sugar_die("Unauthorized access to administration.");
}
if (isset($_POST['record']) && !is_admin($current_user) && !$GLOBALS['current_user']->isAdminForModule('Users') && $_POST['record'] != $current_user->id) {
sugar_die("Unauthorized access to administration.");
} elseif (!isset($_POST['record']) && !is_admin($current_user) && !$GLOBALS['current_user']->isAdminForModule('Users')) {
sugar_die("Unauthorized access to user administration.");
}
$focus = new User();
$focus->retrieve($_POST['record']);
//update any ETag seeds that are tied to the user object changing
$focus->incrementETag("mainMenuETag");
// Flag to determine whether to save a new password or not.
// Bug 43241 - Changed $focus->id to $focus->user_name to make sure that a system generated password is made when converting employee to user
if (empty($focus->user_name)) {
$newUser = true;
clear_register_value('user_array', $focus->object_name);
} else {
$newUser = false;
}
if (!$current_user->is_admin && !$GLOBALS['current_user']->isAdminForModule('Users')) {
if ($current_user->id != $focus->id || !empty($_POST['is_admin']) || !empty($_POST['UserType']) && $_POST['UserType'] == 'Administrator') {
$GLOBALS['log']->fatal("SECURITY:Non-Admin " . $current_user->id . " attempted to change settings for user:"******"Location: index.php?module=Users&action=Logout");
exit;
}
}
// Populate the custom fields
$sfh = new SugarFieldHandler();
foreach ($focus->field_defs as $fieldName => $field) {
if (isset($field['source']) && $field['source'] == 'custom_fields') {
$type = !empty($field['custom_type']) ? $field['custom_type'] : $field['type'];
public function handleAttachments($focus, $redirect, $return_id)
{
///////////////////////////////////////////////////////////////////////////////
//// ATTACHMENT HANDLING
///////////////////////////////////////////////////////////////////////////
//// ADDING NEW ATTACHMENTS
global $mod_strings;
$max_files_upload = count($_FILES);
if (!empty($focus->id)) {
$note = new Note();
$where = "notes.parent_id='{$focus->id}'";
if (!empty($_REQUEST['old_id'])) {
// to support duplication of email templates
$where .= " OR notes.parent_id='" . htmlspecialchars($_REQUEST['old_id'], ENT_QUOTES) . "'";
}
$notes_list = $note->get_full_list("", $where, true);
}
if (!isset($notes_list)) {
$notes_list = array();
}
if (!is_array($focus->attachments)) {
// PHP5 does not auto-create arrays(). Need to initialize it here.
$focus->attachments = array();
}
$focus->attachments = array_merge($focus->attachments, $notes_list);
//for($i = 0; $i < $max_files_upload; $i++) {
foreach ($_FILES as $key => $file) {
$note = new Note();
//Images are presaved above so we need to prevent duplicate files from being created.
if (isset($preProcessedImages[$file['name']])) {
$oldId = $preProcessedImages[$file['name']];
$note->id = $oldId;
$note->new_with_id = TRUE;
$GLOBALS['log']->debug("Image {$file['name']} has already been processed.");
}
$i = preg_replace("/email_attachment(.+)/", '$1', $key);
$upload_file = new UploadFile($key);
if (isset($_FILES[$key]) && $upload_file->confirm_upload() && preg_match("/^email_attachment/", $key)) {
$note->filename = $upload_file->get_stored_file_name();
$note->file = $upload_file;
$note->name = $mod_strings['LBL_EMAIL_ATTACHMENT'] . ': ' . $note->file->original_file_name;
if (isset($_REQUEST['embedded' . $i]) && !empty($_REQUEST['embedded' . $i])) {
if ($_REQUEST['embedded' . $i] == 'true') {
$note->embed_flag = true;
} else {
$note->embed_flag = false;
}
}
array_push($focus->attachments, $note);
}
}
$focus->saved_attachments = array();
foreach ($focus->attachments as $note) {
if (!empty($note->id) && $note->new_with_id === FALSE) {
if (empty($_REQUEST['old_id'])) {
array_push($focus->saved_attachments, $note);
} else {
// we're duplicating a template with attachments
// dupe the file, create a new note, assign the note to the new template
$newNote = new Note();
$newNote->retrieve($note->id);
$newNote->id = create_guid();
$newNote->parent_id = $focus->id;
$newNote->new_with_id = true;
$newNote->date_modified = '';
$newNote->date_entered = '';
/* BEGIN - SECURITY GROUPS */
//Need to do this so that attachments show under an EmailTemplate correctly for a normal user
global $current_user;
$newNote->assigned_user_id = $current_user->id;
/* END - SECURITY GROUPS */
$newNoteId = $newNote->save();
UploadFile::duplicate_file($note->id, $newNoteId, $note->filename);
}
continue;
}
$note->parent_id = $focus->id;
$note->parent_type = 'Emails';
$note->file_mime_type = $note->file->mime_type;
/* BEGIN - SECURITY GROUPS */
//Need to do this so that attachments show under an EmailTemplate correctly for a normal user
global $current_user;
$note->assigned_user_id = $current_user->id;
/* END - SECURITY GROUPS */
$note_id = $note->save();
array_push($focus->saved_attachments, $note);
$note->id = $note_id;
if ($note->new_with_id === FALSE) {
$note->file->final_move($note->id);
} else {
$GLOBALS['log']->debug("Not performing final move for note id {$note->id} as it has already been processed");
}
}
//// END NEW ATTACHMENTS
///////////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////////
//// ATTACHMENTS FROM DOCUMENTS
$count = '';
//_pp($_REQUEST);
//_ppd(count($_REQUEST['document']));
if (!empty($_REQUEST['document'])) {
$count = count($_REQUEST['document']);
} else {
$count = 10;
}
for ($i = 0; $i < $count; $i++) {
if (isset($_REQUEST['documentId' . $i]) && !empty($_REQUEST['documentId' . $i])) {
$doc = new Document();
$docRev = new DocumentRevision();
$docNote = new Note();
$doc->retrieve($_REQUEST['documentId' . $i]);
$docRev->retrieve($doc->document_revision_id);
array_push($focus->saved_attachments, $docRev);
$docNote->name = $doc->document_name;
$docNote->filename = $docRev->filename;
$docNote->description = $doc->description;
$docNote->parent_id = $focus->id;
$docNote->parent_type = 'Emails';
$docNote->file_mime_type = $docRev->file_mime_type;
$docId = $docNote = $docNote->save();
UploadFile::duplicate_file($docRev->id, $docId, $docRev->filename);
}
}
//// END ATTACHMENTS FROM DOCUMENTS
///////////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////////
//// REMOVE ATTACHMENTS
if (isset($_REQUEST['remove_attachment']) && !empty($_REQUEST['remove_attachment'])) {
foreach ($_REQUEST['remove_attachment'] as $noteId) {
$q = 'UPDATE notes SET deleted = 1 WHERE id = \'' . $noteId . '\'';
$focus->db->query($q);
}
}
//// END REMOVE ATTACHMENTS
///////////////////////////////////////////////////////////////////////////
//// END ATTACHMENT HANDLING
///////////////////////////////////////////////////////////////////////////////
clear_register_value('select_array', $focus->object_name);
if ($redirect) {
$GLOBALS['log']->debug("Saved record with id of " . $return_id);
handleRedirect($return_id, "EmailTemplates");
} else {
return $focus;
}
}
function handleSave($prefix, $redirect = true, $useRequired = false)
{
require_once 'include/formbase.php';
require_once 'include/upload_file.php';
global $upload_maxsize;
global $mod_strings;
global $sugar_config;
$focus = new EmailTemplate();
if ($useRequired && !checkRequired($prefix, array_keys($focus->required_fields))) {
return null;
}
$focus = populateFromPost($prefix, $focus);
//process the text only flag
if (isset($_POST['text_only']) && $_POST['text_only'] == '1') {
$focus->text_only = 1;
} else {
$focus->text_only = 0;
}
if (!$focus->ACLAccess('Save')) {
ACLController::displayNoAccess(true);
sugar_cleanup(true);
}
if (!isset($_REQUEST['published'])) {
$focus->published = 'off';
}
$preProcessedImages = array();
$emailTemplateBodyHtml = from_html($focus->body_html);
if (strpos($emailTemplateBodyHtml, '"cache/images/')) {
$matches = array();
preg_match_all('#<img[^>]*[\\s]+src[^=]*=[\\s]*["\']cache/images/(.+?)["\']#si', $emailTemplateBodyHtml, $matches);
foreach ($matches[1] as $match) {
$filename = urldecode($match);
$file_location = sugar_cached("images/{$filename}");
$mime_type = pathinfo($filename, PATHINFO_EXTENSION);
if (file_exists($file_location)) {
$id = create_guid();
$newFileLocation = "upload://{$id}";
if (!copy($file_location, $newFileLocation)) {
$GLOBALS['log']->debug("EMAIL Template could not copy attachment to {$newFileLocation}");
} else {
$secureLink = "index.php?entryPoint=download&type=Notes&id={$id}";
$emailTemplateBodyHtml = str_replace("cache/images/{$match}", $secureLink, $emailTemplateBodyHtml);
unlink($file_location);
$preProcessedImages[$filename] = $id;
}
}
// if
}
// foreach
}
// if
if (isset($GLOBALS['check_notify'])) {
$check_notify = $GLOBALS['check_notify'];
} else {
$check_notify = FALSE;
}
$focus->body_html = $emailTemplateBodyHtml;
$return_id = $focus->save($check_notify);
///////////////////////////////////////////////////////////////////////////////
//// ATTACHMENT HANDLING
///////////////////////////////////////////////////////////////////////////
//// ADDING NEW ATTACHMENTS
$max_files_upload = count($_FILES);
if (!empty($focus->id)) {
$note = new Note();
$where = "notes.parent_id='{$focus->id}'";
if (!empty($_REQUEST['old_id'])) {
// to support duplication of email templates
$where .= " OR notes.parent_id='" . $_REQUEST['old_id'] . "'";
}
$notes_list = $note->get_full_list("", $where, true);
}
if (!isset($notes_list)) {
$notes_list = array();
}
if (!is_array($focus->attachments)) {
// PHP5 does not auto-create arrays(). Need to initialize it here.
$focus->attachments = array();
}
$focus->attachments = array_merge($focus->attachments, $notes_list);
//for($i = 0; $i < $max_files_upload; $i++) {
foreach ($_FILES as $key => $file) {
$note = new Note();
//Images are presaved above so we need to prevent duplicate files from being created.
if (isset($preProcessedImages[$file['name']])) {
$oldId = $preProcessedImages[$file['name']];
$note->id = $oldId;
$note->new_with_id = TRUE;
$GLOBALS['log']->debug("Image {$file['name']} has already been processed.");
}
$i = preg_replace("/email_attachment(.+)/", '$1', $key);
$upload_file = new UploadFile($key);
if (isset($_FILES[$key]) && $upload_file->confirm_upload() && preg_match("/^email_attachment/", $key)) {
$note->filename = $upload_file->get_stored_file_name();
$note->file = $upload_file;
$note->name = $mod_strings['LBL_EMAIL_ATTACHMENT'] . ': ' . $note->file->original_file_name;
if (isset($_REQUEST['embedded' . $i]) && !empty($_REQUEST['embedded' . $i])) {
if ($_REQUEST['embedded' . $i] == 'true') {
$note->embed_flag = true;
} else {
$note->embed_flag = false;
}
}
array_push($focus->attachments, $note);
}
}
$focus->saved_attachments = array();
foreach ($focus->attachments as $note) {
if (!empty($note->id) && $note->new_with_id === FALSE) {
if (empty($_REQUEST['old_id'])) {
array_push($focus->saved_attachments, $note);
} else {
// we're duplicating a template with attachments
// dupe the file, create a new note, assign the note to the new template
$newNote = new Note();
$newNote->retrieve($note->id);
$newNote->id = create_guid();
$newNote->parent_id = $focus->id;
$newNote->new_with_id = true;
$newNote->date_modified = '';
$newNote->date_entered = '';
$newNoteId = $newNote->save();
UploadFile::duplicate_file($note->id, $newNoteId, $note->filename);
}
continue;
}
$note->parent_id = $focus->id;
$note->parent_type = 'Emails';
$note->file_mime_type = $note->file->mime_type;
$note_id = $note->save();
array_push($focus->saved_attachments, $note);
$note->id = $note_id;
if ($note->new_with_id === FALSE) {
$note->file->final_move($note->id);
} else {
$GLOBALS['log']->debug("Not performing final move for note id {$note->id} as it has already been processed");
}
}
//// END NEW ATTACHMENTS
///////////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////////
//// ATTACHMENTS FROM DOCUMENTS
$count = '';
//_pp($_REQUEST);
//_ppd(count($_REQUEST['document']));
if (!empty($_REQUEST['document'])) {
$count = count($_REQUEST['document']);
} else {
$count = 10;
}
for ($i = 0; $i < $count; $i++) {
if (isset($_REQUEST['documentId' . $i]) && !empty($_REQUEST['documentId' . $i])) {
$doc = new Document();
$docRev = new DocumentRevision();
$docNote = new Note();
$doc->retrieve($_REQUEST['documentId' . $i]);
$docRev->retrieve($doc->document_revision_id);
array_push($focus->saved_attachments, $docRev);
$docNote->name = $doc->document_name;
$docNote->filename = $docRev->filename;
$docNote->description = $doc->description;
$docNote->parent_id = $focus->id;
$docNote->parent_type = 'Emails';
$docNote->file_mime_type = $docRev->file_mime_type;
$docId = $docNote = $docNote->save();
UploadFile::duplicate_file($docRev->id, $docId, $docRev->filename);
}
}
//// END ATTACHMENTS FROM DOCUMENTS
///////////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////////
//// REMOVE ATTACHMENTS
if (isset($_REQUEST['remove_attachment']) && !empty($_REQUEST['remove_attachment'])) {
foreach ($_REQUEST['remove_attachment'] as $noteId) {
$q = 'UPDATE notes SET deleted = 1 WHERE id = \'' . $noteId . '\'';
$focus->db->query($q);
}
}
//// END REMOVE ATTACHMENTS
///////////////////////////////////////////////////////////////////////////
//// END ATTACHMENT HANDLING
///////////////////////////////////////////////////////////////////////////////
clear_register_value('select_array', $focus->object_name);
if ($redirect) {
$GLOBALS['log']->debug("Saved record with id of " . $return_id);
handleRedirect($return_id, "EmailTemplates");
} else {
return $focus;
}
}
parse_str($remove_tabs_def, $REMOVE_ARR);
if (isset($_POST['id'])) {
sugar_die("Unauthorized access to administration.");
}
if (isset($_POST['record']) && !is_admin($current_user) && !$GLOBALS['current_user']->isAdminForModule('Users') && $_POST['record'] != $current_user->id) {
sugar_die("Unauthorized access to administration.");
} elseif (!isset($_POST['record']) && !is_admin($current_user) && !$GLOBALS['current_user']->isAdminForModule('Users')) {
sugar_die("Unauthorized access to user administration.");
}
$focus = new User();
$focus->retrieve($_POST['record']);
// Flag to determine whether to save a new password or not.
// Bug 43241 - Changed $focus->id to $focus->user_name to make sure that a system generated password is made when converting employee to user
if (empty($focus->user_name)) {
$newUser = true;
clear_register_value('user_array');
} else {
$newUser = false;
}
if (!$current_user->is_admin && !$GLOBALS['current_user']->isAdminForModule('Users') && $current_user->id != $focus->id) {
$GLOBALS['log']->fatal("SECURITY:Non-Admin " . $current_user->id . " attempted to change settings for user:"******"Location: index.php?module=Users&action=Logout");
exit;
}
if (!$current_user->is_admin && !$GLOBALS['current_user']->isAdminForModule('Users') && !empty($_POST['is_admin'])) {
$GLOBALS['log']->fatal("SECURITY:Non-Admin " . $current_user->id . " attempted to change is_admin settings for user:"******"Location: index.php?module=Users&action=Logout");
exit;
}
// Populate the custom fields
foreach ($focus->field_defs as $fieldName => $field) {
