public function add_actions($row, $r, $rb)
{
if ($row['crypted'] && !isset($_SESSION['client']['cp' . $row['id']]) || count($this->group) != 1) {
return;
}
$text = $row['note'];
if ($row['crypted']) {
$text = Utils_AttachmentCommon::decrypt($text, $_SESSION['client']['cp' . $row['id']]);
}
$r->add_action($this->create_callback_href(array($this, 'copy'), array($row['id'], $text, $this->group)), __('Copy link'), null, Base_ThemeCommon::get_template_file($this->get_type(), 'copy_small.png'), 3);
$r->add_action($this->create_confirm_callback_href(__('Are you sure you want to cut this note?'), array($this, 'cut'), array($row['id'], $text, $this->group)), __('Cut'), null, Base_ThemeCommon::get_template_file($this->get_type(), 'cut_small.png'), 4);
}
public static function submit_attachment($values, $mode) {
static $new_values, $old_password;
switch ($mode) {
case 'browse':
if (isset($values['id']) && isset($values['crypted']) && $values['crypted'] == false) {
// store to mark as read. Do not mark it here, because
// we won't get red eye in the table view
self::$mark_as_read[] = $values['id'];
}
return $values;
case 'index':
if($values['crypted']) unset($values['note']);
return $values;
case 'adding':
$values['edited_on'] = time();
return $values;
case 'add':
case 'edit':
if(isset($values['__date'])) $values['edited_on'] = $values['__date'];
else $values['edited_on'] = time();
$crypted = 0;
$old_pass = ($mode=='edit' && isset($_SESSION['client']['cp'.$values['id']]))?$_SESSION['client']['cp'.$values['id']]:($mode=='add' && isset($values['clone_id']) && isset($_SESSION['client']['cp'.$values['clone_id']])?$_SESSION['client']['cp'.$values['clone_id']]:'');
if((is_array($values['crypted']) && isset($values['crypted']['crypted']) && $values['crypted']['crypted']) || (!is_array($values['crypted']) && $values['crypted'])) {
if(is_array($values['crypted']) && isset($values['crypted']['note_password'])) {
if($values['crypted']['note_password']=='*@#old@#*')
$values['crypted']['note_password'] = $old_pass;
}
$crypted = 1;
}
if(is_array($values['crypted']) && isset($values['crypted']['note_password']) && $mode=='edit' && $old_pass!=$values['crypted']['note_password']) {
//reencrypt old revisions
$old_notes = DB::GetAssoc('SELECT hd.edit_id,hd.old_value FROM utils_attachment_edit_history h INNER JOIN utils_attachment_edit_history_data hd ON h.id=hd.edit_id WHERE h.utils_attachment_id=%d AND hd.field="note"', array($values['id']));
foreach($old_notes as $old_id=>$old_note) {
if($old_pass!=='') $old_note = Utils_AttachmentCommon::decrypt($old_note,$old_pass);
if($old_note===false) continue;
if($crypted && $values['crypted']['note_password']) $old_note = Utils_AttachmentCommon::encrypt($old_note,$values['crypted']['note_password']);
if($old_note===false) continue;
DB::Execute('UPDATE utils_attachment_edit_history_data SET old_value=%s WHERE edit_id=%d AND field="note"',array($old_note,$old_id));
}
//file reencryption
$old_files = DB::GetCol('SELECT uaf.id as id FROM utils_attachment_file uaf WHERE uaf.attach_id=%d',array($values['id']));
foreach($old_files as $old_id) {
$filename = DATA_DIR.'/Utils_Attachment/'.$values['id'].'/'.$old_id;
$content = @file_get_contents($filename);
if($content===false) continue;
if($old_pass!=='') $content = Utils_AttachmentCommon::decrypt($content,$old_pass);
if($content===false) continue;
if($crypted && $values['crypted']['note_password']) $content = Utils_AttachmentCommon::encrypt($content,$values['crypted']['note_password']);
if($content===false) continue;
file_put_contents($filename,$content);
}
}
if($crypted) {
if(is_array($values['crypted']) && isset($values['crypted']['note_password'])) {
$values['note'] = Utils_AttachmentCommon::encrypt($values['note'],$values['crypted']['note_password']);
$values['note_password']=$values['crypted']['note_password'];
}
$values['crypted'] = 1;
} else {
$values['crypted'] = 0;
}
$new_values = $values;
break;
case 'cloning':
$values['clone_id']=$values['id'];
break;
case 'added':
if(isset($values['local']))
DB::Execute('INSERT INTO utils_attachment_local(attachment,local,func,args) VALUES(%d,%s,%s,%s)',array($values['id'],$values['local'],$values['func'],$values['args']));
$new_values = $values;
break;
case 'edit_changes':
if(isset($values['note']) && isset($values['crypted']) && $new_values['crypted']!=$values['crypted']) {
if($new_values['crypted'] && isset($new_values['note_password'])) {
$values['note'] = Utils_AttachmentCommon::encrypt($values['note'],$new_values['note_password']);
} elseif(!$new_values['crypted'] && isset($_SESSION['client']['cp'.$new_values['id']])) {
$values['note'] = Utils_AttachmentCommon::decrypt($values['note'],$_SESSION['client']['cp'.$new_values['id']]);
unset($_SESSION['client']['cp'.$new_values['id']]);
}
} elseif(isset($new_values['note_password']) && isset($old_password) && $new_values['note_password']!=$old_password) {
$values['note'] = Utils_AttachmentCommon::decrypt($values['note'],$old_password);
$values['note'] = Utils_AttachmentCommon::encrypt($values['note'],$new_values['note_password']);
}
break;
case 'view':
$ret = self::get_access($values['id']);
if(!$ret) print(__('Access denied'));
return $ret;
case 'display':
if(DB::GetOne('SELECT 1 FROM utils_attachment_file WHERE attach_id=%d',array($values['id']))) {
$ret = array();
$ret['new'] = array();
$ret['new']['crm_filter'] = '<a '.Utils_TooltipCommon::open_tag_attrs(__('File history')).' '.Module::create_href(array('file_history'=>1)).'>F</a>';
if (isset($_REQUEST['file_history']) && (!$values['crypted'] || isset($_SESSION['client']['cp'.$values['id']])))
Base_BoxCommon::push_module('Utils_Attachment','file_history',array($values));
// CRM_FiltersCommon::set_profile('c'.$values['id']);
return $ret;
}
break;
case 'delete':
if($values['crypted'] && !isset($_SESSION['client']['cp'.$values['id']])) {
Epesi::alert(__('Cannot delete encrypted note'));
return false;
}
$count_locals = DB::GetOne('SELECT count(DISTINCT local) FROM utils_attachment_local WHERE attachment=%d',array($values['id']));
if($count_locals>1) {
$is_local = false;
if(isset($_SESSION['client']['utils_attachment_group']))
$is_local = DB::GetOne('SELECT 1 FROM utils_attachment_local WHERE attachment=%d AND local=%s',array($values['id'],$_SESSION['client']['utils_attachment_group']));
if($is_local) {
DB::Execute('DELETE FROM utils_attachment_local WHERE attachment=%d AND local=%s',array($values['id'],$_SESSION['client']['utils_attachment_group']));
self::new_watchdog_event($_SESSION['client']['utils_attachment_group'], '-', $values['id']);
} else
Epesi::alert(__('This note is attached to multiple records - please go to record and delete note there.'));
location(array());
return false;
}
location(array());
return true;
}
switch($mode) {
case 'edit':
case 'added':
if(isset($values['note_password'])) {
$old_password = isset($_SESSION['client']['cp' . $values['id']])
? $_SESSION['client']['cp' . $values['id']] : '';
$_SESSION['client']['cp'.$values['id']] = $values['note_password'];
}
$note_id = $values['id'];
$files_dir = self::Instance()->get_data_dir().$note_id;
if(isset($values['delete_files']))
$deleted_files = array_filter(explode(';',$values['delete_files']));
else
$deleted_files = array();
foreach ($deleted_files as $k=>$v)
$deleted_files[$k] = intVal($v);
if($deleted_files) $deleted_files = array_combine($deleted_files,$deleted_files);
if($mode=='added' && isset($values['clone_id'])) { //on cloning
$locals = DB::Execute('SELECT local,func,args FROM utils_attachment_local WHERE attachment=%d',array($values['clone_id']));
while($local = $locals->FetchRow())
DB::Execute('INSERT INTO utils_attachment_local(attachment,local,func,args) VALUES(%d,%s,%s,%s)',array($note_id,$local['local'],$local['func'],$local['args']));
$clone_files = DB::GetAll('SELECT id,original,created_by,created_on FROM utils_attachment_file uaf WHERE uaf.attach_id=%d AND uaf.deleted=0', array($values['clone_id']));
foreach($clone_files as $file) {
$cf = self::Instance()->get_data_dir().$values['clone_id'].'/'.$file['id'];
if(!file_exists($cf)) continue;
if(!file_exists($files_dir))
mkdir($files_dir,0777,true);
DB::Execute('INSERT INTO utils_attachment_file (attach_id,deleted,original,created_by,created_on) VALUES(%d,0,%s,%d,%T)',array($note_id,$file['original'],$file['created_by'],$file['created_on']));
$new_file_id = DB::Insert_ID('utils_attachment_file','id');
if(isset($deleted_files[$file['id']])) $deleted_files[$file['id']] = $new_file_id;
$cf2 = $files_dir.'/'.$new_file_id;
copy($cf,$cf2);
if(isset($_SESSION['client']['cp'.$values['clone_id']]) && $_SESSION['client']['cp'.$values['clone_id']])
file_put_contents($cf2,Utils_AttachmentCommon::decrypt(file_get_contents($cf2),$_SESSION['client']['cp'.$values['clone_id']]));
if($values['crypted'])
file_put_contents($cf2,Utils_AttachmentCommon::encrypt(file_get_contents($cf2),$values['note_password']));
}
}
$current_files = DB::GetAssoc('SELECT id, id FROM utils_attachment_file uaf WHERE uaf.attach_id=%d AND uaf.deleted=0', array($note_id));
$remaining_files = $current_files;
foreach ($deleted_files as $k=>$v) {
if (!isset($remaining_files[$v])) unset($deleted_files[$k]);
else unset($remaining_files[$v]);
}
foreach ($deleted_files as $v)
DB::Execute('UPDATE utils_attachment_file SET deleted=1 WHERE id=%d', array($v));
if(isset($values['clipboard_files'])) {
$clipboard_files = array_filter(explode(';',$values['clipboard_files']));
foreach ($clipboard_files as $cf_id) {
$cf = DB::GetOne('SELECT filename FROM utils_attachment_clipboard WHERE id=%d', array($cf_id));
if($values['crypted'])
file_put_contents($cf,Utils_AttachmentCommon::encrypt(file_get_contents($cf),$values['note_password']));
Utils_AttachmentCommon::add_file($note_id, Acl::get_user(), __('clipboard').'.png', $cf);
}
}
$files = isset($_SESSION['client']['utils_attachment'][CID]['files'])?$_SESSION['client']['utils_attachment'][CID]['files']:array();
$_SESSION['client']['utils_attachment'][CID]['files'] = array();
foreach ($files as $f) {
$file_path = $f['path'];
$file_name = $f['name'];
if($values['crypted'])
file_put_contents($file_path,Utils_AttachmentCommon::encrypt(file_get_contents($file_path),$values['note_password']));
Utils_AttachmentCommon::add_file($note_id, Acl::get_user(), $file_name, $file_path);
}
$locals = DB::GetCol('SELECT local FROM utils_attachment_local WHERE attachment=%d',array($note_id));
foreach ($locals as $local) {
$param = explode('/', $local);
if (count($param) == 2 && preg_match('/^[1-9][0-9]*$/', $param[1])) {
$subscribers = Utils_WatchdogCommon::get_subscribers($param[0], $param[1]);
foreach ($subscribers as $user_id) {
Utils_WatchdogCommon::user_subscribe($user_id, 'utils_attachment', $note_id);
}
}
}
break;
}
return $values;
}
file_put_contents($f_filename, $buffer);
}
}
} else {
$buffer = file_get_contents($f_filename);
}
} else {
$f_filename = $meta['file'];
if (!file_exists($f_filename)) {
die('File doesn\'t exists');
}
@ini_set('memory_limit', ceil(filesize($f_filename) * 2 / 1024 / 1024 + 64) . 'M');
$buffer = file_get_contents($f_filename);
}
if ($crypted) {
$buffer = Utils_AttachmentCommon::decrypt($buffer, $password);
if ($buffer === false) {
die('Invalid attachment or password');
}
}
//mime
file_put_contents($f_filename . 'raw', $buffer);
$mime = get_mime_type($f_filename . 'raw', $original);
unlink($f_filename . 'raw');
$expires = 24 * 60 * 60;
header('Pragma: public');
header('Cache-Control: maxage=' . 24 * 60 * 60);
header('Expires: ' . gmdate('D, d M Y H:i:s', time() + 24 * 60 * 60) . ' GMT');
header('Content-Type: ' . $mime);
header('Content-Length: ' . strlen($buffer));
header('Content-disposition: ' . $disposition . '; filename="' . $original . '"');
<?php
if (!isset($_REQUEST['cid']) || !isset($_REQUEST['id']) || !isset($_REQUEST['pass'])) {
die('Invalid usage');
}
$cid = $_REQUEST['cid'];
$id = $_REQUEST['id'];
$pass = $_REQUEST['pass'];
define('CID', $cid);
define('READ_ONLY_SESSION', false);
require_once '../../../include.php';
ModuleManager::load_modules();
$row = Utils_RecordBrowserCommon::get_record('utils_attachment', $id);
if (!Utils_RecordBrowserCommon::get_access('utils_attachment', 'view', $row)) {
die(json_encode(array('error' => __('Access denied'))));
}
$decoded = Utils_AttachmentCommon::decrypt($row['note'], $pass);
if ($decoded !== false) {
$_SESSION['client']['cp' . $row['id']] = $pass;
ob_start();
$note = Utils_AttachmentCommon::display_note($row, false, null, 'utils_attachment', true);
$note = ob_get_clean() . $note;
die(json_encode(array('note' => $note, 'js' => Epesi::get_output())));
}
die(json_encode(array('error' => __('Invalid password'))));