sugar_die("Unauthorized access to administration."); } if (isset($_POST['record']) && !is_admin($current_user) && !$GLOBALS['current_user']->isAdminForModule('Users') && $_POST['record'] != $current_user->id) { sugar_die("Unauthorized access to administration."); } elseif (!isset($_POST['record']) && !is_admin($current_user) && !$GLOBALS['current_user']->isAdminForModule('Users')) { sugar_die("Unauthorized access to user administration."); } $focus = new User(); $focus->retrieve($_POST['record']); //update any ETag seeds that are tied to the user object changing $focus->incrementETag("mainMenuETag"); // Flag to determine whether to save a new password or not. // Bug 43241 - Changed $focus->id to $focus->user_name to make sure that a system generated password is made when converting employee to user if (empty($focus->user_name)) { $newUser = true; clear_register_value('user_array', $focus->object_name); } else { $newUser = false; } if (!$current_user->is_admin && !$GLOBALS['current_user']->isAdminForModule('Users')) { if ($current_user->id != $focus->id || !empty($_POST['is_admin']) || !empty($_POST['UserType']) && $_POST['UserType'] == 'Administrator') { $GLOBALS['log']->fatal("SECURITY:Non-Admin " . $current_user->id . " attempted to change settings for user:"******"Location: index.php?module=Users&action=Logout"); exit; } } // Populate the custom fields $sfh = new SugarFieldHandler(); foreach ($focus->field_defs as $fieldName => $field) { if (isset($field['source']) && $field['source'] == 'custom_fields') { $type = !empty($field['custom_type']) ? $field['custom_type'] : $field['type'];
public function handleAttachments($focus, $redirect, $return_id) { /////////////////////////////////////////////////////////////////////////////// //// ATTACHMENT HANDLING /////////////////////////////////////////////////////////////////////////// //// ADDING NEW ATTACHMENTS global $mod_strings; $max_files_upload = count($_FILES); if (!empty($focus->id)) { $note = new Note(); $where = "notes.parent_id='{$focus->id}'"; if (!empty($_REQUEST['old_id'])) { // to support duplication of email templates $where .= " OR notes.parent_id='" . htmlspecialchars($_REQUEST['old_id'], ENT_QUOTES) . "'"; } $notes_list = $note->get_full_list("", $where, true); } if (!isset($notes_list)) { $notes_list = array(); } if (!is_array($focus->attachments)) { // PHP5 does not auto-create arrays(). Need to initialize it here. $focus->attachments = array(); } $focus->attachments = array_merge($focus->attachments, $notes_list); //for($i = 0; $i < $max_files_upload; $i++) { foreach ($_FILES as $key => $file) { $note = new Note(); //Images are presaved above so we need to prevent duplicate files from being created. if (isset($preProcessedImages[$file['name']])) { $oldId = $preProcessedImages[$file['name']]; $note->id = $oldId; $note->new_with_id = TRUE; $GLOBALS['log']->debug("Image {$file['name']} has already been processed."); } $i = preg_replace("/email_attachment(.+)/", '$1', $key); $upload_file = new UploadFile($key); if (isset($_FILES[$key]) && $upload_file->confirm_upload() && preg_match("/^email_attachment/", $key)) { $note->filename = $upload_file->get_stored_file_name(); $note->file = $upload_file; $note->name = $mod_strings['LBL_EMAIL_ATTACHMENT'] . ': ' . $note->file->original_file_name; if (isset($_REQUEST['embedded' . $i]) && !empty($_REQUEST['embedded' . $i])) { if ($_REQUEST['embedded' . $i] == 'true') { $note->embed_flag = true; } else { $note->embed_flag = false; } } array_push($focus->attachments, $note); } } $focus->saved_attachments = array(); foreach ($focus->attachments as $note) { if (!empty($note->id) && $note->new_with_id === FALSE) { if (empty($_REQUEST['old_id'])) { array_push($focus->saved_attachments, $note); } else { // we're duplicating a template with attachments // dupe the file, create a new note, assign the note to the new template $newNote = new Note(); $newNote->retrieve($note->id); $newNote->id = create_guid(); $newNote->parent_id = $focus->id; $newNote->new_with_id = true; $newNote->date_modified = ''; $newNote->date_entered = ''; /* BEGIN - SECURITY GROUPS */ //Need to do this so that attachments show under an EmailTemplate correctly for a normal user global $current_user; $newNote->assigned_user_id = $current_user->id; /* END - SECURITY GROUPS */ $newNoteId = $newNote->save(); UploadFile::duplicate_file($note->id, $newNoteId, $note->filename); } continue; } $note->parent_id = $focus->id; $note->parent_type = 'Emails'; $note->file_mime_type = $note->file->mime_type; /* BEGIN - SECURITY GROUPS */ //Need to do this so that attachments show under an EmailTemplate correctly for a normal user global $current_user; $note->assigned_user_id = $current_user->id; /* END - SECURITY GROUPS */ $note_id = $note->save(); array_push($focus->saved_attachments, $note); $note->id = $note_id; if ($note->new_with_id === FALSE) { $note->file->final_move($note->id); } else { $GLOBALS['log']->debug("Not performing final move for note id {$note->id} as it has already been processed"); } } //// END NEW ATTACHMENTS /////////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////////// //// ATTACHMENTS FROM DOCUMENTS $count = ''; //_pp($_REQUEST); //_ppd(count($_REQUEST['document'])); if (!empty($_REQUEST['document'])) { $count = count($_REQUEST['document']); } else { $count = 10; } for ($i = 0; $i < $count; $i++) { if (isset($_REQUEST['documentId' . $i]) && !empty($_REQUEST['documentId' . $i])) { $doc = new Document(); $docRev = new DocumentRevision(); $docNote = new Note(); $doc->retrieve($_REQUEST['documentId' . $i]); $docRev->retrieve($doc->document_revision_id); array_push($focus->saved_attachments, $docRev); $docNote->name = $doc->document_name; $docNote->filename = $docRev->filename; $docNote->description = $doc->description; $docNote->parent_id = $focus->id; $docNote->parent_type = 'Emails'; $docNote->file_mime_type = $docRev->file_mime_type; $docId = $docNote = $docNote->save(); UploadFile::duplicate_file($docRev->id, $docId, $docRev->filename); } } //// END ATTACHMENTS FROM DOCUMENTS /////////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////////// //// REMOVE ATTACHMENTS if (isset($_REQUEST['remove_attachment']) && !empty($_REQUEST['remove_attachment'])) { foreach ($_REQUEST['remove_attachment'] as $noteId) { $q = 'UPDATE notes SET deleted = 1 WHERE id = \'' . $noteId . '\''; $focus->db->query($q); } } //// END REMOVE ATTACHMENTS /////////////////////////////////////////////////////////////////////////// //// END ATTACHMENT HANDLING /////////////////////////////////////////////////////////////////////////////// clear_register_value('select_array', $focus->object_name); if ($redirect) { $GLOBALS['log']->debug("Saved record with id of " . $return_id); handleRedirect($return_id, "EmailTemplates"); } else { return $focus; } }
function handleSave($prefix, $redirect = true, $useRequired = false) { require_once 'include/formbase.php'; require_once 'include/upload_file.php'; global $upload_maxsize; global $mod_strings; global $sugar_config; $focus = new EmailTemplate(); if ($useRequired && !checkRequired($prefix, array_keys($focus->required_fields))) { return null; } $focus = populateFromPost($prefix, $focus); //process the text only flag if (isset($_POST['text_only']) && $_POST['text_only'] == '1') { $focus->text_only = 1; } else { $focus->text_only = 0; } if (!$focus->ACLAccess('Save')) { ACLController::displayNoAccess(true); sugar_cleanup(true); } if (!isset($_REQUEST['published'])) { $focus->published = 'off'; } $preProcessedImages = array(); $emailTemplateBodyHtml = from_html($focus->body_html); if (strpos($emailTemplateBodyHtml, '"cache/images/')) { $matches = array(); preg_match_all('#<img[^>]*[\\s]+src[^=]*=[\\s]*["\']cache/images/(.+?)["\']#si', $emailTemplateBodyHtml, $matches); foreach ($matches[1] as $match) { $filename = urldecode($match); $file_location = sugar_cached("images/{$filename}"); $mime_type = pathinfo($filename, PATHINFO_EXTENSION); if (file_exists($file_location)) { $id = create_guid(); $newFileLocation = "upload://{$id}"; if (!copy($file_location, $newFileLocation)) { $GLOBALS['log']->debug("EMAIL Template could not copy attachment to {$newFileLocation}"); } else { $secureLink = "index.php?entryPoint=download&type=Notes&id={$id}"; $emailTemplateBodyHtml = str_replace("cache/images/{$match}", $secureLink, $emailTemplateBodyHtml); unlink($file_location); $preProcessedImages[$filename] = $id; } } // if } // foreach } // if if (isset($GLOBALS['check_notify'])) { $check_notify = $GLOBALS['check_notify']; } else { $check_notify = FALSE; } $focus->body_html = $emailTemplateBodyHtml; $return_id = $focus->save($check_notify); /////////////////////////////////////////////////////////////////////////////// //// ATTACHMENT HANDLING /////////////////////////////////////////////////////////////////////////// //// ADDING NEW ATTACHMENTS $max_files_upload = count($_FILES); if (!empty($focus->id)) { $note = new Note(); $where = "notes.parent_id='{$focus->id}'"; if (!empty($_REQUEST['old_id'])) { // to support duplication of email templates $where .= " OR notes.parent_id='" . $_REQUEST['old_id'] . "'"; } $notes_list = $note->get_full_list("", $where, true); } if (!isset($notes_list)) { $notes_list = array(); } if (!is_array($focus->attachments)) { // PHP5 does not auto-create arrays(). Need to initialize it here. $focus->attachments = array(); } $focus->attachments = array_merge($focus->attachments, $notes_list); //for($i = 0; $i < $max_files_upload; $i++) { foreach ($_FILES as $key => $file) { $note = new Note(); //Images are presaved above so we need to prevent duplicate files from being created. if (isset($preProcessedImages[$file['name']])) { $oldId = $preProcessedImages[$file['name']]; $note->id = $oldId; $note->new_with_id = TRUE; $GLOBALS['log']->debug("Image {$file['name']} has already been processed."); } $i = preg_replace("/email_attachment(.+)/", '$1', $key); $upload_file = new UploadFile($key); if (isset($_FILES[$key]) && $upload_file->confirm_upload() && preg_match("/^email_attachment/", $key)) { $note->filename = $upload_file->get_stored_file_name(); $note->file = $upload_file; $note->name = $mod_strings['LBL_EMAIL_ATTACHMENT'] . ': ' . $note->file->original_file_name; if (isset($_REQUEST['embedded' . $i]) && !empty($_REQUEST['embedded' . $i])) { if ($_REQUEST['embedded' . $i] == 'true') { $note->embed_flag = true; } else { $note->embed_flag = false; } } array_push($focus->attachments, $note); } } $focus->saved_attachments = array(); foreach ($focus->attachments as $note) { if (!empty($note->id) && $note->new_with_id === FALSE) { if (empty($_REQUEST['old_id'])) { array_push($focus->saved_attachments, $note); } else { // we're duplicating a template with attachments // dupe the file, create a new note, assign the note to the new template $newNote = new Note(); $newNote->retrieve($note->id); $newNote->id = create_guid(); $newNote->parent_id = $focus->id; $newNote->new_with_id = true; $newNote->date_modified = ''; $newNote->date_entered = ''; $newNoteId = $newNote->save(); UploadFile::duplicate_file($note->id, $newNoteId, $note->filename); } continue; } $note->parent_id = $focus->id; $note->parent_type = 'Emails'; $note->file_mime_type = $note->file->mime_type; $note_id = $note->save(); array_push($focus->saved_attachments, $note); $note->id = $note_id; if ($note->new_with_id === FALSE) { $note->file->final_move($note->id); } else { $GLOBALS['log']->debug("Not performing final move for note id {$note->id} as it has already been processed"); } } //// END NEW ATTACHMENTS /////////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////////// //// ATTACHMENTS FROM DOCUMENTS $count = ''; //_pp($_REQUEST); //_ppd(count($_REQUEST['document'])); if (!empty($_REQUEST['document'])) { $count = count($_REQUEST['document']); } else { $count = 10; } for ($i = 0; $i < $count; $i++) { if (isset($_REQUEST['documentId' . $i]) && !empty($_REQUEST['documentId' . $i])) { $doc = new Document(); $docRev = new DocumentRevision(); $docNote = new Note(); $doc->retrieve($_REQUEST['documentId' . $i]); $docRev->retrieve($doc->document_revision_id); array_push($focus->saved_attachments, $docRev); $docNote->name = $doc->document_name; $docNote->filename = $docRev->filename; $docNote->description = $doc->description; $docNote->parent_id = $focus->id; $docNote->parent_type = 'Emails'; $docNote->file_mime_type = $docRev->file_mime_type; $docId = $docNote = $docNote->save(); UploadFile::duplicate_file($docRev->id, $docId, $docRev->filename); } } //// END ATTACHMENTS FROM DOCUMENTS /////////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////////// //// REMOVE ATTACHMENTS if (isset($_REQUEST['remove_attachment']) && !empty($_REQUEST['remove_attachment'])) { foreach ($_REQUEST['remove_attachment'] as $noteId) { $q = 'UPDATE notes SET deleted = 1 WHERE id = \'' . $noteId . '\''; $focus->db->query($q); } } //// END REMOVE ATTACHMENTS /////////////////////////////////////////////////////////////////////////// //// END ATTACHMENT HANDLING /////////////////////////////////////////////////////////////////////////////// clear_register_value('select_array', $focus->object_name); if ($redirect) { $GLOBALS['log']->debug("Saved record with id of " . $return_id); handleRedirect($return_id, "EmailTemplates"); } else { return $focus; } }
parse_str($remove_tabs_def, $REMOVE_ARR); if (isset($_POST['id'])) { sugar_die("Unauthorized access to administration."); } if (isset($_POST['record']) && !is_admin($current_user) && !$GLOBALS['current_user']->isAdminForModule('Users') && $_POST['record'] != $current_user->id) { sugar_die("Unauthorized access to administration."); } elseif (!isset($_POST['record']) && !is_admin($current_user) && !$GLOBALS['current_user']->isAdminForModule('Users')) { sugar_die("Unauthorized access to user administration."); } $focus = new User(); $focus->retrieve($_POST['record']); // Flag to determine whether to save a new password or not. // Bug 43241 - Changed $focus->id to $focus->user_name to make sure that a system generated password is made when converting employee to user if (empty($focus->user_name)) { $newUser = true; clear_register_value('user_array'); } else { $newUser = false; } if (!$current_user->is_admin && !$GLOBALS['current_user']->isAdminForModule('Users') && $current_user->id != $focus->id) { $GLOBALS['log']->fatal("SECURITY:Non-Admin " . $current_user->id . " attempted to change settings for user:"******"Location: index.php?module=Users&action=Logout"); exit; } if (!$current_user->is_admin && !$GLOBALS['current_user']->isAdminForModule('Users') && !empty($_POST['is_admin'])) { $GLOBALS['log']->fatal("SECURITY:Non-Admin " . $current_user->id . " attempted to change is_admin settings for user:"******"Location: index.php?module=Users&action=Logout"); exit; } // Populate the custom fields foreach ($focus->field_defs as $fieldName => $field) {