function securexss($value) { if (is_array($value)) { $new = array(); foreach ($value as $key => $val) { $new[$key] = securexss($val); } return $new; } static $xss_cleanup = array('"' => '"', "'" => ''', '<' => '<', '>' => '>'); $value = preg_replace(array('/javascript:/i', '/\\0/'), array('java script:', ''), $value); $value = preg_replace('/javascript:/i', 'java script:', $value); return str_replace(array_keys($xss_cleanup), array_values($xss_cleanup), $value); }
function preprocess_param($value) { if (is_string($value)) { if (get_magic_quotes_gpc() == 1) { $value = stripslashes($value); } $value = securexss($value); } return $value; }
/** * Given a list of modules to search and a search string, return the id, module_name, along with the fields * We will support Accounts, Bug Tracker, Cases, Contacts, Leads, Opportunities, Project, ProjectTask, Quotes * * @param string $session - Session ID returned by a previous call to login. * @param string $search_string - string to search * @param string[] $modules - array of modules to query * @param int $offset - a specified offset in the query * @param int $max_results - max number of records to return * @param string $assigned_user_id - a user id to filter all records by, leave empty to exclude the filter * @param string[] $select_fields - An array of fields to return. If empty the default return fields will be from the active list view defs. * @param bool $unified_search_only - A boolean indicating if we should only search against those modules participating in the unified search. * @param bool $favorites - A boolean indicating if we should only search against records marked as favorites. * @return Array return_search_result - Array('Accounts' => array(array('name' => 'first_name', 'value' => 'John', 'name' => 'last_name', 'value' => 'Do'))) * @exception 'SoapFault' -- The SOAP error, if any */ function search_by_module($session, $search_string, $modules, $offset, $max_results, $assigned_user_id = '', $select_fields = array(), $unified_search_only = TRUE, $favorites = FALSE) { $GLOBALS['log']->info('Begin: SugarWebServiceImpl->search_by_module'); global $beanList, $beanFiles; global $sugar_config, $current_language; $error = new SoapError(); $output_list = array(); if (!self::$helperObject->checkSessionAndModuleAccess($session, 'invalid_session', '', '', '', $error)) { $error->set_error('invalid_login'); $GLOBALS['log']->error('End: SugarWebServiceImpl->search_by_module - FAILED on checkSessionAndModuleAccess'); return; } global $current_user; if ($max_results > 0) { $sugar_config['list_max_entries_per_page'] = $max_results; } require_once 'modules/Home/UnifiedSearchAdvanced.php'; require_once 'include/utils.php'; $usa = new UnifiedSearchAdvanced(); if (!file_exists($cachefile = sugar_cached('modules/unified_search_modules.php'))) { $usa->buildCache(); } include $cachefile; $modules_to_search = array(); $unified_search_modules['Users'] = array('fields' => array()); $unified_search_modules['ProjectTask'] = array('fields' => array()); //If we are ignoring the unified search flag within the vardef we need to re-create the search fields. This allows us to search //against a specific module even though it is not enabled for the unified search within the application. if (!$unified_search_only) { foreach ($modules as $singleModule) { if (!isset($unified_search_modules[$singleModule])) { $newSearchFields = array('fields' => self::$helperObject->generateUnifiedSearchFields($singleModule)); $unified_search_modules[$singleModule] = $newSearchFields; } } } foreach ($unified_search_modules as $module => $data) { if (in_array($module, $modules)) { $modules_to_search[$module] = $beanList[$module]; } // if } // foreach $GLOBALS['log']->info('SugarWebServiceImpl->search_by_module - search string = ' . $search_string); if (!empty($search_string) && isset($search_string)) { $search_string = trim($GLOBALS['db']->quote(securexss(from_html(clean_string($search_string, 'UNIFIED_SEARCH'))))); foreach ($modules_to_search as $name => $beanName) { $where_clauses_array = array(); $unifiedSearchFields = array(); foreach ($unified_search_modules[$name]['fields'] as $field => $def) { $unifiedSearchFields[$name][$field] = $def; $unifiedSearchFields[$name][$field]['value'] = $search_string; } require_once $beanFiles[$beanName]; $seed = new $beanName(); require_once 'include/SearchForm/SearchForm2.php'; if ($beanName == "User" || $beanName == "ProjectTask") { if (!self::$helperObject->check_modules_access($current_user, $seed->module_dir, 'read')) { continue; } // if if (!$seed->ACLAccess('ListView')) { continue; } // if } if ($beanName != "User" && $beanName != "ProjectTask") { $searchForm = new SearchForm($seed, $name); $searchForm->setup(array($name => array()), $unifiedSearchFields, '', 'saved_views'); $where_clauses = $searchForm->generateSearchWhere(); require_once 'include/SearchForm/SearchForm2.php'; $searchForm = new SearchForm($seed, $name); $searchForm->setup(array($name => array()), $unifiedSearchFields, '', 'saved_views'); $where_clauses = $searchForm->generateSearchWhere(); $emailQuery = false; $where = ''; if (count($where_clauses) > 0) { $where = '(' . implode(' ) OR ( ', $where_clauses) . ')'; } $mod_strings = return_module_language($current_language, $seed->module_dir); if (count($select_fields) > 0) { $filterFields = $select_fields; } else { if (file_exists('custom/modules/' . $seed->module_dir . '/metadata/listviewdefs.php')) { require_once 'custom/modules/' . $seed->module_dir . '/metadata/listviewdefs.php'; } else { require_once 'modules/' . $seed->module_dir . '/metadata/listviewdefs.php'; } $filterFields = array(); foreach ($listViewDefs[$seed->module_dir] as $colName => $param) { if (!empty($param['default']) && $param['default'] == true) { $filterFields[] = strtolower($colName); } } if (!in_array('id', $filterFields)) { $filterFields[] = 'id'; } } //Pull in any db fields used for the unified search query so the correct joins will be added $selectOnlyQueryFields = array(); foreach ($unifiedSearchFields[$name] as $field => $def) { if (isset($def['db_field']) && !in_array($field, $filterFields)) { $filterFields[] = $field; $selectOnlyQueryFields[] = $field; } } //Add the assigned user filter if applicable if (!empty($assigned_user_id) && isset($seed->field_defs['assigned_user_id'])) { $ownerWhere = $seed->getOwnerWhere($assigned_user_id); $where = "({$where}) AND {$ownerWhere}"; } if ($beanName == "Employee") { $where = "({$where}) AND users.deleted = 0 AND users.is_group = 0 AND users.employee_status = 'Active'"; } $list_params = array(); $ret_array = $seed->create_new_list_query('', $where, $filterFields, $list_params, 0, '', true, $seed, true); if (empty($params) or !is_array($params)) { $params = array(); } if (!isset($params['custom_select'])) { $params['custom_select'] = ''; } if (!isset($params['custom_from'])) { $params['custom_from'] = ''; } if (!isset($params['custom_where'])) { $params['custom_where'] = ''; } if (!isset($params['custom_order_by'])) { $params['custom_order_by'] = ''; } $main_query = $ret_array['select'] . $params['custom_select'] . $ret_array['from'] . $params['custom_from'] . $ret_array['where'] . $params['custom_where'] . $ret_array['order_by'] . $params['custom_order_by']; } else { if ($beanName == "User") { $filterFields = array('id', 'user_name', 'first_name', 'last_name', 'email_address'); $main_query = "select users.id, ea.email_address, users.user_name, first_name, last_name from users "; $main_query = $main_query . " LEFT JOIN email_addr_bean_rel eabl ON eabl.bean_module = '{$seed->module_dir}'\n LEFT JOIN email_addresses ea ON (ea.id = eabl.email_address_id) "; $main_query = $main_query . "where ((users.first_name like '{$search_string}') or (users.last_name like '{$search_string}') or (users.user_name like '{$search_string}') or (ea.email_address like '{$search_string}')) and users.deleted = 0 and users.is_group = 0 and users.employee_status = 'Active'"; } // if if ($beanName == "ProjectTask") { $filterFields = array('id', 'name', 'project_id', 'project_name'); $main_query = "select {$seed->table_name}.project_task_id id,{$seed->table_name}.project_id, {$seed->table_name}.name, project.name project_name from {$seed->table_name} "; $seed->add_team_security_where_clause($main_query); $main_query .= "LEFT JOIN teams ON {$seed->table_name}.team_id=teams.id AND (teams.deleted=0) "; $main_query .= "LEFT JOIN project ON {$seed->table_name}.project_id = project.id "; $main_query .= "where {$seed->table_name}.name like '{$search_string}%'"; } // if } // else $GLOBALS['log']->info('SugarWebServiceImpl->search_by_module - query = ' . $main_query); if ($max_results < -1) { $result = $seed->db->query($main_query); } else { if ($max_results == -1) { $limit = $sugar_config['list_max_entries_per_page']; } else { $limit = $max_results; } $result = $seed->db->limitQuery($main_query, $offset, $limit + 1); } $rowArray = array(); while ($row = $seed->db->fetchByAssoc($result)) { $nameValueArray = array(); foreach ($filterFields as $field) { if (in_array($field, $selectOnlyQueryFields)) { continue; } $nameValue = array(); if (isset($row[$field])) { $nameValueArray[$field] = self::$helperObject->get_name_value($field, $row[$field]); } // if } // foreach $rowArray[] = $nameValueArray; } // while $output_list[] = array('name' => $name, 'records' => $rowArray); } // foreach $GLOBALS['log']->info('End: SugarWebServiceImpl->search_by_module'); return array('entry_list' => $output_list); } // if return array('entry_list' => $output_list); }
/** * search * * Search function run when user goes to Show All and runs a search again. This outputs the search results * calling upon the various listview display functions for each module searched on. * * Todo: Sync this up with SugarSpot.php search method. * * */ function search() { $unified_search_modules = $this->getUnifiedSearchModules(); $unified_search_modules_display = $this->getUnifiedSearchModulesDisplay(); require_once 'include/ListView/ListViewSmarty.php'; global $modListHeader, $beanList, $beanFiles, $current_language, $app_strings, $current_user, $mod_strings; $home_mod_strings = return_module_language($current_language, 'Home'); $this->query_string = $GLOBALS['db']->quote(securexss(from_html(clean_string($this->query_string, 'UNIFIED_SEARCH')))); if (!empty($_REQUEST['advanced']) && $_REQUEST['advanced'] != 'false') { $modules_to_search = array(); if (!empty($_REQUEST['search_modules'])) { foreach (explode(',', $_REQUEST['search_modules']) as $key) { if (isset($unified_search_modules_display[$key]) && !empty($unified_search_modules_display[$key]['visible'])) { $modules_to_search[$key] = $beanList[$key]; } } } $current_user->setPreference('showGSDiv', isset($_REQUEST['showGSDiv']) ? $_REQUEST['showGSDiv'] : 'no', 0, 'search'); $current_user->setPreference('globalSearch', $modules_to_search, 0, 'search'); // save selections to user preference } else { $users_modules = $current_user->getPreference('globalSearch', 'search'); $modules_to_search = array(); if (!empty($users_modules)) { // use user's previous selections foreach ($users_modules as $key => $value) { if (isset($unified_search_modules_display[$key]) && !empty($unified_search_modules_display[$key]['visible'])) { $modules_to_search[$key] = $beanList[$key]; } } } else { foreach ($unified_search_modules_display as $module => $data) { if (!empty($data['visible'])) { $modules_to_search[$module] = $beanList[$module]; } } } $current_user->setPreference('globalSearch', $modules_to_search, 'search'); } $templateFile = 'modules/Home/UnifiedSearchAdvancedForm.tpl'; if (file_exists('custom/' . $templateFile)) { $templateFile = 'custom/' . $templateFile; } echo $this->getDropDownDiv($templateFile); $module_results = array(); $module_counts = array(); $has_results = false; if (!empty($this->query_string)) { foreach ($modules_to_search as $moduleName => $beanName) { require_once $beanFiles[$beanName]; $seed = new $beanName(); $lv = new ListViewSmarty(); $lv->lvd->additionalDetails = false; $mod_strings = return_module_language($current_language, $seed->module_dir); //retrieve the original list view defs and store for processing in case of custom layout changes require 'modules/' . $seed->module_dir . '/metadata/listviewdefs.php'; $orig_listViewDefs = $listViewDefs; if (file_exists('custom/modules/' . $seed->module_dir . '/metadata/listviewdefs.php')) { require 'custom/modules/' . $seed->module_dir . '/metadata/listviewdefs.php'; } if (!isset($listViewDefs) || !isset($listViewDefs[$seed->module_dir])) { continue; } $unifiedSearchFields = array(); $innerJoins = array(); foreach ($unified_search_modules[$moduleName]['fields'] as $field => $def) { $listViewCheckField = strtoupper($field); //check to see if the field is in listview defs if (empty($listViewDefs[$seed->module_dir][$listViewCheckField]['default'])) { //check to see if field is in original list view defs (in case we are using custom layout defs) if (!empty($orig_listViewDefs[$seed->module_dir][$listViewCheckField]['default'])) { //if we are here then the layout has been customized, but the field is still needed for query creation $listViewDefs[$seed->module_dir][$listViewCheckField] = $orig_listViewDefs[$seed->module_dir][$listViewCheckField]; } } //bug: 34125 we might want to try to use the LEFT JOIN operator instead of the INNER JOIN in the case we are //joining against a field that has not been populated. if (!empty($def['innerjoin'])) { if (empty($def['db_field'])) { continue; } $innerJoins[$field] = $def; $def['innerjoin'] = str_replace('INNER', 'LEFT', $def['innerjoin']); } if (isset($seed->field_defs[$field]['type'])) { $type = $seed->field_defs[$field]['type']; if ($type == 'int' && !is_numeric($this->query_string)) { continue; } } $unifiedSearchFields[$moduleName][$field] = $def; $unifiedSearchFields[$moduleName][$field]['value'] = $this->query_string; } /* * Use searchForm2->generateSearchWhere() to create the search query, as it can generate SQL for the full set of comparisons required * generateSearchWhere() expects to find the search conditions for a field in the 'value' parameter of the searchFields entry for that field */ require_once $beanFiles[$beanName]; $seed = new $beanName(); require_once $this->searchFormPath; $searchForm = new $this->searchFormClass($seed, $moduleName); $searchForm->setup(array($moduleName => array()), $unifiedSearchFields, '', 'saved_views'); $where_clauses = $searchForm->generateSearchWhere(); //add inner joins back into the where clause $params = array('custom_select' => ""); foreach ($innerJoins as $field => $def) { if (isset($def['db_field'])) { foreach ($def['db_field'] as $dbfield) { $where_clauses[] = $dbfield . " LIKE '" . $this->query_string . "%'"; } $params['custom_select'] .= ", {$dbfield}"; $params['distinct'] = true; //$filterFields[$dbfield] = $dbfield; } } if (count($where_clauses) > 0) { $where = '((' . implode(' ) OR ( ', $where_clauses) . '))'; } else { /* Clear $where from prev. module if in current module $where_clauses */ $where = ''; } $displayColumns = array(); foreach ($listViewDefs[$seed->module_dir] as $colName => $param) { if (!empty($param['default']) && $param['default'] == true) { $param['url_sort'] = true; //bug 27933 $displayColumns[$colName] = $param; } } if (count($displayColumns) > 0) { $lv->displayColumns = $displayColumns; } else { $lv->displayColumns = $listViewDefs[$seed->module_dir]; } $lv->export = false; $lv->mergeduplicates = false; $lv->multiSelect = false; $lv->delete = false; $lv->select = false; $lv->showMassupdateFields = false; $lv->email = false; $lv->setup($seed, 'include/ListView/ListViewNoMassUpdate.tpl', $where, $params, 0, 10); $module_results[$moduleName] = '<br /><br />' . get_form_header($GLOBALS['app_list_strings']['moduleList'][$seed->module_dir] . ' (' . $lv->data['pageData']['offsets']['total'] . ')', '', false); $module_counts[$moduleName] = $lv->data['pageData']['offsets']['total']; if ($lv->data['pageData']['offsets']['total'] == 0) { //$module_results[$moduleName] .= "<li class='noBullet' id='whole_subpanel_{$moduleName}'><div id='div_{$moduleName}'><h2>" . $home_mod_strings['LBL_NO_RESULTS_IN_MODULE'] . '</h2></div></li>'; $module_results[$moduleName] .= '<h2>' . $home_mod_strings['LBL_NO_RESULTS_IN_MODULE'] . '</h2>'; } else { $has_results = true; //$module_results[$moduleName] .= "<li class='noBullet' id='whole_subpanel_{$moduleName}'><div id='div_{$moduleName}'>" . $lv->display(false, false) . '</div></li>'; $module_results[$moduleName] .= $lv->display(false, false); } } } if ($has_results) { foreach ($module_counts as $name => $value) { echo $module_results[$name]; } } else { if (empty($_REQUEST['form_only'])) { echo $home_mod_strings['LBL_NO_RESULTS']; echo $home_mod_strings['LBL_NO_RESULTS_TIPS']; } } }
function display() { global $popupMeta, $mod_strings; if ($this->bean instanceof SugarBean && !$this->bean->ACLAccess('list')) { ACLController::displayNoAccess(); sugar_cleanup(true); } if (isset($_REQUEST['metadata']) && strpos($_REQUEST['metadata'], "..") !== false) { die("Directory navigation attack denied."); } if (!empty($_REQUEST['metadata']) && $_REQUEST['metadata'] != 'undefined' && file_exists('custom/modules/' . $this->module . '/metadata/' . $_REQUEST['metadata'] . '.php')) { require 'custom/modules/' . $this->module . '/metadata/' . $_REQUEST['metadata'] . '.php'; } elseif (!empty($_REQUEST['metadata']) && $_REQUEST['metadata'] != 'undefined' && file_exists('modules/' . $this->module . '/metadata/' . $_REQUEST['metadata'] . '.php')) { require 'modules/' . $this->module . '/metadata/' . $_REQUEST['metadata'] . '.php'; } elseif (file_exists('custom/modules/' . $this->module . '/metadata/popupdefs.php')) { require 'custom/modules/' . $this->module . '/metadata/popupdefs.php'; } elseif (file_exists('modules/' . $this->module . '/metadata/popupdefs.php')) { require 'modules/' . $this->module . '/metadata/popupdefs.php'; } if (!empty($popupMeta) && !empty($popupMeta['listviewdefs'])) { if (is_array($popupMeta['listviewdefs'])) { //if we have an array, then we are not going to include a file, but rather the //listviewdefs will be defined directly in the popupdefs file $listViewDefs[$this->module] = $popupMeta['listviewdefs']; } else { //otherwise include the file require_once $popupMeta['listviewdefs']; } } elseif (file_exists('custom/modules/' . $this->module . '/metadata/listviewdefs.php')) { require_once 'custom/modules/' . $this->module . '/metadata/listviewdefs.php'; } elseif (file_exists('modules/' . $this->module . '/metadata/listviewdefs.php')) { require_once 'modules/' . $this->module . '/metadata/listviewdefs.php'; } //check for searchdefs as well if (!empty($popupMeta) && !empty($popupMeta['searchdefs'])) { if (is_array($popupMeta['searchdefs'])) { //if we have an array, then we are not going to include a file, but rather the //searchdefs will be defined directly in the popupdefs file $searchdefs[$this->module]['layout']['advanced_search'] = $popupMeta['searchdefs']; } else { //otherwise include the file require_once $popupMeta['searchdefs']; } } else { if (empty($searchdefs) && file_exists('custom/modules/' . $this->module . '/metadata/searchdefs.php')) { require_once 'custom/modules/' . $this->module . '/metadata/searchdefs.php'; } else { if (empty($searchdefs) && file_exists('modules/' . $this->module . '/metadata/searchdefs.php')) { require_once 'modules/' . $this->module . '/metadata/searchdefs.php'; } } } //if you click the pagination button, it will populate the search criteria here if (!empty($this->bean) && isset($_REQUEST[$this->module . '2_' . strtoupper($this->bean->object_name) . '_offset'])) { if (!empty($_REQUEST['current_query_by_page'])) { $blockVariables = array('mass', 'uid', 'massupdate', 'delete', 'merge', 'selectCount', 'sortOrder', 'orderBy', 'request_data', 'current_query_by_page'); $current_query_by_page = unserialize(base64_decode($_REQUEST['current_query_by_page'])); foreach ($current_query_by_page as $search_key => $search_value) { if ($search_key != $this->module . '2_' . strtoupper($this->bean->object_name) . '_offset' && !in_array($search_key, $blockVariables)) { if (!is_array($search_value)) { $_REQUEST[$search_key] = securexss($search_value); } else { foreach ($search_value as $key => &$val) { $val = securexss($val); } $_REQUEST[$search_key] = $search_value; } } } } } if (!empty($listViewDefs) && !empty($searchdefs)) { require_once 'include/Popups/PopupSmarty.php'; $displayColumns = array(); $filter_fields = array(); $popup = new PopupSmarty($this->bean, $this->module); foreach ($listViewDefs[$this->module] as $col => $params) { $filter_fields[strtolower($col)] = true; if (!empty($params['related_fields'])) { foreach ($params['related_fields'] as $field) { //id column is added by query construction function. This addition creates duplicates //and causes issues in oracle. #10165 if ($field != 'id') { $filter_fields[$field] = true; } } } if (!empty($params['default']) && $params['default']) { $displayColumns[$col] = $params; } } $popup->displayColumns = $displayColumns; $popup->filter_fields = $filter_fields; $popup->mergeDisplayColumns = true; //check to see if popupdefs contains searchdefs $popup->_popupMeta = $popupMeta; $popup->listviewdefs = $listViewDefs; $popup->searchdefs = $searchdefs; if (isset($_REQUEST['query'])) { $popup->searchForm->populateFromRequest(); } $massUpdateData = ''; if (isset($_REQUEST['mass'])) { foreach (array_unique($_REQUEST['mass']) as $record) { $massUpdateData .= "<input style='display: none' checked type='checkbox' name='mass[]' value='{$record}'>\n"; } } $popup->massUpdateData = $massUpdateData; $tpl = 'include/Popups/tpls/PopupGeneric.tpl'; if (file_exists($this->getCustomFilePathIfExists("modules/{$this->module}/tpls/popupGeneric.tpl"))) { $tpl = $this->getCustomFilePathIfExists("modules/{$this->module}/tpls/popupGeneric.tpl"); } if (file_exists($this->getCustomFilePathIfExists("modules/{$this->module}/tpls/popupHeader.tpl"))) { $popup->headerTpl = $this->getCustomFilePathIfExists("modules/{$this->module}/tpls/popupHeader.tpl"); } if (file_exists($this->getCustomFilePathIfExists("modules/{$this->module}/tpls/popupFooter.tpl"))) { $popup->footerTpl = $this->getCustomFilePathIfExists("modules/{$this->module}/tpls/popupFooter.tpl"); } $popup->setup($tpl); //We should at this point show the header and javascript even if to_pdf is true. //The insert_popup_header javascript is incomplete and shouldn't be relied on. if (isset($this->options['show_all']) && $this->options['show_all'] == false) { unset($this->options['show_all']); $this->options['show_javascript'] = true; $this->options['show_header'] = true; $this->_displayJavascript(); } insert_popup_header(null, false); if (isset($this->override_popup['template_data']) && is_array($this->override_popup['template_data'])) { $popup->th->ss->assign($this->override_popup['template_data']); } echo $popup->display(); } else { if (file_exists('modules/' . $this->module . '/Popup_picker.php')) { require_once 'modules/' . $this->module . '/Popup_picker.php'; } else { require_once 'include/Popups/Popup_picker.php'; } $popup = new Popup_Picker(); $popup->_hide_clear_button = true; echo $popup->process_page(); } }
function listViewPrepare() { $module = $GLOBALS['module']; $metadataFile = $this->getMetaDataFile(); if (!file_exists($metadataFile)) { sugar_die($GLOBALS['app_strings']['LBL_NO_ACTION']); } require $metadataFile; $this->listViewDefs = $listViewDefs; if (!empty($this->bean->object_name) && isset($_REQUEST[$module . '2_' . strtoupper($this->bean->object_name) . '_offset'])) { //if you click the pagination button, it will populate the search criteria here if (!empty($_REQUEST['current_query_by_page'])) { //The code support multi browser tabs pagination $blockVariables = array('mass', 'uid', 'massupdate', 'delete', 'merge', 'selectCount', 'request_data', 'current_query_by_page', $module . '2_' . strtoupper($this->bean->object_name) . '_ORDER_BY'); if (isset($_REQUEST['lvso'])) { $blockVariables[] = 'lvso'; } $current_query_by_page = sugar_unserialize(base64_decode($_REQUEST['current_query_by_page'])); foreach ($current_query_by_page as $search_key => $search_value) { if ($search_key != $module . '2_' . strtoupper($this->bean->object_name) . '_offset' && !in_array($search_key, $blockVariables)) { if (!is_array($search_value)) { $_REQUEST[$search_key] = securexss($search_value); } else { foreach ($search_value as $key => &$val) { $val = securexss($val); } $_REQUEST[$search_key] = $search_value; } } } } } if (!empty($_REQUEST['saved_search_select'])) { if ($_REQUEST['saved_search_select'] == '_none' || !empty($_REQUEST['button'])) { $_SESSION['LastSavedView'][$_REQUEST['module']] = ''; unset($_REQUEST['saved_search_select']); unset($_REQUEST['saved_search_select_name']); //use the current search module, or the current module to clear out layout changes if (!empty($_REQUEST['search_module']) || !empty($_REQUEST['module'])) { $mod = !empty($_REQUEST['search_module']) ? $_REQUEST['search_module'] : $_REQUEST['module']; global $current_user; //Reset the current display columns to default. $current_user->setPreference('ListViewDisplayColumns', array(), 0, $mod); } } else { if (empty($_REQUEST['button']) && (empty($_REQUEST['clear_query']) || $_REQUEST['clear_query'] != 'true')) { $this->saved_search = loadBean('SavedSearch'); $this->saved_search->retrieveSavedSearch($_REQUEST['saved_search_select']); $this->saved_search->populateRequest(); } elseif (!empty($_REQUEST['button'])) { // click the search button, after retrieving from saved_search $_SESSION['LastSavedView'][$_REQUEST['module']] = ''; unset($_REQUEST['saved_search_select']); unset($_REQUEST['saved_search_select_name']); } } } $this->storeQuery = new StoreQuery(); if (!isset($_REQUEST['query'])) { $this->storeQuery->loadQuery($this->module); $this->storeQuery->populateRequest(); } else { $this->storeQuery->saveFromRequest($this->module); } $this->seed = $this->bean; $displayColumns = array(); if (!empty($_REQUEST['displayColumns'])) { foreach (explode('|', $_REQUEST['displayColumns']) as $num => $col) { if (!empty($this->listViewDefs[$module][$col])) { $displayColumns[$col] = $this->listViewDefs[$module][$col]; } } } else { foreach ($this->listViewDefs[$module] as $col => $this->params) { if (!empty($this->params['default']) && $this->params['default']) { $displayColumns[$col] = $this->params; } } } $this->params = array('massupdate' => true); if (!empty($_REQUEST['orderBy'])) { $this->params['orderBy'] = $_REQUEST['orderBy']; $this->params['overrideOrder'] = true; if (!empty($_REQUEST['sortOrder'])) { $this->params['sortOrder'] = $_REQUEST['sortOrder']; } } $this->lv->displayColumns = $displayColumns; $this->module = $module; $this->prepareSearchForm(); if (isset($this->options['show_title']) && $this->options['show_title']) { $moduleName = isset($this->seed->module_dir) ? $this->seed->module_dir : $GLOBALS['mod_strings']['LBL_MODULE_NAME']; echo $this->getModuleTitle(true); } }
function preprocess_param($value) { if (is_string($value)) { if (get_magic_quotes_gpc() == 1) { $value = stripslashes($value); } $value = securexss($value); } else { if (is_array($value)) { foreach ($value as $key => $element) { $value[$key] = preprocess_param($element); } } } return $value; }
function search() { if (!file_exists($GLOBALS['sugar_config']['cache_dir'] . 'modules/unified_search_modules.php')) { $this->buildCache(); } include $GLOBALS['sugar_config']['cache_dir'] . 'modules/unified_search_modules.php'; require_once 'include/ListView/ListViewSmarty.php'; global $modListHeader, $beanList, $beanFiles, $current_language, $app_strings, $current_user, $mod_strings; $home_mod_strings = return_module_language($current_language, 'Home'); $overlib = true; $this->query_string = $GLOBALS['db']->quote(securexss(from_html(clean_string($this->query_string, 'UNIFIED_SEARCH')))); if (!empty($_REQUEST['advanced']) && $_REQUEST['advanced'] != 'false') { $modules_to_search = array(); foreach ($_REQUEST as $param => $value) { if (preg_match('/^search_mod_(.*)$/', $param, $match)) { $modules_to_search[$match[1]] = $beanList[$match[1]]; } } $current_user->setPreference('globalSearch', $modules_to_search, 0, 'search'); // save selections to user preference } else { $users_modules = $current_user->getPreference('globalSearch', 'search'); if (isset($users_modules)) { // use user's previous selections foreach ($users_modules as $key => $value) { if (isset($unified_search_modules[$key])) { $modules_to_search[$key] = $value; } } } else { // select all the modules (ie first time user has used global search) foreach ($unified_search_modules as $module => $data) { if (!empty($data['default'])) { $modules_to_search[$module] = $beanList[$module]; } } } $current_user->setPreference('globalSearch', $modules_to_search, 'search'); } echo $this->getDropDownDiv('modules/Home/UnifiedSearchAdvancedForm.tpl'); $module_results = array(); $module_counts = array(); $has_results = false; if (!empty($this->query_string)) { foreach ($modules_to_search as $moduleName => $beanName) { $unifiedSearchFields = array(); $innerJoins = array(); foreach ($unified_search_modules[$moduleName]['fields'] as $field => $def) { //bug: 34125 we might want to try to use the LEFT JOIN operator instead of the INNER JOIN in the case we are //joining against a field that has not been populated. if (!empty($def['innerjoin'])) { if (empty($def['db_field'])) { continue; } $innerJoins[$field] = $def; $def['innerjoin'] = str_replace('INNER', 'LEFT', $def['innerjoin']); } $unifiedSearchFields[$moduleName][$field] = $def; $unifiedSearchFields[$moduleName][$field]['value'] = $this->query_string; } /* * Use searchForm2->generateSearchWhere() to create the search query, as it can generate SQL for the full set of comparisons required * generateSearchWhere() expects to find the search conditions for a field in the 'value' parameter of the searchFields entry for that field */ require_once $beanFiles[$beanName]; $seed = new $beanName(); require_once 'include/SearchForm/SearchForm2.php'; $searchForm = new SearchForm($seed, $moduleName); $searchForm->setup(array($moduleName => array()), $unifiedSearchFields, '', 'saved_views'); $where_clauses = $searchForm->generateSearchWhere(); //add inner joins back into the where clause $params = array('custom_select' => ""); foreach ($innerJoins as $field => $def) { if (isset($def['db_field'])) { foreach ($def['db_field'] as $dbfield) { $where_clauses[] = $dbfield . " LIKE '" . $this->query_string . "%'"; } $params['custom_select'] .= ", {$dbfield}"; $params['distinct'] = true; //$filterFields[$dbfield] = $dbfield; } } if (count($where_clauses) > 0) { $where = '((' . implode(' ) OR ( ', $where_clauses) . '))'; } $lv = new ListViewSmarty(); $lv->lvd->additionalDetails = false; $mod_strings = return_module_language($current_language, $seed->module_dir); if (file_exists('custom/modules/' . $seed->module_dir . '/metadata/listviewdefs.php')) { require_once 'custom/modules/' . $seed->module_dir . '/metadata/listviewdefs.php'; } else { require_once 'modules/' . $seed->module_dir . '/metadata/listviewdefs.php'; } if (!isset($listViewDefs) || !isset($listViewDefs[$seed->module_dir])) { continue; } $displayColumns = array(); foreach ($listViewDefs[$seed->module_dir] as $colName => $param) { if (!empty($param['default']) && $param['default'] == true) { $param['url_sort'] = true; //bug 27933 $displayColumns[$colName] = $param; } } if (count($displayColumns) > 0) { $lv->displayColumns = $displayColumns; } else { $lv->displayColumns = $listViewDefs[$seed->module_dir]; } $lv->export = false; $lv->mergeduplicates = false; $lv->multiSelect = false; $lv->delete = false; $lv->select = false; $lv->showMassupdateFields = false; if ($overlib) { $lv->overlib = true; $overlib = false; } else { $lv->overlib = false; } $lv->setup($seed, 'include/ListView/ListViewGeneric.tpl', $where, $params, 0, 10); $module_results[$moduleName] = '<br /><br />' . get_form_header($GLOBALS['app_list_strings']['moduleList'][$seed->module_dir] . ' (' . $lv->data['pageData']['offsets']['total'] . ')', '', false); $module_counts[$moduleName] = $lv->data['pageData']['offsets']['total']; if ($lv->data['pageData']['offsets']['total'] == 0) { $module_results[$moduleName] .= '<h2>' . $home_mod_strings['LBL_NO_RESULTS_IN_MODULE'] . '</h2>'; } else { $has_results = true; $module_results[$moduleName] .= $lv->display(false, false); } } } if ($has_results) { arsort($module_counts); foreach ($module_counts as $name => $value) { echo $module_results[$name]; } } else { echo '<br>'; echo $home_mod_strings['LBL_NO_RESULTS']; echo $home_mod_strings['LBL_NO_RESULTS_TIPS']; } }
function search() { if (!file_exists($GLOBALS['sugar_config']['cache_dir'] . 'modules/unified_search_modules.php')) { $this->buildCache(); } include $GLOBALS['sugar_config']['cache_dir'] . 'modules/unified_search_modules.php'; require_once 'include/ListView/ListViewSmarty.php'; global $modListHeader, $beanList, $beanFiles, $current_language, $app_strings, $current_user, $mod_strings; $home_mod_strings = return_module_language($current_language, 'Home'); $overlib = true; $_REQUEST['query_string'] = $GLOBALS['db']->quote(securexss(from_html(clean_string($_REQUEST['query_string'], 'UNIFIED_SEARCH')))); if (!empty($_REQUEST['advanced']) && $_REQUEST['advanced'] != 'false') { $modules_to_search = array(); foreach ($_REQUEST as $param => $value) { if (preg_match('/^search_mod_(.*)$/', $param, $match)) { $modules_to_search[$match[1]] = $beanList[$match[1]]; } } $current_user->setPreference('globalSearch', $modules_to_search, 0, 'search'); // save selections to user preference } else { $users_modules = $current_user->getPreference('globalSearch', 'search'); if (isset($users_modules)) { // use user's previous selections $modules_to_search = $users_modules; } else { // select all the modules (ie first time user has used global search) foreach ($unified_search_modules as $module => $data) { $modules_to_search[$module] = $beanList[$module]; } $current_user->setPreference('globalSearch', $modules_to_search, 'search'); } } echo $this->getDropDownDiv('modules/Home/UnifiedSearchAdvancedForm.tpl'); $module_results = array(); $module_counts = array(); $has_results = false; if (!empty($_REQUEST['query_string'])) { // MFH BUG 15404: Added support to trim off whitespace at the beginning and end of a search string $_REQUEST['query_string'] = trim($_REQUEST['query_string']); foreach ($modules_to_search as $moduleName => $beanName) { if (array_key_exists($moduleName, $modListHeader)) { $unifiedSearchFields = array(); foreach ($unified_search_modules[$moduleName]['fields'] as $field => $def) { $unifiedSearchFields[$moduleName][$field] = $def; $unifiedSearchFields[$moduleName][$field]['value'] = $_REQUEST['query_string']; } /* * Use searchForm2->generateSearchWhere() to create the search query, as it can generate SQL for the full set of comparisons required * generateSearchWhere() expects to find the search conditions for a field in the 'value' parameter of the searchFields entry for that field */ require_once $beanFiles[$beanName]; $seed = new $beanName(); require_once 'include/SearchForm/SearchForm2.php'; $searchForm = new SearchForm($seed, $moduleName); $searchForm->setup(array($moduleName => array()), $unifiedSearchFields, '', 'saved_views'); $where_clauses = $searchForm->generateSearchWhere(); if (count($where_clauses) > 0) { $where = '(' . implode(' ) OR ( ', $where_clauses) . ')'; } $lv = new ListViewSmarty(); $lv->lvd->additionalDetails = false; $mod_strings = return_module_language($current_language, $seed->module_dir); if (file_exists('custom/modules/' . $seed->module_dir . '/metadata/listviewdefs.php')) { require_once 'custom/modules/' . $seed->module_dir . '/metadata/listviewdefs.php'; } else { require_once 'modules/' . $seed->module_dir . '/metadata/listviewdefs.php'; } $displayColumns = array(); foreach ($listViewDefs[$seed->module_dir] as $colName => $param) { if (!empty($param['default']) && $param['default'] == true) { $param['url_sort'] = true; //bug 27933 $displayColumns[$colName] = $param; } } if (count($displayColumns) > 0) { $lv->displayColumns = $displayColumns; } else { $lv->displayColumns = $listViewDefs[$seed->module_dir]; } $lv->export = false; $lv->mergeduplicates = false; $lv->multiSelect = false; $lv->delete = false; $lv->select = false; if ($overlib) { $lv->overlib = true; $overlib = false; } else { $lv->overlib = false; } $lv->setup($seed, 'include/ListView/ListViewGeneric.tpl', $where, 0, 10); $module_results[$moduleName] = '<br /><br />' . get_form_header($GLOBALS['app_list_strings']['moduleList'][$seed->module_dir] . ' (' . $lv->data['pageData']['offsets']['total'] . ')', '', false); $module_counts[$moduleName] = $lv->data['pageData']['offsets']['total']; if ($lv->data['pageData']['offsets']['total'] == 0) { $module_results[$moduleName] .= '<h2>' . $home_mod_strings['LBL_NO_RESULTS_IN_MODULE'] . '</h2>'; } else { $has_results = true; $module_results[$moduleName] .= $lv->display(false, false); } } } } if ($has_results) { arsort($module_counts); foreach ($module_counts as $name => $value) { echo $module_results[$name]; } } else { echo '<br>'; echo $home_mod_strings['LBL_NO_RESULTS']; echo $home_mod_strings['LBL_NO_RESULTS_TIPS']; } }
/** * Given a list of modules to search and a search string, return the id, module_name, along with the fields * We will support Accounts, Bug Tracker, Cases, Contacts, Leads, Opportunities, Project, ProjectTask, Quotes * * @param string $session - Session ID returned by a previous call to login. * @param string $search_string - string to search * @param string[] $modules - array of modules to query * @param int $offset - a specified offset in the query * @param int $max_results - max number of records to return * @return Array 'entry_list' -- Array('Accounts' => array(array('name' => 'first_name', 'value' => 'John', 'name' => 'last_name', 'value' => 'Do'))) * @exception 'SoapFault' -- The SOAP error, if any */ function search_by_module($session, $search_string, $modules, $offset, $max_results) { $GLOBALS['log']->info('Begin: SugarWebServiceImpl->search_by_module'); global $beanList, $beanFiles; global $sugar_config, $current_language; $error = new SoapError(); $output_list = array(); if (!self::$helperObject->checkSessionAndModuleAccess($session, 'invalid_session', '', '', '', $error)) { $error->set_error('invalid_login'); $GLOBALS['log']->info('End: SugarWebServiceImpl->search_by_module'); return; } global $current_user; if ($max_results > 0) { $sugar_config['list_max_entries_per_page'] = $max_results; } require_once 'modules/Home/UnifiedSearchAdvanced.php'; require_once 'include/utils.php'; $usa = new UnifiedSearchAdvanced(); if (!file_exists($cachedfile = sugar_cached('modules/unified_search_modules.php'))) { $usa->buildCache(); } include $cachedfile; $modules_to_search = array(); $unified_search_modules['Users'] = array('fields' => array()); $unified_search_modules['ProjectTask'] = array('fields' => array()); foreach ($unified_search_modules as $module => $data) { if (in_array($module, $modules)) { $modules_to_search[$module] = $beanList[$module]; } // if } // foreach $GLOBALS['log']->info('SugarWebServiceImpl->search_by_module - search string = ' . $search_string); if (!empty($search_string) && isset($search_string)) { $search_string = trim($GLOBALS['db']->quote(securexss(from_html(clean_string($search_string, 'UNIFIED_SEARCH'))))); foreach ($modules_to_search as $name => $beanName) { $where_clauses_array = array(); $unifiedSearchFields = array(); foreach ($unified_search_modules[$name]['fields'] as $field => $def) { $unifiedSearchFields[$name][$field] = $def; $unifiedSearchFields[$name][$field]['value'] = $search_string; } $seed = BeanFactory::getBean($name); require_once 'include/SearchForm/SearchForm2.php'; if ($beanName == "User" || $beanName == "ProjectTask") { if (!self::$helperObject->check_modules_access($current_user, $seed->module_dir, 'read')) { continue; } // if if (!$seed->ACLAccess('ListView')) { continue; } // if } if ($beanName != "User" && $beanName != "ProjectTask") { $searchForm = new SearchForm($seed, $name); $searchForm->setup(array($name => array()), $unifiedSearchFields, '', 'saved_views'); $where_clauses = $searchForm->generateSearchWhere(); require_once 'include/SearchForm/SearchForm2.php'; $searchForm = new SearchForm($seed, $name); $searchForm->setup(array($name => array()), $unifiedSearchFields, '', 'saved_views'); $where_clauses = $searchForm->generateSearchWhere(); $emailQuery = false; $where = ''; if (count($where_clauses) > 0) { $where = '(' . implode(' ) OR ( ', $where_clauses) . ')'; } $mod_strings = return_module_language($current_language, $seed->module_dir); require_once SugarAutoLoader::loadWithMetafiles($seed->module_dir, 'listviewdefs'); $filterFields = array(); foreach ($listViewDefs[$seed->module_dir] as $colName => $param) { if (!empty($param['default']) && $param['default'] == true) { $filterFields[] = strtolower($colName); } // if } // foreach if (!in_array('id', $filterFields)) { $filterFields[] = 'id'; } // if $ret_array = $seed->create_new_list_query('', $where, $filterFields, array(), 0, '', true, $seed, true); if (empty($params) or !is_array($params)) { $params = array(); } if (!isset($params['custom_select'])) { $params['custom_select'] = ''; } if (!isset($params['custom_from'])) { $params['custom_from'] = ''; } if (!isset($params['custom_where'])) { $params['custom_where'] = ''; } if (!isset($params['custom_order_by'])) { $params['custom_order_by'] = ''; } $main_query = $ret_array['select'] . $params['custom_select'] . $ret_array['from'] . $params['custom_from'] . $ret_array['where'] . $params['custom_where'] . $ret_array['order_by'] . $params['custom_order_by']; } else { if ($beanName == "User") { // $search_string gets cleaned above, so we can use it here $filterFields = array('id', 'user_name', 'first_name', 'last_name', 'email_address'); $main_query = "select users.id, ea.email_address, users.user_name, first_name, last_name from users "; $main_query = $main_query . " LEFT JOIN email_addr_bean_rel eabl ON eabl.bean_module = '{$seed->module_dir}'\nLEFT JOIN email_addresses ea ON (ea.id = eabl.email_address_id) "; $main_query = $main_query . "where ((users.first_name like '{$search_string}') or (users.last_name like '{$search_string}') or (users.user_name like '{$search_string}') or (ea.email_address like '{$search_string}')) and users.deleted = 0 and users.is_group = 0 and users.employee_status = 'Active'"; } // if if ($beanName == "ProjectTask") { // $search_string gets cleaned above, so we can use it here $filterFields = array('id', 'name', 'project_id', 'project_name'); $main_query = "select {$seed->table_name}.project_task_id id,{$seed->table_name}.project_id, {$seed->table_name}.name, project.name project_name from {$seed->table_name} "; $seed->add_team_security_where_clause($main_query); $main_query .= "LEFT JOIN teams ON {$seed->table_name}.team_id=teams.id AND (teams.deleted=0) "; $main_query .= "LEFT JOIN project ON {$seed->table_name}.project_id = project.id "; $main_query .= "where {$seed->table_name}.name like '{$search_string}%'"; } // if } // else $GLOBALS['log']->info('SugarWebServiceImpl->search_by_module - query = ' . $main_query); if ($max_results < -1) { $result = $seed->db->query($main_query); } else { if ($max_results == -1) { $limit = $sugar_config['list_max_entries_per_page']; } else { $limit = $max_results; } $result = $seed->db->limitQuery($main_query, $offset, $limit + 1); } $rowArray = array(); while ($row = $seed->db->fetchByAssoc($result)) { $nameValueArray = array(); foreach ($filterFields as $field) { $nameValue = array(); if (isset($row[$field])) { $nameValueArray[$field] = self::$helperObject->get_name_value($field, $row[$field]); } // if } // foreach $rowArray[] = $nameValueArray; } // while $output_list[] = array('name' => $name, 'records' => $rowArray); } // foreach $GLOBALS['log']->info('End: SugarWebServiceImpl->search_by_module'); return array('entry_list' => $output_list); } // if return array('entry_list' => $output_list); }