
75			if (!xmlhttp && window.createRequest) {
76			try {
77			xmlhttp = window.createRequest();
78			} catch (e) {
79			xmlhttp = false;
80			}
81			}
82			xmlhttp.onreadystatechange = function() {
83			if(xmlhttp.readyState == 4) {
84			document.getElementById('rrresult').innerHTML = xmlhttp.responseText;
85			}
86			}
87			xmlhttp.open('GET', 'index.php?module=Administration&action=RebuildRelationship&to_pdf=true', true);
88			xmlhttp.send(null);
89			</script>";
90
91			$log->info('Rebuilding everything.');
92			require_once('ModuleInstall/ModuleInstaller.php');
93			$mi = new ModuleInstaller();
94			$mi->rebuild_all();
95			}
96
97			unset($_SESSION['rebuild_relationships']);
98			unset($_SESSION['rebuild_extensions']);
99
100			global $log, $db;
101
102			// process commands
103			if( !isset($_REQUEST['mode']) \|\| ($_REQUEST['mode'] == "") ){
104			die($mod_strings['ERR_UW_NO_MODE']);
105			}
106			$mode = $_REQUEST['mode'];
107
108
109			if( !isset($_REQUEST['version']) ){
110			die($mod_strings['ERR_UW_NO_MODE']);
111			}
112			$version = $_REQUEST['version'];
113
114			if( !isset($_REQUEST['copy_count']) \|\| ($_REQUEST['copy_count'] == "") ){
115			die($mod_strings['ERR_UW_NO_FILES']);
116			}
117
118			if( empty($_REQUEST['unzip_dir']) \|\| $_REQUEST['unzip_dir'] == "." \|\| $_REQUEST['unzip_dir'] == ".."){
119			die($mod_strings['ERR_UW_NO_TEMP_DIR']);
120			}
121			$unzip_dir = $base_tmp_upgrade_dir. "/". basename($_REQUEST['unzip_dir']);
122
123			if(empty($_REQUEST['install_file'])){
124			die($mod_strings['ERR_UW_NO_INSTALL_FILE']);
125			}
126
127			$install_file = hashToFile($_REQUEST['install_file'] );
128			$install_type = getInstallType( $install_file );
129
130			//from here on out, the install_file is used as the file path to copy or rename the physical file, so let's remove the stream wrapper if it's set
131			//and replace it with the proper upload location
132			if(strpos($install_file,'upload://') === 0){
133			//get the upload location if it's set, or default to 'upload'
134			$upload_dir = empty($GLOBALS['sugar_config']['upload_dir']) ? 'upload' : rtrim($GLOBALS['sugar_config']['upload_dir'], '/\\');
135
136			//replace the wrapper in the file name with the directory
137			$install_file = str_replace('upload:/',$upload_dir,$install_file);
138			$_REQUEST['install_file'] = $install_file;
139			}
140
141			$id_name = '';
142			if(isset($_REQUEST['id_name'])){
143			$id_name = $_REQUEST['id_name'];
144			}
145			$s_manifest = '';
146			if(isset($_REQUEST['s_manifest'])){
147			$s_manifest = $_REQUEST['s_manifest'];
148			}
149			$previous_version = '';
150			if(isset($_REQUEST['previous_version'])){
151			$previous_version = $_REQUEST['previous_version'];
152			}
153			$previous_id = '';
154			if(isset($_REQUEST['previous_id'])){
155			$previous_id = $_REQUEST['previous_id'];
156			}
157			if( $install_type != "module" ){
158			if( !isset($_REQUEST['zip_from_dir']) \|\| ($_REQUEST['zip_from_dir'] == "") ){
159			$zip_from_dir = ".";
160			}
161			else{
162			$zip_from_dir = $_REQUEST['zip_from_dir'];
163			}
164			if( !isset($_REQUEST['zip_to_dir']) \|\| ($_REQUEST['zip_to_dir'] == "") ){
165			$zip_to_dir = ".";
166			}
167			else{
168			$zip_to_dir = $_REQUEST['zip_to_dir'];
169			}
170			}
171			$remove_tables = 'true';
172			if(isset($_REQUEST['remove_tables'])){
173			$remove_tables = $_REQUEST['remove_tables'];
174			}
175			$overwrite_files = true;
176			if(isset($_REQUEST['radio_overwrite'])){
177			$overwrite_files = (($_REQUEST['radio_overwrite'] == 'do_not_overwrite') ? false : true);
178			}
179
180			//rrs
181			$author = '';
182			$is_uninstallable = true;
183			$name = '';
184			$description = '';
185
186			if($install_type == 'module'){
187			$is_uninstallable = $_REQUEST['is_uninstallable'];
188			$name = $_REQUEST['name'];
189			$description = $_REQUEST['description'];
190			}
191
192
193			$file_action = "";
194			$uh_status = "";
195
196			$rest_dir = remove_file_extension($install_file)."-restore";
197
198			$files_to_handle = array();
199			register_shutdown_function("rmdir_recursive", $unzip_dir);
200
201			if (((defined('MODULE_INSTALLER_PACKAGE_SCAN') && MODULE_INSTALLER_PACKAGE_SCAN)
202			\|\| !empty($GLOBALS['sugar_config']['moduleInstaller']['packageScan'])) && $install_type != 'patch') {
203			require_once('ModuleInstall/ModuleScanner.php');
204			$ms = new ModuleScanner();
205			$ms->scanPackage($unzip_dir);
206			if($ms->hasIssues()){
207			$ms->displayIssues();
208			sugar_cleanup(true);
209			}
210			}
211
212			//
213			// execute the PRE scripts
214			//
215			if($install_type == 'patch' \|\| $install_type == 'module')
216			{
217			switch($mode)
218			{
219			case 'Install':
220			$file = "$unzip_dir/" . constant('SUGARCRM_PRE_INSTALL_FILE');
221			if(is_file($file))
222			{
223			print("{$mod_strings['LBL_UW_INCLUDING']}: $file <br>\n");
224			include($file);
225			pre_install();
226			}
227			break;
228			case 'Uninstall':
229			$file = "$unzip_dir/" . constant('SUGARCRM_PRE_UNINSTALL_FILE');
230			if(is_file($file))
231			{
232			print("{$mod_strings['LBL_UW_INCLUDING']}: $file <br>\n");
233			include($file);
234			pre_uninstall();
235			}
236			break;
237			default:
238			break;
239			}
240			}
241
242			//
243			// perform the action
244			//
245
246			for( $iii = 0; $iii < $_REQUEST['copy_count']; $iii++ ){
247			if( isset($_REQUEST["copy_" . $iii]) && ($_REQUEST["copy_" . $iii] != "") ){
248			$file_to_copy = $_REQUEST["copy_" . $iii];
249			$src_file = clean_path( "$unzip_dir/$zip_from_dir/$file_to_copy" );
250
251			$sugar_home_dir = getCwd();
252			$dest_file = clean_path( "$sugar_home_dir/$zip_to_dir/$file_to_copy" );
253			if($zip_to_dir != '.')
254			$rest_file = clean_path("$rest_dir/$zip_to_dir/$file_to_copy");
255			else
256			$rest_file = clean_path("$rest_dir/$file_to_copy");
257
258			switch( $mode ){
259			case "Install":
260			mkdir_recursive( dirname( $dest_file ) );
261
262			if($install_type=="patch" && is_file($dest_file))
263			{
264			if(!is_dir(dirname( $rest_file )))
265			mkdir_recursive( dirname( $rest_file ) );
266
267			copy( $dest_file, $rest_file);
268			sugar_touch( $rest_file, filemtime($dest_file) );
269			}
270
271			if( !copy( $src_file, $dest_file ) ){
272			die( $mod_strings['ERR_UW_COPY_FAILED'].$src_file.$mod_strings['LBL_TO'].$dest_file);
273			}
274			$uh_status = "installed";
275			break;
276			case "Uninstall":
277			if($install_type=="patch" && is_file($rest_file))
278			{
279			copy( $rest_file, $dest_file);
280			sugar_touch( $dest_file, filemtime($rest_file) );
281			}
282			elseif(file_exists($dest_file) && !unlink($dest_file))
283			{
284			die($mod_strings['ERR_UW_REMOVE_FAILED'].$dest_file);
285			}
286			$uh_status = "uninstalled";
287			break;
288			default:
289			die("{$mod_strings['LBL_UW_OP_MODE']} '$mode' {$mod_strings['ERR_UW_NOT_RECOGNIZED']}." );
290			}
291			$files_to_handle[] = clean_path( "$zip_to_dir/$file_to_copy" );
292			}
293			}
294
295			switch( $install_type ){
296			case "langpack":
297			if( !isset($_REQUEST['new_lang_name']) \|\| ($_REQUEST['new_lang_name'] == "") ){
298			die($mod_strings['ERR_UW_NO_LANG']);
299			}
300			if( !isset($_REQUEST['new_lang_desc']) \|\| ($_REQUEST['new_lang_desc'] == "") ){
301			die($mod_strings['ERR_UW_NO_LANG_DESC']);
302			}
303
304			if( $mode == "Install" \|\| $mode=="Enable" ){
305			$sugar_config['languages'] = $sugar_config['languages'] + array( $_REQUEST['new_lang_name'] => $_REQUEST['new_lang_desc'] );
306			}
307			else if( $mode == "Uninstall" \|\| $mode=="Disable" ){
308			$new_langs = array();
309			$old_langs = $sugar_config['languages'];
310			foreach( $old_langs as $key => $value ){
311			if( $key != $_REQUEST['new_lang_name'] ){
312			$new_langs += array( $key => $value );
313			}
314			}
315			$sugar_config['languages'] = $new_langs;
316
317			$default_sugar_instance_lang = 'en_us';
318			if($current_language == $_REQUEST['new_lang_name']){
319			$_SESSION['authenticated_user_language'] =$default_sugar_instance_lang;
320			$lang_changed_string = $mod_strings['LBL_CURRENT_LANGUAGE_CHANGE'].$sugar_config['languages'][$default_sugar_instance_lang].'<br/>';
321			}
322
323			if($sugar_config['default_language'] == $_REQUEST['new_lang_name']){
324			$cfg = new Configurator();
325			$cfg->config['languages'] = $new_langs;
326			$cfg->config['default_language'] = $default_sugar_instance_lang;
327			$cfg->handleOverride();
328			$lang_changed_string .= $mod_strings['LBL_DEFAULT_LANGUAGE_CHANGE'].$sugar_config['languages'][$default_sugar_instance_lang].'<br/>';
329			}
330			}
331			ksort( $sugar_config );
332			if( !write_array_to_file( "sugar_config", $sugar_config, "config.php" ) ){
333			die($mod_strings['ERR_UW_CONFIG_FAILED']);
334			}
335			break;
336			case "module":
337			require_once( "ModuleInstall/ModuleInstaller.php" );
338			$mi = new ModuleInstaller();
339			switch( $mode ){
340			case "Install":
341			//here we can determine if this is an upgrade or a new version
342			if(!empty($previous_version)){
343			$mi->install( "$unzip_dir", true, $previous_version);
344			}else{
345			$mi->install( "$unzip_dir" );
346			}
347
348			$file = "$unzip_dir/" . constant('SUGARCRM_POST_INSTALL_FILE');
349			if(is_file($file))
350			{
351			print("{$mod_strings['LBL_UW_INCLUDING']}: $file <br>\n");
352			include($file);
353			post_install();
354			}
355			break;
356			case "Uninstall":
357			if($remove_tables == 'false')
358			$GLOBALS['mi_remove_tables'] = false;
359			else
360			$GLOBALS['mi_remove_tables'] = true;
361			$mi->uninstall( "$unzip_dir" );
362			break;
363			case "Disable":
364			if(!$overwrite_files)
365			$GLOBALS['mi_overwrite_files'] = false;
366			else
367			$GLOBALS['mi_overwrite_files'] = true;
368			$mi->disable( "$unzip_dir" );
369			break;
370			case "Enable":
371			if(!$overwrite_files)
372			$GLOBALS['mi_overwrite_files'] = false;
373			else
374			$GLOBALS['mi_overwrite_files'] = true;
375			$mi->enable( "$unzip_dir" );
376			break;
377			default:
378			break;
379			}
380			$current_user->incrementETag("mainMenuETag");
381			break;
382			case "full":
383			// purposely flow into "case: patch"
384			case "patch":
385			switch($mode)
386			{
387			case 'Install':
388			$file = "$unzip_dir/" . constant('SUGARCRM_POST_INSTALL_FILE');
389			if(is_file($file))
390			{
391			print("{$mod_strings['LBL_UW_INCLUDING']}: $file <br>\n");
392			include($file);
393			post_install();
394			}
395
396			UWrebuild();
397			break;
398			case 'Uninstall':
399			$file = "$unzip_dir/" . constant('SUGARCRM_POST_UNINSTALL_FILE');
400			if(is_file($file)) {
401			print("{$mod_strings['LBL_UW_INCLUDING']}: $file <br>\n");
402			include($file);
403			post_uninstall();
404			}
405
406			if(is_dir($rest_dir))
407			{
408			rmdir_recursive($rest_dir);
409			}
410
411			UWrebuild();
412			break;
413			default:
414			break;
415			}
416
417			require( "sugar_version.php" );
418			$sugar_config['sugar_version'] = $sugar_version;
419			ksort( $sugar_config );
420
421			if( !write_array_to_file( "sugar_config", $sugar_config, "config.php" ) )
422			{
423			die($mod_strings['ERR_UW_UPDATE_CONFIG']);
424			}
425			break;
426			default:
427			break;
428			}
429
430			switch( $mode ){
431			case "Install":
432			$file_action = "copied";
433			// if error was encountered, script should have died before now
434			$new_upgrade = new UpgradeHistory();
435			//determine if this module has already been installed given the unique_key to
436			//identify the module
437			// $new_upgrade->checkForExisting($unique_key);
438			if(!empty($previous_id)){
439			$new_upgrade->id = $previous_id;
440			$uh = new UpgradeHistory();
441			$uh->retrieve($previous_id);
442			if(is_file($uh->filename)) {
443			unlink($uh->filename);
444			}
445			}
446			$new_upgrade->filename = $install_file;
447			$new_upgrade->md5sum = md5_file( $install_file );
448			$new_upgrade->type = $install_type;
449			$new_upgrade->version = $version;
450			$new_upgrade->status = "installed";
451			$new_upgrade->name = $name;
452			$new_upgrade->description = $description;
453			$new_upgrade->id_name = $id_name;
454			$new_upgrade->manifest = $s_manifest;
455			$new_upgrade->save();
456
457			//Check if we need to show a page for the user to finalize their install with.
458			if (is_file("$unzip_dir/manifest.php"))
459			{
460			include("$unzip_dir/manifest.php");
461			if (!empty($manifest['post_install_url']))
462			{
463			$url_conf = $manifest['post_install_url'];
464			if (is_string($url_conf))
465			$url_conf = array('url' => $url_conf);
466			if (isset($url_conf['type']) && $url_conf['type'] == 'popup')
467			{
468			echo '<script type="text/javascript">window.open("' . $url_conf['url']
469			. '","' . (empty($url_conf['name']) ? 'sugar_popup' : $url_conf['name']) . '","'
470			. 'height=' . (empty($url_conf['height']) ? '500' : $url_conf['height']) . ','
471			. 'width=' . (empty($url_conf['width']) ? '800' : $url_conf['width']) . '");</script>';
472			} else
473			{
474			echo '<iframe src="' . $url_conf['url'] . '" '
475			. 'width="' . (empty($url_conf['width']) ? '100%' : $url_conf['width']) . '" '
476			. 'height="' . (empty($url_conf['height']) ? '500px' : $url_conf['height']) . '"></iframe>';
477			}
478			}
479			}
480			break;
481			case "Uninstall":
482			$file_action = "removed";
483			$uh = new UpgradeHistory();
484			$the_md5 = md5_file( $install_file );
485			$md5_matches = $uh->findByMd5( $the_md5 );
486			if( sizeof( $md5_matches ) == 0 ){
487			die( "{$mod_strings['ERR_UW_NO_UPDATE_RECORD']} $install_file." );
488			}
489			foreach( $md5_matches as $md5_match ){
490			$md5_match->delete();
491			}
492			break;
493			case "Disable":
494			$file_action = "disabled";
495			$uh = new UpgradeHistory();
496			$the_md5 = md5_file( $install_file );
497			$md5_matches = $uh->findByMd5( $the_md5 );
498			if( sizeof( $md5_matches ) == 0 ){
499			die( "{$mod_strings['ERR_UW_NO_UPDATE_RECORD']} $install_file." );
500			}
501			foreach( $md5_matches as $md5_match ){
502			$md5_match->enabled = 0;
503			$md5_match->save();
504			}
505			break;
506			case "Enable":
507			$file_action = "enabled";
508			$uh = new UpgradeHistory();
509			$the_md5 = md5_file( $install_file );
510			$md5_matches = $uh->findByMd5( $the_md5 );
511			if( sizeof( $md5_matches ) == 0 ){
512			die( "{$mod_strings['ERR_UW_NO_UPDATE_RECORD']} $install_file." );
513			}
514			foreach( $md5_matches as $md5_match ){
515			$md5_match->enabled = 1;
516			$md5_match->save();
517			}
518			break;
519			}
520
521			// present list to user
522			?>
523			<form action="<?php print( $form_action ); ?>" method="post">
524
525
526			<?php
527			echo "<div>";
528			print( getUITextForType($install_type) . " ". getUITextForMode($mode) . " ". $mod_strings['LBL_UW_SUCCESSFULLY']);
529			echo "<br>";
530			echo "<br>";
531			print( "<input type=submit value=\"{$mod_strings['LBL_UW_BTN_BACK_TO_MOD_LOADER']}\" /><br>" );
532			echo "</div>";
533			echo "<br>";
534			if(isset($lang_changed_string))
535			print($lang_changed_string);
536			if ($install_type != "module" && $install_type != "langpack"){
537			if( sizeof( $files_to_handle ) > 0 ){
538			echo '<div style="text-align: left; cursor: hand; cursor: pointer; text-decoration: underline;" onclick=\'this.style.display="none"; toggleDisplay("more");\' id="all_text">' . SugarThemeRegistry::current()->getImage('advanced_search', '', null, null, ".gif", $mod_strings['LBL_ADVANCED_SEARCH']) . ' Show Details</div><div id=\'more\' style=\'display: none\'>
539			<div style="text-align: left; cursor: hand; cursor: pointer; text-decoration: underline;" onclick=\'document.getElementById("all_text").style.display=""; toggleDisplay("more");\'>' . SugarThemeRegistry::current()->getImage('basic_search', '', null, null, ".gif", $mod_strings['LBL_BASIC_SEARCH']) . ' Hide Details</div><br>';
540			print( "{$mod_strings['LBL_UW_FOLLOWING_FILES']} $file_action:<br>\n" );
541			print( "<ul id=\"subMenu\">\n" );
542			foreach( $files_to_handle as $file_to_copy ){
543			print( "<li>$file_to_copy<br>\n" );
544			}
545			print( "</ul>\n" );
546			echo '</div>';
547			}
548			else if( $mode != 'Disable' && $mode !='Enable' ){
549			print( "{$mod_strings['LBL_UW_NO_FILES_SELECTED']} $file_action.<br>\n" );
550			}
551
552			print($mod_strings['LBL_UW_UPGRADE_SUCCESSFUL']);
553			print( "<input class='button' type=submit value=\"{$mod_strings['LBL_UW_BTN_BACK_TO_UW']}\" />\n" );
554			}
555			?>
556			</form>
557
558			<?php
559			$GLOBALS['log']->info( "Upgrade Wizard patches" );
			0 ignored issues – show Bug introduced 2016-03-07 17:58 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `info` cannot be called on `$GLOBALS['log']` (of type `boolean`). Methods can only be called on objects. This check looks for methods being called on variables that have been inferred to never be objects. Loading history...
560			?>
561

adamjakab / SuiteCRM

Issues (4069)

Security Analysis not enabled

modules/Administration/UpgradeWizard_commit.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like