/**
* Generate CSRF form token.
*
* Accepted $params:
*
* - raw If true, only return the bare token instead of returning the
* default hidden input html field.
*
* @param array $params
* @param Smarty $smarty
* @return string
*/
function smarty_function_sugar_csrf_form_token($params, &$smarty)
{
$csrf = CsrfAuthenticator::getInstance();
if (!empty($params['raw'])) {
return $csrf->getFormToken();
}
return sprintf('<input type="hidden" name="%s" value="%s" />', $csrf::FORM_TOKEN_FIELD, $csrf->getFormToken());
}
/**
* @see SugarView::display()
*/
public function display()
{
require_once 'include/utils/zip_utils.php';
$form_action = "index.php?module=Administration&action=Backups";
$backup_dir = "";
$backup_zip = "";
$run = "confirm";
$input_disabled = "";
global $mod_strings;
$errors = array();
// process "run" commands
if (isset($_REQUEST['run']) && $_REQUEST['run'] != "") {
$run = $_REQUEST['run'];
$backup_dir = $_REQUEST['backup_dir'];
$backup_zip = $_REQUEST['backup_zip'];
if ($run == "confirm") {
if ($backup_dir == "") {
$errors[] = $mod_strings['LBL_BACKUP_DIRECTORY_ERROR'];
}
if ($backup_zip == "") {
$errors[] = $mod_strings['LBL_BACKUP_FILENAME_ERROR'];
}
if (sizeof($errors) > 0) {
return $errors;
}
if (!is_dir($backup_dir)) {
if (!mkdir_recursive($backup_dir)) {
$errors[] = $mod_strings['LBL_BACKUP_DIRECTORY_EXISTS'];
}
}
if (!is_writable($backup_dir)) {
$errors[] = $mod_strings['LBL_BACKUP_DIRECTORY_NOT_WRITABLE'];
}
if (is_file("{$backup_dir}/{$backup_zip}")) {
$errors[] = $mod_strings['LBL_BACKUP_FILE_EXISTS'];
}
if (is_dir("{$backup_dir}/{$backup_zip}")) {
$errors[] = $mod_strings['LBL_BACKUP_FILE_AS_SUB'];
}
if (sizeof($errors) == 0) {
$run = "confirmed";
$input_disabled = "readonly";
}
} else {
if ($run == "confirmed") {
ini_set("memory_limit", "-1");
ini_set("max_execution_time", "0");
zip_dir(".", "{$backup_dir}/{$backup_zip}");
$run = "done";
}
}
}
if (sizeof($errors) > 0) {
foreach ($errors as $error) {
print "<font color=\"red\">{$error}</font><br>";
}
}
if ($run == "done") {
$size = filesize("{$backup_dir}/{$backup_zip}");
print $mod_strings['LBL_BACKUP_FILE_STORED'] . " {$backup_dir}/{$backup_zip} ({$size} bytes).<br>\n";
print "<a href=\"index.php?module=Administration&action=index\">" . $mod_strings['LBL_BACKUP_BACK_HOME'] . "</a>\n";
} else {
?>
<?php
$csrf = CsrfAuthenticator::getInstance();
echo getClassicModuleTitle("Administration", array("<a href='index.php?module=Administration&action=index'>" . translate('LBL_MODULE_NAME', 'Administration') . "</a>", $mod_strings['LBL_BACKUPS_TITLE']), false);
echo $mod_strings['LBL_BACKUP_INSTRUCTIONS_1'];
?>
<br>
<?php
echo $mod_strings['LBL_BACKUP_INSTRUCTIONS_2'];
?>
<br>
<form name="Backups" action="<?php
print $form_action;
?>
" method="post" onSubmit="return (check_for_errors());">
<input type="hidden" name="csrf_token" value="<?php
echo $csrf->getFormToken();
?>
" />
<table>
<tr>
<td><?php
echo $mod_strings['LBL_BACKUP_DIRECTORY'];
?>
<br><i><?php
echo $mod_strings['LBL_BACKUP_DIRECTORY_WRITABLE'];
?>
</i></td>
<td><input size="100" type="input" name="backup_dir" <?php
print $input_disabled;
?>
value="<?php
print $backup_dir;
?>
"/></td>
</tr>
<tr>
<td><?php
echo $mod_strings['LBL_BACKUP_FILENAME'];
?>
</td>
<td><input type="input" name="backup_zip" <?php
print $input_disabled;
?>
value="<?php
print $backup_zip;
?>
"/></td>
</tr>
</table>
<input type=hidden name="run" value="<?php
print $run;
?>
" />
<?php
switch ($run) {
case "confirm":
?>
<input type="submit" value="<?php
echo $mod_strings['LBL_BACKUP_CONFIRM'];
?>
" />
<?php
break;
case "confirmed":
?>
<?php
echo $mod_strings['LBL_BACKUP_CONFIRMED'];
?>
<br>
<input type="submit" value="<?php
echo $mod_strings['LBL_BACKUP_RUN_BACKUP'];
?>
" />
<?php
break;
}
?>
</form>
<script type="text/javascript">
function check_for_errors(){
addForm('Backups');
addToValidate('Backups', 'backup_dir', 'varchar', 'true', '<?php
echo $mod_strings['LBL_BACKUP_DIRECTORY'];
?>
');
addToValidate('Backups', 'backup_zip', 'varchar', 'true', '<?php
echo $mod_strings['LBL_BACKUP_FILENAME'];
?>
');
return check_form('Backups');
}
</script>
<?php
}
// end if/else of $run options
$GLOBALS['log']->info("Backups");
}
/**
* Perform CSRF form validation. Extension classes can override this logic
* if any excotic logic is required. The default implementation uses the
* same CSRF form token which is tied to the user's session.
*
* This logic is being called from SugarApplication for all non-GET reqs.
*
* @param array $fields Key/value field pairs
* @return boolean
*/
public function isCsrfValid(array $fields)
{
$csrf = CsrfAuthenticator::getInstance();
$valid = $csrf->isFormTokenValid($fields);
if (!$valid) {
$GLOBALS['log']->fatal("CSRF: auth failure for {$this->module} -> {$this->action}");
}
return $valid;
}
/**
* Return CSRF form token jscript
* @return string
*/
protected function getCsrfFormTokenJscript()
{
return sprintf('<script>SUGAR.csrf = {}; SUGAR.csrf.form_token = "%s";</script>', CsrfAuthenticator::getInstance()->getFormToken());
}
/**
* Wrapper to mimic Smarty to dynamically add CSRF form token by adding
* `{sugar_csrf_form_token}` to the template file.
*/
public function getCsrfToken()
{
$csrf = CsrfAuthenticator::getInstance();
return sprintf('<input type="hidden" name="%s" value="%s" />', $csrf::FORM_TOKEN_FIELD, $csrf->getFormToken());
}
