public static function executeActions($account, $mailDetail, $folder, $params = false) { $log = LoggerManager::getInstance(); $log->debug('Start execute actions: ' . $account['username']); global $who_trigger; $actions = $return = []; if ($params && array_key_exists('actions', $params)) { $actions = $params['actions']; } elseif (strpos($account['actions'], ',')) { $actions = explode(',', $account['actions']); } else { $actions[] = $account['actions']; } $self = Vtiger_Record_Model::getCleanInstance('OSSMailScanner'); $EmailActionsList = $self->getEmailActionsList(); $EmailActionsListName = $self->getEmailActionsListName($EmailActionsList); foreach ($EmailActionsListName as $action) { foreach ($actions as $user_action) { if ($action[0] == $user_action) { $url = str_replace('|', '/', $action[1]); $scannerModuleModel = Vtiger_Module_Model::getCleanInstance('OSSMailScanner'); $action_adress = $scannerModuleModel->ActionsDirector . '/' . $url . '.php'; if (file_exists($action_adress)) { require_once $action_adress; $fn_name = '_' . $action[0]; $log->debug('Start action: ' . $fn_name); $return[$user_action] = $fn_name($account['user_id'], $mailDetail, $folder, $return); $log->debug('End action: ' . $fn_name); } } } } $log->debug('End execute actions'); return $return; }
/** Function to check the file deletion within the deletable (safe) directories */ static function checkFileAccessForDeletion($filepath) { // Set the base directory to compare with $use_root_directory = AppConfig::main('root_directory'); if (empty($use_root_directory)) { $use_root_directory = realpath(dirname(__FILE__) . '/../../.'); } $safeDirectories = array('storage', 'cache', 'test'); $realfilepath = realpath($filepath); /** Replace all \\ with \ first */ $realfilepath = str_replace('\\\\', '\\', $realfilepath); $rootdirpath = str_replace('\\\\', '\\', $use_root_directory); /** Replace all \ with / now */ $realfilepath = str_replace('\\', '/', $realfilepath); $rootdirpath = str_replace('\\', '/', $rootdirpath); $relativeFilePath = str_replace($rootdirpath, '', $realfilepath); $filePathParts = explode('/', $relativeFilePath); if (stripos($realfilepath, $rootdirpath) !== 0 || !in_array($filePathParts[0], $safeDirectories)) { $log = LoggerManager::getInstance(); $log->error(__CLASS__ . ':' . __FUNCTION__ . '(' . $filepath . ') - Sorry! Attempt to access restricted file. realfilepath: ' . print_r($realfilepath, true)); throw new AppException('Sorry! Attempt to access restricted file.'); } }
/** * This function returns no value but handles the delete functionality of each entity. * Input Parameter are $module - module name, $return_module - return module name, $focus - module object, $record - entity id, $return_id - return entity id. */ function DeleteEntity($destinationModule, $sourceModule, $focus, $destinationRecordId, $sourceRecordId) { $adb = PearDatabase::getInstance(); $log = LoggerManager::getInstance(); $log->debug("Entering DeleteEntity method ({$destinationModule}, {$sourceModule}, {$destinationRecordId}, {$sourceRecordId})"); require_once 'include/events/include.inc'; if ($destinationModule != $sourceModule && !empty($sourceModule) && !empty($sourceRecordId)) { $em = new VTEventsManager($adb); $em->initTriggerCache(); $data = []; $data['CRMEntity'] = $focus; $data['entityData'] = VTEntityData::fromEntityId($adb, $destinationRecordId); $data['sourceModule'] = $sourceModule; $data['sourceRecordId'] = $sourceRecordId; $data['destinationModule'] = $destinationModule; $data['destinationRecordId'] = $destinationRecordId; $em->triggerEvent('vtiger.entity.unlink.before', $data); $focus->unlinkRelationship($destinationRecordId, $sourceModule, $sourceRecordId); $focus->trackUnLinkedInfo($sourceModule, $sourceRecordId, $destinationModule, $destinationRecordId); if ($em) { $entityData = VTEntityData::fromEntityId($adb, $destinationRecordId); $em->triggerEvent('vtiger.entity.unlink.after', $data); } } else { $currentUserPrivilegesModel = Users_Privileges_Model::getCurrentUserPrivilegesModel(); if (!$currentUserPrivilegesModel->isPermitted($module, 'Delete', $destinationRecordId)) { throw new AppException(vtranslate('LBL_PERMISSION_DENIED')); } $focus->trash($module, $destinationRecordId); } $log->debug('Exiting DeleteEntity method ...'); }
/** * Function to check the file access is made within web root directory. * @param String File path to check * @param Boolean False to avoid die() if check fails */ static function checkFileAccess($filepath, $dieOnFail = true) { // Set the base directory to compare with $use_root_directory = AppConfig::main('root_directory'); if (empty($use_root_directory)) { $use_root_directory = realpath(dirname(__FILE__) . '/../../.'); } $realfilepath = realpath($filepath); /** Replace all \\ with \ first */ $realfilepath = str_replace('\\\\', '\\', $realfilepath); $rootdirpath = str_replace('\\\\', '\\', $use_root_directory); /** Replace all \ with / now */ $realfilepath = str_replace('\\', '/', $realfilepath); $rootdirpath = str_replace('\\', '/', $rootdirpath); if (stripos($realfilepath, $rootdirpath) !== 0) { if ($dieOnFail) { $log = LoggerManager::getInstance(); $log->error(__CLASS__ . ':' . __FUNCTION__ . '(' . $filepath . ') - Sorry! Attempt to access restricted file. realfilepath: ' . print_r($realfilepath, true)); throw new AppException('Sorry! Attempt to access restricted file.'); } return false; } return true; }
/** * @param string $user name - Must be non null and at least 1 character. * @param string $userPassword - Must be non null and at least 1 character. * @param string $newPassword - Must be non null and at least 1 character. * @return boolean - If passwords pass verification and query succeeds, return true, else return false. * @desc Verify that the current password is correct and write the new password to the DB. * Portions created by SugarCRM are Copyright (C) SugarCRM, Inc.. * All Rights Reserved.. * Contributor(s): ______________________________________.. */ function change_password($userPassword, $newPassword, $dieOnError = true) { $db = PearDatabase::getInstance(); $log = LoggerManager::getInstance(); $usr_name = $this->column_fields['user_name']; $current_user = vglobal('current_user'); $log->debug('Starting password change for ' . $usr_name); if (!isset($newPassword) || $newPassword == "") { $this->error_string = vtranslate('ERR_PASSWORD_CHANGE_FAILED_1') . $user_name . vtranslate('ERR_PASSWORD_CHANGE_FAILED_2'); return false; } if (!is_admin($current_user)) { if (!$this->verifyPassword($userPassword)) { $log->warn('Incorrect old password for ' . $usr_name); $this->error_string = vtranslate('ERR_PASSWORD_INCORRECT_OLD'); return false; } } $userHash = $this->get_user_hash($newPassword); //set new password $crypt_type = $this->DEFAULT_PASSWORD_CRYPT_TYPE; $encryptedNewPassword = $this->encrypt_password($newPassword, $crypt_type); $db->startTransaction(); $db->update($this->table_name, ['user_password' => $encryptedNewPassword, 'confirm_password' => $encryptedNewPassword, 'user_hash' => $userHash, 'crypt_type' => $crypt_type], 'id = ?', [$this->id]); // Fill up the post-save state of the instance. if (empty($this->column_fields['user_hash'])) { $this->column_fields['user_hash'] = $userHash; } $this->column_fields['user_password'] = $encryptedNewPassword; $this->column_fields['confirm_password'] = $encryptedNewPassword; $this->triggerAfterSaveEventHandlers(); $db->completeTransaction(); $log->debug('Ending password change for ' . $usr_name); return true; }
/** * Move the related records of the specified list of id's to the given record. * @param String This module name * @param Array List of Entity Id's from which related records need to be transfered * @param Integer Id of the the Record to which the related records are to be moved */ function transferRelatedRecords($module, $transferEntityIds, $entityId) { $adb = PearDatabase::getInstance(); $log = LoggerManager::getInstance(); $log->debug("Entering function transferRelatedRecords ({$module}, {$transferEntityIds}, {$entityId})"); foreach ($transferEntityIds as $transferId) { // Pick the records related to the entity to be transfered, but do not pick the once which are already related to the current entity. $relatedRecords = $adb->pquery("SELECT relcrmid, relmodule FROM vtiger_crmentityrel WHERE crmid=? AND module=?" . " AND relcrmid NOT IN (SELECT relcrmid FROM vtiger_crmentityrel WHERE crmid=? AND module=?)", array($transferId, $module, $entityId, $module)); $numOfRecords = $adb->num_rows($relatedRecords); for ($i = 0; $i < $numOfRecords; $i++) { $relcrmid = $adb->query_result($relatedRecords, $i, 'relcrmid'); $relmodule = $adb->query_result($relatedRecords, $i, 'relmodule'); $where = 'relcrmid = ? AND relmodule = ? AND crmid = ? AND module = ?'; $params = [$relcrmid, $relmodule, $transferId, $module]; $adb->update('vtiger_crmentityrel', ['crmid' => $entityId], $where, $params); } // Pick the records to which the entity to be transfered is related, but do not pick the once to which current entity is already related. $parentRecords = $adb->pquery("SELECT crmid, module FROM vtiger_crmentityrel WHERE relcrmid=? AND relmodule=?" . " AND crmid NOT IN (SELECT crmid FROM vtiger_crmentityrel WHERE relcrmid=? AND relmodule=?)", array($transferId, $module, $entityId, $module)); $numOfRecords = $adb->num_rows($parentRecords); for ($i = 0; $i < $numOfRecords; $i++) { $parcrmid = $adb->query_result($parentRecords, $i, 'crmid'); $parmodule = $adb->query_result($parentRecords, $i, 'module'); $where = 'crmid = ? AND module = ? AND relcrmid = ? AND relmodule = ?'; $params = [$parcrmid, $parmodule, $transferId, $module]; $adb->update('vtiger_crmentityrel', ['relcrmid' => $entityId], $where, $params); } $adb->update('vtiger_modcomments', ['related_to' => $entityId], 'related_to = ?', [$transferId]); } $log->debug("Exiting transferRelatedRecords..."); }
/** * Retrieve a logger. * If a name is not specified, the default logger is returned. * * @param string A logger name. * @return Logger A Logger instance, if the given Logger exists, otherwise NULL. */ function &getLogger($name = "default") { $instance =& LoggerManager::getInstance(); if (isset($instance->loggers[$name])) { return $instance->loggers[$name]; } return NULL; }