public function process(Vtiger_Request $request) { $qualifiedModuleName = $request->getModule(false); $moduleModel = Settings_Vtiger_CompanyDetails_Model::getInstance(); $status = false; if ($request->get('organizationname')) { $saveLogo = $status = true; if (!empty($_FILES['logo']['name'])) { $logoDetails = $_FILES['logo']; $fileType = explode('/', $logoDetails['type']); $fileType = $fileType[1]; if (!$logoDetails['size'] || !in_array($fileType, Settings_Vtiger_CompanyDetails_Model::$logoSupportedFormats)) { $saveLogo = false; } //mime type check $mimeType = vtlib_mime_content_type($logoDetails['tmp_name']); $mimeTypeContents = explode('/', $mimeType); if (!$logoDetails['size'] || $mimeTypeContents[0] != 'image' || !in_array($mimeTypeContents[1], Settings_Vtiger_CompanyDetails_Model::$logoSupportedFormats)) { $saveLogo = false; } // Check for php code injection $imageContents = file_get_contents($_FILES["logo"]["tmp_name"]); if (preg_match('/(<\\?php?(.*?))/i', $imageContents) == 1) { $saveLogo = false; } if ($saveLogo) { $moduleModel->saveLogo(); } } else { $saveLogo = true; } $fields = $moduleModel->getFields(); foreach ($fields as $fieldName => $fieldType) { $fieldValue = $request->get($fieldName); if ($fieldName === 'logoname') { if (!empty($logoDetails['name'])) { $fieldValue = ltrim(basename(" " . $logoDetails['name'])); } else { $fieldValue = $moduleModel->get($fieldName); } } $moduleModel->set($fieldName, $fieldValue); } $moduleModel->save(); } $reloadUrl = $moduleModel->getIndexViewUrl(); if ($saveLogo && $status) { } else { if (!$saveLogo) { $reloadUrl .= '&error=LBL_INVALID_IMAGE'; } else { $reloadUrl = $moduleModel->getEditViewUrl() . '&error=LBL_FIELDS_INFO_IS_EMPTY'; } } header('Location: ' . $reloadUrl); }
/** * This function is used to upload the attachment in the server and save that attachment information in db. * @param int $id - entity id to which the file to be uploaded * @param string $module - the current module name * @param array $file_details - array which contains the file information(name, type, size, tmp_name and error) * return void */ function uploadAndSaveFile($id, $module, $file_details) { global $log; $log->debug("Entering into uploadAndSaveFile({$id},{$module},{$file_details}) method."); global $adb, $current_user; global $upload_badext; $date_var = date("Y-m-d H:i:s"); //to get the owner id $ownerid = $this->column_fields['assigned_user_id']; if (!isset($ownerid) || $ownerid == '') { $ownerid = $current_user->id; } if (isset($file_details['original_name']) && $file_details['original_name'] != null) { $file_name = $file_details['original_name']; } else { $file_name = $file_details['name']; } $save_file = 'true'; //only images are allowed for Image Attachmenttype $mimeType = vtlib_mime_content_type($file_details['tmp_name']); $mimeTypeContents = explode('/', $mimeType); // For contacts and products we are sending attachmentType as value if ($attachmentType == 'Image' || $file_details['size'] && $mimeTypeContents[0] == 'image') { $save_file = validateImageFile($file_details); } if ($save_file == 'false') { return false; } $binFile = sanitizeUploadFileName($file_name, $upload_badext); $current_id = $adb->getUniqueID("vtiger_crmentity"); $filename = ltrim(basename(" " . $binFile)); //allowed filename like UTF-8 characters $filetype = $file_details['type']; $filesize = $file_details['size']; $filetmp_name = $file_details['tmp_name']; //get the file path inwhich folder we want to upload the file $upload_file_path = decideFilePath(); //upload the file in server $upload_status = move_uploaded_file($filetmp_name, $upload_file_path . $current_id . "_" . $binFile); $save_file = 'true'; //only images are allowed for these modules if ($module == 'Contacts' || $module == 'Products') { $save_file = validateImageFile($file_details); } if ($save_file == 'true' && $upload_status == 'true') { //This is only to update the attached filename in the vtiger_notes vtiger_table for the Notes module if ($module == 'Contacts' || $module == 'Products') { $sql1 = "insert into vtiger_crmentity (crmid,smcreatorid,smownerid,setype,description,createdtime,modifiedtime) values(?, ?, ?, ?, ?, ?, ?)"; $params1 = array($current_id, $current_user->id, $ownerid, $module . " Image", $this->column_fields['description'], $adb->formatDate($date_var, true), $adb->formatDate($date_var, true)); } else { $sql1 = "insert into vtiger_crmentity (crmid,smcreatorid,smownerid,setype,description,createdtime,modifiedtime) values(?, ?, ?, ?, ?, ?, ?)"; $params1 = array($current_id, $current_user->id, $ownerid, $module . " Attachment", $this->column_fields['description'], $adb->formatDate($date_var, true), $adb->formatDate($date_var, true)); } $adb->pquery($sql1, $params1); $sql2 = "insert into vtiger_attachments(attachmentsid, name, description, type, path) values(?, ?, ?, ?, ?)"; $params2 = array($current_id, $filename, $this->column_fields['description'], $filetype, $upload_file_path); $result = $adb->pquery($sql2, $params2); if ($_REQUEST['mode'] == 'edit') { if ($id != '' && vtlib_purify($_REQUEST['fileid']) != '') { $delquery = 'delete from vtiger_seattachmentsrel where crmid = ? and attachmentsid = ?'; $delparams = array($id, vtlib_purify($_REQUEST['fileid'])); $adb->pquery($delquery, $delparams); } } if ($module == 'Documents') { $query = "delete from vtiger_seattachmentsrel where crmid = ?"; $qparams = array($id); $adb->pquery($query, $qparams); } if ($module == 'Contacts') { $att_sql = "select vtiger_seattachmentsrel.attachmentsid from vtiger_seattachmentsrel inner join vtiger_crmentity on vtiger_crmentity.crmid=vtiger_seattachmentsrel.attachmentsid where vtiger_crmentity.setype='Contacts Image' and vtiger_seattachmentsrel.crmid=?"; $res = $adb->pquery($att_sql, array($id)); $attachmentsid = $adb->query_result($res, 0, 'attachmentsid'); if ($attachmentsid != '') { $delquery = 'delete from vtiger_seattachmentsrel where crmid=? and attachmentsid=?'; $adb->pquery($delquery, array($id, $attachmentsid)); $crm_delquery = "delete from vtiger_crmentity where crmid=?"; $adb->pquery($crm_delquery, array($attachmentsid)); $sql5 = 'insert into vtiger_seattachmentsrel values(?,?)'; $adb->pquery($sql5, array($id, $current_id)); } else { $sql3 = 'insert into vtiger_seattachmentsrel values(?,?)'; $adb->pquery($sql3, array($id, $current_id)); } } else { $sql3 = 'insert into vtiger_seattachmentsrel values(?,?)'; $adb->pquery($sql3, array($id, $current_id)); } return true; } else { $log->debug("Skip the save attachment process."); return false; } }