This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | if (!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point'); |
||
3 | /********************************************************************************* |
||
4 | * SugarCRM Community Edition is a customer relationship management program developed by |
||
5 | * SugarCRM, Inc. Copyright (C) 2004-2013 SugarCRM Inc. |
||
6 | * |
||
7 | * SuiteCRM is an extension to SugarCRM Community Edition developed by Salesagility Ltd. |
||
8 | * Copyright (C) 2011 - 2016 Salesagility Ltd. |
||
9 | * |
||
10 | * This program is free software; you can redistribute it and/or modify it under |
||
11 | * the terms of the GNU Affero General Public License version 3 as published by the |
||
12 | * Free Software Foundation with the addition of the following permission added |
||
13 | * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK |
||
14 | * IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY |
||
15 | * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS. |
||
16 | * |
||
17 | * This program is distributed in the hope that it will be useful, but WITHOUT |
||
18 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS |
||
19 | * FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more |
||
20 | * details. |
||
21 | * |
||
22 | * You should have received a copy of the GNU Affero General Public License along with |
||
23 | * this program; if not, see http://www.gnu.org/licenses or write to the Free |
||
24 | * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA |
||
25 | * 02110-1301 USA. |
||
26 | * |
||
27 | * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road, |
||
28 | * SW2-130, Cupertino, CA 95014, USA. or at email address [email protected]. |
||
29 | * |
||
30 | * The interactive user interfaces in modified source and object code versions |
||
31 | * of this program must display Appropriate Legal Notices, as required under |
||
32 | * Section 5 of the GNU Affero General Public License version 3. |
||
33 | * |
||
34 | * In accordance with Section 7(b) of the GNU Affero General Public License version 3, |
||
35 | * these Appropriate Legal Notices must retain the display of the "Powered by |
||
36 | * SugarCRM" logo and "Supercharged by SuiteCRM" logo. If the display of the logos is not |
||
37 | * reasonably feasible for technical reasons, the Appropriate Legal Notices must |
||
38 | * display the words "Powered by SugarCRM" and "Supercharged by SuiteCRM". |
||
39 | ********************************************************************************/ |
||
40 | |||
41 | class ViewAdminsettings extends SugarView |
||
42 | { |
||
43 | /** |
||
44 | * @see SugarView::_getModuleTab() |
||
45 | */ |
||
46 | protected function _getModuleTab() |
||
47 | { |
||
48 | return 'Administration'; |
||
49 | } |
||
50 | |||
51 | /** |
||
52 | * @see SugarView::_getModuleTitleParams() |
||
53 | */ |
||
54 | protected function _getModuleTitleParams($browserTitle = false) |
||
55 | { |
||
56 | global $mod_strings; |
||
57 | |||
58 | return array( |
||
59 | "<a href='index.php?module=Administration&action=index'>" . translate('LBL_MODULE_NAME', 'Administration') . "</a>", |
||
60 | $mod_strings['LBL_MODULE_NAME'], |
||
61 | ); |
||
62 | } |
||
63 | |||
64 | /** |
||
65 | * @see SugarView::display() |
||
66 | */ |
||
67 | public function display() |
||
68 | { |
||
69 | global $mod_strings, $app_strings; |
||
70 | |||
71 | $admin = new Administration(); |
||
72 | $admin->retrieveSettings(); |
||
73 | |||
74 | // Handle posts |
||
75 | if (!empty($_REQUEST['process'])) { |
||
76 | // Check the cleanup logic hook, make sure it is still there |
||
77 | check_logic_hook_file('Users', 'after_login', array(1, 'SugarFeed old feed entry remover', 'modules/SugarFeed/SugarFeedFlush.php', 'SugarFeedFlush', 'flushStaleEntries')); |
||
78 | |||
79 | // We have data posted |
||
80 | if ($_REQUEST['process'] == 'true') { |
||
81 | // They want us to process it, the false will just fall outside of this statement |
||
82 | if ($_REQUEST['feed_enable'] == '1') { |
||
83 | // The feed is enabled, pay attention to what categories should be enabled or disabled |
||
84 | |||
85 | $db = DBManagerFactory::getInstance(); |
||
86 | $ret = $db->query("SELECT * FROM config WHERE category = 'sugarfeed' AND name LIKE 'module_%'"); |
||
87 | $current_modules = array(); |
||
88 | while ($row = $db->fetchByAssoc($ret)) { |
||
89 | $current_modules[$row['name']] = $row['value']; |
||
90 | } |
||
91 | |||
92 | $active_modules = $_REQUEST['modules']; |
||
93 | if (!is_array($active_modules)) { |
||
94 | $active_modules = array(); |
||
95 | } |
||
96 | |||
97 | foreach ($active_modules as $name => $is_active) { |
||
98 | $module = substr($name, 7); |
||
99 | |||
100 | if ($is_active == '1') { |
||
101 | // They are activating something that was disabled before |
||
102 | SugarFeed::activateModuleFeed($module); |
||
103 | } else { |
||
104 | // They are disabling something that was active before |
||
105 | SugarFeed::disableModuleFeed($module); |
||
106 | } |
||
107 | } |
||
108 | |||
109 | $admin->saveSetting('sugarfeed', 'enabled', '1'); |
||
110 | } else { |
||
111 | $admin->saveSetting('sugarfeed', 'enabled', '0'); |
||
112 | // Now we need to remove all of the logic hooks, so they don't continue to run |
||
113 | // We also need to leave the database alone, so they can enable/disable modules with the system disabled |
||
114 | $modulesWithFeeds = SugarFeed::getAllFeedModules(); |
||
115 | |||
116 | foreach ($modulesWithFeeds as $currFeedModule) { |
||
117 | SugarFeed::disableModuleFeed($currFeedModule, FALSE); |
||
118 | } |
||
119 | } |
||
120 | |||
121 | $admin->retrieveSettings(FALSE, TRUE); |
||
122 | SugarFeed::flushBackendCache(); |
||
123 | } else if ($_REQUEST['process'] == 'deleteRecords') { |
||
124 | if (!isset($db)) { |
||
0 ignored issues
–
show
|
|||
125 | $db = DBManagerFactory::getInstance(); |
||
126 | } |
||
127 | $db->query("UPDATE sugarfeed SET deleted = '1'"); |
||
128 | echo(translate('LBL_RECORDS_DELETED', 'SugarFeed')); |
||
129 | } |
||
130 | |||
131 | |||
132 | if ($_REQUEST['process'] == 'true' || $_REQUEST['process'] == 'false') { |
||
133 | header('Location: index.php?module=Administration&action=index'); |
||
134 | return; |
||
135 | } |
||
136 | } |
||
137 | |||
138 | $sugar_smarty = new Sugar_Smarty(); |
||
139 | $sugar_smarty->assign('mod', $mod_strings); |
||
140 | $sugar_smarty->assign('app', $app_strings); |
||
141 | |||
142 | if (isset($admin->settings['sugarfeed_enabled']) && $admin->settings['sugarfeed_enabled'] == '1') { |
||
143 | $sugar_smarty->assign('enabled_checkbox', 'checked'); |
||
144 | } |
||
145 | |||
146 | $possible_feeds = SugarFeed::getAllFeedModules(); |
||
147 | $possible_feeds['facebook'] = 'Facebook'; |
||
148 | $possible_feeds['twitter'] = 'Twitter'; |
||
149 | $module_list = array(); |
||
150 | $userFeedEnabled = 0; |
||
151 | foreach ($possible_feeds as $module) { |
||
152 | $currModule = array(); |
||
153 | if (isset($admin->settings['sugarfeed_module_' . $module]) && $admin->settings['sugarfeed_module_' . $module] == '1') { |
||
154 | $currModule['enabled'] = 1; |
||
155 | } else { |
||
156 | $currModule['enabled'] = 0; |
||
157 | } |
||
158 | |||
159 | $currModule['module'] = $module; |
||
160 | if ($module == 'UserFeed') { |
||
161 | // Fake module, need to handle specially |
||
162 | $userFeedEnabled = $currModule['enabled']; |
||
163 | continue; |
||
164 | } elseif ($module == 'Facebook' || $module == 'Twitter') { |
||
165 | |||
166 | $currModule['label'] = $module; |
||
167 | |||
168 | } else { |
||
169 | $currModule['label'] = $GLOBALS['app_list_strings']['moduleList'][$module]; |
||
170 | } |
||
171 | |||
172 | $module_list[] = $currModule; |
||
173 | } |
||
174 | $sugar_smarty->assign('module_list', $module_list); |
||
175 | $sugar_smarty->assign('user_feed_enabled', $userFeedEnabled); |
||
176 | |||
177 | echo getClassicModuleTitle( |
||
178 | "Administration", |
||
179 | array( |
||
180 | "<a href='index.php?module=Administration&action=index'>" . translate('LBL_MODULE_NAME', 'Administration') . "</a>", |
||
181 | $mod_strings['LBL_MODULE_NAME'], |
||
182 | ), |
||
183 | false |
||
184 | ); |
||
185 | $sugar_smarty->display('modules/SugarFeed/tpls/AdminSettings.tpl'); |
||
186 | } |
||
187 | } |
||
188 | |||
189 |
This check marks calls to
isset(...)
orempty(...)
that are found before the variable itself is defined. These will always have the same result.This is likely the result of code being shifted around. Consider removing these calls.