Beispiel #1
0
 public function add_actions($row, $r, $rb)
 {
     if ($row['crypted'] && !isset($_SESSION['client']['cp' . $row['id']]) || count($this->group) != 1) {
         return;
     }
     $text = $row['note'];
     if ($row['crypted']) {
         $text = Utils_AttachmentCommon::decrypt($text, $_SESSION['client']['cp' . $row['id']]);
     }
     $r->add_action($this->create_callback_href(array($this, 'copy'), array($row['id'], $text, $this->group)), __('Copy link'), null, Base_ThemeCommon::get_template_file($this->get_type(), 'copy_small.png'), 3);
     $r->add_action($this->create_confirm_callback_href(__('Are you sure you want to cut this note?'), array($this, 'cut'), array($row['id'], $text, $this->group)), __('Cut'), null, Base_ThemeCommon::get_template_file($this->get_type(), 'cut_small.png'), 4);
 }
Beispiel #2
0
    public static function submit_attachment($values, $mode) {
        static $new_values, $old_password;
        switch ($mode) {
            case 'browse':
                if (isset($values['id']) && isset($values['crypted']) && $values['crypted'] == false) {
                    // store to mark as read. Do not mark it here, because
                    // we won't get red eye in the table view
                    self::$mark_as_read[] = $values['id'];
                }
                return $values;
            case 'index':
                if($values['crypted']) unset($values['note']);
                return $values;
            case 'adding':
                $values['edited_on'] = time();
                return $values;
            case 'add':
            case 'edit':
                if(isset($values['__date'])) $values['edited_on'] = $values['__date'];
                else $values['edited_on'] = time();

                $crypted = 0;
                $old_pass = ($mode=='edit' && isset($_SESSION['client']['cp'.$values['id']]))?$_SESSION['client']['cp'.$values['id']]:($mode=='add' && isset($values['clone_id']) && isset($_SESSION['client']['cp'.$values['clone_id']])?$_SESSION['client']['cp'.$values['clone_id']]:'');
                if((is_array($values['crypted']) && isset($values['crypted']['crypted']) && $values['crypted']['crypted']) || (!is_array($values['crypted']) && $values['crypted'])) {
                    if(is_array($values['crypted']) && isset($values['crypted']['note_password'])) {
                        if($values['crypted']['note_password']=='*@#old@#*')
                            $values['crypted']['note_password'] = $old_pass;
                    }
                    $crypted = 1;
                }

                if(is_array($values['crypted']) && isset($values['crypted']['note_password']) && $mode=='edit' && $old_pass!=$values['crypted']['note_password']) {
                    //reencrypt old revisions
                    $old_notes = DB::GetAssoc('SELECT hd.edit_id,hd.old_value FROM utils_attachment_edit_history h INNER JOIN utils_attachment_edit_history_data hd ON h.id=hd.edit_id WHERE h.utils_attachment_id=%d AND hd.field="note"', array($values['id']));
                    foreach($old_notes as $old_id=>$old_note) {
                        if($old_pass!=='') $old_note = Utils_AttachmentCommon::decrypt($old_note,$old_pass);
                        if($old_note===false) continue;
                        if($crypted && $values['crypted']['note_password']) $old_note = Utils_AttachmentCommon::encrypt($old_note,$values['crypted']['note_password']);
                        if($old_note===false) continue;
                        DB::Execute('UPDATE utils_attachment_edit_history_data SET old_value=%s WHERE edit_id=%d AND field="note"',array($old_note,$old_id));
                    }
                    //file reencryption
                    $old_files = DB::GetCol('SELECT uaf.id as id FROM utils_attachment_file uaf WHERE uaf.attach_id=%d',array($values['id']));
                    foreach($old_files as $old_id) {
                        $filename = DATA_DIR.'/Utils_Attachment/'.$values['id'].'/'.$old_id;
                        $content = @file_get_contents($filename);
                        if($content===false) continue;
                        if($old_pass!=='') $content = Utils_AttachmentCommon::decrypt($content,$old_pass);
                        if($content===false) continue;
                        if($crypted && $values['crypted']['note_password']) $content = Utils_AttachmentCommon::encrypt($content,$values['crypted']['note_password']);
                        if($content===false) continue;
                        file_put_contents($filename,$content);
                    }
                }

                if($crypted) {
                    if(is_array($values['crypted']) && isset($values['crypted']['note_password'])) {
                        $values['note'] = Utils_AttachmentCommon::encrypt($values['note'],$values['crypted']['note_password']);
                        $values['note_password']=$values['crypted']['note_password'];
                    }
                    $values['crypted'] = 1;
                } else {
                    $values['crypted'] = 0;
                }
                $new_values = $values;

                break;
            case 'cloning':
                $values['clone_id']=$values['id'];
                break;
            case 'added':
                if(isset($values['local']))
                    DB::Execute('INSERT INTO utils_attachment_local(attachment,local,func,args) VALUES(%d,%s,%s,%s)',array($values['id'],$values['local'],$values['func'],$values['args']));
                $new_values = $values;
                break;
            case 'edit_changes':
                if(isset($values['note']) && isset($values['crypted']) && $new_values['crypted']!=$values['crypted']) {
                    if($new_values['crypted'] && isset($new_values['note_password'])) {
                        $values['note'] = Utils_AttachmentCommon::encrypt($values['note'],$new_values['note_password']);
                    } elseif(!$new_values['crypted'] && isset($_SESSION['client']['cp'.$new_values['id']])) {
                        $values['note'] = Utils_AttachmentCommon::decrypt($values['note'],$_SESSION['client']['cp'.$new_values['id']]);
                        unset($_SESSION['client']['cp'.$new_values['id']]);
                    }
                } elseif(isset($new_values['note_password']) && isset($old_password) && $new_values['note_password']!=$old_password) {
                    $values['note'] = Utils_AttachmentCommon::decrypt($values['note'],$old_password);
                    $values['note'] = Utils_AttachmentCommon::encrypt($values['note'],$new_values['note_password']);
                }
                break;
            case 'view':
                $ret = self::get_access($values['id']);
                if(!$ret) print(__('Access denied'));
                return $ret;
            case 'display':
                if(DB::GetOne('SELECT 1 FROM utils_attachment_file WHERE attach_id=%d',array($values['id']))) {
                    $ret = array();
                    $ret['new'] = array();
                    $ret['new']['crm_filter'] = '<a '.Utils_TooltipCommon::open_tag_attrs(__('File history')).' '.Module::create_href(array('file_history'=>1)).'>F</a>';
                    if (isset($_REQUEST['file_history']) && (!$values['crypted'] || isset($_SESSION['client']['cp'.$values['id']])))
                        Base_BoxCommon::push_module('Utils_Attachment','file_history',array($values));
                    //    CRM_FiltersCommon::set_profile('c'.$values['id']);
                    return $ret;
                }
                break;
            case 'delete':
                if($values['crypted'] && !isset($_SESSION['client']['cp'.$values['id']])) {
                    Epesi::alert(__('Cannot delete encrypted note'));
                    return false;
                }
                $count_locals = DB::GetOne('SELECT count(DISTINCT local) FROM utils_attachment_local WHERE attachment=%d',array($values['id']));
                if($count_locals>1) {
                    $is_local = false;
                    if(isset($_SESSION['client']['utils_attachment_group']))
                        $is_local = DB::GetOne('SELECT 1 FROM utils_attachment_local WHERE attachment=%d AND local=%s',array($values['id'],$_SESSION['client']['utils_attachment_group']));
                    if($is_local) {
                        DB::Execute('DELETE FROM utils_attachment_local WHERE attachment=%d AND local=%s',array($values['id'],$_SESSION['client']['utils_attachment_group']));
                        self::new_watchdog_event($_SESSION['client']['utils_attachment_group'], '-', $values['id']);
                    } else
                        Epesi::alert(__('This note is attached to multiple records - please go to record and delete note there.'));
                    location(array());
                    return false;
                } 
                location(array());
                return true;
        }
        switch($mode) {
            case 'edit':
            case 'added':
                if(isset($values['note_password'])) {
                    $old_password = isset($_SESSION['client']['cp' . $values['id']])
                        ? $_SESSION['client']['cp' . $values['id']] : '';
                    $_SESSION['client']['cp'.$values['id']] = $values['note_password'];
                }

                $note_id = $values['id'];
                $files_dir = self::Instance()->get_data_dir().$note_id;
                
                if(isset($values['delete_files']))
                    $deleted_files = array_filter(explode(';',$values['delete_files']));
                else
                    $deleted_files = array();
                foreach ($deleted_files as $k=>$v)
                    $deleted_files[$k] = intVal($v);
                if($deleted_files) $deleted_files = array_combine($deleted_files,$deleted_files);
                
                if($mode=='added' && isset($values['clone_id'])) { //on cloning
                    $locals = DB::Execute('SELECT local,func,args FROM utils_attachment_local WHERE attachment=%d',array($values['clone_id']));
                    while($local = $locals->FetchRow())
                        DB::Execute('INSERT INTO utils_attachment_local(attachment,local,func,args) VALUES(%d,%s,%s,%s)',array($note_id,$local['local'],$local['func'],$local['args']));
                    
                    $clone_files = DB::GetAll('SELECT id,original,created_by,created_on FROM utils_attachment_file uaf WHERE uaf.attach_id=%d AND uaf.deleted=0', array($values['clone_id']));
                    foreach($clone_files as $file) {
                        $cf = self::Instance()->get_data_dir().$values['clone_id'].'/'.$file['id'];
                        if(!file_exists($cf)) continue;
                        if(!file_exists($files_dir))
                            mkdir($files_dir,0777,true);

                        DB::Execute('INSERT INTO utils_attachment_file (attach_id,deleted,original,created_by,created_on) VALUES(%d,0,%s,%d,%T)',array($note_id,$file['original'],$file['created_by'],$file['created_on']));
                        $new_file_id = DB::Insert_ID('utils_attachment_file','id');
                        if(isset($deleted_files[$file['id']])) $deleted_files[$file['id']] = $new_file_id;

                        $cf2 = $files_dir.'/'.$new_file_id;
                        copy($cf,$cf2);
                        if(isset($_SESSION['client']['cp'.$values['clone_id']]) && $_SESSION['client']['cp'.$values['clone_id']])
                            file_put_contents($cf2,Utils_AttachmentCommon::decrypt(file_get_contents($cf2),$_SESSION['client']['cp'.$values['clone_id']]));
                        if($values['crypted'])
                            file_put_contents($cf2,Utils_AttachmentCommon::encrypt(file_get_contents($cf2),$values['note_password']));
                    }
                }

                $current_files = DB::GetAssoc('SELECT id, id FROM utils_attachment_file uaf WHERE uaf.attach_id=%d AND uaf.deleted=0', array($note_id));
                $remaining_files = $current_files;
                foreach ($deleted_files as $k=>$v) {
                    if (!isset($remaining_files[$v])) unset($deleted_files[$k]);
                    else unset($remaining_files[$v]);
                }
                foreach ($deleted_files as $v)
                    DB::Execute('UPDATE utils_attachment_file SET deleted=1 WHERE id=%d', array($v));

                if(isset($values['clipboard_files'])) {
                    $clipboard_files = array_filter(explode(';',$values['clipboard_files']));
                    foreach ($clipboard_files as $cf_id) {
                        $cf = DB::GetOne('SELECT filename FROM utils_attachment_clipboard WHERE id=%d', array($cf_id));
                        if($values['crypted'])
                            file_put_contents($cf,Utils_AttachmentCommon::encrypt(file_get_contents($cf),$values['note_password']));
                        Utils_AttachmentCommon::add_file($note_id, Acl::get_user(), __('clipboard').'.png', $cf);
                    }
                }

                $files = isset($_SESSION['client']['utils_attachment'][CID]['files'])?$_SESSION['client']['utils_attachment'][CID]['files']:array();
                $_SESSION['client']['utils_attachment'][CID]['files'] = array();
                foreach ($files as $f) {
                    $file_path = $f['path'];
                    $file_name = $f['name'];
                    if($values['crypted'])
                        file_put_contents($file_path,Utils_AttachmentCommon::encrypt(file_get_contents($file_path),$values['note_password']));
                    Utils_AttachmentCommon::add_file($note_id, Acl::get_user(), $file_name, $file_path);
                }

                $locals = DB::GetCol('SELECT local FROM utils_attachment_local WHERE attachment=%d',array($note_id));
                foreach ($locals as $local) {
                    $param = explode('/', $local);
                    if (count($param) == 2 && preg_match('/^[1-9][0-9]*$/', $param[1])) {
                        $subscribers = Utils_WatchdogCommon::get_subscribers($param[0], $param[1]);
                        foreach ($subscribers as $user_id) {
                            Utils_WatchdogCommon::user_subscribe($user_id, 'utils_attachment', $note_id);
                        }
                    }
                }

                break;
        }
        return $values;
    }
Beispiel #3
0
                file_put_contents($f_filename, $buffer);
            }
        }
    } else {
        $buffer = file_get_contents($f_filename);
    }
} else {
    $f_filename = $meta['file'];
    if (!file_exists($f_filename)) {
        die('File doesn\'t exists');
    }
    @ini_set('memory_limit', ceil(filesize($f_filename) * 2 / 1024 / 1024 + 64) . 'M');
    $buffer = file_get_contents($f_filename);
}
if ($crypted) {
    $buffer = Utils_AttachmentCommon::decrypt($buffer, $password);
    if ($buffer === false) {
        die('Invalid attachment or password');
    }
}
//mime
file_put_contents($f_filename . 'raw', $buffer);
$mime = get_mime_type($f_filename . 'raw', $original);
unlink($f_filename . 'raw');
$expires = 24 * 60 * 60;
header('Pragma: public');
header('Cache-Control: maxage=' . 24 * 60 * 60);
header('Expires: ' . gmdate('D, d M Y H:i:s', time() + 24 * 60 * 60) . ' GMT');
header('Content-Type: ' . $mime);
header('Content-Length: ' . strlen($buffer));
header('Content-disposition: ' . $disposition . '; filename="' . $original . '"');
Beispiel #4
0
<?php

if (!isset($_REQUEST['cid']) || !isset($_REQUEST['id']) || !isset($_REQUEST['pass'])) {
    die('Invalid usage');
}
$cid = $_REQUEST['cid'];
$id = $_REQUEST['id'];
$pass = $_REQUEST['pass'];
define('CID', $cid);
define('READ_ONLY_SESSION', false);
require_once '../../../include.php';
ModuleManager::load_modules();
$row = Utils_RecordBrowserCommon::get_record('utils_attachment', $id);
if (!Utils_RecordBrowserCommon::get_access('utils_attachment', 'view', $row)) {
    die(json_encode(array('error' => __('Access denied'))));
}
$decoded = Utils_AttachmentCommon::decrypt($row['note'], $pass);
if ($decoded !== false) {
    $_SESSION['client']['cp' . $row['id']] = $pass;
    ob_start();
    $note = Utils_AttachmentCommon::display_note($row, false, null, 'utils_attachment', true);
    $note = ob_get_clean() . $note;
    die(json_encode(array('note' => $note, 'js' => Epesi::get_output())));
}
die(json_encode(array('error' => __('Invalid password'))));