function saveForwardAttachments($id, $module, $file_details)
{
global $log;
$log->debug("Entering into saveForwardAttachments({$id},{$module},{$file_details}) method.");
global $adb, $current_user;
global $upload_badext;
require_once 'modules/Webmails/MailBox.php';
$mailbox = $_REQUEST["mailbox"];
$MailBox = new MailBox($mailbox);
$mail = $MailBox->mbox;
$binFile = sanitizeUploadFileName($file_details['name'], $upload_badext);
$filename = ltrim(basename(" " . $binFile));
//allowed filename like UTF-8 characters
$filetype = $file_details['type'];
$filesize = $file_details['size'];
$filepart = $file_details['part'];
$transfer = $file_details['transfer'];
$file = imap_fetchbody($mail, $_REQUEST['mailid'], $filepart);
if ($transfer == 'BASE64') {
$file = imap_base64($file);
} elseif ($transfer == 'QUOTED-PRINTABLE') {
$file = imap_qprint($file);
}
$current_id = $adb->getUniqueID("vtiger_crmentity");
$date_var = date('Y-m-d H:i:s');
//to get the owner id
$ownerid = $this->column_fields['assigned_user_id'];
if (!isset($ownerid) || $ownerid == '') {
$ownerid = $current_user->id;
}
$upload_file_path = decideFilePath();
file_put_contents($upload_file_path . $current_id . "_" . $filename, $file);
$sql1 = "insert into vtiger_crmentity (crmid,smcreatorid,smownerid,setype,description,createdtime,modifiedtime) values(?,?,?,?,?,?,?)";
$params1 = array($current_id, $current_user->id, $ownerid, $module . " Attachment", $this->column_fields['description'], $adb->formatDate($date_var, true), $adb->formatDate($date_var, true));
$adb->pquery($sql1, $params1);
$sql2 = "insert into vtiger_attachments(attachmentsid, name, description, type, path) values(?,?,?,?,?)";
$params2 = array($current_id, $filename, $this->column_fields['description'], $filetype, $upload_file_path);
$result = $adb->pquery($sql2, $params2);
if ($_REQUEST['mode'] == 'edit') {
if ($id != '' && $_REQUEST['fileid'] != '') {
$delquery = 'delete from vtiger_seattachmentsrel where crmid = ? and attachmentsid = ?';
$adb->pquery($delquery, array($id, $_REQUEST['fileid']));
}
}
$sql3 = 'insert into vtiger_seattachmentsrel values(?,?)';
$adb->pquery($sql3, array($id, $current_id));
return true;
$log->debug("exiting from saveforwardattachment function.");
}
/**
* Save the Mail Attachments to DB
* @global PearDataBase Instance $adb
* @global Users Instance $current_user
* @global Array $upload_badext
* @param String $filename - name of the file
* @param Text $filecontent
* @return Array with attachment information
*/
function __SaveAttachmentFile($filename, $filecontent)
{
require_once 'modules/Settings/MailScanner/core/MailAttachmentMIME.php';
global $adb, $current_user, $upload_badext;
$dirname = decideFilePath();
$usetime = $adb->formatDate(date('ymdHis'), true);
$binFile = sanitizeUploadFileName($filename, $upload_badext);
$attachid = $adb->getUniqueId('vtiger_crmentity');
$saveasfile = "{$dirname}/{$attachid}" . "_" . $binFile;
$fh = fopen($saveasfile, 'wb');
fwrite($fh, $filecontent);
fclose($fh);
$mimetype = MailAttachmentMIME::detect($saveasfile);
$adb->pquery("INSERT INTO vtiger_crmentity(crmid, smcreatorid, smownerid,\n\t\t\t\tmodifiedby, setype, description, createdtime, modifiedtime, presence, deleted)\n\t\t\t\tVALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)", array($attachid, $current_user->id, $current_user->id, $current_user->id, "MailManager Attachment", $binFile, $usetime, $usetime, 1, 0));
$adb->pquery("INSERT INTO vtiger_attachments SET attachmentsid=?, name=?, description=?, type=?, path=?", array($attachid, $binFile, $binFile, $mimetype, $dirname));
$attachInfo = array('attachid' => $attachid, 'path' => $dirname, 'name' => $binFile, 'type' => $mimetype, 'size' => filesize($saveasfile));
return $attachInfo;
}
/** Function to upload the file to the server and add the file details in the attachments table
* @param $id -- user id:: Type varchar
* @param $module -- module name:: Type varchar
* @param $file_details -- file details array:: Type array
*/
function uploadAndSaveFile($id, $module, $file_details)
{
$log = vglobal('log');
$log->debug("Entering into uploadAndSaveFile({$id},{$module},{$file_details}) method.");
$current_user = vglobal('current_user');
global $upload_badext;
$date_var = date('Y-m-d H:i:s');
//to get the owner id
$ownerid = $this->column_fields['assigned_user_id'];
if (!isset($ownerid) || $ownerid == '') {
$ownerid = $current_user->id;
}
$saveFile = 'true';
//only images are allowed for these modules
if ($module == 'Users') {
$saveFile = validateImageFile($file_details);
}
if ($saveFile == 'false') {
return;
}
$file = $file_details['name'];
$binFile = sanitizeUploadFileName($file, $upload_badext);
$filename = ltrim(basename(" " . $binFile));
//allowed filename like UTF-8 characters
$filetype = $file_details['type'];
$filesize = $file_details['size'];
$filetmp_name = $file_details['tmp_name'];
$current_id = $this->db->getUniqueID("vtiger_crmentity");
//get the file path inwhich folder we want to upload the file
$upload_file_path = decideFilePath($module);
//upload the file in server
$upload_status = move_uploaded_file($filetmp_name, $upload_file_path . $current_id . "_" . $binFile);
if ($saveFile == 'true') {
$sql1 = "insert into vtiger_crmentity (crmid,smcreatorid,smownerid,setype,description,createdtime,modifiedtime) values(?,?,?,?,?,?,?)";
$params1 = array($current_id, $current_user->id, $ownerid, $module . " Attachment", $this->column_fields['description'], $this->db->formatDate($date_var, true), $this->db->formatDate($date_var, true));
$this->db->pquery($sql1, $params1);
$sql2 = "insert into vtiger_attachments(attachmentsid, name, description, type, path) values(?,?,?,?,?)";
$params2 = array($current_id, $filename, $this->column_fields['description'], $filetype, $upload_file_path);
$result = $this->db->pquery($sql2, $params2);
if ($id != '') {
$delquery = 'delete from vtiger_salesmanattachmentsrel where smid = ?';
$this->db->pquery($delquery, array($id));
}
$sql3 = 'insert into vtiger_salesmanattachmentsrel values(?,?)';
$this->db->pquery($sql3, array($id, $current_id));
//we should update the imagename in the users table
$this->db->pquery("update vtiger_users set imagename=? where id=?", array($filename, $id));
} else {
$log->debug("Skip the save attachment process.");
}
$log->debug("Exiting from uploadAndSaveFile({$id},{$module},{$file_details}) method.");
return;
}
/**
* This function is used to upload the attachment in the server and save that attachment information in db.
* @param int $id - entity id to which the file to be uploaded
* @param string $module - the current module name
* @param array $file_details - array which contains the file information(name, type, size, tmp_name and error)
* return void
*/
function uploadAndSaveFile($id, $module, $file_details)
{
global $log;
$log->debug("Entering into uploadAndSaveFile({$id},{$module},{$file_details}) method.");
global $adb, $current_user;
global $upload_badext;
$date_var = date("Y-m-d H:i:s");
//to get the owner id
$ownerid = $this->column_fields['assigned_user_id'];
if (!isset($ownerid) || $ownerid == '') {
$ownerid = $current_user->id;
}
if (isset($file_details['original_name']) && $file_details['original_name'] != null) {
$file_name = $file_details['original_name'];
} else {
$file_name = $file_details['name'];
}
$save_file = 'true';
//only images are allowed for Image Attachmenttype
$mimeType = mime_content_type($file_details['tmp_name']);
$mimeTypeContents = explode('/', $mimeType);
// For contacts and products we are sending attachmentType as value
if ($attachmentType == 'Image' || $file_details['size'] && $mimeTypeContents[0] == 'image') {
$save_file = validateImageFile($file_details);
}
if ($save_file == 'false') {
return false;
}
$binFile = sanitizeUploadFileName($file_name, $upload_badext);
$current_id = $adb->getUniqueID("vtiger_crmentity");
$filename = ltrim(basename(" " . $binFile));
//allowed filename like UTF-8 characters
$filetype = $file_details['type'];
$filesize = $file_details['size'];
$filetmp_name = $file_details['tmp_name'];
//get the file path inwhich folder we want to upload the file
$upload_file_path = decideFilePath();
//upload the file in server
$upload_status = move_uploaded_file($filetmp_name, $upload_file_path . $current_id . "_" . $binFile);
$save_file = 'true';
//only images are allowed for these modules
//SalesPlatform.ru begin
//if ($module == 'Contacts' || $module == 'Products') {
// $save_file = validateImageFile($file_details);
//}
//SalesPlatform.ru end
if ($save_file == 'true' && $upload_status == 'true') {
//This is only to update the attached filename in the vtiger_notes vtiger_table for the Notes module
if ($module == 'Contacts' || $module == 'Products') {
$sql1 = "insert into vtiger_crmentity (crmid,smcreatorid,smownerid,setype,description,createdtime,modifiedtime) values(?, ?, ?, ?, ?, ?, ?)";
$params1 = array($current_id, $current_user->id, $ownerid, $module . " Image", $this->column_fields['description'], $adb->formatDate($date_var, true), $adb->formatDate($date_var, true));
} else {
$sql1 = "insert into vtiger_crmentity (crmid,smcreatorid,smownerid,setype,description,createdtime,modifiedtime) values(?, ?, ?, ?, ?, ?, ?)";
$params1 = array($current_id, $current_user->id, $ownerid, $module . " Attachment", $this->column_fields['description'], $adb->formatDate($date_var, true), $adb->formatDate($date_var, true));
}
$adb->pquery($sql1, $params1);
$sql2 = "insert into vtiger_attachments(attachmentsid, name, description, type, path) values(?, ?, ?, ?, ?)";
$params2 = array($current_id, $filename, $this->column_fields['description'], $filetype, $upload_file_path);
$result = $adb->pquery($sql2, $params2);
if ($_REQUEST['mode'] == 'edit') {
if ($id != '' && vtlib_purify($_REQUEST['fileid']) != '') {
$delquery = 'delete from vtiger_seattachmentsrel where crmid = ? and attachmentsid = ?';
$delparams = array($id, vtlib_purify($_REQUEST['fileid']));
$adb->pquery($delquery, $delparams);
}
}
if ($module == 'Documents') {
$query = "delete from vtiger_seattachmentsrel where crmid = ?";
$qparams = array($id);
$adb->pquery($query, $qparams);
}
if ($module == 'Contacts') {
$att_sql = "select vtiger_seattachmentsrel.attachmentsid from vtiger_seattachmentsrel inner join vtiger_crmentity on vtiger_crmentity.crmid=vtiger_seattachmentsrel.attachmentsid where vtiger_crmentity.setype='Contacts Image' and vtiger_seattachmentsrel.crmid=?";
$res = $adb->pquery($att_sql, array($id));
$attachmentsid = $adb->query_result($res, 0, 'attachmentsid');
if ($attachmentsid != '') {
$delquery = 'delete from vtiger_seattachmentsrel where crmid=? and attachmentsid=?';
$adb->pquery($delquery, array($id, $attachmentsid));
$crm_delquery = "delete from vtiger_crmentity where crmid=?";
$adb->pquery($crm_delquery, array($attachmentsid));
$sql5 = 'insert into vtiger_seattachmentsrel values(?,?)';
$adb->pquery($sql5, array($id, $current_id));
} else {
$sql3 = 'insert into vtiger_seattachmentsrel values(?,?)';
$adb->pquery($sql3, array($id, $current_id));
}
} else {
$sql3 = 'insert into vtiger_seattachmentsrel values(?,?)';
$adb->pquery($sql3, array($id, $current_id));
}
return true;
} else {
$log->debug("Skip the save attachment process.");
return false;
}
}
/**
* This function is used to upload the attachment in the server and save that attachment information in db.
* @param int $id - entity id to which the file to be uploaded
* @param string $module - the current module name
* @param array $file_details - array which contains the file information(name, type, size, tmp_name and error)
* return void
*/
function uploadAndSaveFile($id, $module, $file_details, $attachmentname = '', $direct_import = false)
{
global $log;
$fparams = print_r($file_details, true);
$log->debug("Entering into uploadAndSaveFile({$id},{$module},{$fparams}) method.");
global $adb, $current_user;
global $upload_badext;
$date_var = date("Y-m-d H:i:s");
//to get the owner id
$ownerid = $this->column_fields['assigned_user_id'];
if (!isset($ownerid) || $ownerid == '') {
$ownerid = $current_user->id;
}
if (isset($file_details['original_name']) && $file_details['original_name'] != null) {
$file_name = $file_details['original_name'];
} else {
$file_name = $file_details['name'];
}
$binFile = sanitizeUploadFileName($file_name, $upload_badext);
$current_id = $adb->getUniqueID("vtiger_crmentity");
$filename = ltrim(basename(" " . $binFile));
//allowed filename like UTF-8 characters
$filetype = $file_details['type'];
$filesize = $file_details['size'];
$filetmp_name = $file_details['tmp_name'];
//get the file path inwhich folder we want to upload the file
$upload_file_path = decideFilePath();
//upload the file in server
if ($direct_import) {
$upload_status = copy($filetmp_name, $upload_file_path . $current_id . "_" . $binFile);
} else {
$upload_status = move_uploaded_file($filetmp_name, $upload_file_path . $current_id . "_" . $binFile);
}
if ($upload_status) {
$description_val = empty($this->column_fields['description']) ? '' : $this->column_fields['description'];
if ($module == 'Contacts' || $module == 'Products') {
$sql1 = "insert into vtiger_crmentity (crmid,smcreatorid,smownerid,setype,description,createdtime,modifiedtime) values(?, ?, ?, ?, ?, ?, ?)";
$params1 = array($current_id, $current_user->id, $ownerid, $module . " Image", $description_val, $adb->formatDate($date_var, true), $adb->formatDate($date_var, true));
} else {
$sql1 = "insert into vtiger_crmentity (crmid,smcreatorid,smownerid,setype,description,createdtime,modifiedtime) values(?, ?, ?, ?, ?, ?, ?)";
$params1 = array($current_id, $current_user->id, $ownerid, $module . " Attachment", $description_val, $adb->formatDate($date_var, true), $adb->formatDate($date_var, true));
}
$adb->pquery($sql1, $params1);
$sql2 = "insert into vtiger_attachments(attachmentsid, name, description, type, path) values(?, ?, ?, ?, ?)";
$params2 = array($current_id, $filename, $description_val, $filetype, $upload_file_path);
$result = $adb->pquery($sql2, $params2);
if ($_REQUEST['mode'] == 'edit') {
if ($id != '' && isset($_REQUEST['fileid']) && $_REQUEST['fileid'] != '') {
$delquery = 'delete from vtiger_seattachmentsrel where crmid = ? and attachmentsid = ?';
$delparams = array($id, vtlib_purify($_REQUEST['fileid']));
$adb->pquery($delquery, $delparams);
}
}
if ($module == 'Documents') {
$query = "delete from vtiger_seattachmentsrel where crmid = ?";
$qparams = array($id);
$adb->pquery($query, $qparams);
}
if ($module == 'Contacts' || property_exists($this, 'HasDirectImageField') && $this->HasDirectImageField) {
if ($module == 'Contacts') {
$imageattachment = 'Image';
} else {
$imageattachment = 'Attachment';
}
$att_sql = "select vtiger_seattachmentsrel.attachmentsid from vtiger_seattachmentsrel\n\t\t\t\t inner join vtiger_crmentity on vtiger_crmentity.crmid=vtiger_seattachmentsrel.attachmentsid\n\t\t\t\t inner join vtiger_attachments on vtiger_crmentity.crmid=vtiger_attachments.attachmentsid\n\t\t\t\t where vtiger_crmentity.setype='{$module} {$imageattachment}'\n\t\t\t\t and vtiger_attachments.name=?\n\t\t\t\t and vtiger_seattachmentsrel.crmid=?";
$res = $adb->pquery($att_sql, array($attachmentname, $id));
$attachmentsid = $adb->query_result($res, 0, 'attachmentsid');
if ($attachmentsid != '') {
$delquery = 'delete from vtiger_seattachmentsrel where crmid=? and attachmentsid=?';
$adb->pquery($delquery, array($id, $attachmentsid));
$crm_delquery = "delete from vtiger_crmentity where crmid=?";
$adb->pquery($crm_delquery, array($attachmentsid));
$sql5 = 'insert into vtiger_seattachmentsrel values(?,?)';
$adb->pquery($sql5, array($id, $current_id));
} else {
$sql3 = 'insert into vtiger_seattachmentsrel values(?,?)';
$adb->pquery($sql3, array($id, $current_id));
}
} else {
$sql3 = 'insert into vtiger_seattachmentsrel values(?,?)';
$adb->pquery($sql3, array($id, $current_id));
}
return true;
} else {
$log->debug("Skip the save attachment process.");
return false;
}
}
function save_module($module)
{
global $log, $adb, $upload_badext;
$insertion_mode = $this->mode;
if (isset($this->parentid) && $this->parentid != '') {
$relid = $this->parentid;
}
//inserting into vtiger_senotesrel
if (isset($relid) && $relid != '') {
$this->insertintonotesrel($relid, $this->id);
}
$filetype_fieldname = $this->getFileTypeFieldName();
$filename_fieldname = $this->getFile_FieldName();
if ($this->column_fields[$filetype_fieldname] == 'I') {
if ($_FILES[$filename_fieldname]['name'] != '') {
$errCode = $_FILES[$filename_fieldname]['error'];
if ($errCode == 0) {
foreach ($_FILES as $fileindex => $files) {
if ($files['name'] != '' && $files['size'] > 0) {
$filename = $_FILES[$filename_fieldname]['name'];
$filename = from_html(preg_replace('/\\s+/', '_', $filename));
$filetype = $_FILES[$filename_fieldname]['type'];
$filesize = $_FILES[$filename_fieldname]['size'];
$filelocationtype = 'I';
$binFile = sanitizeUploadFileName($filename, $upload_badext);
$filename = ltrim(basename(" " . $binFile));
//allowed filename like UTF-8 characters
}
}
}
} elseif ($this->mode == 'edit') {
$fileres = $adb->pquery("select filetype, filesize,filename,filedownloadcount,filelocationtype from vtiger_notes where notesid=?", array($this->id));
if ($adb->num_rows($fileres) > 0) {
$filename = $adb->query_result($fileres, 0, 'filename');
$filetype = $adb->query_result($fileres, 0, 'filetype');
$filesize = $adb->query_result($fileres, 0, 'filesize');
$filedownloadcount = $adb->query_result($fileres, 0, 'filedownloadcount');
$filelocationtype = $adb->query_result($fileres, 0, 'filelocationtype');
}
} elseif ($this->column_fields[$filename_fieldname]) {
$filename = $this->column_fields[$filename_fieldname];
$filesize = $this->column_fields['filesize'];
$filetype = $this->column_fields['filetype'];
$filelocationtype = $this->column_fields[$filetype_fieldname];
$filedownloadcount = 0;
} else {
$filelocationtype = 'I';
$filetype = '';
$filesize = 0;
$filedownloadcount = null;
}
} else {
if ($this->column_fields[$filetype_fieldname] == 'E') {
$filelocationtype = 'E';
$filename = $this->column_fields[$filename_fieldname];
// If filename does not has the protocol prefix, default it to http://
// Protocol prefix could be like (https://, smb://, file://, \\, smb:\\,...)
if (!empty($filename) && !preg_match('/^\\w{1,5}:\\/\\/|^\\w{0,3}:?\\\\\\\\/', trim($filename), $match)) {
$filename = "http://{$filename}";
}
$filetype = '';
$filesize = 0;
$filedownloadcount = null;
}
}
$query = "UPDATE vtiger_notes SET filename = ? ,filesize = ?, filetype = ? , filelocationtype = ? , filedownloadcount = ? WHERE notesid = ?";
$re = $adb->pquery($query, array(decode_html($filename), $filesize, $filetype, $filelocationtype, $filedownloadcount, $this->id));
//Inserting into attachments table
if ($filelocationtype == 'I') {
$this->insertIntoAttachment($this->id, 'Documents');
} else {
$query = "delete from vtiger_seattachmentsrel where crmid = ?";
$qparams = array($this->id);
$adb->pquery($query, $qparams);
}
//set the column_fields so that its available in the event handlers
$this->column_fields['filename'] = $filename;
$this->column_fields['filesize'] = $filesize;
$this->column_fields['filetype'] = $filetype;
$this->column_fields['filedownloadcount'] = $filedownloadcount;
}
* The Original Code is: vtiger CRM Open Source
* The Initial Developer of the Original Code is vtiger.
* Portions created by vtiger are Copyright (C) vtiger.
* All Rights Reserved.
********************************************************************************/
require_once 'include/utils/utils.php';
global $upload_badext;
$uploaddir = $root_directory . "/test/upload/";
// set this to wherever
// Arbitrary File Upload Vulnerability fix - Philip
if (isset($_REQUEST['binFile_hidden'])) {
$file = vtlib_purify($_REQUEST['binFile_hidden']);
} else {
$file = $_FILES['binFile']['name'];
}
$binFile = sanitizeUploadFileName($file, $upload_badext);
$_FILES["binFile"]["name"] = $binFile;
$strDescription = vtlib_purify($_REQUEST['txtDescription']);
// Vulnerability fix ends
if (move_uploaded_file($_FILES["binFile"]["tmp_name"], $uploaddir . $_FILES["binFile"]["name"])) {
$binFile = $_FILES['binFile']['name'];
//$filename = basename($binFile);
$filename = ltrim(basename(" " . $binFile));
//allowed filenames start with UTF-8 characters
$filetype = $_FILES['binFile']['type'];
$filesize = $_FILES['binFile']['size'];
$error_flag = "";
$filetype_array = explode("/", $filetype);
$file_type_value = strtolower($filetype_array[1]);
if ($filesize != 0) {
$merge_ext = array('msword', 'doc', 'document', 'rtf', 'odt', 'vnd.oasis.opendocument.text', 'octet-stream', 'vnd.oasi');
/** function to add attachment for a ticket ie., the passed contents will be write in a file and the details will be stored in database
* @param array $input_array - array which contains the following values
=> int $id - customer ie., contact id
int $sessionid - session id
int $ticketid - ticket id
string $filename - file name to be attached with the ticket
string $filetype - file type
int $filesize - file size
string $filecontents - file contents as base64 encoded format
* return void
*/
function add_ticket_attachment($input_array)
{
$adb = PearDatabase::getInstance();
$log = vglobal('log');
global $root_directory, $upload_badext;
$log->debug("Entering customer portal function add_ticket_attachment");
$adb->println("INPUT ARRAY for the function add_ticket_attachment");
$adb->println($input_array);
$id = $input_array['id'];
$sessionid = $input_array['sessionid'];
$ticketid = $input_array['ticketid'];
$filename = $input_array['filename'];
$filetype = $input_array['filetype'];
$filesize = $input_array['filesize'];
$filecontents = $input_array['filecontents'];
if (!validateSession($id, $sessionid)) {
return null;
}
//decide the file path where we should upload the file in the server
$upload_filepath = decideFilePath();
$attachmentid = $adb->getUniqueID("vtiger_crmentity");
//fix for space in file name
$filename = sanitizeUploadFileName($filename, $upload_badext);
$new_filename = $attachmentid . '_' . $filename;
$data = base64_decode($filecontents);
$description = 'CustomerPortal Attachment';
//write a file with the passed content
$handle = @fopen($upload_filepath . $new_filename, 'w');
fputs($handle, $data);
fclose($handle);
//Now store this file information in db and relate with the ticket
$date_var = $adb->formatDate(date('Y-m-d H:i:s'), true);
$crmquery = "insert into vtiger_crmentity (crmid,setype,description,createdtime) values(?,?,?,?)";
$crmresult = $adb->pquery($crmquery, array($attachmentid, 'HelpDesk Attachment', $description, $date_var));
$attachmentquery = "insert into vtiger_attachments(attachmentsid,name,description,type,path) values(?,?,?,?,?)";
$attachmentreulst = $adb->pquery($attachmentquery, array($attachmentid, $filename, $description, $filetype, $upload_filepath));
$relatedquery = "insert into vtiger_seattachmentsrel values(?,?)";
$relatedresult = $adb->pquery($relatedquery, array($ticketid, $attachmentid));
$user_id = getDefaultAssigneeId();
require_once 'modules/Documents/Documents.php';
$focus = new Documents();
$focus->column_fields['notes_title'] = $filename;
$focus->column_fields['filename'] = $filename;
$focus->column_fields['filetype'] = $filetype;
$focus->column_fields['filesize'] = $filesize;
$focus->column_fields['filelocationtype'] = 'I';
$focus->column_fields['filedownloadcount'] = 0;
$focus->column_fields['filestatus'] = 1;
$focus->column_fields['assigned_user_id'] = $user_id;
$focus->column_fields['folderid'] = 1;
$focus->parent_id = $ticketid;
$focus->save('Documents');
$related_doc = 'insert into vtiger_seattachmentsrel values (?,?)';
$res = $adb->pquery($related_doc, array($focus->id, $attachmentid));
$tic_doc = 'insert into vtiger_senotesrel values(?,?)';
$res = $adb->pquery($tic_doc, array($ticketid, $focus->id));
$log->debug("Exiting customer portal function add_ticket_attachment");
}
/**
* Function Sends/Saves mass emails
* @param <Vtiger_Request> $request
*/
public function massSave(Vtiger_Request $request)
{
global $upload_badext;
$adb = PearDatabase::getInstance();
$moduleName = $request->getModule();
$currentUserModel = Users_Record_Model::getCurrentUserModel();
$recordIds = $this->getRecordsListFromRequest($request);
$documentIds = $request->get('documentids');
// This is either SENT or SAVED
$flag = $request->get('flag');
$result = Vtiger_Util_Helper::transformUploadedFiles($_FILES, true);
$_FILES = $result['file'];
$recordId = $request->get('record');
if (!empty($recordId)) {
$recordModel = Vtiger_Record_Model::getInstanceById($recordId, $moduleName);
$recordModel->set('mode', 'edit');
} else {
$recordModel = Vtiger_Record_Model::getCleanInstance($moduleName);
$recordModel->set('mode', '');
}
$parentEmailId = $request->get('parent_id', null);
$attachmentsWithParentEmail = array();
if (!empty($parentEmailId) && !empty($recordId)) {
$parentEmailModel = Vtiger_Record_Model::getInstanceById($parentEmailId);
$attachmentsWithParentEmail = $parentEmailModel->getAttachmentDetails();
}
$existingAttachments = $request->get('attachments', array());
if (empty($recordId)) {
if (is_array($existingAttachments)) {
foreach ($existingAttachments as $index => $existingAttachInfo) {
$existingAttachInfo['tmp_name'] = $existingAttachInfo['name'];
$existingAttachments[$index] = $existingAttachInfo;
if (array_key_exists('docid', $existingAttachInfo)) {
$documentIds[] = $existingAttachInfo['docid'];
unset($existingAttachments[$index]);
}
}
}
} else {
//If it is edit view unset the exising attachments
//remove the exising attachments if it is in edit view
$attachmentsToUnlink = array();
$documentsToUnlink = array();
foreach ($attachmentsWithParentEmail as $i => $attachInfo) {
$found = false;
foreach ($existingAttachments as $index => $existingAttachInfo) {
if ($attachInfo['fileid'] == $existingAttachInfo['fileid']) {
$found = true;
break;
}
}
//Means attachment is deleted
if (!$found) {
if (array_key_exists('docid', $attachInfo)) {
$documentsToUnlink[] = $attachInfo['docid'];
} else {
$attachmentsToUnlink[] = $attachInfo;
}
}
unset($attachmentsWithParentEmail[$i]);
}
//Make the attachments as empty for edit view since all the attachments will already be there
$existingAttachments = array();
if (!empty($documentsToUnlink)) {
$recordModel->deleteDocumentLink($documentsToUnlink);
}
if (!empty($attachmentsToUnlink)) {
$recordModel->deleteAttachment($attachmentsToUnlink);
}
}
// This will be used for sending mails to each individual
$toMailInfo = $request->get('toemailinfo');
$to = $request->get('to');
if (is_array($to)) {
$to = implode(',', $to);
}
$recordModel->set('description', $request->get('description'));
$recordModel->set('subject', $request->get('subject'));
$recordModel->set('toMailNamesList', $request->get('toMailNamesList'));
$recordModel->set('saved_toid', $to);
$recordModel->set('ccmail', $request->get('cc'));
$recordModel->set('bccmail', $request->get('bcc'));
$recordModel->set('assigned_user_id', $currentUserModel->getId());
$recordModel->set('email_flag', $flag);
$recordModel->set('documentids', $documentIds);
$recordModel->set('toemailinfo', $toMailInfo);
foreach ($toMailInfo as $recordId => $emailValueList) {
if ($recordModel->getEntityType($recordId) == 'Users') {
$parentIds .= $recordId . '@-1|';
} else {
$parentIds .= $recordId . '@1|';
}
}
$recordModel->set('parent_id', $parentIds);
//save_module still depends on the $_REQUEST, need to clean it up
$_REQUEST['parent_id'] = $parentIds;
$success = false;
$viewer = $this->getViewer($request);
if ($recordModel->checkUploadSize($documentIds)) {
$recordModel->save();
//To Handle existing attachments
$current_user = Users_Record_Model::getCurrentUserModel();
$ownerId = $recordModel->get('assigned_user_id');
$date_var = date("Y-m-d H:i:s");
if (is_array($existingAttachments)) {
foreach ($existingAttachments as $index => $existingAttachInfo) {
$file_name = $existingAttachInfo['attachment'];
$path = $existingAttachInfo['path'];
$fileId = $existingAttachInfo['fileid'];
$oldFileName = $file_name;
//SEND PDF mail will not be having file id
if (!empty($fileId)) {
$oldFileName = $existingAttachInfo['fileid'] . '_' . $file_name;
}
$oldFilePath = $path . '/' . $oldFileName;
$binFile = sanitizeUploadFileName($file_name, $upload_badext);
$current_id = $adb->getUniqueID("vtiger_crmentity");
$filename = ltrim(basename(" " . $binFile));
//allowed filename like UTF-8 characters
$filetype = $existingAttachInfo['type'];
$filesize = $existingAttachInfo['size'];
//get the file path inwhich folder we want to upload the file
$upload_file_path = decideFilePath();
$newFilePath = $upload_file_path . $current_id . "_" . $binFile;
copy($oldFilePath, $newFilePath);
$sql1 = "insert into vtiger_crmentity (crmid,smcreatorid,smownerid,setype,description,createdtime,modifiedtime) values(?, ?, ?, ?, ?, ?, ?)";
$params1 = array($current_id, $current_user->getId(), $ownerId, $moduleName . " Attachment", $recordModel->get('description'), $adb->formatDate($date_var, true), $adb->formatDate($date_var, true));
$adb->pquery($sql1, $params1);
$sql2 = "insert into vtiger_attachments(attachmentsid, name, description, type, path) values(?, ?, ?, ?, ?)";
$params2 = array($current_id, $filename, $recordModel->get('description'), $filetype, $upload_file_path);
$result = $adb->pquery($sql2, $params2);
$sql3 = 'insert into vtiger_seattachmentsrel values(?,?)';
$adb->pquery($sql3, array($recordModel->getId(), $current_id));
}
}
$success = true;
if ($flag == 'SENT') {
$status = $recordModel->send();
if ($status === true) {
// This is needed to set vtiger_email_track table as it is used in email reporting
$recordModel->setAccessCountValue();
} else {
$success = false;
$message = $status;
}
}
} else {
$message = vtranslate('LBL_MAX_UPLOAD_SIZE', $moduleName) . ' ' . vtranslate('LBL_EXCEEDED', $moduleName);
}
$viewer->assign('SUCCESS', $success);
$viewer->assign('MESSAGE', $message);
$loadRelatedList = $request->get('related_load');
if (!empty($loadRelatedList)) {
$viewer->assign('RELATED_LOAD', true);
}
$viewer->view('SendEmailResult.tpl', $moduleName);
}
/** Function to get the status of the file upload
* @returns boolean
*/
function confirm_upload()
{
global $log;
$log->debug("Eentering confirm_upload() method ...");
global $root_directory;
global $upload_dir;
global $upload_maxsize;
global $upload_badext;
if (!is_uploaded_file($_FILES[$this->field_name]['tmp_name'])) {
$log->debug("Exiting confirm_upload method ...");
return false;
} else {
if ($_FILES[$this->field_name]['size'] > $upload_maxsize) {
die("ERROR: uploaded file was too big: max filesize:{$upload_maxsize}");
}
}
if (!is_writable($root_directory . '/' . $upload_dir)) {
die("ERROR: cannot write to directory: {$root_directory}/{$upload_dir} for uploads");
}
require_once 'include/utils/utils.php';
$this->stored_file_name = sanitizeUploadFileName($_FILES[$this->field_name]['name'], $upload_badext);
$log->debug("Exiting confirm_upload method ...");
return true;
}
/**
* Creates an Attachments
* @global PearDataBase $adb
* @global Array $upload_badext
* @global Users $current_user
*/
function saveAttachment()
{
global $adb, $upload_badext, $current_user;
$uploadPath = decideFilePath();
$fileName = $this->getName();
if (!empty($fileName)) {
$attachid = $adb->getUniqueId('vtiger_crmentity');
//sanitize the filename
$binFile = sanitizeUploadFileName($fileName, $upload_badext);
$fileName = ltrim(basename(" " . $binFile));
$saveAttachment = $this->save($uploadPath . $attachid . "_" . $fileName);
if ($saveAttachment) {
$description = $fileName;
$date_var = $adb->formatDate(date('YmdHis'), true);
$usetime = $adb->formatDate($date_var, true);
$adb->pquery("INSERT INTO vtiger_crmentity(crmid, smcreatorid, smownerid,\n\t\t\t\tmodifiedby, setype, description, createdtime, modifiedtime, presence, deleted)\n\t\t\t\tVALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)", array($attachid, $current_user->id, $current_user->id, $current_user->id, "Documents Attachment", $description, $usetime, $usetime, 1, 0));
$mimetype = MailAttachmentMIME::detect($uploadPath . $attachid . "_" . $fileName);
$adb->pquery("INSERT INTO vtiger_attachments SET attachmentsid=?, name=?, description=?, type=?, path=?", array($attachid, $fileName, $description, $mimetype, $uploadPath));
return $attachid;
}
}
return false;
}
/**
* This function is used to upload the attachment in the server and save that attachment information in db.
* @param int $id - entity id to which the file to be uploaded
* @param string $module - the current module name
* @param array $file_details - array which contains the file information(name, type, size, tmp_name and error)
* return void
*/
function uploadAndSaveFile($id, $module, $file_details, $attachmentType = 'Attachment')
{
$log = LoggerManager::getInstance();
$log->debug("Entering into uploadAndSaveFile({$id},{$module},{$file_details}) method.");
$adb = PearDatabase::getInstance();
$current_user = vglobal('current_user');
$date_var = date("Y-m-d H:i:s");
//to get the owner id
$ownerid = $this->column_fields['assigned_user_id'];
if (!isset($ownerid) || $ownerid == '') {
$ownerid = $current_user->id;
}
if (isset($file_details['original_name']) && $file_details['original_name'] != null) {
$file_name = $file_details['original_name'];
} else {
$file_name = $file_details['name'];
}
$saveFile = 'true';
//only images are allowed for Image Attachmenttype
$mimeType = Vtiger_Functions::getMimeContentType($file_details['tmp_name']);
$mimeTypeContents = explode('/', $mimeType);
// For contacts and products we are sending attachmentType as value
if ($attachmentType == 'Image' || $file_details['size'] && $mimeTypeContents[0] == 'image') {
$saveFile = validateImageFile($file_details);
}
if ($saveFile == 'false') {
return false;
}
$binFile = sanitizeUploadFileName($file_name, AppConfig::main('upload_badext'));
$current_id = $adb->getUniqueID('vtiger_crmentity');
$filename = ltrim(basename(' ' . $binFile));
//allowed filename like UTF-8 characters
$filetype = $file_details['type'];
$filesize = $file_details['size'];
$filetmp_name = $file_details['tmp_name'];
//get the file path inwhich folder we want to upload the file
$upload_file_path = decideFilePath($module);
//upload the file in server
$upload_status = move_uploaded_file($filetmp_name, $upload_file_path . $current_id . '_' . $binFile);
$save_file = 'true';
//only images are allowed for these modules
if ($module == 'Contacts' || $module == 'Products') {
$save_file = validateImageFile($file_details);
}
if ($save_file == 'true' && $upload_status == 'true') {
//This is only to update the attached filename in the vtiger_notes vtiger_table for the Notes module
$params = ['crmid' => $current_id, 'smcreatorid' => $current_user->id, 'smownerid' => $ownerid, 'setype' => $module . " Image", 'description' => $this->column_fields['description'], 'createdtime' => $adb->formatDate($date_var, true), 'modifiedtime' => $adb->formatDate($date_var, true)];
if ($module == 'Contacts' || $module == 'Products') {
$params['setype'] = $module . " Image";
} else {
$params['setype'] = $module . " Attachment";
}
$adb->insert('vtiger_crmentity', $params);
$params = ['attachmentsid' => $current_id, 'name' => $filename, 'description' => $this->column_fields['description'], 'type' => $filetype, 'path' => $upload_file_path];
$adb->insert('vtiger_attachments', $params);
if ($_REQUEST['mode'] == 'edit') {
if ($id != '' && vtlib_purify($_REQUEST['fileid']) != '') {
$delparams = [$id, vtlib_purify($_REQUEST['fileid'])];
$adb->delete('vtiger_seattachmentsrel', 'crmid = ? AND attachmentsid = ?', $delparams);
}
}
if ($module == 'Documents') {
$adb->delete('vtiger_seattachmentsrel', 'crmid = ?', [$id]);
}
if ($module == 'Contacts') {
$att_sql = "select vtiger_seattachmentsrel.attachmentsid from vtiger_seattachmentsrel inner join vtiger_crmentity on vtiger_crmentity.crmid=vtiger_seattachmentsrel.attachmentsid where vtiger_crmentity.setype='Contacts Image' and vtiger_seattachmentsrel.crmid=?";
$res = $adb->pquery($att_sql, array($id));
$attachmentsid = $adb->query_result($res, 0, 'attachmentsid');
if ($attachmentsid != '') {
$adb->delete('vtiger_seattachmentsrel', 'crmid = ? AND attachmentsid = ?', [$id, $attachmentsid]);
$adb->delete('vtiger_crmentity', 'crmid = ?', [$attachmentsid]);
$adb->insert('vtiger_seattachmentsrel', ['crmid' => $id, 'attachmentsid' => $current_id]);
} else {
$adb->insert('vtiger_seattachmentsrel', ['crmid' => $id, 'attachmentsid' => $current_id]);
}
} else {
$adb->insert('vtiger_seattachmentsrel', ['crmid' => $id, 'attachmentsid' => $current_id]);
}
return true;
} else {
$log->debug("Skip the save attachment process.");
return false;
}
}
function AddEmailAttachment($emailid, $filedata, $filename, $filesize, $filetype, $username, $session)
{
if (!validateSession($username, $session)) {
return null;
}
if (empty($emailid)) {
return null;
}
global $adb;
require_once 'modules/Users/Users.php';
require_once 'include/utils/utils.php';
$filename = vtlib_purifyForSql(sanitizeUploadFileName(str_replace('..', '_', $filename), $upload_badext));
// Avoid relative file path attacks.
$date_var = date('Y-m-d H:i:s');
$seed_user = new Users();
$user_id = $seed_user->retrieve_user_id($username);
$crmid = $adb->getUniqueID("vtiger_crmentity");
$upload_file_path = decideFilePath();
$handle = fopen($upload_file_path . $crmid . "_" . $filename, "wb");
fwrite($handle, base64_decode($filedata), $filesize);
fclose($handle);
$sql1 = "insert into vtiger_crmentity (crmid,smcreatorid,smownerid,setype,description,createdtime,modifiedtime) values (?,?,?,?,?,?,?)";
$params1 = array($crmid, $user_id, $user_id, 'Emails Attachment', ' ', $adb->formatDate($date_var, true), $adb->formatDate($date_var, true));
$entityresult = $adb->pquery($sql1, $params1);
$filetype = "application/octet-stream";
if ($entityresult != false) {
$sql2 = "insert into vtiger_attachments(attachmentsid, name, description, type, path) values (?,?,?,?,?)";
$params2 = array($crmid, $filename, ' ', $filetype, $upload_file_path);
$result = $adb->pquery($sql2, $params2);
$sql3 = 'insert into vtiger_seattachmentsrel values(?,?)';
$adb->pquery($sql3, array($emailid, $crmid));
return $crmid;
} else {
//$server->setError("Invalid username and/or password");
return "";
}
}
$nologo_specified = "false";
} else {
if ($errorCode == 3) {
$error_flag = "4";
$savefrontlogo = "false";
$nologo_specified = "false";
}
}
}
}
if (isset($_FILES) and isset($_FILES['binFaviconFile']) and !empty($_FILES['binFaviconFile']['name'])) {
$binFaviconFile = $_FILES['binFaviconFile']['name'];
if (isset($_REQUEST['binFaviconFile_hidden'])) {
$favicon_filename = sanitizeUploadFileName(vtlib_purify($_REQUEST['binFaviconFile_hidden']), $upload_badext);
} else {
$binFaviconFile = sanitizeUploadFileName($binFaviconFile, $upload_badext);
$favicon_filename = ltrim(basename(" " . $binFaviconFile));
}
$favicon_filetype = $_FILES['binFaviconFile']['type'];
$favicon_filesize = $_FILES['binFaviconFile']['size'];
$font_filetype_array = explode("/", $favicon_filetype);
$favicon_file_type_val = strtolower($font_filetype_array[1]);
if ($favicon_filesize != 0) {
if (in_array($favicon_file_type_val, $image_extensions_allowed)) {
//Checking whether the file is an image or not
$savefaviconlogo = "true";
} else {
$savefaviconlogo = "false";
$error_flag = "1";
}
} else {
/**
* Save the Mail Attachments to DB
* @global PearDataBase Instance $db
* @global Users Instance $currentUserModel
* @global Array $upload_badext
* @param String $filename - name of the file
* @param Text $filecontent
* @return Array with attachment information
*/
public function __SaveAttachmentFile($filename, $filecontent)
{
require_once 'modules/Settings/MailConverter/handlers/MailAttachmentMIME.php';
$db = PearDatabase::getInstance();
$currentUserModel = Users_Record_Model::getCurrentUserModel();
$filename = imap_utf8($filename);
$dirname = decideFilePath();
$usetime = $db->formatDate(date('ymdHis'), true);
$binFile = sanitizeUploadFileName($filename, vglobal('upload_badext'));
$attachid = $db->getUniqueId('vtiger_crmentity');
$saveasfile = "{$dirname}/{$attachid}" . "_" . $binFile;
$fh = fopen($saveasfile, 'wb');
fwrite($fh, $filecontent);
fclose($fh);
$mimetype = MailAttachmentMIME::detect($saveasfile);
$db->pquery("INSERT INTO vtiger_crmentity(crmid, smcreatorid, smownerid,\n\t\t\t\tmodifiedby, setype, description, createdtime, modifiedtime, presence, deleted)\n\t\t\t\tVALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)", array($attachid, $currentUserModel->getId(), $currentUserModel->getId(), $currentUserModel->getId(), "MailManager Attachment", $binFile, $usetime, $usetime, 1, 0));
$db->pquery("INSERT INTO vtiger_attachments SET attachmentsid=?, name=?, description=?, type=?, path=?", array($attachid, $binFile, $binFile, $mimetype, $dirname));
$attachInfo = array('attachid' => $attachid, 'path' => $dirname, 'name' => $binFile, 'type' => $mimetype, 'size' => filesize($saveasfile));
return $attachInfo;
}
