function vtSaveWorkflowTemplate($adb, $request) { $util = new VTWorkflowUtils(); $module = new VTWorkflowApplication("savetemplate"); $mod = return_module_language($current_language, $module->name); if (!$util->checkAdminAccess()) { $errorUrl = $module->errorPageUrl($mod['LBL_ERROR_NOT_ADMIN']); $util->redirectTo($errorUrl, $mod['LBL_ERROR_NOT_ADMIN']); return; } $title = vtlib_purifyForSql($request['title']); $workflowId = $request['workflow_id']; $wfs = new VTworkflowManager($adb); $workflow = $wfs->retrieve($workflowId); $tm = new VTWorkflowTemplateManager($adb); $tpl = $tm->newTemplate($title, $workflow); $tm->saveTemplate($tpl); $returnUrl = vtlib_purify($request['return_url']); ?> <script type="text/javascript" charset="utf-8"> window.location="<?php echo $returnUrl; ?> "; </script> <a href="<?php echo $returnUrl; ?> ">Return</a> <?php }
function vtSaveTask($adb, $request) { $util = new VTWorkflowUtils(); $module = new VTWorkflowApplication("savetask"); $mod = return_module_language($current_language, $module->name); if (!$util->checkAdminAccess()) { $errorUrl = $module->errorPageUrl($mod['LBL_ERROR_NOT_ADMIN']); $util->redirectTo($errorUrl, $mod['LBL_ERROR_NOT_ADMIN']); return; } $tm = new VTTaskManager($adb); if (isset($request["task_id"])) { $task = $tm->retrieveTask($request["task_id"]); } else { $taskType = vtlib_purifyForSql($request["task_type"]); $workflowId = $request["workflow_id"]; $task = $tm->createTask($taskType, $workflowId); } $task->summary = $request["summary"]; if ($request["active"] == "true") { $task->active = true; } else { if ($request["active"] == "false") { $task->active = false; } } if (isset($request['check_select_date'])) { $trigger = array('days' => ($request['select_date_direction'] == 'after' ? 1 : -1) * (int) $request['select_date_days'], 'field' => $request['select_date_field']); $task->trigger = $trigger; } else { $task->trigger = null; } $fieldNames = $task->getFieldNames(); foreach ($fieldNames as $fieldName) { $task->{$fieldName} = $request[$fieldName]; if ($fieldName == 'calendar_repeat_limit_date') { $task->{$fieldName} = DateTimeField::convertToDBFormat($request[$fieldName]); } } $tm->saveTask($task); if (isset(vtlib_purify($request["return_url"]))) { $returnUrl = vtlib_purify($request["return_url"]); } else { $returnUrl = $module->editTaskUrl($task->id); } ?> <script type="text/javascript" charset="utf-8"> window.location="<?php echo $returnUrl; ?> "; </script> <a href="<?php echo $returnUrl; ?> ">Return</a> <?php }
/** function used to get the picklist values * @param array $input_array - array which contains the following values => int $id - customer ie., contact id int $sessionid - session id string $picklist_name - picklist name you want to retrieve from database * return array $picklist_array - all values of the corresponding picklist will be returned as a array */ function get_picklists($input_array) { $adb = PearDatabase::getInstance(); $log = vglobal('log'); $log->debug("Entering customer portal function get_picklists"); $adb->println("INPUT ARRAY for the function get_picklists"); $adb->println($input_array); //To avoid SQL injection we are type casting as well as bound the id variable $id = (int) vtlib_purify($input_array['id']); $sessionid = $input_array['sessionid']; //To avoid SQL injection. $picklist_name = vtlib_purifyForSql($input_array['picklist_name']); if (empty($picklist_name)) { return null; } if (!validateSession($id, $sessionid)) { return null; } $picklist_array = array(); $admin_role = 'H2'; $userid = getPortalUserid(); $roleres = $adb->pquery("SELECT roleid from vtiger_user2role where userid = ?", array($userid)); $RowCount = $adb->num_rows($roleres); if ($RowCount > 0) { $admin_role = $adb->query_result($roleres, 0, 'roleid'); } $res = $adb->pquery("select vtiger_" . $picklist_name . ".* from vtiger_" . $picklist_name . " inner join vtiger_role2picklist on vtiger_role2picklist.picklistvalueid = vtiger_" . $picklist_name . ".picklist_valueid and vtiger_role2picklist.roleid='{$admin_role}'", array()); for ($i = 0; $i < $adb->num_rows($res); $i++) { $picklist_val = $adb->query_result($res, $i, $picklist_name); $picklist_array[$i] = $picklist_val; } $adb->println($picklist_array); $log->debug("Exiting customer portal function get_picklists({$picklist_name})"); return $picklist_array; }
function vtTaskEdit($adb, $request, $current_language, $app_strings) { global $theme; $util = new VTWorkflowUtils(); $request = vtlib_purify($request); // this cleans all values of the array $image_path = "themes/{$theme}/images/"; $module = new VTWorkflowApplication('edittask'); $mod = return_module_language($current_language, $module->name); if (!$util->checkAdminAccess()) { $errorUrl = $module->errorPageUrl($mod['LBL_ERROR_NOT_ADMIN']); $util->redirectTo($errorUrl, $mod['LBL_ERROR_NOT_ADMIN']); return; } $smarty = new vtigerCRM_Smarty(); $tm = new VTTaskManager($adb); $smarty->assign('edit', isset($request["task_id"])); if (isset($request["task_id"])) { $task = $tm->retrieveTask($request["task_id"]); $taskClass = get_class($task); $workflowId = $task->workflowId; } else { $workflowId = $request["workflow_id"]; $taskClass = vtlib_purifyForSql($request["task_type"]); $task = $tm->createTask($taskClass, $workflowId); } if ($task == null) { $errorUrl = $module->errorPageUrl($mod['LBL_ERROR_NO_TASK']); $util->redirectTo($errorUrl, $mod['LBL_ERROR_NO_TASK']); return; } $wm = new VTWorkflowManager($adb); $workflow = $wm->retrieve($workflowId); if ($workflow == null) { $errorUrl = $module->errorPageUrl($mod['LBL_ERROR_NO_WORKFLOW']); $util->redirectTo($errorUrl, $mod['LBL_ERROR_NO_WORKFLOW']); return; } $smarty->assign("workflow", $workflow); $smarty->assign("returnUrl", $request["return_url"]); $smarty->assign("task", $task); $smarty->assign("taskType", $taskClass); $smarty->assign("saveType", $request['save_type']); $taskTypeInstance = VTTaskType::getInstanceFromTaskType($taskClass); $taskTemplateClass = $tm->retrieveTemplatePath($module->name, $taskTypeInstance); $smarty->assign("taskTemplate", $taskTemplateClass); $et = VTWSEntityType::usingGlobalCurrentUser($workflow->moduleName); $smarty->assign("entityType", $et); $smarty->assign('entityName', $workflow->moduleName); $smarty->assign("fieldNames", $et->getFieldNames()); $repeat_date = $task->calendar_repeat_limit_date; if (!empty($repeat_date)) { $repeat_date = DateTimeField::convertToUserFormat($repeat_date); } $smarty->assign('REPEAT_DATE', $repeat_date); $dateFields = array(); $fieldTypes = $et->getFieldTypes(); $fieldLabels = $et->getFieldLabels(); foreach ($fieldTypes as $name => $type) { if ($type->type == 'Date' || $type->type == 'DateTime') { $dateFields[$name] = $fieldLabels[$name]; } } $smarty->assign('dateFields', $dateFields); if ($task->trigger != null) { $trigger = $task->trigger; $days = $trigger['days']; if ($days < 0) { $days *= -1; $direction = 'before'; } else { $direction = 'after'; } $smarty->assign('trigger', array('days' => $days, 'direction' => $direction, 'field' => $trigger['field'])); } $metaVariables = $task->getMetaVariables(); $date = new DateTimeField(null); $time = substr($date->getDisplayTime(), 0, 5); $smarty->assign("META_VARIABLES", $metaVariables); $smarty->assign("SYSTEM_TIMEZONE", $db_timezone); $smarty->assign("USER_TIME", $task->formatTimeForTimePicker($time)); $smarty->assign("USER_DATE", $date->getDisplayDate()); $smarty->assign("MOD", array_merge(return_module_language($current_language, 'Settings'), return_module_language($current_language, 'Calendar'), return_module_language($current_language, $module->name))); $smarty->assign("APP", $app_strings); $smarty->assign("dateFormat", parse_calendardate($app_strings['NTC_DATE_FORMAT'])); $smarty->assign("IMAGE_PATH", $image_path); $smarty->assign("THEME", $theme); $smarty->assign("MODULE_NAME", $module->label); $smarty->assign("PAGE_NAME", $mod['LBL_EDIT_TASK']); $smarty->assign("PAGE_TITLE", $mod['LBL_EDIT_TASK_TITLE']); $users = $group = array(); $users['user'] = get_user_array(); $users['group'] = get_group_array(); $smarty->assign('ASSIGNED_TO', $users); $smarty->assign("module", $module); $smarty->display("{$module->name}/EditTask.tpl"); }
/** * Function to validate the input with given pattern. * @param <String> $string * @param <Boolean> $skipEmpty Skip the check if string is empty. * @return <String> * @throws AppException */ public static function validateStringForSql($string, $skipEmpty=true) { if (vtlib_purifyForSql($string, $skipEmpty)) { return $string; } return false; }
/** * Function returns the id of the User selected by current user in the picklist of the ListView or Calendar view of Current User * return String - Id of the user that the current user has selected */ function calendarview_getSelectedUserId() { global $current_user, $default_charset; $only_for_user = htmlspecialchars(strip_tags(vtlib_purifyForSql($_REQUEST['onlyforuser'])), ENT_QUOTES, $default_charset); if ($only_for_user == '') { $only_for_user = $current_user->id; } return $only_for_user; }
function AddEmailAttachment($emailid, $filedata, $filename, $filesize, $filetype, $username, $session) { if (!validateSession($username, $session)) { return null; } if (empty($emailid)) { return null; } global $adb; require_once 'modules/Users/Users.php'; require_once 'include/utils/utils.php'; $filename = vtlib_purifyForSql(sanitizeUploadFileName(str_replace('..', '_', $filename), $upload_badext)); // Avoid relative file path attacks. $date_var = date('Y-m-d H:i:s'); $seed_user = new Users(); $user_id = $seed_user->retrieve_user_id($username); $crmid = $adb->getUniqueID("vtiger_crmentity"); $upload_file_path = decideFilePath(); $handle = fopen($upload_file_path . $crmid . "_" . $filename, "wb"); fwrite($handle, base64_decode($filedata), $filesize); fclose($handle); $sql1 = "insert into vtiger_crmentity (crmid,smcreatorid,smownerid,setype,description,createdtime,modifiedtime) values (?,?,?,?,?,?,?)"; $params1 = array($crmid, $user_id, $user_id, 'Emails Attachment', ' ', $adb->formatDate($date_var, true), $adb->formatDate($date_var, true)); $entityresult = $adb->pquery($sql1, $params1); $filetype = "application/octet-stream"; if ($entityresult != false) { $sql2 = "insert into vtiger_attachments(attachmentsid, name, description, type, path) values (?,?,?,?,?)"; $params2 = array($crmid, $filename, ' ', $filetype, $upload_file_path); $result = $adb->pquery($sql2, $params2); $sql3 = 'insert into vtiger_seattachmentsrel values(?,?)'; $adb->pquery($sql3, array($emailid, $crmid)); return $crmid; } else { //$server->setError("Invalid username and/or password"); return ""; } }